The duty of confidentiality to former clients: judge orders Drew Peterson’s lawyer not to reveal information related to Peterson’s missing wife.

I like to use to imagery to make points related to legal ethics & professional responsibility. Here’s one of the images I use when discussing a lawyer’s duty of confidentiality:

What follows in today’s post invokes an image that’s similar, but with a critical distinction.  Imagine a picture in which it’s not me keeping me from disclosing confidential information. Rather, it’s a judge ordering me not to follow through on a threat to disclose a former client’s confidential information.

Last week, an Illinois judge ordered a lawyer not to disclose information related to the whereabouts of a former client’s missing wife.  Among others, the ABA Journal, WGN 9, NBC5, and the Chicago Sun-Times covered the story.

Many readers might have heard of the lawyer’s former client:  Drew Peterson.  Peterson is a former police officer who gained national attention in 2007 when his fourth wife, Stacy Peterson, disappeared. Stacy has never been found.

Stacy’s disappearance refocused attention on the 2004 death of Kathleen Savio, Drew’s third wife. Savio’s death was originally ruled an accident. Then, after Stacy’s disappearance, Savio’s body was exhumed. Following a forensics examination, Savio’s cause of death was changed to homicide.

In 2012, a jury convicted Drew of the premeditated murder of Savio. He was sentenced to 38 years in prison.  In 2016, he was sentenced to an additional 40 years after being convicted of soliciting the murder of the prosecutor in the Savio case.

Joel Brodsky represented Drew in the Savio trial. Last week, and as reported here, Brodsky told WGN Investigates that “maybe it’s time” to reveal Stacy’s whereabouts.  Referring to Drew, Brodsky added:

• “It’s something that weighs on my conscience. I would never do anything that would hurt a former client, but he’s in prison, he’s never getting out.  So, if he’s a man, he’d say ‘I’m done, here’s what happened,’ so people can have closure.”

Brodsky went on:

• “I know everything about both of his wives – everything. I feel bad about Drew still not taking responsibility and Stacy still being missing.  I’m thinking about maybe revealing what happened to Stacy and where she is.”

According to WGN 9, Brodsky’s statements came in response to Drew Peterson’s recent request for post-conviction relief in which he argues that Brodsky failed to provide effective assistance of counsel. Drew’s lawyer requested an order prohibiting Brodsky from revealing the information. A judge granted the order, stating “[t]his may be the most vile crime in the U.S. but [defendants] still have a right to speak in confidence with their attorney.”

Brodsky appears not to agree with the judge’s decision. During the hearing, Brodsky argued that Drew’s allegations of ineffective assistance allowed Brodsky to disclose client confidences.  Following the hearing, WGN reports that “Brodsky said the question of whether he’ll reveal what happened to Peterson’s former wives is not ‘if’ but ‘how.’ He said: ‘That’s going to happen.’”

Wow.

I don’t suppose it’s likely that a Vermont attorney will find themselves similarly situated to Brodsky.  Still, I’m going to use the Brodsky story as a segue to review the duty of confidentiality that Vermont lawyers owe to former clients.

You are a lawyer admitted to practice law in Vermont.  Let’s assume you represented me in a trial in which I was convicted of the 2014 murder of X, my first wife.  Let’s also assume that Y, my second wife, has been missing since 2015 and that some suspect me to have been involved in Y’s disappearance. Finally, let’s assume that when you represented me in X’s matter, I told you what happened to Y.

The duty of confidentiality that you owe to me is set out in V.R.Pr.C. 1.9(c).  The rule states that a lawyer shall not:

“(1) use information relating to the representation to the disadvantage of the former client except as these rules would permit or require with respect to a client, or when the information has become generally known; or

(2) reveal information relating to the representation except as these rules would permit or require with respect to a client.”

As I interpret the rule, my statement about Y is information related to your representation of me in X’s matter.  If my interpretation is correct, I’m entitled to the protection afforded by Rule 1.9.

Indeed, Brodsky does not seem to argue that Drew isn’t a former client to whom he owes a duty of confidentiality.  Rather, he argues that the gag order violates his First Amendment rights and, further, that Drew’s claims of ineffective assistance of counsel authorize Brodsky to disclose otherwise confidential information.

Returning to the hypo in which you represent me in Vermont, if you were to make an argument like Brodsky’s, you’d argue as follows:

• Rules 1.9(c)(1) and (2) allow you to use or reveal my confidential information as permitted by other rules; and,
• Rule 1.6(c)(3) permits you to disclose information related to your representation of me.

Now, I know what you’re thinking:  what’s that Mike? How does Rule 1.6(c)(3) permit me to disclose information about you, my former client?

Short answer:  if you’re thinking of disclosing my involvement in Y’s disappearance, I’m not sure that it does.

V.R.Pr.C. 1.6(c)(3) sets out Vermont’s so-called “self-defense” exception. It permits a lawyer to disclose information related to the representation of a client if the

• “lawyer reasonably believes that disclosure is necessary to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client, to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved, or to respond to allegations in any proceeding concerning the lawyer’s representation of the client.”

So, your argument would be:

• Mike is a former client to whom I owe a duty of confidentiality.
• Rule 1.9(c) prohibits me from using or disclosing information related to my representation of Mike, except as authorized by other rules.
• Mike alleges that I provided ineffective assistance of counsel while representing him in the matter in which he was charged with the murder of X.
• In that Mike has made allegations about my representation of him, Rule 1.6(c)(3) authorizes me to disclose his involvement in the disappearance of Y.

Here’s why I, as your former client, would beg to differ.

Comment 14 to Rule 1.6 states that paragraph (c) permits disclosure “only to the extent the lawyer reasonably believes the disclosure is necessary to accomplish one of the purposes specified.”  It also states that “a disclosure adverse to the client’s interest should be no greater than the lawyer reasonably believes necessary to accomplish the purpose.”

