The recent confirmation that the US government, through the NSA’s PRISM surveillance, collects massive amounts of electronic data is really only the tip of the iceburg when viewed in light of all of the potential exposure email has to unauthorized access. From hackers to governments to law enforcement to targeted espionage to identity thieves, there are many who may want to access and view your email and its attachments.
Depending on the type of client you represent and the work you do unencrypted email exchange may not provide enough protection for confidential communication. The ABA’s formal opinion from 1999 on email encryption (99-413) generally allows for use of email to communicate with clients, but also provides the caveat that “when the lawyer reasonably believes that confidential client information being transmitted is so highly sensitive that extraordinary measures to protect the transmission are warranted, the lawyer should consult the client as to whether another mode of transmission is, such as special messenger delivery, is warranted..”
Much has changed since 1999. Commentary in the opinion states: “[t]he Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. ” Read in light of the known, legal interception of email transmission by the government and the increased use of webmail services that offer free service in exchange for access to the text of the email is it still reasonable to rely on an expectation of privacy and legal protection of email transmissions?
There are a variety of ways to encrypt email communications. For large firms working with corporate clients, firms representing governments, lawyers representing political prisoners and other circumstances may require an end to end encryption solution such as PGP to be set up and used by both parties. Once in place the process is relatively seamless. Lifehacker provides a great guide on end to end encryption for email clients and webmail..
However, lawyers who work with consumer clients including estate planning, family law, bankruptcy, criminal, real estate, civil rights etc. may not have a long term relationship with their clients or have the level of sensitivity in the communication that warrants a long term encryption key exchange. For those situations attorneys can still encrypt email on a short term or case by case basis by using some of the “on demand” email encryption options available. These tools are often free for limited use and while they do not provide the level of protection afforded by traditional email encryption they do provide some peace of mind. The article Easy Encryption for Email is Not an Oxymoron provides information on three such services that employ different models for protection. To see these easy encryption options in action check out the How To… video from the Chicago Bar Association’s LPMT.