I was reading a blog located on the site I use for my case management, www.mycase.com. Nicole Black from MyCase provided a review of a book called Google Gmail and Calendar in One Hour for Lawyers. The conclusion of the authors, Carole Levitt and Mark Rosch, was that it is perfectly ethical to use Google Gmail and Calendar in our law practices. However, the book came out before we knew what we now know regarding Google, and many other service providers being forced to install back doors to their (our) data, and before we knew that the NSA collects and stores all of our emails via these back doors (and other means, of course).
Attorney Client privilege is a legal construct in US law that protects and keeps confidential, certain communications between a lawyer and her client. It is this concept that provides the unfettered ability for a client to give the attorney information, knowing that 1) that information can’t be used in a legal action and 2) the information will remain confidential. There are, of course, exceptions to this rule, such as if the client has told her lawyer that she is about to commit a crime or harm another, and disclosure of client information if the client has died for the purpose of probate. However, the biggest exception there is, and the one that will cause any type of asserted privilege to dissolve into thin air, is disclosure in the presence of individuals outside the attorney(s) and their client(s), or subsequent disclosure to others. If either of those things happen, all bets are off. The lawyer may even find herself in the position of being forced to testify against her client.
Against this background, I thought it might be interesting to my readers to provide them with what I wrote as a comment on the MyCase blog. As you can likely discern, I have been a vocal advocate of individual privacy interests, especially on the Internet, since about 1985, when it was still the Arpanet.
I beg to disagree with the analysis regarding “the cloud” generally and Google specifically. We have all been put on notice that the NSA has forced Google and other Internet Service Providers to turn over information, without court order, have been forced to build back doors into their systems, and that almost any analyst with the right clearance can read the information stored on these third party based systems. As attorneys, each one of us should be screaming bloody murder about this potential breach of attorney/client privilege at its very core. It’s not that it is “possible” to get our privileged information, our work product through Google Apps, both the “metadata” and the content of our correspondence, etc., it has already happened, and continues to this day. We KNOW our communications have been compromised. The question now is what to do about it.
Technically, there are a few solutions that can be used to slow down snooping, but given the NSA’s deliberate “assistance” to cryptography standards creators which has served in all cases to make any cryptography available to us to be trivial for anyone, not just the NSA, to break into, it would take a brand new, very robust encryption algorithm with email encrypted point to point, from the sender through the pipeline, to the recipient. Of course, most attorneys and their current clients can’t wait long enough for that to be developed. Those services that DID provide this type of security, Lavabit and Silent Circle, have both shut down their email services in order to avoid re-engineering their products with built in real time back doors for NSA mass stalking. Thankfully, Silent Circle’s encrypted text messaging and encrypted cell calling service are still up and running.
Again the question is, what can we, as lawyers, do about this travesty, which has already caused many of our “allies” and multi-national businesses to scrap any plans for partaking in any US cloud system? We don’t have many options, I’m afraid. We can forego email altogether and sign up for an encryption service for texts and phone calls, but that would be inconvenient for clients and we would lack the built in “paper trail” that email provides. We can ask for a ruling regarding whether attorney/client privilege is compromised if a government agency grabs our correspondence. The problem with that is that it’s not only the government agencies that can use the back doors to “steam open” the letters. It’s pretty trivial to find a particular attorney’s email address, trace it to the ISP that provides it service, and perch a sniffer at the appropriate point. Given what’s at stake in some of the cases we deal with, that scenario would not be completely far fetched. Alternatively, would a criminal defense attorney want the government accessing her emails with her client? There have already been cases where NSA has turned information over to enforcement agencies.
That pretty much leaves us with one alternative. We have to make our voices heard for the sake of ourselves and of our clients. This is not like waiting for the “if” someone intercepts paper mail. This is a done deal that is continuing.
The time has come to speak up and speak out concerning the Fourth Amendment rights of our clients, as well as the privilege that makes it possible to even provide a fair playing field, or even a capital crime defense. I, for one, am all ears.