The Ethical Geek 2016:Ethics Issues for a Digital Practice

I. Introduction

a. Background Data: “In 2015, the number of emails sent and received per day total over 205 billion. This figure is expected to grow at an average annual rate of 3% over the next four years, reaching over 246 billion by the end of 2019.” http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf

i. 74,825,000,000,000 / 7.4 x 1013 / 74 Quadrillion emails sent and received per year

b. Statistics claim that “more than 90% of all corporate information is electronic; less than 1% of all communication will ever appear in paper form. Harvey L. Kaplan, Electronic Discovery in the 21st Century: Is Help on the Way, 733 P.L.I. Lit. 65, 67 (2005).

c. In 2015, the number of business emails sent and received per user per day totals 122 emails per day. Despite spam filters, roughly 14% of email messages that are delivered to a corporate email user’s inbox are spam. This included what is referred to as “graymail” (i.e. unwanted newsletters or notifications). The Radicati Group, Inc., Email Statistics Report, 2015-2019, March 2015. http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf

d. A study by researchers at the University of California, San Diego and the University of California, Berkeley, showed that a single commercial spam e-mail campaign generated three messages for every person on the planet. That same study revealed that to sell $100 worth of Viagra, a spam provider needed to send 12.5 million messages. John Markoff, Study sees Way to Win Spam Fight, New York Times, May 19, 2011.

e. Technological Competence

i. Issue: With technology advances and changes an everyday occurrence in law firms and corporations, attorneys must be technologically competent – meaning they must stay current on advances in technology – in order to comply with state ethics rules on competence.

ii. Rule: CRPC 1.1 – Competence

A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.

iii. Discussion:

-1- 07/29/2016

1. Attorneys should be “competent, prompt and diligent.” The Comment to Rule 1.1 further clarifies that “to maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”

2. David G. Keyko, Unique Ethical Dilemmas Facing Corporate Counsel: E-Ethics in Today's eDiscovery World, in EDISCOVERY FOR CORPORATE COUNSEL § 26:2 (Sept. 2008), EDISCCORP § 26:2.

II. Issues

a. Securing Confidential Client Information and safeguarding client’s files when utilizing electronic communications

i. Issue: Through use of Wi-Fi connections, email, internet based (cloud) digital resources, cell phones and other technology; an attorney may breach the attorney-client privilege or fail to safeguard a client’s property and files.

ii. Rule: CRPC 1.6 – Confidentiality of InformationA lawyers shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation, or the disclosure is permitted by paragraph (b).

iii. Comment to CRCP 1.15 (Safekeeping Property) –A lawyer should hold property of others with the care required of a professional fiduciary.

iv. Discussion

1. A lawyer may transmit information relating to the representation of a client by unencrypted e-mail sent over the Internet without violating the Model Rules of Professional Conduct (1998) because the mode of transmission affords a reasonable expectation of privacy from a technological and legal standpoint. The same privacy accorded U.S. and commercial mail, landline telephonic transmissions, and facsimiles applies to Internet e-mail. A lawyer should consult with the client and follow her instructions, however, as to the mode of transmitting highly sensitive information relating to the client's representation. ABA Comm. on Ethics and Prof’l Responsibility, Formal Op. 99-413 (Mar. 1999) discussing protecting the confidentiality of unencrypted e-mail) (emphasis added). Eric P. Blank, Consider Notification of Clients as to Risk and Encryption. Is Unencrypted Email Safe?, KING COUNTY B. ASS’N BULL., July 2009.

2. Model Rules of Professional Conduct 1.6: Confidentiality of Information

(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

a. Paragraph (c) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or

-2- 07/29/2016

unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. Comment to ABA Model Rule 1.6, viewed at http://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1_6_confidentiality_of_information/comment_on_rule_1_6.html

b. When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer's expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule. Id.

c. Colorado has not adopted Model Rule 1.6 (c).

v. Wireless Local Area Network (Wi-Fi) connections

1. Lawyers who connect to [Wi-Fi Hotspots] could be putting themselves and confidential client information at great risk. Computer hackers are able to hijack unsuspecting Wi-Fi transmissions from laptop computers by "skimming," or scanning the Wi-Fi spectrum and picking up the information sent through the air, and through another hacking technique dubbed the "Evil Twin." Joel L. Frank & Scot R. Withers, Protecting Client Confidentiality Over Wi-Fi, THE LEGAL INTELLIGENCER, Jan. 30, 2008, 54224.

