New NYCLU Report Details Guidelines for Digital Legal Confidentiality
NEW YORK — Today the New York Civil Liberties Union released Legal Cybersecurity in the Digital Age a report outlining the threats new technologies pose to the attorney-client relationship, including hacking, government mass surveillance, and data breaches. The report identifies the lack of preparedness in the legal world to accommodate digital work, especially as the COVID-19 crisis makes digital representation likely for the foreseeable future.
“The COVID-19 crisis has exposed this digital security gap in an alarming way, and the increasing use of digital communications for client matters necessitates permanent changes to legal ethics rules,” said Jonathan Stribling-Uss, a technologist fellow at the NYCLU and the author of the report. “Client trust is founded on the promise of confidentiality. And for this promise to be realized in our increasingly digital age, a new generation of ethics rules is required. This is especially imperative for attorneys serving more vulnerable clients whose privacy from the government and bad actors is crucial.”
The report proposes a set of actions that attorneys and clients can take to maintain the security of online communications, as well as advocacy that clients and attorneys can engage in within professional organizations to ensure broad, permanent ethical rules that reflect the risks of modern communication and surveillance.
“Evidence is clear that our clients face multiplying digital threats, and the legal profession is accountable for allowing these foreseeable risks to proliferate.” said Peter Micek, General Counsel, Access Now; Lecturer, Columbia University, School of International and Public Affairs. “New York State should be at the forefront of adopting new technologies to protect client confidence. Instead, as this insightful study shows, we’re behind the curve — and our most vulnerable, low-income clients suffer most. The author shows the path towards affordable, practical tools and workflows every lawyer should use. We demand that legal authorities see the flags and heed the message.”
Other professional sectors have come to this recognition faster than lawyers. For example, New York financial services industry is now required to engage in basic digital security, like two-factor authentication and encryption. But the legal profession still lacks such uniform security requirements and as a result more than 100 firms suffered data breaches since 2014 and in New York State, the number of unique law firm data breaches recently doubled, impacting nearly 1,500 individuals.
“While it centers New York, the NYCLU’s report on Legal Cybersecurity for a Digital Age highlights concerns that bar associations, law offices, and anyone with a nexus to legal work should share,” said Ken Montenegro, JD, Technology Director, Center for Constitutional Rights. “Namely, the report highlights how far behind the legal sector is in protecting legal data and invites the legal system at large to take steps to mitigate some of the risks associated with the use of technology. Copiously footnoted, this paper might also be of interest to folks fighting surveillance and researching data stewardship or security.”
“The dual threats of government surveillance and private bad actors continue to increase. The legal community is not immune. In fact, we are targets” said Jerome D. Greco, Digital Forensics Supervising Attorney, Digital Forensics Unit/Criminal Defense Practice “Attorneys and law offices have an obligation to protect their clients’ information and adopt necessary changes to meet that responsibility. Legal professional associations in New York can provide much needed guidance and resources for attorneys entering or already operating in this new digital world.”
The report outlines the duty lawyers should uphold to encrypt their communications with free and open source software as well as to clearly communicate and navigate risks with clients, which have become far more commonplace as court proceedings take place largely online during the pandemic.
“It is wrong to force New Yorkers to use insecure digital platforms just to have their day in court,” said Surveillance Technology Oversight Project Executive Director Albert Fox Cahn. “The risk of the state using this sort of technology not only undermines individuals’ rights, it undercuts the rule of law. Lawyers’ duty of confidentiality doesn’t disappear in a pandemic. Encryption is indispensable to effective lawyering in the digital age. Without end-to-end encryption, lawyers expose our clients’ secrets and undermine their case.”
You can find a full copy of the report here: https://www.nyclu.org/en/publications/legal-cybersecurity-digital-age
Every month, you'll receive regular roundups of the most important civil rights and civil liberties developments. Remember: a well-informed citizenry is the best defense against tyranny.
The latest in Privacy & Technology
The American Civil Liberties Union is a nonprofit organization whose mission is to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States of America.
Learn More About Privacy & Technology
The ACLU works to expand the right to privacy, increase the control individuals have over their personal information, and ensure civil liberties are enhanced rather than compromised by technological innovation.