Round up: Paperless law firms, cloud computing for lawyers, and choosing legal software

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles since March:


ABA on the ethical obligations of prosecutors in misdemeanor cases

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Today I came across a headline that I assumed at first glance was an Onion article or some other type of satire. It had to be. The ABA Journal headline stated something that I’ve always assumed was simply a given: “Prosecutors must maintain ethical conduct during misdemeanor plea deals, ABA ethics opinion says.”

Note that what the headline failed to mention was the the opinion addressed prosecutors obligations when interacting with unrepresented misdemeanor defendants. But even so - come on! How could there be any confusion on that issue? Prosecutors are lawyers and, just like the rest of us, they’re required to act ethically at all times. There’s no “misdemeanor or lower” exception to ethics requirements. At least, not that I’m aware of.

But, nevertheless, the fact that the ABA felt the need to weigh in on this is an indication that there was a need for further clarity on this issue. And, if the ABA deems this topic important enough to opine on, then I likewise believe that it’s important enough for me to write about. So if you’re as curious as I was about this opinion, then buckle up and let’s dive in.

In Formal Opinion 486, which was handed down on May 9th, 2019, the ABA Standing Committee on Ethics and Responsibility considered the ethical obligations of prosecutors when negotiating and plea bargaining with unrepresented individuals accused of misdemeanors.

At the outset, the Committee acknowledged that while most prosecutors perform their job functions ethically, that’s not always the case: “Notwithstanding the commitment of most prosecutors to high professional standards, there is evidence that in misdemeanor cases where the accused is or may be legally entitled to counsel, methods of negotiating plea bargains have been used in some jurisdictions that are inconsistent with the duties set forth in the Rules of Professional Conduct.”

The Committee then turned to the accused’s right to counsel, noting that it is unethical for prosecutors to interfere with this right in any way: “Under Model Rule 3.8(b) prosecutors must make reasonable efforts to assure that unrepresented accused persons are informed of the right to counsel and the process for securing counsel, and must avoid conduct that interferes with that process.”

Next, the Committee tackled the plea bargaining process, explaining that when a defendant is unrepresented, prosecutors must discuss the known consequences of a proposed plea deal with the accused. This is because an unrepresented defendant is in a uniquely vulnerable position. As such, “if the prosecutor knows the consequences of a plea – either generic consequences or consequences that are particular to the accused – the prosecutor must disclose them during the plea negotiation.”

The Committee further elaborated on the obligations of prosecutors in this situation and provided examples of impermissible conduct:

“Thus, where a prosecutor knows from the charge selected, the accused’s record, or any other information that certain collateral consequences or sentence enhancements apply to a plea on that charge, statements like the following would constitute prohibited misrepresentations:

‘Take this plea for time served and you are done, you can go home now.’

‘This is a suspended sentence, so as long as you comply with its terms, you avoid
jail time with this plea.’

‘You only serve three months on this plea, that’s the sentence.’”

The Committee then turned to a prosecutor’s ethical obligations when extending a plea offer to an unrepresented and clarified that prosecutors cannot do so unless there is sufficient evidence to support the plea offer: “Under Model Rules 1.1, 1.3, 3.8(a), and 8.4(a) and (d), prosecutors have a duty to ensure that charges underlying a plea offer in misdemeanor cases have sufficient evidentiary and legal foundation.”

Finally, the Committee noted that a prosecutor’s ethical obligations extend to post-plea interactions: “If a prosecutor learns during the plea colloquy with the court or other interactions that the unrepresented accused’s acceptance of a plea or waiver of the right to counsel is not in fact voluntary, knowing, and intelligent, or if the plea colloquy conducted by the court is inadequate to ascertain whether the plea or waiver of the right to counsel is in fact voluntary, knowing, and intelligent, the prosecutor is obliged to intervene.”

That this opinion was even issued, my friends, is an unfortunate reminder of the state of our profession in 2019. That being said, it serves as a welcome, and much-needed, reminder to prosecutors who may be walking a fine ethical line when it comes to many of these issues: always ensure that you walk on the right side of that line, or risk losing your license to practice law.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


New York court on privacy expectations in social media accounts

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Every year around this time I begin to conduct research for the annual update to the Thomson Reuters criminal law treatise, “Criminal Law in New York,” that I co-author with Brighton Town Court Judge Karen Morris. During the course of my research I often discover cases that arise from interesting overlaps of technology and criminal law.

