The American Bar Association’s Standing Committee on Ethics and Professional Responsibility issues ethics opinions that interpret the Model Rules of Professional Conduct. While not binding precedent, these ABA Formal Opinions are often cited as persuasive when courts and others interpret the rules of professional conduct in states that are similar or identical to the ABA Model Rules of Professional Conduct. Yesterday, the Committee released Formal Opinion 498 titled “Virtual Practice,” which you can download here in PDF format. The opinion provides guidance when using technology to practice law outside of a traditional law office. Every lawyer has had to do quite a bit of that over the past year of the pandemic. But many lawyers who use an iPhone or iPad have had, at least in part, a virtual practice long before 2020. Here are the recommendations in Formal Opinion 498 that jumped out at me as particularly relevant for any attorney using an iPhone or iPad.
Guiding principles
The opinion begins by citing three guiding principles that are especially relevant to the virtual practice of law. First, a lawyer has a duty of competence and diligence, and this means that a lawyer should keep abreast of the benefits and risks associated with relevant technology. That makes sense, but it can be easier said than done considering how quickly new risks arise. For example, a large number of law firms use Microsoft Exchange (Outlook) for their email, and just a few days ago, tens of thousands of Microsoft Exchange servers were infiltrated by Chinese hackers, as noted by this article by Andy Greenberg of Wired. If you didn’t learn about that right away and patch the server in your law firm, you increase your risk of being hacked.
Second, lawyers have a duty of confidentiality. We all know that.
Third, lawyers with managerial authority have an ethical obligation to supervise other attorneys so that there is compliance with the ethical rules. That means that many of us need to not just do the right thing in our own practice but also ensure that those who work with us do the same.
Specific recommendations
Here are a few of the specific recommendations that struck me as important for lawyers using an iPhone and/or an iPad.
Security. The opinion recommends that attorneys use secure Wi-Fi routers and consider using VPN, depending upon the risks associated with any specific Wi-Fi router. Lawyers should also use strong (and unique) passwords, which is why I recommend a password manager such as 1Password. The opinion also recommends that lawyers install software updates that fix security flaws. For example, just a few days ago, Apple released iOS 14.4.1 to address security issues related to maliciously crafted websites.
Cloud services. Cloud services are great because you can access important documents no matter where you are located in the world. But you need to make sure that hackers cannot access the same content, especially when it can contain confidential and/or privileged information. The opinion repeats a recommendation from a 2018 opinion that lawyers using cloud services should “(i) choose a reputable company, and (ii) take reasonable steps to ensure that the confidentiality of client information is preserved, and that the information is readily accessible to the lawyer.”
Virtual meetings. I’ve participated in a large number of virtual court hearings, and I’m a big fan. Not only do you eliminate the risk associated with the pandemic, but you also avoid the inconvenience of transportation to and from a courthouse. But for the most part, virtual court hearings do not involve confidential information. On the other hand, virtual meetings with clients and others can concern very confidential topics. The opinion advises being aware of security measures associated with virtual conferencing software. That makes sense in theory, although the opinion doesn’t offer specific suggestions other than the use of strong passwords and taking advantage of higher tiers of security offered by vendors.
The opinion also advises considering whether the meeting is or can be recorded and the implications of that. The opinion also warns not to participate in a virtual meeting in a place where a third party can overhear the conversation. These are all good suggestions, but they are really nothing new. I have often encountered attorneys and others in an airport, restaurant, etc. having what appears to be a confidential telephone conversation even though others can hear them.
(By the way, before I leave the topic of virtual hearings, I recommend that you check out this recent post from attorney Kevin Underhill on his Lowering the Bar website. It is amazing to me that Michigan prosecutor Deborah Davis figured out that the defendant in a domestic abuse hearing was attending the Zoom hearing from the same house as the victim, presumably to influence her testimony, while he lied to the judge about his location. According to a local news report, the prosecutor received a tip before the hearing that this might occur.)
Smart speakers. The opinion states: “Unless the technology is assisting the lawyer’s law practice, the lawyer should disable the listening capability of devices or services such as smart speakers, virtual assistants, and other listening-enabled devices while communicating about client matters. Otherwise, the lawyer is exposing the client’s and other sensitive information to unnecessary and unauthorized third parties and increasing the risk of hacking.”
Does this mean that you need to disable Siri on your iPhone, iPad, HomePod, etc.? I don’t think so because of the way that Apple makes these devices, but you should consider this and decide for yourself. These devices only listen for you to say the phrase “Hey Siri,” and unless that phrase is uttered, nothing that you say is sent to any Apple server. If the phrase is heard, these devices virtually always alert you that Siri is listening, so you will often know if it is occurring. And even when a voice recording is sent to an Apple server, it is encrypted and anonymous so that it is not associated with you.
On the other hand, as I mentioned in my recent review of the Apple HomePod, devices made by other companies may not work the same way. Thus, if you are talking near one of those smart devices, I recommend that you take the time to learn how they work. I’m comforted by the fact that Apple works hard to maintain privacy and doesn’t have any economic incentive to invade your privacy, but that is not true for many other companies.
Conclusion
I’ve covered most of the highlights, but there is even more addressed in this Formal Opinion, so I encourage you to read it. The opinion doesn’t provide many bright-line answers, but it does a good job of highlighting the issues that attorneys should consider when using mobile technology.