Transmitting legal documents over the Internet: how to protect your client and yourself.
[E]lectronic mail has proved itself so useful to the legal profession that it is a question of when, not whether, e-mail will become universal among all lawyers, their clients, and judges.... [C]lients demand it from their outside law firms This list of the world's largest law firms by revenue is taken from The Lawyer and The American Lawyer and is ordered by 2006 revenue:
Suppose that Pat is an attorney working in a large, Chicago-based law firm that has a New York New York, state, United States
New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of branch. One of Pat's clients is a medium-sized manufacturing company that is negotiating a merger deal with a New York-based shipping company. Some complications have arisen and, if the merger is to succeed, the deal must be completed quickly. Pat drafts one of the necessary documents and, rather than sending it by mail or facsimile, he attaches it to an e-mail and sends it to an attorney representing the New York company. A few seconds later, Chris, an attorney in New York, opens the e-mail, reviews the document, and incorporates some proposed changes. Chris makes these changes directly to the electronic document, redlines them, and returns the document to Pat. The entire process is completed in minutes.
As this hypothetical illustrates, e-mail provides numerous benefits over more traditional methods of communication. E-mail is inexpensive and virtually instantaneous, while traditional "snail mail Mail sent via a country's government-regulated postal system.
(messaging) snail mail - (Or "snailmail", "smail" from "US Mail" via "USnail"; "paper mail"). Bits of dead tree sent via the postal service as opposed to electronic mail. " can take days to reach its destination and overnight shipping services are expensive. E-mail is less costly and troublesome than sending a fax, particularly when one sends a document to multiple recipients. Perhaps e-mail's most advantageous characteristic is that electronic documents can be easily altered without unnecessary retyping.
Law firms have taken notice of e-mail's benefits. The use of email and Internet technology in law firms has exploded over the last ten years, and this trend shows no sign of slowing.(2) In addition to the efficiency e-mail provides, technology-savvy clients look favorably upon firms with electronic mailing capabilities.(3) For example, the president of a consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee
business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a recently noted that "clients are instructing their law firms that they no longer wish to be billed for delivery services or fax charges and that all communications with the firm should be via ... e-mail."(4)
Similarly, the judiciary has recognized the benefits of Internet technology. For example, in 1997, the U.S. District Court for New Mexico New Mexico, state in the SW United States. At its northwestern corner are the so-called Four Corners, where Colorado, New Mexico, Arizona, and Utah meet at right angles; New Mexico is also bordered by Oklahoma (NE), Texas (E, S), and Mexico (S). initiated an electronic filing system that allows attorneys to file pleadings, access court dockets and case files, and receive notice of judicial action via the Internet.(5) Attorneys simply access the court's Web page and use a password to log into the court's filing system.(6) The program has enjoyed great success, with attorneys filing over 2800 civil documents in two years.(7) A court official recently announced plans to expand the program and broaden its available services.(8)
Studies indicate that small businesses using the Internet commonly enjoy average revenues of over a million dollars more than those businesses without Internet access See how to access the Internet. .(9) While such studies typically focus on businesses in general, one can safely assume that law firms can similarly increase their revenue potential by taking advantage of Internet technology. Additionally, Internet technology helps many attorneys satisfy their professional responsibilities. For example, attorneys can use computers to manage their calendars, thereby avoiding the liability problems associated with passing statutes of limitation and missed deadlines and court appearances,(10) Further, attorneys can use computer databases to track clients and opposing parties so as to avoid conflicts of interest.(11)
Internet technology is changing the practice of law. Fifteen years ago, the facsimile had a similar impact. The question evolved from "Do you have a fax machine?" to "What is your fax number?"(12) Similarly, today the question is evolving from "Do you have e-mail?" to "What is your e-mail address See Internet address.
e-mail address - electronic mail address ?"(13) Unfortunately, each technological advancement opens a Pandora's box Pandora’s box
contained all evils; opened up, evils escape to afflict world. [Rom. Myth.: Brewer Dictionary, 799]
See : Evil of legal and ethical issues. Just as the telegraph,(14) teletype,(15) telegram,(16) fax machine,(17) and cellular telephone(18) spawned considerable confusion and litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute.
When a person begins a civil lawsuit, the person enters into a process called litigation. , e-mail and Internet technology have raised ethical and evidentiary ev·i·den·tia·ry
1. Of evidence; evidential.
2. For the presentation or determination of evidence: an evidentiary hearing.
Adj. 1. issues that have yet to be fully settled. This Article addresses those issues. First, Part I of this Article examines email security and reviews numerous instances of e-mail interception and monitoring by employers, private citizens, and governments. Part I also discusses the difficulty in identifying an e-mail sender and notes several examples of e-mail forgery See e-mail spoofing. . Next, Part II identifies corresponding ethical and evidentiary concerns that arise from inadequate e-mail security. Then, Part III reviews methods to ensure Internet security ''This article or section is being rewritten at
Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. , including encryption and digital signatures. This Article concludes that encryption and digital signature technology are simple, inexpensive, and effective measures that can protect attorneys and their clients when communicating via e-mail.
I. THE ISSUES: FACTS BEHIND E-MAIL SECURITY
Unfortunately, cyberspace Coined by William Gibson in his 1984 novel "Neuromancer," it is a futuristic computer network that people use by plugging their minds into it! The term now refers to the Internet or to the online or digital world in general. See Internet and virtual reality. Contrast with meatspace. , like the real world, is not perfect. With every benefit there is a cost. Among these is the necessity for adequate security. Two security risks are particularly troublesome to attorneys. First, documents sent over the Internet may be intercepted or altered.(19) Because e-mail is transmitted over an "open network," electronic documents travel through countless interconnected computers on their Internet voyage,(20) and the likelihood that their contents may be intercepted is rather high.(21) Second, the actual sender may be an imposter. Attorneys must be able to verify a document sender's identity.(22) If an imposter sends an attorney email requesting a document or information, the unsuspecting attorney might release such information and, in the process, destroy its privileged nature and breach his or her duty of confidentiality In common law jurisdictions, the duty of confidentiality obliges a solicitor to respect the confidentiality of his or her client's affairs. Information that a solicitor obtains about his or her clients' affairs may be confidential, and must not be used for the benefit of persons .(23) Part I reviews the technology behind e-mail and uses examples of breached security to illustrate the seriousness of these two risks and also discusses law firms' and clients' vulnerability to such attacks.
A. How E-mail Works
The Internet is known as the "information superhighway." As the nickname implies, it is an extraordinary tool for accessing information; but it is a poor tool for securing it. As an open network, electronic documents and other data pass through several interconnected networks and computers before reaching their destination.(24) When the sender mails an electronic document, the transmission control protocol (TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. ) breaks the document into a stream of small "data packets" and mails each packet individually.(25) Internet routers examine each packet's address and determine the best path for it to follow.(26) The packets then travel through a series of routers, computers and networks.(27) Various factors impact the packets' path, including Internet traffic Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks. and the size of the packet.(28) The packets may or may not take different routes and sometimes arrive out of order.(29) Once a packet is sent onto the Internet, it travels from network to network and may have to pass through several firewalls.(30) Firewalls monitor and inspect messages and data passing through it.(31) Each network might have its own firewall that protects the network by preventing Internet hackers from accessing it.(32) E-mail travels over the Internet from network to network through a process called "store-and-forward."(33) When a network mail server receives an e-mail or electronic document, it copies it, stores it on a hard drive, and then attempts to forward it to the next mail server.(34) Theoretically, each network or computer confirms receipt of the packet and deletes the stored copy.(35) Finally, once the mail arrives at its ultimate destination, the Internet protocol See Internet and TCP/IP.
(networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. (IP) reassembles the message into a readable form.(36)
At several points along the packets' path, "hackers" or "crackers" can use "packet sniffing Inspecting packets being transmitted in a network. See network analyzer. " programs to search, intercept, read, alter or prevent them from reaching the recipient.(37) Packet sniffing programs cost pennies and can use key words to search and infiltrate infiltrate /in·fil·trate/ (in-fil´trat)
1. to penetrate the interstices of a tissue or substance.
2. the material or solution so deposited.
1. approximately ten billion words of computer-generated messages and files.(38) Typically, hackers place sniffers on electronic commerce sites.(39) Such sites often have valuable or sensitive information such as credit card numbers.(40) After the sniffer intercepts a packet, it copies the information and then sends it along to the intended recipient.(41) Often, the intended parties to the transaction never discover the security breach until the information is used for malicious purposes.(42) Sniffing software is commonly available(43) and capable of capturing information as it passes through a network.(44) Sniffers do not need a password to access computer files containing clients' secrets.(45)
Additionally, hackers can steal documents not only off the Internet, but off the sender's and recipient's computers as well(46). By monitoring network traffic, packet sniffers allow hackers to observe people's online activities.(47) Hackers can thereby see the user's logon See login.
1. (jargon) logon - login.
2. (networking) logon - In ACF/VTAM, an unformatted session-initiation request for a session between two logical units. ID and password as the user logs on to the Internet.(48) Hackers have intercepted hundreds of thousands of usernames and passwords over the last few years.(49) If that user is a system administrator or employee, the hacker may be able to access the confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job"
steer, tip, wind, hint, lead of other users as well.(50)
B. E-mail Interception and Monitoring
Countless experts have voiced wildly varying opinions about email security. Texas attorney David Hricik authored one of the more frequently cited articles on this topic.(51) Hricik opines Opines are low molecular weight compounds found in plant crown gall tumors produced by the parasitic bacterium Agrobacterium. Opine biosynthesis is catalyzed by specific enzymes encoded by genes contained in a small segment of DNA (known as the T-DNA, for 'transfer DNA') that attorneys "worry too much" about Internet security.(52) He explains the technological process by which e-mail works and concludes that "[n]o one, without both my screen name and password, can read mail sent to my electronic mailbox."(53) Hricik's position, now accepted by some state bar association ethics committees,(54) rests on the assumption that e-mail is virtually impossible to intercept.(55) This assumption is simply incorrect. E-mail not only can be, but is intercepted with surprising frequency. One need only examine documented instances of such interception to conclude that e-mail is not secure.
Perhaps the most common example of e-mail monitoring occurs in the workplace.(56) While commentators often characterize such monitoring as an invasion of privacy invasion of privacy n. the intrusion into the personal life of another, without just cause, which can give the person whose privacy has been invaded a right to bring a lawsuit for damages against the person or entity that intruded. ,(57) courts often find that employees have no reasonable expectation of privacy with regard to email messages sent over their employers' networks.(58) For example, in Smyth v. Pillsbury C0.,(59) Pillsbury maintained an e-mail system to facilitate internal communication.(60) Pillsbury "repeatedly assured its employees ... that all e-mail communications would remain confidential and privileged[,]" and that it would not intercept or use e-mails as grounds for discipline or termination.(61) Nevertheless, Pillsbury intercepted Smyth's e-mail and terminated him for making inappropriate and unprofessional comments.(62) Smyth brought suit, arguing that Pillsbury violated his right to privacy.(63) The court rejected Smyth's claims, finding that no reasonable expectation exists with regard to e-mail sent over an employer's email system, notwithstanding the employer's confidentiality assurances.(64) The court further found that no "reasonable person would consider the defendant's interception of these communications to be a substantial and highly offensive invasion of privacy."(65) The court also noted that even if such an invasion occurred, "the company's interest in preventing inappropriate and unprofessional comments ... outweighs any privacy interest the employee may have in those comments."(66)
Similarly, hacking by private individuals is on the rise. In August 1996, police charged a University of Iowa Not to be confused with Iowa State University.
The first faculty offered instruction at the University in March 1855 to students in the Old Mechanics Building, situated where Seashore Hall is now. In September 1855, the student body numbered 124, of which, 41 were women. student with electronic eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. after he copied approximately 2,400 university e-mail files.(67) In October 1998, hackers used a sniffing program to steal e-mail passwords belonging to 4,500 students and staff members at Stanford University Stanford University, at Stanford, Calif.; coeducational; chartered 1885, opened 1891 as Leland Stanford Junior Univ. (still the legal name). The original campus was designed by Frederick Law Olmsted. David Starr Jordan was its first president. .(68) A University of San Diego San Diego (săn dēā`gō), city (1990 pop. 1,110,549), seat of San Diego co., S Calif., on San Diego Bay; inc. 1850. San Diego includes the unincorporated communities of La Jolla and Spring Valley. Coronado is across the bay. official reacted to the Stanford attack by commenting that "[w]e... need to have more security safeguards, and one of the biggest holes in security is in e-mail."(69) In April 1999, authorities arrested David Smith for spreading the Melissa virus A Word macro virus that was unleashed in the spring of 1999. It sent an e-mail message with a list of pornographic Web sites to the first 50 names in the user's Microsoft Outlook address book. , which wreaked havoc on email systems around the world and caused $80 million in damage.(70) Smith used a stolen AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services. account to distribute the virus.(71) In February 1999, New York police New York Police may refer to:
An academic degree conferred by a college or university upon those who complete at least one year of prescribed study beyond the bachelor's degree.
Noun 1. thesis proposal in which he envisioned a password-stealing program.(73) In August 1999, Microsoft temporarily took its Hotmail e-mail service See Internet e-mail service. offline after it discovered that any Internet user Internet user n → internauta m/f
Internet user Internet n → internaute m/f could access Hotmail e-mail accounts as long as they had a registered user's name.(74) Microsoft repaired the glitch A temporary or random hardware malfunction. It is possible that a bug in a program may cause the hardware to appear as if it had a glitch in it and vice versa. At times it can be extremely difficult to determine whether a problem lies within the hardware or the software. See glitch attack. in a few hours but nevertheless hired an outside firm to conduct additional security checks.(75)
Governments are quite possibly the most notorious eavesdroppers.(76) American law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). have successfully tapped e-mail accounts on a number of occasions. In 1996, Julio Cesar Julio Cesar could refer to those people:
The FBI recently admitted that it regularly uses a packet-sniffing system known as "Carnivore carnivore (kär`nəvôr'), term commonly applied to any animal whose diet consists wholly or largely of animal matter. In animal systematics it refers to members of the mammalian order Carnivora (see Chordata). " to capture e-mail, file downloads, and chat-room conversations.(82) The Carnivore system is reportedly capable of scanning millions of e-mail messages per second and has been used in approximately 100 criminal cases since its inception.(83) Critics note the numerous possibilities for abuse of Carnivore. Mark Rasch, a former federal computer-crimes prosecutor, opines that `"[i]t's the electronic equivalent of listening to everybody's phone calls to see if it's the phone call you should be monitoring.... You develop a tremendous amount of information."'(84)
Government eavesdropping is becoming a worldwide concern. Consumer groups reacted angrily to legislation proposed in Great Britain Great Britain, officially United Kingdom of Great Britain and Northern Ireland, constitutional monarchy (2005 est. pop. 60,441,000), 94,226 sq mi (244,044 sq km), on the British Isles, off W Europe. The country is often referred to simply as Britain. that would allow police to intercept e-mail for crime-prevention Activities.(85) The British plan to build a forty million dollar spy center capable of tracking every e-mail and Internet hit in the country.(86) Similarly, the Chinese Ministry of Public Security regularly monitors e-mail sent by suspected members of the spiritual group Falun Gong Falun Gong
or Falun Dafa
Controversial spiritual movement combining healthful exercises with meditation for the purpose of “moving to higher levels.” Its teachings draw from Buddhism, Confucianism, Daoism, and the Western New Age movement. , and hackers.(87) A U.S. State A U.S. state is any one of the fifty subnational entities of the United States, although four states use the official title "commonwealth". The separate state governments and the federal government share sovereignty, in that an American is a citizen both of the federal entity and Department report confirmed that the Chinese authorities "often monitor ... electronic mail and Internet communications" and have "created special Internet police units to increase control over Internet content and access."(88) Further, the Chinese are attempting to develop software that will filter and block antigovernment messages.(89)
Indeed, governments have provided the most disturbing example of e-mail's vulnerability. According to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. the ACLU ACLU: see American Civil Liberties Union. , credible reports have begun to surface around the world that the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. National Security Agency (NSA NSA
National Security Agency
Noun 1. NSA - the United States cryptologic organization that coordinates and directs highly specialized activities to protect United States information systems and to produce foreign ) has developed a global electronic surveillance system named Echelon that can eavesdrop eaves·drop
intr.v. eaves·dropped, eaves·drop·ping, eaves·drops
To listen secretly to the private conversation of others. on satellite, microwave, cellular, and fiber-optic communications.(90) Purportedly used to identify drug traffickers and terrorists, Echelon monitors faxes, e-mails and telephone conversations by looking for Looking for
In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. key words.(91) Echelon reportedly monitors "billions of messages per hour"(92) and then sends the recorded material to the NSA.(93) The NSA supposedly operates Echelon through cooperation with Canada, Australia, New Zealand New Zealand (zē`lənd), island country (2005 est. pop. 4,035,000), 104,454 sq mi (270,534 sq km), in the S Pacific Ocean, over 1,000 mi (1,600 km) SE of Australia. The capital is Wellington; the largest city and leading port is Auckland. , and Great Britain.(94) While Australia has publicly acknowledged Echelon's existence,(95) American officials have declined to do so.(96)
In response to Congressional concerns over privacy, the NSA sent a letter to each member of Congress assuring them that "the NSA's activities are conducted in accordance with the highest constitutional, legal and ethical standards, and in compliance with statutes and regulations designed to protect the privacy rights of U.S. persons."(97) However, some members of Congress are not so sure. Representative Bob Barr
Robert L. (Bob) Barr, Jr. (born November 5, 1948) is an attorney and a former member of the United States House of Representatives from Georgia. , a former United States Attorney United States Attorneys (also known as federal prosecutors) represent the United States federal government in United States district court and United States court of appeals. There are 93 U.S. and CIA CIA: see Central Intelligence Agency.