This year has proven to be no different, and last week I stumbled upon an interesting case from New City Criminal Court, which focuses on issues relating to whether the access to social media accounts by law enforcement triggers constitutional privacy interests.

In People v. Sime, 62 Misc.3d 429 (2018), one issue addressed by the Court was whether the defendant had a constitutionally protected privacy interest in the IP data and photograph metadata that she had uploaded and shared online via a public Instagram account.

In this case, the defendant was charged with, in part, unlawful disclosure of an intimate image in violation of Administrative Code of the City of New York § 10-177 [b][1]. It was alleged that the defendant, who was dating the complainant’s ex-boyfriend, posted nude photos of the complainant to two different Instagram accounts. The photos were allegedly taken by the complainant’s ex-boyfriend. One of the Instagram accounts was alleged to belong to the ex-boyfriend and the other was alleged to have been created in the complainant’s name by the defendant. As part of that prosecution, the court issued a search warrant on Instagram seeking access to the data connected with the two Instagram accounts.

The defendant challenged the search warrant, asserting that it was not supported by probable cause. She conceded that she did not have a privacy interest in the posted photos since they were shared on an account that was open to the public and had no privacy settings enabled. Accordingly, her argument was based instead upon the assertion that “there is a general right to privacy for the IP addresses associated with the person who posted the pictures and the metadata contained in the photographs public (sic.) posted pursuant to the recently decided case Carpenter v. United States, 138 S.Ct. 2206 [2018].”

As I explained in my article last week, in Carpenter the Court held that a warrant was required in order for law enforcement to access historical cell phone geolocation data. In the case at hand, the Court disagreed that the Carpenter holding was applicable on the gourds that IP data and metadata relating to an Instagram photo is not analogous to cell phone geolocation data.

The Court explained that unlike historical cell phone geolocation data, IP data does not necessarily provide information regarding the defendant’s specific location:

“Obtaining IP data does not provide the police the ability to exhaustively know a defendant's exact position — at best it might incidentally reveal what device was used to post a photograph in the general vicinity of an internet router. In other words, at most it will let the police find a building near the used cell phone or computer device on discrete dates when pictures were uploaded for the public to view, and has no bearing on the defendant's day-to-day movement…Similarly, photograph metadata might let you know what camera was used to take a particular picture, and (if it was not already obvious from the picture itself) where that picture was taken.”

Because IP data and metadata provide only a brief snapshot of the user’s location at any given time, the Court compared IP data and metadata to telephone billing records, in which customers have a lower expectation of privacy: “IP data and metadata are roughly analogous to telephone billing records, and there is no legal reason to protect this data to the same extent as long-term GPS data and cell-site information.”

Accordingly, the Court denied the defendant’s motion challenging the search warrant, concluding that “(T)here is no constitutional privacy afforded to the IP data and photograph metadata that the defendant uploaded and shared with the world, nor would a subjectively held privacy expectation be reasonable or one that society is prepared to recognize.”

Digital privacy rights are an important and evolving issue. Now that online interaction and mobile device usage are commonplace, data regarding all aspects of our daily lives is regularly collected by a host of third parties. As law enforcement increasingly seeks access to that information, courts will necessarily continue to grapple with the constitutional nuances presented by varying factual scenarios - and rest assured, I’ll continue to cover their efforts in this regard.

 

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


Massachusetts weighs in on law enforcement access to real-time geolocation data

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

 

Now that most Americans own smartphones, privacy issues abound. Our devices collect a vast array of information about us. Some of this data is stored on our devices and some is shared with our service providers. As a result, one issue that has cropped up repeatedly is when and how law enforcement may access cell phone data.

One particular type of data often sought by law enforcement is geolocation information. Our mobile devices provide both real-time and historical data regarding our location at any given time. Obviously this information has the potential to be incredibly valuable in the context of a criminal investigation, so it’s not surprising that law enforcement often seeks to obtain it.

The United States Supreme Court addressed the issue of whether law enforcement may obtain historical cell phone records last year. In Carpenter v. U.S., 138 Sup. Ct. 2206 (2018), the Court held that a warrant was required in order to access historical cell phone geolocation data.

