Play the New e-Discovery “Hive Mind” Game: Small, Medium or Large?

November 19, 2017

Playing games is a great way to learn. That’s one reason I’ve devised a game concerning the interesting and fairly complex issues involved in trying to determine what e-discovery activities are proportional and appropriate in various sized cases. Specifically, what should you do to prepare for federal court 26(f) conferences in small and medium sized cases, versus large, complicated cases? Small, Medium or Large? is kind of a Goldilocks game of proportionality.


I have had to give these proportionality questions a lot of thought as part of my practice as a lawyer supervising hundreds of e-discovery projects at a time, projects of all different sizes. I could simply give you my answer, but after five books, I’ve already been there and done that. So I thought I’d try something new and make this learning into a game where you consider and vote on what activities you think are appropriate for a Small, Medium or Large case.

The format of this proportionality game is loosely based on the ideas of Hive Mind, a pretty cool new insight into collective intelligence, which, as Wikipedia puts it, is a “shared or group intelligence that emerges from the collaboration, collective efforts, and competition of many individuals and appears in consensus decision making.” See: Is Collective Intelligence a safer form of A.I?

The Hive Mind is different from Crowdsourcing, but related. To do properly, a Hive Mind requires Swarming, which we cannot really do properly in this game using polls. Louis Rosenberg, Super-Intelligence and the virtues of a “Hive Mind” (Singularity, 2/10/16). One Silicon Valley startup Unanimous A.I., is developing technologies that enable sophisticated online human swarming and thus better collective intelligence. I might try their free product for social research, UNO, if I further investigate the power of the Hive Mind. Maybe at NY LegalTech? (Email me if you’re interested.) In the meantime we are going to use simple polling for the e-Discovery Hive Mind Game: Small, Medium or Large?

Let’s play the game and see what collective intelligence emerges from many individuals giving their opinion about proportionality and e-discovery. I am playing this game now with all of the litigation associates and paralegals in my law firm, which is a pretty large swarm by itself. Your responses will join in the swarm, the collective intelligence.

In January I’ll share the results of all the polling and opine away as to how well the Hive Mind performed. You can win the game in one of two ways, either by matching the most popular Hive Mind responses or by matching my responses. (I assume there will be a difference because not enough experts will be playing, but who knows, maybe not. In theory, with enough experts swarming, the group, the Hive Mind, will always have the best answer.)

Background To Play the Game

In order to play the Small, Medium or Large? game, you first need to be familiar with the checklist of the Southern District Court of Florida of all of the things that you should do to prepare for e-discovery in a large case. It is a pretty good list and I have written about it before. Good New 33-Point e-Discovery Checklist From Miami (e-Discovery Team, October 1, 2017) (a must read to fully prepare for this game). My article contains comments and explanations about all checklist items, which is the beginning of a kind of swarm interaction, that is, if you take time to ponder the signals. The Court’s checklist incorporates the new provisions in the rules on relevance and proportionality (Rule 26(b)(1)) and on specific objections (Rule 34(b)(2)).

It is not a perfect list, but it is the best one now out there with a court pedigree. It is not too long and complex, like the older lists of some courts that are very detailed, and not too short, like the easy-peasy list that Bill Hamilton and I created for the Middle District Court of Florida many years ago. (Attorneys still complained about how burdensome it was!) In sum, the 33-Point Checklist out of Miami is a good list for legal practitioners all over the country to use to prepare for e-discovery, which means it is a good basis for our Small, Medium or Large? Hive Mind Game. Come play along.

Rules of the Game

The goal of our Hive Mind Game is to determine which of the thirty-three points on the checklist are applicable to big cases only, which are applicable to medium size cases and which to small cases. You are to assume that all thirty-three points apply to large cases, but that they are not all applicable to medium and small size cases. The Hive Mind voting is used to allow the swarm – that’s you – to identify which of the thirty-three only apply to small cases, and which only apply to medium size cases. If a checklist item applies to a medium size case, it automatically also applies to a small size case.

In other words, the game is to sort the thirty-three into three piles, Small, Medium or Large? Simple, eh? Well, maybe not. This is a matter of opinion and things are pretty vague. For instance, I’m not going to define the difference between large, small and medium size case. That is part of the Hive Mind.

