Sunday, June 25, 2017

ABA Issues Updated E-mail Guidance



I’ve been writing and lecturing about Internet and e-mail ethics issues since 1998 – there is no shortage of ethics opinions or scholarship on the subject.  This did not dissuade the American Bar Association from issuing its own updated guidance, entitled Securing Communication of Protected Client Information on 11 May, or from revising it eight days later.  And because it’s an ABA opinion, it’s newsworthy.

Most of the headlines surrounding new ABA Formal Opinion 477R (19 May 2017) will focus on the Standing Committee on Ethics and Professional Responsibility’s conclusion that, in some instances, an attorney may be required to use encrypted e-mail, a conclusion it resisted making in its 1999 opinion: Formal Opinion 99-413. 

I’m not interested in summarizing the new ABA opinion – other blogs, including the ABA Journal, have already done that, and more are sure to follow.  (You can read revised Opinion 477R here.  It’s short and time well spent.)  Instead, I would rather use the issuance of ABA 477R as an excuse opportunity riff on the central theme embodied in it. 

First, a little review:

 A Trip Down Memory Lane
Microsoft Founder Bill Gates

It’s mid-1990.  Few lawyers were eager and early adapters of e-mail.  The Bar only “warmed” to electronic communications only because clients demanded it:
In Microsoft’s case, we insist that all of our lawyers have electronic mail.  We won’t deal with them unless we have that kind of access.
Christie and Aarons, Bill Gates Tells Law Firms: No E-mail, No Deal, Colorado Journal, May 23, 1997, p. 2. 

Almost immediately the question arose whether there was an ethical duty to encrypt confidential Internet communications.  Public and private key encryption then was kludgy; clients hated it, and so did lawyers.  The thought that lawyers might have to encrypt e-mail was a bummer.

Fortunately, throughout the 1990s, and with surprisingly few exceptions, one bar after another reached the conclusion that Internet e-mail is reasonably safe, even without encryption.  See Delaware State Bar Ass’n Committee on Professional Ethics Op. 2001-2 (communications by e-mail and cell phones do not violate Delaware Rule 1.6 absent exceptional circumstances, such as where an attorney should reasonably anticipate the possibility of disclosure or interception); Supreme Court of Ohio Board of Commissioners on Grievances and Disputes Opinion 99-2 (April 9, 1999) (encryption of e-mail not required).  Accord N.Y. State Bar Ass’n Committee on Professional Ethics, Opinion 709 (Sept. 16, 1998); D.C. Bar Opinion No. 281 (Feb. 18, 1998); Alaska Bar Ass’n Opinion 98-2 (Jan. 8, 1998); Pennsylvania Bar Ass’n Committee on Legal Ethics and Professional Responsibility Informal Opinion 97-130 (Sept. 26, 1997); Vermont Bar Ass’n Committee on Professional Responsibility Opinion 97-5; Illinois State Bar Ass’n Committee on Professional Ethics Opinion 96-10 (May 16, 1997); South Carolina Bar Ethics Advisory Opinion 97-08 (June 1997); Arizona State Bar Committee on Rules of Professional Conduct Opinion 97-04 (April 7, 1997).

Near the end of this long line, on 10 March 1999, the ABA issued Formal Opinion 99-413.  Coming so late, Opinion 99-413 was not significant for its conclusion, but rather for its weight as the opinion of the author of the Model Rules.  The opinion, however, did a nice job of synthesizing the work that went before it, and in focusing on the overriding issue of the reasonableness of the expectation of confidentiality, instead of Internet as the technology de jour:
The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail.  It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of the law.
ABA Opinion 99-413 concluded that Internet e-mail was no less secure than “U.S. and commercial mail, land-line telephonic transmissions, and facsimiles,” and should not be singled out for separate treatment.

Earlier ethics opinions had suggested that the same general precautions and guidelines regarding client communications over cellular telephones and fax machines should apply to Internet e-mail.  See, e.g., Alaska Bar Ass’n Opinion 98-2; Iowa Ethics Opinion 96-1 (1996); North Carolina Ethics Opinion 215 (1995); Colorado Bar Ass’n Opinion 90. 

Surely, consideration of the sensitivity of the communication, and providing cautionary warnings to clients who may not appreciate the potential vulnerability of interception, is good practice in all transmissions over evolving technologies.  However, a pronouncement that the failure to encrypt could subject an attorney to professional discipline in the event of interception – at least absent a clear and convincing showing that the communication was so sensitive that any risk of possible interception is was too great – would have imposed an unacceptable burden on then-burgeoning e-commerce. 

ABA 99-413’s ultimate conclusion that, e-mail encryption was generally not required, was correct for its time.  However, as I wrote in 2003:
[T]he only constant in technology is change.  While the law currently concludes that encryption is not required to protect the confidentiality of routine attorney-client communications sent via e-mail, should SMTP become more vulnerable to interception and/or encryption become easier for clients and lawyers to use, this conclusion should change.  Lawyers everywhere are well advised to . . .  focus not on the medium of the communication, but rather on the exercise of reasonable care.
Charles F. Luce, Jr., Legal Ethics on the Internet, 7 J. of Internet Law 1 (Oct. 2003).  This admonition is also one of the principle precepts of new ABA 477R.

