Risky Mail: Concerns in Confidential Attorney-Client Email

Early in the days of attorney-client email, David Hricik wrote a soothing law review article, Lawyers Worry Too Much About Transmitting Client Confidences By Internet E-mail, arguing that email had risks but could be assumed private for the purpose of professional ethics. The ABA agreed in 1999, issuing a formal opinion that encrypting email was not required by ethical standards, and most jurisdictions followed suit. The 1999 ABA opinion persists today, despite being dangerously technology-specific, focused on almost obsolete technology, and over ten years later its legal foundation remains unsettled. I present three reasons why attorneys should be concerned about the risks to confidentiality in attorney-client email: legal uncertainty about general privacy expectations for email, broad waivers of email privacy through provider policies, and unrelated disclosure by third parties. Case-specific issues have become more important to determine ethical duties in confidential emails: manifold local privacy laws, local ethical standards, and provider policies. At least one type of email, employer-provided email, is no longer considered confidential in this context, a known ethical hazard for attorneys. In the context of Fourth Amendment law, email privacy remains unsettled, even after the landmark Sixth Circuit decision in Warshak. Legal, authorized third-party access now poses a serious risk to confidentiality in attorney-client email. Attorneys and clients need to understand these risks before informed consent is possible. Technology-based solutions may be part of broader best practices to protect confidentiality. Attorneys and clients must understand the technology at issue, rather than blindly risking clients’ confidences and their ethical duties on technologies they do not understand.