The law is not yet settled regarding access to real-time cell phone data, however, so I read with interest a Massachusetts Supreme Court opinion that was handed down last week that addressed this very issue. In Commonwealth v. Almonor, No. SJC-12499, the Court considered whether “whether police action
causing an individual’s cell phone to reveal its real-time location constitutes a search in the constitutional sense.”

In this case, the defendant was identified as a murder suspect, and one of the witnesses to the crime provided police with the defendant’s name and cell phone number. After obtaining other evidence, the investigating officer contacted the defendant’s cell phone provider and requested several pieces of information, including the precise, real-time location of the defendant’s cell phone.

Eventually the provider “pinged” the defendant’s cell phone and provided law enforcement with the exact location of the defendant’s cell phone. Officers then drove to that location, obtained consent to enter the home, and arrested the defendant therein. The defendant moved to suppress the arrest on the grounds that the ping of the defendant's cell phone was a search under the Fourth Amendment and Article 14 of the Massachusetts Constitution.

In reaching its decision on the issue, the Court acknowledged that a delicate balance was required when considering the enhanced surveillance capabilities that technological advances provided law enforcement. The Court explained that it is important to carefully “guard against the…power of technology to shrink the realm of guaranteed privacy…(and) that privacy rights cannot be left at the mercy of advancing technology but rather must be preserved and protected as new technologies are adopted.”

The Court noted that when police direct a service provider to “ping” a cell phone to determine its real-time location, it raises “distinct privacy concerns,” especially since said data would not be collected in the absence of law enforcement’s request. Notably, the Court determined that there is a reasonable expectation of privacy in this situation since cell phones are such an indispensable part of our lives and provide an incredible amount of information about their owners. The Court explained that “society reasonably expects that the police will not be able to secretly manipulate our personal cell phones for any purpose, let alone for the purpose of transmitting our personal location data.”

As such, the Court concluded that it constitutes a search when law enforcement obtains real-time location data from a cell phone provider, since doing so intrudes on the cell phone owner’s reasonable expectation of privacy. The Court explained that to conclude otherwise would “shrink the realm of guaranteed privacy…under art.14 and leave legitimate privacy rights at the…mercy of advancing technology."

Although the Court held that the exigent circumstances exception applied to the facts of this case, the overall holding is a step in the right direction.

Technology is pervasive in our lives and offers so many benefits. But when used by law enforcement, can sometimes be abused in new and increasingly invasive ways. Decisions like this one provide much-needed analysis and insight into the application of constitutional protections in the face of rapidly evolving technological innovation.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


Lawyers and technology competency: Louisiana weighs in

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Lawyers and technology competency: Louisiana weighs in

In 2019, lawyers have a duty to stay on top of changes in technology. This requirement first appeared in 2012 when the ABA amended the comments to Model Rule 1.1 to indicate that technology competence is a requirement for lawyers. Specifically, Comment 8 was amended to include the following:

Maintaining Competence
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
Since then the majority of jurisdictions (36) have adopted this requirement.

In 2018 Louisiana joined their ranks in its own unique way when it amended its Code of Professionalism (which is a set of principles separate from its Rules of Professional Conduct) by adding the following two provisions regarding technology competence:

“I will use technology, including social media, responsibly. My words and actions, no matter how conveyed, should reflect the professionalism expected of me as a lawyer.”
“I will stay informed about changes in the law, communication, and technology which affect the practice of law.”

Notably, these two statements regarding technology differ quite a bit from the language that the other jurisdictions have incorporated into their Rules of Professional Conduct. While this choice of wording and the decision to include the statements in the Code of Professionalism rather than amending the Rules of Professional Conduct may at first blush seem insignificant, a recent ethics opinion issued by the Louisiana State Bar Association is indicative of a perspective on technology competence - and on technology itself - that differs substantially from that of other jurisdictions.

Under consideration in PUBLIC Opinion 19-RPCC-021 (online:
http://files.lsba.org/documents/Ethics/EthicsOpinionLawyersUseTech02062019.pdf), which was handed down in February, was the ethical obligations of lawyers who use technology. Importantly, in framing the issue, the Bar seemed to imply that lawyers do not necessarily need to use technology in order to practice law in 2019, and that if they choose to do so, only then do they have an obligation to understand it.