(1) (Confidentiality Integrity Authentication) The three important concerns with regards to information security. Encryption is used to provide confidentiality (privacy, secrecy). official, recognized the "sheer power and potential for abuse created by Project Echelon," and demanded a Congressional investigation.(98) To combat possible abuses of the Carnivore and Echelon systems, Barr has announced his intention to introduce the "Digital Privacy Act of 2000."(99)
The international community has also expressed its displeasure with the Echelon project. For example, the European Parliament European Parliament, a branch of the governing body of the European Union (EU). It convenes on a monthly basis in Strasbourg, France; most meetings of the separate parliamentary committees are held in Brussels, Belgium, and its Secretariat is located in Luxembourg. is conducting an investigation of the Echelon eavesdropping system.(100) Belgian Foreign Minister Louis Michel Louis H.O.Ch. Michel (born 2 September 1947) is a Belgian politician, currently serving as European Commissioner for Development and Humanitarian Aid. A prominent member of the French-speaking liberal party, the Mouvement Réformateur, he was Belgium's foreign minister until July fears that "[i]n effect, democratic states and a member of the European Union European Union (EU), name given since the ratification (Nov., 1993) of the Treaty of European Union, or Maastricht Treaty, to the
European Community could ... organize large-scale espionage operations in order to reinforce their economic interest to the detriment of Belgium and other European countries."(101) Rene Galy-Dejean, a member of the French parliament, agrees, noting that "[t]he Anglo-Saxon Echelon eavesdropping network constitutes a serious infringement on national security and on the freedoms of all French people."(102)
Such concerns may be well founded. Echelon reportedly eaves-dropped on one woman's telephone conversation when she confided in her friend that her son "bombed" in the school play.(103) London's Sunday Times reported that Echelon monitored Princess Diana's phone calls in 1997.(104) British agents also monitored conversations from the Vatican and Mother Theresa.(105) Ironically, a Wall Street Journal survey indicated that Americans' greatest fear in the new millennium is a loss of personal privacy.(106) Privacy concerns topped fears of crime and terrorism,(107) which are the very concerns that Echelon is supposed to protect against.(108) One should also consider that, even though the government controls Echelon technology, it may not be long before related technology falls into private hands. After all, the Internet itself was initially used as a Department of Defense Research tool.(109) Frequently, such technology trickles down to the private market.(110)
C. Falsified Return E-mail Addresses
Attorneys utilizing Internet technology must face a second threat -- the use of forged e-mail. E-mail with falsified return addresses may be used to trick an e-mail recipient into releasing confidential information. For example, an attorney could receive an e-mail purportedly from a client. The e-mail might instruct the attorney to send a copy of a confidential document, sell property, or take some unusual course of action. If the unknowing attorney were to do so, he or she could destroy the privileged nature of such communications and could incur ethical problems.
The practice of sending forged e-mails, called "spoofing (1) Faking the sending address of a transmission in order to gain illegal entry into a secure system. See e-mail spoofing.
(2) Creating fake responses or signals in order to keep a session active and prevent timeouts. ," is most commonly used in conjunction with junk e-mail See spam. or "spam."(111) Spammers send mass e-mailings with falsified return addresses to increase the likelihood that the recipient will open and read the message.(112) Further, by falsifying fal·si·fy
v. fal·si·fied, fal·si·fy·ing, fal·si·fies
1. To state untruthfully; misrepresent.
a. the return address, spammers can avoid a bombardment of angry return e-mails from such recipients.(113) While generally not impossible, the spoofer's true identity (or at least his or her own e-mail address) is difficult to ascertain.(114) Such a task generally requires an expert to follow an e-mail's transmissions.(115) However, in most instances, a person "can send harassing email that says the author is anyone he or she chooses, such as `YourTormentor@Forever.com,'" without ever disclosing his or her true identity.(116)
Although one might think spoofing requires a significant degree of technical knowledge, changing the mail settings on one's computer is a fairly simple process and can be completed in about ten seconds.(117) The Internet mail See Internet e-mail service. protocol provides virtually anyone the opportunity to connect to the SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. port on the Internet service provider's site.(118) From there, a spoofer can "issue commands to send e-mail that appears to be from the address of the transgressor's choice -- either an actual user's address or a fictitious address formatted correctly."(119) Additionally, spoofers can send forged emails by modifying the Web-browser interface.(120) Still another method of sending anonymous e-mail is through a "remailer."(121) With a remailer, the sender can send a message to a computer programmed for remailing.(122) After receiving the message, the computer removes the sender's return address and replaces it with the sender's assigned identification number.(123) The remailer then forwards the e-mail to the intended recipient.(124)
Another scam hackers commonly run is "web spoofing."(125) Web spoofers could set up a fake website that appears to belong to a legitimate company.(126) For example, spoofers could send an e-mail directing the recipient to visit a website purportedly belonging to the Chicago law firm McBride, Baker & Coles. McBride, Baker & Coles' web address is www.mbc.com. However, if the e-mail instructed the recipient to visit www.mcbridebakerlaw.com, the unknowing recipient could reasonably believe that this site belongs to McBride, Baker & Coles. Alternatively, the web spoofer could accomplish the same deception by taking an otherwise legitimate domain name, such as www.mbc.com and altering the extension to www.mbc.net. In either case, once the recipient visits these sites, he or she may run the risk of contracting a computer virus that could compromise confidential information stored on his or her computer. The website could also direct the unknowing recipient to send confidential information to an address contained on the spoofed website, again creating a security risk.(127)
As with eavesdropped and intercepted mail, e-mail with falsified return addresses are also a common and serious problem. For example, in October 1998, an imposter wreaked havoc on AOL systems after he sent a forged e-mail to the company that maintains AOL's electronic address book and instructed it to change AOL's Internet address There are two kinds of addresses that are widely used on the Internet. One is a person's e-mail address, and the other is the address of a Web site, which is known as a URL. Following is an explanation of Internet e-mail addresses only. For more on URLs, see URL and Internet domain name. .(128) Officials noted that AOL apparently failed to employ a security system sufficient to thwart such an attack.(129) The disruption lasted over six hours and affected approximately five million e-mail messages.(130) The Wall Street Journal observed that this attack "served as a dramatic new reminder of security risks online."(131) This problem has also affected the legal community. The same month that AOL experienced its problems, LEXIS-NEXIS sent law schools an "Urgent Security Notice" warning of an e-mail e-mail scam in which imposters purporting to act for LEXIS-NEXIS requested customers to provide their LEXIS-NEXIS passwords.(132)
In Parker v. C.N. Enterprises,(133) plaintiff Tracy Parker filed an action alleging that defendant, C.N. Enterprises, mailed spam email messages with the false return address "email@example.com."(134) Parker used the domain name "flowers.com" in conjunction with her business and configured the mail server to forward all "flowers.com" e-mail to her.(135) Because many of the addresses to which the messages were sent were invalid, computers rerouted those messages to the false return address.(136) Additionally, many of the people who received the message assumed that it originated from firstname.lastname@example.org and sent angry protests to that address.(137) Thus, she received the rerouted messages as well as the angry protests.(138) This avalanche of e-mails forced Parker to suspend her mail system, possibly losing business.(139) Parker alleged in her suit that the defendant's intentional use of false return address information constituted a common law nuisance, trespass trespass, in law, any physical injury to the person or to property. In English common law the action of trespass first developed (13th cent.) to afford a remedy for injuries to property. and conversion.(140)
Falsified e-mail is such a serious problem that it has spawned considerable litigation.(141) For example, in Juno Online Services Juno client software icon
Juno is an Internet service provider based in the United States. It is a subsidiary of United Online, which also owns NetZero and Bluelight Internet Services. , L.P. v. Scott Allen Scott Ethan Allen (born February 8, 1949 in Newark, NJ) was an American figure skater. He won the gold medal at the U.S. Figure Skating Championships twice and won a bronze medal at the 1964 Winter Olympics two days before his 15th birthday, becoming the youngest medalist at the Export Sales, internet service provider Internet service provider (ISP)
Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. Juno filed an action alleging that, inter alia [Latin, Among other things.] A phrase used in Pleading to designate that a particular statute set out therein is only a part of the statute that is relevant to the facts of the lawsuit and not the entire statute. , defendant sent spam e-mails with a falsified Juno return address.(142) Juno further alleged that the forged e-mails interfered with its business, infringed on its trademark, and damaged its business.(143) The parties settled following a consent decree A settlement of a lawsuit or criminal case in which a person or company agrees to take specific actions without admitting fault or guilt for the situation that led to the lawsuit.
A consent decree is a settlement that is contained in a court order. enjoining en·join
tr.v. en·joined, en·join·ing, en·joins
1. To direct or impose with authority and emphasis.
2. To prohibit or forbid. See Synonyms at forbid. defendants from such activities.(144) Similarly, in Earthlink Network, Inc., v. Cyber Promotions A Philadelphia-based company that specialized in mass mailings of unsolicited commercial e-mail (spam). Founder Sanford Wallace proudly called himself the "King of Spam." The company sent out millions of e-mail advertisements daily and seemed to be enjoying a thriving business until , Inc.,(145) CompuServe, Inc., v. Cyber Promotions,(146) America Online See AOL. , Inc., v. LCGM, Inc.,(147) and Hotmail Corp., v. Vans Money Pie, Inc.,(148) Internet service providers sought and received injunctive relief injunctive relief n. a court-ordered act or prohibition against an act or condition which has been requested, and sometimes granted, in a petition to the court for an injunction. from spammers' use of forged e-mail addresses.(149) Specifically, in America Online, Inc., v. IMS (1) See IP Multimedia Subsystem.
(2) (Information Management System) An early IBM hierarchical DBMS for IBM mainframes. IMS was widely implemented throughout the 1970s under MVS and continues to be used under z/OS. , AOL sought damages for unauthorized e-mail advertising.(150) There, the court found that defendant violated the Lanham Trademark Act by sending over sixty million e-mails with a forged AOL return address.(151)
D. Law Firms and their Clients are Particularly at Risk to Security Breaches
Law firms typically have sensitive client information on their computer systems and are particularly prone to security problems.(152) For example, in 1994, a Kentucky firm sued a former paralegal paralegal n. a non-lawyer who performs routine tasks requiring some knowledge of the law and procedures, employed by a law office or who works free-lance as an independent for various lawyers. to prevent him from distributing confidential client documents.(153) In 1996, a California firm brought suit against a former associate for breaking into the firm's network to steal sensitive materials.(154) In 1991, a movie theater chain hired corporate spies to break into a New York firm's office and photocopy a client files.(155) Today, the information age has substantially increased the necessity for security. Computer theft is "quicker, safer, cheaper and more effective than the traditional ways of stealing corporate secrets, such as bribing janitors and `dumpster diving dumpster diving - /dump'-ster di:'-ving/ 1. The practice of sifting refuse from an office or technical installation to extract confidential data, especially security-compromising information ("dumpster" is an Americanism for what is elsewhere called a "skip"). .'"(156) While a conventional thief might leave a telltale broken window, firms may never know that their computer systems were compromised.
Law firms have traditionally been easy targets for criminals looking for sensitive documents.(157) Corporate espionage is on the rise, and unless firms have sufficient computer security systems in place, "it's quite possible that [they] have already experienced undetected break-ins."(158) Carol L. Schlein, president of Law Office Systems, a computer consulting firm specializing in law firm technology, comments that "[i]t always amazes me how lax law firms can be regarding computer security. Many firms never change the original passwords their vendors used when installing their network ... [and] they become vulnerable to hackers."(159) Another computer consultant opines that when it comes to security, "[l]awyers for the most part are sticking their heads in the sand and hoping nothing happens to them."(160) While attorneys continue to increase their reliance on computers and Internet technology, computer-related theft will almost certainly increase too.(161)
Because hacking attempts often involve large corporations, attorneys representing such corporations should be particularly wary of computer risks. For example, In November 1999, authorities charged online bookseller Alibris with unlawful interception of email messages and possession of passwords with intent to defraud To make a Misrepresentation of an existing material fact, knowing it to be false or making it recklessly without regard to whether it is true or false, intending for someone to rely on the misrepresentation and under circumstances in which such person does rely on it to his or .(162) Alibris' corporate predecessor, Interloc, owned an online book-selling business and operated an Internet service provider called Valinet.(163) According to prosecutors, Interloc attempted to gain a competitive edge by programming its e-mail service to automatically intercept and copy messages mailed from competitor Amazon.com.(164) Prosecutors alleged that "in a matter of weeks INTERLOC intercepted and copied thousands of e-mail communications to which [it] was not a party and was not entitled."(165) Prosecutors further alleged that Interloc "obtained and retained unauthorized copies of the confidential and proprietary password files and customer lists of its competitor Internet service providers."(166)
A few companies even assist hackers in their quest to intercept email and confidential information.(167) In February 1998, Lopht Heavy Industries released a password-cracking program called "Ophtcrack."(168) Lopht boasted that "It's big. It's bad. It cuts through ... passwords like a diamond-tipped steel blade. It ferrets them out from the registry, from repair disks, and by sniffing the Net like an anteater anteater, name applied to various animals that feed on ants, termites, and other insects, but more properly restricted to a completely toothless group of the order Edentata. on Dexedrine."(169) While Lopht intended its software to help system administrators identify weaknesses in their systems, it can be used maliciously.(170) Nonetheless, such software is necessary. As one Lopht employee notes, "[f]rom our experience in the computer security world, the only way to get people to shore up [their] vulnerabilities is to prove they exist and are a threat to the people who have to pay for the fixes."(171)
Despite increased security risks, many corporations have demonstrated a lack of interest in safeguarding their computer systems.(172) For example, in February 2000, Richard Fromm discovered that the eBay website transmits passwords without encryption, or "in the clear."(173) According to Fromm, this glitch allows hackers to use sniffing programs to steal an eBay user's password and conduct business on eBay.(174) After repeated efforts to persuade eBay to fix the problem, Fromm took matters into his own hands.(175) He wrote a sniffing program that allowed users to examine information directed to eBay's site, scan for usernames and passwords, and then capture such information.(176) He then posted his program on the Internet, making it available to anyone who wanted to download it "Download It" is Clea's debut single. It was released in the UK on September 22, 2003 and missed the top 20 charting at #21. The single had average promotion, being performed in shows like Top of the Pops. .(177) Fromm commented that "[t]his isn't rocket science rocket science
2. Informal An endeavor requiring great intelligence or technical ability. . I don't pretend to have discovered anything fundamental or new here. It's a simple little [program]. The pitfalls of sending passwords in the clear have been recognized for many years. The only surprising thing is that too many people still don't take security seriously...."(178)
II. THE IMPLICATIONS: CORRESPONDING ETHICAL AND CONFIDENTIALITY PROBLEMS
As this Article has illustrated, attorneys using the Internet face significant security risks. These security risks raise corresponding ethical and confidentiality issues. This Part examines those issues and discusses them in the context of a technology-driven law firm.
