 |
NEW YORK STATE BAR ASSOCIATION
Committee on Professional Ethics
Opinion #782 – 12/08/2004
|
Topic: E-mailing
documents that may contain hidden data reflecting client confidences and
secrets.
|
|
Digest: Lawyers must
exercise reasonable care to prevent the disclosure of confidences and
secrets contained in “metadata” in documents they transmit
electronically to opposing counsel or other third parties.
|
|
Code: DR 1-102(A)(5), 4-101(B), (C), (D); EC 4-5.
|
QUESTION
DR 4-101(B) states that a lawyer shall not
“knowingly” reveal a confidence or secret of a
client. Does a lawyer who transmits
documents that contain “metadata” reflecting client
confidences or secrets violate DR 4-101(B)?
OPINION
Word-processing software commonly used by lawyers,
such as Microsoft Word and Corel WordPerfect, include features that
permit recipients of documents transmitted by e-mail to view
“metadata,” which may be loosely defined as data hidden in
documents that is generated during the course of creating and editing
such documents. It may include
fragments of data from files that were previously deleted, overwritten
or worked on simultaneously.[1] Metadata may reveal the persons who worked on a document, the
name of the organization in which it was created or worked on,
information concerning prior versions of the document, recent revisions
of the document, and comments inserted in the document in the drafting
or editing process. The hidden text may
reflect editorial comments, strategy considerations, legal issues raised
by the client or the lawyer, legal advice provided by the lawyer, and
other information.[2] Not all of this information is a confidence or secret, but it
may, in many circumstances, reveal information that is either privileged
or the disclosure of which would be detrimental or embarrassing to the
client. See DR 4-101. For example, a
lawyer may transmit a document by e-mail to someone other than the
client without realizing that the recipient is able to view prior edits
and comments to the document that would be protected as privileged
attorney-client communications. Or,
more dramatically, a prosecutor using a cooperation agreement signed by
one confidential witness may use the agreement as a template in drafting
the agreement for another confidential witness. The second document’s metadata could contain the name of
the original cooperating witness, and if e-mailed, could expose that
witness to extreme risks.
The Lawyer’s Code of Professional Responsibility
(the "Code") prohibits lawyers from “knowingly” revealing a
client confidence or secret, DR 4-101(B)(1), except when permitted under
one of five exceptions enumerated in DR
4-101(C). DR 4-101(D) states that a
lawyer “shall exercise reasonable care to prevent his or her
employees, associates, and others whose services are utilized by the
lawyer from disclosing or using confidences or secrets of a
client.” See
also EC 4-5 (“Care should be
exercised by a lawyer to prevent the disclosure of the confidences and
secrets of one client to another”). Similarly, a lawyer who uses technology to communicate with
clients must use reasonable care with respect to such communication, and
therefore must assess the risks attendant to the use of that technology
and determine if the mode of transmission is appropriate under the
circumstances. See N.Y. State 709 (1998) (“an attorney must use reasonable
care to protect confidences and secrets”); N.Y. City 94-11 (lawyer
must take reasonable steps to secure client confidences or
secrets).
When a lawyer sends a document by e-mail, as with any
other type of communication, a lawyer must exercise reasonable care to
ensure that he or she does not inadvertently disclose his or her
client’s confidential information. What constitutes reasonable care will vary with the
circumstances, including the subject matter of the document, whether the
document was based on a “template” used in another matter
for another client, whether there have been multiple drafts of the
document with comments from multiple sources, whether the client has
commented on the document, and the identity of the intended recipients
of the document. Reasonable care may,
in some circumstances, call for the lawyer to stay abreast of
technological advances and the potential risks in transmission in order
to make an appropriate decision with respect to the mode of
transmission. See N.Y. State 709 (1998).[3]
Lawyer-recipients also have an obligation not to
exploit an inadvertent or unauthorized transmission of client
confidences or secrets. In N.Y. State
749, we concluded that the use of computer technology to access client
confidences and secrets revealed in metadata constitutes “an
impermissible intrusion on the attorney-client relationship in violation
of the Code.” N.Y. State 749
(2003). See also N.Y. State 700 (1997) (improper for a lawyer to exploit an
unauthorized communication of confidential information because doing so
would constitute conduct “involving dishonesty, fraud, deceit or
misrepresentation” and “prejudicial to the administration of
justice” in violation of DR 1-102(A)(4) and DR 1-102(A)(5),
respectively).[4]
CONCLUSION
Lawyers have a duty under DR 4-101 to use reasonable
care when transmitting documents by e-mail to prevent the disclosure of
metadata containing client confidences or secrets.
(1-04)
[1] David Hricik and Robert R. Jueneman, “The Transmission
and Receipt of Invisible Confidential Information,” 15 The
Professional Lawyer No. 1, p. 18 (Spring 2004); Mark Ward, “The
hidden dangers of documents,” BBC News World Edition, August 18,
2003, at http://news.bbc.co.uk/2/hi /technology/3154479.stm;
“Barry MacDonnell’s Toolbox for WordPerfect for Windows
– Macros, Tips, and Templates;” February 5, 2004 , at http://home.earthlink.net/~wptoolbox?Tips/UndoRedo.html.
[2] “How To: Minimize
Metadata in Microsoft Word 2002 Documents,” at http://support.
microsoft.com/?kbid=237361; “How To: Minimize Metadata in Microsoft Word 2000 Documents,” at
http://support.microsoft.com/?kbid=237361. Most Word document files contain a revision log listing the
last 10 edits of a document, and identifying the names of the people who
worked on the document and the names of the files in which the data was
saved. Richard M. Smith,
“Microsoft Word bytes Tony Blair in the butt,” June 30,
2003, at http://www.computerbytesman.com/privacy/blair.htm (describing
how the British government was embarrassed in February 2003 when 10
Downing Street published a dossier on Iraq’s security and
intelligence organizations and posted it as a Microsoft Word document on
their Web site, which through its metadata revealed the identities of
the four civil servants who worked on the document as well as various
other documents that contained the same
information). Similarly, WordPerfect
documents may contain information text that had been cut, copied or
deleted, as well as the drafter’s username, the drafter’s
initials, the company or organization name, the name of the computer,
embedded objects, comments, and other file properties and summary
information. “Barry
MacDonnell’s Toolbox for WordPerfect for Windows – Macros,
Tips, and Templates,” February 5, 2004, at
http://home.earthlink.net/~wptoolbox?Tips/UndoRedo.html.
[3] Some commentators have
suggested that a lawyer has an affirmative duty to remove metadata
whenever documents are exchanged with opposing counsel or disclosed to
the public. See,
e.g., David Hricik & Robert R. Jueneman,
The Transmission and Receipt of Invisible Confidential Information, 15
The Professional Lawyer no. 1, p. 18 (Spring 2004) (“To comply
with their duty of confidentiality, lawyers should take steps to remove
metadata from documents exchanged with opposing counsel or disclosed to
the public”). While exercising
reasonable care under DR 4-101 may, in certain circumstances, require
the lawyer to remove metadata (for example, where the lawyer knows that
the metadata reflects client confidences and secrets, or that the
document is being sent to an aggressive and technologically savvy
adversary), in general the level of care required varies with the
particular circumstances of the transmission.
[4] Unlike lawyers, non-lawyer recipients of documents containing
hidden text have no obligation imposed by the Code to avoid uncovering
and exploiting information contained in an e-mailed document's
metadata.
Related Files
Opinion 782 (Adobe PDF File)
|