2. Tips for securing Wi-Fi connections:a. Disable file and printer sharing in Windows.b. Always choose encrypted networks when they are available.

Access websites using https:// whenever possible.c. Before connecting to a Wi-Fi hotspot, verify that the network is

legitimate.d. Be conscious of the information being shared in public locations,

including passwords.e. Frequently run updated comprehensive security software to

prevent spyware and viruses, keep OS updated.f. Make sure your software firewall program and/or virtual private

network is properly installed, running and up-to-date.g. Avoid working on the same network as people you don’t trust.

vi. Cloud Based Resources, Online Storage, Software as a Service, and similar technologies

-3- 07/29/2016

1. [E]thics authorities say that storing client data in the cloud does not violate ethics rules provided you take appropriate steps to safeguard the information from inadvertent or unauthorized disclosure. Cloud Computing, Data Storage, and Legal Ethics, STATE BAR OF MICH. BLOG, Mar. 29, 2010, http://sbmblog.typepad.com/sbm-blog/2010/03/cloud-computing-data-storageand-legal-ethics.html; Dennis Kennedy, Working in the Cloud, ABA J., Aug. 1, 2009, http://www.abajournal.com/magazine/article/working_in_the_clouds/.

2. North Carolina State Bar Council, Proposed Formal Ethics Op. 7 (2010) (discussing subscribing to software as a service while fulfilling the duties of confidentiality and preservation of client property), http://www.docstoc.com/docs/35532924/NC-Bar-FEO-2010-7/

3. Are Cloud resources secure?

a. Providers may not guarantee privacy or confidentiality.

i. Example: Conflict between Dropbox Terms of Service and Privacy policies:

1. Dropbox Terms of Service: To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to. How we collect and use your information generally is also explained in our Privacy Policy. https://www.dropbox.com/dmca#privacy [emphasis added]

2. Information sharing and Disclosure Policy: We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox. http://www.dropbox.com/dmca#privacy [emphasis added]

ii. Example: iCloud Terms and Conditions

-4- 07/29/2016

1. Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.http://www.apple.com/legal/icloud/en/terms.html [emphasis added]

b. Dropbox has confirmed that a programmer’s error caused a security breach that allowed any password (or no password) to be used to access any user account from 1:54 p.m. to 5:46 p.m. pacific time on June 19, 2011. http://news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-nopassword-required/

c. Consider software solutions utilized with cloud storage that encrypt data on your computer before it is transmitted to the cloud.

i. Manual encryption of documents before storage with built in encryption [Office Button – Prepare – Encrypt].

ii. Stand alone encryption software like Folder Lock, TrueCrypt, AXCrypt, and PGP.

iii. Inline encryption software like SecretSync.

d. See also Cloud computing, risk management, and attorney malpractice insurance. See Susan Berson, Safe in the Clouds, ABA JOURNAL, Nov. 2011. http://www.abajournal.com/magazine/article/safe_in_the_cloud_online_service_risks_need_care_and_coverage/?utm_source=maestro&utm_medium=email&utm_campaign=tech_monthly

e. See also Cloud Ethics Opinions Around the U.S., http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/cloud-ethics-chart.html, viewed 7.28-2016.

-5- 07/29/2016

b. Issues Related to Email

i. Emails Incorrectly Transmitted to Wrong Party

1. Issue: The internet allows for fast-paced communications between attorney and client and attorney and opposing counsel. Sometimes, emails are inadvertently sent to the wrong person, creating potential confidentiality problems.