Among the ethical issues surrounding attorneys and Internet technology, perhaps the most important is an attorney's duty to preserve a client's confidence, as dictated by agency law and professional responsibility codes.(179) The American Bar Association American Bar Association (ABA), voluntary organization of lawyers admitted to the bar of any state. Founded (1878) largely through the efforts of the Connecticut Bar Association, it is devoted to improving the administration of justice, seeking uniformity of law (ABA) Model Rules of Professional Conduct state that "[a] lawyer shall not reveal information relating to relating to relate prep → concernant
relating to relate prep → bezüglich +gen, mit Bezug auf +acc representation of a client unless the client consents after consultation, except for disclosures that are impliedly authorized in order to carry out the representation...."(180) Further, attorneys must make every practicable effort to avoid unnecessary disclosure of information related to their representation of a client.(181) Similarly, the ABA Model Code of Professional Responsibility states that "[a] lawyer should preserve the confidences and secrets of a client."(182) Moreover, lawyers are obligated ob·li·gate
tr.v. ob·li·gat·ed, ob·li·gat·ing, ob·li·gates
1. To bind, compel, or constrain by a social, legal, or moral tie. See Synonyms at force.
2. To cause to be grateful or indebted; oblige. to protect the client's confidences even after the attorney-client relationship ends.(183) Failure to satisfy such obligations may result in disciplinary action as well as civil liability.(184) Given an attorney's ethical duties and the insecure nature of Internet communications,(185) attorneys wishing to send documents electronically should think twice before doing so. Failure to take adequate precautions, such as securing the document's contents and verifying the identity of the person with whom you are communicating, may lead to drastic consequences for attorneys and their clients.(186)
In addition to protecting a client's confidences, an attorney has a fiduciary duty Noun 1. fiduciary duty - the legal duty of a fiduciary to act in the best interests of the beneficiary
legal duty - acts which the law requires be done or forborne to safeguard the client's property and funds.(187) Client property left in a lawyer's possession must be labeled(188) or identified(189) as such and adequately safeguarded. While "property" typically refers to stock certificates, deeds, jewels, and other valuables, the term is general and includes documents.(190) Given the increasing use of e-mail in law firms and in attorney-client communications, it is possible that email might contain intellectual property or trade secrets.(191) If such an email was intercepted, the failure to adequately protect its contents could result in the loss of legal protection afforded to the trade secrets, which would be detrimental to a client's interests.(192) The fiduciary rule requiring attorneys to safeguard a client's property is "applied without regard to [attorney's] good or bad faith."(193) Therefore, defenses such as an attorney's "ignorance of the rules, poor bookkeeping bookkeeping, maintenance of systematic and convenient records of money transactions in order to show the condition of a business enterprise. The essential purpose of bookkeeping is to reveal the amounts and sources of the losses and profits for any given period. methods, the carelessness or ignorance of non-lawyer employees, or because an [attorney] had left the matter to be handled by others such as accountants, are not usually successful."(194)
Attorneys must also keep a client reasonably informed about matters relating to the representation.(195) The integration of computers into the law firm and the ease of e-mail makes this duty easier to satisfy. However, unless the attorney's computers are secure, attorneys may not be able to fulfill this requirement in a timely, professional manner.(196) Lawyers are also required to "make reasonable efforts to expedite litigation consistent with the interests of the client."(197) At a minimum, this rule requires that law firms protect their computer systems from hackers.(198) A breached computer system leads to unnecessary expenses, delays in document drafting and filing, and may jeopardize clients' interests.(199)
In addition to ethical considerations, attorneys must be cautious to preserve the privileged nature of attorney-client communications.(200) As more clients insist that their attorneys communicate with them via e-mail,(201) the importance of the attorney-client privilege In the law of evidence, a client's privilege to refuse to disclose, and to prevent any other person from disclosing, confidential communications between the client and his or her attorney. becomes more critical.(202) The attorney-client privilege is technically not an ethical rule, but rather an evidentiary rule that protects clients from mandatory disclosure of confidential information.(203) The purpose of the privilege is to encourage open communication between clients and their lawyers.(204) It generally applies to both communications made by the client to the attorney as well as advice by the attorney to the client when such advice relates to confidential information conveyed by the client.(205) Wigmore's classic rendition of the rule states that:
(1) Where legal advice of any kind is sought (2) from a professional legal advisor in his capacity as such, (3) the communications relating to that purpose, (4) made in confidence (5) by the client, (6) are at his instance permanently protected (7) from disclosure by himself or by the legal advisor, (8) except the protection be waived.(206)
Courts construe construe v. to determine the meaning of the words of a written document, statute or legal decision, based upon rules of legal interpretation as well as normal meanings. the privilege narrowly,(207) and attorneys and clients must make reasonable efforts to preserve it.(208) Such steps should include securing the document's contents and verifying the identity of the person with whom the attorney is communicating.(209) As one court noted, "[i]t is not asking too much to insist that if a client wishes to preserve the privilege ... he must take some affirmative action affirmative action, in the United States, programs to overcome the effects of past societal discrimination by allocating jobs and resources to members of specific groups, such as minorities and women. " to do so.(210) Failure to take such precautions could result in waiver.(211) To determine whether precautions are adequate, courts primarily consider two factors:(212) first, the effect waiver would impose under the circumstances,(213) and second, the parties' ability to protect against disclosure.(214)
Commonly, waiver occurs through a party's carelessness. Courts have held that storing documents in a place accessible to third parties without taking adequate security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
security destroys the privilege.(215) Clients have waived the attorney-client privilege by leaving papers in a public hallway for delivery to their attorney(216) or on a table in a hotel room occupied by others.(217) Courts have also held that clients waived the privilege by placing confidential documents in files routinely accessed by third parties.(218) Waiver can exist even when clients disposed of privileged communications PRIVILEGED COMMUNICATIONS. Those statements made by a client to his counsel or attorney, or solicitor, in confidence, relating to some cause Or action then pending or in contemplation.
2. Such communications cannot be disclosed without the consent of the client. and third parties retrieved them from a dumpster.(219) Most of these cases involved situations where parties simply failed to take adequate precautions to preserve the privilege of attorney-client communications. In order not to waive the attorney-client privilege when communicating with clients via the Internet, attorneys must take special precautions to adequately protect electronic documents that are particularly vulnerable to theft, alteration, copying, and transmission.
Some commentators argue that, because e-mail interception is a crime, attorneys need not worry about the security implications of e-mail.(220) Indeed, in 1986, Congress enacted the Electronic Communications Privacy Act
However, complete reliance on the ECPA may be misplaced mis·place
tr.v. mis·placed, mis·plac·ing, mis·plac·es
a. To put into a wrong place: misplace punctuation in a sentence.
b. . The ECPA contains a key exception, allowing:
[E]lectronic communication service [providers] whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of [their] employment while engaged in any activity which is a necessary incident to the rendition of [their] service or to the protection of [their] rights or property of the provider of that service.(224)
Further, such providers may "utilize service observing or random monitoring ... for mechanical or service quality control checks."(225) Also, the ECPA does not prohibit employers from intercepting, monitoring, and reading employees' "intra-company electronic communications."(226) Therefore, the ECPA does not preserve the attorney-client privilege when communications are intercepted lawfully.(227) In addition, the ECPA does not apply if a reasonable connection exists between the monitoring and the service provider's legitimate operational or security concerns.(228) Under such circumstances, e-mail users should assume that their communications are unprotected and should behave accordingly.(229) As one commentator opined, one ECPA provision, in particular, "should terrify ter·ri·fy
tr.v. ter·ri·fied, ter·ri·fy·ing, ter·ri·fies
1. To fill with terror; make deeply afraid. See Synonyms at frighten.
2. To menace or threaten; intimidate. us as lawyers."(230) "[This] provision says that the system[s] administration, for systems administration purposes, can essentially do anything. It is perfectly legitimate for a systems administrator to read all e-mail messages for those purposes."(231)
Another concern is that the ECPA's effect on attorney-client privilege remains largely untested by courts. Further, as one commentator noted, the ECPA "incorporates into [the Wiretap wiretap n. using an electronic device to listen in on telephone lines, which is illegal unless allowed by court order based upon a showing by law enforcement of "probable cause" to believe the communications are part of criminal activities. Act] the relevant state law of privileged communications"(232) and "does not, by itself, guarantee the preservation of the attorney-client privilege where e-mail communications are intercepted by a third party."(233) Such a conclusion would ignore the word "otherwise."(234) Thus, "the common law attorney-client privilege must still be applied."(235) As previously noted, for a communication to fall within the ambit of the attorney-client privilege in the first instance, there must be a reasonable expectation of privacy.(236) The few courts that have addressed whether e-mail is sent with a reasonable expectation of privacy have reached varying conclusions.(237) Further, the examples discussed in Part I indicate that a reasonable expectation of privacy may not exist.
Further, illegality is not necessarily dispositive dis·pos·i·tive
Relating to or having an effect on disposition or settlement, especially of a legal case or will. because illegally intercepted evidence is not always inadmissible That which, according to established legal principles, cannot be received into evidence at a trial for consideration by the jury or judge in reaching a determination of the action. .(238) Under early common law, the attorney-client privilege did not extend to stolen documents or conversations overheard by eavesdropping; instead, the client was held responsible for the breach of confidentiality because he had not used reasonable efforts to ensure against such occurrences.(239) Today, due to evolving judicial attitudes concerning the confidentiality of the attorney-client communications, courts tend to preserve the attorney-client privilege, provided the client(240) takes reasonable precautions to avoid a breach of confidentiality.(241) Further, it is the client "who must establish that the communications are in the possession of the third party as a result of theft or deceit."(242) It may be particularly difficult to demonstrate that e-mail correspondence has been obtained through theft or deceit because in many cases, a third party can intercept e-mail without being detected.(243) In any event, "[u]nexplained possession of confidential documents by third parties is prima facie evidence prima facie evidence
Evidence that would, if uncontested, establish a fact or raise a presumption of a fact. that the client has failed to satisfy his duty to maintain the confidentiality of those documents."(244)
Similarly, with regard to communications that are not stolen but merely overheard or inadvertently disclosed, Wigmore notes that:
[s]ince the privilege is a derogation from the general testimonial duty and should be strictly construed, it would be improper to extend its prohibition to third persons who obtain knowledge of the communications. One who overhears the communication, whether with or without the client's knowledge, is not within the protection of the privilege. The same rule ought to apply to one who surreptitiously reads or obtains possession of a document in original or copy.(245)
Thus, e-mail that inadvertently discloses privileged communications to a third party may similarly lack privileged status.(246) As with stolen communications, many courts have asserted that the appropriate test in considering inadvertent disclosures is whether "the privilege holder" uses reasonable efforts to protect the communication.(247)
III. THE SOLUTION: THE KEY TO TRANSMITTING ELECTRONIC DOCUMENTS SAFELY
The legitimate security problems associated with e-mail raise several ethical and evidentiary problems. However, that is not to say that attorneys should not use Internet technology. To the contrary, we may be approaching a point where attorneys must use Internet technology. Fortunately, there are simple and inexpensive measures that allow attorneys to use the Internet safely. This Part discusses two such measures and their effect on the ethical and evidentiary considerations raised in Part II.
A. Protecting Confidentiality Through Encryption
E-mail can be intercepted, and therefore the confidentiality of its contents may be compromised. However, there are several measures that can help attorneys avoid this problem. The most effective method of safeguarding e-mail confidentiality is through cryptography.(248) Cryptography is "the art and science of keeping messages secure ... [, and] the process of disguising a message in such a way as to hide its substance is called `encryption.'"(249) Through encryption, one can convert standard text, or "plaintext," into unreadable gibberish, or "ciphertext Data that has been encrypted for security purposes. See plaintext.
(cryptography) ciphertext - Text which has been encrypted by some encryption system.
Opposite: plaintext. ."(250) Encrypted documents are unreadable until they are "decrypted."(251)
The necessity for securing sensitive documents is not novel. "From the Spartans to Julius Caesar Julius Caesar: see Caesar, Julius. , from the Old Testament ciphers to the Papal plotters of the Fourteenth Century, from Mary, Queen of Scots Mary, Queen of Scots
orig. Mary Stuart
(born Dec. 8, 1542, Linlithgow Palace, West Lothian, Scot.—died Feb. 8, 1587, Fotheringhay Castle, Northamptonshire, Eng.) Queen of Scotland (1542–67). to Abraham Lincoln's Civil War ciphers, cryptography has been part of war, diplomacy, and politics."(252) Cryptographers played a key role in World War II by "breaking the Enigma machine
Two different types of cryptography commonly exist. The more basic form is called "private-key" encryption.(254) Private-key encryption uses the same key to encrypt messages from plaintext to ciphertext and then to decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. the message back into plaintext.(255) Historians credit Julius Caesar for developing one of the first private-key cryptosystems.(256) Ancient Roman military commanders communicated through correspondence encrypted by using "Caesar's Cipher cipher: see cryptography.
(1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. ." This simple algorithm offset one alphabetic sequence against another. The key to decrypt messages was the number of characters by which it had been offset in the encryption.(257) For example, if the phrase "attack from the north" were to be encrypted with a key value of 6, the letters of the alphabet would shift by 6 characters. Thus, an "A" would become "G," "N" would become "T," "Z" would become "F" and so on. Therefore, the phrase "attack from the north" would be expressed as "gzzgiq lxus znk tuxzn."
Private-key encryption has two inherent weaknesses.(258) First, the parties must find a secure method of distributing the keys.(259) Second, both the sender and recipient must trust one another to safeguard the key while it is in their possession.(260)
In 1976, Stanford scientists Whitfield Diffie Bailey Whitfield 'Whit' Diffie (born June 5 1944) is a US cryptographer and one of the pioneers of public-key cryptography.
He received a Bachelor of Science degree in mathematics from the Massachusetts Institute of Technology in 1965. and Martin Hellman Martin Edward Hellman (born October 2, 1945) is a cryptologist, famous for his invention of public key cryptography in cooperation with Whitfield Diffie and Ralph Merkle.
Hellman graduated from the Bronx High School of Science. addressed the problems related to private-key encryption by introducing "public-key encryption (cryptography) public-key encryption - (PKE, Or "public-key cryptography") An encryption scheme, introduced by Diffie and Hellman in 1976, where each person gets a pair of keys, called the public key and the private key. ."(261) This system of encryption uses a pair of mathematically related keys: a public key that encrypts data, and a corresponding private key that decrypts data.(262) The public key is published, often on a website or through a trusted third-party known as a certification authority See CA. , while the private key is available only to the sender.(263) Even though the keys are mathematically related, it is "computationally infeasible" to ascertain the private key from the public key.(264) A user can draft a message, encrypt it by accessing the recipient's public key, and then send it.(265) Only the recipient can decrypt the message by using a corresponding private key.(266) This system eliminates the need for the two users to transmit and share a key and therefore eliminates the two major security concerns of private-key encryption.
Historically, governments showed the most interest in cryptography.(267) However, as the Internet continues to affect the way we communicate and conduct business, encryption technology is quickly becoming a valuable tool for protecting personal and proprietary information. For example, e-commerce sites typically offer "secure connections" and "encrypted data transmission" options for credit-card transactions. Similarly, attorneys can protect the confidentiality of client information by encrypting e-mail and attached documents before transmitting them over the Interact.
B. Verifying an E-mail Sender's Identity through Digital Signatures
The second problem attorneys face when using e-mail is not being able to identify whom they are communicating with.(268) Without out the ability to adequately identify an e-mail sender, attorneys could unknowingly release confidential information and possibly violate their ethical obligations. Digital signatures provide an answer to this dilemma. A digital signature is not a computerized image of a handwritten hand·write
tr.v. hand·wrote , hand·writ·ten , hand·writ·ing, hand·writes
To write by hand.
[Back-formation from handwritten.]
Adj. 1. signature.(269) Instead, a digital signature is a term of art describing a systematic scrambling of characters to guarantee security and authenticity.(270) More specifically, digital signatures are created and verified through the use of cryptography, which ensures the authenticity of an electronic document's content and the sender's identity.(271)
Digital signatures serve the same functions as hand-written signatures. Like hand-written signatures, digital signatures offer authenticating evidence by identifying the signer with the signed document.(272) Also, the ceremonial act of signing a document calls the signer's attention to the legal significance of his or her act.(273) Further, both types of signatures express the signer's approval or authorization of the writing.(274) Finally, both handwritten and digital signatures signify "a sense of clarity and finality fi·nal·i·ty
n. pl. fi·nal·i·ties
1. The condition or fact of being final.
2. A final, conclusive, or decisive act or utterance.
Noun 1. to the transaction" and may lessen the necessity to examine the agreement beyond the document's four comers.(275)
Digital signatures offer additional advantages over handwritten signatures.(276) Most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent"
above all, most especially , digital signatures give e-mail recipients the ability to verify the identity of an e-mail sender.(277) Digital signatures are also far more difficult to forge or reproduce than handwritten signatures.(278) Additionally, digital signatures give e-mail recipients the ability to verify that a document has not been altered.(279) While handwritten signatures generally authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate.
(2) To verify (guarantee) that data has not been altered. only the page containing the signature, digital signatures authenticate the entire document down to the last punctuation mark.(280) Therefore, the documents' contents are practically impossible to alter without detection.(281) Further, electronic documents can be encoded with digital time stamps, which allow the transmission time to be ascertained.(282) Finally, digital signatures eliminate the possibility that the sender will successfully repudiate TO REPUDIATE. To repudiate a right is to express in a sufficient manner, a determination not to accept it, when it is offered.
2. He who repudiates a right cannot by that act transfer it to another. or deny having sent the document.(283)
Digital signatures will change the way attorneys practice law. For example, in California, judges can now issue arrest warrants via e-mail from their home computers using digital signatures.(284) Previously, judges issued warrants via fax.(285) However, officials mandated the switch to e-mail with digital signatures because they feared that unencrypted fax transmissions could be easily intercepted.(286) As another example, lawyers traditionally will draft contracts or settlement agreements, present them to their clients for signatures, and then send them to other law firms for their clients' signatures. Through the conventional process, this could take days. With the aid of digital signatures, parties can enter into binding agreements without the necessity of costly overnight shipping and postal delays. Many commentators similarly opine that "a secure digital signature is ... the key to allowing technology to further revolutionize electronic commerce."(287)
To digitally sign an electronic document, our hypothetical attorney Pat must send the document through a mathematical algorithm called a "one-way hash function In cryptography, an algorithm that generates a fixed string of numbers from a text message. The "one-way" means that it is extremely difficult to turn the fixed string back into the text message. One-way hash functions are used for creating digital signatures for message authentication. ."(288) The one-way hash function scrambles the document into an unintelligible UNINTELLIGIBLE. That which cannot be understood.
2. When a law, a contract, or will, is unintelligible, it has no effect whatever. Vide Construction, and the authorities there referred to. form to create a "message digest A condensed text string that has been distilled from the contents of a text message. Its value is derived using a one-way hash function and is used to create a digital signature. See digital signature and MD5. ."(289) Every time Pat sends the same message through the same one-way hash function, the same message digest will always result.(290) Conversely, two different messages always produce different message digests.(291) Next, Pat must encrypt the message digest with his private key (known only to Pat),(292) and attach the original unencrypted message.(293) Pat then transmits both documents to Chris.(294)
After receiving the documents, Chris obtains Pat's public key and uses it to decrypt the message digest.(295) Chris also sends the original unencrypted message through the same one-way hash function as that Pat used, which creates a second message digest.(296) Chris compares the message digest produced by Pat to the one she created from the original, unencrypted message.(297) If the message digests match, Chris is assured that the document's integrity has not been compromised.(298) Through this process, Chris verified that Pat sent the message and that the message was not altered in transit.