I get it.  Yes, I’m alleging that you didn’t know what you were doing when you represented me in the case in which I was convicted of murdering X.  But what I told you about Y has nothing to do with what you did for me in X’s case. The fact that I’m in jail for life isn’t an exception to the duty of confidentiality you owe to me.  That is, “what’s one more life sentence” isn’t among the exceptions listed in Rule 1.6.  You can defend against my allegations without mentioning a single thing about Y.

I’ve made this point often in different contexts. For example, it’s not uncommon for someone convicted of a crime to allege that their lawyer failed to explain the collateral consequences of a conviction before the client agreed to a plea deal. Assuming the client pled guilty to something other than possession of child porn, I’ve explained to lawyers that it’s possible to respond to the allegation without adding “oh, and by the way, my client once told me that he has child porn on his phone.”

Finally, and back to the hypo in which you represented me, I’d likely file a disciplinary complaint against you for even suggesting that you might disclose what happened to Y. In so doing, you’re basically stating that I know what happened to Y, and that I admitted my involvement in confidence.

In closing, I’ll repeat what I’ve often stated at CLEs and in response to ethics inquiries.  Yes, V.R.Pr.C. 1.6(c)(3) authorizes lawyers to respond to certain allegations related to their representation of a former client. The response, however, should be limited to the disclosure(s) necessary to respond to the allegations.  That is, I do not view the rule as license to reveal the entire basket of a former client’s dirty laundry.

For some, the Brodsky/Peterson matter might ring familiar.  Indeed, it wasn’t far from here that, almost 50 years ago, two New York lawyers learned in confidence the location of two of their client’s victims.  You can read more about the so-called “dead bodies case” in the ABA Journal’s 2007 article The Toughest Call. The New York lawyers took a different approach than Brodsky.

Finally, given today’s environment, I wonder how far we are from the day when certain clients are deemed unworthy of the protections of Rule 1.6 and the attorney-client privilege.  I understand that each of us must do what allows us to sleep at night. That’s fine.  As long as we understand that a consequence of sleeping might be waking up without a license to practice law.**

As always, let’s be careful out there.

** Caveat 1: To be clear, I don’t know what the rules are in Illinois.  I have no idea whether Stacey’s disappearance was an issue in the Savio trial or whether Stacy’s disappearance is related to Drew’s allegations that Brodsky provided ineffective assistance in the Savio matter.  My thoughts on the duties that Vermont lawyers owe to their former clients are limited to the application of the Vermont Rules of Professional Conduct to the hypo involving X, Y, and me.

** Caveat 2: Brodsky’s license to practice law in Illinois has been suspended since 2019 as a result of misconduct in unrelated matters.

A quick recap of the 7 Cs of Legal Ethics

Welcome to Friday!

I’m taking a week off from the quiz. Still, I don’t want to leave anyone without their weekly refresher in legal ethics & professional responsibility!  So, motivated by last night’s huge win by the Cs, I’m sharing a video in which I provide a brief (9:39) overview of the 7 Cs of Legal Ethics.

• Competence
• Communication
• Confidentiality
• Conflicts
• Candor
• Commingling
• Civility

Enjoy the weekend!

There are reasons to consider not copying a client on an email to opposing counsel.

I’ve long expressed concern about a lawyer copying a client on an email to opposing counsel.  I’m here to do so again.

A few weeks ago, Brian Faughnan posted his reaction to the Washington State Bar Association’s (WSBA) release of Advisory Opinion 202201.  I recommend Brian’s post.

Here’s the scenario presented in the WSBA opinion:

• Lawyer A represents Client.
• Lawyer B represents someone else in the same matter.
• Lawyer A sends an email to Lawyer B.
• Lawyer A copies the email to Client.

As have most to address the issue, the WSBA opinion focuses on the duties of the receiving lawyer.  That is, does the receiving lawyer violate Rule 4.2  by replying to all?  In a nutshell, the WSBA concluded:

• “Short answer: It is the opinion of the Committee on Professional Ethics that “Reply All” may be allowed if consent can be implied by the facts and circumstances, but express consent is the prudent approach.”

In its longer answer, the WSBA set out the factors that the receiving lawyer should consider when assessing whether the sending lawyer impliedly consented to a “reply-all.”  Then, the WSBA advised:

• “To avoid a possible incorrect assumption of implied consent, the prudent practice is for all counsel involved in a matter to establish at the outset a procedure for determining under what circumstances the lawyers involved may “reply all” when a represented party is copied on an electronic communication.”

I don’t necessarily disagree. However, I continue to believe that the sending lawyer’s duties to the client are as important to the analysis. Indeed, as Brian noted in his blog post:

• “What the opinion does not address is the flip side of the situation – does the first lawyer who decides to loop his client directly into a conversation by cc’ing them on an email to opposing counsel run the risk of an ethical violation in doing so. Given the trend in various ethics opinions addressing the obligations of the receiving lawyer, there seems to be a good measure of safety for the sending lawyer, but I continue to believe that there is almost never a good reason outside of very limited circumstances for proceeding in this fashion.”

I agree!  Here are few reasons why sending lawyers should think twice about the client cc.

Last year, the New Jersey Supreme Court’s Advisory Committee on Professional Ethics issued ACPE Opinion 739.  I blogged about it here.  The Committee concluded:

• “Lawyers who initiate a group email and find it convenient to include their client should not then be able to claim an ethics violation if opposing counsel uses a ‘reply all’ response. ‘Reply all’ in a group email should not be an ethics trap for the unwary or a ‘gotcha’ moment for opposing counsel. The Committee finds that lawyers who include their clients in group emails are deemed to have impliedly consented to opposing counsel replying to the entire group, including the lawyer’s client.”

