Revelations of the FBI and NSA’s secret intrusions into Verizon’s customer data is throwing fireballs at an already charged ecosystem. Now, we learn that it’s not only Verizon who’s sending information, but also several major internet players like Google, Apple, AOL, Microsoft, and Facebook. The NSA’s power system, known as PRISM, strips data directly from emails, video, photographs, and other digital data, sending it to (presumably) the NSA’s data center in Utah for processing.
Some folks, presumably on the principle of terrorism protection, support the practice of data sweeping. On the surface, I too support the principle. What’s wrong with searching for patterns and data behaviors?
The problem is, and this is where lawyers who store digital data should be concerned, where and when do we stop.
With an unfettered pipe to all of the major data houses, lawyers have to question how safe their client data is.
You’ll recall from your legal ethics course that “[a] lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent.” Rule 1.6.
Now, examine this rule within the scope of the PRISM data mining project: unrestricted access to information stored on cloud servers.
This means, theoretically, cloud-based storage systems can be scraped for reliable intelligence. Client files, stored in the cloud, can be accessed by the NSA, FBI, CIA, or any other jumble of acronymic agencies.
Thousands of lawyers have embraced the Dropbox program, piling millions of pages into the cloud. Many, if not most, lawyers use these cloud sites as their go-to personal and clients storage. While Dropbox seems immune for now, Google, and its Drive service, is surely compromised. Google Drive’s anemic privacy protections have already prompted me to dissuade lawyers from storing confidential materials on its servers. After this newest revelation, I’m more firmly adamant. Futurelawyer mildly promoted Boxcryptor as a possible safe-haven, but as of today, that’s even an untested solution. As this trend of data seizing continues, don’t expect Dropbox and other cloud storage companies to remain immune. Their time shall come.
Yes, in this new data age, lawyers must be concerned about the security and client confidentiality. These new revelations highlight the lasting and firm notion that attorneys must protect their data. These revelations also throw a whole new kink in the way some lawyers will manage their cloud. As a side note, perhaps this story makes out-of-country cloud services slightly more appealing, knowing the information’s safely tucked away behind “sovereignty.” Doubtful.
Of course, there is a secondary consideration from Rule 1.6, which includes the provision that “[a] lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
The question is, does a secret tap by a secret government agency constitute an “inadvertent” disclosure of information? Certainly, before the story broke we all sat comfortably around considering the sanctity of our mobile offices. Now though, “with knowledge comes great responsibility.” Will bar associations, who once supported cloud services concept, now renege on their support? Will these same associations toss “paperless” law firms across the United States back 20 years because of these findings? We’ll see.
What I do know is that some attorneys’ “willy-nilly” approach to cloud storage just became much more interesting. I also don’t suspect that the NSA’s actions change much about the way we were (or were supposed to be) handling cloud storage.
I don’t have the answers for this situation, but since the dawn of the digital time, or at least the dawn of this blog, I’ve advocated utmost caution with cloud storage service. My suggestions include no long-term storage, limited information, enhanced privacy and security protections, encryptions if possible, and a host of other considerations.
I’m not abandoning Google or Dropbox, even in light of the NSA’s prying. But certainly, the client confidentiality charge isn’t just a mantra hoisted high as banner to rally the troops, but rather an ever-present element of a lawyer’s daily life. The attorney-client privilege is sacrosanct and attorneys should work to keep it that way – including working to protect themselves from the prying eyes of government. Maybe too, this will help some companies wake up about their own security and their clients’ privacy.