The game is important because proportionality in the law is important. You do not prepare for a big case the same way you prepare for a small case. You just don’t. You could, but it would be a waste of your clients money to do so. So the real trick in e-discovery, like in all other aspects of the litigation, is to determine what you should do in any size case to prepare, including even the small cases. For instance, outside of e-discovery, most people would agree that you should take the parties depositions as a minimum to prepare for a trial of any size case, including small ones.

What are the equivalent items in the 33-point checklist? Which of them should be applied to all cases, even the small ones? Which of them are too complicated and expensive to apply in a small case, but not a medium sized case? Which too complicated and expensive to apply in a small or medium sized case, but not a large one? That is where the real skill and knowledge come in. That is the essence of the game.

Assume All 33 Items Apply to Big Cases

This Small, Medium or Large? Hive Game requires you to assume that all thirty-three items on the Court’s checklist apply to big cases, but not to all cases, that there are certain checklist items that only apply to medium size cases, and others, a smaller list, that only apply to small cases. You may question the reality of this assumption. After all, the Court does not say that. It does not say, here’s a checklist we made to guide your e-discovery, but you can ignore many of the items on this list if you have a small case, or even a medium size case. Still, that’s what they mean, but they do not go on to say what’s what. They know that the Bar will figure it out themselves in due time, meaning the next several years. And right they are. But why wait? Let’s figure it out ourselves now with this Small, Medium or Large? Hive Game, and condense years to weeks.

The Hive Game will allow us to fill in the blanks of what the Court did not say. But first, lets focus again on what the Court did say. It said that the checklist may be used by members of the Bar to guide the Rule 26(f) e-discovery conferences and Case Management Reports. It did not say shall be used. It is a suggestion, not a requirement. Still, as every long-term member of the court knows, what they mean is that you damn well should follow the checklist in a big case!  Woe unto the lawyers who come before the judges in a big case with an e-discovery issue where they never even bothered to go through the checklist. If your issue is on that list, and chances are it will be, then dear slacker, prepare for a Miami style bench-slap. Ouch! It is going to hurt. Not only you and your reputation, but also your client.

I feel confident in making the game assumption that all thirty-three checklist items apply to big cases. I am also confident they do not all apply to medium and small size cases and that is the real reason for the court’s use of may instead of shall.

With that background we are almost ready to start playing the game and opine away as to which of the 33 are small and medium size only. But, there is still one more thing I have found very helpful when you try to really dig into the checklist and play the game, you need to have the numbers 1-33 added to the list. The one mistake the Court made on this list was in using headings and bullet points instead of numbers. I fix that in the list that follows, so that you can, if nothing else, more easily play the game.

 Preservation

  1. The ranges of creation or receipt dates for any ESI to be preserved.
  2. The description of ESI from sources that are not reasonably accessible because of undue burden or cost and that will not be reviewed for responsiveness or produced, but that will be preserved in accordance with Federal Rule of Civil Procedure 26(b)(2)(B).
  3. The description of ESI from sources that: (a) the party believes could contain relevant information; but (b) has determined, under the proportionality factors, is not discoverable and should not be preserved.
  4. Whether to continue any interdiction of any document-destruction program, such as ongoing erasures of e-mails, voicemails, and other electronically recorded material.
  5. The number and names or general job titles or descriptions of custodians for whom ESI will be preserved (e.g., “HR head,” “scientist,” “marketing manager”).
  6. The list of systems, if any, that contain ESI not associated with individual custodians and that will be preserved, such as enterprise databases.
  7. Any disputes related to scope or manner of preservation.

Liaison

  1. The identity of each party’s e-discovery liaison, who will be knowledgeable about and responsible for each party’s ESI.

Informal Discovery About Location and Types of Systems

  1. Identification of systems from which discovery will be prioritized (e.g., e-mail, finance, HR systems).
  2. Descriptions and location of systems in which potentially discoverable information is Stored.
  3. How potentially discoverable information is stored.
  4. How discoverable information can be collected from systems and media in which it is stored.

Proportionality and Costs

  1. The amount and nature of the claims being made by either party.
  2. The nature and scope of burdens associated with the proposed preservation and discovery of ESI.
  3. The likely benefit of the proposed discovery.
  4. Costs that the parties will share to reduce overall discovery expenses, such as the use of a common electronic-discovery vendor or a shared document repository, or other costsaving measures.
  5. Limits on the scope of preservation or other cost-saving measures.
  6. Whether there is relevant ESI that will not be preserved in accordance with Federal Rule of Civil Procedure 26(b)(1), requiring discovery to be proportionate to the needs of the case.