The Committee went on:

• “If the sending lawyer does not want opposing counsel to reply to all, then the sending lawyer has the burden to take the extra step of separately forwarding the communication to the client or blind-copying the client on the communication so a reply does not directly reach the client.”

Now, as far as I know, the New Jersey opinion is the only to conclude that the mere fact of copying a client on an email to opposing counsel is consent for opposing counsel to reply to all. However, other jurisdictions have cautioned that it’s not best practice.

For instance, in Opinion E-442, the Kentucky Bar Association stated:

• “Avoiding use of ‘cc’ also prevents the client to inadvertently communicate with opposing counsel by hitting the ‘reply all.’ ”

In Ethics Opinion 2018-01, the Alaska Bar Association urged caution, advising that there are situations in which lawyers who cc their clients on emails to opposing counsel risk waiving the attorney-client privilege.

Finally, in Formal Opinion 2020-100, the Pennsylvania Bar Association agreed with Kentucky and noted:

• “When a client is copied on email (either by carbon or blind copy), the client or its email system may default to replying to all. In doing so, the client may reveal confidential information intended only for his or her lawyer or waive the attorney-client privilege.”

The opinions include helpful examples of how the privilege might be waived. In addition, each concludes that it’s best practice for the sending lawyer not to cc the client and, instead, to forward to the client the email that was sent to opposing counsel.

Of course, I’m sure many lawyers are yelling “but Mike!!!”  I get it.  Indeed, as Brian blogged:

• “Now transactional lawyers may be screaming at me here for my naivete, but, unless you are truly trying to mimic a situation where lawyers and clients are all sitting around the table and having a discussion, I don’t think including all of those parties on an email thread makes sense. (And, it’s 2022, if that’s what you are trying to do then use some other communications platform at this point whether that be Zoom or WebEx or Teams or something else.) Otherwise, whatever you want your client to see, just forward the email thread to them separately. Doing anything else, absent a clear agreement among the counsel involved about whether communication is permitted is simply an unnecessary risk to take.”

To be clear, I’m not stating that a lawyer violates the Rules of Professional Conduct by cc’ing a client on an email to opposing counsel.  Nor is it my role to do so. That’s a decision left to Disciplinary Counsel, a hearing panel, and, ultimately, the Vermont Supreme Court.  Also, I understand that there will be situations in which the sending lawyer impliedly consents to a reply-all or doesn’t cause any undue risk when copying a client.

Still, my role includes lending guidance. When doing so, I tend to urge lawyers to avoid risk. Hence, I agree with the numerous jurisdictions and commentators who think that it’s best practice not to copy a client on an email to opposing counsel. If only to avoid the risk of the client mistakenly replying to all.

I’ll end with this.  Many will think I’m making it up. I’m not, and I have the time stamps to prove it.

As I was drafting this post, I received an email from a criminal prosecutor.  Here’s what the prosecutor wrote:

• “Hi Mike – I have a question about when a defense attorney cc’s a client on an email to me.  If memory serves, when responding, I should remove the client from the email chain as that could be considered contact with a represented individual.  Is that still the recommended practice?”

In my opinion, yes.  But in New Jersey? Maybe not.

More importantly, the prosecutor’s scenario demonstrates the risk in copying a client on an email to an opposing counsel.  Can you imagine if a criminal defendant mistakenly replies all and discloses information that is subsequently used against them?

As always, be careful out there.

Related posts:

• New Jersey committee concludes that lawyer who copies client on email to opposing counsel impliedly consents to “reply-all.”
• CC, BCC, and a lawyer’s duty of competence
• CC and “reply-all:” BCC is NOT the answer

Advisory Opinions

• Washington State Bar Association, Opinion 202201 (February 2022)
• Pennsylvania (Opinion 2020-100, 1/22/20)
• Alaska (Opinion 2018-1, 1/18/18)
• Kentucky (Ethics Opinion KBA E-442, 11/17/17)
• New York (Opinion 1076, 12/8/15)
• North Carolina (2012 Formal Ethics Opinion 7, adopted 10/25/13)
• New York City Bar Association (Formal Opinion 2009-01 1/2/09)

 

Client Confidences, Motions to Withdraw, and Responding to Subpoenas for Client Information

“Of course I’m okay! God didn’t make me Irish for nothing you know!!”

~ Katherine Flynn, aka Aunt Kate

**********************

I’ll get to subpoenas and motions to withdraw in a bit.  First, I’m going to share a story, if only because Aunt Kate would roll in her grave if I failed to acknowledge the day.

I bought my condo in 2018.  When I moved in, I found it a bit curious that the previous owners had installed flagpole mounts on both sides of the garage door.  Don’t get me wrong: I’m a fan of flags, have a bunch of them, and love to fly them as appropriate.  Still, when would I ever need to fly two flags at the same time?

Today!

As most readers know, I’m a fan of all-things Irish and most-things basketball, with the opening weekend of the NCAA tournament among my favorite basketball things. Today, then, is quite a day: the magical and rare alignment of cosmos and calendar that results in March Madness opening on St. Patrick’s Day. Frankly, Younger Me would be shocked to learn that we’re working this morning.

It gets better.

Another of my favorite basketball things is UVM basketball. Tonight, Vermont plays a winnable game in the NCAA tournament.  That alone is something that would’ve fried Younger Me’s brain.  Combine it with playing on Day 1 of the tournament on St. Patrick’s Day?  Well, frankly, Younger Me would be even more shocked to learn that it was only half & half in our coffee this morning.

All that said, I’m sure you’ve figured out what this has to do with flags. Today I’m flying two: my Irish flag and my UVM flag.  So, I’ll transition to the legal ethics portion of this post with an Irish toast to the prior owner who had the foresight to install two pole mounts:

Sláinte and Go Cats Go!

Now, back to our regularly scheduled programming.

