February 2023 LEMR
Feature Article: Awash in a Sea of Technology
Author: Dr. Michael H. Hoeflich
This article is featured in Volume 4, Number 2 of the Legal Ethics and Malpractice Reporter.
When I went to work for a Wall Street law firm in 1978, I was impressed by the technology available to lawyers and staff. Each lawyer had a multiline telephone with conference call capabilities and a portable cassette dictation machine. Secretaries had IBM correcting typewriters, and there were Wang word processors operated by specialists for document production. Lawyers entering the profession today can only see such an office in a museum. Over the past forty years, the legal profession—like the rest of the world—has undergone a technology revolution. Like all revolutions, this one has brought immense benefits as well as incredible pains to those at its center.
Throughout the history of the legal profession, technology has had immense impacts on law practice. The introduction of typewriters in the last quarter of the nineteenth century, for instance, radically changed the speed and accuracy of document production and, eventually, helped make way for women in the law office.[1] Today’s digital revolution has affected not simply document production, but every aspect of law practice from communications, to information storage, to marketing. Lawyers who are unwilling to adopt new technologies face losing their clients to others who adopt more efficient means of doing business. There are certainly many lawyers who are cautious in adopting new technologies, but market realities, cost efficiency, and the Rules of Professional Conduct now make the knowledge and use of new technologies critical. Such use also carries with it multiple dangers for lawyers, including the possibility of running afoul of the Rules of Professional Responsibility.
The basic rule that affects lawyer knowledge and use of technology is Rule 1.1. KRPC and MRPC Rule 1.1 state:
A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.
Comment 8 to the Kansas rule states:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education, and comply with all continuing legal education requirements to which the lawyer is subject.
Comment 6 to the Missouri Rule reads the same.
The Comments quoted above do not state that a lawyer is required to use technologies, but both court cases and ethics advisory opinions have found that failure to use a technology that is widespread and reasonably affordable may well constitute a breach of Rule 1.1. Other provisions make it even clearer that lawyers must incorporate new technologies into their practice when failure to do so would violate the Rules and potentially harm clients. For instance, KRPC Rule 1.6 (c) provides:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
Comment 26 to KRPC 1.6 offers:
Paragraph (c) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 1.1, 5.1, and 5.3. The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 5.3, Comments [3]-[4].
MRPC 4-1.6 is substantially the same as KRPC Rule 1.6. And Comments 15 and 16 to MRPC 4-1.6 note:
[15] Paragraph (c) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 4-1.1, 4-5.1, and 4-5.3. The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 4-5.3, Comments [3]-[4].
[16] When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule. Whether a lawyer may be required to take additional steps in order to comply with other law, such as state and federal laws that govern data privacy, is beyond the scope of these Rules.
The Comments to Rule 1.6 are helpful.
It is especially important to consider their use of the term “reasonable.” “Reasonable” is a defined term in the Rules:
“Reasonable” or “Reasonably” when used in relation to conduct by a lawyer denotes the conduct of a reasonably prudent and competent lawyer.
KRPC 1.0(i); MRPC Rule 1.0(h). Generally, when a text defines “reasonable” in this way, it sets a community practice standard (i.e., it is reasonable to do what other lawyers similarly situated are doing). The difficulty with this standard when dealing with the ethics of adopting new technologies is that law practice technology changes almost on a daily basis. Further, the knowledge base of lawyers as regards technology is immensely varied. A few hours of CLE on law practice management is unlikely to provide sufficient expertise to a technically challenged lawyer to permit him or her to make necessary decisions on technology.
Even more problematic, in areas like confidentiality, are the increasingly frequent and severe threats which hackers and natural disasters pose. In past columns, we have spoken frequently about new advice from the ABA Committee on Ethics and Professional Responsibility on such issues as the ethical responsibilities of lawyers in disaster situations (Formal Opinion 482) and cyberattacks (Formal Opinion 483). These advisory opinions worry many lawyers because of the burdens they place on lawyers and the financial consequences of meeting the standards they set. Indeed, most experts now believe that no amount of precautions can guarantee that one can fend off all cyberattacks. In a situation where no amount of effort can stop a cyberattack, what efforts are reasonable?[2]
The speed with which new technologies are being introduced is also a notable problem for lawyers trying to adapt their practices to them. In the past few years, artificial intelligence has been applied to “chatbots,” a development that promises more radical changes in law practice and society generally.[3] Chatbots hold out the promise of revolutionizing law firm communications, marketing, and even document production. However, as with most new and revolutionary technologies, they also pose many potential ethical pitfalls for lawyers.