Back the Future: Communication, Confidentiality, & Competence

The First iPhone - 2007
Much has happened since 1999.  This year the iPhone celebrates its tenth anniversary.  The iPad is only three years younger.  We’ve moved from slow dial-up and slightly faster DSL, to blistering broadband and mobile data speeds that match it.  Our work now follows us everywhere – on our commute, to our homes, on vacation, even into the loo.  So do the bad guys, in increasing numbers and with greater ability to hack and intercept our communications. 

Rule 1.4 requires lawyers that communicate regularly with clients to keep them informed, so they are able to make informed decisions regarding their legal matters.  These days those communications occur primarily or exclusively by e-mail.  Cobwebs gather on lawyer’s in-boxes, which now serve mainly as compost collection centers for interoffice and other junk mail.  

Rule 1.6(c) prescribes that client communications must be, and remain, confidential.  Specifically lawyers must “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” 

Combined, Rules 1.4 and 1.6 compel that attorneys be competent in the technology they use.  If some lawyers were unable to connect these dots themselves, revisions to the ABA Model Rules since 1999 have made the duty of technological competence explicit.  Comment [6] to Model Rule of Professional Conduct 1.1 states:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
(Emphasis added.)  Comment [8] to Colo. RPC 1.1 is substantially identical:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, and changes in communications and other relevant technologies, engage in continuing study and education, and comply with all continuing legal education requirements to which the lawyer is subject.
(Emphasis added.)    See also Comments [18] and [19] to Colo. RPC 1.6 (discussing at length the duty to “make reasonable efforts to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure”)

ABA 477R recognizes the evolution of “the role and risks of technology” since 1999, and that “today, many lawyers primarily use electronic means to communicate and exchange documents with clients.”  These communications “now regularly use a variety of devises to create, transmit and store confidential communications” which “offer an opportunity for the inadvertent or unauthorized disclosure of information relating to the representation . . . .”

No kidding.  Last June I recorded a webinar for National Business Institute called Legal Ethics: Smart Phones and Tablets in Legal Practice.  To prepare for this program I immersed myself in the latest means of intercepting communications and protecting communications against unauthorized access.  Moving faster than Moore’s Law, just twelve months later the state of the Spy vs. Spy has already moved on, and will continue to do so. 

As just one example, in June 2016 WhatsApp was considered state-of-the-art for end-to-end encrypted technology.  By March 2017, fresh revelations regarding CIA hacking tools made by WikiLeaks had cast some doubt on that assumption, though encrypted chat apps remain a solidly secure communications link provided the proper protocols are observed by users.


Guiberson’s Law

At one of the first ABA TECHSHOWs I attended I was fortunate enough to take in a presentation by Houston attorney Sam Guiberson. PowerPoint presentations were all the rage that year – the more glittering graphics and animations the better.  But not Sam’s.  Other than having his notes on a laptop discretely shielded by the lectern there was not a slide. 

Sam is not merely a pioneer in the use of technology in law, but also a spell-binding orator.  His deliberate eschewal of technology underscored his presentation’s central theme:  The only skill worth cultivating is adaptability. 

The ABA made audio tapes of every presentation at this TECHSHOW available for $5.  I bought Sam’s and gave it to our firm’s management committee, telling it, “You need to listen to this.”  I wish I had kept the tape myself, but the lesson of Sam’s sermon has stuck with me without the need for auditory reinforcement.

Do you remember MousePerfect? (Heck, do you remember WordPerfect?).  How about QEMM for managing computer memory?  Discovery ZX for DOS?  386 chips?  None of these survive.  My collection of computer antiquities is truly impressive.  They illustrate Guiberson’s Law that the only skill worth cultivating is adaptability – together with the mindset that one must always be alert to change and adapt to it.
This understanding is what led the authors of Opinion 477R to prudently adopt the philosophy of the ABA Cybersecurity Handbook, which:
rejects requirements for specific security measures (such as firewalls, passwords, and the like) and instead adopts a fact-specific approach to business security obligations that requires a “process” to assess risks, identify and implement appropriate security measures responsive to those risks, verify that they are effectively implemented, and ensure that they are continually updated in response to new developments.
How does a busy lawyer find time to keep abreast of the latest developments in communications technology?  She makes time.  She attends technology CLEs, or she hires the expertise to make reasonably certain that client confidential information is appropriately protected.  There is no “pass,” no excuse, for an attorney who uses modern technology to fail to learn how it works, what its vulnerabilities are, and to actively safeguard against the risk of inadvertent or unauthorized disclosure.  It is no more acceptable for an attorney who is not a multiengine turbo rated pilot to offer to fly a client to a business meeting in a Beechcraft King Air, than it is for the same attorney to send the client’s confidential information over unsecured public Wi-Fi without encryption. 

