Assuming
that future cases continue the trend that holds email may be used to transmit
privileged information without its losing its legal protection, what happens
when email is intercepted or maliciously disseminated, as though a virus, or is
sent inadvertently to the wrong person?
A
communication must be “confidential” for the attorney-client privilege to
attach, but once the privilege has attached it can be waived either by
intentional acts of the client or through inadvertent disclosure.[xiv] Assuming email passes the confidentiality
test in order for privilege to attach, what unintended interception, if any,
will waive the privilege?
Although
the law in relation to inadvertent disclosures of information falling within
the attorney-client privilege has generally evolved such that inadvertent disclosure does not waive the privilege, no nationwide
or worldwide law of privilege exists.
Courts have employed different approaches when determining the effect of
inadvertent disclosure to the issue of waiver of the privilege. Prudence thus dictates that the law in this
area be considered unsettled.
Some
case law takes a “no waiver” approach. Courts using this approach hold that an
inadvertent disclosure will not waive the privilege, based on the premise that
waiver requires an intentional relinquishment of a known right. Thus, as inadvertent disclosure cannot be
intentional, the privilege is not waived.[xv] Courts which use the no waiver approach have,
for example, refused to find waiver where privileged documents, which had been
marked as such with tabs that fell off somewhere in the copying process, were
produced to opposing counsel,[xvi]
and where an attorney accidentally left a privileged memorandum in a box of
documents for the opposing counsel to review[xvii]. Courts who utilize this approach also reason
that as the privilege belongs to the client and is recognized to protect the
client, more than negligence on the part of counsel should be required before
the privilege is waived.[xviii]
The
minority position, taken by fewer courts, finds that any disclosure,
inadvertent or otherwise, results in a waiver of the privilege.[xix] This is sometimes referred to as the “strict
accountability” approach. These courts
reason that because a privilege interferes with a court’s ability to determine
the truth, a privilege must be narrowly confined to communications that remain
confidential, and that once confidentiality ceases to exist
the foundation of the privilege is gone.[xx]
At present, a majority of courts apply the
third approach which employs a balancing test based upon five factors.[xxi] The factors to be considered in determining
whether the circumstances of an inadvertent disclosure warrant waiver of the
attorney‑client privilege are: (1) the reasonableness of the precautions
taken to prevent inadvertent disclosure; (2) time taken to rectify the error;
(3) scope of discovery; (4) extent of disclosure; and (5) the overriding issue
of fairness.[xxii] With respect to privileged information sent
via email which is illegally intercepted, the first element is most significant
to the determination. Critics of this approach argue that the fact that a
disclosure occurred in and of itself demonstrate that counsel failed to take
adequate precautions.[xxiii] Courts applying this approach, however, have
reasoned that just as the tort defendant who acts in a reasonably prudent
manner avoids liability, an attorney who exercises reasonable precautions to
protect confidential information and acts quickly and competently to rectify a
disclosure error may avoid waiver even though the disclosure occurred.[xxiv]
As
with the issue of whether the communication is confidential, the same
reasonable expectation of privacy analysis applies to the reasonableness of the
precautions taken to prevent inadvertent disclosure. If the holder of the privilege reasonably
believes that his method of communication was private, interception by a third
party unknown to the holder should not waive the privilege. Since interception of email is prohibited
under the ECPA, emails between attorneys and clients should be considered
reasonably secure for purposes of the attorney‑client privilege. Although
the ECPA does not eliminate the possibility of illegal interception, it does
make interception a crime. In addition,
although the ECPA permits service providers to lawfully monitor email
transmissions in the ordinary course of business, disclosure of any information
is prohibited. Thus, a person using
email should be able to rely on the proposition that email provides a reasonable
expectation of privacy even though it is possible to illegally intercept email
communications.
Yet,
while there may be no finding of waiver in cases where an email is illegally
intercepted or misdirected through no fault of the sender, what about the
situation, which is infinitely more likely than illegal interception, where one
false keystroke sends your confidential email to an unintended recipient,
perhaps opposing counsel? This presents
a much more difficult question, and, again, one which has not yet been answered
by the courts. The cases examining
inadvertent disclosures due to the negligence of attorneys call into doubt
whether an attorney who makes such a mistake could effectively argue against
waiver of the privilege.
The
Southern District of New York has consistently applied the five factor
balancing test.[xxv] However, the outcome of the test is not so
consistent.
