ISBA Professional Conduct Advisory Opinion

Opinion Number: Opinion No. 96-10
Opinion Date: May 1996

Use of e-mail, Lawyer Websites

Digest

Lawyers may use electronic mail services, including the Internet, without encryption to communicate with clients unless unusual circumstances require enhanced security measures. The creation and use by a lawyer of an Internet “web site” containing information about the lawyer and the lawyer’s services that may be accessed by Internet users, including prospective clients, is not “communication directed to a specific recipient” within the meaning of the rules, and therefore only the general rules governing communications concerning a lawyer’s services and advertising should apply to a lawyer “web site” on the Internet. If a lawyer uses the Internet or other electronic mail service to direct messages to specific recipients, then the rules regarding solicitation would apply.

Question

The Committee has received various inquiries regarding ethical issues raised by use of electronic means of communication, including electronic mail and the “Internet,” by lawyers. These inquiries usually involve two general areas of concern. The first is whether electronic mail may be used to communicate with clients regarding client matters in view of a lawyer’s duty under the ethics rules to maintain the confidentiality of client information. The second is whether the creation and use of a “web site” and other forms of contract with prospective clients may be conducted by lawyers on the Internet, and if so, whether the rules regarding "in person” solicitation should apply to such contact.

Because of the technical nature of the discussion, the Committee will use the following commonly accepted definitions in this opinion. The Internet is a supernetwork of computers that links together individual computers and computer networks located at academic, commercial, government and military sites worldwide, generally by ordinary local telephone lines and long-distance transmission facilities. Communications between computers or individual networks on the Internet are achieved throughout he use of standard, nonproprietary protocols.

Electronic mail, commonly known as e-mail, is an electronic message that is sent from one computer to another, usually through a host computer on a network. E-mail messages can be sent through a private or local area network (within a single firm or organization), through an electronic mail service (such as America Online, CompuServ or MCI Mail), over the Internet, or through any combination of these methods.

A bulletin board service (sometimes called a “BBS”) is an electronic bulletin board on a network where electronic messages may be posted and browsed by users or delivered to e-mail boxes. A “newsgroup” is a type of bulletin board service in which users can exchange information on a particular subject. A “chat” group is a simultaneous or “real time” bulletin board or newsgroup among users who send their questions or comments over the Internet.

The World Wide Web is that part of the Internet consisting of computer files written in a particular format (the “HTML” format) that includes “hyperlinks” (text or symbols that the user may click on to switch immediately to the item identified) as well as graphics and sound, to enable the creation of complex messages. A “home page” is a computer file containing text and graphics in the HTML format usually continuing information about its owner, which can be obtained over the Internet and viewed by transmitting it from the owner’s computer to the user’s terminal. A “web site” is a set of computer files containing text and graphics in the HTML format and organized around a central home page.

The Electronic Communications Privacy Act, 18 USC §2510, et seq. (the “ECPA”), is the federal codification of the intrusion arm of the common law tort of invasion of privacy applied to electronic communication and provides criminal and civil penalties for its violation. The ECPA is actually the 1986 revision of the federal wiretap statute originally enacted in 1968, but the term ECPA is now commonly used to refer to the entire statute, as amended.

Opinion

The first issue, whether a lawyer may use electronic mail services including the Internet to communicate with clients, arises out of a lawyer’s duty to protect confidential client information. Rule 1.6(a) of the Illinois Rules of Professional Conduct provides that “...a lawyer shall not, during or after termination of the professional relationship with the client, use or reveal a confidence or secret of the client known to the lawyer unless the client consents after disclosure.” AS the Terminology provisions of the Rules state, the information a lawyer must protect includes information covered by the lawyer-client privilege (a “confidence”) as well as information that the client wishes to be held inviolate or the revelation of which would be embarrassing or detrimental to the client (a “secret”).

The duty to maintain the confidentiality of client information implies the duty to use methods of communication with clients that provide reasonable assurance that messages will be and remain confidential. For that reason, the Committee concluded in Opinion No. 90-07 (November 1990) that a lawyer should not use cordless or other mobile telephones that were easily susceptible to interception when discussing confidential client matters. The Committee also opined that a lawyer conversing with a client over a cordless or mobile telephone should advise the client of the risk of the loss of confidentiality.

With the increased use of electronic mail, particularly electronic mail transmitted over the Internet, have come suggestions that electronic messages are not sufficiently secure to be used by lawyers communicating with clients. At least two state ethics opinions have concluded that because it is possible for Internet or other electronic mail service providers to intercept electronic mail service providers to intercept electronic mail messages, lawyers should not use electronic mail for “sensitive” client communications unless the messages were encrypted or the client expressly consented to “non-secure” communication. South Carolina Bar Advisory Opinion 94-27 (January 1995); Iowa Supreme Court Board of Professional Ethics and Conduct Opinion 96-1 (August 29, 1996). After reviewing much of the available literature on this issue, the Committee disagrees with these opinions.

Among the numerous recent articles regarding a lawyer’s use of electronic mail, the Committee found three to be particularly useful and informative. These are: Joan C. Rogers, “Malpractice Concerns Cloud E-Mail, On-Line Advice,” ABA/BNA Lawyers’ Manual on Professional Conduct (March 6, 1996); Peter R. Jarvis & Bradley F. Tellam, “High-Tech Ethics and Malpractice Issues,” 1996 Symposium Issue of the Professional Lawyer, p. 51 (1996); David Hricik, “Confidentiality and Privilege in High-Tech Communications,” 8 Professional Lawyer, p. 1 (February 1997). From these and other authorities, there is a clear consensus on two critical points. First, although interception of electronic messages is possible, it is certainly no less difficult than intercepting an ordinary telephone call. Second, intercepting an electronic mail message is illegal under the ECPA.

Courts and ethics committees have uniformly held that persons using ordinary telephones for confidential communications have a reasonable expectation of privacy. The three common types of electronic mail messages appear no less secure. For example, electronic messages that are carried on a local area or private network may only be accessed from within the organization owning the network. Such messages would therefore clearly appear subject to a reasonable expectation of privacy.

Other electronic messages are carried by commercial electronic mail services or networks such as America Online, CompuServ or MCI Mail. Typically, these services transmit e-mail messages from one subscriber’s computer to another computer “mailbox” over a proprietary telephone network. Typically, the computer mailboxes involved are password-protected. Because it is possible for dishonest or careless personnel of the mail service provider to intercept or misdirect a message, this form of electronic mail is arguably less secure than messages sent over a private network. AS a practical matter, however, any ordinary telephone call may also be intercepted or misdirected by dishonest or careless employees of the telephone service provider. Again, this possibility has not compromised the reasonable expectation of privacy of ordinary telephone users. The result should be the same for electronic mail service subscribers.

The third type of electronic mail, that carried on the Internet, typically travels in another fashion. Rather than moving directly from the sender's host computer to the recipient's host computer, Internet messages are usually broken into separate "packets" of data that are transmitted individually and then re-assembled into a complete message at the recipient's host computer. Along the way, the packets travel through, and may be stored temporarily in, one or more other computers (called "routers") operated by third parties (usually called an "internet service provider" or "ISP") that help distribute electronic mail over the Internet.

Unlike a cordless cellular telephone message, for example, an Internet e-mail is not broadcast over the open air waves, but through ordinary telephone lines and the intermediate computers. When an Internet message is transmitted over an ordinary telephone line, it is subject to the same protections and difficulties of interception as an ordinary telephone call. To intercept an Internet communication while it is in transit over telephone lines requires an illegal wiretap.

Consequently, the real distinction between an Internet electronic message and an ordinary telephone call is that Internet messages may be temporarily stored in, and so can be accessed through, a router maintained by an ISP. It is possible that an employee of an ISP (as part of the maintenance of the router) could lawfully monitor the router and thereby read part or all of a confidential message. As in the case of telephone and proprietary electronic mail providers, it is also possible for dishonest employees of an ISP to intercept messages unlawfully. The Committee does not believe that the opportunity for illegal interception by personnel of an ISP makes it unreasonable to expect privacy of the message.

As noted above, it is also clear that unauthorized interception of an Internet message is a violation of the ECPA, which was amended in 1986 to extend the criminal wiretapping laws to cover Internet transmissions. As part of the 1986 amendments, Congress also treated the issue of privilege in 18 USCA §2517(4), as follows:

No otherwise privileged wire, oral, or electronic communication intercepted in accordance with, or in violation of, the provisions of this chapter shall lose its privileged character.

This provision demonstrates that Congress intended that Internet messages should be considered privileged communications just as ordinary telephone calls.

In summary, the Committee concludes that because (1) the expectation of privacy for electronic mail is no less reasonable than the expectation of privacy for ordinary telephone calls, and (2) the unauthorized interception of an electronic message subject to the ECPA is illegal, a lawyer does not violate Rule 1.6 by communicating with a client using electronic mail services, including the Internet, without encryption. Nor is it necessary, as some commentators have suggested, to seek specific client consent to the use of unencrypted e-mail. The Committee recognizes that there may be unusual circumstances involving an extraordinarily sensitive matter that might require enhanced security measures like encryption. These situations would, however, be of the nature that ordinary telephones and other normal means of communication would also be deemed inadequate.

With respect to the second general issue, the extent to which a lawyer may use Internet web site to communicate with clients and prospective clients, the Committee believes that the existing Rules of Professional Conduct governing advertising, solicitation and communication concerning a lawyer's services provide adequate and appropriate guidance to a lawyer using the Internet. For example, the Committee views an Internet home page as the electronic equivalent of a telephone directory "yellow pages" entry and other material included in the web site to be the functional equivalent of the firm brochures and similar materials that lawyers commonly prepare for clients and prospective clients. An Internet user who has gained access to a lawyer's home page, like a yellow pages user, has chosen to view the lawyer's message from all the messages available in that medium. Under these circumstances, such materials are not a "communication directed to a specific recipient" that would implicate Rule 7.3 and its provisions governing direct contact with prospective clients. Thus, with respect to a web site, Rule 7.1, prohibiting false or misleading statements concerning a lawyer's services, and Rule 7.2, regulating advertising in the public media, are sufficient to guide lawyers and to protect the public.

On the other hand, lawyer participation in an electronic bulletin board, chat group, or similar service, may implicate Rule 7.3, which governs solicitation, the direct contact with prospective clients. The Committee does not believe that merely posting general comments on a bulletin board or chat group should be considered solicitation. However, of a lawyer seeks to initiate an unrequested contact with a specific person or group as a result of participation in a bulletin board or chat group, then the lawyer would be subject to the requirements of Rule 7.3. For example, if the lawyer sends unrequested electronic messages (including messages in response to inquiries posted in chat groups) to a targeted person or group, the messages should be plainly identified as advertising material.

Finally, lawyers participating in chat groups or other on-line services that could involve offering personalized legal advice to anyone who happens to be connected to the service should be mindful that the recipients of such advise are the lawyer's clients, with the benefits and burdens of that relationship. In Opinion No. 94-11 (November 1994), the Committee addressed an analogous situation arising out of a "call-in" legal advice service as follows:

The committee believes that callers to the legal advice service are clients of the law firm who are entitled to the protection of clients afforded by the Rules of Professional Conduct. However, it does not appear that either the law firm or the cellular telephone service makes any effort to determine the identity of the callers and check for potential conflicts of interest prior to the time that the callers' questions are asked and the legal advice is given. (Presumably the callers' identities are revealed after the advice is rendered through the billing process. If the cellular telephone company handles the billing for the law firm, this procedure may also violate client confidences. See ISBA Opinion No. 93-04) Under these circumstances, it would be possible for the law firm to give legal advice to callers whose interest are directly adverse to other firm clients, including other callers, in violation of Rule 1.7(a), or whose interests are materially adverse to the firm's former clients, including other callers, concerning the same or a substantially related matter, in violation of Rule 1.9

Lawyers participating in similar activity over the Internet would be subject to the same concerns expressed in Opinion No. 94-11.

For these reasons, the Committee believes that Illinois lawyers may appropriately make use of the Internet in serving and communicating with clients and prospective clients subject to the existing rules governing confidentiality, advertising and solicitation.

References

  • Illinois Rules of Professional Conduct, Rules 1.6, 7.1, 7.2, 7.3 and 7.4
  • ISBA Opinion Nos. 90-07 and 94-11
  • Electronic Communications Privacy Act, 18 USC §2510, et seq.

Professional Conduct Advisory Opinions are provided by the ISBA as an educational service to the public and the legal profession and are not intended as legal advice. The opinions are not binding on the courts or disciplinary agencies, but they are often considered by them in assessing lawyer conduct.