Don't Fly, or Wi-Fi, Without Proper Training
Thus, Revised Opinion 477R spends the bulk of its text focusing not on the technology de jour, but rather on the enduring human factors and suggesting a process by which attorneys can identify and assess communications risks, and “implement appropriate security measures responsive to those risks.” 

Some Wisdom Endures

For several months the Colorado Bar Association has been working to update its Opinion 90, originally published in 1992 – the year after the World Wide Web was launched by CERN and Pretty Good Privacy (PGP) encryption was released by Philip Zimmerman – and long before most lawyers were online.  Today, Opinion 90’s reference to cordless phones and modems is downright quaint.  However, the subcommittee revising the opinion wisely decided to keep its conclusion:
It is impossible to predict how technological advances will alter the means by which communications can be conveyed or intercepted.  However, regardless of technological developments, the attorney must exercise reasonable care to guard against the risk that the medium of the communication may somehow compromise the confidential nature of the information being communicated.
Nothing written before or since so succinctly summarizes the guiding principal for at the dawn of the third millennium.

Saturday, June 10, 2017

CHEEZO Ride Again!


CHEEZO Rides Again!
CHEEZO is a gift that keeps on giving, at least for this blogger. 

I first wrote last December about a criminal defense attorney’s use of the Colorado Rules of Professional Conduct to make the Internet safe for child predators.  CHEEZO’s story went national, which led to an invitation from Law360 to contribute an updated article to its excellent Legal Ethics Section in February.  Then, with two new blogs in production, this week CHEEZO again caught the public’s attention.  My comments on ABA Opinion 477R will just have to wait.

Earlier this week the Colorado Supreme Court posted a Notice of Public Hearing and Request for Comments on a proposed change to Colo. RPC 8.4(c).  ABA Rule 8.4 is the primary basis on which attorneys have been disciplined for conducting or directing pretextual investigations.  The proposed change is one I have been advocating for since 1999, and was the subject of the very first article posted on ColoradoLegalEthics.com in April 2012.

The proposed rule change would revise Rule 8.4 by adding an exception to the end of subsection (c):

It is professional misconduct for a lawyer to:
            . . . .
(c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation, except that a lawyer may advise, direct, or supervise others, including clients, law enforcement officers, or investigators, who participate in lawful investigative activities;

No other changes are proposed, either to Rule 8.4’s Comments or other rules.  The deadline for submitting written comments is 5 September 2017.  The hearing is scheduled for 14 September at 1:30 p.m.

The court was stirred to action by a Petition for Original Writ Under C.A.R. 21 (“Petition”) filed 5 May 2017 by Colorado Attorney General Cynthia Coffman seeking “a court order enjoining [Attorney Regulation Counsel] from proceeding against a government lawyer solely for supervising or providing legal advice to assist with a lawful undercover investigation.”  Petition at 8. 

It’s about time. 
The Colorado Supreme Court has ignored this important issue for decades, despite periodic pleas from the U.S. Attorney for the District of Colorado, whose members frequently supervise the activities of federal agents engaged in undercover and pretextual investigations, and occasional criticism from this author and others. 
The Oregon Supreme Court addressed this issue 15 years ago, amending its Rule 8.4 in 2002, although not before receiving harsh criticism following the hardline position it took in In re Gatti., 330 Or. 517, 8 P.3d 966 (Or. 2000).  In re Gatti adopted a zero-tolerance policy against lawyer pretexting, similar to that taken by the Colorado Supreme Court two years later in In the Matter of Mark C. Pautler, 47 P.3d 1175 (2002).  However, whereas the Colorado Supreme Court followed Oregon’s lead in brooking no exception to Rule 8.4’s prohibition against “conduct involving dishonesty, fraud, deceit or misrepresentation,” it took no action to fix the problem until the filing of Attorney General Coffman’s Petition, which announced that the Attorney General’s Office was suspending all undercover operations until the court acts on the Petition.
The proposed amendment to Colo. RPC 8.4(c) is similar to, though more succinct, than Oregon RPC 8.4(b).  Neither permits an attorney to personally act as an undercover investigator, only to advise and supervise nonlawyers regarding covert activities.  The approach is somewhat analogous to that taken by the Colorado Supreme Court in adopting Comment [14] to Colo. RPC 1.2, which brokered a solution to the ethical Symplegades faced by Colorado lawyers, namely that the illegality of marijuana cultivation and distribution under the federal Controlled Substances Act seemingly barred attorneys from counseling clients regarding Colorado’s complex cannabis regulations, even though the Colorado Constitution makes such activities legal.  (I blogged on this topic in A Curious Comment: The Colorado Supreme Court Addresses the Pot Paradox.) 
Does the proposed change go far enough, either in providing guidance to Colorado lawyers or serving the ends of justice?  I haven’t decided yet.  The only thing certain is this: I know what I’m doing at 1:30 p.m. on 21 September.

Saturday, May 13, 2017

“Reply to All” and other E-mail Gotchas




A recurring “reply to all” ethics issue recently got me thinking again about e-mail.  It’s wondrous, magical, essential, and occasionally mysterious and frustrating.  It leaves an easily-mined evidentiary trail like paper never could, at least for those without a private e-mail server and a license for BleachBit.  It also presents a host of recurring ethical and risk management issues for lawyers.

