Lawyers should be concerned about a new Gmail security issue: here’s how to fix it
July 25, 2018
Here is a recent Daily Record column. My past Daily Record articles can be accessed here.
*****
Lawyers should be concerned about a new Gmail security issue: here’s how to fix it
If you’ve been reading my column over the years, you already know that unencrypted email is inherently unsecure and that it’s no different than sending a postcard written in pencil through the post office. Despite this fact, in the mid-1990s, bar ethics committees, including the New York State Committee on Professional Ethics, gave lawyers the green light to use email for confidential client communications.
Of course, as I’ve explained many times before, as technology changes, so too do expectations regarding security and the ethical duty to maintain confidentiality. As a result, email is slowly falling out of favor as an accepted method of secure attorney/client communication. The most recent evidence of this trend was the issuance of Formal Opinion 477 by the American Bar Association last year, wherein the Ethics Committee concluded that unencrypted email may not always be sufficient for client communication.
More recently, in early July, news reports revealed that emails sent and received by Gmail users can sometimes be read by third party apps and their developers - not just machines. The reason this matters is because it was previously believed that the emails of people who used the free version of Gmail email were only scanned by machines in order to serve up relevant ads.
This newfound revelation is an important one for New York lawyers who use the free version of Gmail (as opposed the paid version - GSuite - which doesn’t serve up ads to users, and thus emails aren’t scanned by Google). This is because the scanning of emails to provide ads was determined to be permissible by the New York State Bar Association in 2008, when the Committee on Professional Ethics concluded that since the contents of emails were being processed by a machine, not a person, for the limited purpose of serving up relevant content, it was ethically permissible to use Gmail for confidential client communications. (New York State Bar Association’s Committee on Professional Ethics Opinion 820-2/08/08).
In other words, if you’re using the free version of Gmail to communicate with clients, and have knowingly or unknowingly granted third party apps access to your Gmail account, you may now be violating your ethical obligation to maintain client confidentiality. And, on the flip side, even if you haven’t granted access to third party apps, if any of your clients use the free version of Gmail, it’s possible that they’ve done so and are now allowing third parties to view confidential email communications.
So if you or your clients use the free version of Gmail, you’ll need to take steps to ensure that your communications are secure. One way to accomplish this goal is to choose a different method of communication altogether. Since unencrypted email is inherently unsecure, regardless of the email provider, why not switch to secure client portals instead? Client portals, which are often built into law practice management software, provide a secure and efficient way for lawyers to communicate and collaborate with clients. With client portals, the cumbersome back and forth process of unsecure, threaded emails is a thing of the past and is instead replaced by the ability to securely communicate in an encrypted, controlled online environment.
Alternatively, switch to the paid version of Gmail, GSuite, or lock your free version down, and ask your clients do the same. If your choice is the latter, you’ll need to head over to Google’s Security Check-up page (online: https://myaccount.google.com/security-checkup/3) and revoke the access that any third party apps may have to your account. Your clients will need to do the same.
Regardless of the path that you take, keep in mind that as a New York attorney, you have an ethical duty to maintain technology competence. And, ensuring that the technologies that you use to communicate with clients are secure is an important part of that obligation. It’s not always easy to find the time to learn about new and emerging technologies, but it’s important that you do so. Make it a priority to learn something new each day, whether it’s from blogs, books, or CLEs.
Like it or not, taking steps to understand technology is now part of practicing law in the 21st century. The good news is that at the end of the day, maintaining technology competence will make you a better, more informed, and more efficient attorney.
Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase law practice management software. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. She can be reached at [email protected]