The American Bar Association recommends that attorneys use encrypted email since privacy is at the core of the attorney-client relationship. Email encryption reduces the risk that extremely important personal information is going to be compromised or stolen. This is because the information contained within the email is obscured from the view of anyone other than the sender and receiver.
Unfortunately, encryption can be frightening to some lawyers, which is why they don’t use it. However, it is becoming more a part of internet security because of the electronic processes it uses to protect data. It is now the time when all lawyers should have a general understanding of how encryption can benefit them. The good news is that there are easy-to-use options and plenty of assistance available to outfit lawyers with the email encryption they need to protect their sensitive information and that of their clients.
How Encryption Works
When a lawyer uses encryption, the readable data are being transformed into unreadable data. This is made possible by an algorithm called a “cipher.” A key must be used to turn the “ciphertext” into readable text. This decryption key has to remain protected so the data are unreadable to intruders. Someone without the encryption key can’t understand the information in an email. The intended recipient of an email is an example of someone who is granted access to the key.
While this may sound complex, it isn’t necessary for a lawyer to know how encryption works. All a lawyer needs to know is that it will protect information exchanged over email. This goes hand in hand with the legal and ethical duties lawyers have to protect client information. That makes encryption an important consideration when taking measures to ensure confidentiality.
The Texas Bar’s Opinion
In 2015, the Texas Bar Ethics Committee said that lawyers have a duty to consider encrypted email when communicating with clients.
The purpose of the opinion was to address the issue that many experts have been stressing for quite some time: Lawyers need to look at technological changes and the increase in computer hacking. The rapid pace in which technology and hackers advance, it became a must to revisit email security.
The opinion is justified because of the intense security concerns. There are many reports of email accounts being hacked. In fact, Yahoo saw 1 billion user accounts hacked in 2016. In May 2017, a large phishing attack targeted Gmail accounts, resulting in many Gmail users being scammed. The following is a list of other email accounts that have been hacked:
- White House key staff Gmail in September 2016
- CIA director and FBI email accounts in September 2016
- New York Times reporter emails in August 2016
- S. Congresswoman Annie Kuster in August 2016
- 1 million Gmail accounts in March 2016
- AOL in January 2014
- Hotmail in January 2014
Every major email provider has been hacked at some point, but services like Yahoo, Gmail, Hotmail, and AOL don’t use encryption. This left email accounts vulnerable to the hackers. Many lawyers use these accounts because the big names make them feel secure. The truth is that they aren’t very secure at all.
Furthermore, the Texas Bar Ethics Committee stated that if a lawyer has a duty to advise clients of the risks associated with such communication when using unencrypted email. Advising clients that the email may not be secure, however, can reduce their sense of security when emailing sensitive information to their lawyer. Email is very convenient for clients and lawyers, so it’s important to give encryption serious consideration. For many clients, any other type of communication is inconvenient.
When Encryption Is Necessary
The committee also said that lawyers should think about using encryption when:
- Sending email to or from a shared email account.
- Exchanging sensitive or confidential information via email.
- Sending an email to a client when it is possible that a third party, such as an estranged spouse, could know the password to the account.
- Sending emails to the client’s work email, especially when the matter may deal with an employer dispute.
- Sending emails on an unsecured network, such as on a laptop from a public place or on a borrowed computer.
- Sending emails to a recipient the lawyer knows is using unsecured devices, such as a tablet.
- The lawyer is concerned with a government or law enforcement agency intercepting the communication.
Email Security Concerns Are Nothing New
In a 2014 blog post, the ABA Legal Technology Resource Center said that email security was mentioned more than 20 years before. The concerns about security were there from the very start. Most bar associations didn’t like email as a primary method of communication with clients.
This doubt so early on resulted in ethics committees advising lawyers not to use email unless certain steps were made to ensure the email wouldn’t be intercepted by someone other than the intended recipient. Ethics committees also said that lawyers should obtain client consent before using email for the communication of confidential information.
This advice has stood the test of time.
All in all, lawyers should commit to the ongoing evaluation of email practices. If the email being used is unencrypted, it is time to consider the risks. Hackers know that they can obtain very sensitive information in email correspondence between lawyers and their clients. There’s also the matter of how a spouse in a divorce can access the email of the other. Breach of email in any way can cause more problems for a client, so it is imperative to consider encryption as valuable in email communication. In fact, it should be a serious tool used when securing all email correspondence on every computer within a firm.
So, instead of waiting to protect your firm and your clients, easily take the step toward added security. Secure Swiss Data has encryption solutions that can bring your firm up to today’s security standards. That way, you can have peace of mind when communicating with your clients, and so can your clients.