As an additional security measure, electronic documents may be sent through an intermediary known as a certification authority.(299) A certification authority acts as a trusted third party In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. TTPs are common in cryptographic protocols, for example, a certificate authority (CA). by assigning key pairs and digital certificates that verify the sender's identity.(300) Digital certificates identify the public key as the "subject of the certificate" and verify that the sender controls the matching private key.(301) The certification authority typically publishes the certificate in a repository or on a website.(302) Chris can access the certification authority's website, access Pat's certificate and obtain a copy of Pat's public key.(303) Thus, Chris is assured that the Pat is indeed the sender and that the document has not been altered.(304)
In many respects, a certification authority's duty is similar to that of an attorney. As one commentator notes, certification authorities will need to have extensive training and will occupy "a high-level legal position ... requiring a good understanding of contract law, international law, technology in general, and ... [will] very likely need to have a substantial legal infrastructure around them."(305) Moreover, just as an attorney is limited in the manner in which he can terminate services,(306) so is a certification authority.(307) Before terminating services, a certification authority must (1) notify the subscribers listed in any outstanding certificates; (2) do so in a minimally disruptive fashion as to avoid disrupting subscribers and relying parties; and (3) make arrangements to preserve records.(308)
The duty of a certification authority is so interrelated in·ter·re·late
tr. & intr.v. in·ter·re·lat·ed, in·ter·re·lat·ing, in·ter·re·lates
To place in or come into mutual relationship.
in with a lawyer's duty that the ABA has opined that only attorneys should be qualified to act as certification authorities.(309) The ABA has embraced the use of digital signatures by establishing the "Digital Signature Guidelines."(310) The Digital Signature Guidelines seek to "(1) minimize ... electronic forgery, (2) enable and foster the reliable authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. of [electronic] documents, (3) facilitate [electronic] commerce ... and (4) give legal effect to the general import of the technical standards for authenticating [electronic communication.]"(311) The Digital Signature Guidelines also explain the digital signature process, propose technological standards, and define the obligations of certification authorities and relying parties.(312)
In addition to the Digital Signature Guidelines, numerous digital signature and electronic commerce statutes have appeared in the last few years. In June 2000, President Clinton signed the Electronic Signatures in Global and National Commerce Act The Electronic Signatures in Global and National Commerce Act (ESIGN, Pub.L. 106-229, 14 Stat. 464, enacted 2000-06-30, ) is a United States federal law passed by the U.S. , which states, inter alia, that:
(a) no one is obligated to agree to use or accept electronic records or signatures;
(b) if a notice must be provided to a consumer in writing, an electronic version will fulfill that requirement only if the consumer [consents] to accepting an electronic version and [demonstrates] that he can access the information in electronic form;
(c) a state may preempt pre·empt or pre-empt
v. pre·empt·ed, pre·empt·ing, pre·empts
1. To appropriate, seize, or take for oneself before others. See Synonyms at appropriate.
a. the Act only by adopting the Uniform Electronic Transactions Act The Uniform Electronic Transactions Act (UETA) is one of the several United States Uniform Acts proposed by the National Conference of Commissioners on Uniform State Laws (NCCUSL). Since then 46 States, the District of Columbia, and the U.S. (approved and recommended for enactment by the National Conference of Commissioners on Uniform State Laws The National Conference of Commissioners on Uniform State Laws (NCCUSL) is a non-profit, unincorporated association in the United States that consists of commissioners appointed by each state and territory. in July 1999) or by passing a law that is technologically neutral; and
(d) [the Act] does not apply to the creation and execution of wills, codicils and testamentary trusts; to adoptions, divorce or other matters of family law; to any notice of cancellation or termination of utility services or the default, acceleration, repossession The taking back of an item that has been sold on credit and delivered to the purchaser because the payments have not been made on it.
For example, if an individual fails to render prompt payments on a new car, the car might be subject to repossession by the finance company, , foreclosure or eviction The removal of a tenant from possession of premises in which he or she resides or has a property interest done by a landlord either by reentry upon the premises or through a court action. under a credit agreement secured by, or a rental agreement A rental agreement is a contract, usually written, between the owner of a property and a renter who desires to have temporary possession of the property. As a minimum, the agreement identifies the parties, the property, the term of the rental, and the amount of rent for the term. for, the primary residence of an individual; the cancellation or termination of health or life insurance benefits; or the recall or notification of a material failure of a product.(313)
Congress passed the Act, in part, to reconcile the varying array of state statutes that have appeared over the last few years.(314) Such statutes typically fall into one of three categories: (1) those that deem any type of electronic signature to be valid; (2) those that require some minimal security standard; and (3) those that validate only digital signatures.(315)
One recent state statute is the Illinois Electronic Commerce Security Act.(316) Several statutes require that documents must be "a Writing" and must be "signed" to have a legal effect.(317) The Illinois statute attempts to clarify whether electronic data and documents satisfy these requirements.(318) R.J. Robertson and Thomas J. Smedinghoff served on the commission that developed the Illinois Act and explained that:
The Act introduces an important new concept to Illinois law--a "record." It defines a "record" as "information that is inscribed, stored or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form." The term "record" is intended to encompass both traditional paper documents and newer, electronic forms of information. The Act defines an "electronic record" as "a record generated, communicated, received, or stored by electronic means for use in an information system or for transmission from one information system to another."
The Act provides that "[w]here a rule of law requires information to be `written' or `in writing' or provides for certain consequences if it is not, an electronic record satisfies that rule of law. "This provision" is intended to remove any doubt regarding the enforceability of electronic records where a writing is required.(319)
Specifically, the Illinois statute provides that no signature shall be deemed ineffective simply because it appears in electronic form.(320) Further, the effect of the Statute is that digitally signed Any message or key that has been encrypted with a digital signature. When a user's public key is digitally signed by a certification authority (CA), it is known as a digital certificate or digital ID. See digital signature and digital certificate. documents generally satisfy the Statute of Frauds Statute of Frauds: see Frauds, Statute of. (321) and the Best Evidence Rule.(322)
In order to fall within the purview The part of a statute or a law that delineates its purpose and scope.
Purview refers to the enacting part of a statute. It generally begins with the words be it enacted and continues as far as the repealing clause. of the Illinois statute, parties must use a "qualified security procedure."(323) If the parties used such a procedure, and the procedure was (1) commercially reasonable under the circumstances; (2) applied by the relying party in a trustworthy manner; and (3) reasonably and in good faith relied upon, then the signature shall be considered secure.(324) Therefore, secure electronic records are rebuttably presumed unaltered and secure signatures are rebuttably presumed valid and uncompromised.(325)
Attorneys should familiarize themselves with digital signature technology. While digital signatures do not generally provide a strong defense against interception (unlike encryption), they help attorneys identify the parties with whom they are communicating. Just as a stolen communication could destroy the attorney-client privilege, so could a confidential message sent to an imposter. Digital signatures identify the parties to a transaction and provide numerous benefits that extend beyond those of hand-written signatures. Further, the Digital Signature Guidelines state that reliance on a digital signature is presumptively pre·sump·tive
1. Providing a reasonable basis for belief or acceptance.
2. Founded on probability or presumption.
Additionally, attorneys should utilize e-mail encryption E-mail encryption refers to encryption, and often authentication, of e-mail messages. E-mail encryption usually relies on public-key cryptography. E-mail encryption protocols
Popular protocols for e-mail encryption include:
A lawyer may transmit information relating to the representation of a client by unencrypted e-mail sent over the Internet without violating the Model Rules of Professional Conduct (1998) because the mode of transportation affords a reasonable expectation of privacy from a technological and legal standpoint. The same privacy accorded U.S. and commercial mail, land-line telephonic transmissions, and facsimiles applies to Internet e-mail.(329)
The ABA opinion has met with significant criticism. With regard to its affect on the attorney-client privilege, one commentator noted that the opinion ignored the well-settled principle that the privilege should be treated as the exception rather than the rule.(330)
In 1996, the Iowa Supreme Court The Iowa Supreme Court is the constitutional head of the judicial branch of the state of Iowa. Justices are appointed by the governor from a list of nominees submitted by the State Judicial Nominating Commission. Board of Professional Ethics professional ethics,
n the rules governing the conduct, transactions, and relationships within a profession and among its publics.
professional ethics liability,
n 1. and Conduct opined that attorneys must encrypt confidential e-mail communications.(331) A few months later, the board reversed itself, concluding that attorneys need not encrypt e-mail, provided that the client acknowledges the corresponding loss of confidentiality, or alternatively, if the e-mail is protected by a password, firewall, or equivalent safety measure.(332) In 1997, the Board further modified its position by requiring attorneys to obtain clients' written acknowledgement of the risk of confidentiality loss regardless of whether the communication is encrypted.(333) Further, the acknowledgement must include an agreement as to the manner in which emails shall be secured.(334) Upon the client's written agreement, the attorney and client may communicate without additional security measures.(335) Similarly, the Pennsylvania Bar Association Committee on Legal Ethics The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. and Professional Responsibility determined that attorneys can communicate with clients via unencrypted e-mail after warning the client of the risks associated with such communication.(336)
The North Carolina North Carolina, state in the SE United States. It is bordered by the Atlantic Ocean (E), South Carolina and Georgia (S), Tennessee (W), and Virginia (N). Facts and Figures
Area, 52,586 sq mi (136,198 sq km). Pop. Bar Association's Ethics Committee analogized e-mail security concerns with those related to cellular and cordless telephone A cordless telephone or portable telephone is a telephone with a wireless handset which communicates via radio waves with a base station connected to a fixed telephone line (POTS) and can only be operated near (typically within 100 meters or 328 ft from) its base station concerns and therefore attorneys must use similar precautions.(337) For example, attorneys must consider the surrounding circumstances when selecting a reasonable form of communication and select one that best protects the communication's confidentiality.(338)
In 1997, the South Carolina South Carolina, state of the SE United States. It is bordered by North Carolina (N), the Atlantic Ocean (SE), and Georgia (SW). Facts and Figures
Area, 31,055 sq mi (80,432 sq km). Pop. (2000) 4,012,012, a 15. Bar Ethics Advisory Committee opined that e-mail is subject to a reasonable expectation of privacy, but nevertheless noted that a finding of confidentiality and privileged communication privileged communication
or confidential communication
In law, communication between parties to a confidential relation such that the communication's recipient is exempted from disclosing it as a witness. is not necessarily dispositive.(339) Attorneys owe a duty of reasonable care in keeping information confidential.(340) As a result, attorneys should consider encryption to safeguard against even inadvertent disclosure of confidential information.
In 1997, the Illinois State Bar Association concluded that e-mail is entitled to a reasonable expectation of privacy and attorneys need not encrypt e-mail.(341) Furthermore, attorneys need not obtain client consent before communicating via e-mail.(342) However, the Illinois State Bar Association recognized that extraordinarily sensitive matters might nevertheless require enhanced security measures such as encryption.(343) Such unique circumstances would be of the type that telephone and other forms of communications would be similarly inappropriate.(344) Similarly, the District of Columbia District of Columbia, federal district (2000 pop. 572,059, a 5.7% decrease in population since the 1990 census), 69 sq mi (179 sq km), on the east bank of the Potomac River, coextensive with the city of Washington, D.C. (the capital of the United States). Bar's Legal Ethics Committee opined that "in most instances [ e-mail] is an acceptable form of conveying client confidences even where the lawyer does not obtain specific client consent."(345) However, certain circumstances may require that attorneys use additional security measures to protect such communications.(346) The Kentucky, Vermont, New York, and North Dakota North Dakota, state in the N central United States. It is bordered by Minnesota, across the Red River of the North (E), South Dakota (S), Montana (W), and the Canadian provinces of Saskatchewan and Manitoba (N). Bar Associations have adopted similar approaches.(347)
As the foregoing indicates, an attorney's ethical and professional obligations with respect to e-mail vary from state to state. Unfortunately, as e-mail makes communication faster and easier, we often fail to consider whether our message is sent to a recipient in another state.(348) Further, some ethics opinions rest on the mistaken belief that e-mail is secure since they have become so common.(349) To the contrary, e-mail theft frequently occurs as evidenced by the countless examples previously noted.(350) Additionally, e-mail theft may be even more common when one considers that e-mail theft can generally go undetected for an extended amount of time. One should also remember that ethical opinions issued by the Bar Associations of each state are strictly advisory.(351) They are not legally binding and do not necessarily insulate attorneys from liability.(352)
Although many attorneys use the Internet, they are still hesitant when using e-mail. For example, a 1998 survey conducted by the ABA Legal Technology Resource Center indicated that attorneys in solo practice solo practice Medical practice by a single physician–a solo practioner, usually understood to mean a nonspecialist. See Private practice; Cf Group practice. or small law firms (constituting almost 75% of American lawyers in private practice) indicated that they utilize technology extensively.(353) Over 53% of survey respondents reported using the Internet to communicate with clients and 21.5% of those surveyed use the Internet to collaborate with clients on documents.(354) However, approximately 75% of those firms surveyed indicated that they choose not to transmit sensitive information by e-mail.(355) In a similar ABA survey of the 500 largest private law firms, 60% of the respondents stated that they do not transmit sensitive information across the Internet.(356)
Unfettered reliance on these advisory opinions ignores other problems as well. Attorneys following the Illinois approach must make a judgment call as to whether a particular message requires enhanced security measures. Also, many such opinions focus on the ethical side of e-mail but ignore the evidentiary issue of the attorney-client privilege.(357) Additionally, many opinions rely on the assumption that e-mail is secure.(358) As previously noted, this assumption is simply incorrect.(359) Finally, attorneys should try to go beyond the "minimal security standard" advocated by the advisory opinions. Careful attorneys generally go beyond the "minimal security standard" and are not comfortable with simply avoiding a potential ethical problem. Rather, these attorneys are more likely to take necessary steps to ensure that communications between attorneys and clients are secure. The old adage about an ounce of prevention is appropriate here. Encryption software Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, email messages, or in the form of packets sent over computer networks. is fairly inexpensive, easy to use, and practically eliminates the possibility of unauthorized access to sensitive information.(360) Thus, it satisfies the "reasonable precautions" test that is used to determine whether a stolen document should remain privileged.(361) In contrast, total reliance on advisory opinions, which vary from state to state, simply create a hope that one will be insulated from an ethical violation. They offer no guarantee and cannot make a client whole when his or her confidential information is compromised. "Neither polite conduct nor federal law can be an effective bar for the ungentle or unscrupulous, particularly as the information gained can often be used in such a way that you'll never know [if,] how or where you were blindsided."(362) Attorneys sending documents over the Internet would be wise to utilize significant security measures, particularly when they are available at such a minimal expense. After all, "[e]ven if the lawyer wasn't [legally] at fault, [if a] disaster occur[s], the (former) client is unhappy, and who needs that.?"(363)
Finally, these ethics opinions fail to recognize that the recurring test in professional responsibility and attorney-client privilege analyses is whether the parties took reasonable steps to protect the information.(364) This test generally applies even when the communication is overheard or stolen.(365) One need not have a doctorate in computer science or a vast fortune to use both encryption and digital signature technology. For example, the CertifiedMail program provides users with both encryption and digital signature measures.(366) Further, it costs less than $100 per year per user and works seamlessly with e-mail programs like Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see .
Microsoft Outlook or Outlook (full name Microsoft Office Outlook , Exchange, and Outlook Express.(367) Similarly, ZixMail works with the click of a mouse and costs only a few dollars per user.(368) The significant benefit of such software should constitute a reasonable precaution against theft and inadvertent disclosure, particularly in light of its low cost. These technologies offer significant benefits with minimal cost and effort and can be licensed in one package for a nominal fee.(369) Finally, because only a handful of states and few cases have addressed this issue, with varying results, the best course of action at this time is to take the utmost care to ensure that client communications are secure. Therefore, attorneys should use both digital signature and e-mail encryption technology to help ensure that they are satisfying their ethical obligation as attorneys.
The Internet has radically changed the way attorneys practice law by making them more efficient and effective. Unfortunately, increased efficiency in the information age comes at a price. Legal professionals should stake steps to minimize security concerns. Some pundits opine that such fears are exaggerated. However, numerous well-document examples exist wherein e-mails are stolen, eavesdropped, and forged. Some commentators view federal eavesdropping statutes and advisory opinions as creating safe harbors. However, such statutes are riddled with exceptions and are largely untested in this context. Bar Association advisory opinions addressing this issue rely on incorrect assumptions and do not fully address the security issues posed by e-mail.
This is not to say that attorneys should not use e-mail. In fact, despite these risks, attorneys should embrace technology. Indeed, as Interact usage among lawyers increases, we may be reaching a point where professional responsibility requires the use of the Internet technology.(370) When doing so, attorneys can ensure e-mail security and avoid any corresponding ethical and evidentiary problems by utilizing encryption and digital signature technology. Such technology is simple, inexpensive, and can protect both attorneys from malpractice and their clients from theft and inadvertent disclosure of confidential information.
(1.) Charles R. Merrill, E-mail for Attorneys from A to Z, N.Y. ST. B.J., May-June 1996, at 20.
(2.) The vast majority of law professors, law students, judges, and corporate in-house counsel have Internet access. Id.
(3.) Colleen col·leen
An Irish girl.
[Irish Gaelic cailín, diminutive of caile, girl, from Old Irish. L. Rest, Note, Electronic Mail and Confidential Client-Attorney Communications: Risk Management, 48 CASE W. RES. L. REV. 309, 318-19 (1998).
(4.) Id. (quoting Michael J. DiCorpo, Technology--What Clients Demand, 68 CLEVELAND B.J. 8 (1996)).
(5.) Tod Newcombe, Justice Online: Uniting Our Fractured Judicial System with Technology, GOV'T TECH., Feb. 1999, at 58, 59.
(9.) Key Facts on the Internet, THE Internet, the, international computer network linking together thousands of individual networks at military and government agencies, educational institutions, nonprofit organizations, industrial and financial corporations of all sizes, and commercial enterprises PATRIOT LEDGER, Aug. 1, 1998, at 22, available at 1998 WL 8096129.
(10.) Duane A. Daiker, Computer-Related Malpractice: An Overview of the Practitioner's Potential Liability, FLA FLA Florida (old style)
FLA Macromedia Flash (file extension)
FLA Flash Files (file extension)
FLA Fair Labor Association
FLA Front Line Assembly . B.J., Apr. 1995, at 12, 14.
