“True wisdom is knowing what you don’t know.” — Confucius
One of my former partners, a brilliant patent lawyer who was (and is) widely respected in the patent bar, used his desktop computer for one purpose and one purpose only—as a convenient surface on which to attach yellow sticky post-it notes to himself. To my knowledge, he never turned his computer on. I am fairly certain he did not know how. He had an email account, of course, which was dutifully monitored by his secretary. She would print out incoming messages or attachments for his review. If an email response was required, he would hand write the message on a yellow pad, and his assistant would then type and send the message from his email account. He had no idea how to retrieve voice mail messages, and those were handled in similar fashion as the emails.
No one ever questioned my former colleague’s wisdom. He knew what he knew, and he knew what he did not know. He did not want to know technology, and frankly for his practice it did not matter. But those days of lawyering are almost gone. Hundreds of thousands of new bar members have joined the rank and file since the Internet age. As new technologies evolve and roll into our daily lives, including the practice of law, attorneys of all levels of experience must be prepared to roll with them.
Technical Competence
The first rule of ethics—literally—is the lawyer’s duty to provide competent representation. ABA Model Rule 1.1 states that “competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” Comment 5 to Model Rule 1.1 explains that competence “includes . . . use of methods and procedures meeting the standards of competent practitioners. It also includes adequate preparation.” Whether preparation is “adequate” is “determined in part by what is at stake; major litigation and complex transactions ordinarily require more extensive treatment than matters of lesser complexity and consequence.”
In 2012, the ABA added a “technological competence” component to the comments to Model Rule 1.1. In particular, comment 8 to Model Rule 1.1, entitled “Maintaining Competence,” states:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
To date, approximately 13 states have adopted comment 8 to their own version of ABA Model Rule 1.1. It is expected that other states are not that far behind.
What this means is that more and more practitioners are likely going to be required to become familiar with “relevant technology” both as a matter of professional responsibility as well as to comply with the applicable standard of care if their actions or inactions are challenged in a legal malpractice action.
Technical competence as part of the lawyer’s duties was not born yesterday. The duty of technical competence has been a part of electronic discovery for some time. In April 2009, Ron Minkoff wrote a detailed analysis of the ethical issues in e-discovery in an article appropriately entitled “Ethical Issues in E-Discovery.” As Mr. Minkoff concluded, “the basic principles of professional responsibility which have always governed the discovery of paper documents have now been carried over into e-discovery. There are no short-cuts or basic modifications. Some issues have still to be resolved, but familiarity with the rules concerning attorney supervision, unauthorized practice, fee splitting, and attorney-client privilege remain essential to navigating the new technological landscape.”
According to an ABA report from 2008, “A lawyer must understand the rules of discovery and a client’s IT systems.” ABA Center for Continuing Legal Education, Ethical Issues in E-Discovery, at 1 (2008). This includes an ability to identify electronically stored information (ESI) that must be produced for the purposes of making and responding to document requests, as well as the associated costs. Id. The report also mentions duties of competence extending to knowledge regarding various file formats, sources of electronic data, and basic information on how a computer operates. Id. at 2. The report also mentions duties of competence extending to knowledge regarding various file formats, sources of electronic data, and basic information on how a computer operates. Id. at 2. A lawyer who fails to understand the basics of e-discovery may be sanctioned.
A recent Delaware case illustrates this last point. There, counsel repeatedly botched efforts to produce electronic discovery. At a hearing on a motion for sanctions, the attorney conceded: “I have to confess to this Court, I am not computer literate. I have not found presence in the cybernetic revolution. I need a secretary to help me turn on the computer. This was out of my bailiwick.” James v. Nat’l Fin. LLC, 2014 Del. Ch. LEXIS 254, at *35-36 (Del. Ch. Ct. Dec. 5, 2014). The court was not amused. In recommending sanctions, the court held:
Professed technological incompetence is not an excuse for discovery misconduct. . . . “[D]eliberate ignorance of technology is inexcusable . . . . [I]f a lawyer cannot master the technology suitable for that lawyer’s practice, the lawyer should either hire tech-savvy lawyers tasked with responsibility to keep current, or hire an outside technology consultant who understands the practice of law and associated ethical constraints.” Judith L. Maute, Facing 21st Century Realities, 32 Miss. C. L. Rev. 345, 369 (2013).
Ask most people who are over 70 or under 5 what is in the “cloud,” the answer you most likely will get is “water” or “rain.” To many lawyers, “cloud computing” is something they probably have heard about but probably will not admit to really understanding. They should.
A recent ethics opinion from New Hampshire addressed an attorney’s ethical duties when it comes to “the cloud.” The opinion summarized:
The internet has changed the practice of law in many ways, including how data is stored and accessed. “Cloud computing” can be an economical and efficient way to store and use data. However, a lawyer who uses cloud computing must be aware of its effect on the lawyer’s professional responsibilities. The NHBA Ethics Committee adopts the consensus among states that a lawyer may use cloud computing consistent with his or her ethical obligations, as long as the lawyer takes reasonable steps to ensure that sensitive client information remains confidential.