2. Rules:

a. CRPC 1.6 - Confidentiality of Information

b. CRPC 4.4 - Respect for Rights of Third Persons(a) In representing a client, a lawyer shall not use means that have no substantial purpose other than to embarrass, delay, or burden a third person, or use methods of obtaining evidence that violate the legal rights of such a person. (b) A lawyer who receives a document relating to the representation of the lawyer’s client and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender. (c) Unless otherwise permitted by court order, a lawyer who receives a document relating to the representation of the lawyer’s client and who, before reviewing the document, receives notice from the sender that the document was inadvertently sent, shall not examine the document and shall abide by the sender’s instructions as to its disposition.

c. CRPC 8.4 – MisconductIt is professional misconduct for a lawyer to:(d) engage in conduct that is prejudicial to the administration of justice. Counterfeit

3. Discussion

a. CBA Ethics Committee Formal Opinion 108 provides that if an attorney receives privileged documents that he thinks might be improperly disclosed, the attorney’s obligation is limited to notifying the sending party; if the receiving attorney is notified by the sending party prior to review of the actual documents, the receiving attorney is obligated to follow the sending party’s instruction (for example, destroying or returning the document unread). The innocent receiving lawyer should not be the one who has to decide between zealously representing the client and maintaining ethics and professionalism.

b. If a recipient attorney is put on notice – through boilerplate language or otherwise – that he has received or will receive a privileged document, he likely has a duty to not read or discontinue reading that document. See Resolution Trust Corp. v. First Am. Bank, 868 F. Supp. 217, 221 (W.D. Mich. 1994) (lawyer receiving materials on their face subject to attorney-client privilege has a duty to return them without examining further; ordering destruction of document and all copies, but noting that Michigan state rules would allow their introduction for impeachment); Am. Express v. Accu-Weather, Inc., No. 92-Civ-

-6- 07/29/2016

705, 1996 WL 346388, at *3 (S.D.N.Y. June 25, 1996) (where attorney received call indicating that soon to be delivered Federal Express package contained privileged information and that the package should be returned, subsequent review of package and failure to return were subject to sanction).

c. Jack Tanner, The New Rules of Professional Conduct: Significant Changes for In-House Counsel, 36 THE COL. LAW NO. 11 at 71 (Nov. 2007) (noting that the burden is placed on the party who errs by sending improper email).

d. Some split on this issue: Formal Opinion 2009-100 (June 20, 2009) issued by the Pennsylvania Bar Association Committee on Legal Ethics revisits the subject, which it previously addressed in 2007, in light of developments in other jurisdictions. The Pennsylvania Committee concluded that a lawyer who receives electronic documents from opposing counsel may generally review metadata even if it was inadvertently sent. In fact, the receiving attorney may have a duty to review and use the information in the metadata and to discuss the matter with his client.

e. “Where a party does not have a reasonable expectation of privacy in the use of electronic mail, transmission of otherwise protected material may result in a waiver.” Practicing Law Institute, Protecting Confidential Information, Oct. 7, 2009.

f. Heather Kelly, E-mail Disclaimers, Inadvertent Disclosures and Attorney-Client Privilege, 39 THE COL. LAW. No. 5 at 97 (May. 2010).

ii. Emails Copied, Forwarded, or Transmitted to Multiple Parties

1. Issue: Email allows for information to be easily transmitted/shared with the click of a button; when clients pass along privileged emails, this may give rise to ethical issues regarding confidentiality.

2. Rule: CRPC 1.6 - Confidentiality of Information

3. Discussion

a. Email itself does not give rise to confidentiality issues. See also United States v. Maxwell, 45 M.J. 406, 417-19 (C.A.A.F. 1996) ("The fact that an unauthorized 'hacker' might intercept an email message does not diminish the legitimate expectation of privacy in any way.").

b. But, emails sent to multiple recipients may destroy confidentiality and privilege. See Muro v. Target Corp., 243 F.R.D. 301, 307-10 (N.D. Ill. 2007) (emails sent to at least ten employees or to unidentified distribution lists "does not suggest confidentiality, and no privilege can be maintained for communications that were shared with a group of unidentified persons").

c. Similarly, forwarding an email to a third party may also destroy confidentiality and privilege. United States v. Chevron Texaco

-7- 07/29/2016

Corp., 241 F. Supp. 2d 1065, 1075 n.6 (N.D. Cal. 2002) ("If an email with otherwise privileged attachments is sent to a third party, Chevron loses the privilege with respect to that email and all of the attached emails.").

d. This concern may be particularly acute for in-house counsel, who may regularly send email messages to large user or distribution groups that may include non-privileged employees. Practicing Law Institute, Protecting Confidential Information, Oct. 7, 2009.

