Preserving E-Meeting Confidentiality
New Jersey Law Journal
December 12 , 2005
Information exchanged during e-meetings is subject to the same Constitutional protections and requires the same precautions as traditional meetings. The nature of the Internet requires that content of e-meetings be recorded, digitized and passed through a number of third-party computers, each of which makes a lawful copy of the e-meeting-related recorded data that passes through it. Consequently, those who seek to preserve e-meeting confidentiality must take actions unnecessary for traditional meetings.
Internet meetings may take a number of forms. To some extent, they share this feature with traditional meetings. With e-meetings, the preservation of legal rights, and the necessity for technological and legal intervention depends on the facts and circumstances associated with the over-air or over-wire meeting.
With that in mind, let’s examine some of the history of the electronic meeting. Initially, online meetings were hosted on Internet sites where users could place and find sources of information. For example, a site might have been a connection mechanism for lawyers and other advocates involved in efforts to provide civil legal assistance to low-income people. Such e-meetings typically included discussion and documentation of the future of legal services, an online national hotline directory and Web pages for the other Internet resources that might be used by the people running, or participating in, these nascent “e-meetings,” or to which lawyer-users might refer clients.
Shortly after that, chat rooms became online meeting places in which people could communicate in "real time" with one another and not visit a site to download or upload “messages” or “communication” for the meetings. At such sites, the messages, and responses to them by others, were viewable almost instantaneously.
Subsequently, other types of Internet technologies allowed e-meetings to take on more of the characteristics of traditional in-person meetings. Consider Internet counseling, for instance. In addition to e-mail therapy and interactive programming, practitioners also use Internet Talk and Internet Relay Chat (IRC). IRC practitioners can circumvent the inability to conduct sustained dialogue that e-mail imposes on such distant or merely technologically facilitated relationships and participate in an exchange that is a respectable approximation of free association. IRC allows Internet users to participate in a party-line type of conversation and, hence, an Internet meeting. This is already a popular format for self-help groups that conduct online meetings using commercial online service "chat rooms." Interactions with physicians and other health counselors, and online discussions among members of these groups other than between just client and counselor, also are a common occurrence.
Similar to IRC, other Internet technologies allow electronic communications with clients and communal editing of documents by people at different locations via electronic connections over the Internet. Typically, such e-meetings involve real-time joint editing of documents. Precautions in these instances against confidential information “leaking” out to unauthorized or untrained sources must be taken, just as in a concrete setting. Counsel’s responsibility to protect privileged information isn’t waived by the location – virtual or real – of the meeting, and participants are also subject to the same rules, such as defamation or, in the case of a typed communication, libel, during online and other types of “e-meetings.” These are considerations important to note because during e-meetings, lawyers aren’t the only participants held to ethical and legal standards concerning the sharing, disclosure or promulgation of information. Indeed, all participants must be mindful of what or written, and to whom and why, just as they might be in a boardroom.
Web-casting is another type of popular e-meeting. As demonstrated by companies that have Webcast annual shareholder meetings, e-meetings may be used to fulfill statutory meeting requirements. In particular, several corporations incorporated in Delaware, that bastion of easy-on-corporate incorporations – have used the Internet for these events. For instance, the Bell & Howell Co. broadcasted its annual shareholder meeting in 1996 on the Internet. The company accommodated 230 individuals listening to the meeting online. Fifteen people submitted questions via e-mail, all of which were answered.
The most recent type of e-meeting to come into vogue is the Internet telephone meeting. It has all the characteristics of a traditional telephone meeting, except that due to the intrinsic nature of the Internet, the content is lawfully available to the many intermediary Internet services that provide the link between the participants.
In additional to preserving legal privileges, lawyers must be concerned with their ethical responsibility to preserve clients’ confidential information. Such information may relate to the client personally or to a business enterprise in which the client is involved. In short, attorneys are required to maintain the confidentiality of most client information, even though the meetings being held appear to be “open” because they are being conducted on the Internet. Again, e-meetings in this sense are just like meetings held in bricks-and-drywall rooms.