The New Hampshire ethics opinion provides a checklist of questions that reasonably competent counsel should consider before using a cloud computing service consistent with their ethical duties, including the duties of confidentiality and safekeeping client property, as follows:
- Is the provider of cloud computing services a reputable organization?
- Does the provider offer robust security measures? Such measures must include at a minimum password protections or other verification procedures limiting access to the data; safeguards such as data back-up and restoration, a firewall, or encryption; periodic audits by third parties of the provider’s security; and notification procedures in case of a breach.
- Is the data stored in a format that renders it retrievable as well as secure?
- Is it stored in a proprietary format and is it promptly and reasonably retrievable by the lawyer in a format acceptable to the client?
- Does the provider commingle data belonging to different clients and/or different practitioners such that retrieval may result in inadvertent disclosure?
- Do the terms of service state that the provider merely holds a license to the stored data, as for example Google’s do? Some providers routinely inform those accessing their service that it is the provider−not the user −that “owns” the data. If the provider owns the stored data, the lawyer may run afoul of Rule 1.15, which requires that the client’s property “be identified as property of the client.” To comply with Rule 1.15, the provider may not “own” the data stored in the cloud.
- Does the provider have an enforceable obligation to keep the data confidential?
- Where are the provider’s servers located and what are the privacy laws in effect at that location regarding unauthorized access, retrieval, and destruction of compromised data? If the servers are located in a foreign country, do the privacy laws of that country reasonably mirror those of the United States? If the servers are relocated, will the provider notify the lawyer in advance?
- Will the provider retain the data – and, if so, for how long – when the representation ends or the agreement between the lawyer and provider is terminated for another reason? The data must not be destroyed immediately and without notice or compromised in case of nonpayment.
- Do the terms of service obligate the provider to warn the lawyer if information is being subpoenaed by a third party, where the law permits such notice? Such a provision may be especially timely given that the Senate Judiciary Committee recently considered, but rejected legislation which would have expanded law enforcement agencies’ access to privately stored data.
- What is the provider’s disaster recovery plan with respect stored data? Is a copy of the digital data stored on-site?
Storing data “in the cloud” does not mean that attorneys may stick their heads in the cloud regarding their associated ethical duties. They must ensure that their clients’ confidential information is being properly safeguarded
Lawyers should also have some degree of technical competence in social media, which can contain an invaluable trove of information. Competent counsel should have basic familiarity with common sources of internet data, especially as they pertain to fact witnesses, clients, opposing parties, and experts. Some reports indicate that as much as 80% of the adult population in the United States uses social media to some extent.
The Pennsylvania Bar Association recently issued Ethical Obligations for Attorneys Using Social Media, Pa. Bar Assoc. Op. 2014-300. The report concluded that:
Attorneys may advise clients about the content of their social networking websites, including the removal or addition of information.
Attorneys may connect with clients and former clients.
Attorneys may not contact a represented person through social networking websites.
Although attorneys may contact an unrepresented person through social networking websites, they may not use a pretextual basis for viewing otherwise private information on social networking websites.
Attorneys may use information on social networking websites in a dispute.
Attorneys may accept client reviews but must monitor those reviews for accuracy.
Attorneys may generally comment or respond to reviews or endorsements, and may solicit such endorsements.
Attorneys may generally endorse other attorneys on social networking websites.
Attorneys may review a juror’s Internet presence.
Attorneys may connect with judges on social networking websites provided the purpose is not to influence the judge in carrying out his or her official duties.
The prevalence of social media has been raised in a number of court opinions. In Griffin v. State, 192 Md. App. 518 (2010), for example, the court addressed whether the trial court erred in admitting pages from the defendant’s social media page.
The court noted that the “design and purpose of social media sites make them especially fertile ground for ‘statements involving observations of events surrounding us, statements regarding how we feel, our plans and motives, and our feelings (emotional and physical)” and that, for this reason, “both prosecutors and criminal defense attorneys are increasingly looking for potential evidence on the expanding array of Internet blogs, message boards, and chat rooms.” Id. at 535 (“It should now be a matter of professional competence for attorneys to take the time to investigate social networking sites.”) (citations omitted).
Know What You Don’t Know
As my colleagues at the Association of Professional Responsibility Lawyers recently reminded me, whether you are fresh out of law school or have been practicing for decades, lawyers need to know what they do not know. Lawyers are not required to become software engineers or IT experts. But to remain competent, counsel must at the very least recognize their own limitations. Continuing legal education can help. So can those “youngins” around the office or at home who cannot fathom life before the Internet and the iPhone. Be wise, and know what you don’t know.