The focus of the opinion is on the many dangers of using technology, with an emphasis on the many risks lawyers face when doing so. The tenor of the opinion is evident from the very start when the Bar characterizes the approach taken any other jurisdictions in the following manner:

“The consensus is that if a lawyer is going to use technology, that lawyer has a duty to comply with Rules 1.1, 1.3, 1.4, 1.6 and 1.15 of the ABA Model Rules of Professional Conduct. Lawyers must use technology competently and diligently. (Emphasis added).”

Then towards the end of the opinion the Bar again suggests that using technology is a choice for lawyers:

“(I)f a lawyer chooses to use technology in the lawyer’s practice, basic issues must be addressed. (Emphasis added).”

Compare these statements to the explanatory language quoted above (that most states have adopted into the comments to their Rules of Professional Conduct):

“To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”

In the preceding sentence, knowledge of technology is part of the duty to maintain competence. Technology know-how is not optional and it is not something that a lawyer can avoid simply by choosing not to use technology.

In other words, the consensus regarding technology competence is not that lawyers must be competent only if they choose to use technology. Instead the consensus is that in 2019, lawyers must understand technology so that they can make educated decisions regarding whether and how to use it in their practices.

This is an important distinction since in 2019 it is impossible for lawyers to practice law without encountering - and thus necessarily gaining an understanding of - technology in one form or another. And the failure of lawyers to understand how a given technology works and how it will affect their clients’ matters is a violation of the duty of competence at best, and malpractice at worst.

For example, litigators need to understand how social media platforms work in order to assess whether social media evidence exists that would benefit or harm their clients’ matters. The failure to do so could arguably result in malpractice in some cases.

Similarly many jurisdictions are now requiring e-filing in some courts. A basic understanding of the concepts related to digital documents and e-filing, including proper redaction techniques, is needed in order to competently represent clients and timely file papers with the court.

For other lawyers, a basic understanding of ediscovery procedures is a prerequisite to competent representation of their clients. Similarly for lawyers handling matters involving potentially sensitive issues secure client communication options other than unencrypted email must be carefully considered in order to properly protect confidential client data.

These are only a few examples of how technology unavoidably overlaps with the practice of law. So, to put it mildly, I was extremely surprised by the tenor of the Louisiana opinion. Not only does it represent a marked shift from the approach taken by other jurisdictions - it seemingly flies in the face of the realities of practicing law in the 21st century. The proper framework for addressing the impact of technology on the practice of law and lawyers’ ethical obligations when doing so is not to ask if a lawyer will use technology, but when.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


When emojis and the law collide

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

When I started writing about the intersection of law and technology in 2006, emojis were a sidebar in the world of communication. Until the release of the first smartphone, the iPhone, emojis were typically used only in certain online chat rooms. But with the release of the iPhone in 2007, people were able to use emojis more often using various messaging apps. And then when iOS 6 was released in 2012, iPhone users were able to easily include emojis in Apple’s native messaging platform. From there, emojis become a common part of everyday communication.

Of course, as is often the case, whenever technological advancements occur - especially in the realm of communications - a notable impact on legal proceedings soon follows. For example, in 2011 I wrote a column focused on a witness intimidation case covered in the Rochester Democrat and Chronicle. It was a federal court case where the defendant was alleged to have “poked” someone on Facebook, and in doing so was alleged to have intimidated a witness. The judge conducting the arraignment admitted that he lacked sufficient knowledge regarding the nature of a Facebook poke, as did the attorneys appearing on the matter. The judge then asked the courtroom spectators if anyone could explain the concept and refused to move forward with the arraignment until he was satisfied by the explanation provided by a reporter who happened to be in the courtroom.

That was the very first time I had encountered a report of social media impacting a criminal matter so I found it to be of great interest. Of course, since 2011, social media references in court cases have increased exponentially. Notably, that same phenomenon is now occurring with emojis as they become commonplace in many of our digital communications, and references to emojis and emoticons in court cases have increased significantly in recent years.

In 2004, there was a single case that referenced the word “emoticon.” Fast forward to 2012, and there were 7. In 2015, there were 15 cases that referenced either the terms “emoji” or “emoticon,” and last year that number had increased to 53. (For a full list of references see this post.)