In 2013 I wrote A Week Without E-mail! describing my firm’s experience and lessons learned when our e-mail abruptly stopped flowing.  The focus of that piece was lawyers’ over-dependence on e-mail, and the need to have a personal “Plan B” when things go south.  As I observed then, “We have become addicted to Internet e-mail which, for attorneys, turned out to be the ‘Killer App.’”   It surely can be from an ethics and risk management standpoint.
 
Haste Makes Claims (and Poor Lawyering)

Speed kills.  So does its cousin, Haste.  The march of technology has had an ironic and potentially dangerous effect on a profession that lives and dies by the billable hour.
The Revolutionary Selectric II

When I began practicing in 1981, written communications with clients was primarily made using an IBM Selectric II typewriter and the U.S. Postal Service.  The process took, and more importantly, allowed time for reflective thought.  A letter or memorandum typically went through a few drafts, and was committed to paper by our able legal assistants – who we called “secretaries” in that unenlightened era.  As a result, attorneys were not concerned for even a nanosecond about fonts, suppressing errant footers, fixing auto-numbering run amok, or any of the myriad of nonlegal concerns associated with word processing and e-mail programs.  Our sole focus was the law and applying it to a client’s situation.  If we could provide our client with a written answer in a week we were considered highly responsive.

Quip: a very early fax machine
Then came the fax machine.  Early 1980s faxes were expensive and printed on a continuous roll of thermal paper that curled to produce something akin to a scroll.  Everyone hated them.  You had to unroll them to read them, and if you let go – even for even a second – they snapped back into scroll shape to bite you, like Giovanni Jones’ shirt in the 1949 Bugs Bunny classic Long-Haired Hare.  They were also expensive, and so failed to achieve significant penetration in the legal market.

Giovanni Jones
The game changed when cheap plain-paper faxes arrived in the mid-80s.  Like crack dealers, traveling fax salesmen would leave a fax machine with a lawyer on a “free sample” basis for a month or two.  I doubt any were ever returned.  Lawyers were hooked.

But while plain-paper fax machines dramatically reduced the time clients expected to receive a response, the process of providing legal advice was itself largely unaltered.  Lawyers still dictated letters which were transcribed by their secretaries legal assistants, before being transmitted, and this still took and allowed time for thought. 

However, the seeds of Haste had been sown.  Whereas before the daily arrival of the mail was a mundane event, the receipt of a fax screamed “URGENT!” whether it actually was or not.  The speed of transmission implied urgency. Runners would appear breathlessly in my doorway heralding, “Mr. Luce, it’s a fax for you! IT’S A FAX!” expecting me to drop everything.  McLuhan was right.

The ascendancy of e-mail in the 1990s to become the primary means of commercial communication was qualitatively different.  It was not merely faster, it fundamentally transformed the process of how lawyers responded to clients.  It cut legal assistants out of the communications loop almost entirely, and turned lawyers into clerk typists. 

Lawyers, many of whom until then had a personal computer purely for show, began to put down the yellow pad and pick up the mouse.  They quickly learned that, when e‑mail is really flowing, Outlook’s default configuration makes a P.C. light-up and sound like a pinball machine.  Competitive by nature, many attorneys willingly cast themselves in the role of the “Bally Table King.”

The REAL Bally Table King

For many attorneys, at least those who could type, the Pavlovian pop-up alerts, bells and whistles accompanying the arrival of e-mail were irresistible – they demanded immediate attention, created a sense of excitement and urgency, and conditioned lawyers to drop everything and respond in haste.  With legal assistants now cut out of the loop and largely relegated to playing Solitaire, a reflective process was replaced by a reflexive one. 

Faster! Faster!
The immediacy of e-mail caused some lawyers to treat the increasing barrage of incoming messages like a game of electronic Whack-A-Mole.  Taking up the challenge, a dangerous mindset of “I can answer that complex legal issue in 60 seconds!” set in.  Those who couldn’t rise to the challenge were likely to quickly feel overrun by the unceasing bombardment – like Lucy and Ethel working on the chocolate assembly line 

This “Whack-A-Mail” mindset, which persists today, is a detriment to clients, as well an attorney’s professional wellbeing – even health.  The risks associated with TIADD – “Technology Induced Attention Deficit Disorder” – as both a medical issue and “a new foundation for inefficiency and vulnerability” are widely recognized.  While online legal databases and expert systems now bring a world of information to our fingertips at the speed of fiber optic cable, the ability to thoughtfully process and synthesize the firehose of available data into professional advice that is both sound and useful to our clients cannot hope to match pace.  Speed kills.  So does Haste, and should you succumb to it, it will get you sued.

Whack-A-Mail
A Few Practice Pointers to Overcome the “Whack-A-Mail” Mindset:  

1.     Experienced trail riders know that even the most docile plug becomes a Kentucky Derby contender when the barn comes into view.  So too, the adrenal rush that occurs when the end of a long project draws nigh can overpower professional prudence.  It takes considerable willpower to overcome the natural urge to sprint to the finish line, but overcome it a prudent lawyer must. 

