I recently read NY Bar Association opinion 945 (link below), dealing with most of the relevant issues that arise when a lawyer learns a client is reading and retrieving e-mail from an opponent, often a spouse in a divorce proceeding though sometiems an employer or former employer in termination-related litigation.
Assume the client deduces the password to an e-mail account the client has no permission to access. The client reads e-mails, copies them, provides copies to the lawyer, and demands that the lawyer use them to impeach the author at a deposition. More concretely, assume the client is a wife who accesses an e-mail account, downloads evidence showing that husband has been having an affair, prints the evidence, gives it to the lawyer, and demands that the lawyer use it.
The opinion deals with all issues but use. My own take on the relevant issues, which largely tracks the opinion, is:
(1) May or must the lawyer tell the husband or the husband's lawyer that the client is accessing the account and reading e-mail? No. The information is confidential and the lawyer's services are not being used, even assuming it is a crime, which it may not be. (This conclusion is even easier under the CA rules, which have no exceptions for this case.) The text of 4.4(b) does not extend to this case because the documents were not inadvertently provided.
Opinion 945 gives lawyers some manuevering room to deal with uncertainty, and grounds that room in Rule 1.6(b)(6). If a case in a jurisdiction actually considered the issue and held that such a duty exists then I would agree. I am not sure the issue has been confronted squarely or resolved in these terms, however, and certainly not in all jurisdictions. The cases cited in the opinion either pertain to communications with lawyers or work product, which I think raise distinct issues, or appear to reflect passing comments rather than considered holdings.
(2) Assuming a proceeding is pending, may or must the lawyer inform the tribunal? It depends on whether the underlying conduct is criminal, which requires interpretation of the Stored Communications Act or, if applicable, a similar state law. If so, there is a plausible argument that Rule 3.3(b) applies and compels disclosure. If not, 3.3(b) does not apply and we default to the answer above. Note that courts differ on how to read the SCA in this circumstance. Orin Kerr ably surveys the terrain here. One might argue that this is fraudulent rather than criminal conduct, but that is a debatable point. Deduction is not deceit. Presumably one could argue that the e-mail system itself has been deceived because it treats a password as equivalent to authorization, and one could imagine CFAA arguments being brought to bear here, but I have not yet seen a case deciding such a claim and the answer does not strike me as obvoius. The client's conduct is sneaky, yes. Fraudulent within the meaning of Rule 3.3, I'm less sure.
(3) May the lawyer read these e-mails? E-mails between the husband and his paramour are not privileged; if the messages were between the husband and counsel then the lawyer should not read them simply to avoid disqualification, regardless whether one is willing to stretch "methods" in Rule 4.4(a) to cover this situation. (4.4(b) does not apply for the reason stated above.) 8.4(d) might fill this gap to the extent one thinks it needs filling.
(4) May the lawyer use the e-mail in the deposition (suppose the husband denies infidelity)? Assuming the statements made in the messages are true there is no issue under Rule 3.3(a). If we've gotten past the 3.3(b) issues then I see no reason the rules themselves preclude such use, though my intuition is that courts would be receptive to motions to exclude such evidence or possibly sanction lawyers trading on it.
(5) One also might argue that the lawyer has a duty to discourage, or at least not encourage, the client's conduct, to the extent it is continuing. I suspect the 1.2(d) analysis tracks the 3.3 analysis above.
I'd be interested in readers' thoughts or reactions. These are interesting issues, I think, that appear not to have been resolved definitively but which are likely to arise with increasing frequency as more of our lives are stored in the cloud.
DM
ABA opinion 11-460 is relevant as well. It is here: Download 11_460_nm_formal_opinion.authcheckdam
And COPRAC has a relevant opinion circulating as well (though not one interpreting the CA rules, interestingly). It is here: Download 06-0004_ConfidentialInformation_10-15-12-1
David,
You're right that these issues are coming up with greater frequency, and they are much harder to resolve than the typical inadvertent disclosure scenario. In addition to the situation you describe (the client is accessing the information), a related problem is when the documents come from a third party (sometimes anonymously; sometimes not).
As you note, it's very important to consult the case law on this topic. I've seen a few cases where courts disqualify or sanction lawyers for failing to notify an opposing party about the receipt of documents that were disclosed without authority, even though Rule 4.4(b) does not impose such an obligation.
On a related note, Bruce Green recently put together a helpful list of useful questions/factors to consider in these kinds of situations. They were circulated recently on the APRL listserv with Bruce's permission, and Bruce has given me permission to reproduce them here. This is what he said:
"Here are some factors that I think may make a difference when a lawyer is shown, offered or provided documents that may have been stolen or procured improperly (e.g., in breach of a fiduciary duty). It's not an exclusive list -- others might add to it.
1. Nature of the documents: Are they privileged? Are they confidential under Rule 1.6? Do they contain trade secrets? Or could they be obtained through ordinary discovery?
2. Legal status of the documents: Are they originals that have been stolen -- i.e., would the lawyer be possessing stolen property? Or are they photocopies or electronic copies?
3. How were the documents obtained by the person providing them to the lawyer (or who initially obtained them from the originator) -- were they stolen? taken in breach of a fiduciary duty? or lawfully obtained (even though, perhaps, wrongly transmitted to the lawyer)?
