In my Nov. 7, 2011, column, I predicted that a cloud computing backlash was on the horizon. I explained that the mid-1990s negative response to email was about to occur with cloud computing as well.
By way of background, in the mid-1990s, as part of a knee-jerk reaction to the emerging technology of email, a number of bar association ethics committees initially required that attorneys obtain client consent before email could be used, see, for eg., South Carolina (Opinion 94-27 1995) and Iowa (Iowa Ethics Opinion 96-1 1996).
But then, in 1999, the American Bar Association reversed that trend — in the face of the overwhelming societal acceptance of email — when it issued ABA Formal Opinion No. 99-413. In that opinion, the committee determined that client consent regarding the use of email was unnecessary. By doing so, the committee implicitly condoned attorneys’ use of unencrypted electronic communications with their clients.
Now, in 2012, email is old school and cloud computing is the new unknown — at least for the legal field, although it’s already gained mass acceptance across the board and is the basis for the Internet as we now know it.
Nevertheless, despite regular use of cloud computing by the vast majority of businesses, it isn’t surprising that our profession is overreacting to cloud computing just as it did with email. This is so even though cloud computing is inherently more secure than email since with most cloud computing platforms, unlike email, the data is sent via a secure connection, and in many cases, is either encrypted en route or is encrypted while stored on third party servers.
As I noted last November, I believed that a cloud backlash was on its way based on the language used in ABA Formal Opinion No. 11-459, wherein the committee issued its decision on the use of email in employment cases by clients via employer-owned technologies. In that opinion, the committee essentially reversed its decision in Opinion 99-413, discussed above, and stated that a “lawyer sending or receiving substantive communications with a client via email or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or email account, to which a third party may gain access.”
Then, I was further alarmed when I learned that the ABA Commission on Ethics 20/20, which was formed to “perform a thorough review of the ABA Model Rules of Professional Conduct and the U.S. system of lawyer regulation in the context of advances in technology and global legal practice developments,” indicated in its September report that it had asked the ABA Standing Committee on Ethics and Professional Responsibility to clarify the circumstances in which client consent might be required when law firms utilize nonlawyer services such as cloud computing providers since “(t)he proposed Comments do not describe the lawyer’s obligation to obtain consent when disclosing confidential information to nonlawyer service providers outside the firm…(and there are) situations where client consent might be advisable or required.”
Just as I feared, the impact of the ABA’s intimation that client consent may be required when law firms store confidential data in the cloud is far reaching. In fact, the Massachusetts Bar Association seems to have taken its cue from the ABA in the recently issued MBA Ethics Opinion 12-03 and now requires that in Massachusetts, a lawyer is “bound to follow an express instruction from his client that the client’s confidential information not be stored or transmitted by means of the Internet, and that he should refrain from storing or transmitting particularly sensitive client information by means of the Internet without first seeking and obtaining the client’s express consent to do so.”
In reaching this determination, the MBA specifically cites to the ABA’s Commission on Ethics 20/20 “Issues Paper Concerning Client Confidentiality and Lawyers’ Use of Technology,” dated Sept. 20, 2010, that I discussed previously.
So, as occurred in the mid-1990s, the ethics committees that set the tone for our profession are creating roadblocks to the implementation of a technology, cloud computing, which has already gained mass acceptance in our society. Since knee jerk reactions in the face of innovation and change are the old stand-by for our profession, I’m not at all surprised by this recent turn of events. Disappointed and discouraged, but not surprised.
Nicole Black is VP at MyCaseInc.com, a cloud-based law practice management platform. She is also of counsel to Fiandach & Fiandach in Rochester and is a GigaOM Pro analyst. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She speaks regularly at conferences regarding the intersection of law and technology. She publishes three legal blogs and can be reached at firstname.lastname@example.org.