If there is truth in the common wisdom that it takes 90% of the effort to complete the last 5% of a legal task, the same may be said of the allocation of professional liability risk.  Train yourself to recognize the urge to speed up at the end of a project, and condition yourself to instead slow down and take the time necessary to make sure it is completely debugged.  If you can learn to do this and keep your head, while all around are losing theirs, you will be rewarded by a sense of calm and clarity that will benefit your clients and add years to your life.
2.    Put your legal assistant back in the loop.  Being your own echo chamber rarely enhances legal product.  I not only ask my assistant to proofread my work, I ask her to comment on it. Does it scan well?  Is she persuaded by my argument or analysis?  Have I missed something?  Most of our assistants are not just skillful word processors, they are college educated and intelligent.  Get your money’s worth.  Use them. Your clients, your assistant, and you will all be rewarded.
Ludwig van Beethoven
3.    While you’re at it, reacquaint yourself with – or if you have never been introduced, learn how to use –a Dictaphone®.  Dictating is a dying art, but one worth mastering.  Even the fastest typist cannot type as fast as they can speak.  Moreover, when you dictate, you can pace, which for many helps the creative juices flow.  Beethoven, Tchaikovsky, and Mahler composed while walking in the woods.  Try doing that with a keyboard and a mouse. 

Dictating has two other benefits: It lowers the client’s overall bill by not turning a lawyer into a $450 per/hour typist.  More importantly, it the process creates time and space for reflective legal thought, which may actually be worth $450 per/hour.
4.    Ask your client for realistic deadlines.  Then stick to them.  Many lawyers erroneously assume that every e-mail demands an immediate response.  LIFO is one way to prioritize work, but it’s not a good one. 

Rule 1.4 requires lawyers to communicate with our clients, and to “reasonably consult . . .  about the means by which the client’s objectives are to be accomplished.” Do that.  Some of the most important client communication occurs at the outset of a project.  Most clients – at least the ones worth keeping – are reasonable.  They understand, even if they don’t like to hear, that you have other clients and other responsibilities which may be more pressing.  So when a new project arrives by e-mail, either promptly reply or, better yet, pick up the phone, and discuss with your client when they need it by and what level of detail and effort they expect.  Agree upon these things, then calendar and honor the deadlines you agreed to.
 
The AutoComplete Trap

The insidious pressure to attempt to match the speed of our information and communications systems is a fool’s errand.  Because of its subtle and profound effect on a lawyer’s analytical process and exercise of professional judgement, yielding to this pressure may be the greatest danger of spawning ethics violations and risk management issues.  There are, however, a few standard features of e-mail programs that create predictable ethics and professional liability risks which, if understood and guarded against, can be mitigated.

Microsoft Outlook, the ubiquitous e-mail program for personal computers, and Apple Mail, have several features engineered to facilitate electronic communication.  One such feature that eventually bites even the most careful lawyer is AutoComplete. 
 

Outlook maintains the AutoComplete list. The list is used by both the automatic name-checking feature and the automatic completion feature. The AutoComplete list, also known as the nickname cache, is generated automatically when you send email messages from Outlook. The list contains SMTP addresses, LegacyExchangeDN entries, and display names for people to whom you have sent mail previously.

Translation: AutoComplete monitors text as it is being typed in the “To,” “Cc,” or “Bcc” fields of an
e-mail message, and attempts to anticipate the addressee based on prior e-mail recipients or from information stored in Outlook’s Contacts.  It then automatically suggests and completes the address based on predictive logic.  This feature is not unique to Outlook or Apple Mail, and is a godsend to anyone who uses Quickbooks®.  It does, however, have a downside when used in haste – sometimes it guesses wrong.

For example, our firm once had an employee name Todd Morse, whose initials were “TAM.”  These initials were also his Outlook short-cut.  I frequently sent e-mail from my work Outlook to my daughter Tammy.  More than once I fell into the AutoComplete trap.  Here’s how it worked:

After typing the letters “Ta” for “Tammy” in the “To:” field of the e-mail message, Outlook would display Tammy’s name as the sole AutoComplete option.  Because I am a fast typist, once or twice I was in the process of adding the letter “m” before I saw that AutoComplete had filled in Tammy’s name.   Having by this time already pressed the letter “m”, I then rapidly hit “Enter” to select Tammy’s name, followed by a dramatic bang‑bang flourish of “Ctrl-Enter” (the keyboard shortcut to send e-mail).  Before my horror-struck eyes, I watched as AutoComplete changed Tammy’s name to Todd’s and launched the message to him before I could hit “Escape”  This only resulted in a few interoffice laughs with Todd, but imagine if, instead, Tammy were a client and the AutoCompleted name was that of opposing counsel.  Not so LOL.

The potential for AutoComplete mischief is limitless and potentially dangerous.  All you need is more than one “John” or “Sarah” in your nickname cache and a little haste in sending and voila! – you just violated Rule 1.6 by revealing information relating to the representation of a client without permission.  