(12.) David Hricik, Lawyers Worry Too Much About Transmitting Client Confidences by Internet E-Mail, 11 GEO. J. LEGAL ETHICS 459, 460 (1998).
(14.) See, e.g., Anheuser-Busch Brewing Co. v. Hutmacher, 21 N.C. 626, 628 (Ill. 1889) (deeming the written telegraph message that is delivered to the recipient to be the "original," and thus, the primary evidence where the sender initiates the telegraph and there is no evidence of any error in the message's transmission).
(15.) See, e.g., Joseph Denunzio Fruit Co. v. Crane, 79 F. Supp. 117 (S.D. Cal. 1948) (addressing whether a teletype constitutes a writing).
(16.) See, e.g., Matteson v. Noyes, 25 Ill. 481 (1861) (applying the best evidence rule to telegrams).
(17.) See, e.g., Parma Tile Mosaic & Marble Co., Inc. v. Estate of Short, 663 N.E.2d 633 (N.Y. 1996) (rejecting the contention that a fax machine that automatically imprints the sender's name on each page satisfied the Statute of GLOUCESTER, STATUTE OF. An English statute, passed 6 Edw. I., A. D., 1278; so called, because it was passed at Gloucester. There were other statutes made at Gloucester, which do not bear this name. See stat. 2 Rich. II.
MARLEBRIDGE, STATUTE OF. Frauds' signature requirement).
(18.) See, e.g., 1 Ill. State Bar Ass'n Op. (1990) (addressing the use of cellular telephones), available at http://www.illinoisbar.org/courtsbull/ethicsopinions/9001.asp,' see also McKamey v. Roach, 55 F.3d 1236, 1238-39 (6th Cir. 1995) (holding that conversations on a cordless telephone are not subject to Fourth Amendment protection).
(19.) Merrill, supra A relational DBMS from Cincom Systems, Inc., Cincinnati, OH (www.cincom.com) that runs on IBM mainframes and VAXs. It includes a query language and a program that automates the database design process. note 1, at 23.
(20.) ACLU v. Reno, 929 F. Supp. 824, 830-49 (E.D. Pa. 1996) (discussing the Internet).
(21.) Daniel J. Greenwood & Ray A. Campbell, Electronic Commerce Legislation: From Written on Paper and Signed in Ink to Electronic Records and Online Authentication, 53 Bus. LAW. 307, 310-11 (1997).
(22.) The New Yorker printed a cartoon wherein two dogs chatted over the Internet. The caption quipped, "On the Internet, nobody knows you're a dog "On the Internet, nobody knows you're a dog" is an adage which began as the caption of a famous cartoon published by The New Yorker on 5 July 1993, and authored by Peter Steiner. ." Peter Steiner, NEW YORKER, July 5, 1993, at 61 (cartoon).
(23.) Rest, supra note 3, at 319-20.
(24.) ACLU v. Reno, 929 F. Supp. at 830-49.
(25.) PRESTON GRALLA, HOW THE INTERNET WORKS 85 (1999).
(26.) Id. at 88.
(27.) Id. at 85.
(28.) Id. at 88, 100.
(29.) Id. at 88.
(30.) Id. at 93.
(31.) PETE PETE Polyethylene Terephthalate
PETE Petroleum Engineering (university department)
PETE Petersburg National Battlefield (US National Park Service)
PETE Partnership for Environmental Technology Education LOSHIN, TCP/IP TCP/IP
in full Transmission Control Protocol/Internet Protocol
Standard Internet communications protocols that allow digital computers to communicate over long distances. CLEARLY EXPLAINED 436 (1999).
(33.) DANIEL P. DERN, THE INTERNET GUIDE FORNEW USERS 136 (1994).
(35.) Id. The store-and-forward process raises yet another security problem because deleted files may remain on a computer's hard drive indefinitely. Susan E. Davis, Elementary Discovery, My Dear Watson, 16 CAL. LAW, Mar. 1996, at 53. Computers simply alter the deleted file to indicate that the file is no longer in use and that the corresponding disk space can be overwritten if necessary. Id. "Data can be restored unless it has been overwritten." Marianne Lavalle, Digital Information Boom Worries Corporate Counsel, NAT'L L.J., May 30, 1994, at BI, B3. This is sometimes called the "data remnants phenomenon." Id. For further discussion, see MICHEL E. KABAY, THE NSCA NSCA National Systems Contractors Association
NSCA National Strength & Conditioning Association
NSCA National Society for Clean Air and Environmental Protection (UK)
NSCA National Street Car Association
NSCA Nebraska Sprint Car Association GUIDE TO ENTERPRISE SECURITY: PROTECTING INFORMATION ASSETS 44-45 (1996). Even when the computer overwrites the disk space with another program or file, computer experts can sometimes retrieve the document. Id.
(36.) GRALLA, supra note 25.
(37.) Id.; ROBERT B. GELMAN, PROTECTING YOURSELF ONLINE 130 (1998); WALLACE WANG, STEAL THIS Steal This is an EP by The Explosion. It was released in 2000 on Revelation Records. Its title is a sarcastic jab at the legal troubles resulting in the EP's recording. BOOK 192 (1998).
(38.) Martin E. Hellman, Implications of Encryption Policy on the National Information Infrastructure, 11 COMPUTER LAW., Feb. 1994, at 28.
(39.) WANG, supra note 37.
(43.) E.g., Bella Cooler Corp., Bella Cooler Sniffer Series, at http://www.bellacoola.com/html/bellacooasniffers_series_htm (last visited Nov. 12, 2000).
(44.) Robert L. Jones, Client Confidentiality The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. : A Lawyer's Duties with Regard to Internet E-mail, at www.computerbar.org/netethics/bjones.htm (Aug. 16, 1995).
(46.) AMRIT TIWANA, WEB SECURITY 328 (1999).
(49.) See id. at 54.
(50.) See id.
(51.) Hricik, supra note 12, at 459.
(53.) Id. at 465.
(54.) See ABA Comm. on Ethics and Prof'l Responsibility, Formal Op. 413 (1999) (concluding that a lawyer sending confidential information by unencrypted email does not violate an Ethics rule "because [this] type of transaction affords a reasonable expectation of privacy from a legal standpoint."); see also ANN. MODEL RULES OF PROF'L CONDUCT R. 1.6, cmt. (1999).
(55.) See Hricik, supra note 12, at 465.
(56.) One 1999 survey indicated that 67% of American employers monitored their employees' use of electronic forms of communication, including 27% of employers that monitored employee e-mail. Anna Wilde Mathews, For Truckers, Electronic Monitors Rev Up Verb 1. rev up - speed up; "let's rev up production"
increase - make bigger or more; "The boss finally increased her salary"; "The university increased the number of students it admitted"
2. Fears of Privacy Invasion, WALL ST. J., Feb. 25, 2000, at B1, available at 2000 WL-WSJ 3019413. Employers abroad also regularly monitor employee e-mail. For example, 75% of Australian companies This is a list of companies from Australia.
Many Australian companies have been taken over by foreign interests in recent years, so some of the formerly 'quintessentially Australian' brand names are in fact owned by American or Japanese mega corporations. admit that they monitor their employees' email, often without notifying their employees that they do so. You've Got Mail The audio announcement heard millions of times per day by AOL users. The voice was recorded by Elwood "El" Edwards in 1989 at the suggestion of his wife Karen, who worked in customer service for Quantum Computer Services (before Quantum became AOL). . Who Else Knows?, THE AGE, Feb. 28, 2000, available at 2000 WL 2315176.
(57.) See, e.g., Larry O. Natt Gantt, II, An Affront to Human Dignity Human dignity is an expression that can be used as a moral concept or as a legal term. Sometimes it means no more than that human beings should not be treated as objects. Beyond this, it is meant to convey an idea of absolute and inherent worth that does not need to be acquired and : Electronic Mail Monitoring in the Private Sector Workplace, 8 HARV HARV High Alpha Research Vehicle (NASA test plane)
HARV High Altitude Research Vehicle
HARV High Altitude Reconnaissance Vehicle . J.L. & TECH. 345,34649 (1995).
(58.) See GEORGE B. DELTA & JEFFREY H. MATSUURA, LAW OF THE INTERNET, 6.02, at 6-15 (Supp. 1999).
(59.) 914 F. Supp. 97 (E.D. Pa. 1996).
(60.) Id. at 98.
(62.) Id. Smyth was an at-will employee. Id. at 99.
(63.) Id. at 100.
(64.) See id. at 101.
(67.) Ex-Student Charged With Harassment Ask a Lawyer
Country: United States of America
I recently moved to nev.from abut have been going back to ca. every 2 to 3 weeks for med. , DES MOINES Des Moines, city, United States
Des Moines (dĭ moin`), city (1990 pop. 193,187), state capital and seat of Polk co., S central Iowa, at the junction of the Des Moines and Raccoon rivers; inc. REG., Sept. 3, 1998, available at 1998 WL 3223784.
(68.) See Rodel Divina, Lt. San Diego: Stanford Deals with E-mail Hackers, UWIRE, Nov. 18, 1998, available at 1998 WL 22129591.
(70.) See Ira Sager et al., Cyber Crime, Bus. WK., Feb. 21, 2000, at 37, 38; Tom Avril, E-mail Virus Melissa Is Traced to a NJ Man, PHILA PHILA Philadelphia
PHILA Pod Host Licensing Agreement . INQUIRER, Apr. 3, 1999, at 1, available at 1999 WL 11401595. (71.) Avril, supra note 70.
(72.) Teri Weaver, Woman Charged with Cybercrime cybercrime
also known as computer crime
Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. : Cazenovia Woman is Accused of Intercepting E-Mail Intended for Her Employer, POST-STANDARD (Syracuse, N.Y.), Apr. 22, 1999, at 23, available at 1999 WL 4678695.
(73.) Dirk Beveridge, Student May Have Accidentally Released `Love Bug' Virus, CHI. SUN-TIMES, May 11, 2000, at 38.
(74.) Courtney Macavinta, Microsoft Orders Security Audit After Hotmail Breach, CNET (body) CNET - Centre national d'Etudes des Telecommunications. The French national telecommunications research centre at Lannion. News.com, at http://news.cnet.com/news/0-1005-200-114899.html (Sept. 9, 1999). (75.) Id.
(76.) For example, in 1997 and 1998, the total number of court-authorized intercepts rose 12%. See Charles Arthur <noinclude>
Charles Arthur (born February 5, 1808 in Plymouth, England) was an Australian cricket player, who played for the Tasmania. Although he only represented the state in one match, he has the distinction of having participated in the first ever first class , et al., Cyber Snoops SNOOPS - Craske, 1988. An extension of SCOOPS with meta-objects that can redirect messages to other objects. "SNOOPS: An Object-Oriented language Enhancement Supporting Dynamic Program Reeconfiguration", N. Craske, SIGPLAN Notices 26(10): 53-62 (Oct 1991). : Who's Looking over Your Shoulder?, INDEPENDENT (London), Sept. 26, 1999, at 17, available at 1999 WL 27991337. Of those intercepts, 46% were related to electronic wiretaps of email and pager messages. Id. The American Civil Liberties Union American Civil Liberties Union (ACLU), nonpartisan organization devoted to the preservation and extension of the basic rights set forth in the U.S. Constitution. (ACLU) has released a white paper discussing government wiretaps of e-mail. ACLU, Big Brother in the Wires: Wiretapping A form of eavesdropping involving physical connection to the communications channels to breach the confidentiality of communications. For example, many poorly-secured buildings have unprotected telephone wiring closets where intruders may connect unauthorized wires to listen in on phone in the Digital Age, Mar. 1998, at http://www.aclu.org/issues/cyber/wiretap_brother.html (last visited Nov. 12, 2000).
(77.) Linnet linnet
small songbird in the family Fringillidae. Called also Carduelis cannabina. Myers, Cybersleuthing vs. Civil Rights: Hacker Identified After Network is Wiretapped, CHI. TRIB TRIB Tributary
TRIB Tire Retread Information Bureau
Trib Chicago Tribune Newspaper
TRIB Transfer Rate of Information Bits (ANSI formula for calculating throughput)
TRIB Transmission Rate of Information Bits ., Mar. 30, 1996, at 1, available at 1996 WL 2657346.
(81.) Julie Robotham, American Secret Service Turns on E-mail Taps, SYDNEY MORNING HERALD, Jan. 16, 1996, at 29, available at 1996 WL 16868568.
(82.) Nell King Jr. & Ted Bridis, FBI Lobbies to Show Carnivore Doesn't Eat Privacy, WALL ST. J. EUR EUR
In currencies, this is the abbreviation for the Euro.
The currency market, also known as the Foreign Exchange market, is the largest financial market in the world, with a daily average volume of over US $1 trillion. ., July 21, 2000, at A3, available at 2000 WL-WSJE 21066796.
(83.) Neil King Jr. & Ted Bridis, FBI's Wiretaps to Scan E-mail Spark Concern, WALL ST. J., July 11, 2000, at Al, available at 2000 WL-WSJ 3035880.
(85.) Angry Reaction to UK Net Tapping Legislation, COMPUTERGRAM INT'L, July 1, 1999, available at 1999 WL 21236866.
(86.) British to Spy on E-mail, CHI. SUN-TIMES, May 11, 2000, at 38; Marjorie Miller, Cyber-Spy Law Debated in Britain, CHI. SUN-TIMES, June 5, 2000, at 38.
(87.) Kevin Platt, China's `Cybercops' Clamp Down, CHRISTIAN SCI (Scalable Coherent Interface) An IEEE standard for a high-speed bus that uses wire or fiber-optic cable. It can transfer data up to 1GBytes/sec.
(hardware) SCI - 1. Scalable Coherent Interface.
2. UART. . MONITOR, Nov. 17, 1999, at 6, available at 1999 WL 5383704.
(90.) ACLU, Super-Secret Global Surveillance System Eavesdrops on Conversations Worldwide, at http://www.aclu.org/action/echelonl06.html (modified Feb. 25, 2000).
(91.) Robyn E. Blumner, The Words that Can Get You Spied spied
Past tense and past participle of spy. On, ST. PETERSBURG TIMES
The St. Petersburg Times is a daily newspaper based in St. Petersburg, Florida, that serves the larger Tampa Bay area. , Oct. 17, 1999, at 1D, available at 1999 WL 27322865; Top-Secret Agency Denies Abuses in Letter to Congress, COM. APPEAL (Mem. TN), Feb. 28, 2000, at Al, available at 2000 WL 4440608; Alice Ann Love, NSA Defends Eavesdropping Policy, ASSOCIATED PRESS Associated Press: see news agency.
Associated Press (AP)
Cooperative news agency, the oldest and largest in the U.S. and long the largest in the world. NEWSWIRES, Feb. 27, 2000, available at 2000 WL 14324719.
(92.) Charles Trueheart, Eavesdropping System Raises Ire; Europeans Fret Over U.S.-Led System, CIN CIN cervical intraepithelial neoplasia.
Cervical intraepithelial neoplasia (CIN)
A term used to categorize degrees of dysplasia arising in the epithelium, or outer layer, of the cervix. . ENQUIRER En`quir´er
n. 1. See Inquirer.
Noun 1. enquirer - someone who asks a question
asker, inquirer, querier, questioner , Feb. 24, 2000, at A02, available at 2000 WL 10068221 (quoting Duncan Campbell Duncan Campbell may refer to several people:
(93.) See supra sources cited at note 91.
(95.) Bart Reacts to Australian Confirmation of "Echelon" Spy Network, GOV'T PRESS RELEASE, Nov. 3, 1999, at 1999 WL 28846330.
(96.) Trueheart, supra note 92.
(97.) Top-Secret Agency Denies Abuses in Letter to Congress, supra note 91; Love, supra note 91.
(98.) Barr Reacts to Australian Confirmation of "Echelon" Spy Network, supra note 95. Congress held such hearings in April 2000. U.S. SpyFears Rock Europe, CHI. SUN-TIMES, July 6, 2000, at 22. The American Civil Liberties Union similarly urged Congress to scrutinize scru·ti·nize
tr.v. scru·ti·nized, scru·ti·niz·ing, scru·ti·niz·es
To examine or observe with great care; inspect critically.
scru the Echelon Project. Love, supra note 91. According to the ACLU, the NSA operates Echelon "without the oversight of either Congress or the courts. Shockingly, the NSA has failed to adequately disclose ... the legal guidelines for the project ... [therefore,] there is no way of knowing if the NSA is using Echelon to spy on Americans in violation of federal law." ACLU, supra note 90.
(99.) Barr Bill Updates Wiretap Laws, GOV'T PRESS RELEASE, July 28, 2000, at 2000 WL 7980250. The measure would block the use of illegally obtained evidence, extend statutes requiring law-enforcement officials to report the interception of communications, would ban unchecked government access to computer users' identities, and would require a court order to track cellular telephone calls. Id.
(100.) U.S. Spy Fears Rock Europe, supra note 98.
(101.) Trueheart, supra note 92.
(103.) Top-Secret Agency Denies Abuses in Letter to Congress, supra note 91.
(106.) Blumner, supra note 91.
(107.) Christy Harvey Christy Harvey is the Director of Strategic Communications at the Center for American Progress. She was a regular guest on The Al Franken Show. She also edits a free news website for the Center called Mic Check. , American Opinion (Special Report), WALL ST. J., Sept. 16, 1999, at Al0, available at 1999 WL-WSJ 24914077.
(109.) David L. Chandler, If Not Al Gore Noun 1. Al Gore - Vice President of the United States under Bill Clinton (born in 1948)
Albert Gore Jr., Gore , Who Invented the Internet?, BOSTON GLOBE, Oct. 17, 2000, at F1.
