By Mark David Blum, Esq.
Cloud computing appears to be the direction in which the internet, communications, data storage, and information transfer is headed. As I understand and define it, ‘cloud computing’ is where information is held at a central location and can be accessed from any location by a designated user. Google and Boxnet are but two of the giants emerging in this new transition. Imagine no longer having to store documents on a computer hard drive in your home or office but instead have them sitting on a Google server available to you anytime and in a variety of media whether you are home, at work, or at sea. You don’t need a computer; even a smart phone or Ipad could gain access to cloud stored documents.
Cloud computing does have its upside. There is ease of access, better customer service, and a reduction in the amount of hardware or machinery a person has to have. It makes teamwork easier and provides avenues for access to information and communication never before heretofore even considered.
Many people are already using cloud computing and don’t even know it. If you have an email address from Hotmail, Yahoo, Gmail, or AOL, then your emails are in the clouds. You do not have possession of those communications as you would if your email program was Microsoft’s Outlook. Users of the former services at best, have a copy of their emails while the actual document sits on a stranger’s server. You do not own your emails or attachments; they do. If you close your Hotmail, Yahoo, Gmail, or AOL account, all emails thereon will evaporate into the ether and be gone to you forever.
As a person with my own idiosyncrasies, I don’t like the idea of cloud computing. Perhaps I am just an old man resisting a change from horse and buggy to automobile. To me, having actual possession and control over my documents and communications is very important. It is mine, I want it, and nobody else can have it unless I choose.
As a lawyer, however, the problem is more than just an old man stuck in his old ways. New York’s Code of Professional Responsibility for Lawyers, Disciplinary Rule 4-101(D) states that, “a lawyer shall exercise reasonable care to prevent his or her employees, associates, and others whose services are utilized by the lawyer from disclosing or using confidences or secrets of a client.” Ethical considerations for this Rule identify (EC 4-2) how, “it is a matter of common knowledge that the normal operation of a law office exposes confidential professional information to nonlawyer employees of the office, particularly secretaries and those having access to the files; and this obligates a lawyer to exercise care in selecting and training employees so that the sanctity of all confidences and secrets of clients may be preserved”, (EC 4-3) recognizes that certain information of the client will be disclosed provided the lawyer, “exercises due care in the selection of the agency and warns the agency that the information must be kept confidential.”
The above mentioned obligations raise ethical questions for me about the use of cloud computing. Putting confidential attorney client communications and privileged documents on an offsite server raises a host of dangers. First and foremost, the attorney has no control over the security or privacy policies of the host. While the disciplinary rules obligate the attorney to use due care and to warn the agency, somehow I doubt that Yahoo, Hotmail, Boxnet, or AOL are going to heed any warnings an attorney may issue.
Secondly, there is great danger in leaving privileged and sensitive materials offsite and away from the attorney’s control. Servers can crash, data can be lost, and client’s rights can be jeopardized by failed delivery or lost information. For example, in federal court using the ECF system; if papers are filed by an opponent and the email provider fails in notifying of the filing, the attorney does not know his client’s rights are in jeopardy. Also, anybody with access to the server company could be reading your documents and emails. Police could be reading the contents. Hackers also can be reading the contents. There is just too much risk of lost, stolen, and snooped upon information that an attorney should avoid using a cloud based system.
It just seems to a far better business practice and more in line with the ethical obligations of an attorney to have actual possession of all documents and communications involving a client. Leaving it on a remote cloud server is akin to leaving a file cabinet outside your office. It is an open invitation to troublemaking and snooping.
If the client’s best interest are paramount, then it would be in the attorney’s best interest to avoid cloud computing and engage other programs that provide similar results without the inherent risks. This is not about ice cream castles in the air. It is a real issue and will move more and more to front as technology evolves. Don’t be the one who laments about the things that could have been done but the cloud got in your way.