We re-print here a short article from the ABA Journal of October 5, 2015 which provides some numbers for various concerns we often express to law firms when we find security issues with electronic communications that might negatively impact their clients, in particular whistleblowers and qui tam relators:
If you’ve ever received an email from a lawyer, it’s common to see a long statement at the end saying that the contents of the email are confidential and disclosure is strictly prohibited. For the vast majority of lawyers, that’s enough to ensure that client communications remain confidential.
According to a blog post at LawSites by Robert Ambrogi, based on the results of the 2015 edition of the American Bar Association’s annual Legal Technology Survey Report, which is compiled by the American Bar Association’s Legal Technology Resource Center, attorneys have been slow to adopt more secure forms of communication with clients.
According to Ambrogi, the survey found that 71 percent of participating attorneys rely on that disclaimer in the body of the email and that only 35 percent of lawyers use email encryption. That 35 percent has remained largely consistent over the years, Ambrogi states, despite the fact that lawyers and law firms are increasingly wise to the damage cyberattacks can do.
“I simply do not understand the logic of this,” Ambrogi said. “If the confidentiality statement is inside the email, then by the time anyone sees it, they’ve seen the email. It is akin to putting a note inside a box that says, ‘Do not open this box.’” What’s worse, according to Ambrogi, is that a third of the lawyers who do use encrypted email can’t identify what kind of encryption they use. According to the study, a majority of lawyers in firms with 500 lawyers or more will use encrypted email, while 41 percent of lawyers in firms of 100 to 499 lawyers use it. For solo practices, less than a quarter encrypt their emails.
As for other forms of security, the survey found that just over one-fourth of participating lawyers say that they rely on confidential disclaimers in email subject lines. Only 17.5 percent say they password-protect emailed documents, while less than 5 percent use registered email.