(110.) See e.g., Clayton Collins, Latest Invasion of Military Technology, CHRISTIAN SCI. MONITOR, May 25, 2000, at 15, available at 2000 WL 4428315.
(111.) Lawrence M. Hertz, Advertising on the Web: Understanding and Managing the Risks, 571,581 (PLI PLI Practising Law Institute
PLI Professional Liability Insurance
PLI Programming Language Interface (Verilog programming language)
PLI Partido Liberal Independiente (Independent Liberal Party, Nicaragua) Pat., Copyrights, Trademarks & Literary Prop. CourseHandbook Series No. G0-00A2, 2000); GELMAN supra note 37, at 129.
(112.) Hertz, supra note 111.
(114.) James Garrity & Eoghan Casey, Internet Misuse in the Workplace: A Lawyer's Primer, 72 FLA. B.J. 22, 24 (Nov. 1998). Sending truly anonymous e-mail is technically possible but requires substantial effort. Id.
(117.) Tim Richardson Tim Richardson, author of Sweets: The History of Temptation, is the world's first international confectionery historian. He also writes about gardens, landscape and theatre, and contributes to the Daily Telegraph, Country Life, The Idler, , Electronic Signatures and Internet Security, an Explanation and Practical How-To Notes, at http://www.timrichardson.net/misc/security.html (Aug. 16, 2000). The ease of altering one's email settings depends heavily upon the e-mail program one uses. Id.
(118.) GELMAN, supra note 37, at 129.
(119.) Id. Spoofing is often used in conjunction with junk e-mail, or "spam." Id.
(121.) For further discussion of remailers, see John Schwartz
John Schwartz (October 27, 1793–June 20, 1860) was an Anti-Lecompton Democratic member of the U.S. , With E-mail Privacy The protection of electronic mail from unauthorized access and inspection is known as electronic privacy. In countries with a constitutional guarantee of the secrecy of correspondence, e-mail is equated with letters and thus legally protected from all forms of eavesdropping. in Jeopardy, "Remailer" Closes Up Shop, WASH. POST, Sept. 16, 1996, at F19.
(122.) DELTA & MATSUURA, supra note 58, [sections] 6.02, at 6-18.
(124.) Id. One company with involvement in remailers is ApolloMedia. Its website address is www.apollomedia.com.
(125.) WANG, supra note 37, at 193.
(128.) Thomas E. Weber, E-mail Sent to AOL Users Falls Victim to Attack on Internet's Address Book, WALL ST. J., Oct. 19, 1998, at B10.
(129.) Sara Nathan Sara Nathan can refer to several people:
National U.S. daily general-interest newspaper, the first of its kind. Launched in 1982 by Allen Neuharth, head of the Gannett newspaper chain, it reached a circulation of one million within a year and surpassed two million in the 1990s. , Oct. 19, 1998, at 7A.
(131.) Weber, supra note 128.
(132.) See John C. Anderson & Michael L. Closen, Document Authentication in Electronic Commerce: The Misleading Notary Public A public official whose main powers include administering oaths and attesting to signatures, both important and effective ways to minimize Fraud in legal documents. Analog for the Digital Signature Certification Authority, 17 J. MARSHALL J. COMPUTER & INFO. L. 833,869-70 n.262 (citing letter from LEXIS-NEXIS, to Law School Faculty & Staff (Oct. 29, 1998) (stating that a "seam is currently being perpetrated upon a few LEXIS-NEXIS customers by both e-mail and telephone. This seam asks the customer to provide their LEXIS-NEXIS ID (code) to a generic e-mail box....")).
(133.) No. 97-06273 (Travis County D. Ct., Texas 1997) available at http://legal.web.aol.com/decisions/dljunk/parkero.html (last visited Nov. 12, 2000).
(141.) Despite the efforts of many state legislatures, the practice continues. For example, Section 16-9-93 of the Georgia Code The official Georgia Code consists of statutes enacted by the General Assembly of the State of Georgia. Like other U.S. state codes, its interpretation is subject to the United States Constitution, the United States Code, the Code of Federal Regulations, and the state's makes it illegal to transmit data via a computer with a false or unauthorized name. The statute has criminal and civil penalties. GA. CODE ANN. [sections] 16-9-93 (1999).
(142.) Juno Online Servs., L.P. v. Scott Allen Exp. Sales, No. 97CV08694 (S.D.N.Y. filed Nov. 21, 1997).
(144.) John F. Delaney & William I William I, king of England
William I or William the Conqueror, 1027?–1087, king of England (1066–87). Earnest and resourceful, William was not only one of the greatest of English monarchs but a pivotal figure in European . Schwartz, The Law of the Internet: A Summary of U.S. Internet Caselaw and Legal Developments, 29, 177 (PLI Pat., Copyrights, Trademarks & Literary Prop. Course Handbook Series No. G0-00FS, 2000).
(145.) No. BC 167502 (Los Angeles Los Angeles (lôs ăn`jələs, lŏs, ăn`jəlēz'), city (1990 pop. 3,485,398), seat of Los Angeles co., S Calif.; inc. 1850. Cty. Sup. Ct., filed Mar. 13, 1997).
(146.) 962 F. Supp. 1015 (S.D. Ohio 1997).
(147.) 46 F. Supp. 2d 444 (E.D. Va. 1998).
(148.) 47 U.S.P.Q.2d 1020 (N.D. Cal. 1998).
(149.) For further discussion of these cases, see Delaney & Schwartz, supra note 144, at 181; Vasilios Toliopoulos, Regulating Your Internet Diet: The Can Spare Act of 1999, 10 DEPAUL-LCA J. ART& ENT ENT ears, nose, and throat (otorhinolaryngology).
ear, nose, and throat
ear, nose and throat.
ENT Ears, nose & throat; formally, otorhinolaryngology . L. & POL'Y 175, 189-90 (1999); Diane E. Horvath & John S. Jung, 1999 Technology Legislation in Virginia, 33 U. RICH. L. REV. 1037, 1059 (1999).
(150.) Am. Online, Inc. v. IMS, 24 F. Supp. 2d 548, 549 (E.D. Va. 1998).
(151.) Id. at 551-52.
(152.) See generally Mike France, Increasing Threat: Law Firm Data a Juicy Target for Hack Attack (jargon) hack attack - (Possibly by analogy with "Big Mac Attack" from advertisements for the McDonald's fast-food chain; the variant "big hack attack" is reported) Nearly synonymous with hacking run, though the latter more strongly implies an all-nighter. , NAT'L L.J., Apr. 3, 1995, at Al.
(153.) Id. (citing Wyatt v. Williams, 892 S.W.2d 584 (Ky. 1995)).
(154.) Arnold Ceballos, Law Firms May Not Be Immune from Computer Security Snags, WALL ST. J., Aug. 15, 1996, at B2, available at 1996 WL-WSJ 3114580.
(155.) France, supra note 152.
(158.) Dave James Dave James is an American radio and television presenter who was the winner of QVC’s 2004 Program Host Search auditions. Millions of Americans voted for James, and after months of intensive host training, he joined the ranks as a QVC program host in May 2005. , Barbarians at the Gate: Internet Security in the Law Firm/Corporate Environment, 277, 284 (PLI Pat., Copyrights, Trademarks & Literary Prop. Course Handbook Series No. G4-3944, 1995).
(159) Carol L. Schlein, Keeping Tabs on Your Computers, N.J. LAW., Aug. 2, 1999, at 23.
(160.) Ceballos, supra note 154.
(161.) Computer crime is likely higher than statistics suggest. A 1995 Michigan State University Michigan State University, at East Lansing; land-grant and state supported; coeducational; chartered 1855. It opened in 1857 as Michigan Agricultural College, the first state agricultural college. Cyber Crime study indicated that unauthorized access to computer files is one of the most commonly reported forms of computer theft. COMPUTER LAW GUIDE, (CCH CCH Colegio de Ciencias y Humanidades (Spanish)
CCH Certified Clinical Hypnotherapist
CCH Cook County Hospital
CCH Certified in Classical Homeopathy
CCH Country Club Hills (Fairfax City, VA, USA) ) [paragraph] 15,230, at 26,008 (Oct. 1996). The same survey indicated dramatic increases in reported incidents of trade secret and client information theft. Id.
(162.) Steven Wilmsen, Internet Merchant Accused of Intercepting Rival's Email, BOSTON GLOBE, Nov. 23, 1999, at Al, available at 1999 WL 6091746; see also Alibris: Guilty Plea Is Submitted in Amazon.com E-mail Case, WALL ST. J., Nov. 30, 1999, at C24, available at 1999 WL-WSJ 24923749.
(163.) Wilmsen, supra note 162.
(165.) ISP (1) See in-system programmable.
(2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. Charged with Intercepting Customer E-mail, Possessing Unauthorized Password Files, EDP (Electronic Data Processing) The first name used for the computer field.
EDP - Electronic Data Processing WEEKLY'S IT MONITOR, Nov. 29, 1999, at 7, available at 1999 WL 9504340.
(167.) See Ben Heskett, A New Windows Password Cracker, CNET News.com, at http://news.cnet.com/news/0-1003-200-326537.html (Feb. 13, 1998).
(172.) See Timothy C. Barmann, eBay Passes on Bid to Fix Password Security Lapse, PROVIDENCE J., Feb. 22, 2000, at El, available at 2000 WL 5094625.
(177.) See Richard Fromm, The eBay Password Daemon Pronounced "dee-mun" as in the word "demon," it is a Unix program that executes in the background ready to perform an operation when required. Functioning like an extension to the operating system, a daemon is usually an unattended process that is initiated at startup. , PROVIDENCE J., Feb. 22, 2000, available at 2000 WL 5094625.
(179.) See generally CHARLES W. WOLFRAM wolfram: see tungsten. , MODERN LEGAL ETHICS 242 (1986) (discussing attorney-client confidentiality).
(180.) MODEL RULES OF PROF'L CONDUCT R. 1.6(a) (1983) [hereinafter here·in·af·ter
In a following part of this document, statement, or book.
Formal or law from this point on in this document, matter, or case
Adv. 1. MODEL RULES].
(181.) MODEL RULES, supra note 180, at R. 1.6 cmt.
(182.) MODEL CODE OF PROF'L RESPONSIBILITY Canon 4 (1977) [hereinafter MODEL CODE].
(183.) MODEL CODE, supra note 182, at EC 4-6 ("The obligation of a lawyer to preserve the confidences and secrets of his client continues after the termination of his employment.").
(184.) For example, in American Motors American Motors Corporation (AMC) was an American automobile company formed on January 14 1954 by the merger of the Nash-Kelvinator Corporation and the Hudson Motor Car Company. At the time, it was the largest corporate merger in U.S. history, valued at US$198 million ($1. Corp. v. Huffstutler, 575 N.E.2d 116, 119 (Ohio 1991) and Maritrans GP, Inc. v. Pepper, Hamilton & Sheetz, 602 A.2d 1277, 1288 (Pa. 1992), courts granted injunctive relief to protect clients from abuses by their former attorneys.
(185.) Some of the security risks associated with e-mail are due to "weak links" and "community vulnerability," which are inherent in network systems. Rest, supra note 3, at 314-16. Other security risks are due to "store-and-forward" technology, which saves email on computer systems that may be vulnerable to hackers and other user errors, such as misaddressing an email. Id.
(186.) Id. at 325 ("The consequences of [a confidentiality breach via insecure email] are disciplinary sanctions, attorney malpractice claims, and waiver of the attorney-client privilege.").
(187.) MODEL RULES, supra note 180, at R. 1.15 cmt.
(188.) MODEL CODE, supra note 182, at DR 9-102(B)(2).
(189.) MODEL RULES, supra note 180, at R. 1.15(a).
(190.) See, e.g., In re Kaleidoscope kaleidoscope (kəlī`dəskōp), optical instrument that uses mirrors to produce changing symmetrical patterns. Invented by the Scottish physicist Sir David Brewster in 1816, the device is usually a hand-held tube, a few inches to as much , Inc., 15 B.R. 232, 246-47 (Bankr. N.D. Ga. 1981) (holding that legal files created during representation of a client were property of the client).
(191.) Corporations may typically keep over 80% of their intellectual property in digital form. Sager, supra note 70, at 70.
(192.) See Rest, supra note 3, at 325 (stating that an intercepted or misaddressed email may result in "danger ... that, if not controlled, may lead to ... consequence[s] unintended by and actually or potentially harmful to a law firm or practitioner.") (quoting ANTHONY E. Davis, RISK MANAGEMENT 15 (1995)).
(193.) WOLFRAM, supra note 179, at 176.
(194.) Id. (citations omitted).
(195.) MODEL RULES, supra note 180, at R. 1.4(a) ("A lawyer shall keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information."); MODEL CODE, supra note 182, at EC 7-8 ("A lawyer should exert his best efforts to insure that decisions of his client are made only after the client has been informed of relevant considerations. A lawyer ought to initiate this decision-making process if the client does not do so."); Id. at EC 9-2 ("In order to avoid misunderstandings and hence to maintain confidence, a lawyer should fully and promptly inform his client of material developments in the matter being handled for the client.").
(196.) Should hackers compromise a firm's security system, such e-mails could be lost or redirected. Further, the attorney or firm may be too preoccupied with the task of restoring the system to devote proper time to client responsibilities.
(197.) MODEL RULES, supra note 180, at R. 3.2; cf. MODEL CODE, supra note 182, at DR 7-101 (A) (stating that a "lawyer shall not intentionally ... [flail to seek the lawful objectives of his client through reasonably available means permitted by law.").
(198.) MODEL RULES, supra note 180, at R. 3.2. A lawyer must "take steps reasonable under the circumstances to protect confidential client information ... against use or disclosure by others." RESTATEMENT OF THE LAW Restatement of the Law n. a series of detailed statements of the basic law in the United States on a variety of subjects written and updated by well-known legal scholars under the auspices of the American Law Institute since the 1930s. GOVERNING LAWYERS [sections] 111 (Tentative Draft No. 3, 1990).
(199.) See Rest, supra note 3.
(200.) See id.
(201.) Id. (quoting Michael J. DiCorpo, Technology--What Clients Demand, 68 CLEV CLEV CyberLink Eagle Vision (PowerDVD)
CLEV Cyber Link Eagle Vision
CLEV Cost Level
CLEV Central Channel Level . B.J. 8 (1996)).
(202.) Id. at 325.
(203.) An attorney's duty of confidentiality is broader than the attorney-client privilege rule. See generally Geoffrey C. Hazard, Ethics, NAT'L L.J., Jan. 25, 1993, at 17-18. The client confidentiality rule encompasses all information with regard to the representation. Id. In contrast, the attorney-client privilege relates more narrowly to communications. Id. Moreover, attorneys' confidentiality obligation restricts disclosure to third parties in general, while the attorney-client privilege prevents the government from compelling disclosure. Id. Therefore, it is possible that the failure to adequately safeguard an electronic document may not result in waiver of the attorney-client privilege but may nevertheless constitute a breach of the confidentiality duty.
(204.) GEOFFREY C. HAZARD JR., ET AL., THE LAW AND ETHICS OF LAWYERING 221 (2d ed. 1994).
(205.) See, e.g., Bank Brussels Lambert v. Credit Lyonnais, 160 F.R.D. 437, 441-42 (S.D.N.Y. 1995).
(206.) 8 JOHN HENRY WIGMORE John Henry Wigmore (4 March, 1863 – 20 April, 1943) was an American jurist and expert in the law of evidence.
Born in San Francisco, son of John and Harriet Joyner Wigmore, he attended Harvard University and earned the degrees AB in 1883, AM in 1884, and LLB in 1887. , EVIDENCE [sections] 2292, at 554 (McNaughton rev. ed. 1961) (citation and emphasis omitted). The rule differs somewhat when the client is a corporation. In such cases, the attorney-client privilege applies in a situation where:
[C]ommunications ... were made by ... employees ... to counsel ... at the direction of corporate superiors in order to secure legal advice.... [Such] [i]nformation, [which was] not available from upper-echelon management, was needed to supply a basis for [such] legal advice.... The communications ... concerned matters within the scope of the employees' corporate duties, and the employees themselves were sufficiently aware that they were being questioned in order that the corporation could obtain legal advice.
Upjohn Co. v. United States, 449 U.S. 383, 394 (1980) (footnote omitted).
(207.) United States v. Goldberger & Dubin, P.C., 935 F.2d 501, 504 (2d Cir. 1991) (stating that the attorney-client privilege "cannot stand in the face of countervailing law or strong public policy, and should be strictly confined within the narrowest possible limits underlying its purpose").
(208.) PAUL RICE Paul Rice is the founder and CEO of the non-profit organisation Transfair USA. He lived in Nicaragua for 11 years working with local coffee farmers before he returned to the US to found what is now the largest fair trade organisation in the US. , ATTORNEY-CLIENT PRIVILEGE IN THE UNITED STATES [subsections] 9:23, 9:26 (1993) (citing WIGMORE, supra note 206, [sections] 2325).
(209.) See supra text accompanying note 22.
(210.) In re Horowitz, 482 F.2d 72, 82 (2d Cir. 1973).
(211.) See id. (holding that a client's failure to take affirmative actions toward preserving privilege brought confidentiality relationship to an end).
(212.) Suburban Sew `N Sweep, Inc., v. Swiss-Berina, Inc., 91 F.R.D. 254, 260 (N.D. Ill. 1981) ("[T]he relevant consideration is the intent of the defendants to maintain the confidentiality of the documents as manifested in the precautions they took.").