Let’s take another look at some similarities and differences of traditional in-a-place meetings and e-meetings. For one thing, in any context involving counsel, a lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer. When participating in an e-meeting, then, logically, that safeguarding covers information relating to the representation of a client, and the lawyer must take reasonable precautions to prevent the information from falling into the hands of recipients who are not intended to have it. This duty, however, does not require that the lawyer use special security measures, if the method of communication affords a reasonable expectation of privacy.
It is important to realize that the concept of a reasonable expectation of privacy in a context of individual and group Internet activities is one in which we are constantly shifting. In an area like privacy, regardless of the current answer to the question "is a reasonable expectation of privacy on the internet?", this issue will be constantly reevaluated first by member of individual juries, and then by legislator seeking to pass law with respect to this matter. In short, since this matter is both unsettled and likely to change, it would not be advisable to rely a personal expectation such as an online meeting, say, done on an unsecured wireless network, enough for “reasonable expectation of privacy, but one on an open network be a violation of privilege. Rather, attorneys should advise their clients to take action which is at least slightly beyond the generally expected procedure for securing e-meetings.
The history of judicial limitations of wiretapping during the period preceding the Wiretap Act maybe useful for understanding what may be in store for future cases involving e-meeting privacy expectations. At the extremes, Justice Douglas repeatedly supported the practice and Justice Black consistently defended it (See United States v. White, 401 U.S. 745, 756 (1971) (Douglas, J., dissenting); Katz v. United States, 389 U.S. 347, 364 (1967) (Black, J. dissenting)). Other Justices took seemingly contradictory positions. For example, Justice Stewart wrote the majority decision in Katz v. United States that extended constitutional protection to wiretapping and eavesdropping and Justice Harlan formulated the "reasonable expectation of privacy" test in a concurring opinion.
Another aspect of the duty of counsel in e-meetings bears on the fact that attorneys often use non-attorneys to support meetings electronic and traditional, and ethics rules make an attorney responsible for ensuring that such third-party non-attorney personnel comply with the ethics obligations that bind the attorney. That means that an attorney must take appropriate steps to ensure that all personnel, including technology staff, safeguard confidential client information. As noted above, simply attempting to guess at what a jury will judge to be "reasonable expectations" is not appropriate when such expectations are in flux, rather due diligence is necessary.
To preserve the confidentiality and associated legal privilege, practitioners and clients engaging in e-meetings, and e-meeting practitioners, must use password and encryption technology or such legal apparatus as confidentiality agreements. In the case of attorney e-meetings, ethics rules generally require attorneys to take reasonable steps to ensure that client confidentiality is maintained – by the attorney and other employees, and by agents who have access to client information during the meeting or at other times when data concerning the meeting is accessed.
Of course, reasonableness – which is a basic standard used in negligence law – is, like the power, reliability and security of technology, a variable standard. The existing state of technology, the general customs in a particular profession and potential risks involved in each of these categories, plus the gray areas that intersections of these concerns may produce, all are factors in someone determining what reasonableness is. Cost and the expectation of privacy, for example, are factors that e-meeting participants and advising counsel can apply in determining which preservation techniques to use.
Another aspect of preserving privilege and confidentiality is that third-party services are almost always used for online meetings. Consequently, third parties may possess electronic information concerning an e-meeting. For example, a third party may administer a company's Internet or intranet service, or may possess backups of the content of the e-meeting exchanges – or a combination of these situations. To preserve certain legal privileges, then, their presence must be addressed via application of peer-to-peer encryption technology or a confidentiality agreement. To achieve this result, the Internet communication industry might follow the example of the health industry as it implements Health Insurance Portability and Accountability Act ("HIPAA"). In particular, HIPAA has implemented standards with respect to reasonable expectations associated with information sharing, such as securing informed consent.