Opinion No. 00-1
Summary: A lawyer's use of unencrypted Internet e-mail to engage in confidential communications with his or her client does not violate Massachusetts Rule of Professional Conduct 1.6(a) in usual circumstances. Legal and technical hurdles to the interception of Internet e-mail give rise to a reasonable expectation on the part of lawyer and client that such communications will remain private. The lawyer must be careful, however, to ensure that confidential messages are not sent to e-mail addresses that are reasonably accessible to persons other than the client, and to avoid using unencrypted Internet e-mail in contravention of the client's express instructions.
Facts: A lawyer wishes to communicate with his or her client via unencrypted Internet e-mail. Given the manner in which the Internet operates, it may be technologically possible in certain circumstances for an unauthorized person to intercept and read an unencrypted e-mail message containing confidential client communications, but the risk of such interception generally is remote. In most instances, however, such conduct would constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. Section 2510 et seq.
Discussion: The Committee on Professional Ethics previously has noted that the application of the Massachusetts Rules of Professional Conduct to legal activities on the Internet poses a challenging, but generally not insurmountable task. Applying the rules governing client confidentiality to unencrypted communications transmitted over the Internet presents one such challenge.
Rule 1.6(a) provides, in relevant part, that "[a] lawyer shall not reveal confidential information relating to the representation of a client unless the client consents after consultation. . ." The duty of confidentiality dictated by Rule 1.6 (as well as other rules) imposes upon the lawyer the obligation to avoid using means of communication with the client that pose an unreasonable risk of inadvertent disclosure to third persons. In this context, the question arises whether the use of unencrypted Internet e-mail, which carries with it a small, but genuine risk of interception, presents such a risk and, therefore, violates Rule 1.6(a).
It is the committee's opinion that the use of unencrypted Internet e- mail for the purpose of transmitting confidential or privileged client communications does not, in most instances, constitute a violation of any applicable ethical rule, including Rule 1.6. The committee reaches this conclusion primarily because it believes that both the lawyer and the client typically have a reasonable expectation that such communications will remain legally and effectively private. See. e.g., 18 U.S.C.A. 2510, et .seq. (the "Electronic Communications Privacy Act"). The technological possibility that a privileged or confidentia1 e-mail communication could be intercepted in disregard of federal law does not diminish that expectation. Other standard forms of communication, including the telephone and the United States mail, also carry with them some risk of interception. Legal prohibitions on the interception of private telephone calls and letters, however, generally provide protection against unauthorized disclosure sufficient to make those means of communication reasonably secure for purposes of Rule 1.6(a). The committee believes that, in light of statutes such as the Electronic Communications Privacy Act, the same reasoning now applies to unencrypted Internet e-mail.
There are, however, are a few notable caveats to the general rule set out above. First, the committee believes that a lawyer should not send e-mail messages containing confidential information, encrypted or otherwise, to an individual client at the client's place of employment (assuming that the client is not self-employed) without first obtaining the client's express consent to do so. Such a precaution is necessary because many, if not most, employers reserve the right to review all e-mail communications passing through or stored on their systems, thereby creating an unreasonable risk of unintended disclosure of the client's confidential information to his or her employer. Second, the committee believes that a lawyer always is bound to follow an express instruction from his or her client that confidential information not be conveyed by unencrypted e-mail. Finally, it is the committee's opinion that lawyers would be well-advised to refrain from transmitting particularly sensitive confidential information via unencrypted Internet e-mail without first obtaining the client's express consent.
This advice is that of a committee without official governmental status. Permission to publish granted by the Board of Delegates on May 29, 1998. As stated in the Rules of the Committee on Professional Ethics, this advice is that of a committee without official government status.