Ethics in the Digital Age in the Digital Age - 06.02.14.pdf · 2/14/2006 · Ethics in the Digital...

EVALUATION FORM

In order for us to improve our continuing legal education programs, we need your input. Please complete this evaluation form and place it in the box provided at the registration desk at the end of the session. You may also mail the form to CLE Director, NYCLA, and 14 Vesey Street, New York, NY 10007.

Ethics in the Digital Age Monday, June 2, 2014 6:00 PM – 8:00 PM

I. Please rate each speaker in this session on a scale of 1 - 4

(1 = Poor; 2 = Fair; 3 = Good; 4 = Excellent) Presentation Content Written Materials

James Bernard

Joel Cohen

Pery Krinsky

Francesca Morris

II. Program Rating:

1. What is your overall rating for this course? Excellent Good Fair Poor

Suggestions/Comments: ________________________________________________ _________________________________________________________________

A. Length of course: Too Long____ Too Short_____ Just Right_____ B. Scheduling of course should be: Earlier____ Later_____ Just Right_____

2. How did you find the program facilities?

Excellent Good Fair Poor

Comments: ___________________________________________________________

_________________________________________________________________

3. How do you rate the technology used during the presentation?

Excellent Good Fair Poor

Comments: ___________________________________________________________

_________________________________________________________________

PLEASE TURN PAGE OVER

4. Why did you choose to attend this course? (Check all that apply)

Please Turn Over � Need the MCLE Credits � Faculty � Topics Covered � Other (please specify) _______________________________________________

5. How did you learn about this course? (Check all that apply)

� NYCLA Flyer � NYCLA Postcard � CLE Catalog � NYCLA Newsletter � NYCLA Website � New York Law Journal Website � NYCLA CLE Email � Google Search � Other (please specify) ____________________________

6. What are the most important factors in deciding which CLE courses to attend (Please rate the factors 1- 5, 1 being the most important).

___ Cost ___ Subject matter ___ Location ___ Date and Time ___ Provider ___ Organization of which you are a member ___ Other______________________________________________ 6. Are you a member of NYCLA? ___ Yes ___No

III If NYCLA were creating a CLE program specifically tailored to your practice needs, what topics

or issues would you want to see presented?

ETHICS IN THE DIGITAL

AGE Prepared in connection with a Continuing Legal Education course presented at New York County Lawyers’ Association, 14 Vesey Street, New York, NY

scheduled for June 2, 2014

Program Co-Sponsors: NYCLA’s Judicial Section and NYCLA's Committee on Professional Discipline

Program Chair: Hon. Judith J. Gische, App. Div., 1st Dept.

Faculty: James Bernard, Stroock; Joel Cohen, Stroock; Pery Krinsky, Krinsky PLLC;

Francesca Morris, Holland & Knight

This course has been approved in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 2 Transitional and Non-Transitional credit hours; 2 Ethics

This program has been approved by the Board of Continuing Legal education of the Supreme Court of New Jersey for 2 hours of total CLE credits. Of these, 2 qualify as hours of credit for ethics/professionalism, and 0 qualify as hours of credit toward certification in civil trial law, criminal law, workers compensation law and/or matrimonial law.

ACCREDITED PROVIDER STATUS: NYCLA’s CLE Institute is currently certified as an Accredited Provider of continuing legal education in the States of New York and New Jersey.

Information Regarding CLE Credits and Certification

Ethics in the Digital Age June 2, 2014; 6:00 PM to 8:00 PM

The New York State CLE Board Regulations require all accredited CLE providers to provide documentation that CLE course attendees are, in fact, present during the course. Please review the following NYCLA rules for MCLE credit allocation and certificate distribution.

i. You must sign-in and note the time of arrival to receive your

course materials and receive MCLE credit. The time will be verified by the Program Assistant.

ii. You will receive your MCLE certificate as you exit the room at

the end of the course. The certificates will bear your name and will be arranged in alphabetical order on the tables directly outside the auditorium.

iii. If you arrive after the course has begun, you must sign-in and note the time of your arrival. The time will be verified by the Program Assistant. If it has been determined that you will still receive educational value by attending a portion of the program, you will receive a pro-rated CLE certificate.

iv. Please note: We can only certify MCLE credit for the actual time

you are in attendance. If you leave before the end of the course, you must sign-out and enter the time you are leaving. The time will be verified by the Program Assistant. Again, if it has been determined that you received educational value from attending a portion of the program, your CLE credits will be pro-rated and the certificate will be mailed to you within one week.

v. If you leave early and do not sign out, we will assume that you left at the midpoint of the course. If it has been determined that you received educational value from the portion of the program you attended, we will pro-rate the credits accordingly, unless you can provide verification of course completion. Your certificate will be mailed to you within one week.

Thank you for choosing NYCLA as your CLE provider!

New York County Lawyers’ Association

Continuing Legal Education Institute 14 Vesey Street, New York, N.Y. 10007 • (212) 267-6646

Ethics in the Digital Age

Monday, June 2, 2014; 6:00 PM to 8:00 PM

Program Co-Sponsors: NYCLA’s Judicial Section and NYCLA's Committee on Professional Discipline

Program Chair: Hon. Judith J. Gische, App. Div., 1st Dept.

Faculty: James Bernard, Stroock; Joel Cohen, Stroock; Pery Krinsky, Krinsky PLLC;

Francesca Morris, Holland & Knight

AGENDA

5:30 PM – 6:00 PM Registration 6:00 PM – 6:10 PM Introductions and Opening Remarks 6:10 PM – 8:00 PM Discussion *** Special thanks to Monica Hanna, Esq. for her work on the materials.

CLE MATERIALS

Ethics, Privilege & The Digital Age

Contents 1. Ethics, Privilege & the Digital Age Hypotheticals

by Jamie Bernard & Monica Hanna

2. Ethics, Privilege & the Digital Age by Francesca Morris

3. Ethics, Privilege & the Digital Age by Pery D. Krinsky

4. N.Y. Eth. Op. 709. Use of Internet to Advertise and to Conduct Law Practice Focusing on Trademarks; Use of Internet E-Mail; Use of Trade Names

5. ABA Formal Op. 99-413. Protecting the Confidentiality of Unencrypted Email

6. N.Y. Eth. Op. 842. Using an Outside Online Storage Provider to Store Client Confidential Information

7. Scott v. Beth Israel Medical Center

8. IDT Corp. v. Morgan Stanley Dean Witter & Co.

9. Shire LLC, et al. v. Amneal Pharm.

10. The ‘Ethic’ of Getting up to Speed ‘Technologically’

11. Protecting Client Information: Should Lawyers Be In ‘The Cloud’?

12. Confide, a Snapchat for the Corner Office

13. Biographies

Ethics, Privilege & the Digital Age Hypotheticals By Jamie Bernard & Monica Hanna

ETHICS, PRIVILEGE & THE DIGITAL AGE February 6, 2014

Moderated by Joel Cohen, Stroock & Stroock & Lavan LLP

Panelists James L. Bernard, Stroock & Stroock & Lavan LLP

Justice Judith Gische, N.Y. Sup. Ct., App. Div., First Dept.

Francesca Morris, Holland & Knight LLP Pery D. Krinsky, Krinsky, PLLC

Hypothetical #1

Yesterday morning, Rachel, Bob Smith’s client in an employment litigation, sent him the following email:

TO: Bob.Smith@yourfirm.com

FROM: Rachel@xyzcorporation.com

I need your help! My issues at work are getting worse. Today, my boss refused to pay me for the 30 extra hours that I worked over the last two weeks.

“Sorry, Rach, but maybe now you’ll realize you shouldn’t be suing XYZ!” he said.

What should I do?

Thanks in advance,

Rachel

_______________________

Rachel Murray Assistant Marketing Manager XYZ Corporation 123 XYZ Way Miami, FL 12345

How should Bob respond? What effect, if any, is there on your answer if Rachel emailed Bob from “Rachel@gmail.com”? “Rachel@hotmail.com”?

ETHICS, PRIVILEGE & THE DIGITAL AGE

Hypothetical #2

Yesterday afternoon, Bob received the following text from a number he didn’t recognize:

Hi. This is Rachel (on my bf’s phone). Got your email. OK- won’t email from work anymore. I cut out of work early to make up for the hours they won’t pay me. That’s OK right?

How should Bob respond?

What effect, if any, is there on your answer if Rachel used her own cell phone to text Bob?

What effect, if any, is there on your answer if Rachel used Snapchat or Confide to text Bob?

Hypothetical #3 This morning, Bob had a Skype appointment with Rachel, who was traveling, to discuss her case. When Bob connected from his office in New York, he could see that she was at a café. How should Bob conduct the appointment? What effect, if any, is there on your answer if Rachel was connected from her hotel room in Albany?

Hypothetical #4 After his Skype appointment with Rachel, Bob receives the following email:

TO: incousecounsel@xyzcorporation.com

FROM: Bob.Smith@xyzcorporation.com

CC: Bob.Smith@yourfirm.com

So, I might have said something I shouldn’t have said to Rachel. She’s been padding her hours, and I refuse to pay her the overtime. She’s been on my last nerve, and you won’t let me fire her until this whole mess is over. I know I shouldn’t have, but I told her I wasn’t paying her because she’s suing the company.

Should I do any damage control?

I’ve CC’ed my personal email here, in case you want to talk offline.

Thanks,

Bob Smith Marketing Manager XYZ Corporation 123 XYZ Way Miami, FL 12345

Bob realizes that he and Bob Smith of XYZ Corporation coincidently share the same name. Bob Smith of XYZ Corporation must have inadvertently auto-populated the CC line with Bob’s email address, rather than his personal email address as he’d intended. What should Bob do? What effect, if any, is there on your answer if the email was produced during discovery, rather than inadvertently sent to Bob?

Hypothetical #5 Rachel Murray v. XYZ Corporation is proceeding through discovery. Rachel keeps a personal blog located at, rachelsrealwords.wordpress.com, and she started using it to vent about her case. Three months ago, she posted the following:

My attorney doesn’t have a lot of faith in my case against those jerks at XYZ! I know I didn’t get the promotion because I messed up the Campbell account, but I just know that they wouldn’t have given it to me anyway because I’m a woman! How am I supposed to win my case, if my own lawyer isn’t buying it????????

There are several similar posts, and Rachel responds to comments left by friends and others. Is Rachel’s blog discoverable? Can Bob, her attorney, tell her to remove these posts? Can Rachel’s statements be deemed admissions? What effect, if any, is there on her attorney-client privilege with Bob?

Hypothetical #6 Rachel’s Facebook also contains statements regarding her case. However, only her friends can see her Facebook posts. What, if any, concerns do Rachel’s Facebook posts raise? Assume, during trial, a juror friended Rachel on Facebook and saw the comments. What effect, if any, is there on the trial?

Hypothetical #7 You’ve caught a cold and plan to work from home for the rest of the week. You are considering uploading a draft motion for summary judgment and some exhibits you received from your client, Michael, to your personal Dropbox, so that you can easily access them on your home network. Your client, Michael, has always been a technophobe and even sent you the exhibits in hardcopy to avoid the use of technology.

How should you proceed?

Ethics, Privilege & the Digital Age By Francesca Morris

Jewish Lawyers GuildFebruary 6, 2014 ■ New York, NY

Francesca MorrisHolland & Knight

Ethics, Privilege & The Digital Age

Discovery

• Under the FRCP, parties may obtain discovery regarding any nonprivileged matter relevant to any party's claim or defense, including requesting that another party "produce and permit the [requesting] party…to inspect, copy, test, or sample…any…designated documents or electronically stored information." FRCP §§26(b); 34(a).

• Although privacy concerns may be germane to the question of whether requested discovery is burdensome or improper, a litigant's expectation and intent that communications be maintained as private is not a legitimate basis for shielding relevant communications from discovery. EEOC v. Simply Storage Mgmt., LLC, 2010 WL 3446105 at *3 (S.D. Ind. May 11, 2010).

– See e.g., Mackelprang v. Fidelity Nat'l Title Agency of Nevada Inc., 2007 WL 119149 (D. Nev. 2007) (defendants had viewed the plaintiff's public MySpace profile after she had alleged sexual harassment claims against them; court subsequently held that the defendants could discover private messages exchanged with third parties that contained information regarding her sexual harassment allegations or alleged emotional distress.)

• While social network user profiles are a relatively new source of information, recent court decisions suggest the basic rights of litigants to obtain relevant, discoverable information, whether in electronic or paper form, has not changed in the face of new technology. While discovery of such “private” information is relatively common in certain types of civil actions (e.g., personal injury lawsuits where the plaintiff has placed his or her mental or physical state at issue), other actions, such as breach of contract actions, might also involve the disclosure of relevant social media communications.

• To be sure, the discovery of social network communications might be limited in scope by the trial judge based on the appropriate federal rules of civil procedure or similar state rules and a party may move for a protective order when compelled to disclose sensitive or confidential information.

Generally speaking, motions to compel social media evidence should be backed with a threshold showing that the publicly accessible portions of the party's page contain information that is clearly inconsistent with the plaintiffs' claims or would otherwise suggest that relevant postings are likely to be found by access to the remainder of, or substantial portion of the account.

Motions to Compel

• Romano v. Steelcase Inc., 2010 NY Slip Op 20388 (N.Y. Sup. Ct. Suffolk Cty Sept. 21, 2010): The defendant's review of the public portions of the plaintiff's social network pages allegedly revealed an active lifestyle that conflicted with the plaintiff's injury claims. The court rejected the plaintiff's objections to producing her social network data (including current and historical, deleted pages and related information), and ruled that the information was both material and necessary to the defense of this action and that the plaintiff could not hide relevant information "behind self-regulated privacy setting.”

• Zimmerman v. Weis Markets, Inc., 2011 WL 2065410 (Penn. C.P. May 19, 2011): The defendant requested access to the plaintiff's social media accounts based upon publicly viewable pages that showed a potential conflict between the plaintiff's current state of health and his claims of impairment of life activities. Finding Romano persuasive, the court granted the motion and found that there was a reasonable likelihood of additional relevant information on the non-public portions of the social media sites. The court deemed the plaintiff's privacy-related arguments unavailing, concluding that the plaintiff voluntarily posted the information to share with other users and could not now claim he possessed any reasonable expectation of privacy to deny the defendant access, particularly given the defendant's threshold showing of relevance.

• With hired investigators scanning the Internet looking for impeachment material to use at trial, some attorneys have begun to advise their clients to severely limit their posts on social networks or shut down their accounts during an active matter.

• Indeed, a Seattle-area personal injury/trial attorney, posted her firm’s Social Network Warning Form Letter for clients on her blog.

– “If you belong to a public social networking account such as Facebook, MySpace, YouTube, Twitter, Google Buzz, etc., we STRONGLY recommend that you close it until your case is completely over.”

– “If you choose not to close your accounts, we warn you to use great caution. Whatever you write or post, or have written or posted, will probably fall into the hands of the defense attorney or insurance company.”

– “[Do not] allow anyone to become a "friend" on a website like Facebook unless you are absolutely sure you know that person.”

– “[Do not] post any photographs or video of yourself (or enable others to “tag” you)”

– “[Do not] participate in blogs, chat-rooms, or message boards.”

Attorney-Client Communications

• Indeed, one case exhibited the danger of a client who discusses a pending case in emails and in blog posts.

• In Lenz v. Universal Music Corp., 2010 WL 4286329 (N.D. Cal. Oct. 22, 2010), a case concerning a claim against a copyright owner for sending an allegedly wrongful DMCA takedown notice, the court granted the defendant's motion to compel production of documents and testimony withheld on the basis of waiver of attorney-client privilege.

• The court ruled that the plaintiff waived attorney-client privilege with respect to her motivations for pursuing the action and specific legal strategies discussed with her attorneys based upon numerous disclosures via email and instant messaging and on her blog about the subject matter of the communications.

• However, there are ethical considerations in advising a client about social media.

• New York Rule 3.4: A lawyer shall not:

(a) (1) suppress any evidence that the lawyer or the client has a legal obligation to reveal or produce;

(3) conceal or knowingly fail to disclose that which the lawyer is required by law to reveal;

• As the official comments state: “Fair competition in the adversary system is secured by prohibitions against destruction or concealment of evidence, improperly influencing witnesses, obstructionist tactics in discovery procedure, and the like.”

Ethical Considerations

• Such practical client advice about closing a social media account or tightening privacy settings could be viewed as akin to informing a personal injury plaintiff to act carefully in public because in all likelihood the defendant’s insurance company will be conducting public surveillance.

• Moreover, no rule requires that a party create additional electronic evidence to help the adversary bolster defense.

• However, what are the ethical considerations in advising a client to close a social media account that contains evidence that contradicts the party’s prior testimony or proves that he or she lied?

– New York Rule 3.4 (a)(4): A lawyer shall not knowingly use perjured testimony or false evidence.

• What if opposing counsel finds out and accuses your client of concealing evidence?

• Beyond civil litigation, there are also numerous ethical concerns for attorneys who use social media to interact with fellow members of the bar, advertise their services to the public, and educate clients and readers about legal developments.

– For example, the Louisiana Supreme Court reprimanded a law firm's management committee for failing to supervise a non-lawyer who had posted misleading qualifications about a member of the firm on the firm's website, a problem that could also arise in social media communications. See In re Foster, No. 10-B-2118 (La. Oct. 15, 2010).

Juror Misconduct

• Technology has infiltrated the jury box. There have been myriad reports about social media activities by sitting jurors.

• Some activities may not rise to the level of juror misconduct…

– United States v. Ganias, No. 08-CR-224, 2011 WL 4738684, at *3 (D. Conn. Oct. 5, 2011) (postings such as “Guinness for lunch break. Jury duty ok today;” “Your honor, i[sic] object! This is way too boring.... Somebody get me outta here;” and on the day of the verdict, “Guilty :)” did not constitute bias or misconduct)

• Other activities could potentially disrupt the integrity of the proceedings or end in a mistrial.

– Juror removed from a trial after attempting to friend the defendant on Facebook.

– Juror removed for inflammatory postings (the defendant was “presumed guilty”; she wanted to be in contact with the defendant after the trial; “I want to punch” a fellow juror for cracking her knuckles).

– Juror tweeting about trial contributed to overturning of death penalty conviction.

– Reporter’s tweeted photos of juror led to mistrial. 11

Commonwealth v. Werner, 967 N.E.2d 159 (Mass. App. 2012) • After conviction, defense attorney discovered a juror had made Facebook

postings during the trial and had friended three fellow jurors. Counsel argued that they may have been exposed to extraneous influences during deliberations.

– “Superior Court in Brockton picks me ... for the trail [sic ]. The[y] tell us the case could go at least 1 week. OUCH OUCH OUCH.” Juror B's wife replied, “Nothing like sticking it to the jury confidentiality clause on Facebook.... Anyway, just send her to Framingham quickly so you can be home for dinner on time.”

• Court found trial judge did not err in concluding that the postings contained no case-specific information and showed no evidence of extraneous influence –instead involving the type of “attitudinal expositions” on jury service, protracted trials, and guilt or innocence that fall far short of the prohibition against extraneous influence.

• Defendant could offer only unsupported speculation that the desired subpoenaed documents might include previously undisclosed communications of extraneous information to the jurors.

Wilgus v. F/V Sirius, Inc., 665 F. Supp.2d 23 (D. Me. 2009)

• Four days after the jury returned a defense verdict on the plaintiffs' claims for personal injury and wrongful death stemming from a sunken vessel, the plaintiffs' lawyer received an e-mail from one of the jurors about the plaintiff’s alleged explicit endorsement of drugs.

• The juror explained that he had found information about the plaintiffs on Facebook after sending the plaintiffs friend requests, which the plaintiffs apparently accepted.

• Court found that the juror did not discover information during trial or deliberations in plaintiffs' action, and thus, did not commit juror misconduct requiring new trial.

Jury Instructions

Jury instructions have been amended in recent years to inform juries about socialmedia activities.

• Florida Supreme Court amended the Standard Jury Instructions in civil and criminal cases:

– “In this age of electronic communication, I want to stress that you must not use electronic devices or computers to talk about this case, including tweeting, textingblogging, e-mailing, posting information on a website or chat room, or any other means at all. Do not send or accept any messages, including e-mail and text messages, about your jury service. You must not disclose your thoughts about your jury service or ask for advice on how to decide any case.”

• New Jersey state courts amended their Model Civil Jury Instruction: – “You also should not attempt to communicate with others about the case, either

personally or through computers, cell phones, text messaging, instant messaging, blogs, Twitter, Facebook, Myspace, personal electronic and media devices or otherforms of wireless communication.”

Disclosure of Juror's Social Media Content

Juror Number One v. Superior Court of Sacramento County, 2012 WL 1959466 (Cal. App. May 31, 2012)

• Following a criminal trial that ended in conviction, the court learned that one of the jurors (Juror Number One) had made multiple Facebook posts during the trial. The convicted defendants originally sought copies of the postings.

• The judge conducted an evidentiary hearing and issued an order requiring Juror Number One to execute a consent form authorizing Facebook to release to the court for in camera review all items he posted during the trial. Juror Number One filed an objection.

Juror Number One v. Superior Court of Sacramento County, 2012 WL 1959466 (Cal. App. May 31, 2012)

• Court concluded that Juror Number One failed to establish that the court's order exceeded its power to inquire into alleged juror misconduct.

• Court found that while it might be a SCA violation to subpoena the records from Facebook directly, the compulsion here was on Juror Number One and under basic discovery principles, where a party to the communication is also a party to the litigation, it is within the power of a court to require his or her consent to disclosure on pain of sanctions.

• Court rejected the Juror's argument that disclosure would violate his privacy rights. The court stated that Juror Number One had not shown he had any expectation of privacy in the posts and, in any event, those privacy rights did not trump the convicted defendant's right to a fair trial free from juror misconduct.

16 26967503

Ethics, Privilege & the Digital Age by Pery D. Krinsky

KRINSKY, PLLC212.NY.ETHICS

WWW.NEWYORKETHICS.COM

WWW.ISITETHICAL.COM

“ETHICS, PRIVILEGE & THE DIGITAL AGE”PERY D. KRINSKY, ESQ.

Advertisement is defined as: “any public or privatecommunication made by or on behalf of a lawyer orlaw firm about the lawyer or law firm’s services, theprimary purpose of which is for the retention of thelawyer or law firm. It does not includecommunications to existing clients or other lawyers.”See N.Y.R.P.C. 1.0(a).

• Prohibition against attorneysusing false, deceptive ormisleading advertisements.

• Prohibition against attorneysusing client testimonialsconcerning pending matters.

• Prohibition against attorneysusing nicknames, mottos,monikers or trade namesthat would suggest an abilityto obtain results.

See N.Y.R.P.C. 7.1.

CONSIDER:

• N.Y.S.B.A. Op. 848 (2010) (Concluding, inter alia, that indetermining whether a newsletter is an advertisement,three factors must be considered: 1) the content; 2) thepurpose of the communication; and 3) the intendedaudience).

• N.Y.S.B.A. Op. 834 (2009) (Pursuant to Rule 7.1(e)(3), “anadvertisement that contains a client testimonial orendorsement must also contain the disclaimer: “Priorresults do not guarantee a similar outcome”).

• N.Y.S.B.A. Op. 921 (2012) (An attorney advertisement thatstates, without more, that the attorney can “stop” aforeclosure proceeding is false, misleading and deceptiveand, thus, an accompanying Rule 7.1(e)(3) disclaimerwould be required).

C“Some communications by a law firm that mayconstitute marketing or branding are not necessarilyadvertisements. For example, pencils, legal pads,greeting cards, coffee mugs, T-shirts or the likewith the law firm name, logo, and contactinformation printed on them do not constitute‘advertisements’ within the definition of this Rule iftheir primary purpose is general awareness andbranding, rather than the retention of the law firmfor a particular matter.” See N.Y.S.B.A. cmt. [8] toN.Y.R.P.C. 7.1 (emphasis added).

WHAT IS (POSSIBLY) NOT

ATTORNEY ADVERTISING?• N.Y.S.B.A. Op. 918 (2012) (“A lawyer, having produced and

posted an internet video designed to educate lay individuals abouta legal subject, may ethically distribute flyers to members of thepublic inviting them to view that video.” However, if the video orthe flyers include statements that suggest that the viewers shouldhire the lawyer, then the video is subject to the Rules governingattorney advertising and solicitation.).

• N.Y.S.B.A. 967 (2013) (An attorney who publishes a blogdevoted to work-life balance and does not, in fact, discuss legaltopics and whose primary purpose is not retention is notconsidered an advertisement; and, therefore, the attorney’s blog isnot governed by the attorney advertising Rules, notwithstandingthe fact that the author makes clear that she is an attorney in thetitle of the blog).

C“(e) A lawyer or law firm may utilize adomain name for an internet web site thatdoes not include the name of the lawyer oflaw firm provided:

(1) All pages of the web site clearly andconspicuously include the actual nameof the lawyer or law firm;

(2) The lawyer or law firm in no wayattempts to engage in the practice oflaw using the domain name;

(3) The domain name does not imply anability to obtain results in a matter;and

(4) The domain name does not otherwiseviolate these Rules.”

See N.Y.R.P.C. 7.5(e);N.Y. City Bar Op. 2003-01 (2004)

Solicitation is defined as: “any advertisement initiated by or onbehalf of a lawyer or law firm that is directed to, or targeted at, aspecific recipient or group of recipients, or their family members orlegal representatives, the primary purpose of which is the retentionof the lawyer or law firm, and a significant motive for which ispecuniary gain. It does not include a proposal or other writingprepared and delivered in response to a specific request of aprospective client.”

Exceptions Include: close friends, relatives, former clients orexisting clients.

See N.Y.R.P.C. 7.3; Judiciary Law § 479; Judiciary Law § 482.

A lawyer may not participate in aweb site that sends inquiries fromprospective clients to subscribinglawyers, where the subscribinglawyers pay a fee and the serviceprovider analyzes the inquiry andselects the appropriate lawyerbecause the website, in exchangefor a fee, cannot carry outactivities that in a non-web settingwould constitute a prohibitedsolicitation or referral. SeeN.Y.S.B.A. Op. 799 (2006).

“A lawyer may use an e-mail service provider thatconducts computer scansof e-mails to generatecomputer advertising,where the e-mails are notreviewed by or provided toother individuals.”See N.Y.S.B.A. Op. 820(2008).

It is ethically improper for a lawyer to pay amarketing company a fee in exchange for receivinga bundle of pre-screened client “leads” for potentialclients who may need legal assistance in connectionwith their Federal income taxes, insofar as thepayments to the marketing company wouldconstitute compensation in return for recommendingand/or obtaining employment by a client.See N.Y.S.B.A. Op. 779 (2004).

“It is ethically permissible for anattorney or law firm to purchase a listof names to whom emails from the firmwill be sent, offering each recipient theopportunity to join the law firm's emailnewsletter distribution, which offersinformation about current legal topicsand invitations to attend educationalseminars provided by the firm,provided there is no solicitation forutilization of the firm’s legal services.”

See N.Y.S.B.A. Op. 947 (2012).

Committee concluded that an attorney may advertisehis/her legal services on a website that offers a “deal ofthe day” or “group coupon,” because the website doesnot individually contact the consumers and does notrefer a potential client to a certain lawyer – but rather,it “carrie[s] a particular lawyer’s advertising messageto interested consumers and has charged a fee for thatservice.” See N.Y.S.B.A. Op. 897 (2011).

“A blog written by an attorney that does not discuss legaltopics and whose primary purpose is not the retention ofthe lawyer is not an advertisement, and would thus not besubject to the retention and preservation rules for lawyeradvertising, even though the title of the blog makes clearthat the author is an attorney.” N.Y.S.B.A. Op. 967(2013).

C• “Offering a prize offer to join an

attorney’s social network is notprohibited by the Rules ofProfessional Conduct as long as theoffer does not constitute illegalconduct.”

• If the attorney’s intention behindoffering the prize is the retention ofthe attorney’s legal services, then itmust conform to N.Y.R.P.C. 7.1, andother Rules governing attorneyadvertising.

• If it is an advertisement that alsoconstitutes “solicitation,” then it issubject to the provisions of Rule 7.3.

See N.Y.S.B.A. Op. 873 (2011).

• A lawyer may post general answers,rather than individually targetedadvice in response to legal inquiriesfrom persons on interactive or real-time social networking sites.

• However, the lawyer may not solicitinquirers unless they comply with therequirements of, inter alia, N.Y.R.P.C.7.3.

• In the event that an inquirer requeststhe legal services of the lawyer, thelawyer may privately respond with awritten proposal – not through thewebsite – so that other users of thesocial site cannot view the proposal.

See N.Y.S.B.A. Op. 899 (2011).

CNY City Bar Opinion 2010-2 (2010):

Obtaining Evidence from Social Networking Websites

Whether a lawyer or his/her agent can contact anunrepresented person through a social networking siteand request permission to access their personalinformation on the site that is not otherwise accessible.

A lawyer may contact such a person (e.g. send a friendrequest), directly or through an agent, as long as they areopen and honest.

It is impermissible to use trickery to access suchinformation belonging to an unrepresented person.

• “A lawyer who represents a client in apending litigation, and who has accessto the Facebook or MySpace networkused by another party in litigation, mayaccess and review the public socialnetwork pages of that party to searchfor potential impeachment material.”

• Attorney does not violate N.Y.R.P.C.4.1, N.Y.R.P.C. 8.4, or N.Y.R.P.C.5.3(b)(1), provided that the lawyerdoes not “friend” the other party orinstruct an agent to do so.

See N.Y.S.B.A. Op. 843 (2010).

C• Lawyer requested a continuance due to the apparent death of a relative;

however, the Judge caught the lawyer in a lie when she saw that thelawyer had posted on her Facebook page statuses of her week of drinking,going out and partying. Molly McDonough, “Facebooking Judge CatchesLawyer In Lie,” ABA Journal (available athttp://www.abajournal.com/news/article/facebooking_judge_catches_lawyers_in_lies_crossing_ethical_lines_abachicago/).

• Judge reprimanded a lawyer for calling opposing counsel a “chicken” onhis blog for requesting a continuance; Judge called the attorney’s conduct“juvenile, obnoxious, and unprofessional” and intended to send his rulingto the state bar association; and the attorney subsequently resigned. PamSmith, “Judge Reprimands Temp Prosecutor for Personal Blog,” Law.com(Apr. 28, 2006) (available athttp://www.law.com/jsp/law/LawArticleFriendly.jsp?id=1146139204085).

• Attorney publicly reprimanded for posting disparaging remarks about ajudge on a popular local legal blog. Fla. Bar v. Conway, 996 So.2d 313(Fla. 2008).

Attorney may advise client to turn their socialmedia privacy settings on and advise a client ofwhat should or should not be posted on theirsocial media sites, provided that the attorney doesnot violate the New York Rules of ProfessionalConduct or any other law regarding preservationand/or spoliation of evidence. See N.Y.C.L.A.Op. 745 (2013).

“Confidential Information”:“Information gained during or relating to the representationof a client, whatever its source, that is (a) protected by theattorney-client privilege, (b) likely to be embarrassing ordetrimental to the client if disclosed, or (c) information thatthe client has requested be kept confidential.”

Eli Lilly & Co. was involved in confidential negotiations withthe Federal Government when one of its lawyers intended toforward confidential information regarding such negotiationsto its co-counsel, but accidentally sent the email to a NewYork Times reporter with the same last name. Unfortunately,the email’s auto-complete function used the reporter’s emailaddress rather than co-counsel. The reporter used theinformation for a front-page story in the New York Times.See Debra Cassens Weiss, “Did Lawyer’s E-Mail Goof Land$1B Settlement On NYT’s Front Page?,” ABAJournal (Feb. 6,2008). K

• Plaintiff’s counsel inadvertently directed some emails to its client’sformer work email address, which was still maintained andmonitored by the client’s former employer (i.e., Defendant). In-house counsel for Defendant reviewed the email chain inadvertentlyforwarded by plaintiffs’ counsel and used information in thoseemails to assert a counterclaim against the plaintiffs.

• The District Court granted a temporary protective order that, interalia: disqualified Defendant’s outside counsel; disqualified the in-house counsel who reviewed the privileged communication andordered that Defendant remove another in-house counsel from“day-to-day” management of the case; Defendant dismissed itscounterclaim without prejudice.

Terraphase Engineering, Inc. v. Arcadis, U.S., Inc., No. C-10-04647(N.D. Cal. Dec. 17, 2010).

Lenz v. Universal Music Corp., 2010 WL 4286329 (N.D. Cal. Oct.22, 2010):

• Plaintiff made various disclosures to third parties regardingconfidential communications with her attorney, specificallyrelating to her motivations for pursuing the action, her legalstrategies, and “core allegations.” Such disclosures were made viaemails, electronic chats with online friends, and on her personalblog. Defendant moved to compel the production of documentsbased upon a waiver of attorney-client privilege.

• The Court held that the Plaintiff voluntarily waived theattorney-client privilege as to her motivations for pursuingthe case and her legal strategies by discussing with thirdparties matters related to attorney-client communicationsthrough email and instant messaging.

Court determined that communications transmitted betweenattorney and client-employee over defendant-employer's e-mail system were not protected by the attorney-clientprivilege, particularly because defendant-employer had a“no personal use” e-mail policy and provided notice to itsemployees that the employer monitors the email system,which diminished any reasonable expectation of privacy.Scott v. Beth Israel Med. Ctr., 17 Misc.3d 934 (Sup. Ct.New York Co., 2007).