The most recent case (from March 12th) that references the term “emoji” appeared in a California Court of Appeal case that also involved allegations of intimidating a witness. In People v. Smith, 2019 WL 1122768, at issue was whether the evidence, which included Facebook comments that included emojis, was sufficient to convict the defendant of intimidating a witness.

The Court concluded that the emoji evidence at issue supported the defendant’s conviction of intimidating the witness, “T.R.,” a 15-yo victim in a pimping case:

“The comments contained emojis of rodents. The later comments, following T.R.'s other name, “[T.W.],” included gunshot emojis, gun emojis, and the statement, ‘share my post.’ The four gunshot emojis and three gun emojis were evidence Smith was seeking to encourage other viewers of his Facebook page to shoot T.R. His comments included three emojis, each representing a hand with the thumb and forefinger touching and the other fingers pointed up, representing the letter “b,” a symbol of the Bacc Street Crips. The jury could have reasonably concluded from the photograph and comments that Smith intended to communicate that T.R. was a despised female who had told on Washington, and she was therefore a “rat” or snitch whom members of the gang should kill to assure she did not testify against Washington at his trial.

Additionally, Smith “hashtagged” T.R., notifying her of the post. This evidenced an intent that she see the photograph and comments and cower accordingly, i.e., by not testifying against Washington at his trial.”

It’s undoubtedly a bit strange to read a court’s attempt to interpret the cartoon-like characters that are finding their way into our daily communications. But expect to see more of this - much more - as our use of electronic forms of communication continue to increase. Like it or not, emojis - and technology in general - are here to stay.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


Pennsylvania Supreme Court on ethically mining social media evidence

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Pennsylvania Supreme Court on ethically mining social media evidence

Social media can be a gold mine for litigation attorneys. There’s a wealth of information available online that can often be used to the benefit of your client at trial. The trick is knowing how to ethically access social media evidence. Because if you don’t fully understand the ins and outs of the various social media platforms and your ethical obligations, your attempts to obtain online evidence favorable to your client’s case could have the opposite result: it could be precluded from use at trial, and you could even face disciplinary action.

The latter is what occurred when a Pennsylvania attorney’s law license was suspended by the Supreme Court of Pennsylvania. In Office of Disciplinary Counsel v. Stacy Parks Miller, Miller’s license was suspended, in part, due to her deceptive behavior in creating a fictitious Facebook page in order to obtain evidence while serving as the Centre County District Attorney.

Specifically, it was alleged that Miller created a fictitious Facebook page in 2011, with the end goal being to curb criminal activity relating to the illegal sale of bath salts. The Facebook page was based on a fake social media persona and purported to be the social media account of a young woman who had recently dropped out of college.

After creating the page she sent an email encouraging her staff to send “friend requests” to others from the fake account in order to legitimize the fake account. Specifically she suggested that they use the Facebook account to “masquerade” and “snoop” on Facebook. While the account was being used by the District Attorney’s Office, “individuals represented in criminal proceedings either sent friend requests to the page or received friend requests from the page.”

In her defense, Miller asserted that the Facebook page represented a “proper law enforcement operation.” The Disciplinary Board of the Supreme Court of Pennsylvania disagreed. The Board noted that the mere act of “having a third-person send a friend request to a represented party in order to gain access to the private portion of their profile violates RPC 8.4(c), and that the actions of Miller far exceeded that limited scope of impermissible conduct. Not only did she create a fake Facebook page, she provided her staff with access to it and actively encouraged them to use it to repeatedly interact with and connect with other individuals on Facebook who were suspected of engaging in illegal activities, some of whom were known to be represented by counsel."

Accordingly, the Board concluded that her actions were in violation of her ethical obligations. The Board explained that “(t)he Facebook page created by (Miller) and disseminated to her staff was fake and constituted fraudulent and deceptive conduct inn violation of RPC 8.4(c)…(Miller) induced her staff, both attorneys and non-attorneys alike, to engage in dishonest behavior and to imply disinterest in matters, without correcting any misapprehensions. The staff carried out (Miller’s) directives and used the page to “friend” individuals, some of whom were defendants. (Miller) enabled her staff to engage in deceptive conduct, without specific direction, for an unrestricted period of time. This conduct violated RPC 4.3(a), 4.3(c), 5.3(b), 5.3(c)(1), and 5.3(c)(2).” As such the Board recommended that her law license be suspended for one year and one day.

