Implicit Authorization in Ontario of Cloud Computing

Cloud computing is hardly a new topic for practitioners, but it continues to be one which many struggle with. Part of the reason they struggle is the lack of clear guidance from the law societies.

The greatest concern tends to be client confidentiality, Rule 3.3 of the Model Code. However, as I stated this past week at the Ontario Bar Association Institute, many of these concerns are largely overstated, and the resistance to cloud computing may in fact compromise other components of professional responsibility, including competence (Rule 3.1) and quality of service (Rule 3.2).

I even take the controversial position that use of cloud computing may in fact be required one day to be professionally competent. In anticipation of these changes, diligent practitioners have at the very least the duty to make reasonable inquiries about these newer technologies and the benefits it can provide to their practice. The complete paper is available here.

In the weeks leading up to the conference there have been some other developments which may illustrate that cloud computing will likely become the norm, rather than the exception. On January 1, 2015, the Rules of Civil Procedure were amended to allow for electronic document exchange under subclause 16.01 (4) (b) (iii) and clause 16.05 (1) (c.1).

What is interesting is that this new form of service in Ontario does not require an affidavit of service. Clause 16.09(4.1) indicates that service is proven by a record of service which indicates the following:

  • (a) the total number of pages served;
  • (b) the name of the person who served the document and, if the person served the document on behalf of a party, the name of the party and the nature of the relationship between the person and the party;
  • (c) the name of the person on whom the document was served; and
  • (d) the date on and time at which the document was served through the electronic document exchange.

At this time, there is only one document exchange company in Ontario which provides this service, CourtSide EDX, founded by Ontario lawyers, Michael Tweyman and Arin Klug. Incidentally, Tweyman and Klug and the persons responsible for the amended Rules, having approached the Rules Committee with an interest in improving the manner in which litigation is conducted in this province.

In addition to compliance with the features above, CourtSide EDX provides email and SMS notification when documents are served, allowing for better compliance with professional responsibilities to keep abreast of developments on a file.

The cost and time involved with process servers and couriers is eliminated, providing better quality of service and reducing legal costs to clients. The service also has some practice management components, including a disbursement report to track costs of use per client. Receiving documents on CourtSide EDX is free, and there is no cost or commitment on sign-up.

But what is most interesting about CourtSide EDX is that the record of service provided in compliance with the above Rules can be accessed by QR code or a unique link. Documents are stored and transmitted securely, with 128-Bit SSL encryption, but these documents and the record of service are stored in the cloud. In the opinion of Tweyman and Klug, there is really no other practical way to accomplish the goals of electronic service without the use of cloud computing.

What this means is that for civil litigators in Ontario, cloud computing is effectively now part of your practice. For family law practitioners, this is already underway through DIVORCEmate’s Tools2KCloud. This does not absolve practitioners entirely from their responsibility to maintain client confidentiality, even with the use of new technological tools, but it certainly makes it easier.

Cloud computing providers who service the legal industry are fully aware of the professional compliance requirements, and are better positioned to ensure this security than the independent practitioner. Lawyers are encouraged to communicate with these practitioners to make reasonable inquiries, which itself should satisfy their responsibilities to clients once disclosure to these clients are made.

Also worth noting is a podcast on the LSUC website about cloud computing, with Phil Brown and David Whelan. Here’s an excerpt:

  • Phil Brown:…So, the first question, I guess, would be what is cloud computing? And would that include e-mail and other things like that?
  • David Whelan:Absolutely. And I think people probably don’t realise that they’re using the cloud already when they are using Google Mail or they’re using Hotmail. But that really is the same sort of thing, where before they might have had the e-mail system on their computer and the e-mail would download, now they access it through a web browser.

The question I posed to the audience was, “Are you really going to suggest that Gmail or Hotmail is a violation of the Rules [of Professional Conduct]?”

We do not always need clear guidance or direction from the law societies when our professional discretion should be sufficient to make reasonable judgment calls as to how we can meet our duties to clients and to the courts. Excessive caution has the potential to stifle innovation and inhibit our abilities to enhance the services we currently provide.