EVADING E-DISCOVERY

SPOLIATION OF EVIDENCE

SANCTIONS

See e.g., State Farm Mut. Auto. Ins. Co.v. Grafman, 2011 WL 1869387 (E.D.N.Y.Apr. 4, 2011); Liberman v. FedExGround Package Sys., Inc., 2011 WL145474 (E.D.N.Y. Jan. 18, 2011).

In a wrongful death action, the $10million verdict was reduced by half andthe Court imposed sanctions against theattorney in the amount of $542,000 forinstructing his client to “clean up” hisFacebook page and $180,000 against theclient for deleting 16 photos thendeactivating the account. Furthermore,the plaintiff’s attorney certified in theirdocument production responses that theplaintiff did not hold a Facebookaccount. Lester v. Allied Concrete Co.,Nos, CL08-150, CL09-223 (Va. Cir.Oct. 21, 2011).

Court concluded that transactional attorneys representing amortgage company had an ethical duty to preserve emailsrelating to their representation and by failing to preservesuch emails, the Court scheduled an evidentiary hearing asto whether an adverse inference can be drawn from theattorneys’ spoliation and whether additional sanctions arewarranted. F.D.I.C. v. Malik, 2012 WL 1019978 (E.D.N.Y.Mar. 26, 2012).

CCaraballo v. City of New York, 2011Slip. Op. 30605 (Sup. Ct. RichmondCo. Mar 4, 2011):

• Defendant/Third-Party Plaintiff soughtto compel Plaintiff to provide access tohis “current and historical Facebook,Myspace and Twitter pages andaccounts, including all deleted pagesand related information.”

• Court denied the motion to compel,holding that the discovery demand was“overly broad” and theDefendant/Third-Party Plaintiff “failedto establish a factual predicate withrespect to the relevancy of theinformation the sites may contain.”

Crispin v. Christian Audigier, 717 F. Supp.2d 965 (C.D. Cal.2010):

• The defendants served subpoenas on social media providersFacebook, MySpace, and Media Temple, seeking allcommunications between Plaintiff and Defendant, as well asany communications referencing the co-defendants.

• The Court held that social networking and web hostingproviders are protected from discovery under the StoredCommunications Act of 1986 (SCA) as ElectronicCommunication Services (ECS) and Remote ComputingServices (RCS) providers may consider social mediaprotected, based on the provider’s privacy controls and theindividual user’s privacy settings.

• People v. Harris, 36 Misc.3d 613 (N.Y.Crim. Ct. Apr. 20, 2012) (Court held that thedefendant had no standing to challenge thesubpoena served upon Twitter and that thedefendant had no reasonable expectation ofprivacy as to his Twitter Account).

• United States v. Meregildo, 883 F. Supp.2d523, 526 (S.D.N.Y. 2012) (holding that“[w]here Facebook privacy settings allowviewership of postings by ‘friends’ theGovernment may access them through acooperating witness who is a ‘friend’without violating the Fourth Amendment”because the Defendant “had no justifiableexpectation that his ‘friends’ would keep hisprofile private”).

• N.Y.S.B.A. Op. 749 (2001) (Concluding that the use ofsophisticated software that secretly examines and traces opposingcounsel’s e-mails and other electronic documents would allowusers to gain access to confidential communications pertaining toan attorney’s representation of a client; and therefore, the use ofsuch computer software is improper).

• N.Y.S.B.A. Op. 782 (2004) (Concluding that lawyers have a dutyto use reasonable care when sending documents via e-mail inorder to prevent the inadvertent disclosure of metadata reflectingconfidential information).

• Matter of Michael T. Hursey, 2011 WL6355140 (Sup. Ct. S.C., Dec. 19, 2011)(attorney disbarred for, inter alia, postinginappropriate content containing nudity,lewdness, and drug references on hisMySpace page, which included his lawfirm’s name and address).

• In re Disciplinary Proceedings AgainstPeshek, 334 Wis. 2d 373 (Sup. Ct. Wisc.,June 24, 2011) (attorney reciprocallysuspended for 60 days for postingconfidential information pertaining to herclients and demeaning remarks aboutjudges on her personal blog).

• Assistant public defender lost her job and was suspended fromthe practice of law for 60 days for posting confidentialinformation and inappropriate comments on her personal blog.

• Attorney referred to clients by either first name or jailidentification number.

• Attorney revealed on her blog that the client lied to the judgeby claiming that she was not addicted to methadone.

• Attorney referred to a judge as “Judge Clueless,” and madeother disparaging remarks about the judge.

See In the Matter of Peshek, Ill. Atty. Reg. and Disc. Comm., 09CH 89 (Aug. 25, 2009), Ill. S. Ct. M.R. 23794 (May 18, 2010).

The New York Rules of ProfessionalConduct do not prohibit an attorney fromcriticizing another attorney on a blog,provided that the comments/criticismsbeing published are factually accurate.See N.Y.S.B.A. Op. 912 (2012).

In Oklahoma Bar. Assoc. v. McTeer, 2013 OK 5 (Sup.Ct. Okla. Jan. 14, 2013), an attorney resigned from thepractice of law after it was discovered that she took anduploaded photos of herself and her boyfriend on herFacebook page hours after he escaped from prison.Investigators believe that these pictures may provideenough evidence to charge the attorney with harboring afugitive. K

By demonstrating that victim had posted on her social networkingsite pictures of herself skiing that postdated her automobileaccident, made sufficient showing that portion of victim'swebpage that was blocked by privacy setting might contain otherevidence relevant to defense of lawsuit, and that allowingdefendants access to this portion of victim's webpage wasreasonably calculated to lead to discovery of relevant information.

Richards v. Hertz Corp., 2012 WL 5503841 (2d Dept. Nov. 14,2012).

• What is attorney misconduct?

Illegal conduct that adversely reflects on the lawyer’s honesty,trustworthiness or fitness as a lawyer;

Conduct involving dishonesty, fraud, deceit or misrepresentation;

Conduct prejudicial to the administration of justice; or

Any other conduct that adversely reflects on the lawyer’s fitnessas a lawyer.

• What is an attorney’s duty to report misconduct?

A lawyer who knows that another lawyer has engaged in conductthat raises a substantial question as to that lawyer’s honesty,trustworthiness or fitness as a lawyer shall report such knowledgeto a tribunal or other investigative authority.

See N.Y.R.P.C. 1.0(k); N.Y.R.P.C. 8.3; N.Y.R.P.C. 8.4.

• Discipline: public censure,suspension, disbarment, etc.

• Monetary Sanctions.

• Malpractice Claims.

• Bad Press/Online Reviews.

See 22 N.Y.C.R.R. Part 130; 28 U.S.C. § 1927; Fed. R. Civ. P. 11; 22 N.Y.C.R.R.Part 603 (1st Dept.); 22 N.Y.C.R.R. Part 691 (2d Dept.); 22 N.Y.C.R.R. Part 806 (3dDept.); 22 N.Y.C.R.R. Part 1022 (4th Dept.).

N.Y. Eth. Op. 709. Use of Internet to Advertise and to Conduct Law Practice Focusing on

Trademarks; Use of Internet E-Mail; Use of Trade Names

TOPIC: USE OF INTERNET TO ADVERTISE AND TO..., NY Eth. Op. 709 (1998)

NY Eth. Op. 709 (N.Y.St.Bar.Assn.Comm.Prof.Eth.), 1998 WL 957924

New York State Bar Association Committee on Professional Ethics

TOPIC: USE OF INTERNET TO ADVERTISE AND TO CONDUCT LAW PRACTICE FOCUSING ON TRADEMARKS; USE OF INTERNET E-MAIL; USE OF TRADE NAMES

Opinion Number 709 September 16, 1998

DIGEST: Attorney may operate and advertise a trademark practice over the Internet, as long as attorney complies with (a) the Code’s obligations to check client conflicts; (b) court rules requiring the posting of a statement of Client’s Rights and Responsibilities; (c) the obligation to preserve client confidences by assuring that use of e-mail is reasonable; and (d) the Code’s advertising rules and perhaps those of other jurisdictions. The attorney may not engage in or advertise a more limited form of trademark business under a trade name if the business constitutes the practice of law.

*1 CODE: DR 1-102(A), DR 2-101, DR 2-101(B), DR 2-102, DR 2-102(B), DR 2-102(D), DR 2-101(F), DR 2-103(A), DR 2-106, DR 3-101(B), DR 4-101(A), DR 4-101(B), Canon 6, EC 2-10, EC 2-13, EC 3-5, EC 3-9, EC 4-1, EC 8-3

QUESTIONS

An attorney plans to create an Internet web site in connection with a business that will conduct trademark searches, render legal opinions on availability of trademarks, and file and prosecute applications to register trademarks. The web site will have the capability to take orders from clients from all over the country on the Internet, and charge their credit cards a pre-determined fee for each applicable service. The attorney will speak to clients by telephone when they request a legal opinion, but will otherwise rely on unencrypted Internet e-mail to communicate with clients. We address the following questions in connection with this proposed conduct: 1. May an attorney make his or her services available through the Internet, including taking orders for conducting trademark searches, communicating with clients using Internet e-mail, conducting trademark searches, rendering legal opinions on trademark availability, filing trademark applications, and charging clients by credit card? 2. May an attorney advertise on the Internet utilizing a web site accessible throughout the United States where the attorney is licensed to practice law only in New York? *2 3. May an attorney licensed to practice only in New York render legal opinions to non-residents of New York, and if not, may the attorney limit his or her services to performing trademark searches and filing trademark applications on behalf of clients who reside outside of New York, since such services may be performed by non-lawyers? 4. May the attorney operate his or her practice under a trade name as well as his or her own name (e.g., advertising and operating under the trade name “The Trademark Store”) and also state that The Trademark Store is operated by the “Law Offices of ____”)? If the attorney only performs the trademark searching and filing services that may be performed by non-lawyers, and does not render legal opinions, may the attorney operate the business under a trade name without using his or her own name? 1. Legal Practice on the Internet There is no express provision in the Lawyer’s Code of Professional Responsibility (the “Code”) that addresses practicing law over the Internet. The Committee believes that using the Internet to take orders for trademark searches, conduct trademark searches, render legal opinions and file trademark applications is analogous to conducting a law practice by telephone or facsimile machine and is likewise permissible, subject to the same restrictions applicable to communication by those means. Some issues peculiar to practice on the Internet warrant additional comment, however.

A. Statement of Client’s Rights and Responsibilities New York’s court rules require the posting of a Statement of Client’s Rights and Responsibilities in a lawyer’s office, and apply by their terms to any attorney who has an office in the state. 22 N.Y.C.R.R. § 1210.1. As a result, such rules may apply even where the attorney-client relationship is conducted exclusively through the Internet and the lawyer does not typically meet clients in the lawyer’s office. In such circumstances it would be prudent for the attorney to achieve substantial compliance with the terms of the rule (requiring posting of the Statement in the office “in a manner visible to clients”) by including the full text of the Statement on the attorney’s web site. B. Conflicts Checks Next, DR 5-105(E) provides that New York lawyers must maintain a system of keeping records of prior engagements and checking them before undertaking a new matter to assure that the attorney will not violate DR 5-105’s and DR 5-108’s prohibitions on conflicting engagements. Practicing law for clients by means of the Internet does not give rise to any exemption from this fundamental obligation to avoid conflicts and not to undertake a new representation without checking to assure that it does not create an impermissible conflict. See generally N.Y. State 664 (1994) (requiring conflicts check by lawyer providing specific legal advice to clients by means of “900” telephone service). We recognize, however, that a conflicts check is not required where the attorney’s interaction is limited to providing general information of an educational nature, no confidential information is obtained from a client and no specific advice tailored to a client’s particular circumstances is rendered. Id.; cf. N.Y. 625 (1992); N.Y. State 636 (1992). In such circumstances, the recipient of such general advice need not be included in the lawyer’s records of past engagements. C. Reliability of Internet Information *3 To the extent that the attorney in performing legal research for clients relies on information obtained from searching of Internet sites, the attorney’s duty under Canon 6 to represent the client competently requires that the attorney take care to assure that the information obtained is reliable. D. Use of Internet E-Mail As to the attorney’s use of Internet e-mail to communicate with clients, we note that the fiduciary relationship between an attorney and client requires the preservation of confidences and secrets, EC 4-1, and an attorney is prohibited from “knowingly” revealing a client confidence or secret. DR 4-101(B). Significantly, the Code expressly requires attorneys to “exercise reasonable care” to prevent others at his or her firm from disclosing a client’s confidences or secrets, DR 4-101(D), and EC 4-4 provides that a “lawyer should endeavor to act in a manner which preserves the evidentiary privilege; for example, the lawyer should avoid professional discussions in the presence of persons to whom the privilege does not extend.” It is fair to state that an attorney has a duty to use reasonable care to protect client confidences and secrets; whether the use of Internet e-mail is consistent with that duty depends upon the likelihood of interception. Other ethics committees that have considered this or analogous issues have reached inconsistent conclusions. Compare Az. Op. 97-04 (e-mail may pose a risk to confidentiality); Iowa Op. 96-1 (attorneys must obtain waiver from clients as to e-mail security risk); N.Y. City 94-11 (advising that an attorney should use caution and consider security measures when speaking to a client via cordless or cellular telephone because of the risk that the client’s confidences or secrets may be overheard); with D.C. Op. 281 (1998) (no per se rule barring use of unencrypted internet e-mail to transmit client confidences); South Carolina Op. 97-08 (examining the privacy of Internet communications in view of current technology and laws prohibiting interception or monitoring of e-mail communications, and concluding that Internet users may have a reasonable expectation of confidentiality); Vt. Op. 97-5 (e-mail may pose no risk to confidentiality). The Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. §§ 2510 et seq., criminalizes the interception of e-mail transmissions and also appears to mitigate the risk of loss of the evidentiary privilege. 18 U.S.C. § 2517(4) ( “[n]o otherwise privileged wire, oral, or electronic communication intercepted in accordance with, or in violation of, the provisions of [the ECPA] shall lose its privileged character”). Similarly, in 1998 New York enacted comparable protection for the evidentiary privilege in an amendment to the CPLR.1 Although the federal and New York statutes may resolve the question of whether use of Internet e-mail waives the evidentiary privilege (a question of law outside the scope of this Committee’s jurisdiction),

at least to the extent the privilege at issue is governed by federal or New York law, the statutes do not directly resolve the lawyer’s independent ethical duty to avoid disclosure of a client’s confidences and secrets. The lawyer’s ethical duty is broader than the obligation to preserve the privilege, as the Code extends the duty of non-disclosure to client “secrets,” which are explicitly defined by the Code to encompass certain client-related information that is not protected by the evidentiary attorney-client privilege. DR 4-101(A), (B). Consequently, the recent additions in federal and state law providing that use of e-mail does not by itself jeopardize the applicability of the attorney-client privilege cannot dispose of the ethical issue. *4 In considering the ethical issue, we believe that the criminalization of unauthorized interception of e-mail certainly enhances the reasonableness of an expectation that e-mails will be as private as other forms of telecommunication. That prohibition, together with the developing experience from the increasingly widespread use of Internet e-mail, persuades us that concerns over lack of privacy in the use of Internet e-mail are not currently well founded. So far as we are aware, there is little evidence that the use of unencrypted Internet e-mails has resulted in a greater risk of unauthorized disclosure than is posed by other forms of communication that are commonly used without compromising ethical obligations, such as telephones and facsimile machines. We therefore conclude that lawyers may in ordinary circumstances utilize unencrypted Internet e-mail to transmit confidential information without breaching their duties of confidentiality under Canon 4 to their clients, as the technology is in use today. Despite this general conclusion, lawyers must always act reasonably in choosing to use e-mail for confidential communications, as with any other means of communication. Thus, in circumstances in which a lawyer is on notice for a specific reason that a particular e-mail transmission is at heightened risk of interception, or where the confidential information at issue is of such an extraordinarily sensitive nature that it is reasonable to use only a means of communication that is completely under the lawyer’s control, the lawyer must select a more secure means of communication than unencrypted Internet e-mail. A lawyer who uses Internet e-mail must also stay abreast of this evolving technology to assess any changes in the likelihood of interception as well as the availability of improved technologies that may reduce such risks at reasonable cost.2 It is also sensible for lawyers to discuss with clients the risks inherent in the use of Internet e-mail, and lawyers should abide by the clients’ wishes as to its use. E. Payment By Credit Card There is nothing in the Code prohibiting an attorney from accepting payment by credit card as long as the fee charged is not excessive and the fee arrangement does not otherwise violate any Code provision. N.Y. State 399 (1975); N.Y. State 362 (1974); see DR 2-106. The lawyer’s duty to safeguard client interests and property also requires the lawyer who accepts payment by credit card via the Internet to assure that the privacy of the client’s credit card information will be preserved. 2. Advertising on the Internet The Code’s advertising rules are intended to protect the public from false and misleading advertisements. There is no ethical distinction to be drawn among different forms of advertising directed to a general population. See, e.g., Shapero v. Kentucky Bar Assoc., 486 U.S. 466, 473 (1988) (“lawyer advertising cases have never distinguished among various modes of written advertising to the general public”); In re Koffler, 432 N.Y.S.2d 872, 875 (Ct. App. 1980) (direct mail solicitation by attorneys of potential clients is constitutionally protected commercial speech), cert. denied, 450 U.S. 1026 (1981); cf ABA Model Rule 7.2(a) (permitting advertising in “public media,” including “ a telephone directory, legal directory, newspaper or other periodical, outdoor advertising, radio or television, or through written or recorded communication”). Accordingly, we believe that advertising via the Internet -- an electronic form of public media -- is permissible as long as the advertising is not false, deceptive or misleading, and otherwise adheres to the requirements set forth in the Code. DR 2-101, DR 2-102, EC 2-10. *5 In addition to the other guidelines for lawyer advertising set forth in DR 2-101, we note that DR 2-101(F) requires retention and in some circumstances filing of advertisements with a departmental disciplinary committee, depending upon the medium used to distribute the advertisement. Thus, broadcasts must be tape recorded and preserved by the lawyer for one year; a copy of mailed advertisements must be filed as noted, and the address list retained by the attorney for a year. We conclude that an Internet web site advertisement is more analogous to a radio or TV broadcast, in which the attorney has no means of identifying the audience, than it is to a mass mailing in which the address list is within the attorney’s control. Therefore, the attorney must keep a copy of any Internet advertisement for a period of not less than one year following its last use, but need not file a copy with a departmental disciplinary committee. The copy may be maintained by the attorney in

electronic form. There is no ethical prohibition in the Code against advertising to solicit clients who reside outside the state of New York with respect to matters as to which the lawyer may competently and lawfully practice. However, any Internet advertisement should inform a potential client of the jurisdiction in which the attorney is licensed, and should not mislead the potential client into believing that the attorney is licensed in a jurisdiction where the attorney is not licensed. See DR 2-102(D); ABA/BNA Lawyers Manual on Professional Conduct 81:551 at 57 (“lawyer’s Web page should clearly identify those states in which he is licensed to practice”); South Carolina Op. 94-27 (1995) (any advertisement by a lawyer on the Internet that may reach potential clients in jurisdictions where lawyer is not admitted to practice must clearly identify the geographic limitations of lawyer’s practice or risk being deemed misleading); see also Florida Bar v. Kaiser, 397 So.2d 1132, 1133 (Fl. Sup. Ct. 1981) (lawyer engaged in unauthorized practice where his law firm’s advertisements gave the impression that he was authorized to practice in Florida).3 3. Services to Clients Outside New York DR 3-101(B) provides that a lawyer “shall not practice law in a jurisdiction where to do so would be in violation of regulations of the profession in that jurisdiction.” Thus, whether a lawyer licensed only in New York may render legal opinions over the Internet to clients who reside outside of New York depends on whether the attorney’s conduct constitutes the unauthorized practice of law in the other jurisdiction. That question is beyond the scope of this Committee’s jurisdiction, though we note that lawyers licensed in one state may appropriately render legal services to clients resident elsewhere in many circumstances. N.Y. State 375 (1975). But see Birbrower, Montalbano, Condon & Frank v. Superior Court of Santa Clara County, 70 Cal. Rptr. 2d 304, 306 (Cal. Sup. Ct. 1998) (New York firm that performed legal services in California engaged in the unauthorized practice of law in violation of California statute). We are similarly unable to opine on whether the limitation of the practice to federal trademark issues affects the applicability of state laws regarding unauthorized practice. See Charles W. Wolfram, “Sneaking Around in the Legal Profession: Interjurisdictional Unauthorized Practice by Transactional Lawyers,” 36 Tex. L. Rev. 665 (1995). *6 Finally, if an attorney licensed only in New York limits his or her services to trademark searches and filing trademark applications as non-lawyers are typically permitted to do, whether or not the attorney may provide such limited services to clients who reside outside of New York in matters arising in a non-New York jurisdiction is governed by the laws and rules of the other jurisdiction, and therefore is also beyond the scope of this Committee. 4. Use of a Trade Name for a Law Practice Operating the proposed law practice under a trade name is prohibited by the Code. DR 2-102(B) provides that “[a] lawyer in private practice shall not practice under a trade name.” See In re von Wiegen, 481 N.Y.S. 2d 40 (Ct. App. 1984) (use of phrase “The Country Lawyer” immediately below lawyer’s name is acceptable; In re Shephard, 459 N.Y.S.2d 632, 633 (3rd Dep’t 1983) (finding “The People’s Law Firm” was a prohibited trade name); In re Shapiro, 455 N.Y.S. 2d 604, 605 (1st Dep’t 1982) (finding “People’s Legal Clinic, Inc.” was a prohibited trade name). Operating the proposed law practice under a trade name, while simultaneously indicating in advertising materials that the company is operated by the attorney’s law office, is likely to be confusing and misleading to the public as to whether the company and law office are separate entities. Given the prohibition against attorneys practicing under a trade name in DR 2-102(B), whether an attorney may operate under a trade name a business limited to providing services that can permissibly be offered by non-lawyers depends on whether the attorney’s conduct constitutes the practice of law. Although certain activities may be performed by lawyers and non-lawyers alike, this Committee has previously opined that certain activities that may be performed by non-lawyers constitute the practice of law when done by attorneys. See, e.g., N.Y. State 705 (1998) (handling real estate tax reduction proceedings); N.Y. State 678 (1996) (providing divorce mediation services); N.Y. State 557 (1984) (providing accountant services). On the other hand, this Committee also has opined that an attorney may maintain a separate business that does not involve the practice of law, and operate that business under a trade name, provided that the attorney does not use the separate business as a means of soliciting legal work in violation of any statute or court rule, does not recommend that clients of the law practice purchase a product of the separate business, does not hold himself or herself out as an attorney in connection with the

separate business, and does not otherwise violate any ethical or legal rules. N.Y. State 636 (1992) (finding no per se ethical proscription to law firm establishing separate business selling will forms operating under the trade name “The Will Store” provided that the phrase was not used in conjunction with the names of the attorney principals, the business did not constitute the practice of law, and the separate business is not used to solicit legal practice); cf. N.Y. State 662 (1994) (refraining from holding oneself out as a lawyer may satisfy the literal language of N.Y. State 557, but would constitute deception in violation of DR 1-102(A)(4) where lawyer refrains in order to avoid an ethical prohibition and solicit legal work); EC 2-13 (“to avoid the possibility of misleading persons with whom a lawyer deals, a lawyer should be scrupulous in the representation of professional status”). *7 The lawyer must closely scrutinize the services provided to make certain that the services do not involve the exercise of an attorney’s professional judgment, which would constitute the practice of law. We provided the following guidance in N.Y. State 636:

[T]o the extent that the wills are individualized and offered as a specific solution to individual problems or other services requiring the professional judgment of a lawyer are rendered, the business becomes the practice of law. EC 3-5. Furthermore, if in selling such forms to individual members of the public, an employee provides assistance or advice in selecting the appropriate form or forms or in adapting their language to particular circumstances, the business becomes the practice of law.

Therefore, even though trademark searches and application filings may be performed by non-lawyers, to the extent that the attorney invokes his or her professional legal judgment in conducting searches or filing applications, the business becomes the practice of law and practicing under a trade name is prohibited.

CONCLUSION The questions are answered in accordance with this Opinion.

Footnotes 1

New CPLR § 4547 provides: No communication privileged under this article shall lose its privileged character for the sole reason that it is communicated by electronic means or because persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication.

We note that recent press reports concerning a lack of security arising from the use of Internet e-mail have not reflected interceptions of the content of e-mails, but instead the possible effect of the use of e-mail programs on the security of the contents of the files stored in a computer that is connected to the Internet. See, e.g., Denise Caruso, “Technology: As long as software code is kept secret, Internet security is at risk,” N.Y. Times, Aug. 17, 1998, at D3. The security risk at issue is wholly separate from theuse of e-mail to transmit confidential communications, as the content of e-mails is not itself intercepted, and the possible interception of the contents of stored computer files potentially occurs when a person receives an e-mail from the would-be interceptor. Should it become clear that a lawyer’s use of Internet e-mail exposes the contents of the lawyer’s computer files to a meaningful risk of unauthorized interception, lawyers will, of course, be unable to use Internet e-mail without taking steps to eliminate such risk.

We express no view as to whether Internet advertising may also be subject to the rules regulating lawyer advertising of otherjurisdictions in which the advertising appears and from which potential clients are solicited. Other states have opined that lawyers may advertise over the Internet as long as they comply with that state’s ethics and rules on advertising but have not necessarily asserted that such state’s rules apply to lawyers licensed and practicing outside that state. Utah Op. 97-10 (attorney may advertise service on web page provided that attorney complies with the state’s advertising rules); Iowa Op. 96-1 (Iowa lawyers advertising on the Web page must comply with state’s ethics rules including publication of mandatory disclosures), Penn. Op. 96-17 (law firm web site is permitted subject to state’s advertising ethics rules, including disclosures of the geographic location of the law office and recordkeeping requirements); Tenn. Op. 95-A-57 (Tennessee lawyer posting firm brochure on World Wide Web must comply with ethical rules regarding publicity); Tex. Disc. Rules of Prof. Conduct, Part 7, Comment 17 (lawyers’ Web sites are publicmedia advertisement subject to state advertising rules); see also David Bell, Internet Use Raises Ethics Questions, Cal. St. B. J. at 36-37 (April 1996) (California rule and statute on attorney advertising applies to attorneys advertising on Internet); Ethics Update, Florida Bar News, Jan. 1, 1996 (lawyers’ computer ads and industry web site on home pages are subject to Florida ethics rules on

advertisements disseminated in electronic media). In addition, at least one state opinion suggests that lawyers should publish separate, unconnected web sites for in-state and out-of-state offices of the same law firm. Iowa Op. 96-14.

End of Document

ABA Formal Op. 99-413. Protecting the Confidentiality of Unencrypted Email

PROTECTING THE CONFIDENTIALITY OF..., ABA Formal Op....

ABA Formal Op. 99-413 American Bar Association Formal Ethics Opinion 99-413

American Bar Association

PROTECTING THE CONFIDENTIALITY OF UNENCRYPTED E-MAIL

March 10, 1999

Copyright (c) by the American Bar Association A lawyer may transmit information relating to the representation of a client by unencrypted e-mail sent over the Internet without violating the Model Rules of Professional Conduct (1998) because the mode of transmission affords a reasonable expectation of privacy from a technological and legal standpoint. The same privacy accorded U.S. and commercial mail, land-line telephonic transmissions, and facsimiles applies to Internet e-mail. A lawyer should consult with the client and follow her instructions, however, as to the mode of transmitting highly sensitive information relating to the client’s representation.

The Committee addresses in this opinion the obligations of lawyers under the Model Rules of Professional Conduct (1998) when using unencrypted electronic mail to communicate with clients or others about client matters. The Committee (1) analyzes the general standards that lawyers must follow under the Model Rules in protecting “confidential client information” [FN1] from inadvertent disclosure; (2) compares the risk of interception of unencrypted e-mail with the risk of interception of other forms of communication; and (3) reviews the various forms of e-mail transmission, the associated risks of unauthorized disclosure, and the laws affecting unauthorized interception and disclosure of electronic communications. The Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail. It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of law. [FN2] The Committee concludes, based upon current technology and law as we are informed of it, that a lawyer sending confidential client information by unencrypted e-mail does not violate Model Rule 1.6(a) in choosing that mode to communicate. This is principally because there is a reasonable expectation of privacy in its use. The conclusions reached in this opinion do not, however, diminish a lawyer’s obligation to consider with her client the sensitivity of the communication, the costs of its disclosure, and the relative security of the contemplated medium of communication. Particularly strong protective measures are warranted to guard against the disclosure of highly sensitive matters. Those measures might include the avoidance of e-mail, [FN3] just as they would warrant the avoidance of the telephone, fax, and mail. See Model Rule 1.1 and 1.4(b). The lawyer must, of course, abide by the client’s wishes regarding the means of transmitting client information. See Model Rule 1.2(a).

A. Lawyers’ Duties Under Model Rule 1.6

The prohibition in Model Rule 1.6(a) against revealing confidential client information absent client consent after consultation imposes a duty on a lawyer to take reasonable steps in the circumstances to protect such information against unauthorized use

or disclosure. [FN4] Reasonable steps include choosing a means of communication in which the lawyer has a reasonable expectation of privacy. [FN5] In order to comply with the duty of confidentiality under Model Rule 1.6, a lawyer’s expectation of privacy in a communication medium need not be absolute; it must merely be reasonable. It uniformly is accepted that a lawyer’s reliance on land-line telephone, fax machine, and mail to communicate with clients does not violate the duty of confidentiality because in the use of each medium, the lawyer is presumed to have a reasonable expectation of privacy. [FN6] The Committee now considers whether a lawyer’s expectation of privacy is any less reasonable when she communicates by e-mail.

B. Communications Alternatives To E-Mail

In order to understand what level of risk may exist without destroying the reasonable expectation of privacy, this Section evaluates the risks inherent in the use of alternative means of communication in which lawyers nonetheless are presumed to have such an expectation. These include ordinary U.S. mail; land-line, cordless, and cellular telephones; and facsimile transmissions.

1. U.S. and Commercial Mail

It uniformly is agreed that lawyers have a reasonable expectation of privacy in communications made by mail (both U.S. Postal Service and commercial). This is despite risks that letters may be lost, stolen or misplaced at several points between sender and recipient. Further, like telephone companies, Internet service providers (ISPs), and on-line service providers (OSPs), mail services often reserve the right to inspect the contents of any letters or packages handled by the service. Like e-mail, U.S. and commercial mail can be intercepted and disseminated illegally. But, unlike unencrypted e-mail, letters are sealed and therefore arguably more secure than e-mail. [FN7]

2. Land-Line Telephones

It is undisputed that a lawyer has a reasonable expectation of privacy in the use of a telephone. [FN8] For this reason, the protection against unreasonable search and seizure guaranteed by the Fourth Amendment applies to telephone conversations. [FN9] It also is recognized widely that the attorney-client privilege applies to conversations over the telephone as long as the other elements of the privilege are present. [FN10] However, this expectation of privacy in communications by telephone must be considered in light of the substantial risk of interception and disclosure inherent in its use. Tapping a telephone line does not require great technical sophistication or equipment, nor is the know-how difficult to obtain. [FN11] Multiple extensions provide opportunities for eavesdropping without the knowledge of the speakers. Technical errors by the phone company may result in third parties listening to private conversations. Lastly, phone companies are permitted by law to monitor phone calls under limited conditions. Despite this lack of absolute security in the medium, using a telephone is considered to be consistent with the duty to take reasonable precautions to maintain confidentiality. [FN12]

3. Cordless and Cellular Phones

Authority is divided as to whether users have a reasonable expectation of privacy in conversations made over cordless and cellular phones. [FN13] Some court decisions reached the conclusion that there is no reasonable expectation of privacy in cordless phones in part because of the absence, at the time, of federal law equivalent to that which protects traditional telephone communications. [FN14] After the 1994 amendment to the Wiretap Statute, which extended the same legal protections afforded regular telephone communications to cordless phone conversations, [FN15] at least one ethics opinion addressed the advisability of using cordless phones to communicate with clients and concluded that their use does not violate the duty of confidentiality. [FN16] The nature of cordless and cellular phone technology exposes it to certain risks that are absent from e-mail communication. E-mail messages are not “broadcast” over public airwaves. [FN17] Cordless phones, by contrast, rely on FM and AM radio

waves to broadcast signals to the phone’s base unit, which feeds the signals into land-based phone lines. Therefore, in addition to the risks inherent in the use of a regular telephone, cordless phones also are subject to risks of interception due to their broadcast on radio signals that may be picked up by mass-marketed devices such as radios, baby monitors, and other cordless phones within range. [FN18] Further, the intercepted signals of cordless and analog cellular telephones are in an instantly comprehensible form (oral speech), unlike the digital format of e-mail communications. Similarly, cellular phones transmit radio signals to a local base station that feeds the signals into land-based phone lines. The broadcast area from the phone to the station is larger than that of a cordless phone, and receivers and scanners within range may intercept and overhear the conversation. Although the Committee does not here express an opinion regarding the use of cellular or cordless telephone, it notes that the concerns about the expectation of privacy in the use of cordless and cellular telephones do not apply to e-mail transmitted over land-based phone lines. [FN19]

4. Facsimile

Authority specifically stating that the use of fax machines is consistent with the duty of confidentiality is absent, perhaps because, according to some commentators, courts assume the conclusion to be self-evident. [FN20] Nonetheless, there are significant risks of interception and disclosure in the use of fax machines. Misdirection may result merely by entering one of ten digits incorrectly. Further, unlike e-mail, faxes often are in the hands of one or more intermediaries before reaching their intended recipient, including, for example, secretaries, runners, and mailroom employees. In light of these risks, prudent lawyers faxing highly sensitive information should take heightened measures to preserve the communication’s confidentiality.