Motions to Withdraw & Subpoenas to Disclose Client Information

Over the past few months, I’ve noticed an uptick in inquiries on each of these questions:

1. How much can I disclose in a motion to withdraw?
2. How do I respond to a subpoena to produce a former client’s file or to give testimony about my representation of that client?

Here’s the nutshell version of my guidance:

1. Very little. Cite to whatever provision of V.R.Pr.C. 1.16 applies, then go from there.
2. Very carefully. Absent client consent to produce or disclose, I suggest raising all non-frivolous defenses against production or disclosure in a motion to quash.  Then, go from there.

After responding to these inquiries, I email these blog posts to the inquirers:

1. Stop Making Noise.
2. Subpoenaed to Disclose Client Info?

Now, I can sense that my mother’s French-Canadian mother is not only rolling in her grave, but she’s stomping her feet and smashing her fists.  She’s realized that today’s post is not original, but a rehashing of blogs I posted years ago.  She’s blaming the laziness on my Irish gene.  Nanny, Papa’s wife, has a point.

Nevertheless, since the questions continue to come, I thought I’d share this refresher.

When moving withdraw, remember that “I want to withdraw” is not among the exceptions to V.R.Pr.C. 1.6’s prohibition on disclosing information relating to the representation of the client. That’s why I think it’s best practice for a lawyer to limit a withdrawal motion to citing whatever provision(s) of V.R.Pr.C. 1.16 apply.  Then, if the court orders further disclosure, V.R.Pr.C. 1.6(c) permits a lawyer to respond.  Stop Making Noise includes a cautionary tale of a Tennessee lawyer who clearly had grounds to withdraw, but who was sanctioned for disclosing too much in a motion to do so.

Similarly, “I’ve been subpoenaed” is not among the exceptions to V.R.Pr.C. 1.6’s prohibition on disclosing information relating to the representation of a client.  So, absent the client or former client’s consent to produce the file or to give testimony, I think best practice is to raise all non-frivolous arguments against production/disclosure in a motion to quash. Then, if a court compels production or disclosure, V.R.Pr.C. 1.6(c) permits a lawyer to comply with the court order.[1]  My blog post links to ABA Formal Opinion 473: Obligations Upon Receiving a Subpoena or Other Compulsory Process for Client Documents or Information.

As always, let’s be careful out there.

Happy St. Patrick’s Day!

[1] Note: this post assumes that the subpoena issues in a matter that does not involve an allegation involving the lawyer’s representation of the client.  The analysis likely would change if the subpoena issues in connection with a case or controversy involving the lawyer’s representation of the former client.  See, V.R.Pr.C. 1.6(c) or contact me.

Tech Competence, Screen Sharing, and Client Confidences.

Around 1PM, it felt like (another) day without a blog post.  Then, I went to lunch.

My office is in downtown Burlington.  Today, and despite the heat, I chose to walk to Beansie’s.

Waiting for my cheeseburger topped with peppers & onions, I checked my email.  There, I found the first of two stories to post.  Perusing my phone while I ate my burger in the shade[1], I found the second.  Each involves technology.  As we know, a lawyer’s duty of competence includes tech competence.

Story 1

A Vermont lawyer forwarded me an email from another lawyer in the same firm.  The co-worker wrote:

• “I’m in a deposition – other attorney’s email notifications keep popping up on screen share.  Seems like that could risk divulging attorney-client privileged information.”

Yes. Yes, it could.

I can sense some of you disagreeing.  You’re thinking “what could be privileged about an email notification?”

Well, I don’t know.  That’d be for a court to decide in the context of an attempt to compel disclosure.

But I do know this.

Rule 1.6 of the Vermont Rules of Professional Conduct prohibits a lawyer from disclosing information relating to the representation of a client. As I’ve oft stated in this space, Comment [3] makes clear that the rule’s prohibition is broader than the privilege.  The comment notes that the privilege applies “in judicial and other proceedings in which a lawyer may be called as a witness or otherwise required to produce evidence concerning a client.”  It goes on to state:

• “The rule of confidentiality applies in situations other than those where evidence is sought from the lawyer through compulsion of law. The confidentiality rule, for example, applies not only to matters communicated in confidence by the client, but also to all information relating to the representation, whatever its source.  A lawyer may not disclose information except as authorized or required by the Rules of Professional Conduct or other law.”

Neither the Rules nor other law include an exception for “it popped in while I was sharing my screen.”

The internet includes a plethora of resources on the various ways to avoid this problem.

I present a lot of CLEs via Zoom, WebEx, and Teams and often share my screen throughout a presentation.[2]  I’m petrified of having an email notification pop up and disclose (to some extent) a confidential inquiry of bar counsel.  So, I go old-fashioned.  When presenting, I close Outlook and all chats functions.

As always, be careful out there.

Note: In that I strive to avoid TLDR in the comments, Story 2 will follow later today or early tomorrow.  Stay tuned.

[1] Many readers know my preference for summer over winter. I suppose this week’s weather has some considering whether to ask, “how do you like summer now?”  Just as much as I did before!  Because in January, I wouldn’t be able to walk over to Beansie’s in shorts and t-shirt and enjoy my lunch outside.

[2] I also make sure that the only screen open is the one that I intend to share and that I choose that particular window instead of “screen 1” when I start the share.

Proposed Florida Opinion would allow mobile payment of legal fees as long as lawyers protect client confidences and safeguard funds.

I know a guy who runs an NCAA tournament pool.  He told me that most participants paid via Venmo or PayPal.  A few, however, sent checks in the mail.  Hearing this made me realize that there are people who do not know how mobile payment apps work.

Last week, the Florida Bar’s Professional Ethics Committee approved Proposed Advisory Opinion 21-2.  The proposed opinion concludes that Florida’s ethics rules do not prohibit a lawyer from accepting payment via apps like Venmo & PayPal if the lawyer:

1. protects client confidentiality; and,
2. takes reasonable steps to safeguard funds held in connection with a representation.

