Ethics of using public Wi-Fi — guest post by Prof. Dane Ciolino

Professor Dane Ciolino teaches at Loyola Law School in New Orleans, LA.  He is the author of the book Louisiana Legal Ethics: Standards and Commentary (2013), publishes the blog Louisiana Legal Ethics, and is widely regarded as an expert in legal ethics.  He also has an interest in technology, and I have enjoyed teaching CLEs with him over the years.  He recently wrote about the ethics of lawyers using public Wi-Fi, an issue that lawyers with an iPhone or an iPad frequently encounter in airports, coffeshops, etc. 

Prof. Ciolino was kind enough to give me permission to republish his article for iPhone J.D. readers:

—–

Rule 1.6 of course requires a lawyer to maintain the confidentiality of client information. But does it require a lawyer who digitally stores and communicates information to use über-security measures like encryption or multi-factor authentication? Does it prohibit a lawyer from using a public Wi-Fi network at Starbucks or at an airport?

A September 10, 2013 decision from the Ninth Circuit Court of Appeals should give comfort to even the most confidentially-minded of lawyers. In Joffe v. Google, Inc., the Ninth Circuit considered whether the federal Wiretap Act covers communications over Wi-Fi networks. That act imposes liability on anyone who “intentionally intercepts . . . any wire, oral, or electronic communication,” subject to some exceptions. See 18 U.S.C. § 2511(1)(a). Google argued that one of those exceptions carved out public Wi-Fi networks because they were, among other things, “accessible to the general public.” The court rejected Google’s argument and held as follows:

Wi-Fi transmissions are not “readily accessible” to the “general public” because most of the general public lacks the expertise to intercept and decode payload data transmitted over a Wi-Fi network. Even if it is commonplace for members of the general public to connect to a neighbor’s unencrypted Wi-Fi network, members of the general public do not typically mistakenly intercept, store, and decode data transmitted by other devices on the network. Consequently, we conclude that Wi-Fi communications are sufficiently inaccessible that they do not constitute an “electronic communication . . . readily accessible to the general public” under 18 U.S.C. § 2511(2)(g)(i) as the phrase is ordinarily understood.

This decision not only is sensible, but also has important implications for lawyers. The rules of professional conduct require only that a lawyer “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” See ABA Model Rule 1.6(c). In the wake of the Joffe v. Google opinion, it is now “reasonable” for a lawyer to assume that the communication of client information over a Wi-Fi network is “confidential” — after all, any interception by a would-be interceptor would violate the federal Wiretap Act. Therefore, it is no less reasonable for a lawyer to communicate over (now) federally-protected Wi-Fi networks than to communicate over federally-protected wireless phone networks, landlines and fax lines. In all cases, of course, fit the means of communication to the sensitivity of the information.

So, relax, take slurp of that venti double chocolate chip mocha Frappuccino, and send your email. It’s okay.

5 thoughts on “Ethics of using public Wi-Fi — guest post by Prof. Dane Ciolino”

  1. As a client, I would be *quite upset* to learn that my lawyers considered using open WiFi as safe enough. “The courts say it’s ok” would matter very little to me if sensitive information got into the wrong hands or leaked to the public.

    Reply
  2. Another consideration here is using a secure protocol like HTTPS, SSL, or SSH, which provide an additional layer of protection to unsecured wifi signals. It is one thing to haphazardly broadcast client confidential internet via public wifi, it is quite another to utilize one of these protocols to secure the data over otherwise unsecure networks. For any lawyer using Firefox or Chrome, HTTPS is as simple is getting the EFF’s extension “HTTPS Everywhere”. Also, most lawyers that use remote desktop should be using SSH. It is also not hard to set up, and is fairly cost effective by comparison to a malpractice claim and disciplinary action for violating client confidence.

    Reply
  3. This is something that I never would have expected to be an issue. As long as you are sending encrypted emails there should not be a problem. I can see how it would be easy to not think about connecting to public wifi and getting some work done. Personally I would not use a remote desktop app on public wifi no matter how secure it was.

    Reply

Leave a Comment