4. Email Encryptiona. FYI: Playing it Safe with Encryption,

http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/FYI_Playing_it_safe.html, viewed 7/28/2016.

b. Security on the Go, http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/fyi_security_on_the_go.html, viewed 8/2/2016

c. Metadata

i. Issue: By sharing or producing an electronic document, an attorney may breach the attorney-client privilege.

ii. Rules:

1. CRPC 1.6 - Confidentiality of Information2. CRPC 3.4 - Fairness to Opposing Party and Counsel3. CRPC 4.4 - Respect For Rights of Third Persons4. CRPC 8.4 – Misconduct

iii. Discussion

1. Metadata is information hidden in certain types of electronic documents and is automatically generated by document processing and spreadsheet programs. It includes information regarding the creation and revision of electronic documents, including the name of the document's authors, the amount of time spent drafting the document and hidden text comments. Deliberately searching for and viewing metadata is known as "mining."

2. Metadata persists in documents, even if they are converted to .PDF files.

3. An attorney who inadvertently transmits metadata containing confidential information without first obtaining the client's consent has likely breached his duty under RPC 1.6.

4. Colorado Ethics Opinion 119

a. A Sending Lawyer who transmits electronic documents or files has a duty to use reasonable care to guard against the disclosure of metadata containing Confidential Information.

b. The duty to provide competent representation requires a Sending Lawyer to ensure that he or she is reasonably informed

-8- 07/29/2016

about the types of metadata that may be included in an electronic document or file and the steps that can be taken to remove metadata if necessary.

c. Within a law firm, a supervising lawyer has a duty to ensure that appropriate systems are in place to control the transmission of metadata.

d. The Receiving Lawyer may search for and review metadata.

i. If a Receiving Lawyer knows or reasonably should know that the metadata contain or constitute Confidential Information, the Receiving Lawyer should assume that the Confidential Information was transmitted inadvertently, unless the Receiving Lawyer knows that confidentiality has been waived.

ii. The Receiving Lawyer must promptly notify the Sending Lawyer.

e. If attorneys cannot agree, then either may seek a determination from a court as to the proper disposition of the electronic documents or files, based on the substantive law of waiver.

f. If, before examining metadata, the Receiving Lawyer receives notice from the sender that Confidential Information was inadvertently included in metadata, the Receiving Lawyer must not examine the metadata and must abide by the sender’s instructions regarding the disposition of the metadata.

iv. Cleaning Metadata

1. Word 2007 Documents

a. Store document with new name - Office Button - Prepare – Inspect Document

b. From Document Inspector: Choose types of hidden content to search

c. From Document Inspector: Choose hidden content to remove (Caution! – You may not be able to undo removal.)

2. Word 2003 Documents

a. Options – Privacy – Remove Personal Information

3. Metadata Ethics Opinions Around the U.S., http://www.americanbar.org/groups/departments_offices/legal_technology_resources/resources/charts_fyis/metadatachart.html, viewed 7/28/2016.

4. What’s the Matter with Metadata? Luce, 36 The Colorado Lawyer 113 (Nov. 2007), viewed at http://www.moyewhite.com/mediacenter/articleview.aspx?ArticleID=13, July 29, 2016.

-9- 07/29/2016

d. Other Risks

i. Digital Photocopiers, Printers, Business Hubs, etc.

1. Keteyian, Armen. Digital Photocopiers Loaded with Secrets, CBS News. http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.sh tm l (April 20, 2010).

ii. Laptops, desktops, portable hard drives, back up drives

1. Risk of loss

a. Nearly 30% of all data breach events from 2005 through 2015 were caused by lost devices such as laptops, tablets and smartphones, and desktops, v. 25% caused by hacking and malware. Follow the Data: Dissecting Data Breaches and Debunking the Myths, Trend Micro, September 22, 2015, viewed at http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/follow-the-data

i. Another 11% were caused by physical loss of the data itself, e.g. lost files, receipts, bills, etc.)

b. One in 10 laptops is lost, http://www.infoworld.com/article/2624968/data-security/corporate-america-s-lost-laptop-epidemic.html

c.