This press release summarizes the proposed opinion. It now goes out for comment and will considered for final adoption in June.

Next week, I’ll blog about the opinion’s consideration of the trust account rules.  Today, I’m more interested in the first part of the opinion.  In my view, it provides helpful reminders and guidance on tech competence and client confidentiality.

Some of you might be wondering: what does a mobile payment app have to do with client confidentiality?  Well, there you have it: tech competence.  You need to know what you don’t know.

Like the Florida opinion, let’s use Venmo as an example.

Venmo is more than just a payment processor.  In a way, it’s a social media platform.  Here’s language from the Florida opinion:

• “For example, Venmo users, when making payment, are permitted to input a description of the transaction (e.g., ‘$200 for cleaning service’). Transactions are then published to the feed of each Venmo user who is party to the transaction. Depending on the privacy settings of each party to the transaction, other users of the application may view that transaction and even comment on it.”

To illustrate the point, if you download the Venmo app, here’s what you’ll see before you log-in or sign-up:

From the third transaction in the feed, we know that Skye F and John G had a virtual coffee date.  Let’s hope that their privacy settings are such that one or the other’s significant other didn’t find out.

As an aside, did the date not go well? Is that why Skye charged John??  Anyhow, I digress.

Now, apply this to real life.  Yes, accepting mobile payments might make it easier to run your law office.  However, things might become more difficult if your privacy settings are such that the entire world, including John G’s unsuspecting spouse, learns from Venmo that your firm charged John G. for “divorce consultation.”

Here’s the answer, courtesy of me logging into Venmo and opening my privacy settings:

Finally, here’s a great paragraph from Florida’s proposed opinion.  The first sentence aside, it applies to every single circumstance that involves information relating to the representation of a client:

• “For lawyers, accepting payment through a payment-processing service risks disclosure of information pertaining to the representation of a client in violation of Rule 4- 50 1.6(a) of the Rules Regulating The Florida Bar. Rule 4-1.6(a) prohibits a lawyer from revealing information relating to representation of a client absent the client’s informed consent. This prohibition is broader than the evidentiary attorney-client privilege invoked in judicial and other proceedings in which the lawyer may be called as a witness or otherwise required to produce evidence concerning a client. The ethical obligation of confidentiality applies in situations other than those in which information is sought from the lawyer by compulsion of law and extends not only to information communicated between the client and the lawyer in confidence but also to all information relating to the representation, whatever its source. Likewise, a lawyer must make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation. The obligation of confidentiality also arises from a lawyer’s ethical duty to provide the client with competent representation. This includes safeguarding information contained in electronic transmissions and communications.”

From there, the opinion makes several suggestions.  To me, they boil down to this one:

• “The lawyer must make reasonable efforts to understand the manner and extent of any publication of transactions conducted on the platform and how to manage applicable settings to preempt and control unwanted disclosures.”

That’s all for now.  Next week I’ll discuss the section of the opinion that deals with the trust account rules.

Related post:

• Mobile Payment & Legal Fees (11/12/19)

NJ Committee concludes that a lawyer who copies a client on an email to opposing counsel impliedly consents to “reply-all.”

Updated, 4:24 PM on 3/26/21 to include the advisory opinions linked at the end of the post.

Here’s the situation:

• Attorney represents Blue.
• Lawyer represents Red.
• Attorney emails Lawyer and copies Blue.

For years, lawyers in Lawyer’s shoes have informed me how much it bothers them for Attorney to copy Attorney’s own client on an email to opposing counsel.

Earlier this month, the New Jersey Supreme Court’s Advisory Committee on Professional Ethics issued ACPE Opinion 739.  The Committee concluded “that lawyers who include their clients in the ‘to’ or ‘cc’ line of a group email are deemed to have provided informed consent to a ‘reply all’ response from opposing counsel that will be received by the client.”  Thus, in my example, Lawyer would not violate Rule 4.2 by “replying-all” to Attorney’s email.

The opinion doesn’t surprise me.  Given the nature of email, I expected that someone would eventually conclude that “cc” invites a “reply-all.”  Still, I urge caution.

As the Committee acknowledges, New Jersey is the first jurisdiction to reach this conclusion.  The opinion cites to advisory opinions from five other states that reached the opposite.  The Committee states:

• “Many of these opinions caution the sending lawyer that it is inadvisable to include the client on the email, acknowledging that the sending lawyer may be ‘setting up’ opposing counsel for an ethics violation. The Committee finds that these opinions from other jurisdictions do not fully appreciate the informal nature of group email or recognize the unfairness of exposing responding lawyers to ethical sanctions for this conduct.”

In its coverage of the New Jersey opinion, JDSupra urges caution as well:

• “Best practices also suggest that attorneys should avoid copying their clients on emails they send to opposing counsel so as not to imply consent for opposing counsel to communicate with the client. Any email sent to opposing counsel can just as easily be forwarded to a client.”

I agree, albeit for a different reason.  I’m not as concerned that the receiving lawyer might reply-all as I am that the sending lawyer puts their client at risk of doing the same, thereby disclosing confidential information to opposing counsel. Thus, to me, the lawyer who copies a client on certain emails to opposing counsel risks running afoul of Rule 1.1 (competence) and Rule 1.6 (confidentiality).

Still, the New Jersey opinion is interesting.  First, the Committee compared letters to conference calls:

• “There is no question that a lawyer who receives a letter from opposing counsel on which the sending lawyer’s client is copied may not, consistent with Rule of Professional Conduct 4.2, send a responding letter to both the lawyer and the lawyer’s client. In contrast, if a lawyer were to initiate a conference call with opposing counsel and include the client on the call, the lawyer would be deemed to have impliedly consented to opposing counsel speaking on the call and thereby communicating both with the opposing lawyer and that lawyer’s client.”

