E-mail’s days as a communication medium that offers a “reasonable expectation of privacy” may be numbered.
The ABA’s newly issued Formal Opinion 11-459 revisits the topic of e-mail security, and offers the following concluding paragraph:
A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, to which a third party may gain access. The risk may vary. Whenever a lawyer communicates with a client by e-mail, the lawyer must first consider whether, given the client’s situation, there is a significant risk that third parties will have access to the communications. If so, the lawyer must take reasonable care to protect the confidentiality of the communications by giving appropriately tailored advice to the client.
While Formal Opinion 11-459 correctly identifies the wide variety of security- and privacy-related issues with e-mail, this most recent opinion represents a major departure from the ABA’s previous position on e-mail security as outlined in Formal Opinion 99-143, which states:
The Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy
For years lawyers have felt e-mail offered a “reasonable expectation of privacy” due to Formal Opinion 99-143, but Formal Opinion 11-459 seems to indicate the ABA is advocating a shift away from e-mail as a communication method.
This shift in thinking is a pragmatic one: in the last decade there has been an explosion in tools available for secure attorney-client messaging. Cloud-based collaboration and communication services offer a much higher degree of security and, in light of more secure alternatives being available, why should lawyers and their clients accept the additional risk of using unencrypted e-mail?