2. Passwords

3. encryption

iii. Flash drives

iv. Ransomware

1. What is Ransomware

a. Malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom.

b. Affects desktops, laptops, and mobile devices, including Macs.

2. Ransomware can be encrypting or non-encrypting

3. Sources of ransomware

a. Spam emails, disguised as invoices, receipts, pictures, etc.

b. Infected removable drives

c. Software bundles

i. Installed with other software obtained from compromised sources or peer to peer downloads.

d. Compromised websites

i. Installed by clicking on a link on the page

e. Other malware

4. Protect against ransomware, Alessandrini, Ransomware Hostage Rescue Manual, https://www.knowbe4.com/ransomware-knowledgebase

a. Backup data

-10- 07/29/2016

b. Beware suspicious email messages and links

c. Use caution opening attachments to email messages

i. Don’t open email messages that are suspicious or from unknown parties, exercise care in opening attachments.

ii. Take particular care opening .zip, .doc, and .rtrf files

d. Use Anti-Virus and anti-malware software / security suites

e. Keep programs and anti-virus software updated

f. Show hidden file extensions and filter .exe files

g. Know your websites and software sources

5. Should I pay?

a. YES

i. “The ransomware is that good . . . To be honest, we often advise people just to pay the ransom.”

-Joseph Bonavolonta, Ass’t Special Agent in charge of Cyber and Counterintelligence, FBI, Boston

ii. Time deadlines or similar factors don’t allow for exploration of recovery strategies, retrieval from backups, or other alternatives.

b. NO

i. No guarantee you will get your files back

ii. Ransomware is often accompanied by other malware, including keyboard loggers

iii. You may encourage later attacks or attacks on other computers within your organization

iv. Paying encourages hackers to continuing developing advancements in delivering ransomware.

c. MAYBE

i. Certain strains of ransomware are easier to defeat, and this should influence your decision

d. Resources:

i. Mello, J., To Pay or Not to Pay – That’s the Ransomware Question, TechNewsWorld, http://www.technewsworld.com/story/80640.html (6/24/14), viewed 8/2/2016

ii. Thompson, C., Why you should never pay Hackers if they Take over your Computer, Tech Insider, http://www.techinsider.io/why-you-shouldnt-pay-ransomware-hackers-2016-2 (2/21/2016), viewed 8/2/2016.

iii. Arsene, L, and Gheorrghe, A., Ransomware, A Victim’s Perspective, Bitdefender, http://www.bitdefender.com/media/materials/white-papers/en/Bitdefender_Ransomware_A_Victim_Perspec

-11- 07/29/2016

tive.pdf?awc=2873_1470177901_4afe69b4ae586a35a4672f2fe8109adc (Jan. 2016), viewed 8/2/2016

iv. Zorabedian, J., Did the FBI really say “pay up”for Ransomware?, Sophos, https://nakedsecurity.sophos.com/2015/10/28/did-the-fbi-really-say-pay-up-for-ransomware-heres-what-to-do/ , (Oct. 28, 2015), viewed 8/2/2016

v. Hautala, L, Pay up or Else, CNET, http://www.cnet.com/news/pay-up-or-else-ransomware-is-the-hot-hacking-trend-of-2016/ (March 10, 2016), viewed 8/2/2016.

v. Public Charging Kiosks

1. Anyone who had an inclination to could put a system inside of one of these [charging station] kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device. Beware of Juice Jacking, Krebs on Security, http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/ (August 18, 2011).

vi. Insecure passwords

1. http://www.cnbc.com/2014/10/21/china-targets-apples-icloud-with- hacking-attack-report.html

e. Social Networking

i. Facebook Friends

1. Ex parte communication

a. Issue: Communication between parties by social media concerning active matter could constitute improper ex parte contact.

b. Rule: CRPC 3.5 – Impartiality and Decorum of the TribunalA lawyer shall not:(a) seek to influence a judge, juror, prospective juror or other official by means prohibited by law;(b) communicate ex parte with such a person during the proceeding unless authorized to do so by law or court order;

c. Discussion: According to a public reprimand, a North Carolina judge engaged in unethical Facebook activity relating to a case being tried before him. During a child custody case, District Judge B. Carlton Terry Jr. “friended” defense counsel, and each of them discussed aspects of the case on Facebook, constituting ex parte communications. Plaintiff’s counsel had indicated she was not on Facebook. The judge also conducted ex parte online research about the plaintiff by googling her and visiting her website. Inquiry No. 08-234, North Carolina Judicial Standards Commission (April 1, 2009).

