New technology forces legal profession into uncharted territory
Cloud computing is a form of outsourcing. There is legal process outsourcing where, classically, a large law firm sends some legal work to India where it will be undertaken more cheaply. And there is non-legal outsourcing – such as cloud computing – where a back-office function, such as file storage, is sent somewhere else.
The difficulty and danger of cloud computing, and how it differs from legal process outsourcing, is that it can happen without you knowing. You will know whether you have sent a particular file to India for a set of tasks to be undertaken. But do you know what happens to all the data on every device that you use for work? I doubt it.
I am reminded of the story I read recently where an iPhone was stolen. The foolish thief took photographs of himself, unaware that they would be automatically posted on the iCloud account of the real owner, who had remote access to it. By advertising his face on Facebook, the owner was able to track the thief down.
Cloud computing raises a host of ethical questions for lawyers: But the interesting question arises beyond these ethical challenges. Can a bar successfully forbid a lawyer from using cloud computing altogether? I know that at least one European bar is tempted by such a solution, and you can see why when you read the list of problems. If there are such serious challenges to the core of the lawyer’s duties – confidentiality – then why not ban it? But given the strides taken by technology, and the benefits of speed, ease and economy, is it realistic?
- the cloud is susceptible to unauthorised access, either of the premises in which the servers are located or electronically by hackers;
- the information might be stored on servers in countries with fewer or less-effective legal protection mechanisms for electronically stored information;
- providers might be subject to local rules obliging them to hand over European lawyers’ data to non-EU national authorities;
- foreign legislation might seek to impose obligations to disclose data upon request to national authorities; l with regard to the handling of confidential data, there might be diverging and/or conflicting local requirements of national bars or law societies to which lawyers need to adhere;
- the contract with the provider might be unclear regarding ownership of stored data;
- providers might fail to back up data adequately, or not have high standards of data encryption, or have unclear policies for notifying customers of security breaches, or for data destruction in cases when a law firm no longer wishes the relevant data to be available on the cloud computing server; and
- there might be problems relating to data access using easily accessible software in the event that a law firm terminates its relationship with the cloud-computing provider, or when the provider changes or goes out of business.
We have heard of lawyers’ duties coming up against political realities. That happened, and continues to happen, in the money laundering debate, where governments collectively decided that the fight against money laundering was more important than the duty of confidentiality and legal professional privilege. The matter is still being litigated in two cases before the European Court of Human Rights: Michaud (12323/11); and Monaco (34118/11). But this is the first occasion I can remember where lawyers’ core duties come up against what I would call ‘progress’ – speedy and cheap technology. In that battle, who wins and who deserves to win?
It need not be an all-out fight because there are other solutions. In the UK we are so used to outsourcing activities that other routes do not occur to us as being immediately sensible. For example, the Law Society outsources the provision of professional indemnity insurance to the insurance market, and also the holding of client money to individual lawyers’ office bank accounts, both under certain stringent conditions. But in other jurisdictions, the bar runs the professional indemnity insurance scheme (as the Law Society used to do), and also runs a single bank account into which all client money must be paid. To our post-Thatcher ears, that sounds curious.
So, not surprisingly, some bars suggest that they should set up their own private cloud for the storage of members’ confidential electronic data. That way, the bar can guarantee that lawyers benefit from the cheapness and efficiency of the cloud, while ensuring that professional rules are obeyed. A detractor might argue that such action takes a bar far away from its core activity of regulating lawyers – although presumably there could be a halfway house where the bar negotiates with an outside provider to set up a cloud that complies with all the requisite conditions.
This struggle will show that lawyers cannot command markets. We have not yet won the political battle with governments over money laundering, and I wonder whether we will be able to beat the development of technology and the benefits of its usage. We will have to accommodate our professional rules to the reality of the world in which lawyers operate. For some, this will mean the construction (or outsourcing) of special bar clouds. To others, it will mean detailed advice to lawyer members on what terms to insist upon, and what pitfalls to avoid, in the negotiation of contracts with cloud providers. In that sense, new technology is not like old technology in different clothes: it really does pose some novel, difficult-to-answer questions.
Jonathan Goldsmithis secretary general of the Council of Bars and Law Societies of Europe, which represents around a million European lawyers through its member bars and law societies. He blogs weekly for the Gazetteon European affairs.