4. Who acquired the documents -- a client or third party? What was the motive: Was the individual a whistleblower, an opportunist, or other?
5. When were the documents acquired -- before or during the representation?
6. What if any role did the lawyer have in the documents' acquisition? Is the lawyer a passive recipient or did the lawyer encourage their acquisition?
7. What use will the lawyer make of the documents -- e.g., simply advising the client what to do with them? use for litigation advantage?
8. What is the legal context: a criminal prosecution; criminal defense; qui tam action; ordinary civil litigation; transaction?
9. What is the utility of the documents -- e.g., are they evidence of criminal or unlawful conduct; mere evidence?
10. What is the client's relationship to the documents - e.g., did the client create them and therefore know their content already?"
Posted by: Andrew Perlman | December 29, 2012 at 10:34 AM
David, nice post on a difficult area. As you note, the propriety of the lawyer's conduct may turn on an interpretation of some other law (e.g., the SCA), which may require the lawyer to be a neutral arbiter in his or her own law office.
Take for example, the Holmes v. Petrovic case, where the California Court of Appeal held that attorney client privilege was waived when the client emailed her lawyer while using the email system of her employer (which had a clear written policy that the employer may read all the emails sent/received on that system). Suppose a corporate client tells you that it is carefully monitoring the emails between an employee and her lawyer and the client wants you delay as long as possible the other side's discovery of that; wants you to use the documents at depo and in trial; and wants you to read the emails. Wouldn't the lawyer need to do an assessment of how valid the client's email policy was? Is there a trap for the lawyer, given that he/she is doing a secret analysis of applicable law but is doing so in the role of advocate? The ABA opinion was helpful, I thought, in thinking through many of the issues.
Posted by: John Steele | December 29, 2012 at 02:15 PM
By its terms, CFAA seems to be the clearer trigger for ethical concerns. With SCA/ECPA, counsel has to make several close statutory calls out of their area of expertise. With CFAA, the access is a facial violation of the Act, and the only legal question is to what degree the courts will avoid a facial reading of the Act in order to avoid ludicrous overbreadth.
Not legal advice. Don't rely. Happy New Year.
T.
Posted by: Trotsky | December 31, 2012 at 02:34 PM
(Disclaimer - my comments below are based on my recollection of the Opinion, but I have not gone back to reread it since I wrote my blog post a few weeks ago.)
I am seeing these issues come up more frequently in my practice and they create a treacherous path for attorneys who are simply trying to comply with their ethical duties. If you disclose the conduct of your client, you may violate 1.6. But if you don't disclose, and it comes out later, you may be sanctioned, disqualified, or disciplined. Since there are few clear answers, one can only hope that courts and grievance committees are sensitive to the uncertainty that permeates this ethical area. Even NY Op. 945 (although it gives some cover to lawyers who stay silent) is vulnerable to criticism. First, it only addresses the narrow situation where the lawyer learns the client has snooped but the lawyer does not actually receive or intend to use the wrongfully obtained documents. Second, the Opinion assumes that, if the courts intended for the rules to govern wrongfully obtained documents, they would have included a specific rule. Given that a lot of lawyers out there believe that other rules, such as 8.4(d) or 4.4(a), implicitly address wrongfully obtained documents, it may not be wise to draw any inference from the lack of a specific rule. Although the Opinion does address 8.4(d), its reasoning would only apply to situations where the client's conduct is involved, but not the lawyer's conduct. In other words, it does not hold the lawyer responsible for any prejudice to the administration of justice caused solely by the client's conduct (but it does not address whether the lawyer's receipt or contemplated use of the documents would be prejudicial to the administration of justice). I don't think the NY opinion addresses 4.4(a) at all (although I could be remembering it wrong). Isn't there an argument that allowing your client to snoop on another person's email account to obtain evidence violates that person's legal rights?
Posted by: Nicole Hyland | January 01, 2013 at 01:50 PM
Another point. The New York Opinion also carves out a pretty large exception - namely that the lawyer is prohibited from disclosing the information only if the client did not use fraudulent or criminal means to obtain the documents. In my experience, this would immediately raise the question: how deep does the attorney have to dig to determine whether the client's conduct is fraudulent or criminal? Some would argue that you have a duty NOT to dig deeper, because Rule 1.6 requires only that the lawyer have actual knowledge of fraud or criminality. Also, some would argue that any investigation into the client's conduct risks triggering the Rule 1.6 exception, and lawyers have a higher duty to their clients not to take steps that might compromise client confidentiality. Others would argue that you can't just turn a blind eye to your client's misconduct and you need to do some inquiry to ensure no fraud or criminality took place.
Ultimately, it will be a judge or grievance committee that decides, in retrospect, whether the lawyer dug deep enough or dug too deep. Given the lack of clear guidance, these dilemmas are often resolved through a pragmatic approach (i.e. weighing you client's tolerance for disclosure against the judge's tolerance for shenanigans).
In light of all this confusion, is it time for specific ethics rule to address wrongfully obtained documents?
Posted by: Nicole Hyland | January 01, 2013 at 01:57 PM
Clarification: I should have said Rule 3.3(b) requires that the lawyer have knowledge of fraud or criminality to trigger the exception to Rule 1.6, not that Rule 1.6 requires knowledge of fraud or criminality.
Posted by: Nicole Hyland | January 01, 2013 at 04:21 PM