Search

  1. The search method(s), including specific words or phrases or other methodology, that will be used to identify discoverable ESI and filter out ESI that is not subject to discovery.
  2. The quality-control method(s) the producing party will use to evaluate whether a production is missing relevant ESI or contains substantial amounts of irrelevant ESI.

Phasing

  1. Whether it is appropriate to conduct discovery of ESI in phases.
  2. Sources of ESI most likely to contain discoverable information and that will be included in the first phases of Federal Rule of Civil Procedure 34 document discovery.
  3. Sources of ESI less likely to contain discoverable information from which discovery will be postponed or not reviewed.
  4. Custodians (by name or role) most likely to have discoverable information and whose ESI will be included in the first phases of document discovery.
  5. Custodians (by name or role) less likely to have discoverable information from whom
    discovery of ESI will be postponed or avoided.
  6. The time period during which discoverable information was most likely to have been
    created or received.

Production

  1. The formats in which structured ESI (database, collaboration sites, etc.) will be produced.
  2. The formats in which unstructured ESI (e-mail, presentations, word processing, etc.) will be produced.
  3. The extent, if any, to which metadata will be produced and the fields of metadata to be produced.
  4. The production format(s) that ensure(s) that any inherent searchability of ESI is not degraded when produced.

Privilege

  1. How any production of privileged or work-product protected information will be handled.
  2. Whether the parties can agree on alternative ways to identify documents withheld on the grounds of privilege or work product to reduce the burdens of such identification.
  3. Whether the parties will enter into a Federal Rule of Evidence 502(d) stipulation and order that addresses inadvertent or agreed production.

One Example Before the Games Begin

We are almost ready to play the e-Discovery Small, Medium or Large? Hive Mind Game. We will do so with thirty-two polls that are presented to the player in the same order as the Court’s checklist. To make sure the rules are clear (this is, after all, a game for lawyers, not kids) we start with an example, the first of the thirty-three items on the checklist. The court’s first item is to suggest that you Determine the range of creation or receipt dates for any ESI to be preserved.

The “right answer” to this first item is that this should be done in every case, even the small ones. You should always determine the date range of data to be preserved. In most cases that is very easy to do, and, as every lawyer should know, when in doubt, when it comes to preservation, always err on the side of inclusion. That means you should check the Small Case answer as shown in the “dummy poll” graphic below.

Checklist 1

We have set these polls up so that you cannot see the results, but you can leave private comments. We may do this again later and experiment with what happens when you can see the results. We will share the results (and some comments) when the game ends on January 1, 2019.

Now for the live polls and game proper. Note that several of the checklist items, including number two and three, which are the first two polls shown below, are so long that we had to paraphrase and shorten them to fit in the space allocated in the polling software. To see the original of all thirty-three items on the checklist, go to my prior blog explaining the list (highly recommended) or the court’s page.

Let the Games Begin!

We are now ready to begin playing the e-Discovery Hive Mind Game. So get ready to plug-in. Select an answer to each of the thirty-two polls that follow. After you vote, you also have a chance to leave a private comment to each poll, but that is optional and will not impact your score.

Checklist 2


________________________________________

Checklist 3

________________________________________

Checklist 4


________________________________________

Checklist 5


________________________________________

Checklist 6


________________________________________

Checklist 7


________________________________________

Checklist 8

________________________________________

Checklist 9

________________________________________

Checklist 10

________________________________________

Checklist 11

________________________________________

Checklist 12

________________________________________

Checklist 13

________________________________________

Checklist 14

________________________________________

Checklist 15

________________________________________

Checklist 16

________________________________________

Checklist 17

________________________________________

Checklist 18

________________________________________

Checklist 19

________________________________________

Checklist 20

________________________________________

Checklist 21

________________________________________

Checklist 22

________________________________________

Checklist 23

________________________________________

Checklist 24

________________________________________

Checklist 25

________________________________________

Checklist 26

________________________________________

Checklist 27

________________________________________

Checklist 28

________________________________________

Checklist 29

________________________________________

Checklist 30

________________________________________

Checklist 31

________________________________________

Checklist 32

________________________________________

Checklist 33

________________________________________

________________________________________

Congratulations! You have finished the Game and made your contribution to the e-Discovery Hive Mind. Look for results sometime in early 2018. You can then determine how your answers compared with the collective Hive Mind.