This is yet one more example of lawyers interacting online without fully understanding their ethical obligations. Certainly there is a wealth of information - and potential evidence - available on social media platforms, and in 2019, willfully ignoring its existence is arguably malpractice. But before attempting to access information posted online, make sure that you have full knowledge of how the platforms work and what your ethical obligations are in regard to accessing that data. Tread lightly and intelligently when mining social media for evidence, lest you face the same penalty as Ms. Miller.

 

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


Texas Bar weighs in on lawyers using cloud computing

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Texas Bar weighs in on lawyers using cloud computing

For nearly a decade now, I’ve been tracking ethics opinions that address the issue of whether lawyers can ethically use cloud-based software to store confidential client data. As a refresher, cloud computing is when you store your data on servers owned by a third party instead of on your law firm’s on-premise servers.

New York was one of the first jurisdictions to hand down an ethics opinion on this issue in 2010: Opinion 842. In that opinion, the Ethics Committee wisely concluded that “a lawyer may use an online data storage system to store and back up client confidential information provided that the lawyer takes reasonable care to endure that confidentiality is maintained.”

Since then, more than 20 other states have followed suit and weighed in on the issue of whether lawyers can ethically use cloud computing to store confidential client data on third party servers. And, in each opinion, the ethics committee concluded that it was permissible to do so.

To the best of my knowledge, it’s been a few years since a jurisdiction addressed this particular topic (which I would argue is a sign that the issue is fairly well settled at this point). So I was excited to learn from my friend and Rochester-based social media lawyer, Scott Malouf, that an opinion on cloud computing had recently been issued in a new state: Texas.

In September 2018, the Professional Ethics Committee for the State Bar of Texas issued Opinion 680. At issue in this case was whether Texas lawyers may “use cloud-based client data storage systems or use cloud-based software systems for the creation of client-specific documents where confidential client information is stored or submitted to a cloud-based system.”

At the outset, the Committee rightfully acknowledged that cloud computing use is pervasive: “Cloud-based electronic storage and software systems are in wide use among the general public and lawyers.”

Next, the Committee explained that online communication and data storage systems are no different than any other type of offline systems used for communication or document storage: “While wide usage of an information storage method or software document creation system is not, in itself, justification for its use by lawyers, alternative methods of information storage and document preparation also have an inherent risk of disclosure or misuse—just as a privileged letter to a client through the U.S. Postal Service (versus transmission through email) can be intercepted or accessed by third parties and a client’s file in a lawyer’s office may be susceptible to access or disclosure by unauthorized parties without the lawyer ‘knowingly’ revealing that information.”

In other words, there’s no such thing as absolute security, regardless of whether your law firm’s information is stored and shared online or off.

Next the Committee turned to the issue of whether lawyers can ethically use cloud computing. The Committee noted that the benefits of cloud computing were many, and that in most cases it was permissible for lawyers to store confidential client data in the cloud: “Considering the present state of technology, its common usage to store confidential information, and the potential cost and time savings for clients, a lawyer may use cloud-based electronic data systems and document preparation software for client confidential information.”

Of course, as is always the case when lawyers outsource the management of confidential client data to third parties, lawyers have an obligation to thoroughly vet the third party vendor. The Committee explained that the “reasonable precautions” that lawyers must take include: “(1) acquiring a general understanding of how the cloud technology works; (2) reviewing the “terms of service” to which the lawyer submits when using a specific cloud-based provider just as the lawyer should do when choosing and supervising other types of service providers; (3) learning what protections already exist within the technology for data security; (4) determining whether additional steps, including but not limited to the encryption of client confidential information, should be taken before submitting that client information to a cloud-based system; (5) remaining alert as to whether a particular cloud-based provider is known to be deficient in its data security measures or is or has been unusually vulnerable to “hacking” of stored information; and (6) training for lawyers and staff regarding appropriate protections and considerations.”