C. Characteristics Of E-Mail Systems

The reasonableness of a lawyer’s use of any medium to communicate with or about clients depends both on the objective level of security it affords and the existence of laws intended to protect the privacy of the information communicated. We here examine the four most common types of e-mail and compare the risks inherent in their use with those of alternative means of communication, including the telephone (regular, cordless and cellular), fax, and mail. Like many earlier technologies, “e-mail” has become a generic term that presently encompasses a variety of systems allowing communication among computer users. Because the security of these e-mail systems is not uniform, the Committee here evaluates separately the degree of privacy afforded by each. As set forth below, we conclude that a lawyer has a reasonable expectation of privacy in such use. 1. “Direct” E-Mail [FN21] Lawyers may e-mail their clients directly (and vice versa) by programming their computer’s modem to dial their client’s. The modem simply converts the content of the e-mail into digital information that is carried on land-based phone lines to the recipient’s modem, where it is reassembled back into the message. This is virtually indistinguishable from the process of sending a fax: a fax machine dials the number of the recipient fax machine and digitally transmits information to it through land-based phone lines. Because the information travels in digital form, tapping a telephone line to intercept an e-mail message would require more effort and technical sophistication than would eavesdropping on a telephone conversation by telephone tap. Based on the difficulty of intercepting direct e-mail, several state bar ethics opinions and many commentators recognize a reasonable expectation of privacy in this form of e-mail. [FN22] Further, in two recent federal court decisions, the attorney-client and work-product privileges were considered applicable to e-mail communications. [FN23] The Committee agrees that there is a reasonable expectation of privacy in this mode of communication.

2. “Private System” E-Mail

A “private system” includes typical internal corporate e-mail systems and so-called “extranet” networks in which one internal system directly dials another private system. The only relevant distinction between “private system” and “direct” e-mail is the

greater risk of misdirected e-mails in a private system. Messages mistakenly may be sent throughout a law firm or to unintended recipients within the client’s organization. However, all members of a firm owe a duty of confidentiality to each of the firm’s clients. [FN24] Further, unintended disclosures to individuals within a client’s private e-mail network are unlikely to be harmful to the client. The reliance of “private system” e-mail on land-based phone lines and its non-use of any publicly accessible network renders this system as secure as direct e-mail, regular phone calls, and faxes. As a result, there is a widespread consensus that confidentiality is not threatened by its use, [FN25] and the Committee concurs.

3. On-line Service Providers

E-mail also may be provided by third-party on-line service providers or “OSPs.” [FN26] Users typically are provided a password-protected mailbox from which they may send and retrieve e-mail. There are two features of this system that distinguish it from direct and private-system e-mail. First, user mailboxes, although private, exist in a public forum consisting of other fee-paying users. The added risk caused by the existence of other public users on the same network is that misdirected e-mails may be sent to unknown users. Unlike users of private system e-mail networks who, as agents of their employers, owe a duty of confidentiality to them and, in the case of a law firm, to all firm clients, the inadvertent user owes no similar duties. [FN27] The risk of misdirection is, however, no different from that which exists when sending a fax. Further, the misdirection of an e-mail to another OSP can be avoided with reasonable care. [FN28] The second distinctive feature of e-mail administered by an OSP is that the relative security and confidentiality of user e-mail largely depends on the adequacy of the particular OSP’s security measures meant to limit external access and its formal policy regarding the confidentiality of user e-mail. Together, they will determine whether a user has a reasonable expectation of privacy in this type of e-mail. The denial of external access ordinarily is ensured by the use of password-protected mailboxes or encryption. [FN29] The threat to confidentiality caused by the potential inspection of users’ e-mail by OSP system administrators who must access the e-mail for administrative and compliance purposes is overcome by the adoption of a formal policy that narrowly restricts the bases on which system administrators [FN30] and OSP agent [FN31] are permitted to examine user e-mail. Moreover, federal law imposes limits on the ability of OSP administrators to inspect user e-mail, irrespective of the OSP’s formal policy. Inspection is limited by the ECPA to purposes “necessary to the rendition of services” or to the protection of “rights or property.” [FN32] Further, even if an OSP administrator lawfully inspects user e-mail within the narrow limits defined by the ECPA, the disclosure of those communications for purposes other than those provided by the statute is prohibited. [FN33] Accordingly, the Committee concludes that lawyers have a reasonable expectation of privacy when communicating by e-mail maintained by an OSP, a conclusion that also has been reached by at least one case as well as state bar ethics committees and commentators. [FN34]

4. Internet E-Mail

E-mail may be sent over the Internet between service users without interposition of OSPs. Internet e-mail typically uses land-based phone lines and a number of intermediate computers randomly selected to travel from sender to recipient. The intermediate computers consist of various Internet service providers or “routers” that maintain software designed to help the message reach its final destination. Because Internet e-mail typically travels through land-based phone lines, the only points of unique vulnerability consist of the third party-owned Internet services providers or “ISPs,” each capable of copying messages passing through its network. Confidentiality may be compromised by (1) the ISP’s legal, though qualified, right to monitor e-mail passing through or temporarily stored in its network, and (2) the illegal interception of e-mail by ISPs or “hackers.” [FN35]

The ISPs’ qualified inspection rights are identical to those of OSPs. [FN36] The same limits described above therefore apply to ISPs. In addition, the provider of an electronic communications service may by law conduct random monitoring only for mechanical or service quality control checks. [FN37] The second threat to confidentiality is the illegal interception of e-mail, either by ISPs exceeding their qualified monitoring rights or making unauthorized disclosures, or by third party hackers who use ISPs as a means of intercepting e-mail. Although it is difficult to quantify precisely the frequency of either practice, the interception or disclosure of e-mail in transit or in storage (whether passing through an ISP or in any other medium) is a crime and also may result in civil liability. [FN38] In addition to criminalization, practical constraints on the ability of third parties and ISPs to capture and read Internet e-mail lead to the conclusion that the user of Internet e-mail has a reasonable expectation of privacy. An enormous volume of data travelling at an extremely high rate passes through ISPs every hour. Further, during the passage of Internet e-mail between sender and recipient, the message ordinarily is split into fragments or “packets” of information. Therefore, only parts of individual messages customarily pass through ISPs, limiting the extent of any potential disclosure. Because the specific route taken by each e-mail message through the labyrinth of phone lines and ISPs is random, it would be very difficult consistently to intercept more than a segment of a message by the same author. Together, these characteristics of Internet e-mail further support the Committee’s conclusion that an expectation of privacy in this medium of communication is reasonable. The fact that ISP administrators or hackers are capable of intercepting Internet e-mail—albeit with great difficulty and in violation of federal law—should not render the expectation of privacy in this medium any the less reasonable, just as the risk of illegal telephone taps does not erode the reasonable expectation of privacy in a telephone call, [FN39]

Conclusion

Lawyers have a reasonable expectation of privacy in communications made by all forms of e-mail, including unencrypted e-mail sent on the Internet, despite some risk of interception and disclosure. It therefore follows that its use is consistent with the duty under Rule 1.6 to use reasonable means to maintain the confidentiality of information relating to a client’s representation. Although earlier state bar ethics opinions on the use of Internet e-mail tended to find a violation of the state analogues of Rule 1.6 because of the susceptibility to interception by unauthorized persons and, therefore, required express client consent to the use of e-mail, more recent opinions reflecting lawyers’ greater understanding of the technology involved approve the use of unencrypted Internet e-mail without express client consent. [FN40] Even so, when the lawyer reasonably believes that confidential client information being transmitted is so highly sensitive that extraordinary measures to protect the transmission are warranted, the lawyer should consult the client as to whether another mode of transmission, such as special messenger delivery, is warranted. The lawyer then must follow the client’s instructions as to the mode of transmission. See Model Rule 1.2(a).

[FN1]. As used in this opinion, “confidential client information” denotes “information relating to the representation of a client” under Model Rule 1.6(a), which states:

[FN2]. The Electronic Communications Privacy Act of 1986, Pub.L. No. 99-508, 100 Stat. 1848 (1986), amended the Federal Wiretap Statute of 1968 by extending its scope to include “electronic communications.” 18 U.S.C.A. § 2510, et seq. (1998) (the “ECPA”). The ECPA now commonly refers to the amended statute in its entirety. The ECPA provides criminal and civil penalties for the unauthorized interception or disclosure of any wire, oral, or electronic communication. 18 U.S.C.A. § 2511.

[FN3]. Options other than abandoning e-mail include using encryption or seeking client consent after apprising the client of the risks and consequences of disclosure.

[FN4]. See also RESTATEMENT (THIRD) OF THE LAW GOVERNING LAWYERS § 112 cmt. d (Proposed Official Draft 1998), which provides that confidential client information must be “acquired, stored, retrieved, and transmitted under systems

and controls that are reasonably designed and managed to maintain confidentiality.”

[FN5]. Whether a lawyer or a client has a reasonable expectation of privacy also governs whether a communication is “in confidence” for purposes of the attorney-client privilege. As a result, analysis under the attorney-client privilege is often relevant to this opinion’s discussion of e-mail and the duty of confidentiality. The relevance of privilege is not exhaustive, however, because of its more restrictive application in prohibiting the introduction of privileged communications between a lawyer and client in any official proceeding. In contrast to the requirement imposed by the duty of confidentiality to avoid disclosing any information “relating to the representation” of the client, see Model Rule 1.6(a), supra n. 1, the attorney-client privilege applies only to actual “communications” made “in confidence” by the client to the lawyer. See JOHN H. WIGMORE, 8 EVIDENCE § 2295 (McNaughton rev. 1961).

[FN6]. See infra Section B. It should be noted that a lawyer’s negligent use of any medium—including the telephone, mail and fax—may breach the duty of confidentiality. The relevant issue here, however, is whether, despite otherwise reasonable efforts to ensure confidentiality, breach occurs solely by virtue of the lawyer’s use of e-mail.

[FN7]. A.C.L.U. v. Reno, 929 F.Supp. 824, 834 (E.D.Pa.1996), aff’d 521 U.S. 844 (1997) (“Unlike postal mail, simple e-mail is not ‘sealed’ or secure, and can be accessed or viewed on intermediate computers between the sender and recipient (unless the message is encrypted.”).

[FN8]. Frequently, what we understand to be regular or land-line telephone conversations are transmitted in part by microwave. For example, many corporate telephone networks are hard-wired within a building and transmitted by microwave among buildings within a corporate campus to a central switch connected by land-line or microwave to a local or interstate carrier.

[FN9]. It should be noted that the ECPA preserves the privileged character of any unlawfully intercepted “wire, oral, or electronic communication.” 18 U.S.C.A. § 2517(4). The inclusion of e-mail in this provision is important for two reasons. First, implicit in this provision is the assumption that electronic communications are capable of transmitting privileged material. To argue that the use of e-mail never is “in confidence” or constitutes an automatic waiver of otherwise privileged communications therefore appears to be inconsistent with an assumption of this provision of federal law. Second, the identical federal treatment of e-mail with other means of communication long assumed consistent with the maintenance of privilege likewise is inconsistent with the assertion that the use of e-mail poses unique threats to privileged communications.

[FN10]. See Peter R. Jarvis & Bradley F. Tellam, High-Tech Ethics and Malpractice Issues 7 (1996) (paper delivered at the 22nd National Conference on Professional Responsibility, May 30, 1996, in Chicago, Illinois) (on file with its author), reported in 1996 SYMPOSIUM ISSUE OF THE PROFESSIONAL LAWYER, 51, 55 (1996) (hereafter “Jarvis & Bradley”); David Hricik, E-mail and Client Confidentiality: Lawyers Worry Too Much about Transmitting Client Confidences by Internet E-mail, 11 GEO. J. LEGAL ETHICS 459, 479 (1999) (hereafter “Hricik”).

[FN11]. See Jarvis & Tellam supra n. 10, at 57; Hricik supra n. 10, at 480.

[FN12]. See Hricik supra n. 10, at 481.

[FN13]. See, e.g., Jarvis & Tellam supra n. 10, at 59-61; Hricik supra n. 10, at 481-85. Compare Mass. Ethics Opinion 94-5 (1994) (if risk of disclosure to third party is “non-trivial,” lawyer should not use cellular phone); N.C. Ethics Op. 215 (1995) (advising lawyers to use the mode of communication that best will maintain confidential information); State Bar of Arizona Advisory Op. 95-11 (1995) (lawyers should exercise caution before using cellular phones to communicate client confidences) with United States v. Smith, 978 F.2d 171, 180 (5th Cir.1992) (finding that there may be reasonable expectation of privacy in cordless phone communications for Fourth Amendment purposes).

[FN14]. McKarney v. Roach, 55 F.3d 1236, 1238-9 (6th Cir.1995), cert. denied, 576 U.S. 944 (1995); Askin v. United States, 47 F.3d 100, 103-04 (4th Cir.1995).

[FN15]. By 1986, the protection under federal law for cellular phone communications was equal to traditional land-line telephone communications. The Communications Assistance for Law Enforcement Act, Pub.L. No. 103-414, 202(a), 108 Stat. 4279 (1994), deleted previous exceptions under the Federal Wiretap Act that limited the legal protections afforded cordless phone communications under 18 U.S.C.A. §§ 2510(1), 2510(12)(A). Existing law criminalizes the intentional and unauthorized interception of both cordless and cellular phone communications, 18 U.S.C.A. § 2511; the privileged status of

the communication preserves in the event of intentional interception, 18 U.S.C.A. § 2517(4); and bars the introduction of the unlawful interception as evidence at trial even if it is not privileged, 18 U.S.C.A. § 2515.

[FN16]. State Bar of Arizona Advisory Op. 95-11 (1995). Some commentators have argued that in light of the 1994 amendment and the recent improvements in the security of both media (including the introduction of digital cellular phones), the expectation of privacy in communications by cordless and cellular telephones should not be considered unreasonable. Jarvis & Tellam supra n. 10, at 60-61. See also Hricik supra n. 10, at 483, 485 (arguing that despite the fact that their privileged status would not be lost if cellular and cordless phone conversations were intercepted, lawyers should consider whether the cost of potential disclosure is outweighed by the benefit derived from the use of cordless or cell phones). Further, 18 U.S.C.A. § 2512 prohibits the manufacture and possession of scanners capable of receiving cellular frequencies, and cordless and cellular phone communications have been afforded greater legal protection under several recent state court decisions. See, e.g., State v. Faford, 128 Wash.2d 476, 485-86, 910 P.2d 447, 451-52 (1996) (reversing trial court’s admission of defendants’ cordless phone conversations violated state privacy act because defendants had reasonable expectation of privacy in such communication); State v. McVeigh, 224 Conn. 593, 622, 620 A.2d 133, 147 (1995) (reversing trial court’s admission of defendants’ cordless telephone conversations because such communications were within scope of state law forbidding the intentional interception of wire communications).

[FN17]. Hricik supra n. 10, at 497.

[FN18]. See United States v. Maxwell 42 M.J. 568, 576, 43 Fed.R.Evid.Serv. (Callaghan) 24 (A.F.Ct.Crim.App.1995) (holding that user of e-mail maintained by OSP was protected against warrantless search of e-mails because user had reasonable expectation of privacy in such communications, unlike cordless phone communication) aff’d in part and rev’d in part, 45 M.J. 406 (U.S. Armed Forces 1996) (expectation of privacy exists in e-mail transmissions made through OSP).

[FN19]. The risks of interception and disclosure may be lessened by the recent introduction of digital cellular phones, whose transmissions are considered more difficult to intercept than their analog counterparts. New communications technology, however, does not always advance privacy concerns. The use of airplane telephones, for example, exposes users to the interception risks of cellular telephones as well as a heightened risk of disclosure due to eavesdropping on the airplane itself. Most recently, a world-wide, satellite-based cellular telephone system called Iridium has been introduced by Motorola. The principles articulated in this opinion should be considered by a lawyer when using such systems.

[FN20]. See, e.g., Practice Guide, Electronic Communications, in ABA/BNA LAWYERS’ MANUAL ON PROFESSIONAL CONDUCT 55:403 (1996) (“[C]ourts seem to have taken it for granted that fax machines may be used [to transmit confidential information],” citing State ex rel. U.S. Fidelity and Guar. Co. v. Canady, 144 W.Va. 431, 443-44, 460 S.E.2d 677, 689-90 (1995) (holding that faxed communication was protected by the attorney-client privilege)). See also Jarvis & Tellam supra n. 10, at 61 (“[T]here seems to be no question that faxes are subject to the attorney-client privilege ... no one asserts that the use of a fax machine or the possibility of misdirection destroys any hope of a claim of privilege,” citing ABA Comm. on Ethics and Professional Responsibility, Formal Ops. 94-382 and 92-368).

[FN21]. The names for the varieties of e-mail described in this section of the opinion are based on those used by Hricik supra n. 10, at 485-92.

[FN22]. See e.g., Alaska Bar Ass’n Op. 98-2 (1998); Ill. State Bar Ass’n Advisory Op. on Professional Conduct No. 96-10 (1997); S.C. Bar Ethics Advisory Comm. Op. No. 97-08 (1997); Vermont Advisory Ethics Op. No. 97-5 (1997). See also Jarvis & Tellam supra n. 10, at 61; Hricik supra n. 10, at 502-06.

[FN23]. In re Grand Jury Proceedings, 43 F.3d 966, 968 (5th Cir.1994) (court considered e-mail messages along with other documents in work-product privilege analysis); United States v. Keystone Sanitation Co. Inc., 903 F.Supp. 803, 808 (M.D.Pa.1995) (defendants waived privileged nature of e-mail messages due to inadvertent production).

[FN24]. Hricik supra n. 10, at 487.

[FN25]. See, e.g., Alaska Bar Ass’n Op. 98-2 (1998); Ill. State Bar Ass’n Advisory Op. on Professional Conduct No. 96-10 (1997); S.C. Bar Ethics Advisory Comm. Op. No. 97-08 (1997); Vermont Advisory Ethics Op. 97-5 (1997). See also Hricik supra n. 10, at 486-87.

[FN26]. Examples include America Online (“AOL”), CompuServe, and MCI Mail.

[FN27]. Hricik supra n. 10, at 487-88.

[FN28]. If the inadvertent recipient is a lawyer, then the lawyer must refrain from examining the information any more than necessary to ascertain that it was not intended for her and must notify the sender, ABA Comm. on Ethics and Professional Responsibility, Formal Op. 92-368 (1992), an obligation that extends to information received by e-mail or fax, ABA Comm. on Ethics and Professional Responsibility, Formal Op. 94-382 (1994).

[FN29]. For a basic explanation of encryption technology, including the use of digital signatures, see Kenneth E. Russell, Dealing with Security, Encryption, and Ethics Concerns, in THE LAWYER’S QUICK GUIDE TO E-MAIL 93-105 (ABA Law Practice Management Section 1998) (“Russell”).

[FN30]. For a discussion of some additional matters such formal policies might address (deletion and retention of e-mail messages, remote checking of messages while out of office, etc.), see Russell, supra n. 29, at 104-05.

[FN31]. For example, the terms of AOL’s policy forbid access to e-mail except (1) to comply with the law, (2) to protect its own rights, or (3) to act in the belief that someone’s safety is at risk. Hricik supra n. 10, at 489.

[FN32]. 18 U.S.C.A. § 2511(2)(a)(i) (It is “not unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.”). The qualified right of interception of OSPs cannot be argued to create unique risks to the confidentiality of e-mail communications because phone companies (and other providers of wire or electronic communication services) are given identical rights under 18 U.S.C.A. § 2511(2)(a)(i)). Moreover, many commercial mail services reserve the right to inspect all packages and letters handled, yet no one suggests this diminishes the user’s expectation of privacy. See Hricik supra n. 10, at 492. It also is noteworthy that in 1998, the New York Legislature amended the state’s rules of evidence to provide that no otherwise privileged communication “shall lose its privileged character for the sole reason that it is communicated by electronic means or because persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication.” N.Y.Civ.Prac.L. & R. § 4547 (1998).

[FN33]. 18 U.S.C.A. § 2511(3)(a).

[FN34]. See, e.g., supra n. 18. See also Alaska Bar Ass’n Op. 98-2 (1998); D.C. Bar Op. 281 (1998); Ill. State Bar Ass’n Advisory Op. on Professional Conduct No. 96-10 (1997) (users of e-mail maintained by OSP have reasonable expectation of privacy despite greater risks than private network e-mail); S.C. Bar Ethics Advisory Comm. Op. No. 97-08 (1997); Vermont Advisory Ethics Op. 97-5 (1997); Jarvis & Tellam supra n. 10, at 61; Hricik supra n. 10, at 492.

[FN35]. Confidentiality also may be compromised by computer viruses, some of which have the capability of causing the user’s document to be propagated to unintended recipients. However, a virus scanning program containing up-to-date definition files will detect and clean such viruses. See generally Carnegie Mellon Software Engineering Institute’s CERT® Coordination Center Website, http://www.cert.org/index.html, for descriptions of these and other computer viruses.

[FN36]. See supra notes 30 & 31 and accompanying text.

[FN37]. 18 U.S.C.A. § 2511(2)(a)(I).

[FN38]. See 18 U.S.C.A. §§ 2511, 2701, 2702.

[FN39]. See Katz v. U.S., 389 U.S. 347, 352 (1967) (Fourth Amendment protection extended to conversation overheard by listening device attached to outside of public telephone booth).

[FN40]. See, e.g., Alaska Bar Ass’n Op. 98-2 (1998) (lawyers may communicate with clients via unencrypted e-mail; client

consent is unnecessary because the expectation of privacy in e-mail is no less reasonable than that in the telephone or fax); D.C. Bar Op. 281 (1998) (lawyers’ use of unencrypted e-mail is not a violation of duty to protect client confidences under District of Columbia Rule of Professional Conduct 1.6); Ky. Bar Ass’n Ethics Comm. Advisory Op. E-403 (1998) (absent “unusual circumstances” lawyers may use e-mail, including unencrypted Internet e-mail, to communicate with clients); New York State Bar Ass’n Comm. on Professional Ethics Op. 709 (1998) (lawyers may use unencrypted Internet e-mail to transmit confidential information without breaching the duty of confidentiality under state analogue to ABA Model Rule 1.6); Ill. State Bar Ass’n Advisory Op. on Professional Conduct No. 96-10 (1997) (lawyers may use unencrypted e-mail, including e-mail sent over the Internet, to communicate with clients without violating Rule 1.6 of the Illinois Rules of Professional Conduct; client consent is not required absent “extraordinarily sensitive” matter; expectation of privacy in e-mail is no less reasonable than that in ordinary telephone calls); N.D.St.B. Ass’n Ethics Comm. Op. 97-09 (1997) (lawyers may communicate with clients using unencrypted e-mail unless unusual circumstances warrant heightened security measures); S.C. Bar Ethics Advisory Comm. Op. No. 97-08 (1997) (finding reasonable expectation of privacy when sending confidential information by e-mail, including that sent through a private network, commercial service, and the Internet; use of e-mail to communicate client confidences does not violate South Carolina Rule of Professional Conduct 1.6); Vermont Advisory Ethics Op. 97-5 (1997) (lawyers may use unencrypted Internet e-mail to transmit confidential information without breaching the duty of confidentiality under state analogue to ABA Model Rule 1.6). Two opinions similarly endorsed e-mail as a means of communicating client confidences, but advised lawyers to seek client consent or consider the use of encryption prior to its use, unlike the present opinion: Pa. Bar Ass’n Comm. on Legal Ethics Op. 97-130 (1997) (lawyers should not use unencrypted e-mail to communicate with or about a client absent client consent); State Bar of Arizona Advisory Op. 97-04 (1996) (lawyers should caution client or consider the use of encryption before transmitting sensitive information by e-mail). Two other opinions advised lawyers to avoid the use of e-mail to communicate with or about clients: Iowa Bar Ass’n Op. 1997-1 (1997) (sensitive material should not be transmitted by e-mail—whether through the Internet, a non-secure intranet, or other types of proprietary networks—without client consent, encryption, or equivalent security system); N.C. State Bar Opinion 215 (1995) (advising lawyers to use the mode of communication that will best maintain confidential information, and cautioning them against the use of e-mail). Commentary supportive of the conclusions reached in this opinion, in addition to Hricik supra n. 10 and Jarvis & Tellam supra n. 10, include William Freivogel, Communicating With or About Clients on the Internet: Legal, Ethical, and Liability Concerns, ALAS LOSS PREVENTION JOURNAL 17 (1996) (concluding that it is not ethically or legally necessary to encrypt Internet e-mail but cautioning them in light of the absence of controlling legal authority). For a list of Web pages containing articles on e-mail and confidentiality, see Russell, supra n. 29, at 103. ABA Formal Op. 99-413 End of Document

N.Y. Eth. Op. 842. Using an Outside Online Storage Provider to

Store Client Confidential Information

TOPIC: USING AN OUTSIDE ONLINE STORAGE..., NY Eth. Op. 842 (2010)

New York State Bar Association Committee on Professional Ethics

TOPIC: USING AN OUTSIDE ONLINE STORAGE PROVIDER TO STORE CLIENT CONFIDENTIAL INFORMATION

Opinion Number 842 September 10, 2010

DIGEST: A lawyer may use an online data storage system to store and back up client confidential information provided that the lawyer takes reasonable care to ensure that confidentiality will be maintained in a manner consistent with the lawyer’s obligations under Rule 1.6. In addition, the lawyer should stay abreast of technological advances to ensure that the storage system remains sufficiently advanced to protect the client’s information, and should monitor the changing law of privilege to ensure that storing the information online will not cause loss or waiver of any privilege.

*1 Rules: 1.4.1.6(a), 1.6(c)

QUESTION 1. May a lawyer use an online system to store a client’s confidential information without violating the duty of confidentiality or any other duty? If so, what steps should the lawyer take to ensure that the information is sufficiently secure?

OPINION 2. Various companies offer online computer data storage systems that are maintained on an array of Internet servers located around the world. (The array of Internet servers that store the data is often called the “cloud.”) A solo practitioner would like to use one of these online “cloud” computer data storage systems to store client confidential information. The lawyer’s aim is to ensure that his clients’ information will not be lost if something happens to the lawyer’s own computers. The online data storage system is password-protected and the data stored in the online system is encrypted. 3. A discussion of confidential information implicates Rule 1.6 of the New York Rules of Professional Conduct (the “Rules”), the general rule governing confidentiality. Rule 1.6(a) provides as follows: A lawyer shall not knowingly reveal confidential information ... or use such information to the disadvantage of a client or for the advantage of a lawyer or a third person, unless: (1) the client gives informed consent, as defined in Rule 1.0(j); (2) the disclosure is impliedly authorized to advance the best interests of the client and is either reasonable under the circumstances or customary in the professional community; or (3) the disclosure is permitted by paragraph (b). 4. The obligation to preserve client confidential information extends beyond merely prohibiting an attorney from revealing confidential information without client consent. A lawyer must also take reasonable care to affirmatively protect a client’s confidential information. See N.Y. County 733 (2004) (an attorney “must diligently preserve the client’s confidences, whether reduced to digital format, paper, or otherwise”). As a New Jersey ethics committee observed, even when a lawyer wants a closed client file to be destroyed, “[s]imply placing the files in the trash would not suffice. Appropriate steps must be taken to ensure that confidential and privileged information remains protected and not available to third parties.” New Jersey Opinion (2006), quoting New Jersey Opinion 692 (2002). *2 5. In addition, Rule 1.6(c) provides that an attorney must “exercise reasonable care to prevent ... others whose services are utilized by the lawyer from disclosing or using confidential information of a client” except to the extent disclosure is

permitted by Rule 1.6(b). Accordingly, a lawyer must take reasonable affirmative steps to guard against the risk of inadvertent disclosure by others who are working under the attorney’s supervision or who have been retained by the attorney to assist in providing services to the client. We note, however, that exercising “reasonable care” under Rule 1.6 does not mean that the lawyer guarantees that the information is secure from any unauthorized access. 6. To date, no New York ethics opinion has addressed the ethics of storing confidential information online. However, in N.Y. State 709 (1998) this Committee addressed the duty to preserve a client’s confidential information when transmitting such information electronically. Opinion 709 concluded that lawyers may transmit confidential information by e-mail, but cautioned that “lawyers must always act reasonably in choosing to use e-mail for confidential communications.” The Committee also warned that the exercise of reasonable care may differ from one case to the next. Accordingly, when a lawyer is on notice that the confidential information being transmitted is “of such an extraordinarily sensitive nature that it is reasonable to use only a means of communication that is completely under the lawyer’s control, the lawyer must select a more secure means of communication than unencrypted Internet e-mail.” See also Rule 1.6, cmt. 17 (a lawyer “must take reasonable precautions” to prevent information coming into the hands of unintended recipients when transmitting information relating to the representation, but is not required to use special security measures if the means of communicating provides a reasonable expectation of privacy). 7. Ethics advisory opinions in several other states have approved the use of electronic storage of client files provided that sufficient precautions are in place. See, e.g., New Jersey Opinion 701 (2006) (lawyer may use electronic filing system whereby all documents are scanned into a digitized format and entrusted to someone outside the firm provided that the lawyer exercises “reasonable care,” which includes entrusting documents to a third party with an enforceable obligation to preserve confidentiality and security, and employing available technology to guard against reasonably foreseeable attempts to infiltrate data); Arizona Opinion 05-04 (2005) (electronic storage of client files is permissible provided lawyers and law firms “take competent and reasonable steps to assure that the client’s confidences are not disclosed to third parties through theft or inadvertence”); see also Arizona Opinion 09-04 (2009) (lawyer may provide clients with an online file storage and retrieval system that clients may access, provided lawyer takes reasonable precautions to protect security and confidentiality and lawyer periodically reviews security measures as technology advances over time to ensure that the confidentiality of client information remains reasonably protected). *3 8. Because the inquiring lawyer will use the online data storage system for the purpose of preserving client information - a purpose both related to the retention and necessary to providing legal services to the client - using the online system is consistent with conduct that this Committee has deemed ethically permissible. See N.Y. State 473 (1977) (absent client’s objection, lawyer may provide confidential information to outside service agency for legitimate purposes relating to the representation provided that the lawyer exercises care in the selection of the agency and cautions the agency to keep the information confidential); cf. NY CPLR 4548 (privileged communication does not lose its privileged character solely because it is communicated by electronic means or because “persons necessary for the delivery or facilitation of such electronic communication may have access to” its contents). 9. We conclude that a lawyer may use an online “cloud” computer data backup system to store client files provided that the lawyer takes reasonable care to ensure that the system is secure and that client confidentiality will be maintained. “Reasonable care” to protect a client’s confidential information against unauthorized disclosure may include consideration of the following steps: (1) Ensuring that the online data storage provider has an enforceable obligation to preserve confidentiality and security, and that the provider will notify the lawyer if served with process requiring the production of client information; (2) Investigating the online data storage provider’s security measures, policies, recoverability methods, and other procedures to determine if they are adequate under the circumstances; (3) Employing available technology to guard against reasonably foreseeable attempts to infiltrate the data that is stored; and/or (4) Investigating the storage provider’s ability to purge and wipe any copies of the data, and to move the data to a different host, if the lawyer becomes dissatisfied with the storage provider or for other reasons changes storage providers.

10. Technology and the security of stored data are changing rapidly. Even after taking some or all of these steps (or similar steps), therefore, the lawyer should periodically reconfirm that the provider’s security measures remain effective in light of advances in technology. If the lawyer learns information suggesting that the security measures used by the online data storage provider are insufficient to adequately protect the confidentiality of client information, or if the lawyer learns of any breach of confidentiality by the online storage provider, then the lawyer must investigate whether there has been any breach of his or her own clients’ confidential information, notify any affected clients, and discontinue use of the service unless the lawyer receives assurances that any security issues have been sufficiently remediated. See Rule 1.4 (mandating communication with clients); see also N.Y. State 820 (2008) (addressing Web-based email services). *4 11. Not only technology itself but also the law relating to technology and the protection of confidential communications is changing rapidly. Lawyers using online storage systems (and electronic means of communication generally) should monitor these legal developments, especially regarding instances when using technology may waive an otherwise applicable privilege. See, e.g., City of Ontario, Calif. v. Quon, 130 S. Ct. 2619, 177 L.Ed.2d 216 (2010) (holding that City did not violate Fourth Amendment when it reviewed transcripts of messages sent and received by police officers on police department pagers); Scott v. Beth Israel Medical Center, 17 Misc. 3d 934, 847 N.Y.S.2d 436 (N.Y. Sup. 2007) (e-mails between hospital employee and his personal attorneys were not privileged because employer’s policy regarding computer use and e-mail monitoring stated that employees had no reasonable expectation of privacy in e-mails sent over the employer’s e-mail server). But see Stengart v. Loving Care Agency, Inc., 201 N.J. 300, 990 A.2d 650 (2010) (despite employer’s e-mail policy stating that company had right to review and disclose all information on “the company’s media systems and services” and that e-mails were “not to be considered private or personal” to any employees, company violated employee’s attorney-client privilege by reviewing e-mails sent to employee’s personal attorney on employer’s laptop through employee’s personal, password-protected e-mail account). 12. This Committee’s prior opinions have addressed the disclosure of confidential information in metadata and the perils of practicing law over the Internet. We have noted in those opinions that the duty to “exercise reasonable care” to prevent disclosure of confidential information “may, in some circumstances, call for the lawyer to stay abreast of technological advances and the potential risks” in transmitting information electronically. N.Y. State 782 (2004), citing N.Y. State 709 (1998) (when conducting trademark practice over the Internet, lawyer had duty to “stay abreast of this evolving technology to assess any changes in the likelihood of interception as well as the availability of improved technologies that may reduce such risks at reasonable cost”); see also N.Y. State 820 (2008) (same in context of using e-mail service provider that scans e-mails to generate computer advertising). The same duty to stay current with the technological advances applies to a lawyer’s contemplated use of an online data storage system.

