Attorney Confidentiality in Cloud Computing

No Trespassing Banners May Be Effective

Are attorney records stored in the cloud accorded confidentiality by law?

I don’t have the final answer to that question, but I do have some ideas to promote confidentiality.

The confidentiality of attorney records is normally based on two legal doctrines – attorney-client privilege and attorney work product.

Evidence That Maybe Attorney Records Are Not Being Accorded Confidentiality

Five recent developments raise questions about the confidentiality of the digital records belonging to lawyers.

  • Item One: According to rumor, national intelligence agencies have tapped into law firm records and communications.  Allegedly a document leaked by Edward Snowden shows that the Australian Signals Directorate, in cooperation with the US National Security Agency, spied on a US law firm (rumored to be Mayer Brown) that was advising the government of Indonesia in trade negotiations.   Allegedly government received legal advice in support of its spying on the firm.*
  • Item Two: FBI has informed some US law firms that they have been hacked by bad guys. Some have speculated that the reason the US government possesses this knowledge is that the US government itself was also spying on the law firms.*
  • Item Three: A whiff of uncertainty has emerged about whether lawyers are wise to store records in the cloud. One school of thought argues that the cloud provider is a third party (that is, not the lawyer and not the client). This school argues that by placing the records in the hands of the third party, and arguably allowing the third party to monitor the records in some way, the lawyer has waived confidentiality rights.
  • Item Four: Microsoft -- the cloud service provider for Hotmail (a.k.a. -- surreptitiously searched the contents of a Hotmail account belonging an independent blogger who did not work for Microsoft. Microsoft did not see prior approval from a court or other government authority. Microsoft believed its action as service provider was justified by evidence that the blogger's Hotmail account was connected with infringement of Microsoft's intellectual property.
  • Item Five: British spies believe they have legal authority to inspect confidential lawyer records and communications.
attorney-client privilege
Human Rights

Can Banners Effectively Increase Confidentiality?

Given these presumably disturbing developments, is there anything lawyers can do?  I propose lawyers mark their records with banners and notices of confidentiality.

It is inexpensive to post legal banners and notices to assert zones of confidentiality.  Although there is no guarantee that law will respect banners and notices, there is no guarantee that it will not respect them. So I publicly publish the following declaration on my OneDrive page. (OneDrive is a Microsoft cloud computing service for storing files.)

Publish This Claim With Cloud-Stored Records


Benjamin Wright is licensed as an attorney. Some of Mr. Wright's non-public records stored in the cloud are subject to confidentiality protections associated with attorney work and communications. The laws of many countries recognize such protections. Wright insists that you recognize those protections with respect to his records and communication.

Video Version May Carry More Rhetorical Weight

On my OneDrive account I publicly publish a video version of the same claim.

Post this Notice at Data Center

What could the owner of a cloud or hosting service do to bolster the legal protections afforded to lawyer or client data stored in the service?  One idea is to post a legal notice.

Below is a notice that could be posted physically at the service’s data center and on administrative log-on screens connecting to the center. One of the goals of this notice is to persuade any American authority that it should, under American law and policy, respect the property and privacy rights associated with the data. This effort in persuasion might apply, for example, to

  • a court-issued subpoena
  • a duly-authorized tax summons
  • a physical police raid 
  • a surreptitious online government break-in

[begin notice]

This data center hosts data that is the property of other organizations.  Most of this data is sensitive.   Much of it is protected by privileges associated with attorney work on behalf of clients.  Much of it relates to private, personally-identifiable information about individuals.  The laws of United States and the laws of many other countries respect rights and privileges related to property, attorney work and individual privacy.

The United States observes the rule of law. As evidenced by the US Constitution and many other American laws, privacy is a fundamental human right in the United States.

Mismanagement of the data in this data center can cause great damage.  Anyone – including a government official – tampering with or hindering the lawful use of this data is advised to act with care and diligence. 

Anyone who, by legal authority, seeks to access or impede data in this center is advised that through the use of skill and diligence, his or her lawful mission can be accomplished without infringing the rights of bystanders, such as non-involved customers and individuals.
[end notice]

A law firm might post similar notices on its internal computers.

Dear reader: what do you think about this topic?

By: Benjamin Wright

*Footnote: I don't know beans about what national intelligence agencies do or don't do. I am not passing judgment on any particular event. But modern developments in technology and surveillance do justify a larger discussion of confidentiality law.

Postscript: The form legal language I publish above is not copyrighted. It is just form legal boilerplate based on stock legal verbiage. It is worthy of public use and discussion. Anyone may use it. But if you need legal advice or services, you should hire a lawyer.

No comments:

Post a Comment