The point of the above discussion is: rapidly changing technologies that can disrupt existing practice pose significant problems for practicing lawyers in all sectors of the legal profession. The rapidity of technological change and the speed with which ethical guidance can be provided is another complicating factor. Furthermore, the increasing complexity of new technologies present almost insuperable challenges to the average lawyer. When correcting typewriters were introduced into law offices, virtually all lawyers could understand how they functioned. When fax machines were introduced, they, too, were comprehensible, although the problem of inadvertent transmission of client confidential information soon became an ethical issue to be resolved with some difficulty. But how many lawyers today can honestly say that they understand chatbots or the ethical perils they may face by using chatbots in their practices? I would suggest that we are “awash in a sea” of technology that may soon drown many of us.
Is the situation hopeless? Is there nothing that we can do about it? Happily, I think that there are things that the legal profession can do to ameliorate this situation. Here are a few suggestions:
- Law schools should teach at least one course on practice management, including technology considerations, and make this a requirement of their professional responsibility coursework.
- Lawyers should be required to take CLE courses on legal technology, just as they are required to take CLE courses on professional responsibility.
- The ABA should consider appointing a special commission on legal technology, which would produce a model code of best practices for adopting and using legal technology. Such a commission would have to continuously update this technology code at least on an annual basis.
- State and local bar associations should consider negotiating group prices for a range of technology assistance for lawyers including cyber security, technology training, and office technology monitoring.
- The ABA or state bar associations should consider producing an online compendium of new cases and rulings on technology, professional responsibility, and legal malpractice.
These are only a few possible ways to help to alleviate the difficulties accelerating legal practice technologies. One additional possible action, which could be taken quickly, would be for state Supreme Courts to appoint special commissions on legal ethics, legal malpractice, and new technologies, and charge these committees with producing codes of best practices and/or establishing online resources on these topics for members of the Bar. To continue the metaphor used in the title of this column, if we, as a profession, are not to drown, we must start bailing out the boat.
References:
- M.H. Hoeflich, “From Scriveners to Typewriters: Document Production in the Nineteenth-Century Law Office,” 16 Green Bag 2d 395 (Summer 2013), available at http://greenbag.org/v16n4/v16n4_articles_hoeflich.pdf.
- Even the largest and most sophisticated law firms have not been immune to cyberattacks as is illustrated on the attack upon and subsequent travails of Covington & Burling. See https://news.bloomberglaw.com/business-and-practice/covington-fights-sec-push-for-client-data-in-cyber-attack-probe.
- For a definition of chatbot, see https://www.oracle.com/chatbots/what-is-a-chatbot: “At the most basic level, a chatbot is a computer program that simulates and processes human conversation (either written or spoken), allowing humans to interact with digital devices as if they were communicating with a real person. Chatbots can be as simple as rudimentary programs that answer a simple query with a single-line response, or as sophisticated as digital assistants that learn and evolve to deliver increasing levels of personalization as they gather and process information.” There is a growing literature on legal ethics and chatbots. For a simple explanation of the issues, see Mark. C. Palmer, “Ethical Considerations of Legal Chatbots,” AttorneyatWork.Com (Last Updated Sept. 10, 2022), available at https://www.attorneyatwork.com/legal-chatbots-ethical-considerations-for-law-firms.
>>READ THE FULL ISSUE OF LEMR Vol. 4, No. 2
About Joseph, Hollander & Craft LLC
Joseph, Hollander & Craft is a premier law firm representing criminal, civil and family law clients throughout Kansas and Missouri. When your business, your freedom, your property, or your career is at stake, you want the attorney standing beside you to be skilled, prepared, and relentless. From our offices in Kansas City, Lawrence, Overland Park, Topeka and Wichita, our team of 20+ attorneys has you covered. We defend against life-changing criminal prosecutions. We protect children and property in divorce cases. We pursue relief for victims of trucking collisions and those who have suffered traumatic brain injuries due to the negligence of others. We fight allegations of professional misconduct against doctors, nurses, judges, attorneys, accountants, real estate agents and others. And we represent healthcare professionals and hospitals in civil litigation.