CONCLUSION 13. A lawyer may use an online data storage system to store and back up client confidential information provided that the lawyer takes reasonable care to ensure that confidentiality is maintained in a manner consistent with the lawyer’s obligations under Rule 1.6. A lawyer using an online storage provider should take reasonable care to protect confidential information, and should exercise reasonable care to prevent others whose services are utilized by the lawyer from disclosing or using confidential information of a client. In addition, the lawyer should stay abreast of technological advances to ensure that the storage system remains sufficiently advanced to protect the client’s information, and the lawyer should monitor the changing law of privilege to ensure that storing information in the “cloud” will not waive or jeopardize any privilege protecting the information.

End of Document

Scott v. Beth Israel Medical Center

Scott v. Beth Israel Medical Center Inc., 17 Misc.3d 934 (2007) 847 N.Y.S.2d 436, 2007 N.Y. Slip Op. 27429

KeyCite Yellow Flag - Negative Treatment Distinguished by Stengart v. Loving Care Agency, Inc., N.J.,

March 30, 2010

17 Misc.3d 934 Supreme Court, New York County, New York.

Dr. W. Norman SCOTT, Plaintiff, v.

BETH ISRAEL MEDICAL CENTER INC., and Continuum Health Partners Inc.,

Defendants.

Oct. 17, 2007.

Synopsis Background: In physician’s action against hospital relating to termination of physician’s employment with hospital, a motion was filed, by physician or his attorney, for protective order requiring hospital to return to physician all e-mail correspondence between physician and his attorney, which allegedly was in hospital’s possession because of physician’s use of hospital’s e-mail system. Hospital filed motion for protective order barring physician from obtaining discovery from hospital concerning governmental or regulatory investigation of hospital regarding alleged Medicare fraud.

Holdings: The Supreme Court, Charles E. Ramos, J., held that: [1] physician’s e-mail communications with attorney, which were stored on hospital’s e-mail server, were not confidential, for purposes of attorney-client privilege; [2] attorney work-product protection was inapplicable to the e-mail messages; [3] documents relating to Medicare fraud investigation were not relevant; and [4] documents regarding hospital’s financial condition were relevant, but relevancy was limited to three-year time period preceding termination of employment.

Physician’s motion denied; hospital’s motion

granted.

West Headnotes (9) [1]

Privileged Communications and Confidentiality

Elements in general; definition

The test for the attorney-client privilege is whether the client communicates with an attorney, in confidence, for the purpose of obtaining legal advice. McKinney’s CPLR 4503.

1 Cases that cite this headnote

Attorney and Client Client’s confidences, in general

Statute providing that no privileged

communication, including a communication protected by attorney-client privilege, shall lose its privileged character for sole reason that it is communicated by electronic means or because persons necessary for delivery or facilitation of such electronic communication may have access to content of the communication, does not absolve an attorney of his or her responsibility, as a matter of professional responsibility, to assess the risk of communicating by e-mail with a client. McKinney’s CPLR 4503, 4548.

Confidential character of communications or advice Privileged Communications and Confidentiality

Waiver of privilege

The client, as the holder of the

attorney-client privilege, and his or her attorney must protect the privileged communication; otherwise, it will be waived. McKinney’s CPLR 4503.

E-mail and electronic communication Privileged Communications and Confidentiality

Confidential character of communications or advice

Physician’s e-mail communications with his attorney, using hospital’s e-mail system, were not made in confidence, as would be required for protection under attorney-client privilege in physician’s action against hospital relating to termination of physician’s employment with hospital, where hospital’s electronic communications policy, of which physician had actual and constructive notice, prohibited personal use of hospital’s e-mail system and stated that hospital reserved the right to monitor, access, and disclose communications transmitted on hospital’s e-mail server at any time without prior notice, though physician’s employment contract required hospital to provide him with computer equipment. McKinney’s CPLR 4503, 4548.

Pretrial Procedure Documents, papers, and books in

general

E-mail messages that physician received from attorney through hospital’s e-mail system were not protected by attorney work-product privilege, in physician’s action against hospital relating to

termination of physician’s employment with hospital, though the e-mail messages contained a notice stating that the communication “may” be confidential and that attorney should be notified if anyone other than intended recipient gained access to the message. McKinney’s CPLR 3101(c).

Pretrial Procedure Work-product privilege

Attorney work-product protection is

waived when the work product is disclosed in a manner that materially increases the likelihood that an adversary will obtain the information. McKinney’s CPLR 3101(c).

Pretrial Procedure Work-product privilege

While inadvertent production of attorney

work-product generally does not waive the applicable privilege, there is an exception to that rule if the producing party’s conduct was so careless as to suggest that it was not concerned with protection of the privilege, and critical to the determination is the reasonableness of the precautions taken to prevent inadvertent disclosure. McKinney’s CPLR 3101(c).

Pretrial Procedure Medical and hospital records

In physician’s action against hospital for

termination of his employment as chairman of orthopedics department, in

which action hospital counterclaimed for breach of fiduciary duty relating to physician’s alleged refusal to participate in cost-savings plan, documents for which physician sought production from hospital, regarding hospital’s response to federal investigation of hospital’s alleged Medicare fraud, were not relevant to physician’s claim or hospital’s counterclaim; documents would not address hospital’s decision to terminate physician or the financial condition of hospital’s orthopedic surgery facility.

Pretrial Procedure Medical and hospital records

While documents regarding financial

condition of hospital and its orthopedic surgery facility, for which documents physician sought discovery in his action relating to termination in 2004 of his employment as chairman of hospital’s orthopedics department, were relevant because hospital claimed the termination was based on hospital’s and facility’s financial condition, the relevant time period for assessing hospital’s and facility’s financial condition, for purposes of hospital’s obligation to produce financial documents, did not begin in 1991, which was when physician started his employment with hospital, and instead began in 2002, which was when hospital was served with subpoenas in federal investigation of hospital’s alleged Medicare fraud, which investigation led to federal district court ordering hospital, in 2005, to pay a fine of over $72 million.

Attorneys and Law Firms

**438 Paul Weiss Rifkind Wharton & Garrison LLP (Mark H. Alcott of counsel), for plaintiff.

Kornstein Veisz Wexler & Pollard, LLP (Lawrence C. Fox of counsel), for defendants.

Opinion

CHARLES E. RAMOS, J.

*935 In motion 10,1 plaintiff Dr. Scott moves pursuant to CPLR 3103 for a protective order requiring defendants Beth Israel Medical Center and Continuum Health Partners Inc. (collectively “BI”) to return to plaintiff all e-mail correspondence between plaintiff and his attorney.2 In motion 11,3 BI moves pursuant to CPLR 3103 for a protective order barring plaintiff from obtaining discovery from BI concerning a governmental or regulatory investigation of BI. 1

This motion was originally designated sequence 5.

From the papers it is unclear whether Paul, Weiss Rifkind Wharton & Garrison LLP or Dr. Scott moves for relief. Since the client controls the privilege, CPLR 4503(a), the Court treats the motion as made by Dr. Scott.

This motion was originally designated sequence 8.

The Court presumes familiarity with the background of the case which is set forth in its prior decision dated May 12, 2006 in which the Court granted summary judgment to BI and dismissed the case rendering all other pending motions moot. By decision dated June 19, 2007, the Appellate Division, First Department, reversed and restored all six causes of action. Under the contract at issue here, BI agreed to pay Dr. Scott $14,000,000 in severance pay if he was terminated without cause. BI asserts that Dr. Scott was terminated for cause while Dr. Scott, believing that he was terminated without cause and without receiving any of the specified severance pay, commenced this action for breach of contract against BI.

Dr. Scott’s Motion for a Protective Order On August 10, 2005, BI’s counsel, Marvin Wexler of Kornstein Veisz Wexler & Pollard, LLP (“KVW”), sent a letter to plaintiff’s counsel, Stuart Kagen of Paul, Weiss Rifkind Wharton & Garrison LLP (“PW”), asserting that BI was in possession of e-mail correspondence between Dr. Scott and PW pertaining to Dr. Scott’s dispute with BI, as well as e-mails written between Dr. Scott and Cohen Lans LLP regarding a separate dispute. The letter further stated that although no one at BI had read the e-mails yet, BI believed that any potential privilege attached to the communications had been waived by use of BI’s e-mail system. Mr. Kagen responded on August 15, 2005, informing Mr. Wexler that the documents are privileged communications belonging *936 to Dr. Scott for which there had been no waiver of privilege and requesting the immediate return of the e-mails to Dr. Scott. When BI refused to return the documents, the parties called Andrea Masley, the Judge’s Court Attorney, who instructed BI to provide copies of the e-mails to Dr. Scott, place copies of the documents into a sealed envelope and bar anyone from reviewing the e-mails pending a resolution by the Court. Thereafter, Dr. Scott filed this motion for a protective order seeking the return of the documents.4

The motion was denied as moot when the casewas dismissed by decision and order dated May12, 2006. The action and motion were restoredpursuant to the Appellate Division decision ofJune 19, 2007.

Dr. Scott argues that the e-mails are privileged under both the attorney client **439 privilege and work product doctrine. BI counters that the e-mails were never protected by the attorney client privilege because Dr. Scott could not have made the communication in confidence when using BI’s e-mail system in violation of BI’s e-mail policy. BI also argues that both privileges were waived by Dr. Scott’s use of BI’s e-mail system. The e-mails in question were all written between February 2004 and August 3, 2004 using Dr. Scott’s employee e-mail address nscott@bethisrealny.org and were all sent over BI’s e-mail server.

BI’s e-mail Policy states:

This Policy clarifies and codifies the rules for the use and protection of the Medical Center’s computer and communications systems. This policy applies to everyone who works at or for the Medical Center including employees, consultants, independent contractors and all other persons who use or have access to these systems.

1. All Medical Center computer systems, telephone systems, voice mail systems, facsimile equipment, electronic mail systems, Internet access systems, related technology systems, and the wired or wireless networks that connect them are the property of the Medical Center and should be used for business purposes only.

2. All information and documents created, received, saved or sent on the Medical Center’s computer or communications systems are of the Medical Center. Employees have no personal privacy right in any material created, received, saved or sent using Medical *937 Center communication or computer systems. The Medical Center reserves the right to access and disclose such material at any time without prior notice.

This policy is contained in the BI Human Resources Policy and Procedure Manual. According to Bart Metzger Vice President of Human Resources for BI, it was available in hard copy and maintained in the office of the Administrator for each department and on BI’s intranet. Metzger Aff., Sept. 23, 2005, ¶ 4. Dr. Scott was the Chairman of the Orthopedics Department and worked closely with the administrator of that department. In 2002, BI distributed to every employee an employee handbook that contained a brief summary of the BI e-mail policy. Metzger Aff., ¶ 8. From 2002 on, newly hired doctors were required to sign a form acknowledging that they had read and were familiar with BI’s e-mail policy. Kathleen Lenhardt Aff., Oct. 8, 2005. Dr. Scott never signed such an acknowledgment and denies knowledge of the policy. Every e-mail that PW sent to Dr. Scott included the following notice:

“This message is intended

only for the use of the Addressee and may contain information that is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately.”

PW never received any notification from BI that its e-mails to Dr. Scott were monitored by BI. BI argues that Dr. Scott’s e-mails are not protected by the attorney client privilege at all as they were not made in confidence since Dr. Scott used his BI e-mail to communicate with his attorney. [1] The attorney client privilege is codified in CPLR 4503. The test for privilege is whether the client communicates with an attorney, in confidence, for the **440 purpose of obtaining legal advice. Rossi v. Blue Cross & Blue Shield, 73 N.Y.2d 588, 593, 542 N.Y.S.2d 508, 540 N.E.2d 703 (1989). [2] [3] Dr. Scott claims that the e-mails were made in confidence relying on CPLR 4548 which states:

“no communication under this article shall lose its privileged character for the sole reason that it is communicated by electronic means *938 or because persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication.”

The purpose of CPLR 4548 was to recognize the widespread commercial use of e-mail. Vincent Alexander, Practice Commentaries, McKinney’s Cons. Laws of N.Y., Book 7B, CPLR 4548. “The new CPLR provision, in effect, constitutes a legislative finding that when the parties to a privileged relationship communicate by e-mail, they have a reasonable expectation of privacy.” Id.

However, some supporters of the Bill warned that there are some types of information that are just too sensitive to be transferred over e-mail, such as confession of a crime or trade secret, and thus could not expect to retain privilege. N.Y. State Bar Assoc. Supporting Statement Jan. 24, 1997. Accordingly, this statute does not absolve an attorney of his or her responsibility to assess the risk of communicating by e-mail with a client. New York State Bar Assoc., Committee on Professional Ethics, Op. No. 782 (Dec. 8, 2004). As with any other confidential communication, the holder of the privilege and his or her attorney must protect the privileged communication; otherwise, it will be waived. For example, a spouse who sends her spouse a confidential e-mail from her workplace with a business associate looking over her shoulder as she types, the privilege does not attach. Alexander, supra. [4] Here, the Court is not prepared to determine that attorney client discussions about suing the client’s employer would rise to the same level as confessing by e-mail to a crime. However, the effect of an employer e-mail policy, such as that of BI, is to have the employer looking over your shoulder each time you send an e-mail. In other words, the otherwise privileged communication between Dr. Scott and PW would not have been made in confidence because of the BI policy. Dr. Scott relies on People v. Jiang, for the proposition that a under CPLR 4548 BI’s e-mail policy is irrelevant. 131 Cal.App.4th 1027, 33 Cal.Rptr.3d 184 (2005). Like New York CPLR 4548, California’s Evidence Code § 917(b) provides that privileged communications do not lose their privileged character because they are communicated electronically. In Jiang, defendant was committed to state prison for 19 years after his conviction for rape, among other crimes. Id. at 188. At his attorney’s request, he prepared documents which he saved on the hard drive of his laptop provided to him by his employer. Id. The prosecutor used these documents against him. Id. Jiang’s employer had an e-mail policy, which Jiang *939 signed, but it did not prohibit personal use. Id. at 198. The California Court of Appeal, Sixth Appellate District, determined that Jiang had a reasonable expectation of privacy in the documents so as to make them privileged by the attorney-client privilege. Id. at 205. Significant to the court was the fact that the

documents were never transmitted over his employer’s e-mail server. Id. at 204. Furthermore, Jiang “made substantial efforts to protect the documents from disclosure by password-protecting them and segregating them in a clearly marked and designed **441 folder” called attorney. Id. The employer’s e-mail policy was irrelevant because it was designed to protect the employer’s intellectual property not to bar personal use. Id. at 205. Although the court held that Evidence Code § 197(b) was inapplicable because there was no “ electronic transmission” of documents, it was persuasive to the court which determined that today’s technology should not destroy confidentiality. Id. at 205. See also, Curto v. Medical World Communications Inc., 2006 WL 1318387 (E.D.N.Y.2006)(upholding privilege because e-mails were sent to attorney from employee’s home office on employer issued laptop that was not connected to the employer’s e-mail system and employee deleted the e-mails before returning the laptop to her employer but employer’s forensic consultant was able to restore them). The Court rejects Dr. Scott’s argument that CPLR 4548 invalidates BI’s policy and holds that BI’s e-mail policy is critical to the outcome here. First, Jiang is not at all persuasive. The e-mail policy in Jiang is significantly different than that policy here which prohibits personal use. A “no personal use” policy combined with a policy allowing for employer monitoring and the employee’s knowledge of these two policies diminishes any expectation of confidentiality, while the policy in Jiang would not have such an effect. See, John Gergacz, Employees’ Use of Employer Computers to Communicate with Their Own Attorneys and the Attorney–Client Privilege, 10 Comp. L.Rev. & Tech. J. 269, 282 (2006). Second, CPLR 4548 does not preclude an employer from adopting a no personal use policy. Indeed, the language of the statute (“no communication ... shall lose its privileged character for the sole reason ...”) contemplates that there may be other reasons that an electronic communication may lose its privileged character. Therefore, the Court must determine whether Dr. Scott’s use of BI’s e-mail system to communicate *940 with his attorney in violation of BI’s policy renders the communication not made in confidence and thus destroys the attorney client privilege if it ever applied.

As there is no New York case on point to determine whether the communication here was made in confidence or not, we look for guidance to In Re Asia Global Crossing, which is a federal bankruptcy case virtually identical to this case and a case upon which both parties rely. In re Asia Global Crossing, Ltd., 322 B.R. 247 (S.D.N.Y.2005). See also, Long v. Marubeni America Corp., 2006 WL 2998671 (S.D.N.Y.2006)(held no attorney client privilege or work product protection for e-mails exchanged over employer’s e-mail system where employer had formal no personal use policy). In Asia Global, executives used their employer’s e-mail system to communicate with their personal attorney concerning actual or potential litigation with the employer, the owner of the e-mail system. 322 B.R. at 256. The issue in the case was identical to the issue here. Id. at 251. The Court looked at a variety of federal cases which addressed whether an employee had a reasonable expectation of privacy in his or her office e-mail,5 but where attorney client privilege was not an issue. 322 B.R. at 257–258.6 The Asia **442 Global *941 Court concluded that, the attorney-client privilege would be inapplicable if 5

An employee’s expectation of privacy is not the equivalent of whether the communication was made in confidence. John Gergacz, Employees’ Use of Employer Computers to Communicate with Their Own Attorneys and the Attorney–Client Privilege, 10 Comp. L. Rev. & Tech. J. 269, 274–75 (2006). However, the privacy cases can provide sound guidance.

Another reason to look to the Asia Global case is that unreported New York cases addressing an employee’s expectation of privacy, albeit in situations different from this case, apply the same considerations and yield the same conclusions as those federal cases reviewed by the court in Asia Global. Lacher v. Marubeni America Corp., Index No. 120807/03 (Sup. Ct., N.Y. County, 2005) (In an attorney’s action to recover legal fees, an application to seal certain e-mails recovered from computers belonging to defendants which were used by the law firm’s personnel allegedly during billable time for highly personal communication was denied because law firm personnel had no expectation of privacy in using defendant’s computers); Silverberg & Hunter, LLP v. Futterman, Index No. 992976/02 (Sup. Ct., Nassau County,

2002)(after plaintiffs/the employer terminateddefendant the employee, plaintiffs accesseddefendant’s password protected hard drive ande-mail account and determined that defendantwas serving defendant’s own clients whilebilling plaintiff’s clients; motion to suppresse-mails denied.); Cardace v. Hume, Index No.000077/02 (Sup. Ct., Nassau County, 2003)(inemployees’ breach of contract action againsttheir employer, employees sought to suppresse-mails between them showing an ongoingrelationship between them during businesshours as well as inappropriate pornographicpictures and e-mails designed to divertcustomers from the employer. Motion denied asemployees had no reasonable expectation ofprivacy in their work e-mail as well asdefendant’s legitimate interest in protectingemployees from harassment).

“(a) ... the corporation maintain[s] a policy banning personal or other objectionable use, (b) ... the company monitor[s] the use of the employee’s computer or email, (c) ... third parties have a right of access to the computer or emails, and (d) ... the corporation notif[ies] the employee, or was the employee aware, of the use and monitoring policies?” 322 B.R. at 257.

BI’s policy clearly satisfies the first requirement. The Court rejects Dr. Scott’s argument that his contract supersedes BI’s policy. Paragraph 12 of the contract provides that it will supercede conflicting BI policies. Dr. Scott argues that implicit in BI’s contractual obligation to provide computer equipment, is Dr. Scott’s right to use that equipment for personal reasons.7 However, there is no conflict where BI agreed to provide Dr. Scott with computer equipment and simultaneously regulates its use. BI has the right to regulate its workplace including the usage of its computers and resources. See Cardace v. Hume, Index No. 000077/02 (Sup.Ct., Nassau Co., 2003) (allowing for employers to monitor employee e-mails to protect employees from harassment, to prevent legal liability for hostile workplace environment or for security of trade secrets).The second requirement is satisfied because BI’s policy allows for monitoring. Although BI acknowledges that it did not monitor Dr. Scott’s e-mail, it retains the right to do so in the e-mail policy. 7

With regard to “Staffing, Space, Equipment,”paragraph 4 of the contract provides:

The Medical Center shall provide you with suitable staff, office space, equipment, supplies, utilities, janitorial service and such other services necessary for the proper functioning of the Department, including the following: (c) Your private practice area will be equipped with desks, chairs, carpeting, file cabinets, examination tables and cabinets, window treatments and medical, surgical, central sterile and pharmacy supplies as needed. You will also be provided with heat, light, power, telephone usage, custodial and maintenance services and basic computer cabling.” Under the contract, Dr. Scott’s reimbursable expenses include: “computer hardware, computer software and computer consulting service expenses.” Schedule 6b.

Dr. Scott challenges the policy of a hospital retaining the right to review its employees e-mails based in HIPAA, the *942 federal statute that protects patient health information. First, the Court rejects this argument because the e-mail at issue is **443 between Dr. Scott and his attorney has nothing to do with patients. Second, a hospital can certainly have access to its patients’ information. Dr. Scott’s suggestion otherwise is preposterous. The third Asia Global factor as to whether third parties have access to the computer or e-mails is not relevant here. The New York legislature in enacting CPLR 4548 has decided that access, or potential access, by third parties, such as “persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication” does not destroy privilege. Further, it does not appear that others could have access to Dr. Scott’s computer. Prior to his departure, Dr. Scott’s computers were located in his locked office and home. According to BI’s Chief Technology Officer, BI’s policy was to delete a departing employees’ information from the computer hardware itself, but not from the BI e-mail server. Kenneth Lobenstein Aff., Sept. 23, 2005, ¶ 3. Accordingly, the only personnel with continuing access to the e-mails at issue after Dr. Scott’s departure would be the computer staff which is addressed by CPLR 4548. The final factor is whether Dr. Scott had notice of the policy. Dr. Scott had both actual and constructive knowledge of the policy. BI disseminated its policy regarding the ownership of

e-mail on its server to each employee in 2002, including Dr. Scott and provided internet notice. See Garrity v. John Hancock Mutual Life Ins. Co., No. Civ. Action 00–12143–RWZ, 2002 WL 974676, at 1 (D.Mass., 2002)(Company e-mail policy precluded reasonable expectation of privacy despite employee’s claim that policy was hard to find on company intranet). Dr. Scott’s effort to maintain that he was unaware of the BI e-mail policy barring personal use is rejected. As an administrator, Dr. Scott had constructive knowledge of the policy. Perez Moya v. City of New York, 9 Misc.3d 332, 801 N.Y.S.2d 496 (Sup. Ct., Kings County 2005) (Superintendent’s knowledge of the residency of child imputed to the City); Polidori v. Societe Generale Group., 236 N.Y.L.J. 112 (Sup. Ct. N.Y. County 2006) (Knowledge of sexual harassment will be imputed to employer if supervisor of a sufficiently high level is aware of the harassment), affd, 39 A.D.3d 404, 835 N.Y.S.2d 80 (1st Dept.2007). He required newly hired doctors under his supervision to acknowledge in writing that they were aware of the policy. Under these circumstances, Dr. Scott is charged with knowledge of the BI e-mail policy. [5] [6] [7] *943 Alternatively, Dr. Scott argues the e-mails are privileged work product. The work product doctrine provides a qualified privilege against disclosure for materials prepared by an attorney in anticipation of litigation. CPLR 3101(c). The issue is whether the work product privilege was waived. Under New York State law, work product is waived when it is disclosed in a manner that materially increases the likelihood that an adversary will obtain the information. See Bluebird Partners, L.P. v. First Fidelity Bank, N.A., New Jersey, 248 A.D.2d 219, 225, 671 N.Y.S.2d 7 (1st Dept.1998). While an inadvertent production of a privileged work product document generally does not waive the applicable privilege, there is an exception to that rule if the producing party’s conduct “was so careless as to suggest that it was not concerned with [the] protection of [the] asserted privilege.” Critical to this determination is the reasonableness of the precautions taken to prevent inadvertent disclosure. SEC v. Cassano, 189 F.R.D. 83, 85 n. 4 (S.D.N.Y.1999). **444 Dr. Scott argues that PW’s notice included in every e-mail PW sent, which warned that the e-mails may be confidential and that it should be

notified if anyone other than the intended recipient gains access to the e-mail, is enough to take it out of the exception regarding inadvertent disclosure. However, even the New York State Bar Association has stated, “a lawyer who uses technology to communicate with clients must use reasonable care with respect to such communication, and therefore must assess the risks attendant to the use of that technology and determine if the mode of transmission is appropriate under the circumstances.” Committee on Professional Ethics, Op. No. 782 (December 8, 2004). PW’s notice cannot create a right to confidentiality out of whole cloth. The notice might be sufficient to protect a privilege if one existed. PW’s notice cannot alter the BI e-mail policy. When client confidences are at risk, PW’s pro forma notice at the end of the e-mail is insufficient and not a reasonable precaution to protect its clients.

BI’s Motion for a Protective Order BI seeks a protective order striking Dr. Scott’s discovery demand for documents concerning BI’s alleged medicare fraud. Specifically, BI seeks to strike Request No. 3 of Dr. Scott’s First Request for the Production of Documents, including its six subparts and Request 2 of Dr. Scott’s Second Set of Document Requests, including its seven subparts. BI was under investigation by the United States government regarding BI’s compliance with Medicare and Medicaid cost- *944 reporting regulations between 1991 and 2001. The federal action appears to have been initiated in 2001 and BI was served with subpoenas in 2002. On November 30, 2005, Judge Kaplan in the Southern District of New York ordered BI to pay a government fine of $72,997,481. In Request No. 3, plaintiff seeks:

Documents sufficient to show BI’s economic prospects and financial status from January 2001 through the present, including but not limited to

(a) all documents relating to any penalties, fines or reimbursements (jointly referred to as “recoveries”) incurred, paid by or sought from [BI], or any of its agents or representatives, including but not limited to recoveries incurred, paid by or sought as a result of alleged

fraudulent or otherwise illegal or improper behavior;

(b) all documents relating to the financial performance and economic prospects of the Singer Division;

(c) all documents comprising or relating to any fully or partially completed, in-progress, or contemplated financial analysis of [BI], the Singer Division or the Department of Orthopedics.

(d) all documents comprising or relating to internal or external communications by, from or to [BI] regarding Dr. Scott’s suggestions for establishing special surgery hospital facility at the Singer Division;

(e) all documents comprising or relating to BI’s claims that $10.1 million of the Singer Division 2002 loses were attributable to the Department of Orthopedics in 2002, including but not limited to all documents upon which BI based those claims.

(f) all documents comprising or relating to internal or external communications by, from or to BI regarding Dr. Scott’s request for an independent financial analysis of the Department of Orthopedics and its responsibility or lack thereof for any losses incurred at the Singer Division.

**445 At a July 14, 2005 discovery conference, BI was directed to produce financial documents from 2002 to 2004; documents concerning fines paid to government entities 2002 to 2004; and board minutes from 2002 to 2004. With regard to request 3(a), Dr. Scott was directed to narrow the document request concerning malpractice settlements. *945 The revision was made in Request 2(a) of Dr. Scott’s second document request, dated July 29, 2005, and states: 2. Documents showing BI’s economic prospects and financial status from January 1, 2001 through the present:

(a) the following documents relating to penalties, fines or reimbursements (jointly referred to as recoveries’) incurred, paid by or sought from BI or any of its agents or representatives, including

but not limited to recoveries incurred, paid by or sought as a result of alleged fraudulent or otherwise illegal or improper behavior:

(i) all communications to, from or among any Directors relating to alleged fraudulent or otherwise illegal or improper behavior;

(ii) all documents relating to any alleged fraudulent or otherwise illegal or improper behavior which was the subject of communications to from or among Directors;

(iii) all communications to or from any governmental or regulatory agency relating to alleged fraudulent or otherwise illegal or improper behavior;

(iv) all documents relating to any inquiry investigation or demand made by any governmental or regulatory agency as a result of such alleged fraudulent or to otherwise illegal or improper behavior;

(v) all commendations to, from or among any Directors relating to any alleged claims of malpractice which claimed damages exceeding $3 million;

(vi) from 2001 onwards, documents sufficient to show the annual total payments arising out of claims of alleged malpractice;

(vii) all documents relating to our concerning coverage in print, television or the internet of any alleged fraudulent or otherwise illegal, improper or negligent behavior by any employee of [BI].

BI argues that (1) responding to the request would be burdensome, as it would yield 100,000 pages, which have already been produced to the government, (2) the request is irrelevant to this employment dispute, and (3) responding to the request may upset negotiations to settle the government investigation. Dr. Scott maintains that the requested documents are relevant to BI’s counterclaims against Dr. Scott and key to Dr. Scott’s case that BI terminated him not for cause, but to generate cash to *946 pay for government fines arising from years of defrauding the government. BI asserted eight counterclaims against Dr. Scott including (1) breach of contract; (2) & (3) breach

of fiduciary duty; (4) recovery of money paid to Dr. Scott; (5) tortious interference with contract; (6) unfair competition; (7) violation of Lanham Act; (8) false and deceptive advertising. Dr. Scott justified his request for documents relating to medicare fraud relying upon ¶¶ 78 and 79 of BI’s counterclaims which refer to the $10 million loss that BI sustained in 2002 at the Singer Division and which BI alleged: “Continued losses of that magnitude by the Singer Division threatened the continued financial viability of [BI] as a whole.” Dr. Scott also relied upon BI’s ¶ 108 of the counterclaims which states “When [BI] discovered that the Singer facility was losing money at a rate that meant disaster for [BI] if it were not **446 reversed, and that the Department of Orthopedics was largely responsible for the losses, Dr. Scott, in breach of his fiduciary duties to BI”

(i) failed and refused to accept that financial reality and set out to try to disprove it;

(ii) failed and refused to acknowledge that he had a long-term contract with Beth Israel, and refused also to recognize that he owed fiduciary obligation to the Hospital;

(iii) failed and refused to participate in [BI]’s cost-savings plan, despite his duty as Chairman to do that;

(iv) failed and refused even to discuss with Zimmer the possibility of getting the large discounts that Zimmer was giving to other comparable institutions;

(v) began trying to relocate to another institution, despite his long-term contract with [BI];

(vi) began to induce other doctors to leave [BI] with him, in violation of those doctors’ contract with [BI] and in violation of his fiduciary duties to [BI];

(vii) began making a record that he hoped would support an argument that [BI] breached first, by failing to support his Department; (viii) went so far in violation of his duties to [BI] as to demonstrate in public outside of the Singer facility; *947

(ix) failed sincerely to consider the alternative space option offered by [BI];

(x) in the end, relocated to Lenox Hill Hospital, pirated a significant number of doctors in [BI]’s Department of Orthopedics to go with him to Lenox Hill Hospital, and also misappropriated the ISK name and began to use it in competition with [BI].”