Then, the Committee concluded that a group email is more like a conference call than a letter:

• “Email is an informal mode of communication. Group emails often have a conversational element with frequent back-and-forth responses. They are more similar to conference calls than to written letters. When lawyers copy their own clients on group emails to opposing counsel, all persons are aware that the communication is between the lawyers. The clients are mere bystanders to the group email conversation between the lawyers. A ‘reply all’ response by opposing counsel is principally directed at the other lawyer, not at the lawyer’s client who happens to be part of the email group. The goals that Rule of Professional Conduct 4.2 are intended to further – protection of the client from overreaching by opposing counsel and guarding the clients’ right to advice from their own lawyer – are not implicated when lawyers ‘reply all’ to group emails.”

In addition, the Committee concluded that it would be unfair to require the receiving lawyer to sort through the email addresses of those copied to determine who should and should not be included on the reply.  That is, that in this day & age, the general norm is that a “cc” invites a “reply-all.”

Unsurprisingly, the Committee cautioned receiving lawyers against replying directly to the copied client without including the sending lawyer on the reply.

As always, be careful out there.

Update:  here are six opinions from other states, each of which advises that the receiving lawyer may not “reply-all” to an email in which the sending lawyer copies sending lawyer’s client.  All but the Pennsylvania opinion are cited in the New Jersey opinion.

• Pennsylvania (Opinion 2020-100, 1/22/20)
• Alaska (Opinion 2018-1, 1/18/18)
• Kentucky (Ethics Opinion KBA E-442, 11/17/17)
• New York (Opinion 1076, 12/8/15)
• North Carolina (2012 Formal Ethics Opinion 7, adopted 10/25/13)
• New York City Bar Association (Formal Opinion 2009-01 1/2/09)

 

Wisconsin Advisory Opinion Offers Cybersecurity Tips on Working Remotely

In late January, the Wisconsin Bar issued Formal Ethics Opinion EF-21-02: Working Remotely.  The opinion makes three important points and shares helpful and practical guidance on cybersecurity practices, training & supervision, and preparing clients.

First, the important points.

I’m a fan of the opening line of the synopsis:

• “The basic responsibilities that a lawyer owes the client – competence, diligence, communication, and confidentiality – lie at the core of lawyer’s professional obligations and remain unchanged irrespective of the lawyer’s physical location.”

That’s critical: the pandemic hasn’t lessened or diminished our professional obligations.  Our responsibilities remain the same as in 2019 when we were working in our offices.  Further, our basic obligations to clients will not change once the pandemic ends. As the opinion points out, “it is expected that lawyers, like other professionals, will continue to work remotely in some form after the pandemic.” So, the guidance, while issued in response to the pandemic, will prove valuable in an increasingly remote post-pandemic workplace.

Next, the opinion reiterates what I’ve been blogging for years: competence includes tech competence.  Pages 2 and 3 include language that I’m certain will worry lawyers.  The language, however, is important to take to heart.

• “Basic technological competence includes, at a minimum, knowledge of the types of devices available for communication, software options for communication, preparation, transmission and storage of documents and other information, and the means to keep the devices and the information they transmit and store secure and private.”

As the opinion notes, large firms likely will employ IT professionals for these issues.  Small firms and solos are reminded that they “may need to retain the services of an expert if they lack the knowledge to personally manage the technological aspects of practice.”

Finally, the conclusion ties together the first two points in an important reminder:

• “The COVID-19 pandemic has dramatically changed how lawyers work and represent their clients. Some of these changes may be temporary but others are likely part of a movement towards increased reliance on technology in the practice of law. As working remotely has become the new normal, lawyers must develop new skills and knowledge to comply with their core responsibilities.”

Indeed.

I’ll finish by cutting and pasting the guidance and practical tips that begin on page 10 of the Wisconsin opinion.  I’ve reformatted & renumbered the footnotes to endnotes.

***

General Guidance

 It is impossible to provide specific requirements for working remotely because lawyers’ ethical duties are continually evolving as technology changes. It is possible, however, to provide some guidance. Cybersecurity Practices Because working remotely relies on technology, competence in technology and cybersecurity practices are essential. The following cybersecurity practices have been recommended by a number of ethics opinions[i] and other resources. None of these practices are new: they are reasonable precautions that have helped lawyers fulfill their ethical obligations, especially the duty of confidentiality, when working in the office and when working remotely, whether at home during evenings and weekends, or during travel for work or vacation.