I will also let you know how the Hive Mind answers compared with my own. So you will have two chances to win. Anyone who matches all of my answers wins a free lunch with me in Orlando. Other prizes have yet to be determined. Vendors care to contribute some goodies? Perhaps Elon will donate a free trip to Mars, where I for one hope we don’t run into any Borg cubes, I don’t care how good their Hive Mind is.

In the meantime, please encourage your e-discovery friends and colleagues to join in the game. Teachers and Partners are invited to require their students and associates, paralegals to play too. Resistance is futile! Digging deep into this checklist is a great way to expand your knowledge and expertise of electronic discovery law and practice.

 

 

 

 

 

 

2 Comments | informaton, knowledge, Lawyers Duties, Metadata, New Rules, Related Legal Webs, Review, Search, Security, Spoliation/Sanctions, Technology, VENDORS, wisdom | Tagged: , , , , , , , , , , , | Permalink
Posted by Ralph Losey

Introduction to Hacker Way Philosophy

July 16, 2017

Ralph Losey – 7/16/17

I have spoken several times before concerning the Hacker Way philosophy. I have always focused on my work as a lawyer specializing in e-discovery. I have also included this philosophy in my teachings in this area of the law, including the use of AI in document review. See: the TAR Course;  HackerWay.org and HackerLaw.org.

The video talk in this blog takes it outside of the legal community so it can have maximum impact. I think it is important for everyone to understand the credo behind Facebook and most other 21st Century software tech companies. No one else seems to be talking about it, or sharing the secret sauce behind their success. That is contrary to the fundamental Hacker principle of Openness, so, as an old Hacker myself, I am stepping in to fill the gap. That’s just what I do. (Stepping-In is discussed in Davenport and Kirby, Only Humans Need Apply, and by Dean Gonsowski, A Clear View or a Short Distance? AI and the Legal Industry, and A Changing World: Ralph Losey on “Stepping In” for e-Discovery. Also see: Losey, Lawyers’ Job Security in a Near Future World of AI, Part Two.)

Facebook’ corp headquarters photo with symbols added.

In this below eleven minute video I am taking this sharing and openness to the next step. Here I address the five principles and related ideas of the Hacker Way as applied to life in general, not just my legal specialties. Hope you find this provides some value to our fast evolving computer culture. Please leave some comments, either here or at my new Facebook site: HackerWay.org.

___

___

If you have not already read Mark Zuckerberg’s original treatise on the Hacker Way, contained in his initial public offering Letter to Investors, I suggest you do so now. Also see my related ideas on history and social progress at Info→Knowledge→Wisdom.

I look forward to your comments.

Below is a graphic showing all nine concepts of the Hacker Way following the form of a enneagon or Nonagram, also known as a Star of Goliath.

 

2 Comments | informaton, knowledge, Lawyers Duties, Related Legal Webs, Security, Technology, wisdom | Tagged: , , , , , , , | Permalink
Posted by Ralph Losey

Control Sets in Legal Document Review are Inaccurate and Addition of a New First Class to the TAR Course

June 18, 2017

I cannot believe that the best document review vendors in the world, the ones that include active machine learning in their software, still include secret Control Sets in their built-in methodology. It was a mistake made by most vendors when predictive coding was first released years ago. It is well past time for vendors to own up to the mistake. Please modify your software to eliminate it before you do any more damage, both to yourself and, more importantly, the whole profession. Lose your fear of academic institutions and do what’s right. I am not naming names yet, but I may have to eventually. My patience is wearing thin. Maybe you can tell that from my video rant below, where I get so worked up that I use the “H” word. This is another new video for the e-Discovery Team’s TAR Course. It is included in the new First Class that we just added to the course.

Every day that vendors keep phony control set procedures is another day that lawyers are mislead on recall calculations based on them; another day lawyers are frustrated by wasting their time on overly large random samples; another day everyone has a false sense of protection from the very few unethical lawyers out there, and the very many not fully competent lawyers; and another day clients pay too much for document review. Stop shooting yourself in the foot software vendors. And lawyers, stop using control sets in your methods. Do not just do what vendors tell you to do. Demand that your vendor change its software or at least show you how to use it without secret control sets.