BI offered to amend its answer by striking these paragraphs if Dr. Scott would withdraw his offensive discovery requests. Dr. Scott rejected the offer maintaining that the requests are relevant to the case with or without the amendments. The Court finds that documents concerning events that transpired from 1991 to 2002 are not relevant to this 2004 employment contract dispute. The court rejects BI’s argument that allowing Dr. Scott to have access to the fraud audit documents would jeopardize settlement of the government investigation. The investigation ended with the judgment made pursuant to a stipulation and order of settlement and dismissal. Accordingly, BI’s fear of affecting the confidential negotiations is moot. [8] However, BI need not produce “fraud audit” documents which it produced to the government. An understanding of the nature of the government’s claims against BI is not relevant to this employment action. Contrary to Dr. Scott’s argument, documents from 1991 to 2002 when BI was served with the government subpoena, will not explain why BI decided to terminate Dr. Scott. Likewise, Dr. Scott’s request for all court records currently under seal in the now settled federal fraud action is also irrelevant to this action. In addition, a document request for sealed documents in a federal action on page 4 of a brief filed in a state court action is procedurally incorrect. Further, documents or reports created by BI to defend itself against the government investigation would not address BI’s decision to terminate Dr. Scott or the financial condition of the Singer Division. Nor will the requested documents from 1991 to 2002 assist Dr. Scott in answering BI’s interrogatories concerning Dr. Scott’s understanding of the financial condition of the Singer Division from 2002 to 2004. [9] However, the financial condition of both BI and the Singer Division leading up **447 to Dr. Scott’s termination is relevant to this action. BI contends that Dr. Scott’s mismanagement led to the Singer Division’s demise. Dr. Scott maintains that it was

BI’s *948 deteriorating condition, prompted by BI’s own fraud, that led to his termination. He is entitled to financial documents which will allow him prove it. The relevant time period for assessing BI’s financial condition begins in 2002 when BI received the government’s subpoena, not 1991 when Dr. Scott’s discovery demand begins. Dr. Scott joined BI in 1991. He became chair of the Orthopedics Department in 1998. The contracts at issue here were entered into in 1998 and 1999. BI allegedly learned in February 2004 that Dr. Scott was negotiating with competing hospitals. Dr. Scott asserted that his contractual obligation to BI terminated on October 15, 2004. Meanwhile, BI’s financial condition was allegedly deteriorating. In May 2004, BI informed Dr. Scott, and other Singer personnel, that the Singer facility would close in August 2004. Dr. Scott and BI entered into an agreement preserving their rights and claims against each other and providing that Dr. Scott would continue to work for BI until December 31, 2004 or until the Singer facility closed. On June 10, 2004, Dr. Scott participated in a public demonstration protesting the closure of the Signer facility. He was terminated on July 15, 2004. Dr. Scott continued to work for BI until August 3, 2004 when the Singer facility closed. When the government subpoena was served in 2002, BI might begin to consider the potential financial impact of the government investigation and make plans for funding the potential liability. Indeed, in the financial documents produced to Dr. Scott estimated BI’s exposure in June 2004 at $77.4 million. Although BI is to make payments to the government until the end of 2007, pursuant to the November 30, 2005 stipulation and order of settlement and dismissal, the time frame for the production of documents here shall continue to the

end of 2004 when BI closed the Singer Division. BI has produced for the period January 1, 2001 to the present annual financial statements audited by Ernst & Young, Monthly Operations and Finance Reports to Continuum Board, Minutes of Meetings of Board of Trustees, Monthly Reports to the Finance Committee, Monthly Reports to the BI Medical Center Board of Trustees, Finance Committee Reports, Budgets and Preliminary Operating Results, Finance Committee Meeting Minutes, Profit and Loss Statements, Operating Statements for the Singer Division, Financial Analysis for the Singer Division, Departmental Financial Analysis for the Singer Division and Revenue Distribution Reports. It appears that BI’s production is sufficient. *949 Therefore, Request 3(a) of Dr. Scott’s first document demand and 2(a) (i) to (iv) of Dr. Scott’s second document request are struck to the extent that they seek documents prior to 2002 when BI was served with the government subpoena and BI’s motion for a protective order is granted. Accordingly it is, ORDERED, that Dr. Scott’s motion for a protective order is denied; and it is further ORDERED, that BI’s motion for a protective order is granted.

Parallel Citations

17 Misc.3d 934, 847 N.Y.S.2d 436, 2007 N.Y. Slip Op. 27429

End of Document

IDT Corp. v. Morgan Stanley Dean Witter & Co.

IDT Corp. v Morgan Stanley Dean Witter & Co., 107 A.D.3d 451 (2013) 967 N.Y.S.2d 51, 2013 N.Y. Slip Op. 04123

107 A.D.3d 451, 967 N.Y.S.2d 51, 2013 N.Y. Slip Op. 04123

IDT Corporation, Appellant v

Morgan Stanley Dean Witter & Co. et al., Respondents.

Supreme Court, Appellate Division, First Department, New York

June 6, 2013

CITE TITLE AS: IDT Corp. v Morgan Stanley Dean Witter & Co.

HEADNOTE

Disclosure Material Exempt from Disclosure Attorney-Client Privilege—Waiver

Boies, Schiller & Flexner LLP, Armonk (Edward T. Normand of counsel), for appellant. Davis Polk & Wardwell LLP, New York (Benjamin S. Kaminetzky of counsel), for respondents.

Order, Supreme Court, New York County (Shirley Werner Kornreich, J.), entered October 26, 2012, which granted defendants’ motion for an order precluding evidence to the extent of finding an “at issue” waiver of the attorney-client privilege and work-product protections, and ordered plaintiff to produce several former litigators for deposition, unanimously reversed, on the law, without costs, and the motion denied. In the remaining fraud claims that were not

previously dismissed (see IDT Corp. v Morgan Stanley Dean Witter & Co., 63 AD3d 583 [1st Dept 2009]), plaintiff alleges that defendant Morgan Stanley fraudulently misrepresented that it had produced all documents responsive to a subpoena served in a prior arbitration proceeding between plaintiff and a third party, that it reasonably relied on that representation, and that it suffered pecuniary losses as a result of defendant’s fraudulent concealment of additional documents because the arbitration panel would have awarded it greater damages had it been aware of the concealed documents. Defendant sought discovery concerning, among other things, plaintiff’s arbitration counsels’ reliance on its representation that the document production *452 was complete and the litigation strategy plaintiff’s counsel would have pursued had the concealed documents been produced during the arbitration. After plaintiff invoked the attorney-client privilege, defendant brought a motion to preclude, arguing that an “at issue” waiver of privilege had occurred. Although the privileged information sought by defendant is relevant to plaintiff’s fraud claims, plaintiff disavows any intention to use privileged materials and defendant fails to show that the materials are necessary to determine the validity of the claims or to its defense against them (see **2 Nomura Asset Capital Corp. v Cadwalader, Wickersham & Taft LLP, 62 AD3d 581 [1st Dept 2009]; Veras Inv. Partners, LLC v Akin Gump Strauss Hauer & Feld LLP, 52 AD3d 370 [1st Dept 2008]). Accordingly, defendant failed to establish that an “at issue” waiver of the attorney-client privilege occurred. Concur—Tom, J.P., Andrias, Renwick, DeGrasse and Gische, JJ.

End of Document

Shire LLC, et al. v. Amneal Pharm.

NOT FOR PUBLICATION

UNITED STATES DISTRICT COURT DISTRICT OF NEW JERSEY

SHIRE LLC, et al., : : TO BE FILED UNDER SEAL Plaintiffs, : Civil Action No. 2:11-cv-03781 (SRC)(CLW) : (CONSOLIDATED) v. : : OPINION AMNEAL PHARMACEUTICALS, LLC, : et al., : Defendant. :

: ___________________________________ :

CATHY L. WALDOR, United States Magistrate Judge.

I. Introduction

Pending before the Court is an informal application by Defendants Johnson Matthey Inc.

and Johnson Matthey Pharmaceutical Materials (collectively “Defendants”) to compel Plaintiffs

Shire LLC and Shire Development LLC (collectively “Shire”) to return or destroy privileged

documents produced after August 1, 2013. (Docket Entry No. 389, (“Letter Request”)).

Defendants further request that the Court rule there has been no waiver of attorney-client

privilege or work product protection by virtue of the document production discussed below. (Id.).

Plaintiff cross-moves to compel Defendants to produce the 25 Exhibit A documents (“Exhibit A

documents”) as well as other withheld documents concerning Defendants’ analyses of the

patents-in-suit. (Docket Entry No. 399, (“Letter Response”)).

Shire opposes the requests contending that Defendants intentionally waived the privilege

by selectively producing self-serving documents analyzing the patents-in-suit. (Letter Response

at 1). The Court has reviewed the letters in favor of and in opposition to the applications and

Case 2:11-cv-03781-SRC-CLW Document 460 Filed 01/10/14 Page 1 of 11 PageID: 106257

considered the arguments raised by the parties. For the reasons set forth below Defendants’

applications are hereby DENIED. Plaintiff’s applications are GRANTED in part.

II. Background & Procedural History

Recognizing the breadth of confidential and commercially sensitive information likely to

be involved in discovery, the parties executed a Discovery Confidentiality Order on March 5,

2012. (Docket Entry No. 65, (“the DCO”)). Relevant to the current issue brought before the

Court is Paragraph 15 of the DCO. Paragraph 15 instructs the parties that an inadvertent

production of privileged material “shall not constitute a waiver” if the producing party promptly

notifies the receiving party and requests the return or destruction of the subject material. (Id. at

Prior to August 1, 2013, Defendants made eight productions of documents. During this

time, Defendants and Shire filed a joint letter addressing Shire’s request to compel the

production of documents from Defendants’ third-party customers or potential customers.

(Docket Entry No. 240). Defendants ceased production during the pendency of that motion.

On July 25, 2013 Defendants discovered archived emails from a prior email client

previously overlooked in discovery. (Docket Entry No. 414-7 at ¶ 4, (“Decl. of Douglas

Nemec”)). On August 1, 2013 this Court ordered Defendants to produce the third-party

documents that were the subject of Shire’s request to compel. At this time Defendants informed

the Court of the existence of the newly discovered emails and that Defendants were in the

process of reviewing them for production. The Court responded by extending fact discovery until

September 20, 2013. Following the conference the parties agreed that Defendants would produce

the documents by August 20, 2013 in order to avoid a disruption of the discovery schedule. (Id.

at ¶ 5). Defendants produced a total of 249,483 documents on August 9, August 12, August 16,

and August 20, 2013. (Id. at ¶ 6).

On August 23, 2013 Shire alerted Defendants that the production appeared to contain

documents subject to the attorney-client privilege. On that same day, Defendants contacted Shire

acknowledging the inadvertent production and requested that Shire return or destroy the

privileged material. (Docket Entry No. 389-2). Shire agreed to hold the documents in a secure

fashion. (Letter Request at 2, fn. 1). Defendants conducted an investigation that uncovered two

errors in the production process. (Decl. of Douglas Nemec at ¶ 7). Defendants remedial search

efforts subsequently identified inadvertently produced documents.

In a letter dated September 19, 2013 Defendants brought this matter to the Court’s

attention asserting Shire’s argument that Paragraph 15 of the DCO was inapplicable. (Letter

Request at 1). Shire replied contending Defendants were not entitled to the return or destruction

of the documents because they waived the privilege. (Letter Response; Docket Entry No. 401).

II. Discussion

A. Parties’ Arguments

a. Defendants’ Arguments in Support of the Motion

Defendants contend their inadvertent production does not constitute waiver and that their

letter to Shire dated August 23, 2013 comports with the “clawback” procedure pursuant to

Paragraph 15 of the DCO. (Letter Request; Docket Entry No. 389-2). They argue their

compliance with Paragraph 15 overrides any contention that privilege was waived. (Letter

Request at 2). Additionally Defendants contend that even in the absence of the DCO their

screening practices comport with the applicable analysis courts in this District apply to determine

whether or not a party has waived privilege under these circumstances. (Id.).

Much of the controversy involves documents related to Defendant’s in-house counsel

William Youngblood (“Youngblood”). Defendants argue that mere inclusion of an attorney on a

document does not automatically make the document privileged. These documents were

intentionally produced because they were not privileged so their production cannot be construed

as a waiver. (Letter Request at 2.)

Additionally, Defendants argue: 1) the inadvertent production accounts for only 25 of the

249,483 documents1 produced within 20 days; 2) there was no delay between the point at which

Defendants were aware of the disclosure and their issuance of a clawback letter; and 3) justice

requires the Court to uphold Defendants’ privilege. (Letter Request at 4-5).

Defendants also argue that Shire mischaracterizes the scope of the inadvertent

production. (Docket Entry No. 414 at 1). Defendants did not selectively produce documents and

facts do not support a broad waiver of subject matter.

b. Shire’s Arguments in Opposition to the Motion

Shire argues that Defendants intentionally waived the privilege by producing self-serving

documents outlining internal analysis of the patents-in-suit. (Letter Response at 4). Defendants’

“selective” production is unfair it cannot use the privilege as both a sword and a shield, therefore

Defendants should produce all related privileged materials. (Id. at 3-4).

Shire also contends that Defendants have also waived privilege on subject matter

concerning Defendants’ analyses of the patents-in-suit. (Id.). Finally, Shire argues that

1 The number of documents at issue is actually 47. Defendants’ Letter Request indicates only 25 privileged documents were inadvertently produced within the entire production. That same letter indicates the scope of production consisted of either 249,483 or 310,144 pages. (Letter Request at 2, 4). Shire’s Letter Response indicated 26 inadvertently produced documents. (Letter Response at 9). Defendants’ subsequent letter inflated the total number of privileged documents to 47. (Docket Entry No. 414 at 2; Nemec Decl. at ¶8). Defendants later indicated that 47 privileged documents were inadvertently produced. This larger number is the sum of the 25 documents discussed in the Letter Request and Letter Response and the 22 documents identified in Defendants’ second clawback letter. (Docket Entry No. 414 at 5, fn. 6).

Defendants waived any privilege they could have asserted by failing to take reasonable

precautions to prevent inadvertent disclosure. (Id. at 6).

B. Analysis

a. The DCO

Paragraph 15 of the DCO provides in pertinent part that:

Furnishing of documents (including physical objects) to a receiving party; using documents in depositions, pleading or any written discovery; or disclosing documents to the Court shall not constitute a waiver of the attorney-client privilege, work product immunity or other immunity from discovery, with respect to any document or physical object so furnished, provided that the producing party shall immediately upon discovery of the inadvertent production notify the receiving party in writing and request such documents or material be returned or destroyed. Such notification by the producing party shall constitute reasonable precautions to prevent disclosure and reasonably prompt measures to rectify the inadvertent production within the meaning of Fed.R.Evid. 502(b)(3).

As a threshold matter, the Court finds that the parties have met and conferred in good

faith. Paragraph 15 also provides that “If the parties disagree about the disposition of such

material after conferring in good faith, then either side may move the Court for a resolution of

the dispute.” The issue is properly before the Court for consideration as prescribed by Paragraph

15. Defendants contend that they are entitled to the clawback protection of Paragraph 15. For the

reasons discussed below the Court disagrees.

The timeline of events cuts against Defendants’ argument. Here, the receiving party,

Shire, discovered the inadvertent production and notified Defendants. (Decl. of Douglas Nemec

at ¶ 7; Letter Request at 2). Only after Shire’s discovery and notification did Defendants conduct

a remedial investigation.2 The post-notification investigation prompted Defendants’ letter to

2 Defendants discovered that a privilege word search applied to newly discovered emails did not identify certain privileged material and that third-party vendor The MCS Group, Inc. turned over documents that were not marked for production. (Letter Request at 2).

Shire requesting the return or destruction of the inadvertently produced privileged material.

(Letter Request at 1).

Paragraph 15 of the DCO is very specific in that there is no waiver if the producing party

discovers the inadvertent production of privileged material and immediately notifies the

receiving party. A literal interpretation of the DCO deems that in order to raise the clawback

protection Defendants seek they bear the burden of the initial discovery of the violation.

b. Reasonableness

Pursuant to Fed.R.Evid. 502(b) the inadvertent disclosure of privileged information “does

not operate as a waiver” if:

1) the disclosure is inadvertent; 2) the holder of the privilege or protection took reasonable steps to prevent disclosure; and 3) the holder promptly took reasonable steps to rectify the error, including (if applicable) following Federal Rule of Civil Procedure 26(b)(5)(B). Inadvertent production of privileged documents “is a specter that haunts every document

intensive case.” Ciba-Geigy Corporation v. Sandoz Ltd, 916 F. Supp. 404, 410 (D.N.J. 1995)

(quoting Federal Deposit Ins. Co. v. Marine Midland Realty Credit Corp., 138 F.R.D. 479, 479-

80 (D.C. Va. 1991)). In this District, the question of inadvertent disclosure is resolved by an

examination into the “reasonableness of the steps taken to preserve the confidentiality of the

privileged documents. Ciba-Geigy, 916 F. Supp. at 411. This approach recognizes a waiver of

privilege by an unintentional act if a disclosure is the result of inexcusable neglect. Id. at 12.

Courts consider the following five factors to resolve the issue of waiver by inadvertent

disclosure: 1) the reasonableness of the precautions taken to prevent the inadvertent disclosure in

view of the extent of the document production; 2) the number of inadvertent disclosures; 3) the

extent of the disclosure; 4) any delay and measures taken to rectify the disclosure; and 5)

whether the overriding interests of justice would or would not be served by relieving the party of

this error. Id. (quoting Advanced Medical, Inc. v. Arden Medical Sys., Inc. 1998 U.S. Dist.

LEXIS 7297 at 2).

“[E]very inadvertent disclosure is an unintentional disclosure.” Ciba-Geigy, 916 F. Supp.

at 412. Therefore establishing mere inadvertency does not end the inquiry. Id. The analysis

focuses on whether Defendants “undertook reasonable precautions to avoid inadvertent

disclosure of privileged information. Id. For the reasons discussed below the Court finds that

Defendants have not met that burden.

Defendants contend they took reasonable precautions to prevent inadvertent disclosure

and cite the use of analytical software employing targeted search terms and that their

employment of such technology constitutes reasonable precautions. (Letter Request at 3).

Defendants further submit that all documents underwent a layered review process and the

inadvertent disclosure was the result of a mistake in the Bates process. (Id.) Finally, Defendants

argue that the mere presence of Youngblood’s name on a large portion of documents produced

does not constitute a waiver because those documents were already identified for production and

therefore not privileged.

Documents produced to Shire prior to August 1, 2013 were subjected to a layered review

process. (Decl. of Douglas Nemec at ¶ 2). This process involved attorneys and third-party

vendors, The MCS Group, Inc. (“MCS”) and EvalueServe. (Id.) MCS collected documents

pursuant to Shire’s document requests. (Id.). The collection underwent a privilege review by

Defendants’ in-house and outside counsel before undergoing a final review by EvalueServe.

(Id.).

However there is no indication that the documents produced after August 1, 2013

underwent the same review process. (Id. at ¶ 6). Defendants indicated that the post-August 1

production underwent an “expedited review.” (Id.) Defendants electronically searched the

documents with targeted search terms that were purportedly written by attorneys. (Id.).

Documents flagged by this search were subsequently “reviewed individually for privilege.” (Id.).

The Exhibit A documents were produced after August 1, 2013 and consequently subject

to Defendants’ “expedited review” and not the pre-August 1 layered review process. These

processes are different in that the post-August 1 review did not involve attorneys in the review

process. Nemec’s Declaration fails to mention who individually reviewed documents identified

by the privilege word search. This is a particularly glaring omission considering both in-house

and outside attorneys participated in the review process for the pre-August 1 document

productions. Defendants do not assert that counsel was involved in the review process after

August 1; nor is it asserted that Youngblood participated in the final review of the production

even though his name was on a large portion of the documents.

Turning to the use of analytical software, the volume of documents to be produced and

the time within which they were to be produced. The Advisory Committee Notes to Fed.R.Evid.

502(b) indicate that “Depending on the circumstances, a party that uses advanced analytical

software applications and linguistic tools in screening for privilege and work product may be

found to have taken ‘reasonable steps’ to prevent inadvertent disclosure.” In this case the Court

finds that the use of analytical software without attorney review does not constitute reasonable

steps to prevent inadvertent disclosure.

Similarly the Court is not persuaded by Defendants’ arguments on volume and time. This

litigation involves experienced and sophisticated parties on both sides who are well-equipped to

handle document review. Furthermore, Defendants’ time constraints were self-imposed as fact

discovery was set to close on September 20, 2013. In sum, Defendants had nearly two months to

conduct a thorough document review. Based on the foregoing the Court finds that Defendants

failed to establish that they undertook reasonable precautions to prevent the inadvertent

disclosure of the documents at issue.

Not all of the remaining factors cut against Defendants’ position. The proportionate share

of inadvertently produced privileged documents relative to the overall production is small. In

total there are 47 inadvertently produced documents within a document production of 249,483

pages. In light of the proportionately small size of the inadvertent production the Court finds that

this factor does not weigh in favor of finding waiver.

The third factor directs the Court to consider the extent of the disclosure. The Court finds

this factor to weigh in favor of a finding of waiver as Shire has demonstrated that these

documents contain Defendants’ internal analysis of the patents-in-suit.

The fourth factor considers Defendants’ effort to rectify the error. As previously

discussed Defendants did not conduct a remedial investigation until after Shire brought the issue

to their attention. Those facts in conjunction with Defendants’ previously discussed deficient

screening procedures supports a finding that this factor weighs in favor of waiver.

In weighing the fifth factor the Court must consider “whether the interests of justice

would be served by a finding of waiver.” Ciba-Geigy, 916 F. Supp. at 414. Shire argues that

these documents contain Defendants’ admission of willful infringement on Shire’s valid patents.

However the relevancy of the documents to the ultimate issue of the case is not part of this

analysis. Id. (citing Kansas City Power & Light Co. v. Pittsburg & Midway Coal Mining Co.,

133 F.R.D. 171, 174 (D. Kan. 1989)). But in light of the fact that this inadvertent disclosure was

the result of a failure to review, as previously discussed, the Court finds that justice is served by

a finding of waiver in this instance.

c. Subject Matter Waiver

When a disclosure waives privilege or work-product protection, that waiver will extend

to undisclosed documents or communication if: 1) the waiver is intentional; 2) the disclosed and

undisclosed communications or information concern the same subject matter; and 3) they ought

in fairness be considered together. Fed.R.Evid. 502(a).

In this District, a subject matter waiver is found “when the privilege-holder has attempted

to use the privilege as both a ‘sword’ and ‘a shield’ or when the party attacking the privilege will

be prejudiced at trial.” Koch Materials Company v. Shore Slurry Seal, Inc., 208 F.R.D. 109, 120

(D.N.J. 2002).

Shire argues that evidence before this Court demonstrates that Defendants withheld

documentation of their willful infringement of Shire’s patents and that the privileged documents

produced indicate a pattern of unfair selective disclosure (Letter Response at 1). Shire contends

this point is bolstered by the fact that the documents originate from Youngblood’s files. (Id.).

The gist of this argument rests on the assumption that Defendants cherry-picked certain

privileged documents to disclose to Shire in an attempt to unfairly bolster their position. (Id. at

The position taken by Shire requires evidence of Defendants’ intent to gain an unfair

advantage through intentional disclosure of privileged material – the sword and shield analogy.

To this point, Shire submits that Defendants’ selective disclosure of numerous documents from

Youngblood’s files is evidence of intent. (Id. at 4). Additionally, Shire argues that this Court

should find the requisite intent in the absence of adequate privilege screening protocols. (Id. at

5). These arguments are not persuasive.

Defendants contend that there is no selective disclosure of privileged documents because

they produced non-privileged documents. (Docket Entry No. 414 at 3). The 47 privileged

documents were produced inadvertently. (Id.). The production of non-privileged documents

bearing “Youngblood’s” name is not evidence of selective production.

Finally, the documents that Shire relies upon as illustrative of a conspiracy were clawed

back prior to the advancement of the selective production argument.

This Court has already found that Defendants unintentionally produced privileged

documents to Shire. The basis for that decision was Defendants’ inexcusable neglect in the

review process. It follows that the Court cannot find that Defendants waived subject matter

privilege when that privilege must be intentionally waived.

IV. Conclusion

For the reasons set forth above, the undersigned hereby DENIES Defendants’

applications. Shire’s motion to compel production of the Exhibit A documents is hereby

GRANTED. Shire’s motion to compel production of Defendants’ analyses of the subject-matter

is hereby DENIED.

An appropriate order shall follow.

s/ Cathy L. Waldor CATHY L. WALDOR UNITED STATES MAGISTRATE JUDGE

Dated: Friday January 10, 2014

The ‘Ethic’ of Getting up to Speed ‘Technologically’

The ‘Ethic’ of Getting Up to Speed ‘Technologically’

By Joel Cohen and James L. Bernard

When things end up poorly in a case, whether the client deserved to win or not, the client may decide to come after his criminal lawyer claiming malpractice, either in a civil action or in a post-conviction proceeding claiming “ineffectiveness.” He may argue that the lawyer 1) didn’t explain all of the litigating options to me; or 2) was “ineffective” in investigating the case, or in cross-examining key witnesses; or 3) did not let me, or mistakenly encouraged me to, take the witness stand in my own defense.

It is uncommon for the judge who presides (or presided) over a case to telegraph to the client during the case or afterwards that the lawyer is doing (or did) a lousy job in a way that the client himself didn’t have the skill or knowledge to recognize. In fact, some judges go out of their way, especially if they recognize the defendant as being a particularly difficult client, to say aloud, in words or substance, that “your lawyer has done an admirable job.” (We all like to hear that-even if the judge’s comment is strategic!)

There are circumstances today, however,

particularly given the rapid and ever-emerging use of new technologies to litigate cases, where indeed the judge, without necessarily meaning to do so, may effectively be stimulating a post-conviction lawsuit by a disgruntled client against the lawyer. Just imagine a judge faced with a lawyer who is basically a Luddite and actually did screw up in not exploring avenues of defense (or in cross-examining prosecution witnesses effectively through enhanced technology capacities) precisely because of her technophobic character trait. That judge may accomplish undermining the lawyer’s relationship with his client for his technological shortcomings either on the record or in a decision.

Examples may range from a lawyer’s failure to obtain text messages (we all know about emails), to a failure to obtain posts on a Facebook page, to a more common failure to adequately preserve electronic materials. Which disgruntled client, particularly one sitting in a jail cell, wouldn’t use the judge’s remarks to try to nail to the wall his now or soon-to-be-terminated lawyer for malpractice or-maybe, worse for his reputation at

the bar-by claiming “ineffective assistance of counsel” in a post-conviction appeal or collateral attack on his conviction? For in such a lawsuit, appeal or collateral attack he will “name [his lawyer’s] name” as ineffectually having tried the case by tying his own arm behind his back against-perhaps a younger-prosecutor more in tune with modern Internet technology.

The Disciplinary Authorities

In the wake of potential circumstances such as those presented above, the American Bar Association in the Model Rules of Professional Conduct, has recently added Comment 8 to Rule 1.1 (“Competence”) which requires a lawyer to provide “competent representation to a client”-requiring “the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” Comment 8, not added-or not yet added-to the parallel rule applicable in New York, provides that:

To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject (emphasis added).

So, what exactly does that mean? And what are the consequences to the lawyer if her skillset is such that she simply doesn’t know things or techniques about the Internet or computer systems that other lawyers do, particularly her adversary? Might she be held by a court to have rendered ineffective counsel? Does it mean that she might be subject to disciplinary or other sanctions? Could she suffer professional obloquy when word gets around in the legal, business or even broader community that clients and even courts are displeased with her

work product based on what amount to a refusal to “get contemporary” with the way of the world?

Case Law

The origins of the modern technological revolution in the art of lawyering can probably trace itself back to a number of milestones: the first Westlaw/Lexis terminals, the advent of the Internet and, on the judicial front, Judge Shira A. Scheindlin’s decisions in the seminal Zubulake case. Whether you believe that the decisions opened up a Pandora’s box of litigation costs and burdens for defendants, or whether you believe they gave plaintiffs access to critical evidence which would have otherwise been destroyed, there is no question that Zubulake changed the way litigators think about and prepare cases. It also required us to learn more about technology issues. As Scheindlin wrote in Zubulake V: “[C]ounsel must become fully familiar with her client’s document retention policies, as well as the client’s data retention architecture. This will invariably involve speaking with information technology personnel and the actual (as opposed to theoretical) implementation of the firm’s recycling policy.”1 In other words, counsel had to get tech savvy.

And it is worth asking, if a lawyer fails to “get smart,” what are the consequences? Of course, there are the potential sanctions that might be available to the aggrieved party. But can, after this new Comment 8, a lawyer face an ethics charge for this sort of lapse in knowledge? It is quite possible that it could be the basis for a malpractice claim if the failure to discuss these issues with a client resulted in a serious enough sanction, such as dismissal of a claim or defense.

Given all of the resources which have been devoted to educating the bar about the need to preserve electronic information, emails, documents, etc., it is not too hard to imagine a client claiming that the failure to do so in this day

and age amounts to malpractice, even though that would not have been the case however many years ago. In the criminal context, could it rise to the level of ineffective assistance of counsel resulting in a possible conviction reversal? Not too many years ago, the U.S. Supreme Court held that a lawyer provided ineffective assistance of counsel when the lawyer failed to tell a client about the likelihood of deportation if a client pleaded guilty to drug distribution charges.2

There are obvious differences between working with a client on e-discovery issues and informing a client of the legal consequences of pleading guilty to a felony, but it is not impossible to imagine a scenario in which the failure to learn about a client’s technological infrastructure is egregious enough and results in a serious enough sanction so as to bring the attorney’s behavior within the realm of a constitutional claim of ineffectiveness. After all, constitutional ineffectiveness under Strickland is triggered when counsel’s conduct falls “below an objective standard of reasonableness.”3 What is “reasonable” in terms of what counsel is expected to know about e-discovery is rapidly changing, and only in the direction of requiring greater knowledge.

Changing Legal Landscape

The tech landscape changes, and changes quickly. Zubulake V was issued in 2004, which is eons ago in tech terms. In 2010 the New York State Bar Association addressed the question of whether an attorney may ethically use an online data storage system (read, “the cloud”) to store confidential client information.4 Because an attorney must take reasonable steps to affirmatively protect a client’s confidential information, an attorney cannot just put client confidential data in any old “cloud.” The “cloud” the lawyer chooses must have reasonable procedures in place to ensure the confidentiality of the data stored to it, including (1) an enforceable

obligation to preserve confidentiality; (2) security procedures and recoverability methods; (3) mechanisms for preventing infiltration of the data by unauthorized users; and (4) procedures to permanently delete data upon request. In other words, and on this point, putting aside the recent amendment to the Model Rules, the state bar was explicit, a lawyer must learn these things to comply with the lawyer’s ethical obligations.

Lest you think that these issues are only for really tech savvy lawyers who store information using the latest technology, legal ethical issues abound in such common technology as email. Take three ethics opinions for example. In one early opinion (1998), the state bar concluded that lawyers could ethically use emails to send confidential information (that’s a relief!), but at the same time noted that where the confidential information is of an “extraordinarily sensitive nature,” such that the lawyer would conclude that “it is reasonable to use only a means of communication that is completely under the lawyer’s control,” then in such a case the lawyer cannot use simple, unencrypted emails.5

More recently, the California State Bar addressed the question of whether an attorney who uses a laptop at a coffee shop, and uses that shop’s WiFi, violated any ethical rules.6 The Ethics Committee observed that data transmitted over public WiFi is accessible by third persons with the right technology rather easily, but was concerned that issuing an opinion on technology-specific matters might become quickly obsolete. But the committee issued this summary of its cautionary conclusions:

[D]ue to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he

takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall. Depending on the sensitivity of the matter, Attorney may need to avoid using the public wireless connection entirely or notify client of possible risks attendant to his use of the public wireless connection...

And last and most recently, as if to drive these points home, a retired lawyer in South Carolina was disciplined for not having an active email account.7 According to an article about the decision, the disciplinary board found that not having an email account “poses a substantial threat of serious harm to the public and to the administration of justice.” Whether the harm is “serious” or not could be debated, but the point here is that keeping pace with technology is no longer just a necessary nuisance, it is an ethical requirement.

Conclusion

For many lawyers, the old ways die hard, and learning new tricks is not easy. This may be especially true for the solo practitioner, who does not have the small army of tech-savvy “litigation support specialists” to help navigate the waters that many law firms, particularly Big Law, now have. Nota bene: Solos, or law firms with insufficient equipment and tech-savvy personnel, may have to partner with co-counsel or qualified vendors who adhere to the rules of confidentiality in the individual case, that requires it to effectively defend a client.

Technology, with its unfamiliar terminology and concepts, can seem foreign and impenetrable. But it really is not so. A benefit of that technology is that you are just one Google click away from at least preliminarily understanding back-up tapes,

encryption technology and cloud computing.8 Understanding technology is not any more difficult than understanding the legal issues in a complex dispute. And like it or not, it is ethically required and here to stay, so the sooner we all get comfortable with it, the better. Doing the basic research as to what technology is available out there may actually persuade the practitioner that he needs to do more than what he has “gotten by with” in the past. Not to be preachy, but: Keeping abreast is what continues to make us “effective counsel.”

_______________________

Joel Cohen is of counsel and James L. Bernard is a partner at Stroock & Stroock & Lavan LLP. They co-teach professional responsibility at Fordham Law School.

For More Information

Joel Cohen 212.806.5644 jcohen@stroock.com

James L. Bernard 212.806.5684 jbernard@stroock.com

1. Zubulake v. UBS Warburg, 229 F.R.D. 422, 432 (S.D.N.Y. 2004).

2. Padilla v. Kentucky, 559 U.S. 356 (2010). The New York Court of Appeals, overturning a prior decision, recently reached the same conclusion. See http://www.nytimes .com/2013/11/20/nyregion/judges-must-warn-about-deportation-new-york-appeals-court-rules.html?_r=0; see also People v. Peque, 2013 WL 6062172 (N.Y.), 2013 N.Y Slip Op. 0765.

3. Strickland v. Washington, 466 U.S. 668, 688 (1984).

4. New York State Bar Assoc. Formal Ethics Op. 842 (2010).

5. New York State Bar Assoc. Formal Ethics Op. 709 (1998).

6. The State Bar of California Standing Committee on Professional Responsibility and Conduct Formal Op. No. 2010-179 (2010).

7. http://www.law.com/jsp/lawtechnologynews/ PubArticleLTN.jsp?id=1384434896553.

8. Good sources are online CLE programs, including a program, “Am I Competent? The Ethical Use of Evolving

Technologies,” with Justice Daniel J. Crothers of the Supreme Court of North Dakota and Professor Andrew M. Perlman, Director, Institute on Law Practice Technology and Innovation, Suffolk Law School. See http://apps.americanbar.org/cle/programs/t13cat1.html.

New York Maiden Lane

New York, NY � Tel: .. Fax: ..

Los Angeles Century Park East

Los Angeles, CA � Tel: .. Fax: ..

Miami Southeast Financial Center

South Biscayne Boulevard, Suite Miami, FL �

Tel: .. Fax: ..