The AutoComplete Trap: Set to Spring

The risk of an AutoComplete SNAFU is exacerbated because of the natural tendency to want to move onto the next task.  If one has avoided the perils of the “Whack-A-Mail” mentality, labored long and hard on a thoughtful client e-mail, and spell-checked and proofread your work, completing the “To” field seems like a mindless task, made even more mindless through the magic of AutoComplete.  But a seasoned lawyer knows this is precisely time to slow down and exercise caution.

Just as I have conditioned myself to habitually hit Ctrl-S (the keyboard shortcut to save a document or e-mail) whenever I pause or am interrupted while typing, all those misdirected e-mails meant for Tammy have taught me to pause before sending.  I have trained myself to actually put my hands in my lap while I carefully read each recipient’s name before sending.  Even with this protocol in place I have been bitten at least once by AutoComplete. 

Practice Pointers to Avoid an AutoComplete Disaster:  

1       In addition to training yourself to stop and look before sending, if AutoComplete frequently serves up names of persons you rarely, if ever, communicate with, when the AutoComplete options are displayed you can arrow-down and delete ones you don’t want to see again, wiping them from the AutoComplete menu unless they are re-entered.  If you have enough self-awareness to know that you are prone to haste, as an extra precaution, use this technique to delete all names of opposing counsel from the nickname cache.
Activate the Omega 13!

       2.      A partner of mine has configured his Outlook with a 3-minute "delivery delay rule."  Once he presses "send" the e-mail sits in Outlook for three minutes before launching.  A delivery delay rule can be configured for any length of time.  Although three minutes may not seem like much time, as Commander Peter Taggart cogently observed, even 13 seconds "would be enough time to redeem a single mistake."




Gear-Up Landings Happen
3.       There is a widely-quoted saying in aviation that there are two kinds of pilots who fly retractable gear aircraft:  Those who have accidentally landed gear-up, and those who will. 

Checklists, recurrency training, and adopting a “sterile cockpit” protocol for approach and landing all mitigate this risk, yet an untimely distraction can occasionally cause even the most careful pilot to perform an unintentional belly landing.  The result is almost always expensive – damaged belly skin, bent props, and an engine overhaul (two if you are flying a twin).  So, too, it is nearly inevitable that even the most careful lawyer will someday watch in horror as her e-mail is misdirected through the combination of haste and AutoComplete.

When that day arrives, after uttering a few choice invectives, a Colorado lawyer should reach for Rule 4.4(c).  This Rule provides that “a lawyer who receives a document relating to the representation of the lawyer’s client and who, before reviewing the document, receives notice from the sender that the document was inadvertently sent, shall not examine the document and shall abide by the sender’s instructions as to its disposition.” 

Take advantage of Rule 4.4(c) by sending an immediate follow-up e-mail.  Use a subject line such as “PLEASE DO NOT READ PREVIOUS E-MAIL.”  Add a “High Importance” exclamation mark and a delivery and read-receipt.  The text should state that your prior e-mail was misdirected, and politely ask the attorney or other unintended recipient to please delete it without reading it.  Even nonlawyers, who are not bound by Rule 4.4(c), usually understand the operation of karma and observe the “Golden Rule,” and thus will usually respect such a request if timely made.  Remember, too, to pay all such requests you receive forward. 
 
Welcome to ALT-Hell!
“Reply to All,” or Welcome to ALT-Hell

“Reply to all.”  It’s instinctive.  It’s easy.  It even has keyboard shortcut:  ALT-L.  But to attorneys who have inadvertently wandered into this potential ethics booby-trap, it’s ALT-HELL, and we have all stood at its gates.

Imagine this scenario:  You represent a Seller in an M&A deal.  Buyer is a sophisticated billionaire.  Closing is a week away.  You’ve had several meetings which all lawyers and their clients attended.  Things so far have been cooperative, or at least cordial, but there is a contentious earn-out provision yet to be agreed upon, and its crunch time.  Buyer’s counsel sends you an e-mail attaching a draft with proposed language favorable to her client and copies her partner, associate, and client.  She asks for Seller’s response ASAP, You suggest some revisions more favorable to your client, and in the interest of time respond to Buyer’s counsel by “replying to all.”  Within the hour you receive a curt reply claiming that you have violated Rule 4.2.  You’ve just fallen into the Alt-Hell booby-trap.

Don't Fall Into the ALT-Hell Booby-Trap!
Colo. RPC 4.2 provides:
In representing a client, a lawyer shall not communicate about the subject of the representation with a person the lawyer knows to be represented by another lawyer in the matter, unless the lawyer has the consent of the other lawyer or is authorized to do so by law or a court order.
Even among lawyers who forget everything else from their Professional Responsibility law school class, the no-contact rule seems to be one lesson that sticks – at least until they encounter it in a different context, such as using “reply to all” in an e-mail.  The policy of the Rule is three-fold, and clearly articulated in its Comments:

 This Rule contributes to the proper functioning of the legal system by protecting a person who has chosen to be represented by a lawyer in a matter against possible overreaching by other lawyers who are participating in the matter, interference by those lawyers with the client-lawyer relationship and the uncounselled disclosure of information relating to the representation.
 
