One of the questions at Thaw Bowl IV involved Web Bugs. Due to several blank looks, I thought I’d re-visit the issue.
What are Web Bugs? I first blogged about them HERE. Think of them as e-mail tracking. Some might call it ” spy mail.” Essentially, a web bug is a tool that allows a sender to track when an e-mail is opened, the device used to open it, and whether the e-mail is forwarded.
Last week, Chad Gillies posted an article on LinkedIn entitled “E-Mail Tracking: Is It Ethical? Is it Even Legal?” His article had previously appeared in the January 11, 2017, issue of Bloomberg’s ABA/BNA Lawyer’s Manual on Professional Conduct. Mr. Gillies made a PDF of the article available on LinkedIn. It’s HERE. It includes a lengthy quote from my blog post on Web Bugs.
Mr. Gillies handles customer strategy and legal affairs for a MailControl.net . The company’s website, which is HERE, bills it as a “the leader in enterprise and anti spy mail solutions.”
Anyhow, if you read my original blog post, you’ll not see anything in which I endorse the use of web bugs, e-mail tracking, or spy mail as ethical or consistent with the rules. Rather, as Mr. Gillies points out, you’ll see a section in which I remark upon an advisory ethics opinion issued by the Alaska Bar Association.
The Alaska opinion is HERE. The opinion concludes that the use of web bugs violates Alaska’s Rules of Professional Conduct. It also includes the following language:
- “The Committee notes that Rule 1.6(c) requires a lawyer to take ‘reasonable precautions’ transmitting a communication that includes a client confidence or secret so as to avoid allowing the information to come into the possession of unintended recipients, including information in electronic form. The Committee does not interpret this duty as requiring the lawyer to presume that opposing lawyer will seek to ‘bug’ communications and requiring the lawyer to take active steps to detect and prevent such tracking devices. As a practical matter, with rapidly changing technology and software that may be impractical or even impossible for the receiving lawyer to accomplish. The Committee believes that the only reasonable means of protecting attorney-client communications and work product in this situation is to bar the lawyer sending the communication from using these types of tracking devices.”
This paragraph stood out to me. Why? As anyone who attended my CLEs on digital security in Montreal, Rutland, or Brattleboro knows, I’ve stressed that Vermont lawyers have a duty to take reasonable precautions to protect client data, whether the data is in transmission or at rest. For more on reasonable precautions, click HERE.
With that in mind, here’s what I wrote in my original blog post:
- ” I find this final point somewhat interesting. It’s quite different from the evolving view of a lawyer’s duties with respect to the electronic storage and transmission of client information. It’s also the exact opposite of what we’re telling lawyers with respect to metadata & track changes. With metadata & track changes, we’ve clearly stated that it’s perfectly okay to look for information that goes to the heart of the attorney-client relationship. In so doing, we’ve said that if you don’t know about metadata and don’t take steps to prevent it from being accessed, it’s your problem, not the lawyer’s who looks for it without telling you that she’s looking.”
From there, I added:
- “No, I’m not arguing that a lawyer has a duty to sweep the office for bugs or listening devices once opposing counsel departs after visiting. Rather, I simply wonder whether technology soon will have evolved to the point where it is not unreasonable for a lawyer to check an email for a web bug.”
So, I want to be clear: by suggesting that lawyers have a duty to protect against web bugs and spy mail, I am not suggesting that the rules allow a lawyer to use web bugs and spy mail.
That being said, I remain struck by the language in the Alaska Opinion.
I’ll close by repeating myself:
- Lawyers have a duty to take reasonable precautions to protect client information.
- There are bad people out there using spy mail and web bugs.
- Lawyers have a duty to stay abreast of the benefits and risks of relevant technology.
- There is technology available to protect against spy mail and web bugs.
So, as I wrote in my original blog post on web bugs:
“No, I’m not arguing that a lawyer has a duty to sweep the office for bugs or listening devices once opposing counsel departs after visiting. Rather, I simply wonder whether technology soon will have evolved to the point where it is not unreasonable for a lawyer to check an email for a web bug.”