Washington, DC K Street, NW, Suite Washington, DC �

Tel: .. Fax: ..

HHwww.stroock.com HH

This publication may be attorney advertising. Prior results do not guarantee a similar outcome.

____________________________________________________________________________________________________________

Reprinted with permission from the December 10, 2013 issue of New York Law Journal. Further duplication without permission is prohibited. All rights reserved. This Stroock publication offers general information and should not be taken or used as legal advice for specific situations, which depend on the evaluation of precise factual circumstances. Please note that Stroock does not undertake to update its publications after their publication date to reflect subsequent developments. This Stroock publication may contain attorney advertising. Prior results do not guarantee a similar outcome.

Stroock & Stroock & Lavan is a law firm with a national and international practice serving clients that include investment banks, commercial banks, insurance and reinsurance companies, mutual funds, multinationals and foreign governments, industrial enterprises, emerging companies and technology and other entrepreneurial ventures. For further information about Stroock Special Bulletins, or other Stroock publications, please contact Richard Fortmann, Senior Director-Legal Publications, at 212.806.5522.

Protecting Client Information: Should Lawyers Be In ‘The Cloud’?

New York Law Journal: Protecting Client Information Should Lawyers Be in The Cloud

http://www.newyorklawjournal.com/PubArticleFriendlyNY.jsp?id=1202636016345[1/6/2014 10:33:15 AM]

Font Size:

ALM Properties, Inc.Page printed from: New York Law Journal

Back to Article

Select 'Print ' in your browser menu to print this document.Print Options: With Ads | Without Ads

Protecting Client Information: Should LawyersBe in 'The Cloud'?

Anthony E. Davis

New York Law Journal

2014-01-06 00:00:00.0

A recently issued report of the Committee on Small Firms of the New York City Bar, "The Cloud and the Small Law Firm:Business, Ethics and Privilege Considerations" provides a helpful introduction to the subject of cloud computing, andconsiderable guidance to practitioners.1 But perhaps necessarily the report does not give definitive answers to thefundamental questions: When—if ever—should lawyers use cloud computing in the context of the practice of law? Thisarticle will review the report and will seek to provide additional guidance to the perplexed practitioner or managing partner.

Before either defining "the cloud," or surveying the city bar report, it is essential to place the subject of the limitations onlawyers' ability to protect confidential information in our digital universe in context. There are two dimensions to the challengeof preserving confidential information. First, if anyone still believes that the National Security Agency (NSA) does not havethe ability to access any and all data that can be accessed using the Internet, they are living in what an English politician(many decades before the term cloud computing was invented) referred to as "cloud cuckoo land." Similarly, the recent lossto hackers of the personal financial information of 40 million customers by the Target retail store chain highlights the fact thateven giant corporations, with technology budgets that presumably dwarf the resources of most, if not all law firms, areunable to guarantee the security of their customers' information.

Taken together, these realities necessarily lead to a conclusion that is fundamental and critical to understanding the dutiesof lawyers—there is no such thing as digital data that is completely secure. Another way to express that conclusion is that"security" is a relative state and never absolute. The corollary to that principle is the question that lawyers must addresswhen trying to fulfill their duties in this realm—What constitutes "secure enough" when it comes to preserving theconfidentiality of client information?

The second dimension of the problem facing lawyers moves the discussion from the first, theoretical expression of theproblem, to the practical. This is best understood by taking two hypothetical situations.

Law Firm "A" has decided that its solution to the problem of securing the confidentiality of its clients' data will beaccomplished by ensuring that all the data will be stored in servers owned, operated and controlled by the firm. Because thefirm has limited resources, the servers are kept in a closet inside the firm's offices. The firm's backup data is not transmitted

over the Internet, but is kept on hard drives that are transported back and forth from the home of the firm's senioradministrator. In neither location are the servers or the discs physically secured, either by lock and key in the office(otherwise the janitors would not be able to access the server room to clean) or in a safe at the administrator's home. Thelaw firm has a complex set of policies that essentially prohibit all the firm's lawyers and staff from copying client data ontoany medium that can be removed from the firm's offices—but no means of effectively enforcing those prohibitions.

Law Firm "B" has decided that A's approach is unworkable, because the absence of meaningful physical security of theservers or backup data means that it is vulnerable to intruders (and insiders). Also, "B" is concerned that by the simplemeans of transferring data to "flash" (sometimes called "thumb") drives, or by transmitting data over the Internet to thepersonal devices carried by all its lawyers, the data is not adequately protected. Accordingly, "B" has decided to use a"cloud" solution—all its clients' data will be encrypted and transmitted to a server farm owned by a third-party cloudcomputing solutions provider.

The server farm (as confirmed by the law firm) is located in a remote desert town in a Western state, is surrounded by 14-foot-high barbed wire fences and is patrolled by armed guards carrying machine guns and supported by vicious guard dogs.Firm "B" also has a BYOD ("bring your own device") policy that requires all the lawyers to register their personal devices withthe firm so that they can be remotely wiped if they are lost. But no one knows for sure if all the lawyers are in compliancewith the policy.

The question is: Which firm's clients' data are either (a) more secure, or (b) sufficiently secure?

Risks and Duties

The city bar report properly acknowledges, in the Introduction, that: "whether confidential and privileged information remainson-site within the firm, resides on the servers of a third-party cloud provider, or rests in the drives of smartphones, tabletPCs or laptops, attorneys must know the rules and potential disclosure risks, and exercise reasonable care when choosingcomputing technologies and service providers." The report then sets itself the task of exploring "the landscape of what isreasonable care."

The city bar report thoroughly and carefully defines what is meant by "the cloud," going into some depth as to the variousmodels of service provision that are available to lawyers and law firms, and the different kinds of security protocols thatthese models provide. The report then moves to consider the challenges which these alternative approaches present tolawyers and, in that context, addresses in detail the two fundamental issues that lawyers need to consider before deciding toput data in the cloud:

A. How secure will be the data hosted with the cloud provider? Will privilege and confidentiality be maintained in the cloudprovider's servers as well as in transmission to and from those servers?

B. Can the firm access its data as needed?

The third section of the city bar report deals—in commendable detail and length—with "The Ethical Risks and Obligations ofUsing Cloud Services." The report identifies the following sections of the New York Rules of Professional Conduct (RPCs) asbeing pertinent:

The duty to "provide competent representation to a client," pursuant to RPC 1.1, which includes the duty to understand thecloud technology and services being used, the duty to obtain client consent—where appropriate—to the use of cloudservices, and the duty to counsel the client on their own use of cloud services in connection with the representation;

The duty to communicate with the client about the representation, pursuant to RPC 1.4, which includes the obligations to"promptly" inform the client of "material developments" in the matter, "reasonably consult with the client about the means bywhich the client's objectives are to be accomplished," and "keep the client reasonably informed about the status of thematter";

The duty to safeguard client confidential information, pursuant to RPC 1.6, which includes the duty to "exercisereasonable care to prevent…others whose services are utilized by the lawyer from disclosing or using confidentialinformation of a client";

The duty to maintain and preserve client records and deliver them promptly upon request, pursuant to RPC 1.15,including records that are maintained in the cloud;

The duty, upon termination of representation, promptly to deliver all papers and property to which the client is entitled,pursuant to RPC 1.16, again, including records maintained in the cloud; and

The duty to supervise the work and conduct of nonlawyers, pursuant to RPC 5.3, including the work of cloud serviceproviders.

Principles and Guidelines

The city bar report then extensively discusses how these rules operate in the context of when it is appropriate to elect to usecloud computing, and the scope and meaning of the duties of oversight when this approach has been selected. The reportdiscusses many of the ethics opinions from around the country that have addressed these topics, including New York StateBar Opinion 842, issued in 2010. Summarizing the conclusions of these opinions, the report notes that "[t]he opinionsemphasize that lawyers are not guarantors of cloud computing services.… Thus, the applicable standard is reasonable care,not strict liability," and the report suggests that:

"[a] synthesis of the existing ethics opinions indicates that lawyers should consider taking some or all of the followingprecautions subject to the reasonableness standard:

1. Stay on top of emerging technologies to ensure client information is safeguarded.

2. Research any cloud providers they are considering using to ensure the providers are well established, reputable,and have appropriate policies and practices to ensure that information is secure, properly handled, and backed up.

3. Take steps to ensure that the vendor and its personnel are competent to perform the tasks required.

4. Review all contracts and terms of service to ensure they comply with all ethical requirements.

5. Take steps to ensure that service contracts: (a) require the cloud provider to safeguard client information; (b) haveappropriate provisions about the ownership of data, handling of subpoenas and other legal process, and notification ofdata breaches; and (c) have appropriate end-of-contract or termination provisions, including the ability to retrieve dataregardless of the reason for termination and proper procedures for deleting data from the cloud.

6. Take steps to determine the geographical location of servers to ensure they are located in jurisdictions withadequate legal protections for data.

7. Take steps to ensure that data stored in the cloud is accessible when needed, even if the contract is terminated orthe vendor goes out of business.

8. Protect against "end-user" vulnerabilities, such as the failure to use strong passwords or the use of unsecureInternet connections.

9. Notify clients in the event of a significant data security breach."

(Footnotes referring to relevant ethics opinions omitted).

Based upon these principles, the city bar report then sets out and discusses at length eight helpful guidelines for howlawyers and law firms should proceed when making the decision to move to cloud computing and then managing theprocess.

However, the city bar report does not actually answer the fundamental issues raised at the beginning of this article, namelywhat can lawyers and law firms do to establish with any certainty that their clients' data is sufficiently secure? One approachthat is arguably fundamental if firms are to have any comfort in the decisions they make, is to obtain client consent. Thereport addresses this subject twice, first in the section discussing the risks of cloud computing, but (in this writer's opinion,much more usefully) in its Suggested Guideline 5:

Suggested Guideline 5—Get Client Consent

Obtain your clients' consent before storing their information in the cloud or relying on cloud-based software for client-criticalfunctions.

No matter how careful an attorney is, no system of storing confidential information (cloud-based or otherwise) is foolproof.That is why the standard for using cloud computing is "reasonable care," not strict liability. Although express client consent

to cloud computing is not necessarily required under the RPCs, lawyers may wish to consider inserting into theirengagement letters a provision granting the client's consent to use of the cloud.

In addition, lawyers should consider discussing with the client whether certain information entrusted to the attorney isparticularly sensitive and, therefore, needs a higher level of protection than the rest of the client's information. For example,even if a client would generally have no objection to the attorney storing encrypted client documents in the cloud, the clientmight object to storing its recent unpublished financial statements in the cloud during the quiet period leading up to an IPO.Under circumstances where the client's consent is required to store information on the cloud, as discussed in Section III.Babove, lawyers should not do so before obtaining client consent in writing.

Conclusion

If there is an answer to the fundamental question articulated at the beginning of this article—what constitutes "secureenough" when it comes to preserving the confidentiality of client information?—it surely lies here. Different clients, anddifferent categories of clients, have differing levels of need with respect to the security of their data. Clients that areregulated by the government, such as banks and financial institutions, and clients in certain industries, such as health carethat are governed by data protection legislation such as the Health Insurance Portability and Accountability Act, havediffering needs from those of individual clients such as clients seeking advice on estate planning. Indeed, as law firmsserving regulated industries are well aware, those clients are already insisting that their lawyers observe the same levels ofdata security as are required of the clients themselves—and are actively auditing and monitoring their lawyers to assurecompliance.

In a world where there is no absolute security of data protection, only relative security, apart from observing the ethicalrequirement of taking "reasonable care" to protect and preserve client confidential data, it is critical to inquire of each clientwhat it will accept as meeting that standard with respect to its data, or at least to notify each client what are the firm's normalsafeguards. Accordingly, the recommendation that I suggest lawyers and firms consider, in addition to the recommendationsof the city bar report, is to include language in their engagement letters that identify the firm's policies, protocols andpractices for data protection—whether inside or outside the cloud—and notify clients that those will be the arrangements inplace unless the client explicitly requests that the firm take additional security protections with respect to its confidentialinformation. Such a provision is not a guarantee of success in the event of a later challenge to the firm's systems should adata breach occur, but it is surely likely to provide an eventual trier of fact with a solid basis for establishing thereasonableness of the firm's security decisions.

Anthony E. Davis is a partner at Hinshaw & Culbertson and is a past president of the Association of ProfessionalResponsibility Lawyers.

Endnote:

1. The City Bar Report may be found at: http://www2.nycbar.org/pdf/report/uploads/20072378-TheCloudandtheSmallLawFirm.pdf.

Confide, a Snapchat for the Corner Office

GALLERY REPORTS MENU

Confide, a Snapchat for the Corner OfficeBy Sarah FrierJanuary 08, 2014 5:52 AM EST

Two-year-old Snapchat has achieved a multibillion-dollar valuation by creating a technology for disappearing selfies aimed at teenage users. Now companies are pitching similar apps that they say provide untraceable message delivery, except they’re designed for corporate users that want a higher level of security than Snapchat can offer. The latest is Confide, a text-based iOS app released on Jan. 8 by former AOL executive Jon Brod and Howard Lerman, chief executive officer of location-services company Yext. Such startups are betting that corporate audiences will be hungry for a secure mobile messaging app suited to their needs.Confide’s founders say their service is aimed at professionals who want to speak candidly about delicate personnel or legal matters without leaving a trail that exposes proprietary information. “Think about the times someone sends a memo that says, ‘Confidential, do not forward,’ or when someone asks for your personal e-mail to go off the company’s network, or when it’s something you’d rather talk about on the phone or in person, but don’t have time,” says Brod, the company’s president, who previously headed AOL’s venture team and its troubled local news network Patch. Instead of hiring a sales force or pitching chief information officers, his plan is to spread the app through individual word of mouth, as cloud-sharing service Dropbox did, until enough of a company’s employees are using it that the company formally incorporates the software into its business practices.There’s just one problem, and it’s potentially a big one. Companies face heavy regulatory pressure to preserve—not destroy—business e-mails, financial records, and other documents. “Whenever you’re dealing with business tools, there still needs to be some kind of audit trail and accountability,” says Vanessa Thompson, an analyst for market researcher IDC. Last month, the Financial Industry Regulatory Authority fined Barclays $3.75 million for its decade-long failure to retain certain electronic records, e-mails, and instant messages. If employees are discussing critical information or creating financial records, those probably need to be retained, says Scott Whitney, vice president of product management at social media compliance consultancy Actiance.Other companies experimenting with self-destruct services for business face the same challenge. Companies such as Dashlane and Digify let users send documents that can be set to delete themselves after a certain period of time. Dashlane CEO Emmanuel Schalit says not every stray thought communicated and then dissolved electronically should conjure images of Enron employees shredding doctored accounting records, though he acknowledges that “when companies destroy things, it’s not always the best sign.”

1/29/2014http://mobile.businessweek.com/articles/2014-01-08/confide-a-snapchat-for-the-corner-off...

Brod, Confide’s president, says it’s up to users to make sure they exercise proper caution and judgment. His app’s interface looks like an e-mail inbox, except that when you open a message, the text is covered by colored boxes that you have to run your fingers over to remove. Earlier words are quickly covered again, making the message more difficult to copy via screenshot than those on Snapchat. Confide’s additional security advantage, co-founder Lerman says, is end-to-end encryption, which means that the key needed to decrypt a message resides only on the recipient’s mobile device and is never transmitted over a company’s servers. That’s a step that would make government surveillance, or the Dec. 31 publication of millions of user phone numbers hacked from Snapchat, much more difficult to achieve. “We don’t have the technology to read your messages,” says Lerman, who’s still running Yext. Because Confide doesn’t store any messages on its servers, it doesn’t have the ability to retrieve them if a company, or the National Security Agency, comes knocking.Confide could face a much higher barrier to entry if Snapchat were to market itself more aggressively to business users. (Snapchat spokeswoman Mary Ritti declined to comment on the company’s plans.) It’s also unclear whether businesspeople will commit to using such a service, but Brod and Lerman can point to the success of Facebook’s corporate copycats. LinkedIn and Jive launched successful initial public offerings in 2011, while Yammer was acquired by Microsoft in 2012 for $1.2 billion. “We just think it’s incredibly important, like in the offline world, to provide the option of impermanence online,” says Brod.

NEXTBLACKBERRY RENEWS ITS VOWS TO THE SMARTPHONE KEYBOARD

PREVIOUSWITH CES ANTICS, MOBILE CARRIERS MAKE AN ELOQUENT ANTITRUST CASE

« Back to Home

Search Quotes:

GALLERY | REPORTS

Bloomberg Applications |Bloomberg.com|Submit Feedback or Tips |Terms of Service|Privacy Policy

View: Mobile Site |Desktop Site

Choose a Section ... change

Choose a Gallery ... change

1/29/2014http://mobile.businessweek.com/articles/2014-01-08/confide-a-snapchat-for-the-corner-off...

Biographies

Associate Justice Judith J. Gische Supreme Court, Appellate Division First Department 27 Madison Avenue New York, New York 10010 (212) 340-0400

JUDICIAL EXPERIENCE:

Designated Associate Justice of the Appellate Division of the Supreme Court, First Department, October 2012.

Elected Justice of the New York State Supreme Court, November, 2008. Sat in Civil Term of the Supreme Court.

Appointed Acting Justice of the New York State Supreme Court, May, 1997. Sat in Civil Term of the Supreme Court in New York and Bronx Counties.

Elected Judge of the Civil Court of the City of New York, November, 1993. Sat in the Civil and Small Claims Parts of the Civil Court.

Appointed Housing Court Judge of the Civil Court of the City of New York, May 1990. Sat in Kings County.

EDUCATION

Queens College, City University of New York, 1974-1975 B.A., State University of New York at Buffalo, 1977 Magna Cum laude, Phi Beta Kappa J.D., State University of New York at Buffalo, 1980 OTHER LEGAL EXPERIENCE

11/80 to 1/82, Judicial Clerk at Appellate Division of the Supreme Court, Third Department 1/82 to 5/90, Associate Attorney with Richenthal, Abrams and Moss 2004 to present, Adjunct Professor, New York Law School

stroock & stroock & lavan llp • new york • los angeles • miami • washington, dc180 maiden lane, new york, ny 10038-4982 tel 212.806.5400 fax 212.806.6006 www.stroock.com

STROOCK

JAMES L. BERNARDPARTNER, NEW YORK

Contact Information

Tel: (212) 806-5684 Fax: (212) 806-2684 jbernard@stroock.com

Practice Group

Litigation

Litigation: eDiscovery and Information Governance

Commodities and Derivatives

Financial Services/Class Action

Corporate

Capital Markets/Securities

Education

J.D., cum laude, Fordham University School of Law, 1995; Order of the Coif; Peter J. O’Connor Prize; Fordham Law Alumni Association Medal in Constitutional Law

A.B., magna cum laude, Bowdoin College, 1989

Judicial Clerkship

Clerk, The Hon. Alvin K. Hellerstein, U.S. District Court, Southern District of New York, 1998-1999

Clerk, The Hon. Loretta A. Preska, U.S. District Court, Southern District of New York, 1997-1998

James Bernard’s practice focuses on financial services and general commercial litigation, including securities and consumer class actions, audit malpractice and related issues and representing clients before the New York State Attorney General’s Office. He also works on commodities and derivatives matters and represents defendants in a variety of white-collar criminal law matters.

Representative Matters

• Grant Thornton International in all litigations arising out of the collapse of Parmalat

• Alliance Pharmaceutical Corp. in a class action securities litigation

• Goldman Sachs in litigation involving distressed debt trading

• Delta Financial Corporation in a class action securities litigation

• American Express in class action litigations concerning credit and gift cards

• McKinsey & Company in commercial litigation and general corporate advice

• Grant Thornton LLP in accounting malpractice and securities litigations

• AIG in Enron Corp. bankruptcy litigation

• Sempra Energy Trading Corp., Gerald Metals, Inc. and J. Aron & Company in trading, commodities and contract litigations and arbitrations

• Various European metal trading companies in RICO litigation against Russian entities and individuals

• Chesapeake Energy, Ernst & Young, Federated Department Stores, Inc., Priceline.com and World Jewish Congress in matters before the New York State Attorney General

• Tosco Corporation in commercial litigation

• Oppenheimer & Co. Inc. in breach of contract action

• Kemper and Travelers insurance companies in commercial litigation

• Nomura Securities and UBS in gender discrimination lawsuits

• The Anheuser-Busch Companies in an advisory capacity on various matters

S T R O O C K J A M E S L . B E R N A R D

• Individual defendants in securities fraud, bank fraud and other white-collar criminal matters

• Various entities and individuals in confidential criminal investigations and related proceedings

• Individual plaintiffs in opt-out litigations in Cendant Corp. and Nortel Networks Inc.

Honors and Awards

Mr. Bernard has been listed in Super Lawyers for his work in securities litigation, business litigation and criminal defense: white collar.

Memberships

• Member, Advisory Group, New York State-Federal Judicial Council

• Member, Joint Committee on Local Rules in the S.D.N.Y. and E.D.N.Y.

• Member, Attorney Advisory Committee on Complex Litigation Reform in the S.D.N.Y.

• Treasurer, Federal Bar Council

• Member, Federal Bar Council

• Member, Federal Bar Council Inn of Court

• Director, Federal Bar Council Foundation

• Co-Editor in Chief, Federal Bar Council Quarterly

• Member, Committee on Grievances, Panel of Attorneys-Eastern District of New York

Selected Activities

• Adjunct Professor of Law, Fordham University School of Law, Professional Responsibility

• Former Adjunct Professor of Law, Brooklyn Law School, Professional Responsibility

• Participant, Sedona Conference on Complex Litigation Reform

Speeches and Events

• Panelist, “The Business and Ethics of Managing a 21st Century Law Firm,” Fordham Law School, New York, NY, January 28, 2013

• Panelist, “Staying Out of Trouble: What Every Attorney Must Know About Ethics 2012,” Practising Law Institute, New York, NY, December 17, 2012

• Panelist, “‘Bet the Company’ Litigation 2012: Best Practices for Complex Cases,” Practising Law Institute, New York, NY, September 25, 2012

• “Current Ethical Issues for In-House Counsel & Those Who Advise Them,” NY City Bar, May 24, 2011

• “Current Issues In Auditor Litigation: Selective Waiver of Work Product Privilege and In Pari Delicto,” J.H. Cohn, May 9, 2011

• Panelist, “Current Ethical Issues in Complex Litigations,” ‘Bet the Company’ Litigation 2010: Best Practices for Complex Cases, Practising Law Institute, New York, NY, November 9, 2010

• Panelist, “Bet the Company Litigation 2010: Best Practices for Complex Cases,” Practising Law Institute, New York, NY, November 10, 2009

• “Ethics of Witness Preparation,” Federal Bar Council Winter Bench & Bar Conference, February 19, 2007

• “Ethical Issues In Pro Bono Representation,” Association of the Bar of the City of New York, February 8, 2007

Publications

• Co-author, “The Second Circuit Ruling on Attorney Advertising: What Are the Current Do’s and Don’ts?” Bloomberg Law Reports, April 12, 2010

• “The Role of Courts in Deciding Ethics Issues,” Federal Bar Council Quarterly, June 2009

• “Mass Actions and CAFA,” A Practitioner’s Guide to Class Actions, American Bar Association, 2009

• “Justice Marshall and the Attorney-Client Privilege,” Federal Bar Council Quarterly, March 2008

• “Speaking with Jeffrey Toobin,” Federal Bar Council Quarterly, March 2008

• “Trick With No Treat: Sanctioning Lawyers for Engaging in Trickery,” Federal Bar Council Quarterly, September 2007

S T R O O C K J A M E S L . B E R N A R D

• “The 2000 Amendment to the Federal Rules of Civil Procedure,” ALI-ABA Civil Practice and Litigation Techniques in Federal and State Courts, January 2005

Admitted to Practice

New York, 1996; U.S. District Court, Southern District of New York, 1996; U.S. District Court, Eastern District of New York, 1996; U.S. District Court, Northern District of New York, 2012; U.S. District Court, District of Colorado, 2003; U.S. District Court, Northern District of Illinois, 2004; U.S. Court of Appeals, Second Circuit, 2003; U.S. Court of Appeals, District of Columbia Circuit, 2007; U.S. Court of Appeals, Third Circuit, 2009

Clerkship

• Clerk, The Hon. Alvin K. Hellerstein, U.S. District Court, Southern District of New York, 1998-1999

• Clerk, The Hon. Loretta A. Preska, U.S. District Court, Southern District of New York, 1997-1998

Francesca MorrisPartner

New YorkT 212.513.3431 | F 212.385.9010francesca.morris@hklaw.com

Francesca Morris practices in the New York Litigation Practice Group. Ms. Morris advises and represents foreign and domestic companies and financial institutions in complex commercial disputes related to breaches of contract, business torts, defamation, copyright and trademark infringement and licensing disputes. In addition, Ms. Morris routinely negotiates and drafts domestic and international licensing and software as a service agreements. Ms. Morris has experience in jury and non-jury trials and appeals in federal and state courts. A substantial part of Ms. Morris's practice relates to international business disputes. Ms. Morris has represented secured lenders and creditors in highly contested bankruptcies under Chapter 11 and Chapter 15.

In the transportation context, Ms. Morris represents clients in a variety of maritime matters, including collision litigation, limitation of liability actions, cargo claims, arrests and attachments of assets and in maritime lien disputes. Ms. Morris' practice also includes review and drafting of charter parties and other transportation service agreements.

She has appeared pro bono representing victims of domestic violence in obtaining orders of protection and in marital and family law matters, such as custody, visitation and child support disputes and divorce. In December 2003, Ms. Morris was awarded the John K. Geiger Award for commitment to justice by the not-for-profit group inMotion, Inc. for her pro bono work. Ms. Morris is a member of the New York Office Diversity Committee.

Related Practices: Litigation and Dispute Resolution International Litigation and Arbitration

Bankruptcy, Restructuring and Creditors' Rights Maritime

Related Client Sectors: Transportation

Reported cases: Otal Invs. Ltd. v. M.V. Clary, 494 F.3d 108 (2d Cir. 2012); Otal Invs. Ltd. v. M.V. Clary, 494 F.3d 40, 2007 U.S. App. LEXIS 16021 (2d Cir. 2007); Universal Oil Ltd. v. Allfirst Bank(In re Millenium Seacarriers, Inc.), 419 F.3d 83 (2d Cir. 2005); In re Otal Invs. Ltd. v. Capital Bank Pub. Ltd. Co. (In re Otal Invs. Ltd.), 2005 AMC 2461, 2005 U.S. Dist. LEXIS 21580 (S.D.N.Y. 2005); Valassis Communs., Inc. v. Weimer, 304 A.D.2d 448, 758 N.Y.S.2d 311 (1st Dept. 2003).

Honors & Awards

New York Super Lawyers magazine, 2012 John K. Geiger Award for Commitment to Justice, inMotion, Inc., 2003

Publications

Avoiding System Failure for Complex Software Projects, Co-Author, Wall Street Journal, CIO Journal, January 6, 2014How Banking CIOs Can Meet Third-Party Vendor Requirements, Co-Author, Wall Street Journal, CIO Journal, December 16, 2013How CIOs Can Avoid Outsourcing Risk,, Co-Author, Wall Street Journal, CIO Journal, November25, 2013Software License Disputes: Managing the Inherent Risks, Practical Law Company Intellectual Property & Technology, May 2012Shipping Companies’ Chapter 11 Reorganization Proceedings: Jurisdictional Battles, Holland & Knight Alert, October 24, 2011Software License Disputes: Managing the Inherent Risks, Practical Law Company, September2011'Simply Put, The Barge Did Not Do It': The Hurricane Katrina Court's Reliance on Expert Testimony and Its Broader Implications for Marine Casualties, The Arbitrator, April 22, 2011Second Circuit Bases Decision in Royal & Sun Multimodal Carriage Case on Recent Supreme Court Ruling in Regal-Beloit, Holland & Knight Alert, July 29, 2010Shipping Bankruptcy Update, Holland & Knight Update, December 16, 2009Rule B Maritime Attachments, Foreign Proceedings and the U.S. Bankruptcy Code, Holland & Knight Alert, January 27, 2009Marine Bankruptcies - U.S. Chapters 11 and 15, Marine Money, December 31, 2008Rule B: Expanded Scope of Maritime Contract Jurisdiction – Vessel Sales Contracts, Holland & Knight Alert, October 8, 2008Maritime Attachment of a Company's Money in New York, Pratt's Journal of Bankruptcy Law,September 1, 2008Maritime Attachment of Your Company’s Money in New York, Holland & Knight Newsletter, June2008Equity Shipping Investment: Catastrophic Risk Evaluation, Shipping Finance Review 2008/09,January 1, 2008The Pennsylvania Rule: No Longer the Rule, 32 Tul. Mar. L.J. 131, December 1, 2007Seaworthiness Under U.S. Law, December 18, 2006Securing Your Claim in the U.S. – The Net Widens, December 6, 2006

Speaking Engagements

IP Trademark, Copyright & Licensing Counsel Forum, Moderator, Software Licensing Disputes,October 22, 2013Insourcing v. Outsourcing - The Pendulum Swings and How to Avoid Risk, Holland & Knight Program, October 8, 2013Ethics in Social Media 2013, Evidence for Social Media, Practising Law Institute, March 18, 2013Outsourcing Risk/Compliance, The Outsourcing Roadshow, December 5, 2012Ethics in Social Media, the Internet: Your Friend and Your Enemy, ALM Webinar, September 12, 2012How to Resolve Critical Software License Disputes 2012, Practising Law Institute, June 27, 2012Software License Disputes, Practising Law Institute Webcast, August 11, 2011

The Close Call of Software Licensing Disputes, Lawline webinar, April 20, 2011When Good Software Licenses Go Bad, ALM webinar, April 5, 2011Simply put, the Barge did not do it: The Hurricane Katrina Court's Reliance on Expert Testimony and its Broader Implications for Marine Casualties, CMA Shipping 2011, Connecticut Maritime Association, March 23, 2011Protecting Your Brand: Trademark Litigation for Increasing Profits, January 26, 2011Improving a Company's Profitability -- Monetizing Patents and Financing Commercial Litigation,September 21, 2010Security and Terrorism Risk, Client Seminar, Holland & Knight, October 2007Seaworthiness Under U.S. Law and Securing Your Claim in the U.S. - Rule B Attachment, JointSeminar: Norton Rose and Holland & Knight, Piraeus, Greece, May 11, 2006

Memberships

Maritime Law Association New York City Bar Association Admiralty Committee, 2005-2009Women's International Shipping & Trading Association (WISTA)

Education

Fordham University School of Law, J.D.University of Leeds (England), B.A., English Literature and History, with honors

Bar Admissions

New York

Court Admissions

U.S. Court of Appeals for the Second CircuitU.S. District Court for the Southern District of New YorkU.S. District Court for the Eastern District of New YorkAll State Courts in New York

The lawyers resident in all offices, unless otherwise indicated in an individual attorney biography, are not certified by the Texas Board of Legal Specialization. Attorney Advertising. Copyright © 1996–2014 Holland & Knight LLP. All rights reserved.

PERY D. KRINSKY, ESQ.160 BROADWAY, SUITE 603

NEW YORK, NEW YORK 10038TELEPHONE (212) 543-1400

PKRINSKY@KRINSKYPLLC.COM

WWW.KRINSKYPLLC.COM

NYLEGALETHICS.COM

PERY D. KRINSKY is the principal of KRINSKY, PLLC, where he focuses his practiceon ethics-based defense litigation. Before forming his own law firm, Mr. Krinskywas associated with the law firm of LaRossa & Ross, and then the Law Offices OfMichael S. Ross.

MR. KRINSKY’S ethics-based defense litigation practice focuses on:

• Federal & State Attorney/Judicial Ethics Matters, including: representingattorneys and law firms under investigation by disciplinary authorities andother government agencies; providing guidance to lawyers concerning theday-to-day practice of law; representing disbarred and suspended attorneysseeking reinstatement; advising and representing members of the New YorkState Judiciary in matters before the New York State Commission on JudicialConduct; and assisting law school graduates in the admissions process.

• Federal & State Criminal Defense Matters, including: defending clientsagainst law-enforcement actions such as claims of securities fraud, antitrust,investment advisory fraud, health care fraud, tax issues, money laundering,RICO, and narcotics trafficking, among others; helping conduct internalinvestigations; addressing compliance issues; and responding to regulatoryinquiries.

• Art Law Ethics & Litigation Matters, including: allegations of businessfraud; art-related disputes; fraudulent transactions; provenance andauthenticity; fraudulent inducement to sell; and sales tax evasion.

MR. KRINSKY is a frequent lecturer on topics involving ethics in litigation, personaland professional responsibility and academic integrity, including at: the N.Y. StateJudicial Institute; the Appellate Divisions, First and Second Judicial Departments;the N.Y. State Bar Association; the N.Y. City Bar; the N.Y. County Lawyers’Association; the N.Y. State Academy of Trial Lawyers; the N.Y. State Trial LawyersAssociation; the Practicing Law Institute; the Bay Ridge Lawyers Association; theQueens County Bar Association; Sotheby’s Institute of Art; and law schools such asBrooklyn Law School, Columbia Law School and Fordham Law School.