In
Bank Brussels Lambert v. Credit Lyonnais S.A.,
the district court refused to find waiver where privileged documents were included
in a production due to a “clerical error” by paralegals.[xxvi]
Applying the factors, the district court found that: 1) the precautions taken
by counsel were all that were to be expected (counsel had given the paralegals
specific instructions); 2) counsel acted quickly to rectify the situation and
the documents were marked as “privileged” so opposing counsel was immediately
on notice that they were subject to privilege; 3) the scope of this discovery
was immense; 4) the disclosure was relatively minor; 5) it would not be unfair
to opposing counsel to deny use of the documents at trial. Conversely, in Bank
Brussels Lambert v. Chase Manhattan Bank, the Southern District of New York
held that waiver was effected where a paralegal
mistakenly produced documents to plaintiff’s counsel which had been set aside
in a separate envelope by defendant’s attorney.[xxvii] Applying the factors, the court first noted
that the precautions taken by the attorney failed on two levels. First, the privileged materials fell into the
hands of opposing counsel and, second, the documents were not adequately
labeled as privileged to put opposing counsel on notice of their confidential
nature.[xxviii] The next factor, time taken to rectify the
error, also favored waiver, for the defendant waited for months to assert
privilege even though it was made aware of the inadvertent disclosure almost
immediately.[xxix] The District Court added that while the
extent of the disclosure was not great, neither was the scope of disclosure,
and denying the plaintiff use of the disclosed documents would be unfair as
they immediately informed defendant’s counsel that the documents had been
disclosed and defendant failed to move for a protective order until seven
months later.[xxx] Consequently, the district court found that
the inadvertent disclosure did result in waiver of the attorney client
privilege.[xxxi]
A
recent case in the Southern District of New York did involve an email, however, it was already in its printed form when it
was inadvertently produced.[xxxii]
In Johnson v. Sea-Land Service,
early in the litigation plaintiff sent an email message containing confidential
information to his attorney’s law firm.[xxxiii] Then, in response to a deposition notice,
plaintiff flew from Florida to New York a day or two before his deposition,
where his attorney and he reviewed over three hundred documents in order to
provide defendant with the discovery he requested in connection with the
deposition.[xxxiv] During the deposition, the plaintiff’s
attorney noticed that the email was attached to one of the documents, informed
his adversary of the email’s privileged status and
its inadvertent production, and retrieved the email.[xxxv] However, apparently another copy of the email
had also been included in the production which plaintiff’s attorney only learned
when advised of the fact by defendant several weeks after the deposition.[xxxvi]
The Johnson
court noted that “[i]nadvertent
production will not waive the privilege unless the conduct of the producing
party or counsel evinced such extreme carelessness as to suggest that it was
not concerned with the protection of the privilege.”[xxxvii]
The Johnson court found that the failure to discover and withhold the
email was at most careless, but did not evince such extreme carelessness as to
suggest that plaintiff was not concerned with the protection of his privileged
communications.[xxxviii] The Johnson court further noted that
while delay in claiming the privilege may result in a waiver, the length of the
delay should be measured from the time the producing party learns of the disclosure,
not from the time of the disclosure itself.[xxxix] Finally, the District Court commented that
while that the scope of this discovery (300 documents) was minor compared to
many of the gargantuan document productions in other litigations, it was not an
insignificant amount of documents, and that it could not conclude that it would
be unfair to the defendant to preclude use of the email.[xl]
Consequently, the Johnson court held that the inadvertent disclosure did
not result in a waiver of the attorney-client privilege.[xli]
In
other jurisdictions which apply the five factor balancing test in cases dealing
with waiver of the attorney-client privilege, the result is also highly
dependant on the facts of the specific case.
A North Carolina district court, holding that an inadvertent disclosure
did result in a waiver of the attorney-client privilege, stated that “[g]enerally, when no special efforts are made to ensure
confidentiality...inadvertent production of documents pursuant to a discovery
request waives any privilege.”[xlii] Similarly, a Massachusetts district
court in Amgen v. Hoechst Marion Roussel, Inc. found
waiver of the attorney-client privilege as the result of an inadvertent
disclosure to opposing counsel.[xliii]
The disclosure in Amgen
occurred after an outside copy service had copied four small boxes which had
been set aside by producing counsel as containing all privileged documents.[xliv]
The Amgen court noted that it
would have been reasonable for an attorney to review the copying once received
back from the service and prior to the production.[xlv] Furthermore, the Amgen court pointed
to the fact that it took producing counsel five days to recognize its error and
then only because opposing counsel alerted him to the fact that the documents
had been produced. In Ciba-Geigy
Corp. v. Sandoz, Ltd., et al., a New Jersey
district court found waiver of the attorney-client privilege where defendant
twice produced copies of a privileged internal memorandum, since the
defendant had failed to conduct any review of the documents, believing
that local counsel had conducted a review, defendants failed to act quickly to
rectify the production error once it learned of the production, and the
privileged documents were a substantial part of a relatively small production.[xlvi]
Waiver of Trade Secret
Rights Through Disclosure via Email
The
protection of intellectual property rights is another consideration for
lawyers, and for the individuals or corporations which own the rights, when
using email. There have been numerous
viruses circulated during the past year which in one way or another foul up the
unlucky recipients email. Just one
example is “VBS.Helvis”, a virus that uses Microsoft
Outlook to send the affected user’s email to an outside account.[xlvii] Obviously, a virus such as this (as well as
the aforementioned human errors) can result in the disclosure of trade secrets
or other intellectual property.
