I have not endorsed the use of web bugs or spy mail.
What I intended to convey is this: the fact that it may be wrong for someone to try to access information relating to the representation of your clients doesn’t relieve you from the duty to take reasonable precautions to prevent unauthorized access to that information. See, Rule 1.6, Comments 16 and 17.
Do you have to store your paper files in a subterranean vault that’s equipped to survive an RPG attack? No. But you probably shouldn’t leave your file cabinets unlocked in a shared hallway, trusting that passersby will remember not to look at things that aren’t theirs.
Imagine a passerby looks through the files. Are you willing to roll with the “but he shouldn’t have been looking!” defense to a formal charge that you violated Rule 1.6 by keeping your files unlocked in the hallway? If so, take a look at this decision from a hearing panel of the PRB.
Is there an affirmative duty to use available technology to protect against spy mail? I don’t know. No matter the type of technology, including a type we can’t even imagine today, it will boil down to this: have you taken reasonable precautions to protect against the unauthorized disclosure of client information?
I will not be surprised if, someday, someone concludes that the duty to take reasonable precautions to protect against the unauthorized disclosure of information relating to the representation of a client includes using reasonably available technology to protect against web bugs & spy mail. In fact, as I mentioned in the first post, that’s almost exactly how the debates over metadata and encrypted e-mail have evolved.