E-mail Privacy: an Oxymoron?

Publication year2021
CitationVol. 78

78 Nebraska L. Rev. 386. E-mail Privacy: An Oxymoron?


Micalyn S. Harris*

E-mail Privacy: An Oxymoron?


I. Introduction .......................................... 386
II. The Issue ............................................. 388
III. Author's Summary .................................... 388
IV. Factual Background................................... 389
V. Case Law Regarding the Attorney-Client and
Related Attorney Work-Product Privileges ............. 392
VI. Summary of Ethics Committee Opinions Regarding
E-mail Communications ............................... 394
VII. Case Law regarding Use of E-mail .................... 395
VIII. The Risks ............................................. 397
IX. Recommendations: Reducing the Risks ................ 407
X. Conclusion ............................................ 410


Electronic communication, "e-mail," is wonderful. It provides fast, efficient, inexpensive, seemingly instant communication. No more tel-ephone tag. No more overnighting documents via expensive messen-ger services. No wonder the use of e-mail is burgeoning. Even the most computer-phobic lawyers have embraced it.

Articles in newspapers and professional journals have alerted lawyers to the possibility that the absolute confidentiality of unencrypted e-mail traveling across the Internet cannot be assured. Concerns re-garding the possibility that using e-mail may, in some circumstances, effectively waive the attorney-client privilege 1 have led several states to adopt legislation providing that the use of e-mail, in and of itself,


does not destroy the attorney-client privilege.2 Some state ethics committees have taken the position that, because of the possibility of interception, e-mail should not be used for attorney-client communication unless the messages are encrypted or the client has been made aware of the risk and consented to use of the "insecure" communication.3 Other state ethics committees have taken the position that use of e-mail is no more subject to interception than is a telephone conversation, and therefore, there is a reasonable expectation that e-mail will remain private, making use of unencrypted email across the Internet ethically acceptable.4

E-mail has been likened to cellular telephones,5 landline telephones, 6 and use of postcards through the United States Postal Service. 7 At least one court (in considering the nature of unencrypted Internet transmission of sexually explicit materials) has recognized that it is not appropriate to consider e-mail to be a "sealed" mode of transmission.8 The court, however, suggested that cautionary lan


guage similar to that commonly used on facsimile transmissions might be sufficient protection,9 thus analogizing e-mail to those trans-missions. The absence of uniformity indicates that none of these analyses is sufficiently persuasive to be regarded as definitive.

As a result, state bar associations, ethics committees, and commentators have taken positions ranging from (i) e-mail is not so insecure as to constitute failure to protect client confidentiality obligations, to (ii) e-mail, at least unencrypted e-mail traveling across the Internet, is that insecure, and therefore use of unencrypted e-mail traveling across the Internet may, in some cases, risk both a waiver of the attorney- client privilege and a breach of the lawyer's ethical obligations to protect clients' confidential information.


The central issue is: What are the legal, ethical and practical considerations involved in utilizing e-mail for attorney-client communication? Subsidiary issues include: Will the use of e-mail, in and of itself, risk forfeiting the attorney-client privilege in connection with a demand for discovery, on the ground that communication across the Internet via e-mail has been likened to sending a postcard through the mail, and using a postcard to communicate information may be seen as indicating that the information is not regarded by the sender as confidential? Even if the attorney-client privilege is not at risk, will an attorney using unencrypted e-mail be vulnerable to accusations of unethical practice for failure to protect a client's confidences? Is the use of e-mail, even if not unethical or a risk to the attorney-client privilege, unwise because there is a high risk of unintended disclosure with resulting damage to the attorney-client relationship?


The author believes that the use of e-mail, in and of itself, should not waive the attorney-client or work-product privileges and should not, in and of itself, subject an attorney to liability for ethical violations or claims of unethical behavior based on a failure to adequately protect client confidences.

On the other hand, lawyers, and their clients, need to consider the fact that e-mail is a unique form of communication. E-mail feels like a telephone conversation, but technically, it is quite different, and produces a document that is likely to be casually worded and long-lived. Accordingly, attorneys and their clients are well advised to become familiar with their e-mail systems and to develop policies and proce


dures designed to assure maximally-effective use and minimize the risk of unintended and inappropriate disclosure.

For purposes of analyzing whether attorney-client privilege is at risk, the key issue is whether, in communicating by e-mail, an attorney and client have a reasonable expectation of privacy. Because the factual situations and contexts in which e-mail is used vary widely, whether particular arrangements provide a "reasonable expectation of privacy," and thus conform to the evidentiary standard required in connection with asserting attorney-client privilege, is likely to be a question of fact.

Whether there is a sufficient "reasonable expectation of privacy" to support an assertion of the attorney-client and work-product privileges, which are rules of evidence, is separate from the issues relating to whether use of unencrypted e-mail raises ethical issues regarding potential failure to treat confidential client communications as confidential. In order to emphasize that distinction and separate facts, case law, and theoretical discussion, this article is divided into five sections: Factual Background; Case Law Regarding the Attorney-Client and the Related Attorney Work-Product Privileges; a Summary of State Ethical Opinions Regarding Use of E-mail; Risks; and Recommendations.


Law firms are installing a variety of internal systems that permit lawyers to communicate with one another: some permit communication within a single office, some permit communication among regional offices, and some permit communication with one or more offices from outside the system. Corporations are also installing internal systems that permit lawyers to communicate with one another and with their corporate clients: again, within the corporate headquarters, from outlying locations, and from outside the internal system. Law firms are connecting electronically with their clients. Sometimes these are via direct, dedicated connections. Sometimes they permit clients to have limited access to a firm's internal system. Sometimes these arrangements give outside counsel access to the corporate client's system. Access, when given, may be provided in various ways. For example, access may be provided by an outside provider, such as ATandT or America Online, as a means of exchanging e-mail. These arrangements, in turn, may vary. For example, such e-mail may be exchanged either through the provider's general system or within a special, dedicated area of the system with limited access. Where attorney and client use different e-mail providers, the e-mail may move directly between providers, or, in order to move from one provider to another, may move across the Internet.


Some firms have systems that automatically encrypt all messages exchanged within the system and between the system and the outside world, in some cases without its users being aware of the encryption process. Some firms require passwords or other identification and authentication procedures before a message is sent or received. Some organizations have e-mail policies that set forth practices and procedures for using e-mail, including for what purposes it may and may not be used; others have no policies, procedures or limitations on the use of e-mail by employees, agents or others, including their lawyers.

E-mail on an internal "intranet" system may or may not be encrypted, and may be read by the system administrator (or not, if it is encrypted), depending upon the system and how it is configured and used. The variations among systems are even more diverse. Communication on a private intranet is likely to go straight to the organization's e-mail server and remain there until retrieved. Communication within a given service provider is likely to go to the service provider's server and remain there until retrieved. Communication from one service provider to another is likely to travel across the Internet, a process which may involve passing the message from server to server, across a varying number of servers and via a route that cannot be predetermined.

Simply stated, all e-mail is not created equal. Where e-mail moves via a direct connection from the sender's to the receiver's system, for example, via modem to modem, the connection is, like a telephone call, simultaneous. Where, however, e-mail communication is across the Internet, the communication is made via a series of relays, that is, a "connectionless" system, and thus technically different from a telephone call or a facsimile connection.

The Internet can be envisioned as a huge number of computer systems linked together, some of which are set...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT