Court Martials, Web Bugs, and Tech Competence

This blog was built on the idea that competence includes tech competence.  As I’ve hammered home that point over the years, I’ve touched upon the ethics issues associated with web bugs.

My most recent post on the issue is here: Don’t Let the Web Bugs Bite It discusses an advisory opinion issued by the Illinois State Bar Association. I wrote:

  • “The ISBA concluded that an attorney who uses email tracking software engages in dishonest & deceitful conduct, and impermissibly intrudes on opposing counsel’s attorney-client relationship.  As such, the use web bugs violates Rules 8.4(c) and 4.4(a). The ISBA’s conclusions track (pun intended) conclusions reached by New YorkAlaska, and Pennsylvania.”

Web bugs and legal ethics are in the news this week.  Navy lawyers prosecuting the high-profile court martials two former SEALS allegedly inserted email tracking software into emails sent to the defense team and media outlets.  The Military Times, the ABA Journal, the Guardian, and the Associated Press covered the story.

First, what’s a web bug?  For the purposes of this post, a web bug is email tracking software.

Ok, so why is that important?  Read the articles on the Navy cases.  The ABA Journal headline sums it up: “Defense lawyers accuse military prosecutor of sending them emails with tracking software.”

More specifically, imagine yourself representing one of the accused. Now, further imagine yourself receiving an email from the prosecutor.  An email that includes the type of tracking software at issue in the ISBA advisory opinion.  Per the ISBA:

  • “The present inquiry involves the use of email ‘tracking’ software, applications that
    permit the sender of an email message to secretly monitor the receipt and subsequent handling of the message, including any attachments.  The specific technology, operation, and other features of such software appear to vary among vendors. Typically, however, tracking software inserts an invisible image or code into an email message that is automatically activated when the email is opened. Once activated, the software reports to the sender, without the knowledge of the recipient, detailed information regarding the recipient’s use of the message. Depending on the vendor, the information reported back to the sender may include: when the email was opened; who opened the email; the type of device used to open the email; how long the email was open; whether and how long any attachments, or individual pages of an attachment, were opened; when and how often the email or any attachments, or individual pages of an attachment, were reopened; whether and what attachments were downloaded; whether and when the email or any attachments were forwarded; the email address of any subsequent recipient; and the general geographic location of the device that received the forwarded message or attachment.”

A few thoughts.

To date, nearly everyone agrees that it’s a violation of the Rules of Professional Conduct to insert web bugs into emails sent to an opposing party or counsel.

The SEAL story raises a perfect example of tech competence.   Earlier this month, one of the lead defense attorneys received an email from the prosecutor.  Unlike prior emails from the prosecutor, it contained an unusual logo below the prosecutor’s signature.  The logo was of a bald eagle and American flag perched on the scales of justice.  The image aroused the attorney’s suspicions.  So much so that he wrote to the prosecutor:

  • “I am writing regarding your emails from yesterday, which contained an embedded image that was not contained in any of your previous emails. At the risk of sounding paranoid, this image is not an attachment, but rather a link to an unsecured server which, if downloaded, can be used to track emails, including forwards. I would hope that you aren’t looking to track emails of defense counsel, so I wanted to make sure there wasn’t a security breach on your end. Given the leaks in this case, I am sure you can understand.”

Well, here we are.  Sometimes they are out to get you.

Finally, I want to reiterate a point I made when I first blogged about the Illinois advisory opinion.

I do not disagree with any of the four opinions that have concluded that a lawyer’s surreptitious intrusion into a privileged relationship violates the rules. However, I differ with one aspect of the Illinois opinion.

The ISBA noted that “there do not appear to be any generally available or consistently reliable devices or programs capable of detecting or blocking email tracking software.”  As I stated then, I am not certain that I agree.  Indeed, shortly after I posted my blog, several tech vendors who follow me on social media either commented on the post or reached out to me privately.  Without exception, they agreed that there are a host of reasonably available countermeasures for law firms to employ against web bugs.

Moreover, I think it’s risky for a lawyer to rely on the old “well, they shouldn’t be unethically spying on me.”

I agree, nobody should be spying on you. And, when it comes to web bugs and email traacking software, the spies might always remain one step ahead.

But that does not relieve you of the duty to stay abreast of developments in technology and to take reasonable precautions against the unauthorized access to or inadvertent disclosure of information related to the representation of a client.

Bugs