(214.) Id. As this Article discusses later, there are reasonable security measures that parties can utilize when sending documents electronically to protect against waiver. See infra [Latin, Below, under, beneath, underneath.] A term employed in legal writing to indicate that the matter designated will appear beneath or in the pages following the reference.
infra prep. , Part III.
(215.) RICE, supra note 208, [sections] 9:23 (citing In re Horowitz, 482 F.2d 72, 82 (2d Cir. 1973); United States v. Betinsky, No. CRIM CRIM Criminal
CRIM Computer Research Institute of Montreal
CRIM Centro de Recaudación de Ingresos Municipales (Municipal Internal Revenue Center, San Juan)
CRIM Centre de Recherche en Ingénierie Multilingue . 88-198, 1988 WL 97673, at *3 (E.D. Pa 1988), aff'd, 877 F.2d 58 (3d Cir. 1989)).
(216.) Id. (citing In re Victor, 422 F. Supp. 475,476 (S.D.N.Y. 1976)).
(217.) Id. (citing Bower v. Weisman, 669 F. Supp. 602, 605-06 (S.D.N.Y. 1987)).
(218.) Id. (citing Jarvis, Inc. v. Am. Tel. & Tel. Co., 84 F.R.D. 286, 292 (D. Colo. 1979).
(219.) Id. (citing United States v. McMahon, 151 F.3d 1031 (4th Cir. 1998); Suburban Sweep `N Sew, Inc., 91 F.R.D. at 260).
(220.) See, e.g., Todd H. Flaming, Internet E-Mail and the Attorney Client Privilege, 85 ILL. B.J. 183, 184 (1997).
(221.) 18 U.S.C. [subsections] 2510-2520 (1994). Several states have enacted statutes similar to the ECPA. Hricik, supra note 12, at 473 n.75 (citing multiple state statutes).
(222.) Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508, 100 Stat. 1848 (codified cod·i·fy
tr.v. cod·i·fied, cod·i·fy·ing, cod·i·fies
1. To reduce to a code: codify laws.
2. To arrange or systematize. as amended at 18 U.S.C. [subsections] 2510-2520 (1986)).
(223.) 18 U.S.C. [sections] 2517(4) (Supp. 1999).
(224.) 18 U.S.C. [sections] 2511(2)(a)(i) (Supp. 1999).
(226.) Lois R. Witt, Comment, Terminally Nosy nos·y or nos·ey
adj. nos·i·er, nos·i·est Informal
1. Given to prying into the affairs of others; snoopy. See Synonyms at curious.
2. Prying; inquisitive. : Are Employers Free to Access Our Electronic Mail?, 96 DICK. L. REV. 545,550-51 (1992).
(227.) While few cases that address e-mail exist, several cases exist in other contexts. See, e.g., United States v. Turner, 528 F.2d 143, 155 (9th Cir. 1975) ("Title III Title III Program is a U.S. Federal Grant Program to improve education History
The Title III Program began as part of the Higher Education Act of 1965, which sought to provide support to strengthen various aspects of the schools through a formula grant program to accredited, [of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. [subsections] 2510-20], in providing for judicially authorized telephone interceptions, contradicts any claim of privilege attaching generally to all conversations so intercepted."); United States v. Kerrigan, 514 F.2d 35, 37 n.5 (9th Cir. 1975); Commonwealth v. Alves, 608 N.E.2d 733 (Mass. 1993) (finding same with respect to spousal communications privilege and holding that "the [Massachusetts state] wiretap statute The Wiretap Statute et seq is title III of the Omnibus Crime Control and Safe Streets Act of 1968. It makes it illegal for anyone to intercept or disclose intercepted telephone communications, unless so ordered by a court of competent jurisdiction. ... provides that no privileged intercepted wire communication `shall lose its privileged character'").
(228.) DELTA & MATSUURA, supra note 58, [sections] 6.02, at 6-17. While few cases dealing with the ECPA vis-a-vis e-mail exist, there have been several cases in which courts have admitted into evidence damaging statements overheard by telephone operators and others working in the ordinary course of business. See, e.g., Williams v. State, 507 P.2d 1339 (Okla. Crim. App. 1973).
(229.) DELTA & MATSUURA, supra note 58, [sections] 6.02, at 6-17.
(230.) Symposium, The Privacy Debate: To What Extent Should Traditionally "Private" Communications Remain Private on the Internet?, 5 FORDHAM INTELL. PROP. MEDIA & ENT. L.J. 329, 382 (1995).
(232.) Jonathan Rose, Note, E-mail Security Risks: Taking Hacks at the Attorney-Client Privilege, 23 RUTGERS COMPUTER & TECH. L.J. 179, 212 (1997) (citing United States v. Hall, 543 F.2d 1229, 1241 (9th Cir. 1976)). "The word `otherwise,' and the legislative history relating to [sections] 2517(4), see S. REP. NO. 1097, reprinted in 1968 U.S. CODE A multivolume publication of the text of statutes enacted by Congress.
Until 1926, the positive law for federal legislation was published in one volume of the Revised Statutes of 1875, and then in each sub-sequent volume of the statutes at large. CONG. & ADMIN. NEWS, at 2189, indicate that the subsection's assurance of protection still depends on whether adequate precautions were taken under common-law standards," Rose, supra, at 212 n.229.
(233.) Rose, supra note 232, at 212.
(234.) Id. at 212 n.229.
(235.) See id. at 212.
(236.) See supra Part II.
(237.) See, e.g., United States v. Maxwell, 42 M.J. 568, 575 (A.F.C.M.R. 1995), rev'd on other grounds, 45 M.J. 406 (C.A.A.F. 1996) (finding that a reasonable expectation of privacy exists in e-mail sent via America Online). But see Bohach v. Reno, 932 F. Supp. 1232 (D. Nev. 1996) (finding no reasonable expectation of privacy in a city-operated e-mail paging system); Smith v. Pillsbury Co., 914 F. Supp. 97, 101 (E.D. Pa. 1996) (finding no reasonable expectation of privacy with respect to company-operated e-mail).
(238.) See Kevin J. Connolly, Cryptography Can Ensure E-mail Confidentiality, 19 NAT'L L.J., June 9, 1997, at B13; see also, e.g., State v. Delaurier, 488 A.2d 688, 691 (R.I. 1985) (affirming the holding in Bridges v. Superior Court, 396 A.2d 97, 99 (R.I. 1978), that illegally obtained evidence may be admissible (algorithm) admissible - A description of a search algorithm that is guaranteed to find a minimal solution path before any other solution paths, if a solution exists. An example of an admissible search algorithm is A* search. in a bail revocation The recall of some power or authority that has been granted.
Revocation by the act of a party is intentional and voluntary, such as when a person cancels a Power of Attorney that he has given or a will that he has written. hearing if it is factually reliable).
(239.) RICE, supra note 208, [sections] 9:26, at 68 & n.66 (citing In re Grand Jury Proceedings Involving Berkley & Co., 466 F. Supp. 863, 869-70 (D. Minn. 1979), aff'd as modified, 629 F.2d 548 (8th Cir. 1980) ("The protection afforded by the privilege ... does not apply to the documents obtained from Berkley's former employee, for the privilege does not apply to stolen or lost documents."). Wigmore similarly notes that:
All involuntary disclosures, in particular, through loss or theft of documents from the attorney's possession, are not protected by the privilege, on the principle that, since the law has granted secrecy so far as its own process goes, it leaves to the client and attorney to take the measures of caution sufficient to prevent being overheard by third parties. The risk of insufficient precautions is upon the client. This principle applies equally to documents.
WIGMORE, supra note 206, [sections] 2325.
(240.) See RICE, supra note 208, [sections] 9:26 at 68-69 & n.68 (citing United States v. Cable News Network, Inc. 865 F. Supp. 1549 (S.D. Fla. 1994) ("It is a fundamental principle of law that only the client, not the attorney, may waive the attorney-client privilege."); Resolution Trust Corp. v. Dean, 813 F. Supp. 1426, 1429 (D. Ariz. 1993) ("A party seeking to invoke the attorney-client privilege has the burden of affirmatively demonstrating nonwaiver."); Suburban Sew `N Sweep, Inc. v. Swiss-Bernina, Inc., 91 F.R.D. 254, 260 (N.D. Ill. 1981) ("[T]he privilege is not simply inapplicable in·ap·pli·ca·ble
Not applicable: rules inapplicable to day students.
in·ap ... [when] confidentiality is breached.... and the relevant consideration is the intent of the defendants to maintain the confidentiality of the documents as manifested by the precautions they took and establishing two considerations for determining whether the precautions that were taken were adequate.").
(241.) See Connolly, supra note 238. Connolly advocates the use of cryptography as a reasonable precaution to preserve the confidentiality of communications between attorneys and their clients over e-mail. Id.; see also RICE, supra note 208, [sections] 9:23, at 62, (citing Crabbv. KFC KFC Kentucky Fried Chicken (restaurant chain)
KFC Kenya Flower Council
KFC Kitchen Fresh Chicken (Kentucky Fried Chicken motto)
KFC Kung Fu Cult (Cinema)
KFC Kitchen Fixed Charge Nat'l Mgmt. Co., 952 F.2d 403 (6th Cir. 1992); In re Dayco Corp. Derivative Sec. Litig., 102 F.R.D. 468 (S.D. Ohio 1984)).
(242.) RICE, supra note 208, [sections] 9:26, at 68-69 n.68 (citing U.S. ex rel ex rel. conj. abbreviation for Latin ex relatione, meaning "upon being related" or "upon information," used in the title of a legal proceeding filed by a state attorney general (or the federal Department of Justice) on behalf of the government, on the instigation of . Mayman v. Martin Marietta Martin Marietta Corporation was founded in 1961 through the merger of The Martin Company and American-Marietta Corporation. The combined company became a leader in aggregates, cement, chemicals, aerospace, and electronics. Corp., 886 F. Supp. 1243, 1245 (D. Md. 1995); Status Time Corp. v. Sharp Elecs. Corp., 95 F.R.D. 27, 34 (S.D.N.Y. 1982)).
(243.) Connolly, supra note 238.
(244.) RICE, supra note 208, [sections] 9:26, at 69-70; [sections] 9:23, at 62-63 (citing McCafferty's Inc. v. Bank of Glen Burnie, No. MJG-96-3656 1998 U.S. Dist. LEXIS 12859, at *15-20 (D. Md. Jan. 26, 1998), aff'd, 1998 U.S. Dist. LEXIS 12861 (D. Md. Apr. 23, 1998)).
(245.) WIGMORE, supra note 206, [sections] 2326.
(246.) See generally Amy M. Fulmer Stevenson, Comment, Making a Wrong Turn on the Information Superhighway: Electronic Mail, the Attorney-Client Privilege, and Inadvertent Disclosure, 26 CAP. U.L. REV. 347 (1997). An attorney who reads an inadvertently disclosed document has not committed an ethical violation. Ill. St. Bar Ass'n. Comm. n Prof'l Conduct, Op. 98-4 (Jan. 1999).
(247.) RICE, supra note 208, [sections] 9:70, at 303-06.
(248.) Connolly, supra note 238.
(249.) Karn v. United States Dep't of State, 925 F. Supp. 1, 3 n.1 (D.C. 1996) (quoting BRUCE SCHNEIER, APPLIED CRYPTOGRAPHY 1 (1994)). In contrast, "cryptoanalysis" is the science of analyzing and breaching secured data. NATIONAL RESEARCH COUNCIL, CRYPTOGRAPHY'S ROLE IN SECURING THE INFORMATION SOCIETY 62 (Kenneth W. Dam Kenneth W. Dam (born 1932) served as Deputy Secretary of the Treasury (the second highest official in the United States Department of the Treasury) from 2001 to 2003, where he specialized in international economic development. & Herb S. Lin eds., 1996). Collectively, these two related sciences are known as cryptology The science of developing secret codes and/or the use of those codes in encryption systems. See cryptography.
cryptology - The study of cryptography and cryptanalysis. .
(250.) David L. Gripman, Electronic Document Certification: The Technology Behind Digital Signatures, 17 J. MARSHALL J. COMPUTER. & INFO. L. 769, 774 (1999).
(252.) J. Terrence Stender, Too Many Secrets: Challenges to the Control of Strong Crypto and the National Security Perspective, 30 CASE W. RES. J. INT'L L. 287, 299 (1998) (quoting DEBORAH RUSSELL & G.T. GANGEMI, ENCRYPTION, in COMPUTER SECURITY BASICS 11 (1991)).
(253.) Id. at 300.
(254.) See Phillip E. Reiman, Cryptography and the First Amendment: The Right to Be Unheard, 14 J. MARSHALL J. COMPUTER & INFO L. 325, 328 (1996). Private encryption is also called conventional, secret-key, or symmetric-key encryption. Gripman, supra note 250, at 774-75.
(255.) Gripman, supra note 250, at 774 n.45. (citing Bernstein v. United States Bernstein v. United States is set of court cases brought by Daniel J. Bernstein challenging restrictions on the export of encryption software outside the United States. Dep't of State, 922 F. Supp. 1426, 1429 (N.D. Cal. 1996)). "A `key' is a stream of bits of a specified length randomly created by a computer to encrypt or decrypt a message." Id. Longer keys create more secure messages. Id. For example, "a 64-bit key is more secure than a 40-bit key." Id.
(256.) Stender, supra note 252.
(258.) See Gripman, supra note 250, at 775.
(261.) Elizabeth Lauzon, The Philip Zimmermann Investigation: The Start of the Fall of Export Restrictions on Encryption Software Under First Amendment Free Speech Issues, 48 SYRACUSE L. REV. 1307, 1318 (1998). Public-key encryption is also called an "asymmetric cryptosystem." Kaveh Ghaemian, An Internet Security Primer, GOV'T TECH., Mar. 1999, at 76.
(262.) Ghaemian, supra note 261.
(263.) See DIGITAL SIGNATURE GUIDELINES: LEGAL INFRASTRUCTURE FOR CERTIFICATION AUTHORITIES AND SECURE ELECTRONIC COMMERCE, 1996 A.B.A. SEC. SCI. & TECH., at 8 [hereinafter GUIDELINES]. There are several methods in which the signer can safeguard the private key. A particularly safe method is the use of a "cryptographic token" (a "smart card," for example). Id. at n.20.
(264.) Id. at 9.
(265.) Ghaemian, supra note 261.
(267.) Dam & Lin, supra note 249, at 53.
(268.) Taking measures to assure the validity of documents is not a new practice. Historically, the possibility of fraud has encouraged parties to transactions to memorialize me·mo·ri·al·ize
tr.v. me·mo·ri·al·ized, me·mo·ri·al·iz·ing, me·mo·ri·al·iz·es
1. To provide a memorial for; commemorate.
2. To present a memorial to; petition. their agreements in writing, dating back at least hundreds of years. For instance, in medieval England, illiteracy illiteracy, inability to meet a certain minimum criterion of reading and writing skill. Definition of Illiteracy
The exact nature of the criterion varies, so that illiteracy must be defined in each case before the term can be used in a meaningful was so common that documents were often authenticated au·then·ti·cate
tr.v. au·then·ti·cat·ed, au·then·ti·cat·ing, au·then·ti·cates
To establish the authenticity of; prove genuine: a specialist who authenticated the antique samovar. with seals rather than signatures. RESTATEMENT (SECOND) OF CONTRACTS [sections] 94, Topic 3 (1981).
(269.) Greenwood & Campbell, supra note 21, at 310.
(270.) MICROSOFT PRESS COMPUTER DICTIONARY computer dictionary - Free On-line Dictionary of Computing 145 (3d ed. 1997).
(271.) GUIDELINES, supra note 263, at 8. Cryptography is a mathematical process Noun 1. mathematical process - (mathematics) calculation by mathematical methods; "the problems at the end of the chapter demonstrated the mathematical processes involved in the derivation"; "they were learning the basic operations of arithmetic" that scrambles documents into an unintelligible form (known as encryption) and then converts them back to original form (known as decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. ). Id.
(272). Id. at 4 n.3 (citing Joseph M. Perillo, The Statute of Frauds in the Light of Functions and Dysfunctions of Form, 43 FORDHAM L. REV. 39, 48-64 (1974)) (stating that handwritten signatures constitute probative Having the effect of proof, tending to prove, or actually proving.
When a legal controversy goes to trial, the parties seek to prove their cases by the introduction of evidence. evidence in part because of the signer's handwriting style).
(273.) Id. at 4 n.5 (citing JOHN AUSTIN John Austin may refer to a:
Please help [ improve the introduction] to meet Wikipedia's layout standards. You can discuss the issue on the talk page. 939-44 (4th ed. 1873)).
(274.) Id. at 4 n.6 (citing Model Law on Electronic Commerce, United Nations Commission on International Trade Law The United Nations Commission on International Trade Law (UNCITRAL) was established by the United Nations General Assembly in 1966 "to promote the progressive harmonization and unification of the law of international trade. (UNCITRAL UNCITRAL United Nations Commission On International Trade Law ) 29th Sess., Art. 7(1), at 3, U.N. Doc. A/CN.9/XXIX/CRP. 1/Add. 13 (1996)) ("Where a law requires a signature of a person, that requirement is met in relation to a data message if: (a) a method is used to identify that person and to indicate that person's approval of the information contained in the date message....").
(275.) Id. at 4.
(276.) For further discussion, see Anthony Martin Singer, Note, Electronic Commerce: Digital Signatures and the Role of the Kansas Digital Signature Act, 37 WASHBURN L.J. 725 (1998). A digital signature provides a higher degree of security and authenticity than its handwritten counterpart because of the binding between a sender and the signed message. Randy V. Sabett, International Harmonization har·mo·nize
v. har·mo·nized, har·mo·niz·ing, har·mo·niz·es
1. To bring or come into agreement or harmony. See Synonyms at agree.
2. Music To provide harmony for (a melody). in Electronic Commerce and Electronic Date Interchange: A Proposed First Step Toward Signing On the Digital Dotted Line, 46 AM. U. L. REV. 511, 521 (1996).
