New York State Bar Association
Committee on Professional Ethics
Opinion #820 - 02/08/2008
Topic: Use of e-mail service provider that scans e-mails for advertising purposes.
Digest: A lawyer may use an e-mail service provider that conducts computer scans of e-mails to generate computer advertising, where the e-mails are not reviewed by or provided to human beings other than the sender and recipient.
Code: DR 4-101; EC 4-3.
May a lawyer use an e-mail service provider that scans e-mails by computer for keywords and then sends or displays instantaneously (to the side of the e-mails in question) computer-generated advertisements to users of the service based on the e-mail communications?
Our starting point is N.Y. State 709 (1998), which addressed the use of Internet e-mail. We concluded based on developing experience that there is a reasonable expectation that e-mails will be as private as other forms of telecommunication and that therefore, under DR 4-101,a lawyer ordinarily may utilize unencrypted e-mail to transmit confidential information. We also noted, however, that a lawyer may not transmit client confidences by e-mail where there is a heightened risk of interception, and that "[a] lawyer who uses Internet e-mail must also stay abreast of this evolving technology to assess any changes in the likelihood of interception as well as the availability of improved technologies that may reduce such risks at reasonable cost."
In recent years, some e-mail providers have offered free or low-cost e-mail services in which, in exchange for providing the user with e-mail services - sending and receiving e-mail and providing storage on the provider's servers - the provider's computers scan e-mails and send or display targeted advertising to the user of the service. The e-mail provider identifies the presumed interests of the service's user by scanning for keywords in e-mails opened by the user. The provider's computers then send advertising that reflects the keywords in the e-mail. As an example, an e-mail that referred to travel to a particular locale might be accompanied by an advertisement for travel service providers in that locale.
Under the particular e-mail provider's published privacy policies, no individuals other than e-mail senders and recipients read the e-mail messages, are otherwise privy to their content or receive targeted advertisements from the service provider. Consequently, when the e-mail service provider sends or generates instantaneous computer-generated advertising based on computer scans of the lawyer's e-mails with clients, the risks posed to client confidentiality are not meaningfully different from the risks in using other e-mail service providers that do not employ this practice. We conclude, therefore, that the obligation to preserve client confidentiality does not preclude using such a service.
We would reach the opposite conclusion if the e-mails were reviewed by human beings or if the service provider reserved the right to disclose the e-mails or the substance of the communications to third parties without the sender's permission (or a lawful judicial order). Merely scanning the content of e-mails by computer to generate computer advertising, however, does not pose a threat to client confidentiality, because the practice does not increase the risk of others obtaining knowledge of the e-mails or access to the e-mails' content. A lawyer must exercise due care in selecting an e-mail service provider to ensure that its policies and stated practices protect client confidentiality. Unless the lawyer learns information suggesting that the provider is materially departing from conventional privacy policies or is using the information it obtains by computer-scanning of e-mails for a purpose that, unlike computer-generated advertising, puts confidentiality at risk, the use of such e-mail services comports with DR 4-101.
A lawyer may use an e-mail service provider that conducts computer scans of e-mails to generate computer advertising, where the e-mails are not reviewed by or provided to other individuals.
 Under DR 4?101 of the New York Lawyer's Code of Professional Responsibility, lawyers are required to preserve the confidences and secrets of their clients, subject to certain exceptions, and to exercise reasonable care to prevent their employees, associates and others whose services they utilize from disclosing such confidences and secrets.
 DR 4-101(B)(3) of the New York Code provides that a lawyer may not "knowingly . . . [u]se a confidence or secret of a client for the advantage of the lawyer or of a third person, unless the client consents after full disclosure." It might be argued that, under the literal text of this provision, using such an e-mail provider would constitute improper "use" of a client's confidences or secrets for the benefit of a third party -- namely, the e-mail service provider that sells the advertising. We do not believe that the incidental "use" here, or the benefits derived therefrom, are within the contemplation of the rule anymore than the profits earned by other providers of services to lawyers, such as litigation support companies, which handle or are exposed to client confidences. See EC 4?3 (quoted below). We note as well that the advertisements go only to e-mail recipients who are themselves users of the e-mail service provider and presumably chose to receive the advertising. The use therefore also does not "disadvantage" clients within the meaning of DR 4-101(B)(2) by subjecting them to "junk mail" that the clients have not elected to receive.
 Cf. EC 4?3 ("Unless the client otherwise directs, it is not improper for a lawyer to give limited information to an outside agency necessary for statistical, bookkeeping, accounting, data processing, banking, printing, or other legitimate purposes, provided the lawyer exercises due care in the selection of the agency and warns the agency that the information must be kept confidential.").
Related Filesuse of e-mail service provider that scans e-mails for advertising purposes.