Colo. RPC 4.2, Comment [1] (emphasis added).
 
Case law and ethics opinions are crystal clear that an attorney does not comply with Rule 4.2 by concurrently sending a hardcopy letter to opposing counsel and her client.  See, e.g., AIU Ins. Co. v. Robert Plan Corp., 851 N.Y.S.2d 56 (N.Y. Sup. Ct. N.Y. Cnty. 2007) (plaintiffs' lawyer violated the no-contact rule by sending a letter to directors of the defendant corporation with a copy to the company's counsel without defendant’s counsel’s prior consent); Restatement (Third) of Law Governing Lawyers § 99 cmt. f (2000) (“Under the anti-contact rule of this Section, a lawyer ordinarily is not authorized to communicate with a represented nonclient even by letter with a copy to the opposite lawyer . . . .”).  It matters not that the letter was in response to letter from opposing counsel on which her client was cc’ed.  See New York City Bar Ass'n Comm. on Professional and Judicial Ethics, Formal Op. 2009-1 (lawyer’s use of cc: in demand letter did not constitute consent to communicate directly with represented party in response). 

Communication by e-mail, on the other hand, has resulted in somewhat less dogmatic ethics opinions.  See, e.g., Ass’n of the Bar of the City of NY Comm. on Prof’l and Judicial Ethics, Formal Op. 2009-1;   CA Standing Comm. on Prof’l Responsibility & Conduct, Formal Op. 2011-181;and N.C. State Bar Formal Op. 7 (2013). 

While the applicability of Rule 4.2 is subject to several conditions, for purposes of applying Rule 4.2 all of these opinions assume an attorney who is “representing a client,” and “knows” the nonlawyer “to be represented by another lawyer” in a “matter.”  Thus the sole inquiry is whether the “consent of the other lawyer” must be express, or may be implied. 

Construing DR 7-104(A)(1), the nearly verbatim precursor to Rule 4.2, the Association of the Bar of the City of New York Committee on Professional and Judicial Ethics found that, while generally consent may not be implied from the mere fact that opposing counsel has copied her client:

[I]n the context of group email communications involving multiple lawyers and their respective clients, consent to “reply to all” communications may sometimes be inferred from the facts and circumstances presented. While it is not possible to provide an exhaustive list, two important considerations are (1) how the group communication is initiated and (2) whether the communication occurs in an adversarial setting.

City of New York Formal Op. 2009-1.

Three years later the Standing Committee on Professional Responsibility and Conduct of the State Bar of California considered whether there are circumstances under which consent may be properly inferred in the context of “reply to all” under California’s version of the anti-contact rule: 

While representing a client, a member shall not communicate directly or indirectly about the subject of the representation with a party the member knows to be represented by another lawyer in the matter, unless the member has the consent of the other lawyer.

Rules of Professional Conduct of the State Bar of California, Rule 2-100(a).  Building on City of New York Formal Op. 2009-1, California Formal Op. 2011-191 provides an even more exhaustive checklist to consider in determining whether consent may be ethically inferred:

  •  Whether the communication is within the presence of the other attorney;
  • The prior course of conduct between the attorneys;
  • The nature of the matters (finding that “[t]acit consent to communications with a represented party may be found more often in transactional matters as compared with adversarial matters” because “transactional matters may be more collaborative or neutral than litigation matters.”);
  • How the communication is initiated and by whom;
  • The formality of the communication. (finding “[t]he more formal the communication, the less likely it is that consent may be implied. For example, whereas under the proper circumstances, a ‘Reply to All’ email communication might be acceptable, copying the represented party in a demand letter to the other attorney would be difficult to justify.”);
  • The extent to which the communication might interfere with the attorney-client relationship;
  • Whether there exists a common interest or joint defense privilege between the parties;
  • Whether the other attorney will have a reasonable opportunity to counsel the represented party with regard to the communication contemporaneously or immediately following such communication; and
  • The instructions of the represented party’s attorney.

The following year the North Carolina State Bar also considered whether and when permission to “reply to all” may be ethically assumed under Rule 4.2.  See N.C. Bar Formal Op. 7.  Reviewing the New York City and California State bar opinions, and observing  that “[t]he Restatement of the Law Governing Lawyers [also] provides that an opposing lawyer’s consent to communication with his client ‘may be implied rather than express.’ Rest. (Third) of the Law Governing Lawyers § 99 cmt. J,” the North Carolina Bar concluded:


There are scenarios where the necessary consent may be implied by the totality of the facts and circumstances. However, the fact that a lawyer copies his own client on an electronic communication does not, in and of itself, constitute implied consent to a “reply to all” responsive electronic communication. Other factors need to be considered before a lawyer can reasonably rely on implied consent. These factors include, but are not limited to: (1) how the communication is initiated; (2) the nature of the matter (transactional or adversarial); (3) the prior course of conduct of the lawyers and their clients; and (4) the extent to which the communication might interfere with the client-lawyer relationship.