MR. KRINSKY serves as the Chair of the Ethics Committee of the Entertainment, Arts& Sports Law Section of the N.Y. State Bar Association; and the Chair of theCommittee on Professional Discipline of the N.Y. County Lawyers’ Association. Mr. Krinsky serves on the Board of Advisors of the N.Y. County Lawyers’Association Institute of Legal Ethics; and is also a Member of: the Brooklyn BarAssociation; the N.Y. State Bar Association’s Committee on AttorneyProfessionalism; the N.Y. City Bar Association’s Professional ResponsibilityCommittee; and the N.Y. County Lawyers’ Committee on Professional Ethics.

STROOCK

JOEL COHENOF COUNSEL, NEW YORK

Contact Information

Tel: (212) 806-5644 Fax: (212) 806-2644 jcohen@stroock.com

Practice Group

Litigation

Government Relations

Education

LL.M., New York University School of Law, 1969; Concentration in Tax

J.D., New York University School of Law, 1967

A.B., Brooklyn College of City University of New York, 1965

Joel Cohen, an experienced white-collar criminal lawyer, joined the Stroock firm in 1985 after ten years as a prosecutor, first with the New York State Special Prosecutor’s Office and, second, as an Assistant Attorney-in-Charge with the U.S. Justice Department’s Organized Crime & Racketeering Section (E.D.N.Y.). In those positions, he concentrated in the investigation, prosecution and trial of organized crime figures and corruption cases involving high-ranking public officials in New York, including the top leadership of the Colombo crime family, many members of the elite narcotics division of the New York Police Department, and the first ever prosecution of a sitting FBI agent.

Since arriving at Stroock, Joel has represented and actively counseled individuals and corporations that have been investigated and/or prosecuted for alleged federal racketeering, securities violations, tax evasion, bribery, fraud, corruption, obstruction of justice, money laundering, environmental offenses, and customs violations involving alleged international frauds. He has also represented attorneys on ethical issues and in disciplinary proceedings in a number of jurisdictions in the New York area.

His representations, described here without names because of the sensitivity of most of his matters, have included:

• Attorneys. Mr. Cohen has represented attorneys under inquiry and investigation, both in criminal and in disciplinary proceedings, involving alleged contemptuous behavior, HUD fraud, bank fraud, estate fraud, false advertising, tax violations, racketeering, and insolvency proceedings.

• Public Officials. Mr. Cohen has represented high-ranking public officials in federal, state and municipal government, as well as judges and judicial assistants who were investigated, prosecuted or required to give testimony in various proceedings. Key representations include the then second highest elected New York State public official, a key member of the New York City Mayor’s cabinet, and a high-ranking figure in New York’s Democratic Party who was prosecuted for federal racketeering charges.

• Securities Offenses. Mr. Cohen has represented individuals regarding federal and state securities and commodities offenses, including, recently, a highly publicized federal securities criminal complaint in which there was a full dismissal of the criminal charge, and in another case, the successful withdrawal of an SEC Wells Notice in Illinois.

S T R O O C K J O E L C O H E N

• Internal Investigations. Mr. Cohen has conducted internal investigations on behalf of corporations, municipal unions and law firms. Such representations have resulted in exonerations as to wrongdoing on behalf of the entity clients, and successful referrals to criminal authorities on behalf of the corporate entity clients of the individuals whose conduct was under scrutiny.

• Media. Mr. Cohen represented a substantial print media enterprise that was charged criminally, and its individual owners, who had been under investigation, for conduct relating to false advertising. The representation of the enterprise involved grand jury subpoenas implicating a variety of First Amendment issues, including access to sealed court proceedings.

• Charitable Organizations. Mr. Cohen successfully represented one of the largest, worldwide communal organizations in an investigation by the New York State Attorney General’s Office for alleged violations of its charitable status under New York law. He has also represented charitable institutions in connection with Attorney General approvals.

• Insurance Industry. Mr. Cohen has represented significant insurance companies, agencies, brokerages, and adjusters involving federal and state criminal charges and investigation relating to improper fee payments, overcharges, false SEC filings, kickbacks and false financial reporting.

• Health Care. Mr. Cohen successfully represented a large hospital involving alleged fraud in a municipal contract, as well as other private hospitals in connection with regulatory and criminal inquiries. Mr. Cohen has also represented a leading health care provider and pharmacists in investigations by state and federal authorities, including alleged Medicaid/Medicare fraud violations.

• Taxes. Mr. Cohen has represented accounting firms and professionals under investigation for criminal violations, including tax shelters and the facilitation of money laundering. He also represented a number of individuals charged with federal and state tax violations.

• Forfeiture Proceedings. Mr. Cohen has represented individuals whose funds were the subject of civil seizure orders and criminal forfeiture proceedings as a result of alleged illegal conduct in New York and Florida.

• Environmental Violations. Mr. Cohen has successfully represented a number of individuals and corporations, including one development in a lengthy federal court proceeding spanning more than a decade, which alleged violations of the Endangered Species Act and its New York State counterpart.

• Customs Violations. Mr. Cohen has represented both public and private corporations criminally charged with large conspiracies to violate federal customs statutes in New York and Florida.

• Government Contracts. Mr. Cohen has represented both public and private corporations charged with government contract fraud involving various types of military procurement in New York, California and Pennsylvania.

• Sports, Gaming and Entertainment Industry. Mr. Cohen represented a key sports trade group criminally charged with federal gaming violations in Louisville, Kentucky. He has also represented a significant casino entity in a grand jury investigation by the New York County District Attorney’s Office, as well as a number of New York nightclubs and owners in connection with state grand jury and SLA proceedings.

• Business Consulting. Mr. Cohen represents a number of business consulting entities with respect to grand jury investigations and subpoenas on an ongoing basis in various jurisdictions around the country.

• Real Estate Industry. Mr. Cohen has represented significant New York builders and real estate management companies in internal investigations, as well as relating to federal and state grand jury subpoenas and criminal investigations of improper business practices.

• Banking. Mr. Cohen has represented a number of domestic banks in New York and two Swiss banks (New York and Florida), as well as banking officials in connection with grand jury investigations of alleged money laundering.

Memberships

• Member, Federal Bar Council

Selected Activities

• Member, New York State Commission on Judicial Conduct, 2010-present

• Adjunct Professor of Law, Fordham University School of Law, Professional Responsibility, 2005 – present

• Adjunct Professor of Law, Brooklyn Law School, Professional Responsibility, 2002-2006

Speeches and Events

Mr. Cohen has participated as a lecturer, moderator and panelist in many legal symposiums and seminars. Since 2000, they have included:

• Moderator, “Ethical Considerations in Setting Attorney Fees,” New York State Bar Association, General Practice Section & Committee on Professional Discipline Annual Meeting, New York, NY, January 24, 2012

• Breakfast Forum: Meet Cyrus R. Vance, Stroock Event, January 18, 2012

• Speaker, “Pre-Trial Issues,” CLE Program, New York County Lawyers’ Association’s Federal Criminal Trial Practice Institute, October 13-15, 2011

• Moderator, “The Ethical and Practical Challenges of Representing a Controversial Client,” The Federal Bar Council, Brooklyn, NY, June 29, 2011

• Speaker, “Tackling Ethical Issues Arising in Federal Criminal Cases,” CLE Program, New York County Lawyers’ Association, June 16, 2011

• Speaker, “Public Corruption: Are Politicians More Vulnerable Today?” Stroock Event, June 14, 2011

• Speaker, ““Current Issues in Auditor Litigation,” NYSSCPA, May 9, 2011

• Speaker, “Practice Where Lawyers Represent Multiple Clients,” CLE Program, CFTC, February 25, 2011

• Moderator, “Legal Ethics Through A Religious Lens: The Practitioner’s Viewpoint,” Stroock Event, New York, NY, January 31, 2011

• Moderator, “Committee on Professional Discipline and Committee on Procedures,” NYSBA Annual Meeting 2011, New York, NY, January 24-29, 2011

• Panelist, “Criminal Law, Procedure and Evidence Seminar, CLE Program, Brooklyn Law School, December 4, 2010

• Moderator, “Is Criminal Lawyering About Truth?” New York County Lawyers’ Association, October 25, 2010

• Moderator, “Truth Be Veiled Book Signing and Interactive Discussion,” Stroock Event, New York, NY, August 10, 2010

• Moderator, “Confidentiality Obligations: When Can/Must Rabbis, Lawyers and Doctors Blow the Whistle?” The Institute of American and Talmudic Law CLE Program, New York, NY, May 13, 2010

• Moderator, “Corporate Internal Investigations: Ethical Considerations,” Bloomberg Corporate Internal Investigations: Ethical Considerations Seminar, New York, NY, March 11, 2010

• Moderator, “An Evening on Legal, Medical and Jewish Ethics,” United Jewish Appeal-Federation of New York, Lawyers Division, Healthcare Division, and Emerging Leaders and Philanthropists, New York, NY, February 4, 2010

• Moderator, “The Lawyer-Media Relationship: Confronting the Ethical Issues,” New York State Bar Association Committee on Professional Discipline, New York, NY, January 27, 2010

• Panelist, “Criminal Law, Procedure and Evidence Seminar,” CLE Program, Brooklyn Law School, December 5, 2009

• Speaker, “Pay to Play: One Strike and You’re Out?”? Major, Lindsey & Africa, November 19, 2009

• Panelist, “You Be the Legal Ethicist,” FBC Fall Bench & Bar Retreat, CLE Program, October 25, 2009

• Moderator, “The Undiscovered Country: Views of Insurance Regulation for the 2009 Economy,” Stroock Event, New York, NY, April 29, 2009

• Speaker, “Emails are Dangerous: Why We All Should Stop Saying Stupid Things in Email,” Stroock Event, New York, NY, January 15, 2009

• Panelist, “Legal Strategies and Best Practices in ‘High-Stakes’ Cases,” Managing Complex Litigation 2008, Practising Law Institute, New York, NY, November 11, 2008

• Speaker, “The Dangers of E-Mails,” CLE Program, Stroock Event, October 29, 2008

• Moderator, “The Ethics of Truth: Do Lawyers Need to Believe in Their Case?” CLE Program, The Institute of American & Talmudic Law, July 31, 2008

• Speaker, “The Credit Crisis: How to Fend Against the Investigation/Litigation Onslaught,” Stroock and Ernst & Young Event, New York, NY, June 25, 2008

• Speaker, The Conference on Legal Ethics, The Institute of American & Talmudic Law, May 14, 2008

• Speaker, “The Qualcomm Decision: Today’s Road Map to Ethical and Discovery Obligations,” CLE Program, Stroock Event, March 19, 2008

• Speaker, “The Lawyer’s Formidable Duty of Confidentiality,” CLE Program, Stroock Event, June 6 and June 14, 2007

• Panelist, SIFMA-CL Annual Seminar, Phoenix, Arizona, March 25-28, 2007

• Panelist, “Fee Disputes With Clients,” Practising Law Institute, New York, NY, 2006

• Panelist, “Duty of Zealousness,” State of New York, The Mental Hygiene Legal Service, First and Second Departments’ CLE, White Plains, NY, 2006

• Panelist, “‘Renaissance’ Litigators: Criminal Advocates in Civil Cases,” The Association of the Bar of the City of New York, New York, NY, September 27, 2006

• Panelist, “Ethics for Litigators,” CLE Program, Association of the Bar of the City of New York, New York, NY, June 14, 2005

• Panelist, “Navigating the Privilege in the Choppy Waters of Government Investigations,” Federal Bar Council’s Winter Bench and Bar Conference, Kona, HI, February 5, 2005

• Panelist, “A Lawyer’s Conundrum - What To Do With Inadvertently Disclosed Information?” New York State Bar Association, New York, NY, January 26, 2005

• Panelist, “The Ethics and Practice of Plea Bargaining and Cooperation in Federal and State Courts,” Hispanic National Bar Association Convention CLE Program, October 12, 2004

• Guest, “Celebrity Jurors,” Lawline Show, May 12, 2004

Publications

Since 1987, Mr. Cohen has authored over 200 articles published in legal periodicals, primarily the New York Law Journal and The National Law Journal. Selected articles since 2003 include:

• “Christie, Public Officials and Emailing,” Huffington Post, January 14, 2014

• “When Lawyers Instigate Their Clients,” Law.com, December 13, 2013

• Co-author, “The ‘Ethic’ of Getting Up to Speed ‘Technologically,’” New York Law Journal, December 10, 2013

• ““Anchoring” & Criminal Sentencing,” Law.com, November 11, 2013

• “The Culture Of Changing Sides,” Law.com, October 18, 2013

• “Police Versus Prosecutors: The Motorcycle Mayhem,” HuffingtonPost.com, October 8, 2013

• “May Prosecutors Bar Note Taking of Witness Interviews?” New York Law Journal, October 8, 2013

• “Can a Corporation Survive a Trial Conviction?” Law.com, September 16, 2013

• Co-author, “When a Client Post-Trial Says: ‘I Perjured Myself,’” New York Law Journal, August 13, 2013

• “Criminal Attorney and Client: Who Calls the Shots?” New York Law Journal, June 20, 2013

• “‘Chilling’ the Press: How Will It Turn Out?” Huffington Post, June 11, 2013

• “Why Doesn’t the Public Get the Fifth Amendment?” Huffington Post, June 5, 2013

• “Do We Want Robots in the Jury Box?” Huffington Post, May 9, 2013

• “Would a Prosecutor’s Manual Help?” New York Law Journal, April 9, 2013

• “Blurring the Statute of Limitations,” Law.com, March 4. 2013

• “When Prosecutors Take Liberties With the First Amendment,” New York Law Journal, February 14, 2013

• “‘Apology’ as a Legal Strategy,” Law.com, January 14, 2013

• “Judging Judges: When Appearance Matters,” HuffingtonPost.com, January 4, 2013

• "”Remorse’ for Crime: Must It Be Sincere?” HuffingtonPost.com, December 19, 2012

• Co-author, “Attorney-Client Privilege: When the Client Dies,” New York Law Journal, December 11, 2012

• “Ceglia v Mark Zuckerberg: May A Civil Litigator Accept His Client’s "Truth?” HuffingtonPost.com, November 9, 2012

• “The Presidential Debates: Judges Shouldn’t Be Swayed By Opinion Polls,” HuffintonPost.com, October 9, 2012

• “The Independent Magistrate,” Law.com, September 24, 2012

• “Character Testimony: What if Mother Teresa Pulled a ‘Bank Job’?” Law.com, August 14, 2012

• “When Lawyers Investigate Jurors (Electronically),” New York Law Journal, August 14, 2012

• “’Soliciting’ a Corporation’s Former Employees; ETHICS AND CRIMINAL PRACTICE,” New York Law Journal, June 11, 2012

• “Charging George Zimmerman: Why Bypass the Grand Jury?” The Huffington Post, April 24, 2012

• Co-author, “When Lawyers Get Summoned to Jury Duty,” Law.com, April 16, 2012

• “When a Client Slips Between the Cracks,” Law.com, March 19, 2012

• “The Ethics Of Denouncing The Bench,” New York Law Journal, February 13, 2012

• “Is Payment For “Bone Marrow” a Slippery Slope?” Huffington Post, February 24, 2012

• Co-author, “Pardoning Criminals -- Appropriate Mercy or Perverting Justice?” Huffington Post, January 18, 2012

• “Will the Bar Stand Up to Gingrich’s Tirade Against Judges?” Law.com, January 9, 2012

• “Trial by Journalistic ‘Opinion,’” Huffington Post, December 25, 2011

• “‘Sandbagging’ & Guilty Plea Offers,” New York Law Journal, December 13, 2011

• Co-author, “The Illegality of Advocating for Jury Nullification,” Law.com, December 12, 2011

• Co-author, “Is Jerry Sandusky Also a Victim?” Huffington Post, November 23, 2011

• “Handing Up the Client in Self Defense,” Law. Com, November 14, 2011

• Co-author, “‘See No Evil, Hear No Evil’”: Joe Paterno, Kitty Genovese, and the Crime of Silence,” Huffington Post, November 10, 2011

• “The Politically-Minded Prosecution,” Huffington Post, October 28, 2011

• “When Victim Lawyering Gets Aggressive,” New York Law Journal, October 13, 2011

• “The Lawyer as Confidante,” Law.com, October 10, 2011

• “‘Answerability’ Advocacy For the Trial-Convicted Defendant,” New York Law Journal, June 8, 2010

• Co-author, “Fairness, Empathy and the ‘Interfering’ Judge,” Law.com, June 7, 2010

• Co-author, “When Judges Google,” Law.com, May 3, 2010

• “When Lawyers Admit ‘Ineffectiveness,’” New York Law Journal, April 13, 2010

• Co-author, “The Second Circuit Ruling on Attorney Advertising: What Are the Current Do’s and Don’ts?” Bloomberg Law Reports, April 12, 2010

• Co-author, “The Ethics of Making Credibility Judgments,” Law.com, April 5, 2010

• Co-author, “The Politicization of ‘Miranda,’” Law.com, March 1, 2010

• “A Lawyer of One’s Own: The Importance of Counsel Without Conflict,” Bloomberg Law Reports – Risk & Compliance, Vol. 3, No. 2

• Co-author, “Roman Polanski and Ex Parte Abuse,” New York Law Journal, February 9, 2010

• Co-author, “When a Lawyer Knows of Reasonably Certain Death,” Law.com, February 1, 2010

• Co-author, “A New Year’s Resolution for Lawyers,” Law.com, January 4, 2010

• “Kwame Kilpatrick—And His Lawyer(s),” New York Law Journal, December 30, 2009

• Co-author, “When Clients Waive Privilege,” Law.com, November 30, 2009

• Co-author, “Commentary: Celebrity Extortion and the Press,” Law.com, November 2, 2009

• Co-author, “The Propriety of Criticizing Judges,” Law.com, October 5, 2009

• Co-author, “The ‘Brady Dump’: Problems With ‘Open File’ Discovery,” New York Law Journal, September 4, 2009

• Co-author, “Silly, Baseless Lawsuits,” Law.com, August 24, 2009

• Co-author, “Should Blagojevich’s Jury Be Anonymous?” Law.com, July 27, 2009

• Co-author, “Should Twittering Jurors Know Better?” Law.com, June 22, 2009

• Co-author, “Asking for Trouble: When Lawyers Lie to Judges,” New York Law Journal, June 1, 2009

• Co-author, “Don’t Hold Lawyers Criminally Liable for National Security Decisions,” New Jersey Law Journal, May 18, 2009

• Co-author, “Particularly in Tough Times, Civility Among Lawyers Can Go a Long Way,” Daily Journal Newswire, May 1, 2009

• “Withdrawing Quietly From Representation,” New York Law Journal, April 17, 2009

• Co-author, “Still Scheming,” Legal Times, March 23, 2009

• Co-author, “President Obama, Congress Put Wall Street on Notice: Regulators Are Coming,” U.S. News and World Report, February 24, 2009

• “Anticipating the Regulators: Obama and Congress Give Regulators Their Marching Orders,” Stroock Special Bulletin, February 24, 2009

• “The Madoff Bail Flap: Commentators, Get it Right,” The National Law Journal, February 2, 2009

• “When ‘Zealousness’ Collides With Reputation for Honesty, Integrity,” New York Law Journal, January 16, 2009

• Co-author, “Needed Now: Campaign Finance Reform,” Albany Times Union, December 26, 2008

• “Issues Arising from the Bernard L. Madoff Investment Securities Matter,” Stroock Special Bulletin, December 17, 2008

• Co-author, “Can You Disclose Your Grand Jury Subpoena? It’s a Balancing Test,” New York Law Journal, December 15, 2008

• “When a Prosecutor Doubts the Defendant’s Guilt,” New York Law Journal, November 17, 2008

• Co-author, “Stand up, Say Who You Are,” The National Law Journal, November 3, 2008

• “Update on New York State Insurance Department Broker Compensation Hearings,” Stroock Special Bulletin, August 18, 2008

• Co-author, “Can You Notarize This? Taking the Notary Job Seriously,” New York Law Journal, July 18, 2008

• Co-author, “Critics Are Mistaken,” The National Law Journal, June 2, 2008

• “Can We Simply Drink the Kool-Aid?” New York Law Journal, April 24, 2008

• Co-author, “Gauging ‘Ineffective Assistance of Counsel,’” New York Law Journal, January 9, 2008

• “The Mitchell Report, Why a Public Outing?” The National Law Journal, January 28, 2008

• Co-author, “The Stinger Missile Sting,” Slate Magazine, December 12, 2007

• “‘Scopes’: Subpoenaed by Your Adversary,” New York Law Journal, September 14, 2007

• “Blame the Lawyer,” New York Law Journal, August 21, 2007

• Co-author, “Challenges to Justice,” The National Law Journal, June 18, 2007

• “When a Lawyer Gives Moral Advice,” New York Law Journal, June 11, 2007

• “Must You Believe Your Client’s Testimony?” New York Law Journal, April 5, 2007

• Co-author, “No Gatekeeper of Justice,” The National Law Journal, February 15, 2007

• “Wearisome Adversaries,” New York Law Journal, January 31, 2007

• Co-author, “Judicial Disqualification: Hussein Trial Lessons,” The National Law Journal, November 10, 2006

• “How to Work With a Private Eye,” New York Family Law Monthly, October 2006

• “A View From the Trenches,” New York Law Journal Magazine, September 2006

• “Working With A Private Eye,” New York Law Journal, August 7, 2006

• “Self-Help: When Client Uses Claim of Right Recovery,” New York Law Journal, June 28, 2006

• “Polishing a Cooperator’s ‘Truthfulness,’” New York Law Journal, February 23, 2006

• “It’s ‘Off the Record,’” New York Law Journal, January 11, 2006

• “When Trial Judges Second-Guess Lawyers,” New York Law Journal, October 20, 2005

• “The Duty of Zealousness,” New York Law Journal, June 20, 2005

• “Representing The Innocent Client,” New York Law Journal, June 9, 2005

• “Ethics Rules and Legal Fees,” New York Law Journal, March 7, 2005

• “The Wisdom of Jailing Reporters,” New York Law Journal, November 3, 2004

• “Memorializing Client Conversations,” New York Law Journal, October 4, 2004

• “Clamming Up - for Safety,” The National Law Journal, September 13, 2004

• Co-Author, “Buying Victim Silence,” New York Law Journal, July 28, 2004

• “Celebrity Jurors,” New York Law Journal, April 7, 2004

• Co-Author, “Explaining Eliot Spitzer: The New York State Attorney General Understands How to Use Power,” Barron’s, March 22, 2004

• Co-Author, “Prosecutors Tell Lies, Too,” New York Law Journal, March 22, 2004

• “Gaining the Client’s Truth,” New York Law Journal, March 1, 2004

• Co-Author, “Acceptance of Responsibility,” New York Law Journal, December 5, 2003

• “U.S. v. Lemrick Nelson and the Issue of Innocence,” New York Law Journal, September 29, 2003

• Co-Author, “Dealing with the Whistleblower/Informer,” New York Law Journal, July 30, 2003

• Co-Author, “Lawyers and P.R. People: The Spin, Confidentially,” The National Law Journal, July 21, 2003

• “Second Bite at the Apple: Successive and Concurrent Prosecutions,” New York Law Journal, May 12, 2003

• Co-Author, “E-Mailing Clients Is Under Increasing Scrutiny,” New York Law Journal, February 25, 2003

He has recently authored with Carla Main, Truth Be Veiled: A Justin Steele Murder Case (Coffeetown Press, 2010), a novel which deals with the ethical duties of an attorney relating to truth.

While not relating to his law practice, Mr. Cohen has also authored four books dealing with religion:

• Gehinnom, available gratis at joelcohen@gehinnom.com, 2011

• David and Bathsheba: Through Nathan’s Eyes, Paulist Press, 2007

• Moses and Jesus: A Conversation, Dorrance Publishing Co. Inc., 2006

• Moses: A Memoir, Paulist Press, 2003

He has also conducted six mock trials under New York law of biblical figures relating to these books.

Admitted to Practice

New York, 1968; U.S. Tax Court, 1969; U.S. District Court for the Southern and Eastern Districts of New York, 1972; U.S. Supreme Court, 1973; U.S. Court of Appeals, Second Circuit, 1973; U.S. Court of Appeals, First Circuit, 1986; Pro hac vice in a number of federal districts

STROOCK

MONICA HANNA ASSOCIATE, NEW YORK

Contact Information

Tel: (212) 806-6280 Fax: (212) 806-9280 mhanna@stroock.com

Practice Group

Litigation

Education

J.D., Emory University School of Law, 2009

B.A., summa cum laude, Rutgers, The State University of New Jersey, 2006

Monica Hanna has litigation experience at the trial and appellate levels, as well as in arbitration and mediation forums. Her practice includes an emphasis on real property disputes and federal judgment enforcement actions.

Ms. Hanna is a native Arabic speaker.

Publications

• Co-author, “Discovering Secrets: Trends in U.S. Courts’ Deference to International Blocking Statutes and Banking Secrecy Laws,” Banking Law Journal, September 2013

• Contributor, “Chapter 33: Practice Before the Commercial Division, Commercial Litigation in New York State Courts,” West’s New York Practice Series, 2012, 2013, and forthcoming 2014

• Contributor, The Constitutional Future of Race-Neutral Efforts to Achieve Diversity and Avoid Racial Isolation in Elementary and Secondary Schools, 50 B.C. L. REV. 277, 2009

Admissions

New York, 2010; New Jersey, 2009; U.S. District Court, Southern District of New York, 2010; U.S. District Court, Eastern District of New York, 2010; U.S. Court of Appeals, Second Circuit, 2011

New York Gov. Andrew Cuomo entered office promising unprecedented transparency, but his aides’ use of email offers quite adifferent picture

by ProPublica, May 5, 2014, 9:53 a.m.

Justin Elliott

New York Gov. Andrew Cuomo with adviser Howard Glaser, director of state operations. (AP/MikeGroll)

Adopting a tactic that has been used by officials ranging from to ofNew Jersey Gov. Chris Christie, aides to New York Gov. Andrew Cuomo are sendingemails from private accounts to conduct official business.

Sarah Palin staffers

I know because I got one myself. And three other people who interact with thegovernor's office on policy or media matters told me they have too. None of the otherswanted to be named.

The tactic appears to be another item in the toolbox of an administration that, despiteCuomo's early of unprecedented transparency, has become an

with . Emailing from private accounts can help officials hidecommunications and discussions that are supposed to be available to the public.

vows known forobsession secrecy

“Government business should never be conducted through private email accounts. Notonly does it make it difficult to retrieve what is a government record, but it just invitesthe suspicion that a government employee is attempting to evade accountability bysupervisors and the public,” said Christopher Dunn of the New York Civil LibertiesUnion, a frequent requester of records under the state’s Freedom of Information Law.

Emailing from private accounts also may violate state policy. State employees are not to“use a personal email account to conduct State business unless explicitly authorized,”according to bearing the governor's name published by the Office of InformationTechnology Services.

a policy

The Cuomo administration declined to comment on whether any employees areauthorized to use private accounts.

Back when he was running for governor, Cuomo , “We must use technology topledged

After Pledge of Sunlight, Gov. Cuomo Officials Keep Their Email in the ... http://www.propublica.org/article/cuomo-officials-keep-email-in-private...

1 of 4 5/7/2014 6:50 PM

bring more sunlight to the operation of government.”

The governor himself uses a BlackBerry messaging system that does not save messagesto communicate with aides, the Daily News in 2012. Under the Freedom ofInformation Law, those records would typically not have to be released because there isan for internal deliberative material.

reported

exemption

But emails with anyone outside of the administration – such as lobbyists, companyexecutives, or reporters – usually have to be made public upon request. It is for thosecommunications, with people outside the administration, that private email accountshave been used.

Last year, I was poking around on a possible story and filed some public records requeststhat sought emails from Director of State Operations , a top Cuomoadviser. One day in October, just hours after filing a request with the governor's office,an in my inbox from Glaser himself.

Howard Glaser

email appeared

The email, inquiring what I was working on, was sent from a @glasergroup.net addressrather than a government account. The note had a signature line about not using theemail address for official business (even though it appeared to be doing just that). Myinterest was piqued.

So I filed a request under the state's Freedom of Information Law, asking for all recordssent to and from Glaser's private account. It is not if an email is sentfrom an official account or a private one: If it to government business, ittypically has to be released.

supposed to matterpertains

A couple of months later, the Cuomo administration responded with a terse :“Please be advised that the New York State Executive Chamber has conducted a diligentsearch, but does not possess records responsive to your request.”

denial

I , noting that I had in my possession a record responsive to the request –Glaser's email to me – and included it as an attachment.

appealed

The administration upheld its original denial, now citing a retention issue.

“[T]he fact that this record is in your possession does not mean that the Chamber failedto produce a responsive record in its possession. Emails and certain othercorrespondence are not required to be preserved indefinitely,” the March said.letter

When I asked about the email this month, Cuomo spokesman Rich Azzopardi took adifferent tack, now disputing that Glaser was emailing me in his official capacity at alland calling the email “informal.”

“It would be inaccurate to characterize Howard’s email as official business – as he noted,your official business was being handled by the FOIL office, not him,” Azzopardi said.

But I have no personal relationship with Glaser, and my Freedom of Information Lawrequests focused only on his activities as a state official. When I recently asked Glaserabout his email practices, he said, “I don't use personal email to conduct officialbusiness.” He would not say how he defines “official business.”

In its letter denying my request for emails from Glaser’s private account, theadministration cited the general retention policy of the State Archives. That policy

that “many email communications are not records and are therefore suitable forimmediate destruction” but also that those emails which are records must be preserved.says

So how does one determine which emails are “records”?

The governor’s office seems to take a particularly narrow view. The governor’s says that emails are only “records” if they are formal documents like press

releases and nominations. Azzopardi, the Cuomo spokesman, said: “Official email is notrequired to be retained unless it meets the definition of a particular kind of record (eg –contract), consistent with the State Archives policy.”

policy

But the Archives, which Cuomo’s office itself cited, takes a more expansive view, even asstate gives the governor leeway to determine which records should be kept.law

2 of 4 5/7/2014 6:50 PM

Quoting the official of records, Archives spokeswoman Antonia Valentine saidan email is a record if it is created “in connection with the transaction of public business(and provides) … evidence of the organization, functions, policies, decisions, procedures,operations, or other activities (of an agency).”

definition

In practice, Glaser seems to be either eschewing his official email account or promptlydeleting messages of substance. When I asked for a 10-day sample of emails fromGlaser's official account, I got back little actual communication: that are largelyfilled with newsletters, press releases, and the occasional terse to set up a phonecall.

147 pagesemail

The use of private accounts can result in even more roadblocks when an official leavesthe government. (Glaser is leaving the administration in June.)reportedly

The issue has come up before.

In 2007, executives from the insurance giant AIG a public records with theOffice of the Attorney General, seeking, among other things, former Attorney GeneralEliot Spitzer's communications with the press from the period when he had theinsurance giant. That request was resisted by Spitzer's successor as attorneygeneral: Andrew Cuomo.

filed request

suedfor years

While Cuomo’s office eventually sent from official accounts, itmaintained that Spitzer's use of a private account put any of those emails beyond itsreach.

released emails

“[T]he reality is that the Office of the Attorney General lacks access to this account andpossession of whatever e-mails it may contain, thus rendering them beyond the scope ofpetitioner's FOIL request both practically and legally,” Cuomo's office said in a 2009

.court filing

A judge the attorney general’s office, which has appealed. Seven years sincethe original request, the case is in the courts and Spitzer's private email account –which he was known in his capacity as a state official – has never been searchedfor records.

ruled againststill

to use

Lawyers for Spitzer joined the case this year, in a March filing that becauseSpitzer is now a former employee and a private citizen, the Freedom of Information Lawdoesn't apply.

arguing

Beyond the governor's office, the state is moving toward an email system thatwould automatically delete emails after 90 days except for those marked by users tosave.

reportedly

It's not clear how that process would work or how the state will ensure that records arenot destroyed. The Office of Information and Technology Services declined to providethe memo describing the new policy, requiring that I file a formal public records requestto get it.

Transparency advocates have criticized 90 days as too short a period because emails mayonly become relevant months later after a scandal or other event.

A on the IT office's website references the possibility in a state email systemfor “recovery of deleted mailbox contents for the length of the retention period” –another capability that would not exist for officials using private accounts.

document

Across the river in New Jersey, private email accounts are at the center of the .

Bridgegatescandal

The infamous “Time for some traffic problems in Fort Lee” was sent from aChristie aide's Yahoo account to another official's Gmail account. That tactic held offpublic access to the email for a time.

In December, the Christie administration claimed it in response to arequest from the Record of Bergen, N.J. The emails became public later, only after theofficials were subpoenaed by the state Assembly.

did not have records

If you have gotten emails from the private account of an official in the governor’s office

3 of 4 5/7/2014 6:50 PM

or other state or city agencies, email me at justin@propublica.org.

Like this story? Sign up for our to get more of our best work.daily newsletter

4 of 4 5/7/2014 6:50 PM

Law Firms Are Pressed on Security for DataBy MATTHEW GOLDSTEIN

March 26, 2014, 7:00 pm

A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount.

Wall Street banks are pressing outside law firms to demonstrate that their computer systems are employing top-tier technologies to detect and deter attacks from hackers bent on getting their hands on corporate secrets either for their own use or sale to others, said people briefed on the matter who spoke on the condition of anonymity. Some financial institutions are asking law firms to fill out lengthy 60-page questionnaires detailing their cybersecurity measures, while others are doing on-site inspections.

