Judging from the number of questions we get on the topic here at LOMAP, it’s clear that lawyers retain an abiding interest in cloud services, due, in large part, to the increased efficiency and flexibility cloud services purport to provide. However, a number of attorneys I speak to are reluctant to use the cloud; and, that reticence is most often based on ethics and/or confidentiality concerns. Previously, in this space, we’ve addressed a component of this question: whether and how to acquire informed consent from clients respecting the use of cloud services. Now, we’re pleased to offer a broader view of this discussion — one that is supplied below by Professor Andrew Perlman of Suffolk University Law School. In addition to his teaching role at Suffolk, Professor Perlman is the director of the new Institute on Law Practice Technology and Innovation. Following his discussion of the ethics of cloud computing in the Commonwealth, Professor Perlman will tell you about the Institute’s kickoff event.
. . .
In an increasingly competitive legal marketplace, cloud computing can be an attractive way to cut technology-related expenses, particularly for solos and small firm lawyers who cannot afford to hire full-time IT experts. But the cloud also raises potential ethics concerns that lawyers need to consider. In this post, I provide an overview of a few of those concerns and link to helpful sources, including a recent Massachusetts ethics opinion, where you can find more information.
What is Cloud Computing?
The term “cloud computing” is used so frequently that we often assume we know what it means. In talking with lawyers, and even tech-savvy law students, I find that there are plenty of misconceptions. For example, I recently asked my professional responsibility students how many of them use cloud computing. A small fraction raised their hands. I then asked how many use Gmail, Yahoo!, or a similar service for email. Nearly all of them raised their hands. What they failed to realize is that those email services are a form of cloud computing — the students’ information is stored on a third party’s servers (i.e. — in the “cloud”).
Of course, email is just one type of cloud computing service. Lawyers can use cloud computing for a wide range of tasks, such as storing or sharing documents through Dropbox or Google Drive, using an online data backup service (e.g. — Mozy), using an online law practice management system, or setting up a virtual office.
The Ethics of Cloud Computing
It should not be surprising that, if you store client information in the cloud, a number of ethics issues can arise, particularly as to the handling of confidential information. For this reason, an increasing number of states, including Massachusetts, have issued ethics opinions on cloud computing. Moreover, the American Bar Association Commission on Ethics 20/20 recently successfully proposed changes to various Model Rules of Professional Conduct that relate to a lawyer’s ethical obligations when using cloud computing.
In essence, these opinions and rule changes boil down to one essential and overarching obligation: lawyers must take reasonable precautions to protect client confidences when using cloud computing services. Complying with this obligation will necessarily vary depending on the service being used, but it will often require an understanding of the service provider’s terms and conditions, with a particular focus on whether the data is encrypted, whether the lawyer retains ownership over the data, whether the lawyer will receive notice if a third-party (such as the government) asks for access to the information, whether the lawyer will have access to the data if the company were to go bankrupt, whether the data is stored in this country or abroad, and whether the service employs additional security (such as physical security for the servers where data is located). Other important considerations for lawyers include whether they are using appropriately strong passwords to access their information in the cloud. Using “password” or “1234” as your password just doesn’t cut it.
In light of these considerations and possible concerns, the Massachusetts ethics opinion cited above emphasizes that a lawyer should get a client’s consent before storing particularly sensitive information in the cloud.
The Cloud is the Tip of the Iceberg
Ok, I’m mixing my metaphors with clouds and icebergs. But it’s important to understand that cloud computing is really just one part of a larger transformation of law practice being wrought by technology. Virtual law offices, automated document assembly, electronic discovery, online law practice management tools, and a wide range of other technologies just emerging are rapidly changing the legal marketplace.
. . .
For those of you who want to learn more about what’s ahead, Suffolk University Law School will launch its Institute on Law Practice Technology and Innovation (LPTI) on Thursday, April 18th at 4:00 p.m. The keynote speaker at this inaugural event will be noted legal futurist Richard Susskind, author of the provocative best-seller ‘The End of Lawyers?: Rethinking the Nature of Legal Services’ and the just-published ‘Tomorrow’s Lawyers: An Introduction to Your Future’. Professor Susskind will discuss some of the key concepts from his new book, offering a close look at where the profession is heading and what we’ll find there — a challenging new world for some, and a vibrant future for others. A distinguished panel of legal professionals — including Jordan Furlong, Krish Gupta (JD, ’96) and Regina Pisa — will offer their thoughts on Susskind’s remarks. A reception will follow.