A more recent abstracted letter opinion of the Colorado Bar’s Ethics Committee also considers the “Propriety of ‘Replying to All’ Recipients of E-Mail from Opposing Counsel Who Include Opposing Counsel’s Client.”  Colo. Bar Ass’n Ethics Comm.  Letter Abstract No. 2014–4

Conceding that “[n]either the rule nor the comments discuss whether the ‘consent of the other lawyer,’ . . . , must be express or may be implied,” the Colorado Bar’s conclusion cautions against inferring consent from the inclusion of a represented party in an e-mail from opposing counsel:

Absent consent by opposing counsel, any communication made to a represented party, even if inadvertent, likely would violate Colo. RPC 4.2. No bright-line rule exists for inferring consent, and implied consent should rarely, if ever, be presumed.
 
Other Risks of ALT-Hell

While Rule 4.2 has been the primary focus of “reply to all” ethics opinions, other risks arise when you include your own client is an e-mail to opposing counsel.

For example, your client may, in turn, “reply to all” without realizing that not all recipients included in the e-mail fall within the class of persons protected by the attorney-client privilege, thereby inadvertently waiving the privilege.  Or your client may end up caught in an unsavory crossfire of legal sparing among counsel.  Still worse, your client may decide to join the fray and participate in the shootout without first consulting you.  William F. Swiggart has written a great piece for the ABA Business Law Section called Enemy by E-mail detailing these and other scenarios which may result when you include your own client in an e-mail to other counsel.


Escape ALT-Hell
Avoiding ALT-Hell: Practice Pointers: 

1.    By far the safest course is to obtain opposing counsel’s express consent before including her client in a “reply to all” e-mail, and not assume that inclusion by opposing counsel’s constitutes implied consent for you to do the same.

2.     Absolutely obtain opposing counsel’s express consent before initiating an e-mail that includes her client.

3.     Identify and verify each addressee in an e-mail before “replying to all” – a represented party, or a person who is considered to be a represented party when dealing with an entity, may have been included in the e-mail from opposing counsel.  Delete any addressee you do not recognize before replying. 

4.     Beware of including or adding your own client in an e-mail with opposing counsel.  Instead, forward a copy of such communications to your client by a separate e-mail. This completely eliminates the possibility that your client can “reply to all” and inadvertently waive the attorney-client privilege or make concessions or admissions that may hurt its cause.

5.      Also be wary of using the short-cut of blind-copying your client in an e-mail to opposing counsel.  While savvy “Bcc” recipients will understand its use, and realize it is not an invitation to “reply to all,” some may not, or may not realize they were included only as a blind-copy.  (Bill Swiggart’s article has an excellent exposition on the risks of using “Bcc.”)  Again, it is safer to forward communications your client separately, which also provides an opportunity for you to confidentially explain the import of a communication or strategy.



6.     Educate your client not to communicate directly with opposing counsel or an opposing party.  

7.     Are there instances where consent to directly communicate with an opposing counsel’s client may be reasonably inferred?  Of course there are.  None of the ethics opinions addressing this issue has held otherwise.  For example, in a business transaction where drafts or documents are being exchanged without accompanying narrative or argument for or against a position, and the practice of “replying to all” has been established, it is entirely reasonable to infer consent.  The factors discussed in the City of New York, California, and North Carolina Bar opinions are good checklists for assessing when is reasonable to assume consent has been implied.  Of course, in the time it takes you to consider these, you could pick up the phone and ask opposing counsel if it is okay to copy her client.

8.     Conversely, if a communication involves argument, or an attempt to persuade the other side, do not include opposing counsel’s client, even if they have been included in earlier e-mail communications.  Be alert that the dynamics of a negotiation can change, sometimes rapidly, and that while consent may have been reasonably inferred in prior, neutral communications, it may not be reasonable to infer consent for communications containing greater advocacy.

9.     Never infer consent to communicate with a represented party in litigation.

10.   When in doubt, ask opposing counsel if she would like you to include her client in e-mail communications and discuss the parameters of that consent.  It’s good practice to exchange e-mail messages reflecting your mutual understanding following such a discussion.

11.   Finally, if you your client is on the receiving end of a “reply to all” communication that offends you, don’t be a Rule 4.2 butthead – it was your decision to include your client in the initial communication that created the possibility for a “reply to all” transgression in the first place.  Resist the urge to fire off an e-mail flame in response; and if you can’t, for God’s sake do not “reply to all!” 

E-mail communication has the psychological effect of insulating persons from their humanity.  It’s like being in one’s car during rush hour – call it “e-mail rage.”  Words one would never say to another in-person are lobbed like verbal grenades from the safety of our electronic bunker.  Instead, pick up the phone and have a calm, professional discussion with opposing counsel regarding the acceptable limits for including each other’s clients in e-mail (which may be to not do it).  

If you can’t resist invoking Rule 4.2, be sure read Rule 4.5(b) before you do, ‘lest your Rule 4.2 missile be countered with a Rule 4.5 (Threatening Prosecution) response.  Remember your humanity, the Golden Rule, and that karma works.