Other companies are asking law firms to stop putting files on portable thumb drives, emailing them to nonsecure iPads or working on computers linked to a shared network in countries like China and Russia where hacking is prevalent, said the people briefed on the matter. In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased scrutiny or requesting that firms add insurance coverage for data breaches to their malpractice policies.

“It is forcing the law firms to clean up their acts,” said Daniel B. Garrie, executive managing partner with Law & Forensics, a computer security consulting firm that specializes in working with law firms. “When people say, ‘We won’t pay you money because your security stinks,’ that carries weight.”

of 4Law Firms Are Pressed on Security for Data - NYTimes.com

4/3/2014http://dealbook.nytimes.com/2014/03/26/law-firms-scrutinized-as-hacking-increases/?_php=true&_...

The vulnerability of American law firms to online attacks is a particular concern to law enforcement agencies because the firms are a rich repository of corporate secrets, business strategies and intellectual property. One concern is the potential for hackers to access information about potential corporate deals before they get announced. Law enforcement has long worried that law firms are not doing enough to guard against intrusions by hackers.

In 2011, the Federal Bureau of Investigation began organizing meetings with the managing partners of top law firms in New York and other major American cities to highlight the problem of computer security and corporate espionage, especially for law firms with offices in foreign countries like China and Russia.

Despite those meetings, F.B.I. officials and security experts say, law firms remain a weak link when it comes to online security. But the push from corporate clients may have more impact on changing law firm attitudes than anything else.

“Clients are putting more restrictions on law firms about things to do to protect themselves,” said Mary E. Galligan, an executive in the cyber-risk services division of Deloitte & Touche and the former special agent in charge of cyber and special operations for the New York office of the F.B.I. “It is being driven by victims of hackers, and they don’t want to be victims again. It’s just good business sense.”

When she was with the F.B.I., Ms. Galligan organized the meetings with managing partners of law firms to impress on them the need to better police their computer systems. The first meeting, held in New York in November 2011, was attended by top lawyers from nearly 200 firms. Over the next two years, Ms. Galligan said, she arranged half a dozen smaller meetings with law firm executives around the country. She said it had taken awhile, but she saw law firms being more proactive about computer security in large part because of the demand from clients.

Companies are prodding law firms on security at a time of overall rising concern about hacker attacks like the information breach at Target last year, when the retailer said at least 40 million credit and debit card accounts were compromised. Financial regulators are also requiring banks to make sure that

vendors they rely on, like law firms, are vigilant when it comes to dealing with hackers and other online intruders.

“The public and private sectors must be riveted in lock step in addressing these threats,” Mary Jo White, the chairwoman of the Securities and Exchange Commission, said Wednesday at a round-table discussion on the obligations of public companies to disclose online attacks. The discussion brought together more than two dozen security experts from the federal government and the financial services sector.

Still, spying by governments both at home and abroad and how that could involve a breach of client confidence is also a concern for businesses. In February, The New York Times reported that communications between lawyers at Mayer Brown, a big Chicago-based law firm, and officials with the Indonesian government were intercepted by an Australian intelligence agency that had ties to the National Security Agency, the federal agency that has been under siege for nearly a year because of its domestic spying program. The American Bar Association, with nearly 400,000 members, sent a letter to the N.S.A. to say it was incumbent on the security agency to make sure the principle of attorney-client privilege was protected.

Stuart Pattison, a senior vice president with Endurance Specialty Holdings, an underwriter of professional liability insurance coverage for law firms, said the main concern for the F.B.I. was state-sponsored hackers breaching a law firm computer system to tap into information about what American corporations were doing. He said that a few law firms had recently inquired about obtaining an added level of insurance coverage for data breaches in response to a demand from their corporate clients.

Despite the concern, it’s hard to gauge just how vulnerable law firms are to attacks from hackers. There are few rules requiring firms to make public any breaches, and because the firms have little direct interaction with consumers, there is no need for them to publicly report a hacking incident the way a bank or a retailer would. In 2012, Mandiant, a security consulting firm, put out a report estimating that 80 percent of the 100 largest American law firms had some

malicious computer breach in 2011. Actual reports of confidential information hacked from a law firm computer system and later winding up on some overseas server are rare, however.

Representatives for several large law firms, all of whom declined to discuss the topic publicly, said privately that the threat assessments from the F.B.I. and consulting firms were overstated. The law firm representatives said hacker attacks were usually email “phishing” schemes seeking to access personal information or account passwords, the kind of intrusions that have become commonplace and are easily contained.

But Vincent I. Polley, a lawyer and co-author of recent book for the American Bar Association on cybersecurity, said many law firms were not even aware they had been hacked. He said a lot of law firm managers were in denial about the potential threat.

“A lot of firms have been hacked, and like most entities that are hacked, they don’t know that for some period of time,” said Mr. Polley. “Sometimes, it may not be discovered for a minute or months and even years.”

A version of this article appears in print on 03/27/2014, on page B1 of the NewYork edition with the headline: Law Firms Are Pressed an Security for Data.

LAWYER REVIEWING JURORS’ INTERNET PRESENCE, ABA Formal Op. 14-466...

ABA Formal Op. 14-466 American Bar Association Formal Ethics Opinion 14-466

American Bar Association

LAWYER REVIEWING JURORS’ INTERNET PRESENCE

April 24, 2014

Unless limited by law or court order, a lawyer may review a juror’s or potential juror’s Internet presence, which may include postings by the juror or potential juror in advance of and during a trial, but a lawyer may not communicate directly or through another with a juror or potential juror.

A lawyer may not, either personally or through another, send an access request to a juror’s electronic social media. An access request is a communication to a juror asking the juror for information that the juror has not made public and that would be the type of ex parte communication prohibited by Model Rule 3.5(b).

The fact that a juror or a potential juror may become aware that a lawyer is reviewing his Internet presence when a network setting notifies the juror of such does not constitute a communication from the lawyer in violation of Rule 3.5(b).

In the course of reviewing a juror’s or potential juror’s Internet presence, if a lawyer discovers evidence of juror or potential juror misconduct that is criminal or fraudulent, the lawyer must take reasonable remedial measures including, if necessary, disclosure to the tribunal.

The Committee has been asked whether a lawyer who represents a client in a matter that will be tried to a jury may review the jurors’ or potential jurors’ [FN1] presence on the Internet leading up to and during trial, and, if so, what ethical obligations the lawyer might have regarding information discovered during the review.

Juror Internet Presence

Jurors may and often will have an Internet presence through electronic social media or websites. General public access to such will vary. For example, many blogs, websites, and other electronic media are readily accessible by anyone who chooses to access them through the Internet. We will refer to these publicly accessible Internet media as “websites.” For the purposes of this opinion, Internet-based social media sites that readily allow account-owner restrictions on access will be referred to as ““electronic social media” or “ESM.” Examples of commonly used ESM at the time of this opinion include Facebook, MySpace, LinkedIn, and Twitter. Reference to a request to obtain access to another’s ESM will be denoted as an “access request,” and a person who creates and maintains ESM will be denoted as a ““subscriber.” Depending on the privacy settings chosen by the ESM subscriber, some information posted on ESM sites might be available to the general public, making it similar to a website, while other information is available only to a fellow subscriber of a shared ESM service, or in some cases only to those whom the subscriber has granted access. Privacy settings allow the ESM subscriber to establish different degrees of protection for different categories of information, each of which can require specific permission to access. In general, a person who wishes to obtain access to these protected pages must send a request to the ESM subscriber asking for permission to do so. Access depends on the willingness of the subscriber to grant permission. [FN2] This opinion addresses three levels of lawyer review of juror Internet presence:

1. passive lawyer review of a juror’s website or ESM that is available without making an access request where the juror is unaware that a website or ESM has been reviewed;

2. active lawyer review where the lawyer requests access to the juror’s ESM; and

3. passive lawyer review where the juror becomes aware through a website or ESM feature of the identity of the viewer;

Trial Management and Jury Instructions

There is a strong public interest in identifying jurors who might be tainted by improper bias or prejudice. There is a related and equally strong public policy in preventing jurors from being approached ex parte by the parties to the case or their agents. Lawyers need to know where the line should be drawn between properly investigating jurors and improperly communicating with them. [FN3] In today’s Internet-saturated world, the line is increasingly blurred. For this reason, we strongly encourage judges and lawyers to discuss the court’s expectations concerning lawyers reviewing juror presence on the Internet. A court order, whether in the form of a local rule, a standing order, or a case management order in a particular matter, will, in addition to the applicable Rules of Professional Conduct, govern the conduct of counsel. Equally important, judges should consider advising jurors during the orientation process that their backgrounds will be of interest to the litigants and that the lawyers in the case may investigate their backgrounds, including review of their ESM and websites. [FN4] If a judge believes it to be necessary, under the circumstances of a particular matter, to limit lawyers’ review of juror websites and ESM, including on ESM networks where it is possible or likely that the jurors will be notified that their ESM is being viewed, the judge should formally instruct the lawyers in the case concerning the court’s expectations.

Reviewing Juror Internet Presence

If there is no court order governing lawyers reviewing juror Internet presence, we look to the ABA Model Rules of Professional Conduct for relevant strictures and prohibitions. Model Rule 3.5 addresses communications with jurors before, during, and after trial, stating: A lawyer shall not:

(a) seek to influence a judge, juror, prospective juror or other official by means prohibited by law;

(b) communicate ex parte with such a person during the proceeding unless authorized to do so by law or court order;

(c) communicate with a juror or prospective juror after discharge of the jury if:

(1) the communication is prohibited by law or court order;

(2) the juror has made known to the lawyer a desire not to communicate; or

(3) the communication involves misrepresentation, coercion, duress or harassment . . . Under Model Rule 3.5(b), a lawyer may not communicate with a potential juror leading up to trial or any juror during trial unless authorized by law or court order. See, e.g., In re Holman, 286 S.E.2d 148 (S.C. 1982) (communicating with member of jury selected for trial of lawyer’s client was “serious crime” warranting disbarment). A lawyer may not do through the acts of another what the lawyer is prohibited from doing directly. Model Rule 8.4(a). See also In re Myers, 584 S.E.2d 357 (S.C. 2003) (improper for prosecutor to have a lay member of his ““jury selection team” phone venire member’s home); cf. S.C. Ethics Op. 93-27 (1993) (lawyer “cannot avoid the proscription of the rule by using agents to communicate improperly” with prospective jurors).

Passive review of a juror’s website or ESM, that is available without making an access request, and of which the juror is unaware, does not violate Rule 3.5(b). In the world outside of the Internet, a lawyer or another, acting on the lawyer’s behalf, would not be engaging in an improper ex parte contact with a prospective juror by driving down the street where the prospective juror lives to observe the environs in order to glean publicly available information that could inform the lawyer’s jury-selection decisions. The mere act of observing that which is open to the public would not constitute a communicative act that violates Rule 3.5(b). [FN5] It is the view of the Committee that a lawyer may not personally, or through another, send an access request to a juror. An access request is an active review of the juror’s electronic social media by the lawyer and is a communication to a juror asking the juror for information that the juror has not made public. This would be the type of ex parte communication prohibited by Model Rule 3.5(b). [FN6] This would be akin to driving down the juror’s street, stopping the car, getting out, and asking the juror for permission to look inside the juror’s house because the lawyer cannot see enough when just driving past. Some ESM networks have a feature that allows the juror to identify fellow members of the same ESM network who have passively viewed the juror’s ESM. The details of how this is accomplished will vary from network to network, but the key feature that is relevant to this opinion is that the juror-subscriber is able to determine not only that his ESM is being viewed, but also the identity of the viewer. This capability may be beyond the control of the reviewer because the notice to the subscriber is generated by the ESM network and is based on the identity profile of the subscriber who is a fellow member of the same ESM network. Two recent ethics opinions have addressed this issue. The Association of the Bar of the City of New York Committee on Professional Ethics, in Formal Opinion 2012-2, [FN7] concluded that a network-generated notice to the juror that the lawyer has reviewed the juror’s social media was a communication from the lawyer to a juror, albeit an indirect one generated by the ESM network. Citing the definition of “communication” from Black’s Law Dictionary (9th ed.) and other authority, the opinion concluded that the message identifying the ESM viewer was a communication because it entailed “the process of bringing an idea, information or knowledge to another’s perception--including the fact that they have been researched.” While the ABCNY Committee found that the communication would “constitute a prohibited communication if the attorney was aware that her actions” would send such a notice, the Committee took “no position on whether an inadvertent communication would be a violation of the Rules.” The New York County Lawyers’ Association Committee on Professional Ethics in Formal Opinion 743 agreed with ABCNY’s opinion and went further explaining, “If a juror becomes aware of an attorney’s efforts to see the juror’s profiles on websites, the contact may well consist of an impermissible communication, as it might tend to influence the juror’s conduct with respect to the trial.” [FN8] This Committee concludes that a lawyer who uses a shared ESM platform to passively view juror ESM under these circumstances does not communicate with the juror. The lawyer is not communicating with the juror; the ESM service is communicating with the juror based on a technical feature of the ESM. This is akin to a neighbor’s recognizing a lawyer’s car driving down the juror’s street and telling the juror that the lawyer had been seen driving down the street. Discussion by the trial judge of the likely practice of trial lawyers reviewing juror ESM during the jury orientation process will dispel any juror misperception that a lawyer is acting improperly merely by viewing what the juror has revealed to all others on the same network. While this Committee concludes that ESM-generated notice to a juror that a lawyer has reviewed the juror’s information is not communication from the lawyer to the juror, the Committee does make two additional recommendations to lawyers who decide to review juror social media. First, the Committee suggests that lawyers be aware of these automatic, subscriber-notification features. By accepting the terms of use, the subscriber-notification feature is not secret. As indicated by Rule 1.1, Comment 8, it is important for a lawyer to be current with technology. While many people simply click their agreement to the terms and conditions for use of an ESM network, a lawyer who uses an ESM network in his practice should review the terms and conditions, including privacy features - which change frequently - prior to using such a network. And, as noted above, jurisdictions differ on issues that arise when a lawyer uses social media in his practice. Second, Rule 4.4(a) prohibits lawyers from actions “that have no substantial purpose other than to embarrass, delay, or burden a third person . . .” Lawyers who review juror social media should ensure that their review is purposeful and not crafted to embarrass, delay, or burden the juror or the proceeding.

Discovery of Juror Misconduct

Increasingly, courts are instructing jurors in very explicit terms about the prohibition against using ESM to communicate about their jury service or the pending case and the prohibition against conducting personal research about the matter, including research on the Internet. These warnings come because jurors have discussed trial issues on ESM, solicited access to witnesses and litigants on ESM, not revealed relevant ESM connections during jury selection, and conducted personal research on the trial issues using the Internet. [FN9] In 2009, the Court Administration and Case Management Committee of the Judicial Conference of the United States recommended a model jury instruction that is very specific about juror use of social media, mentioning many of the popular social media by name. [FN10] The recommended instruction states in part:

I know that many of you use cell phones, Blackberries, the internet and other tools of technology. You also must not talk to anyone at any time about this case or use these tools to communicate electronically with anyone about the case . . . You may not communicate with anyone about the case on your cell phone, through e-mail, Blackberry, iPhone, text messaging, or on Twitter, through any blog or website, including Facebook, Google+, My Space, LinkedIn, or YouTube. . . . I expect you will inform me as soon as you become aware of another juror’s violation of these instructions.

These same jury instructions were provided by both a federal district court and state criminal court judge during a three-year study on juries and social media. Their research found that “jury instructions are the most effective tool to mitigate the risk of juror misconduct through social media.” [FN11] As a result, the authors recommend jury instruction on social media ““early and often” and daily in lengthy trials. [FN12] Analyzing the approximately 8% of the jurors who admitted to being ““tempted” to communicate about the case using social media, the judges found that the jurors chose not to talk or write about the case because of the specific jury instruction not to do so. While juror misconduct via social media itself is not the subject of this Opinion, lawyers reviewing juror websites and ESM may become aware of misconduct. Model Rule 3.3 and its legislative history make it clear that a lawyer has an obligation to take remedial measures including, if necessary, informing the tribunal when the lawyer discovers that a juror has engaged in criminal or fraudulent conduct related to the proceeding. But the history is muddled concerning whether a lawyer has an affirmative obligation to act upon learning that a juror has engaged in improper conduct that falls short of being criminal or fraudulent. Rule 3.3 was amended in 2002, pursuant to the ABA Ethics 2000 Commission’s proposal, to expand on a lawyer’s previous obligation to protect a tribunal from criminal or fraudulent conduct by the lawyer’s client to also include such conduct by any person. [FN13] Model Rule 3.3(b) reads:

(b) A lawyer who represents a client in an adjudicative proceeding and who knows that a person intends to engage, is engaging or has engaged in criminal or fraudulent conduct related to the proceeding shall take reasonable remedial measures including, if necessary, disclosure to the tribunal.

Comment [12] to Rule 3.3 provides:

Lawyers have a special obligation to protect a tribunal against criminal or fraudulent conduct that undermines the integrity of the adjudicative process, such as bribing, intimidating or otherwise unlawfully communicating with a witness, juror, court official or other participant in the proceeding, unlawfully destroying or concealing documents or other evidence or failing to disclose information to the tribunal when required by law to do so. Thus, paragraph (b) requires a lawyer to take reasonable remedial measures, including disclosure if necessary, whenever the lawyer knows that a person, including the lawyer’s client, intends to engage, is engaging or has engaged in criminal or fraudulent conduct related to the proceeding.

Part of Ethics 2000’s stated intent when it amended Model Rule 3.3 was to incorporate provisions from Canon 7 of the ABA Model Code of Professional Responsibility (Model Code) that had placed an affirmative duty upon a lawyer to notify the court upon learning of juror misconduct:

This new provision incorporates the substance of current paragraph (a)(2), as well as ABA Model Code of Professional Responsibility DR 7-102(B)(2) (“A lawyer who receives information clearly establishing that a person other than the client has perpetrated a fraud upon a tribunal shall promptly reveal the fraud to the tribunal”) and DR 7-108(G) (“A lawyer shall reveal promptly to the court improper conduct by a venireperson or juror, or by another toward a venireperson or juror or a member of the venireperson’s or juror’s family, of which the lawyer has knowledge”). Reporter’s Explanation of Changes, Model Rule 3.3. [FN14]

However, the intent of the Ethics 2000 Commission expressed above to incorporate the substance of DR 7-108(G) in its new subsection (b) of Model Rule 3.3 was never carried out. Under the Model Code’s DR 7-108(G), a lawyer knowing of “improper conduct” by a juror or venireperson was required to report the matter to the tribunal. Under Rule 3.3(b), the lawyer’s obligation to act arises only when the juror or venireperson engages in conduct that is fraudulent or criminal. [FN15] While improper conduct was not defined in the Model Code, it clearly imposes a broader duty to take remedial action than exists under the Model Rules. The Committee is constrained to provide guidance based upon the language of Rule 3.3(b) rather than any expressions of intent in the legislative history of that rule. By passively viewing juror Internet presence, a lawyer may become aware of a juror’s conduct that is criminal or fraudulent, in which case, Model Rule 3.3(b) requires the lawyer to take remedial measures including, if necessary, reporting the matter to the court. But the lawyer may also become aware of juror conduct that violates court instructions to the jury but does not rise to the level of criminal or fraudulent conduct, and Rule 3.3(b) does not prescribe what the lawyer must do in that situation. While considerations of questions of law are outside the scope of the Committee’s authority, applicable law might treat such juror activity as conduct that triggers a lawyer’s duty to take remedial action including, if necessary, reporting the juror’s conduct to the court under current Model Rule 3.3(b). [FN16] While any Internet postings about the case by a juror during trial may violate court instructions, the obligation of a lawyer to take action will depend on the lawyer’s assessment of those postings in light of court instructions and the elements of the crime of contempt or other applicable criminal statutes. For example, innocuous postings about jury service, such as the quality of the food served at lunch, may be contrary to judicial instructions, but fall short of conduct that would warrant the extreme response of finding a juror in criminal contempt. A lawyer’s affirmative duty to act is triggered only when the juror’s known conduct is criminal or fraudulent, including conduct that is criminally contemptuous of court instructions. The materiality of juror Internet communications to the integrity of the trial will likely be a consideration in determining whether the juror has acted criminally or fraudulently. The remedial duty flowing from known criminal or fraudulent juror conduct is triggered by knowledge of the conduct and is not preempted by a lawyer’s belief that the court will not choose to address the conduct as a crime or fraud.

Conclusion

In sum, a lawyer may passively review a juror’s public presence on the Internet, but may not communicate with a juror. Requesting access to a private area on a juror’s ESM is communication within this framework. The fact that a juror or a potential juror may become aware that the lawyer is reviewing his Internet presence when an ESM network setting notifies the juror of such review does not constitute a communication from the lawyer in violation of Rule 3.5(b). If a lawyer discovers criminal or fraudulent conduct by a juror related to the proceeding, the lawyer must take reasonable remedial measures including, if necessary, disclosure to the tribunal.

[FN1]. Unless there is reason to make a distinction, we will refer throughout this opinion to jurors as including both potential and prospective jurors and jurors who have been empaneled as members of a jury.

[FN2]. The capabilities of ESM change frequently. The committee notes that this opinion does not address particular ESM capabilities that exist now or will exist in the future. For purposes of this opinion, key elements like the ability of a subscriber to control access to ESM or to identify third parties who review a subscriber’s ESM are considered generically.

[FN3]. While this Committee does not take a position on whether the standard of care for competent lawyer performance requires using Internet research to locate information about jurors that is relevant to the jury selection process, we are also mindful of the recent addition of Comment [8] to Model Rule 1.1. This comment explains that a lawyer “should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” See also Johnson v. McCullough, 306 S.W.3d 551 (Mo. 2010) (lawyer must use “reasonable efforts” to find potential juror’s litigation history in Case.net, Missouri’s automated case management system); N. H. Bar Ass’n, Op. 2012-13/05 (lawyers “have a general duty to be aware of social media as a source of potentially useful information in litigation, to be competent to obtain that information directly or through an agent, and to know how to make effective use of that information in litigation”); Ass’n of the Bar of the City of N. Y. Comm. on Prof’l Ethics, Formal Op. 2012-2 (“Indeed, the standards of competence and diligence may require doing everything reasonably possible to learn about jurors who will sit in judgment on a case.”).

[FN4]. Judges also may choose to work with local jury commissioners to ensure that jurors are advised during jury orientation that they may properly be investigated by lawyers in the case to which they are assigned. This investigation may include review of the potential juror’s Internet presence.

[FN5]. Or. State Bar Ass’n, Formal Op. 2013-189 (“Lawyer may access publicly available information [about juror, witness, and opposing party] on social networking website”); N.Y. Cnty. Lawyers Ass’n, Formal Op. 743 (2011) (lawyer may search juror’s “publicly available” webpages and ESM); Ass’n of the Bar of the City of N.Y. Comm. on Prof’l Ethics, supra note 3 (lawyer may use social media websites to research jurors); Ky. Bar Ass’n, Op. E-434 (2012) (“If the site is ‘public,’ and accessible to all, then there does not appear to be any ethics issue.”). See also N.Y. State Bar Ass’n, Advisory Op. 843 (2010) (“A lawyer representing a client in pending litigation may access the public pages of another party’s social networking website (such as Facebook or MySpace) for the purpose of obtaining possible impeachment material for use in the litigation”); Or. State Bar Ass’n, Formal Op. 2005-164 (“Accessing an adversary’s public Web [sic] site is no different from reading a magazine or purchasing a book written by that adversary”); N.H. Bar Ass’n, supra note 3 (viewing a Facebook user’s page or following on Twitter is not communication if pages are open to all members of that social media site); San Diego Cnty. Bar Legal Ethics Op. 2011-2 (opposing party’s public Facebook page may be viewed by lawyer).

[FN6]. See Or. State Bar Ass’n, supra note 5, fn. 2, (a “lawyer may not send a request to a juror to access non-public personal information on a social networking website, nor may a lawyer ask an agent to do so”); N.Y. Cnty. Lawyers Ass’n, supra note 5 (“Significant ethical concerns would be raised by sending a ‘friend request,’ attempting to connect via LinkedIn.com, signing up for an RSS feed for a juror’s blog, or ‘following’ a juror’s Twitter account”); Ass’n of the Bar of the City of N.Y. Comm. on Prof’l Ethics, supra note 3 (lawyer may not chat, message or send a “friend request” to a juror); Conn. Bar Ass’n, Informal Op. 2011-4 (friend request is a communication); Mo. Bar Ass’n, Informal Op. 2009-0003 (friend request is a communication pursuant to Rule 4.2). But see N.H. Bar Ass’n, supra note 3 (lawyer may request access to witness’s private ESM, but request must “correctly identify the lawyer . . . [and] . . . inform the witness of the lawyer’s involvement” in the matter); Phila. Bar Ass’n, Advisory Op. 2009-02 (lawyer may not use deception to secure access to witness’s private ESM, but may ask the witness “forthrightly” for access).

[FN7]. Ass’n of the Bar of the City of N.Y. Comm. on Prof’l Ethics, supra, note 3.

[FN8]. N.Y. Cnty. Lawyers’ Ass’n, supra note 5.

[FN9]. For a review of recent cases in which a juror used ESM to discuss trial proceedings and/or used the Internet to conduct private research, read Hon. Amy J. St. Eve et al., More from the #Jury Box: The Latest on Juries and Social Media, 12 Duke Law & Technology Review no. 1, 69-78 (2014), available at http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1247&context=dltr.

[FN10]. Judicial Conference Committee on Court Administration and Case Management, Proposed Model Jury Instructions: The Use of Electronic Technology to Conduct Research on or Communicate about a Case, USCOURTS.GOV (June 2012), http://www.uscourts.gov/uscourts/News/2012/jury-instructions.pdf.

[FN11]. Id. at 66.

[FN12]. Id. at 87.

[FN13]. Ethics 2000 Commission, Model Rule 3.3: Candor Toward the Tribunal, AMERICAN BAR ASSOCIATION, http://www.americanbar.org/groups/professional_ responsibility/policy/ethics_2000_commission/e2k_rule33.html (last visited Apr. 18, 2014).

[FN14]. Ethics 2000 Commission, Model Rule 3.3 Reporter’s Explanation of Changes, AMERICAN BAR ASSOCIATION, http:// www.americanbar.org/groups/professional_responsibility/policy/ethics_2000_ commission/e2k_rule33rem.html (last visited Apr. 18, 2014).

[FN15]. Compare MODEL RULES OF PROF’L CONDUCT R. 3.3(b) (2002) to N.Y. RULES OF PROF’L CONDUCT, R. 3.5(d) (2013) (“a lawyer shall reveal promptly to the court improper conduct by a member of the venire or a juror....”).

[FN16]. See, e.g., U.S. v. Juror Number One, 866 F.Supp.2d 442 (E.D. Pa. 2011) (failure to follow jury instructions and emailing other jurors about case results in criminal contempt). The use of criminal contempt remedies for disregarding jury instructions is not confined to improper juror use of ESM. U.S. v. Rowe, 906 F.2d 654 (11th Cir. 1990) (juror held in contempt, fined, and dismissed from jury for violating court order to refrain from discussing the case with other jurors until after jury instructions delivered). ABA Formal Op. 14-466 End of Document

http://nyti.ms/1kSf75L

TECHNOLOGY | NYT NOW

Off the Record in a Chat App? Don’t Be SureBy JENNA WORTHAM MAY 8, 2014

What happens on the Internet stays on the Internet.That truth was laid bare on Thursday, when Snapchat, the popular mobile

messaging service, agreed to settle charges by the Federal Trade Commission that messages sent through the company’s app did not disappear as easily as promised.

Snapchat has built its service on a pitch that has always seemed almost too good to be true: that people can send any photo or video to friends and have it vanish without a trace. That promise has appealed to millions of people, particularly younger Internet users seeking refuge from nosy parents, school administrators and potential employers.

But the commission charged that there were several easy ways to save messages from the service, and in settling the accusations, the company agreed not to misrepresent the disappearing nature of its messages.

The company’s early popularity and hype led to a multibillion-dollar buyout offer last year from Facebook, which Snapchat’s leaders spurned in the hope of something better. But the settlement announced on Thursday set a different tone, one that could extend to the many other start-ups that promise security, privacy and anonymity as an antidote to the public nature of Facebook and Twitter.

“The Internet is forever, and people don’t realize that,” said Nico Sell, a security expert and one of the founders of a rival mobile app called Wickr that also lets people send self-destructing messages. “You think you can delete a tweet or a Facebook post, but it doesn’t go away. Most people don’t know how hard it is to make a message disappear.”

The settlement is the latest revelation that much of what is shared over the web and through mobile devices is at risk for interception or eventual retrieval, even if the hardware and software companies that transmit them promise

of 4Off the Record in a Chat App? Don’t Be Sure - NYTimes.com

5/13/2014http://www.nytimes.com/2014/05/09/technology/snapchat-reaches-settlement-with-federal-trade-c...

otherwise. Security vulnerabilities have been exposed at major banks, corporations and retailers around the globe and at many start-ups.

The settlement between the F.T.C. and Snapchat also raised another notion: that some technology companies may be misleading users about how their information is stored and shared, even if unintentionally.

Under the terms of the settlement, Snapchat will be prohibited from misrepresenting how it maintains the privacy and confidentiality of user information. The company will also be required to start a wide-ranging privacy program, a sort of probation, and will be independently monitored for 20 years. Fines could ensue if the company violates the agreement.

In its complaint against Snapchat, the commission said the app’s messages, often called snaps, could be saved in several ways, contrary to what the company has said. Users can save a message by using a third-party app, the agency said, or employ simple workarounds that allow users to take a screen shot of messages without alerting another user.

The complaint also said Snapchat transmitted users’ location information and collected sensitive data like address book contacts, despite its saying that it did not collect such information. The commission said the lax policies did not secure a feature called “Find Friends” that allowed security researchers to compile a database of 4.6 million user names and phone numbers during a recent security breach.

“One thing we want to make clear,” said Chris Olsen, the assistant director of the F.T.C’s division of privacy and identity protection. “If you make promises about privacy, you must honor those promises or otherwise risk F.T.C. enforcement.”

Snapchat declined an interview request, but posted a statement on its blog. “While we were focused on building, some things didn’t get the attention they could have,” the company wrote.

Snapchat added: “Even before today’s consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description and in-app just-in-time notifications. And we continue to invest heavily in security and countermeasures to prevent abuse.”

Brian Blau, an analyst with Gartner Research, said that it was a bit premature to predict how the F.T.C. settlement might affect the standing of the company and

its ability to transform itself into a sustainable business. The company does not yet generate revenue. Snapchat has only recently begun to experiment with partnerships that may lay the framework to eventually make money.

But the settlement is “really bad for a technology company,” he said. “You don’t have the government coming after you when you’re doing regular business.”

Still, some of Snapchat’s vulnerabilities have been public for some time, suggesting that users and venture capitalists may not be terribly concerned about Snapchat’s false promises.

An article on BuzzFeed, the online news start-up, published in late 2012 explained how Snapchat videos could easily be copied and saved using a simple service. That revelation and others did not deter venture capitalists from writing checks worth $123 million to back the company, nor did it seem to prevent people from using the service.

Mr. Olsen of the F.T.C. declined to say what led the commission to open an investigation into Snapchat, but he did say that several organizations, including the Electronic Privacy Information Center, an independent, nonprofit research center, had raised concerns about the messaging service. He said the case and resulting settlement were part of a larger, continuing investigative effort by the commission to hold start-ups and companies accountable to their marketing claims and privacy assurances to consumers.

Snapchat’s rise is part of a sea change in social media, one that is defined by companies promising more private and anonymous interactions than existing popular services. Mobile applications like Whisper, Secret, Confide and a number of others also assure their users that the content they share and sometimes even their identities are secure.

Danah Boyd, who researches technology adoption and use among teenagers, said that younger Internet users tended to be “far more concerned about people in their immediate world getting access to their content than the company itself” as long as it did not disrupt their personal lives.

“There’s a huge disconnect between what we mean when we say anonymity in the colloquial sense and what it means in a technical sense,” said Ms. Boyd, who wrote “It’s Complicated,” a book about technology habits and use.

And even Evan Spiegel, one of Snapchat’s founders, seemed to acknowledge as much in an interview.

“Nothing ever goes away on the Internet,” he said.

A version of this article appears in print on May 9, 2014, on page A1 of the New York edition with the headline: Off the Record in a Chat App? Don’t Be Sure.

Next in TechnologyGoogle Must Honor Requests to Delete Some Links, E.U. Court Says

Ethics in the Digital Age in the Digital Age - 06.02.14.pdf · 2/14/2006 · Ethics in the Digital...

Documents

Digital Age Catechetical Leader

Digital Citizenship Safety in the Digital Age

Digital Age Transportation

20th Anniversary Edition LoTi Digital Age Survey · 2016. 6. 1. · LoTi Digital Age Survey for Leaders LoTi Digital Age Survey: Digital Landscape Select the response for each question

Digital age of Film

Business@Digital Age

Digital Age PR

Capital network keep your company close and your ip closer (i sgc 06.02.14)

Becoming of Age In the Digital Age

the digital age

Seo & keyword rank report presentation whinny lane 07.01.14 to 06.02.14

Digital Age and Age of Gas

Digital Age PBL

Digital Age Public Relations

Digital Age Literacy

Digital Divide (age)

Digital age march 18

Biodiversity of Fishes Sex under Water Rainer Froese GEOMAR 06.02.14

Digital Booklet - Day & Age

Digital Age Historians