Practical Advice on Navigating The Perils of Mobility

By Monica Bay, Fellow, The Stanford Center for Legal Informatics (CodeX)

After a daylong conference about the risks that lawyers who use mobile devices face, it wouldn’t be surprising if the packed audience at the University of Richmond School of Law destroyed their smartphones and restricted their legal communications to pen and paper.

The Feb. 28th symposium, “Who’s Looking at Your Mobile Device,” presented by the law school’s Journal of Law and Technology, provided practical advice for how lawyers can meet their ethical obligation to protect confidential client information in a digital era.

BYOD Risks.

Sharon Nelson and John Simek (president and vice president of Sensei Enterprises Inc.) dove into the nuances of BYOD—bring your own device—addressing the challenges facing law firms, corporate counsel and lawyers alike. A key issue, they noted, is that young lawyers will simply ignore any rules designed to restrict business work on personal phones. ( And recent news reports revealed that ignoring policies happens even in the top levels of the U.S. government .)

Nelson, who is the immediate past president of the Virginia State Bar , noted that the American Bar Association’s 2014 Legal Technology Survey found that lawyers have fully embraced mobile technology. A sweeping 91% of responders, out of 5,029 lawyers surveyed, reported using a smartphone for law-related tasks when away from their primary workplace. And 67% use iPhones; the once-beloved BlackBerry has dropped to a mere 7%.

Laptops remain popular for off-site work, with 84%. Tablets, she noted, are also on the rise: 49% of respondents use them when out of the office, the ABA learned. A whopping 84% use iPads.

Nelson and Simek reviewed the ethical implications of all this mobility, addressing rules, common law, contracts, and other laws and regulations. They urged attendees to learn and follow the ABA’s Model Rules of Professional Conduct (adopted by almost all states) regarding Rules 1.1 (competence), 1.6 (confidentiality), 1.4 (communication) and 5.1, 5.2, and 5.3 (supervision).

They also pointed out the important comment that was adapted in August, regarding Rule 1.1, adding new language that states that “...a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with technology...”

The pair outlined some “reasonable measures” to protect client data, as addressed in Rule 1.6 Comment 18:

• Be aware of the sensitivity of the information. • The likelihood of disclosure if safeguards are not employed. • The cost of using additional safeguards and the difficult of implementing them. • The adverse effect on your ability to represent clients. • Does your client require more? • A client may give informed consent to less.

Security Threats.

Like Nelson and Simek, many of the day’s panelists outlined some of the increasing security threats—everything from disgruntled insiders, to hackers, to government surveillance.

For example, Austin lawyer Craig Ball provided a multi-media presentation that addressed “the Internet of Things” and other new tech developments that will bring a whole new portfolio of e-discovery and security challenges.

Much attention was focused on how to protect your data if your device is stolen or lost. Panelists encouraged the audience to use two-faceted authentication, in which the user provides two means of identification, and to be careful of phishing and malicious email attachments.

The statistics, said Nelson and Simek, are staggering — 30 percent to 40 percent of robberies in major cities in the U.S. involved cell phones, and more than half of 2012 robberies in San Francisco involved a smartphone, they noted.

Passwords are especially vulnerable, they said, encouraging the audience to use encryption and establish strong passwords and pins. For example, an eight character password can be cracked in about two hours, said Simek, but a 12 character password could take 17 years. And be sure to set up remote find tools, such as “Find My iPhone” or Android Device Manager so that you can locate your phone, lock it, and even wipe it clean of data.

Utah-based lawyer Philip Favro , senior discovery counsel at Recommind Inc., gave a compact, accessible overview of the pending changes in the Federal Rules of Civil Procedure that are expected to go live next year, focusing his attention on the Rule 37(e) changes.

Among the most significant changes, he noted, are that “a court will not reach a sanctions analysis” under Rule 37(e) unless all of the following have been satisfied:

• Relevant electronically stored information that “should have been preserved in the anticipation or conduct of litigation was lost.” • The party charged with the lost ESI “failed to take reasonable steps to preserve the information.” • The party charged with safeguarding the lost ESI “failed to take reasonable steps to preserve the information.” • The lost ESI “cannot be restored or replaced through additional discovery.”

The jam-packed audience, who filled the law school’s Moot Court Room, ended the day with a strong taste of paranoia, but also the comfort of pragmatic strategies to protect their clients’ confidential information.

—Attorney Monica Bay moderated the “Best Practices in E-Discovery” panel at the conference.