INFOTECH AND THE LAW
Communicators Beware of Insecure Media
P> Sometimes it pays to be paranoid -- particularly where sensitive corporate information is concerned.
Communications between a lawyer and his client are confidential and protected by the attorney-client privilege. With certain exceptions neither the client nor the lawyer can be compelled by legal process to disclose the content of such communications. Many clients (and too many lawyers) do not appreciate, however, that maintaining the attorney-client privilege in an era of electronic communications requires great care.
Communications on insecure media can be overheard and intercepted by competitors, journalists, hackers and others who could use the information in ways that may be much more harmful than the mere use of the information as evidence in a pending lawsuit. Accordingly, technology companies should take steps to ensure that their employees are careful about what they communicate over these media and do not discuss anything that might be deemed confidential. When the conversation is conducted over a cordless or cellular phone, the caller should advise the other party, who may not otherwise know that one of those devices is being used, and tell the other party not to disclose any confidential information during the call.
The single most important consideration is that a client must reasonably believe the conversation cannot be intercepted. The reasonableness of that expectation affects not only the ability legally to protect what is said over electronic media to a lawyer, but it should also guide what a person says or sends electronically when communicating trade secrets or other confidential business information to colleagues or business partners.
Here's the crux of the issue: Courts universally agree that a person has a reasonable expectation of privacy when speaking on a land-line telephone. The attorney-client privilege continues even though telephone lines might be tapped. The more difficult question arises when a client speaks with his or her attorney on a cordless or cellular phone or over the Internet or by other means of electronic mail.
A cordless telephone is a two-way radio transmitter/receiver. Anyone within about 1,000 feet who is listening with a scanner, compatible cordless telephone or other radio receiver can intercept the conversation. Because cordless phone conversations are so easily intercepted, courts consistently rule that callers using cordless telephones do not have a reasonable expectation of privacy. That being the case, discussion of confidential matters with one's attorney or anyone else on a cordless telephone will waive any privilege or claim to trade secret or other business confidential status of the information disclosed.
Although intercepting a cellular telephone conversation is more difficult than intercepting a cordless telephone conversation, the radio frequencies used by cellular phones are readily received by inexpensive scanners. Some experts estimate that there are 10 million radio scanners capable of intercepting cellular phone conversations and data transmissions. There reportedly are eavesdroppers who routinely record cellular phone conversations and attempt to sell the intercepted information to interested buyers.
Unlike the well-settled rule that callers speaking on cordless phones have no reasonable expectation of privacy, the rule concerning cellular phones is not as clear. The Electronic Communications Privacy Act, passed in 1986, appears to create an expectation of privacy for certain electronic communications. Nevertheless, courts differ as to what forms of electronic communications the ECPA covers. A substantial number of courts have ruled that callers speaking on cellular phones do not have a reasonable expectation of privacy. In fact, the Illinois State Bar Association issued an advisory opinion in 1990 stating that "[mobile communications] are not secure... and participants in those conversations have no right to expect... privacy." The bar association concluded, "a lawyer should not use [mobile telephones] when discussing confidential communication."
Thus, prudence dictates not speaking on a cellular telephone when discussing confidential matters. In addition, confidential documents should not be transmitted over cellular telephones without using encryption or other means of ensuring privacy. Digital cellular telephones contain encryption features that may make them safe for sensitive matters, but under current legal standards it is not yet clear that digital telephones will provide a reasonable expectation of privacy.
The Internet is increasingly being used for e-mail communications, including communications between clients and their lawyers. Unlike private e-mail systems, the Internet is not generally subject to rigorous controls designed to ensure and preserve privacy. The sender of an Internet e-mail message has no control over the routing, storage or access to the message either in transit or at the receiving address.
Although there is little case law on the subject, the lack of Internet security is well-published, and it is difficult to imagine an environment less suited to a reasonable expectation of privacy. The use of publicly available software to encrypt Internet messages may improve the likelihood of establishing a reasonable expectation of privacy, but encryption that meets the government's current export standards is reputedly so vulnerable to cracking that it may not protect one's legal privileges.
Whether a particular conversation is protected by the attorney-client privilege usually arises only in litigation, when an adversary seeks disclosure of a sensitive communication that the client claims is confidential and privileged. Once it is discovered that the challenged conversation occurred over a cordless or cellular phone, or over the Internet, the attorney-client privilege claim will likely be lost, and the contents of the communication -- and any documents memorializing it -- must be disclosed to the adversary in litigation.
Ralph Taylor is a partner in the litigation group of Shaw, Pittman, Potts & Trowbridge in Washington, D.C. He may be reached by (insecure) e-mail at firstname.lastname@example.org.