The Committee also noted that on rare occasions, certain types of client data may be too sensitive to store in the cloud and thus “(i)n some circumstances it may be appropriate to confer with a client regarding these risks as applicable to a particular matter and obtain a client’s input regarding or consent to using cloud-based electronic data systems and document preparation software”

Finally, and most importantly, the Committee noted that lawyers have a continuing duty to maintain technology competence: “(A) lawyer should remain reasonably aware of changes in technology and the associated risks—without unnecessarily retreating from the use of new technology that may save significant time and money for clients.”

So there you have it. Yet another jurisdiction highlights the benefits of cloud-based computing and green lights its use by lawyers.

It’s not surprising since a lot has changed in the past decade. So if you’ve been on the fence about using cloud computing in your law firm, it’s time to re-assess your position. Cloud computing use has become the norm, even for lawyers. And the benefits of using cloud computing are many: affordable computing power, 24/7 access to your firm’s information, increased mobility, and far more secure communication options than traditional email. If ever there was a time to switch to cloud computing, the time is now. What are you waiting for?

 

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com. 


Round Up: Faxing for Lawyers, AI and the Law, Legal Billing Software, and More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles since January:


When technology and law enforcement collide

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Law enforcement officers have no problem using the latest and greatest technologies to police the people, whether it’s using facial recognition tools, cellphone geolocation data, or recordings obtained from smartphone technologies such as Amazon’s Alexa. But it seems that when the people use the very same tools to police the police - well, that simply won’t do.

For example, we know that the police typically don’t like being recorded while effecting an arrest and will often order bystanders to refrain from doing so, and have even been known to take custody of devices and delete data from them. Along the same lines, law enforcement has never been a fan of a more mundane and less tech-savvy practice that many motorists engage in: flashing their headlights in order to warn other motorists of a speed trap.

So I wasn’t surprised to learn that the New York Police Department had set its sights on the 21st century version of headlight flashing: the Waze app’s user-submitted reports regarding speed taps and DWI checkpoints.

According to the New York Times, last weekend the NYPD’s acting deputy commissioner for legal matters, Ann P. Prunty, sent a letter on behalf of the NYPD to Google (the owner of the Waze app) to demand that it remove that feature from Waze. The rationale for this request was as follows: “The posting of such information for public consumption is irresponsible since it only serves to aid impaired and intoxicated drivers to evade checkpoints and encourage reckless driving. Revealing the location of checkpoints puts those drivers, their passengers, and the general public at risk.”

If Google refused to do so, Prunty indicated that the NYPD would pursue all legal remedies available to it to achieve its goal of preventing people from sharing said information via the app.

For starters, this request, if granted, likely infringes on the First Amendment rights of ordinary citizens, but that’s an issue that the courts will have to grapple with if legal remedies are indeed pursued by the NYPD. That’s certainly an interesting issue, but what I found to be even more interesting was that the letter was a perfect example of a knee jerk reaction to technology.

I say this because people have always found ways to share information regarding the arrival or location of the police. There are code words used by kids on the street that warn others when police appear on the scene. And, as mentioned above, motorists flash their headlights after encountering a speed trap to warn other drivers. Similarly, truck drivers use their CB radios to communicate the whereabouts of police to other truckers. And certainly cell phones have been used by motorists for the purposes of sharing information via phone calls for that same reason as well.

In other words, citizens have always found ways to communicate with one another with the end goal being to avoid police interaction. But in the past they’ve used the only methods available to them at the time, which were certainly less effective and not nearly as far-reaching as an app like Waze.

Enter technology and the power of social media, and suddenly ordinary citizens have the ability to broadcast their observations of law enforcement activities far and wide. It’s important to note, however, that while the efficiency and reach of the information sharing has improved, the essence of it is the same. It’s simply people communicating with one another regarding situations that are occurring in plain sight. Technology and social media have simply amplified their voices.

In other words, as I’ve oft repeated in this column since 2008, the medium doesn’t change the message. And in this case, I would argue that the message falls within the parameters of free speech, and that imminent danger exception does not apply. The fact that the message is now more easily transmitted to a larger number of people doesn’t change that fact.

The NYPD seems to have lost sight of the fact that the online is simply an extension of the offline. Should it follow through with its threat to litigate, this will be an interesting case to follow. I strongly suspect that First Amendment rights will trump law enforcement’s knee jerk reaction to technological innovation, but only time -and a lawsuit - will tell if I’m right.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.