Cloud computing is not a failsafe means of document storage, but the Rules of Professional Conduct do not require perfection, only reasonable diligence. Not only do I believe this can be achieved through existing technology, but changes already underway in the manner in which practice is being conducted in Ontario makes it impossible in my opinion to support a blanket prohibition on cloud technology. Sometimes practices in the bar leapfrog beyond explicit guidance from the law society, and in these circumstances we should be able to assume implicit authorization when this technology is properly employed.

Comments

  1. David Collier-Brown

    I fear part of the problem is the name. Marketers love “the cloud”, because in a real cloud, no-one can see anything. Humans hate that, because they can’t see anything, and they can’t do due diligence.

    Cloud computing is nothing more than doing your work and saving your data on someone else’s computer in a machine room that may be quite distant, not just down the street. In the days of IBM mainframes, it was called “time sharing”.

    Dig out your sample contracts for timesharing, add a check in case it’s outside Canada, and carry on!

  2. Interesting and helpful article. Thanks Omar.

  3. Omar,

    Thanks for another great article. There has been a lot of resistance in the legal profession to clouds, mostly because i) lawyers often suck at computers, and ii) lawyers are a naturally risk-averse species. I, too, have encountered skeptics who question whether gmail’s Service Agreement complies with confidentiality. Ironically, these are the same skeptics who send unencrypted e-mails (or rather, electronic postcards) with highly sensitive information on an hourly basis.

    To the skeptics, I would point out that our confidentiality obligations require us to be reasonably diligent, not extremely risk-averse. There can be no question, I think, that gmail use reasonably respects confidentiality.

  4. I wonder if the problems of computer “suckiness” and risk aversion are more acute with more seasoned legal professionals. Most lawyers or paralegals licensed today probably wouldn’t even know what a facsimile machine is were it not for references in various rules (and some may still not know).

    I look forward to the Rules of the Small Claims Court catching up to the Rules of Civil Procedure to allow for electronic document exchange. Reducing the cost of service for paralegals and lawyers makes it possible to see a corresponding lowering of fees for clients. This is better for the clients’ opportunity to access justice and it may very well be better for the system as a whole.

  5. Marc,

    Technically these document exchange systems can be used to exchange any material and any communications outside of the Rules, meaning licensees practicing in small claims can still use it for disclosure.

    What I find bizarre is that many of us who do use fax (because we have to) utilize a digital fax, which is both sent and received through e-mail. As indicate above, we are therefore essentially using the cloud and e-mail communication to comply with the Rules because we can theoretically send it on the other side to a fax machine. Of course if I’m receiving it, especially if it’s lengthy, I do not want to print it and want it in my Inbox instead.

    Fax machines should be rendered obsolete by the Rules. But the adoption of electronic document exchange is certainly a step in that direction. What’s next is hopefully the widespread adoption of the technology by the bar.

  6. I wold not thought a digital fax was necessarily a cloud function – if one’s email is not cloud-based, then the fax sent from computer to computer is not either. But it is certainly an electronic document with the security issues (e.g. authentication of origin and of content integrity) common to such documents. And when one gets a fax on a traditional fax machine, one can’t tell if it was sent from such a machine or from a computer, and vice versa.

    So those who are willing to rely on computer-generated or -received faxes should be prepared to relax about electronic communications for other official legal purposes.

    That is one of the arguments about the need for security measures surrounding electronic signatures for real estate documents: if people use faxes now, why should a new e-signature method have to be more reliable than such faxes in order to be legally effective?

  7. This is merely a supposition but perhaps the acceptance of a faxed document with a signature is deemed more acceptable because there is an assumption that there exists a “hard-copy” of the document with a “penned” signature ready to be used for the purposes of verification and/or authentication. And, although the fax (using a traditional facsimile machine) could be sent to an incorrect recipient(s) there is less potential of a wider distribution thus the risk is deemed easier to contain.