-12- 07/29/2016

d. See also: Formal Op. No. 2005-164, Oregon State Bar (August, 2005) (Attorney’s communications via website with represented party is ex parte contact).

2. Improper influence / relationship

a. Issue: A Judge listing an attorney appearing before her as a “friend” on Facebook may violate rules of professional conduct.

b. Rule: CCJC Canon 2BA judge should not lend the prestige of his or her office to advance the private interests of others; nor should a judge convey or permit others to convey the impression that they are in a special position to influence him or her.

c. Discussion: The issue . . . is not whether the lawyer actually is in a position to influence the judge, but instead whether the proposed conduct, the identification of the lawyer as a “friend” on the social networking site, conveys the impression that the lawyer is in a position to influence the judge. The Committee concludes that such identification in a public forum of a lawyer who may appear before the judge does convey this impression and therefore is not permitted. Fla. Sup. Ct. Jud. Ethics Advisory Comm., Op. 2009 –20, (2009).

3. Some states do allow judges to “friend” attorneys, so long as the judge takes care to protect the integrity and impartiality of the judiciary.

a. Jud. Ethics Op. JE-119, Ethics Comm. of the Ky. Judiciary (March 2010); Op. 08-176, NY Advisory Comm. on Jud. Ethics (2009); Op. 2010-7, Ohio Sup. Ct. Bd. Of Comm’rs, (Dec. 3, 2010); Op. No. 17-2009, SC Advisory Comm. on Standards of Jud’l Conduct (Oct. 2009).

ii. Discussing Cases online

1. Issue: Discussing cases via social media could breach client confidentiality.

2. Rule: CRPC 1.6

3. Discussion: Kristine Peshek, attorney in Illinois. Disciplinary proceeding brought against attorney who in 2007 and 2008 made thinly veiled references to the identities of clients and confidential details of a case, including statements like, “This stupid kid is taking the rap for his drug dealing dirtbag of an older brother because ‘he’s no snitch.’ ” Attorney also referred judges on her blog as “Judge Clueless” and as an “a . . hole.” Disciplinary Commission recommended a 60-day suspension as sanction. Attorney was also fired from her position as a public defender, which she had held for 19 years. Order of the Ill. Sup. C., M.R. 23974 (Ill., May 18, 2010).

iii. Online Criticism of Judges and Attorneys

1. Issue: Criticizing the court before which you are appearing, a judge, or an attorney online may be a breach of the professional rules.

-13- 07/29/2016

2. Rule: CRPC 8.2 – Judicial and Legal Officials (a) A lawyer shall not make a statement that the lawyer knows to be false or with reckless disregard as to its truth or falsity concerning the qualifications or integrity of a judge, adjudicatory officer or public legal officer or of a candidate for election, or appointment to, or retention in, judicial or legal office.

3. Discussion: The Florida Bar took disciplinary action against attorney Sean Conway after he wrote a post criticizing Judge Cheryl Aleman's practice of setting unreasonably short time periods for criminal defendants to prepare for trial. In the post, Conway referred to Judge Aleman as an "evil, unfair witch" and indicated that she was “seemingly mentally ill." The disciplinary charges focused on alleged violations of five attorney ethics rules, including a rule against impugning a judge’s qualifications or integrity. Florida State Bar v. Conway, No. SC08-326 (Fla. January 22, 2009).

iv. Issues related to Using Social Media for Investigations (incl. Pretexting, etc.)

1. Issue: In obtaining online information about an adverse party, witness, or judge, an attorney may violate ethical rules prohibiting dishonesty, deceit, and misrepresentation.

