As I mentioned in a previous article, the American Bar Association established the Commission on Ethics 20/20 in 2009. The stated purpose of the commission is to “perform a thorough review of the ABA Model Rules of Professional Conduct and the U.S. system of lawyer reg- ulation in the context of advances in technology and global legal practice developments.”
The commission issued separate letters last month calling for comments on two different issues — lawyers’ use of Internet-based client development tools, including social media and blogs, and client confidentiality and lawyers’ use
of technology, with a focus on cloud computing technologies.
In a prior article I discussed the call for comments on social media use by lawyers. This week I’d like to focus on the cloud computing issue.
As explained in the letter calling for comments on lawyers’ use of cloud computing, “(t)he American Bar Association’s Commission on Ethics 20/20 is examining technology’s impact on the legal profession, including confidentiality-related concerns that arise from lawyers' increasing transmission and storage of electronic information ... One of the commission’s objectives is to determine what guidance to offer to lawyers who want to ensure that their use of technology complies with their ethical obligations to protect clients’ confidential information.”
One of the more alarming implications contained in this letter is the committee’s suggestion that, since cloud computing is a form of outsourcing and lawyers have ethical obligations to supervise non-lawyer assistants to whom work is outsourced, lawyers may have an ethical obligation to “supervise” cloud computing providers.
In support of this proposition, the committee relies on ABA Formal Ethics Opinion 08-451, which sets forth a lawyer’s obligation when outsourcing work to lawyers and non-lawyers. In the opinion, it is suggested that “The challenge for an outsourcing lawyer is ... to ensure that tasks are delegated to individuals who are competent to perform them, and then to oversee the execution of the project adequately and appropriately ... (T)o minimize the risk of potentially wrongful disclosure, the outsourcing lawyer should verify that the outside service provider does not also do work for adversaries of their clients on the same or substantially related matters; in such an instance, the outsourcing lawyer could choose another provider.”
To apply these requirements to cloud computing service providers would be a ridiculous proposition, just as it would likewise be outrageous to enforce this requirement upon lawyers using, for example, Lexis or Westlaw for their legal research services (which are a form of cloud computing as well). This is because out- sourced services that provide a software platform that assists in the practice of law are fundamentally different from the outsourcing of legal work or administrative tasks.
For example, lawyers are qualified to supervise the work of those performing outsourced legal or administrative tasks. However most lawyers are decidedly lacking the qualifications necessary to “supervise” software developers in the day-to-day administration of a legal software platform such as Westlaw or a legal cloud computing law practice management system.
Likewise, while lawyers certainly have an obligation to investigate the qualifications and competency of any company or person to whom work is outsourced, the duty to oversee the execution of a task would seemingly apply only to the tasks that the attorney is qualified to oversee: namely legal and administrative tasks, not tasks like computer programming, encryption, data storage, and the delivery of said services.
Finally, seeking to avoid conflicts of interests when engaging the services of a third party to perform legal or administrative tasks makes perfect sense. However, requiring lawyers to ensure that an online legal service provider does not provide services to adversaries, opposing parties, etc. would be impractical. Doing so would essentially prevent lawyers from using most online legal platforms, given that there are only a limited number of providers offering the different types of services, such as legal research platforms or law practice management programs.
In other words, there is a fundamental difference between outsourcing legal and administrative functions and outsourcing data management and storage to online legal service providers. The two types of outsourced services are not analogous and should not be treated as such when delineating an attorney’s ethical duties. Doing so confuses attorneys’ ethical obligations and unnecessarily limits the technology choices available to law firms
Nicole Black is of counsel to Fiandach & Fiandach in Rochester. She co-authors the ABA book Social Media for Lawyers: the Next Frontier, co-authors Criminal Law in New York, a West-Thomson treatise, and is currently writing a book about cloud computing for lawyers that will be published by the ABA in early 2011. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at email@example.com.