• Require strong passwords to protect data and to access devices. The more complex the password, the less likely that an unauthorized user will be able to access data or devices by using password cracking techniques or software.
• Use two-factor or multi-factor authentication to access firm information and firm networks. Although requiring an additional authentication step, such as a six-digit code sent to the lawyer’s phone or email, may seem inconvenient or burdensome, it is a reasonable precaution that increases protection and reduces the likelihood of unauthorized access by providing an additional layer of security beyond a strong password.
• Avoid using unsecured or public WiFi when accessing or transmitting client information. Hackers can access unencrypted information on unsecured WiFi and can use unsecured WiFi to distribute malware.
• Use a virtual private network (VPN) when accessing or transmitting client information. A VPN encrypts information and allows users to create a secure connection to another network.
• Use firewalls and secure router settings. A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules: it establishes a barrier between a trusted network and an untrusted network. A router connects multiple devices to the Internet, and connects the devices to each other.
• Use and keep current anti-virus and anti-malware software. Anti-virus and anti-malware both refer to software designed to detect, protect against, and remove malicious software.
• Keep all software current: install updates immediately. Updates help patch security flaws or software vulnerabilities, which are security holes or weaknesses found in a software program or operating system.
• Supply or require employees to use secure and encrypted laptops. All lawyers and staff should use only firm issued devices with security protections and backup systems and prohibit storage of firm or client information on unauthorized devices. All devices used by the lawyer, such as desktop computers, laptops, tablets, portable drives, phones, and scanning and copy machines, should be protected.
• Do not use USB drives or other external devices unless they are owned by the firm or they are provided by a trusted source.
• Specify how and where data created remotely will be stored and how it will be backed up.
• Save data permanently only on the office network, not personal devices. If saved on personal devices, taking reasonable precautions to protect such information.
• Use reputable vendors for cloud services. Transmission and storage of firm and client information through a cloud service is appropriate provided the lawyer has made sufficient inquiry that the service is competent and reputable.[ii]
• Encrypt emails or use other security to protect sensitive information from unauthorized disclosure. A lawyer should balance the interests in determining when encryption is appropriate.
• Encrypt electronic records, including backups containing sensitive information such a personally identifiable information.
• Do not open suspicious attachments or click unusual links in messages, email, tweets, posts, online ads.
• Use websites have enhanced security whenever possible. Such websites begin with “HTTPS” in their address rather than “HTTP,” and encrypt the communication.
• Provide adequate security for video meetings or conferences. The FBI has recommended the following steps: use the up-to-date version of the application; do not make the meetings public; require a meeting password; do not share the link to the video meeting on an unrestricted publicly available social media post; provide the meeting link directly to the invited guests; and manage the screen-sharing options.[iii] In selecting a videoconferencing platform, the lawyer should make sure it is sufficiently secure both in its structure and its contractual terms of use, especially any terms on access to user information.[iv]
• Do not have work-related conversations in the presence of smart devices such as voice assistants. These devices may listen to and record conversations.[v]

Training and Supervision

To comply with the duties required by SCR 20:5.1 and 5.3, partners, managers and supervisory lawyers should consider whether the firm’s policies and procedures are adequate to address the specific challenges that may arise when lawyers and nonlawyer assistants are working remotely.

• Establish and implement policies and procedures for cybersecurity practices. These policies and procedures should be in writing and provided to all lawyers and nonlawyer assistants, and stress compliance.
• Establish and implement policies and procedures for the training and supervision of lawyers and nonlawyer assistants in the firm’s cybersecurity practices. Training is the most basic step in avoiding a cyberattack at a law firm. In other words, it is extremely important to develop a culture of awareness. The most serious vulnerabilities of a cybersecurity system are not the hardware or software, but rather the people who use it. It is estimated that 90% of cybersecurity breaches are due to human error.[vi]
• Establish and implement policies and procedures regarding remote workspaces to mitigate the risk of inadvertent or unauthorized disclosures of information relating to the representation of clients. Remote workspaces should be private to ensure that others do not have access to phone conversations, video conferences, or case-related materials.
• Hold sufficiently frequent remote meetings between supervising attorneys and supervised attorneys, and between supervising attorneys and supervised nonlawyer assistants to achieve effective supervision.

Preparing Clients

Representing a client remotely may present challenges to competent representation.[vii] Consequently, a lawyer should carefully consider whether the lawyer can adequately prepare the client to testify or for interviews while working remotely.

• The lawyer and the client should have sufficient ability with the technology.
• The lawyer and the client should have access to relevant documents.
• The lawyer and the client have adequate time and attention to ensure the client’s comfort with the communicating by the medium that will be used.

[i] See, e.g., Wisconsin Formal Ethics Opinion EF-15-01: Ethical Obligations of Attorneys Using Cloud Computing (Amended September 8, 2017).

[ii] Wisconsin Formal Ethics Opinion EF-15-01.

[iii] https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-ofteleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic

[iv] Lawyers must understand that if video conferences are recorded the vendor may retain a copy under the terms of service. See INSIGHT: Zooming and Attorney Client Privilege, https://www.bloomberglaw.com/exp/eyJjdHh0IjoiQ1ZOVyIsImlkIjoiMDAwMDAxNzEtZWExYy1kMDAwLWE5N2YtZ WE3ZTkwYWMwMDAxIiwic2lnIjoidVliaWhQR3J3ZmpWcDBKeE5KY1JYV1c0RlcwPSIsInRpbWUiOiIxNTkwMjQwMzM 1IiwidXVpZCI6IndNWHUzdVFGajBEWGxkZFBKcTNSVVE9PU1ZZmVtSkhLU0hBMWtPNG8rTE50eGc9PSIsInYiOiIxIn0= ?usertype=External&bwid=00000171-ea1c-d000-a97fea7e90ac0001&qid=6912181&cti=LSCH&uc=1320042032&et=SINGLE_ARTICLE&emc=bcvnw_cn%3A7&bna_news_ filter=true

[v] For example, Google and Amazon maintain those recordings on servers and hire people to review the recordings. Although the identities of the speakers are not disclosed to these reviewers, they might hear sufficient details to be able to connect a voice to a specific person. https://www.vox.com/recode/2020/2/21/21032140/alexa-amazongoogle-home-siri-applemicrosoft-cortana-recording .

[vi] https://www.techradar.com/news/90-percent-of-data-breaches-are-caused-by-humanerror#:~:text=A%20new%20report%20from%20Kaspersky,carried%20out%20by%20cloud%20providers .

[vii] The New York County Lawyers Association Formal Opinion 754-2020 at 3.

Vermont Supreme Court suspends lawyer for improper use & disclosure of information relating to the representation of current & former clients.

Prologue

In a disciplinary proceeding, the attorney’s state of mind – negligent, knowing, or intentional – is a critical factor in determining the appropriate sanction. Misconduct born of negligence generally results in a lesser sanction than knowing or intentional misconduct.  A few years ago, I blogged about the process by which the Vermont Supreme Court and hearing panels of the Professional Responsibility Board decide the sanction to impose.

Today’s Blog Post

Whether via inquiry or at a CLE, I’ve often cautioned lawyers about taking cases that may require them to depose or cross-examine a former client.  A common reply is “But, Mike, any information I might use against my former client is public record.”