The method of predictive coding taught here has been purged of vendor hype and bad science and proven effective many times. We know that the secret control set almost never works and it is high time it be expressly abandoned. Here are the main reasons why: (1) relevance is never static, it changes over the course of the review; (2) the random selection size was typically too small for statistically meaningful calculations; (3) the random selection was typically too small in low prevalence collections (the last majority in legal search) for complete training selections; and (4) it supposedly required a senior SME’s personal attention for days of document review work, a mission impossible for most e-discovery teams.

The e-Discovery Team calls on all vendors of advanced AI software for document review to stop using secret control sets and phase it out of their software.

New First Class Added to the TAR Course

We also added a new class on the historical background of the development of predictive coding. We felt that it was important to clarify the many conflicting claims and procedures still out there in the e-discovery marketplace. We made this historical discussion the First Class to the TAR Course. This class also includes a discussion of predictive coding patents. Yes. They are lots of fun.

This new First Class expands the number of classes from sixteen to seventeen (a prime number). We feel pretty good about this expansion. Sure, with more time we could have made the class writings a little shorter, but still we think it is an improvement over my prior writings on the subject of control sets. Hopefully repetition will help in your learning of this initial, difficult material in the TAR Course.

 

 

Comments Off on Control Sets in Legal Document Review are Inaccurate and Addition of a New First Class to the TAR Course | Evidence, informaton, knowledge, Lawyers Duties, Metadata, New Rules, Related Legal Webs, Review, Search, Security, Technology, VENDORS, wisdom | Tagged: , , , , , , , , | Permalink
Posted by Ralph Losey

Attorney’s Duty of Confidentiality and the New ABA Ethics Opinion 477: ‘Securing Communication of Protected Client Information’

May 15, 2017

This essay focuses on a lawyer’s ethical duty of confidentiality. It consists of a video of my lecture on this subject discussing the main ethics opinions on electronic communications and encryption. Just a few days after the video was made, the American Bar Association Standing Committee on Ethics and Professional Responsibility published an important new Formal Opinion 477 (May 11, 2017) entitled Securing Communication of Protected Client Information. This new Opinion is covered in some detail after the videos.

The duty to protect a client’s secrets is so important that I have also added these videos to the eighty-five class e-Discovery Team Training course in Module 4-K.  I have also added the written discussion on the new Formal Opinion 477.

Rule 1.6 – Confidentiality of Information

The following Duty of Confidentiality lecture is based on the ABA Model Ethics Rule 1.6 – Confidentiality of Information:

(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

See eg: NY Bar Opinion 749, 2/21/17 (“Duty to protect a client’s confidential information from cybersecurity risk and handling e-discovery when representing clients in a litigation or government investigation.”)

______

See: ABA Formal Op. 99-413 (Mar. 10, 1999):

A lawyer may transmit information relating to the representation of a client by unencrypted e-mail… because the mode of transmission affords a reasonable expectation of privacy from a technological and legal standpoint.

Also see: Cal. Op. 2010-179

Encrypting email may be a reasonable step for an attorney to take … when the circumstance calls for it, particularly if the information at issue is highly sensitive and the use of encryption is not onerous.

See: State Bar of Texas, Opinion 648 (2015) that identified several instances where encryption or some other method of security may be appropriate, including:

  • communicating highly sensitive or confidential information via email;
  • sending an email to or from an account that the email sender or recipient shares;
  • sending an email to a client when it is possible that a third person (such as a spouse in a divorce case) knows the password to the email account, or to an individual client at that client’s work email account, especially if the email relates to a client’s employment dispute with his employer (see ABA Comm. on Ethics and Prof’l Responsibility, Formal Op. 11-459 (2011));
  • sending an email if the lawyer is concerned that the NSA or other law enforcement agency may read the lawyer’s email communication, with or without a warrant.

May 11th 2017 ABA Opinion: Securing Communication of Protected Client Information

After I created the above video the ABA published a new opinion on lawyer confidentiality, Formal Opinion 477 (May 11, 2017) (hereinafter “Opinion“). The Opinion was written by the American Bar Association Standing Committee on Ethics and Professional Responsibility. It addresses the reasonable efforts lawyers and law firms must take to ensure that communications with clients are secure and not subject to inadvertent or unauthorized security breaches. It updates Formal Opinion 99-413 quoted above and discussed in the video. This update was sorely needed and very well done. My congratulations to the Committee. I expect many state Bars to follow and adopt this ABA recommendation. I urge you to carefully read this new Opinion in full. Here is the ABA introductory synopsis:

Securing Communication of Protected Client Information

A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.

