By Peter Andres*
![]() |
The National Security Agency at Fort Meade | Photo courtesy of the Department of Defense |
Since May 2013, each month we have learned a little more
about the trove of
documents that Edward Snowden took from the National Security Agency (NSA).
And with each revelation the scope of the U.S. spying program continues to
grow. To date, public
opinion appears to be split between those that casually brush off the
spying with a “what do I have to hide?” attitude, while others finds the
revelations a much more insidious invasion of privacy.
For lawyers working on matters with international clients
based outside of the United States, the Snowden revelations raise practical issues
that impact their practice given the scrutiny international communications
receive under NSA surveillance programs.
As a Washington
Post article noted in October, “intercepting communications overseas has
clear advantages for the NSA … [bulk] collection of Internet content would be
illegal in the United States, but the operations take place overseas, where the
NSA is allowed to presume that anyone using a foreign data link is a foreigner.” The Snowden disclosure has particular
resonance for attorney communication with non-U.S. citizen clients, who still
may be subject to U.S. jurisdiction. If
a confidential communication is sent to a Gmail account or another U.S. e-mail service
provider and sent to a data center in Asia, should it be assumed that the NSA
has access to it?
The issue raises professional responsibility concerns under
Rule 1.6 (c) of the Model Rules of Professional Responsibility, which states
that “a lawyer shall make reasonable efforts to prevent the inadvertent or
unauthorized disclosure of, or unauthorized access to, information relating to
the representation of a client.” Furthermore,
comment 19 of Rule 1.6, notes that “when
transmitting a communication that includes information relating to the
representation of a client, the lawyer must take reasonable precautions to
prevent the information from coming into the hands of unintended recipients.
This duty, however, does not require that the lawyer use special security measures
if the method of communication affords a reasonable expectation of privacy...”
While some may find it personally unsettling that the U.S.
government could be reading e-mail communications with a spouse or family
member, it is far more troubling to learn that confidential communications with
clients could be the subject of U.S. government review. For example, consider
a hypothetical member of a corporate audit committee of foreign company that
trades ADRs on the NYSE. The audit
committee member sets up an account with an e-mail service provider, such as Gmail
or Hotmail, for communications related to their service on the Board. Suppose
the audit committee member engaged
outside counsel to carry out an internal investigation of a criminal matter. Can an attorney send a report that details
preliminary findings of a criminal investigation through these e-mail channels
and still presume it will remain confidential and not permit unauthorized
access to the details of the representation? The Snowden revelations
raise further questions about the privacy of e-mail communications, especially
overseas, and the nature of attorney-client communications. In the post-Snowden environment, attorneys will
be pressed to consider whether “special security measures” should be
implemented for the communications with non-U.S. clients and whether a
“reasonable expectation of privacy” still exists, given the high likelihood the
NSA collects these communications.
0 comments:
Post a Comment