Again “it’s public record,” is NOT one of the exceptions to the prohibition against using information relating to the representation of a current or former client to their disadvantage.  Simply, lawyers who believe that it is are mistaken.  And, as the Vermont Supreme Court indicated last week, it’s a mistake that might not mitigate in favor of a more lenient sanction if disciplinary charges are filed against the lawyer who makes it.

Please read the opinion.  There’s no substitute for doing so.

All I will say is this: at the trial level, a hearing panel of the Professional Responsibility Board concluded that the lawyer violated Rules 1.8(b)and 1.9(c)(2) of the Vermont Rules of Professional Conduct.  The former prohibits lawyers from using information relating to the representation of a current client to the client’s disadvantage.  The latter prohibits lawyers from revealing information relating to the representation of a former client.  Concluding that the violations were “knowing,” the panel suspended the lawyer’s law license for 3 months.

On appeal, the lawyer conceded having violated Rule 1.9(c)(2). However, the lawyer argued that he mistakenly believed that the public nature of the former client’s proceeding relieved him of a duty to keep the information confidential.  Thus, he argued, the violation was “negligent”, not “knowing”, and that his state of mind mitigated in favor of a lesser sanction that would not affect his privilege to practice.

The Court affirmed the hearing panel.  In so doing, the Court stated that lawyers are expected to know the rules.  In essence, ignorance of the rules is no defense to Disciplinary Counsel’s enforcement thereof.  Then, the Court stated that the lawyer:

• “acted knowingly in revealing details of former client’s divorce to [others]. His mistaken belief that the disclosure was appropriate under the Rules does nothing to change the fact that he knowingly disclosed the information.”

It would be a mistake to conclude that the public nature of information relating to the representation of a current or former client relieves a lawyer of the duty not to use the information to the current or former client’s disadvantage.  A mistake that may not mitigate in favor of a lesser sanction.

Related Posts

• ABA Issues Guidance on Responding to Online Criticism
• Stop Making Noise
• ABA and Client Confidences: It’s Déjà vu All Over Again
• Can’t keep quiet? Try harder

 For more on the “generally known” exception to Rule 1.9(c)(2), see ABA Formal Opinion 479.

 

ABA Issues Guidance on Responding to Online Criticism

I haven’t blogged since before Christmas. Alas, like tragic ancient romances, all good things must come to an end.

I’m going to ease back into it with a topic familiar to regular readers: a lawyer’s duties when responding to online criticism.  It’s an issue I’ve discussed often.  Links to my prior posts are below.  Here’s the nutshell version:

• when considering if or how to respond to a negative review, a lawyer should be as careful as Elmer Fudd was quiet when hunting rabbits: very, very.

Yesterday, the ABA’s Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 496: Responding to Online Criticism.  I like the opinion and urge you to read it.  Here are my thoughts.

In Vermont, Rule 1.6 prohibits a lawyer from disclosing information relating to the representation of client.  Our rule on former clients, Rule 1.9, incorporates Rule 1.6 by reference.

There are exceptions to the general prohibition. Of the exceptions, the so-called “self-defense” exception is most often cited as permitting a lawyer to disclose other confidential information in response to a negative review.  As I’ve long pointed out, it doesn’t.

In Vermont, the “self-defense” exception appears in Rule 1.6(c)(3).  It permits a lawyer to disclose information relating to the representation:

• to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client;
• to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved; or,
• to respond to allegations in any proceeding concerning the lawyer’s representation of the client.

As ABA Opinion 496 further makes clear, a negative review is not “a controversy” or “proceeding” that triggers the “self-defense” exception.

In short, “my client criticized me online” does not fall within the exceptions to the general prohibition on disclosure.

Finally, while I haven’t received many inquires about how to respond to online reviews, those I’ve received consistently include the lawyer saying something like “the client’s post waives the privilege, so I can respond, right?”

Hold up!!

Your ethical obligation is not to disclose information relating to the representation of a client or former client.  The obligation encompasses all information relating to the representation, no matter the source.  As such, it is much broader than the attorney-client privilege.

In addition, the privilege is asserted in response to demands that compel production of confidential information.  For example, discovery requests or a request to testify under oath.  Whether a client’s online review constitutes a waiver of an evidentiary privilege is for a court to decide. It is not for the lawyer to decide in posting a reply.  Or, as the committee notes at the very beginning of its analysis in Formal Opinion 496:

• “[t]he scope of the attorney-client privilege, as opposed to confidentiality, is a legal question that this Committee will not address in this opinion.”

So, what can a lawyer do when criticized online? Opinion 496 includes guidance.  From the summary:

• “As a best practice, lawyers should consider not responding to a negative post or review, because doing so may draw more attention to it and invite further response from an already unhappy critic. Lawyers may request that the website or search engine host remove the information. Lawyers who choose to respond online must not disclose information that relates to a client matter, or that could reasonably lead to the discovery of confidential information by another, in the response. Lawyers may post an invitation to contact the lawyer privately to resolve the matter. Another permissible online response would be to indicate that professional considerations preclude a response.”

Negative online reviews will happen.  Fight the urge! Think and long & hard before you respond.

RELATED MATERIAL

 My Blog Posts

Negative Online Review? How Not to Respond

Negative Online Review? Restrain Yourself!

Other Blog Posts

ABA Journal, How to ethically respond to negative reviews from clients, Cynthia Sharp (friend of this blog)

Responding to Negative Online Reviews, Catherine Reach, North Carolina Bar Association Center for Practice Management

Advisory Opinions

 North Carolina State Bar, Proposed Opinion 2020-1

New York State Bar Association Ethics Opinion 1032

The Bar Association of San Francisco, Ethics Opinion 2014-1

Los Angeles County Bar Association Ethics Opinion 525