The Standing Committee on Ethics and Professional Responsibility goes on to explain in the Opinion how much things have changed since the 1999 opinion on the use of unencrypted email.

[T]he term “cybersecurity” has come into existence to encompass the broad range of issues relating to preserving individual privacy from intrusion by nefarious actors throughout the Internet. Cybersecurity recognizes a post-Opinion 99-413 world where law enforcement discusses hacking and data loss in terms of “when,” and not “if.”4 Law firms are targets for two general reasons: (1) they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client, and (2) the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.5

Opinion pg. 2.

The Standing Committee again “rejects requirements for specific security measures (such as firewalls, passwords, and the like)” and stays with the “reasonable efforts” standard. This somewhat controversial position is made in reliance of the ABA Cybersecurity Handbook (ABA 2013) which, instead of mandating specific security measures such as encryption:

… adopts a fact-specific approach to business security obligations that requires a “process” to assess risks, identify and implement 101 appropriate security measures responsive to those risks, verify that they are effectively implemented, and ensure that they are continually updated in response to new developments.12

Opinion quoting Cybersecurity Handbook at pg. 4. You see the Committee is moving slowly and cautiously. That is prudent here because so much training is required to bring the Bar up to speed on the many arcane technicalities involved in cybersecurity and encryption. This is fast becoming The Hot Specialty in the legal profession. Electronic Discovery is so yesterday. If I were not so involved in the AI aspects of searching for evidence in near-infinite haystacks of information, I would try to include this specialty too. But for now at least it is too challenging to try to do both at once.

The Opinion points out that a fact-based analysis means that strong protective measures, like encryption, are necessary in some circumstances. Encryption software and use-procedures are becoming easier. Now any intelligent person can understand the processes and use them effectively, not just cryptologists. All lawyers should either learn this or associate with an attorney who does. We all need more training in this area, myself included, to stay competent in the fast-moving information explosion era. All of the illegal hacking going on today is outrageous.

In other circumstances involving certain highly sensitive information (such as, in my opinion, classified military information, or certain trade secrets sought by Chinese corporations, as well as certain personal and corporate divorce investigations or political) it may be reasonable to avoid electronic communications altogether. Opinion at pgs. 4-5.

But in most circumstances,

… for matters of normal or low sensitivity, standard security methods with low to reasonable costs to implement, may be sufficient to meet the reasonable efforts standard to protect client information from inadvertent and unauthorized disclosure.

Opinion at pg. 5.

The Committee does not specify the reasonable efforts required in such matters, but does say that “unencrypted routine email generally remains an acceptable method of lawyer-client communication.” Opinion pg. 5. The Opinion at pgs. 5-10 then provides a list of considerations as guidance:

  1. Understand the Nature of the Threat.
  2. Understand How Client Confidential Information is Transmitted and Where It Is Stored.
  3. Understand and Use Reasonable Electronic Security Measures.
  4. Determine How Electronic Communications About Clients Matters Should Be Protected.
  5. Label Client Confidential Information.
  6. Train Lawyers and Nonlawyer Assistants in Technology and Information Security.
  7. Conduct Due Diligence on Vendors Providing Communication Technology.

Well done by the Committee. An update on this topic was sorely needed. Now a wide-spread education program to explain the seven guidance points is in order. Time will tell how long this complex technical guidance will suffice. How long will it be before encryption of some level becomes a per se rule. How long before encryption is required in all attorney communications. It will be required some day, of that I am sure. Just not today. Still, if I were the Committee I would be working on a draft.

My Prediction of Future Tightening of Attorney Ethics Due to Increased Cybersecurity Concerns

The Opinion is the last word for now, but I predict that sometime within the next five years the American Bar Association Standing Committee on Ethics and Professional Responsibility will agree on a new Formal Ethics Opinion. The next opinion will, I predict, require encryption in all electronic communications and all Electronic Information, whether in transit or in storage. The “it depends” exceptions in the current Opinion will be eliminated. The predicted opinion will likely impose additional duties on attorneys and law firms to protect client data.