2. Rules:

a. CRCP 4.1 (a) - Truthfulness In Statements To Others In the course of representing a client a lawyer shall not knowingly make a false statement of material fact or law to a third person.

b. CRCP 8.4 – MisconductIt is professional misconduct for a lawyer to:(c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation.

c. CRCP Rule 5.3. - Responsibilities Regarding Non lawyer Assistants With respect to non lawyers employed or retained by or associated with a lawyer: (b) a lawyer having direct supervisory authority over the non lawyer shall make reasonable efforts to ensure that the person’s conduct is compatible with the professional obligations of the lawyer; and (c) a lawyer shall be responsible for conduct of such a person that would be a violation of the Rules of Professional Conduct if engaged in by a lawyer if:

(1) the lawyer orders or, with the knowledge of the specific conduct, ratifies the conduct involved; or

(2) the lawyer is a partner or has comparable managerial authority in the law firm in which the person is employed, or has direct supervisory authority over the person, and knows of the conduct at a time when its consequences can be avoided or mitigated but fails to take reasonable remedial action.

3. Discussion: a. Colorado Ethics Opinion 127 (Sept. 2015)

-14- 07/29/2016

i. Public portionsii. Private portions

1. Represented parties2. Unrepresented parties3. Third parties

iii. Judges, presidingiv. Jurrorsv. A lawyer must never use any form of deception to gain

access to a restricted portion of a social media profile or website.

vi. Finally, a lawyer may not avoid prohibitions relating to the use of social media for investigative purposes by delegating investigative tasks to others.

b. Inquiry to Philadelphia Bar Association Professional Guidance Committee Attorney knows that unrepresented witness “Friends” anyone who asks. He wants to have a third person ask to friend witness; using truthful information, but not revealing affiliation with lawyer; with purpose of seeking information to impeach witness at trial.

i. Given Rule 5.3, Attorney is responsible for the conduct of the third person, since he causes procurement of the information.

ii. Since the conduct is deceptive and omits material facts, it would violate Rule 8.4 (c), and it would be a false statement in violation of Rule 4.1 (a).

iii. It makes no difference that third party might deny access.

iv. Op. 2009-02, The Philadelphia Bar Association, Professional Guidance Comm., (March 2009).

c. See also: Legal Ethics Opinion 2011-2, Sand Diego County Bar Legal Ethics Comm. (May 2011) (Attorney who makes “Friend” request of high ranking employees of defendant-company when seeking information about the subject of the representation and stating only requesting attorney’s name violates rules prohibiting deception).

d. Compare: Formal Op. No. 737, NY Cty. Lawyer’s Assoc. Comm. On Prof. Ethics (May 2007).

i. Limited exception for misstatements as to identity by Investigators while gathering evidence through engaging in otherwise lawful activity.

ii. E.g., posing as consumers, tenants, home buyers or job seekers while negotiating or engaging in a transaction that is not by itself unlawful.

4. Other Relevant Colorado Authority

a. “[W]e reaffirm that members of our profession must adhere to the highest moral and ethical standards. Those standards apply regardless of motive. Purposeful deception by an attorney licensed in our state is intolerable, even when it is undertaken as a part of attempting to secure the surrender of a murder suspect. A prosecutor may not deceive an unrepresented person by

-15- 07/29/2016

impersonating a public defender. We affirm the hearing board's finding that the district attorney in this case violated the Colorado Rules of Professional Conduct . . . .” People v. Pautler, 47 P.3d 1175 (Colo. 2002)

5. Other resources:

a. Ken Strutin, Pretexting, Legal Ethics and Social Networking Sites, http://www.llrx.com/features/pretexting.htm (October 5, 2009).

b. Jeremy Feinberg, Report on Pretexting – Recent Cases & Ethics Opinions, The New York Professional Responsibility Review (June 2009).

Contact Information: Paul H. ChanUniversity Counsel’s OfficeUniversity of Denver2199 S. University Blvd., Room 101Denver, CO 80230303-871-4646 / paul.chan@du.eduwww.du.edu/counselwww.cobar.org

-16- 07/29/2016