(277.) GUIDELINES, supra note 263, at 13.
(278.) A. Michael Froomkin, The Essential Role of Trusted Third Parties in Electronic Commerce, 75 OR. L. REV. 49, 54 (1996).
(279.) Id. Because a digital signature uses the actual text of the message as input to the formulation of the encryption algorithm A formula used to turn ordinary data, or "plaintext," into a secret code known as "ciphertext." Each algorithm uses a string of bits known as a "key" to perform the calculations. The larger the key (the more bits), the greater the number of potential patterns can be created, thus making , the slightest alteration will prevent the message from decrypting properly. Id.
(280.) C. Edward Good, An E-mail Education. What You Don't Know Don't know (DK, DKed)
"Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. About Email Can, and Will, Hurt You, TRIAL, Feb. 1999, at 28, 35; Sabett, supra note 276, at 521. To analogize a·nal·o·gize
v. a·nal·o·gized, a·nal·o·giz·ing, a·nal·o·giz·es
To make an analogy of or concerning: analogize the human brain to a computer.
v.intr. , suppose that the parties to a contract sign their names to each and every letter on the document. Id.; see, e.g., Zion's First Nat'l Bank v. Rocky Mountain Irrigation irrigation, in agriculture, artificial watering of the land. Although used chiefly in regions with annual rainfall of less than 20 in. (51 cm), it is also used in wetter areas to grow certain crops, e.g., rice. , Inc., 795 P.2d 658 (Utah 1990); Citizens Nat'l Bank v. Morman, 398 N.E.2d 49 (III. App. Ct. 1979); Newell v. Edwards, 173 S.E.2d 504 (N.C. Ct. App. 1970) (discussing cases where parties challenged part or parts of signed documents).
(281.) See Froomkin, supra note 278. Alternatively, cases do exist where parties have altered signed documents.
(282.) DAVE BAYER ET AL., IMPROVING THE EFFICIENCY AND RELIABILITY OF DIGITAL TIME-STAMPING, in SEQUENCES II: METHODS IN COMMUNICATION, SECURITY, AND COMPUTER SCIENCE 329, 331-33 (Renato Capocelli et al. eds., 1993). A digital time stamp also provides an extra measure of security should a private key become compromised. Id.
(283.) Sabett, supra note 276 at 522. For example, imagine that two parties enter into a contract based on an offer communicated electronically. Later, the offeror attempts to repudiate by denying that an offer was made. The offeree can prove the existence of the offer by using the offeror's public key to decrypt the document. This would eliminate the possibility of repudiation, since only the offeror and his private key could have created the original encrypted message. Id.
(284.) Peter Blumberg, Judges May Soon Issue Arrest, Search Warrants Using E-Mail, L.A. DAILY J., Apr. 17, 1998, at 1.
(287.) Elizabeth Wasserman, Signing on with Digital Signatures: New Laws New Laws: see Las Casas, Bartolomé de. May Allow Computer Validation, PHOENIX GAZ GAZ Gazette
GAZ Gorkovsky Avtomobilny Zavod (Gorky) ., Aug. 29, 1995, at Al.
(288.) Greenwood & Campbell, supra note 21, at 314.
(289.) Id. The resulting message digest, also called a "hash result" or "hash value The fixed-length result of a one-way hash function. See hash function and hash total. ," is unique to each digitally signed message. GUIDELINES, supra note 263, at 9.
(290.) Greenwood & Campbell, supra note 269, at 314.
(291.) GUIDELINES, supra note 263, at 9 n.25. See also Greenwood & Campbell, supra note 21, at 314 (stating that if anyone alters a message while it is in transit over the Internet, a different message digest will result).
(292.) "Private key" describes the mathematical algorithm which creates the actual digital signature. Greenwood & Campbell, supra note 21, at 314. Situations may arise where a private key is compromised and forgery becomes possible. GUIDELINES, supra note 263, at 81 n.20. The ABA seeks to resolve this threat by establishing safeguards. Id. First, subscribers with private keys must conform to Verb 1. conform to - satisfy a condition or restriction; "Does this paper meet the requirements for the degree?"
coordinate - be co-ordinated; "These activities coordinate well" a duty of care with respect to the key's safekeeping Safekeeping
The storage of assets or other items of value in a protected area.
Individuals may use self-directed methods of safekeeping or the services of a bank or brokerage firm. to ensure that the key remains confidential. Id. Second, if a key is compromised subscribers must distinguish themselves from the keys by suspending or revoking the certificates and then informing others of the compromise by disclosing the revocation in a `certificate revocation list In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied on by any system user. ,' or CRL CRL - Carnegie Representation Language.
Carnegie Group, Inc. Frame language derived from SRL. Written in Common LISP. Used in the product Knowledge Craft. ." Id. Other methods that will help to ensure a document's integrity include dating certificates when issued and limiting periods of validity. Froomkin, supra note 278, at 61. The certificate should give explicit reference See explicit link. to the CRL, insisting that it be checked regularly. Id. Individual receivers might decide to accept certificates issued in the last few days, or will have to determine which Certification authorities are the most reputable and trustworthy. Id. Certification authorities are required to use trustworthy systems to perform their services. GUIDELINES, supra note 263, [sections] 3.1; WASH. REV. CODE ANN. [sections] 19.34.100(1)(C) (2000). To ensure that all statutory guidelines are followed closely, both Washington and Utah require that a certified public accountant Certified Public Accountant (CPA)
An accountant who has met certain standards, including experience, age, and licensing, and passed exams in a particular state. with expertise in computer security audit each cybernotary's operations at least once per year. Id.; UTAH CODE ANN. [sections] 46-3-202 (2000).
(293). See Greenwood & Campbell, supra note 21, at 314.
(295.) Id. "Public key" describes the mathematical algorithm which verifies the sender's signature. GUIDELINES, supra note 263. The public key can be stored in some type of repository or even on a web site where it can be easily accessed by the party wishing to verify the signature. Id.
(296.) Greenwood & Campbell, supra note 21, at 314.
(299.) Froomkin, supra note 278, at 58. One such service provider is a company called VeriSign, Inc. VeriSign provides digital certificates of varying types, from the "Class 1" certificate for casual web and e-mail use to the ultra-secure "Class 4," issued only after a thorough investigation. Id.
(300.) ABA, 38 JURIMETRICS J. 243,253 (1998); Froomkin, supra note 278, at 55.
(301.) "A certificate is a digitally signed statement by a certification authority that provides independent confirmation of an attribute claimed by a person proffering a digital signature." Froomkin, supra note 278, at 58. A certificate must (1) include the identification and digital signature of the certification authority, (2) include the identity of the subscriber, (3) identify the certificate's valid operational period, and (4) provide the subscriber's public key. GUIDELINES, supra note 263, [sections] 1.5.
(302.) Jane Kaufman Winn, Open Systems, Free Markets, and Regulation of Internet Commerce, 72 TUL. L. REV. 1177, 1202 (1998).
(304.) R.J. Robertson, Jr., Electronic Commerce on the Internet and the Statute of Frauds, 49 S.C.L. REV 787 (1998).
(305.) Victoria Sling-Flor, Legal Locksmith: Moving into Cyberspace As Notaries, The Need to Authenticate Electronic Documents Is a New Frontier New Frontier
President John F. Kennedy’s legislative program, encompassing such areas as civil rights, the economy, and foreign relations. [Am. Hist.: WB, K:212]
See : Aid, Governmental for Attorneys, NAT'L L.J., Dec. 18, 1995, at Al. The author predicts that certification authorities "will play an essential role in the digital communications Transmitting text, voice and video in binary form. See communications. process ... [since] the cryptographic system relies upon an impartial third party to verify the authenticity of electronic transactions." Michael L. Closen & R. Jason Richards Jason Richards (born April 10, 1976 in Nelson, New Zealand) is a V8 Supercar racecar driver. Early career
Richards started his motor racing career at the age of eight in 1985, driving in karting events in his home country of New Zealand. ,
Notaries Public--Lost In Cyberspace, or Key Business Professionals of the Future?, 15 J. MARSHALL J. COMPUTER & INFO. L. 703,739 (1997).
(306.) See MODEL RULES, supra note 180, R. 1.16 (1981) (restricting attorney withdrawal in circumstances where it could have a "material adverse effect on the interests of the client").
(307.) GUIDELINES, supra note 263, [sections] 3.13
(309.) Michael L. Closen & Thomas W. Mulcahy, Conflicts of Interest In Document Authentication by Attorney-Notaries In Illinois, 87 ILL. B.J., June 1999, at 320, 324-25. Note, however, that the authors, Mr. Closen and Mr. Mulchahy, contend that because the ABA's rules do not prohibit attorneys from notarizing documents they themselves have created, the ABA's position allows for serious conflicts of interest. Id.
(310.) See generally GUIDELINES, supra note 263.
(311.) Id. at 18 (Introduction).
(312.) See generally id.
(313.) McBride Baker & Cole, The Federal E-Sign Law: Why It Was Passed--What Does It Mean, at http://www.mbc.com/news/Article.asp?PublD= 143381052000 (July 15, 2000) [hereinafter McBride Baker & Cole] (discussing the Electronic Signatures in Global and National Commerce Act (E-Sign), Pub. L. No. 106-229 (codified at 15 U.S.C. [subsections] 7001-7031 (Supp. 2000)).
(314.) Id.; see also Larry Zanger, The Federal E-Sign Law: The Electronic Signatures in Global and National Commerce Act, at http://www.mbc. com/news/Article.asp?PublD= 19553210112000 (last visited Nov. 16, 2000).
(315.) McBride Baker & Cole, supra note 313.
(316.) 5 ILL. Comp. STAT. ANN. 175/1-101 (West 1998).
(317.) R.J. Robertson, Jr., & Thomas J. Smedinghoff, Illinois Law Enters Cyberspace: The Electronic Commerce Security Act, ILL. B.J. 308, 309 (June 1999).
(319.) Id. at 309-10 (footnotes omitted); see also 5 ILL. COMP. STAT. ANN. 175/505, -115(a); Illinois Attorney Jim Ryan's Commission on Electronic Commerce and Crime, Final Report of the Commission on Electronic Commerce and Crime (Jan. 16, 1998).
(320.) 5 ILL. COMP. STAT. ANN. 175/5-120(a).
(321.) Id. at 175/5-115 ("Where a rule of law requires information to be `written' or `in writing,' or provides for certain consequences if it is not, an electronic record satisfies that rule or law."); Id. at 5 ILL. COMP. STAT. ANN. 175/5-120 ("Where a rule of law requires a signature, or provides for certain consequences if a document is not signed, an electronic signature satisfies that rule of law."). See generally GUIDELINES, supra note 263 at 89.
(322.) 5 ILL. COMP. STAT. ANN. 175/5-125 ("Where a rule of law requires information to be presented or retained in its original form, or provides consequences for the information not being presented or retained in its original form, that rule is satisfied by an electronic record if there exists reliable assurance as to [its] integrity ...."); see also id. at 175/5-130 (stating that courts shall not deem documents inadmissible simply because they are in electronic form nor because it is not an original or in its original form); see generally GUIDELINES, supra note 263, at 82-83.
(323.) 5 ILL. COME. STAT. ANN. 175/10-105 (b)(1)(2) (defining a "qualified security procedure" as one that has been "previously agreed to by the parties," or alternatively, one that is certified by the state).
(324.) Id. at 175/10-110 (a)(1)(2)(3).
(325.) Id. at 175/10-120 (a)(b).
(326.) GUIDELINES, supra note 263, at 856.
(328.) For further discussion, see Michael Trittipo, E-mail, Evidence, Ethics, & Encryption, ABA TECHNOLOGY & PRACTICE GUIDE, at 36-40 (1998).
(329.) ABA Comm. on Ethics and Prof'l Responsibility, Formal Op. 99-413 (1999), available at http://www, abanet.org/cpr/fo99-413.htm.
(330.) In re Horowitz, 482 F.2d 72, 81 (2d Cir. 1973) (stating that the attorney-client privilege "is to be strictly confined with the narrowest possible limits consistent with the logic of its principle").
(331.) Iowa Sup. Ct. Bd. of Prof'l Ethics and Conduct, Formal Op. 95-30 (1996), available a http://www, legalethics.com/ethics.law?state=Iowa#opinion.
(332.) Iowa Sup. Ct. Bd. of Prof'l Ethics and Conduct, Formal Op. 96-1 (1996).
(333.) Iowa Sup. Ct. Bd. of Prof'l Ethics and Conduct, Formal Op. 97-1 (1997).
(336.) Pennsylvania Bar Ass'n Comm. on Legal Ethics and Prof'l Responsibility, Informal Op. 97-130 (1997).
(337.) North Carolina State Bar Ethics, Op. RPC (Remote Procedure Call) A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program, which is executed, and results are passed back to the calling 215 (1995).
(339.) South Carolina Bar Ethics Advisory Comm., Op. 97-08 (1997), available at http://www.scbar.org/scbar/reference/EthicsOpinions/ethics.stm.
(341.) Illinois State Bar Ass'n Advisory Op. on Prof'l Conduct No. 96-10 (1997).
(345.) District of Columbia Bar's Legal Ethics Comm. Op. No. 281 (1997).
(347.) See e.g., Kentucky Bar Ass's Comm. on Ethics, Op. E-403 (1998), available at http://uky, edu/Law/Kyethics/opinions/kba403.htm (last visited Nov. 12, 2000); Vermont Advisory Ethics Op. 97-5 (1997), available at http://www.vtbar.org/AdvisoryEthicsOpinions/1997/97-05.htm (last visited Nov. 12, 2000); New York State Bar Ass'n Comm. On Prof'l Ethics Op. 709 (1998), available at http://www.nysba.org/opinions/Opinion709.html; State Bar Ass'n of North Dakota Ethics Comm., Formal Op. 97-09 (1997).
(348.) Unlike conventional communications forms, e-mail addresses do not contain a city, state, zip code zip code
System of postal-zone codes (zip stands for “zone improvement plan”) introduced in the U.S. in 1963 to improve mail delivery and exploit electronic reading and sorting capabilities. or area code indicating the recipient's location.
(349.) S.C. Bar Ethics Advisory Op., supra note 339.
(350.) See supra notes 51-110 and accompanying text.
(351.) See, e.g., First Nat'l Bank v. Malpractice Research, Inc., 688 N.E.2d 1179, 1185 (III. 1997).
(352.) See id.
(353.) Small Law Firm Technology Survey: 1998 Survey Report, ABA LEGAL TECHNOLOGY RESOURCE CENTER (1998).
(356.) Large Law Firm Technology Survey: 1998 Survey Report, ABA LEGAL TECHNOLOGY RESOURCE CENTER 54, 55 (1998).
(357.) See Protecting the Confidentiality of Unencrypted E-mail, ABA Comm. on Ethics and Prof'l Responsibility, Formal Op. 99413 (1999) ("The committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy.")
(358.) See, e.g., id. (opining o·pine
v. o·pined, o·pin·ing, o·pines
To state as an opinion.
To express an opinion: opined on the defendant's testimony. that e-mail is a technologically secure form of communication).
(359.) See supra notes 51-110 and accompanying text.
(360.) Barry D. Bayer & Benjamin H. Cohen cohen
(Hebrew: “priest”) Jewish priest descended from Zadok (a descendant of Aaron), priest at the First Temple of Jerusalem. The biblical priesthood was hereditary and male. , Inexpensive, Easy Routes to Encrypted E-mail, CHI. DAILY L. BULL., May 10, 2000, at 2.
(361.) See supra notes 238-247 and accompanying text.
(362.) Bayer, supra note 360, at 2.
(364.) ABA Comm. on Ethics and Prof'l Responsibility, supra note 345, at 2.
(365.) See supra notes 238-247 and accompanying text.
(366.) Certifiedmail.com, Secure One-Click Email, at http://www.certifiedmail.com/Default.asp?bhcd2=972009229 (last visited Nov. 12, 2000).
(368.) What is ZixMail, at http://www.zixmail.comwhatis.html (last visited Nov. 12, 2000).
(369.) See id.
(370.) At one point, not so long ago, lawyers and support staff commonly typed documents on typewriters. Often, the desire to make corrections or additions meant that the entire document would need to be retyped. Today, any attorney or law firm using a typewriter in such a way would arguably ar·gu·a·ble
1. Open to argument: an arguable question, still unresolved.
2. That can be argued plausibly; defensible in argument: three arguable points of law. be violating the rule that attorneys must expedite litigation. Conceivably, in twenty years TWENTY YEARS. The lapse of twenty years raises a presumption of certain facts, and after such a time, the party against whom the presumption has been raised, will be required to prove a negative to establish his rights.
2. , a lawyer filing documents through the mail when he or she could file them electronically may face ethical problems.
JOHN CHRISTOPHER ANDERSON(*)
(*) The author received his J.D. from The John Marshall School of Law where he was a Law Review Editor. Currently, he is a clerk in the Illinois Appellate Court The Illinois Appellate Court is the court of first appeal for cases arising in the trial courts of the state of Illinois.
The court has 54 judges serving five separate districts. . He has lectured law students and attorneys on the use of digital signatures. The views expressed in this Article are his own. His previous publications include: John Anderson John Anderson may be:
electromagnetic pulse . L. 463 (2000); John Anderson & Michael Closen, Document Authentication in Electronic Commerce: The Misleading Notary Public Analog, 17 J. MARSHALL J. COMP. & INFO. L. 883 (1999).