The expected expanded duties will cause disruptive change to the profession. It will be difficult for many lawyers and law firms to keep up. But I predict the Bar will have no choice but to do so because of accelerating advances in hacker technology. These advances will further empower criminal and state hacking. We are already seeing these developments now. See eg.: Perlroth & Sanger, Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool (NYT, 5/12/17); Keren Elazari, We must act now to prevent future malware epidemics (Financial Times, 5/14/17).

The development of Bitcoin and other anonymous currencies adds to our problem because they facilitate untraceable extortion payment schemes, one form of which is known as ransomware. We are seeing this now in the WannaCry exploit. Damian Privitera, Global Cyberattack Exploits Known Vulnerabilities  (Jackson Lewis, 5/15/17); What is WannaCry and how does ransomware work? (The Telegraph, 5/13/17); WannaCry cyber attack (wikipedia); Scott & Wingfield, Hacking Attack Has Security Experts Scrambling to Contain Fallout (NYT 5/13/17).

Unprotected email, websites and other ESI repositories are an invitation to blackmail. Illegal hacking tools are already easily available to any criminal or script kiddie with rudimentary computer skills. It is no longer the exclusive area of the hacker elite.  Nothing is safe without back-ups, encryption and other protections, including attorney client communications and law firm ESI. Even mundane communications have metadata value that may help hackers. The situation grows worse every year. As a result, lawyers will, in five years or so, likely be required to use encryption and other confidentiality tools in all communications, include the mundane. It will be automatic. There will be no if and or buts.

In view of what seems to be an inevitable requirement of full encryption, all lawyers and law firms should start preparing now. Your CISOs and attorneys should start working together on this requirement as soon as possible. See eg., Lazzarotti, et al, Ransomware Attacks: Prevention and Preparedness (Jackson Lewis, 5/14/17). It never hurts to stay ahead of the curve. You will succeed if you work together as a team for the common good. Neither technologists nor lawyers should dominate. Natural leader(s) of the team can emerge from both sides and change over time. The use of outside specialists is, as always, a key ingredient for success, not only for the expertise, but also for the objective perspective.

Conclusion

Confidentiality is a critical problem facing all lawyers today. We all need to stay proficient in this area, including especially the uses of encryption. The smooth operation of our system of justice depends on the confidentiality of the attorney client relationship. Lawyers must be able to maintain  the secrecy of their clients’ ESI. They must also protect their own work-product, including investigations, strategies, mental impressions and communications. The ABA Formal Opinion 477 (May 11, 2017) is a helpful addition to this literature. But it is, I think, just a harbinger of even more stringent ethical requirements to come. The increasing cyber dangers and failures of security will force the ABA to go much further than this. We all need to spend more time increasing our knowledge in this important area.

For further reading I suggest the following articles and information resources.

  1. Joe Lazzarotti

    R. Losey, eDiscoverySecurity – Addresses cybersecurity issues from an e-discovery perspective.

  2. Joseph J. Lazzarotti, Damon W. Silver (Jackson Lewis), Data Privacy Primer for Law Firms (April, 2017). Excellent resource of all lawyers.
  3. Lazzarotti and Silver, Cybersecurity Risk Management for Law Firms (April 5, 2017) (requires registration, but is free). Jackson Lewis CLE Webinar.
  4. Jackson Lewis blog, Workplace Privacy, Data Management & Security Report.
  5. Lazzarotti, Law Firms: Updated Cybersecurity Primer and Other Resources (Jackson Lewis, 5/15/17).
  6. Lazzarotti, et al, Ransomware Attacks: Prevention and Preparedness (5/14/17).
  7. Ethics Opinions Related To Technology (Calif. Bar).
  8. ABA Legal Technology Resource Center.
  9. ProtonMail.com – Free Encrypted Email.
  10. GoldenFrog.com – Internet Security, Encryption.
  11. Confide – Confidential Text Messages, Encryption Plus.

Comments Off on Attorney’s Duty of Confidentiality and the New ABA Ethics Opinion 477: ‘Securing Communication of Protected Client Information’ | Evidence, Forensic Exam, informaton, knowledge, Lawyers Duties, Metadata, New Rules, Related Legal Webs, Review, Search, Security, Spoliation/Sanctions, Technology, VENDORS, wisdom | Tagged: , , , , | Permalink
Posted by Ralph Losey

« Previous Entries
%d bloggers like this: