An interesting article describing the use of DropSmack to target networks via DropBox. In addition to broader considerations lawyers should consider before using cloud services, developments like this highlight the need for education regarding technology and security.
For-profit Arizona law firms may use the .org domain name suffix as long as the website is otherwise not false or misleading. See Arizona Ethics Op. 11-04 (December 2011).
California lawyers may maintain a virtual law office in the cloud where communications with the client, and storage of and access to all information about the client’s matter, are conducted solely via the internet using a third-party’s secure servers. The lawyer may be required to take additional steps to confirm that she is fulfilling her ethical obligations due to distinct issues raised by the VLO and its operation. See California Formal Eth. Op. 2012-184 (May 2012).
Oregon lawyers may access publicly available information on social networking sites, can request access to non-public information if the person is not represented by counsel in the matter, and may in limited circumstances advise or supervise an agent to access non-public information under Oregon’s Covert Activity Exception (Oregon Rules of Professional Conduct 8.4(b)). See Oregon State Bar Eth. Comm. Op. 2013-189 (Feb 2013) (note there may be an issue seeing the full opinion).
A California lawyer’s lawsuit against on online legal service provider alleging unauthorized practice of law withstood a demurrer. See Law Offices of Mathew Higbee v. Expungement Assistance Services, Cal. Ct. App. 4th Dist. No. G046778 (Mar 14, 2013).
Iowa Lawyers May Use SaaS [Cloud] Services provided that they consider the access to the data, conduct appropriate due diligence regarding the SaaS provider, the cost of the service, and the degree of protection afforded the data. Iowa Ethics Opinion 11-01 (September 9, 2011).
Main lawyers may store and synchronize electronic work files containing confidential client information. Maine Ethics Opinion #194 (June 30, 2008). Processing of firm data may include transcription of voice recordings and transfer of firm computer files to an off-site “back-up” of the firm’s electronically held data.
At a minimum, the lawyer should take steps to ensure that the company providing confidential data storage has a legally enforceable obligation to maintain the confidentiality of the client data involved. With the pervasive and changing use of evolving technology in communication and other aspects of legal practice, particular safeguards which might constitute reasonable efforts in a specific context today may be outdated in a different context tomorrow. Therefore, rather than attempting to delineate acceptable and unacceptable practices, the opinion outline guidance for the lawyer to consider in determining when professional obligations are satisfied.
A lawyer generally may store and synchronize electronic work files containing confidential client information across different platforms and devices using an Internet based storage solution, such as “Google docs,” so long as the lawyer undertakes reasonable efforts to ensure that the provider’s terms of use and data privacy policies, practices and procedures are compatible with the lawyer’s professional obligations, including the obligation to protect confidential client information reflected in Rule 1.6(a). A lawyer remains bound, however, to follow an express instruction from his or her client that the client’s confidential information not be stored or transmitted by means of the Internet, and all lawyers should refrain from storing or transmitting particularly sensitive client information by means of the Internet without first obtaining the client’s express consent to do so. Massachusetts Ethics Opinion 12-03. (May 17, 2012)
Pennsylvania lawyers may ethically allow client confidential material to be stored in “the cloud” provided the attorney takes reasonable care to assure that (1) all such materials remain confidential, and (2) reasonable safeguards are employed to ensure that the data is protected from breaches, data loss and other risks. Pennsylvania Formal Opinion 2011-200
Vermont lawyers can utilize Software as a Service (”SaaS”) in connection with confidential client information, property, and communications, including for storage, processing, transmission, and calendaring of such materials, as long as they take reasonable precautions to protect the confidentiality of and to ensure access to these materials. Vermont Advisory Ethics Opinion 2010-6.
Lawyers may store client materials on a third-party server so long as the lawyer complies with the duties of competence and confidentiality to reasonably keep the client’s information secure within a given situation. Oregon 2011-188 (November 2011). This may include, among other things, ensuring the service agreement requires the vendor to preserve the confidentiality and security of the materials. It may also require that vendor notify the lawyer of any nonauthorized third-party access to the materials. The lawyer should also investigate how the vendor backs up and stores its data and metadata to ensure compliance with the lawyer’s duties.
North Carolina 2011 Formal Ethics Opinion 6 Opinion rules that a lawyer may contract with a vendor of software as a service provided the lawyer uses reasonable care to safeguard confidential client information. (1/27/2012).
The use of “daily deal” websites to sell vouchers to be redeemed for discounted legal services does not violate the Rule 5.4(a) prohibition on sharing of legal fees, but the attorney is cautioned that the use of such websites must be in compliance with Rules 7.1 and 7.2 and could lead to violations of several other rules if logistical issues are not appropriately addressed. See Ethics Opinion 11-05.
A lawyer may market legal services on a “deal of the day” or “group coupon” website
provided that the advertising is not misleading or deceptive and makes clear that no lawyer-client
relationship will be formed until the lawyer can check for conflicts and competence to provide the
services.See Opinion 897 (Dec 13, 2011).
An interesting, perhaps troubling, issue raised with respect to security of certain mobile devices. Read more about Carrier IQ (http://www.geek.com/articles/mobile/how-much-of-your-phone-is-yours-20111115/, http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/carrieriq-part2/, http://www.wired.com/threatlevel/2011/11/secret-software-logging-video. A somewhat long video of how this works is available here. http://tinyurl.com/cwcyjoc. Although there will likely be more articles about this in the media in the future, this highlights potential security and related issues for users of mobile devices.
(112)
(1)
(15)
(20)
(58)
(4)
(2)
(6)
(16)
(51)
(90)
(14)
(8)
(18)
(11)
(8)
(19)
(69)
(40)
(64)
(2)
(3)
(3)
(4)
(1)
(3)
(36)
(3)
(39)
(4)
(4)
(3)
(24)
(12)
(63)
(6)
(12)
(15)
(12)
(3)
(22)
(15)
(2)
(107)
(1)
(2)