“ Trade
secrets” are only protected when they are not generally known to the relevant
people, i.e. potential competitors.[xlviii] Conversely, “information that is generally
known or readily ascertainable through proper means by others...is not protectable as a trade secret”.[xlix]
In Kewanee
Oil Co. v. Bieron Corp.,[l]
the U.S. Supreme Court explained that: “The protection accorded the trade secret
holder is against the disclosure or unauthorized use of the trade secret by
those to whom the secret has been confided under the express or implied
restriction of nondisclosure or nonuse. The law also protects the holder of a
trade secret against disclosure or use when the knowledge is gained, not by the
owner’s volition, but by some ‘improper means,’ Restatement of Torts §757(a),
which may include theft, wiretapping, or even aerial reconnaissance. A trade
secret law, however, does not offer protection against discovery by fair and
honest means, such as by independent invention, accidental disclosure,
or by so-called reverse engineering, that is by starting with the known product
and working backward to divine the process which aided in its development or
manufacture.” (Emphasis added)
Consequently,
the emailing of a message or document containing a trade secret to unintended
recipient could result in the loss of the property right. Malicious dissemination by a hacker or
because of a virus introduced into one’s network may not technically waive the “trade
secret” character of information, and a holder of a trade secret may have a
cause of action for damages against a party who intentionally disclosed the
secret (so long as they meet the legal definition of a misappropriator). However, such a party may be difficult to
identify or may lack assets and the damage which may result from lose of the
trade secret protection may not be quantifiable or adequately covered by
monetary damages.
Similar
issues exist in the context of attorney-client privilege, although the damage
there is more likely to be one of embarrassment. Because the attorney-client privilege is
evidentiary in nature, even if the communication is unduly disseminated, there
are means to prevent the use of the information as evidence at trial. But, trade secrets differ in that once an “innocent”
competitor receives them, effective remedies against that competitor’s use of
the information may not be found to exist.
The
issue of whether the posting of trade secrets on the Internet results in loss
of the property right was discussed in Religious Technology Center v. Netcom
Online Communication Services, Inc.[li] In this case, two Church of
Scientology-affiliated organizations which claimed trade secret protection for
the writings of the Church’s founder, brought suit against a defendant who
allegedly posted the protected works on the Internet for misappropriation of
the trade secrets. [lii] However, the defendant argued that as he
received some of the information from an anonymous public post on a newsgroup
Internet site and that since this was a public source the information should
lose its trade secret protection.[liii]
The Religious
Technology Center court stated that more than 25 million people could have
viewed this posting and that those with an interest in using the church’s trade
secrets were likely to look to this news group.[liv]
Consequently, the Religious Technology Center court concluded that
posting works to the Internet makes them “generally known to the relevant
people.”[lv] Nevertheless, the court acknowledged the
potential problems with its holding:
The
court is troubled by the notion that any Internet user, including those using “anonymous
remailers” to protect their identity, can destroy
valuable intellectual property rights by posting them over the Internet,
especially given the fact that there is little opportunity to screen the
postings before they are made.
Nonetheless, one of the Internet’s virtues, that it gives even the
poorest individuals the power to publish to millions of readers, can also be a
detriment to the value of intellectual property rights. The anonymous (or judgment proof) defendant
can permanently destroy valuable trade secrets, leaving no one to hold liable
for the misappropriation.[lvi]
Furthermore, while the court
was persuaded by the plaintiffs that whoever made the original postings gained
access to the information through improper means (i.e. giving rise to a
claim for misappropriation), this does not negate the finding that once posted,
the works lose their secrecy, and there was no evidence that this defendant had
anything to do with the original misappropriators.[lvii]
The Religious
Technology Center court did not have the final say in the matter. In Religious Technology Center v. Netcom
Online Communication Services, Inc. the court revisited its findings in
relation to the secrecy of the plaintiffs’ trade secrets.[lviii] The court held that its statement in the 1995
case that “posting works on the Internet makes them generally known to the
relevant people” is an overly broad generalization. The court continued to state that the
question of when an Internet posting causes the lose of trade secret protection
requires a review of the circumstances surrounding the posting, consideration
of the interests of the owner of the trade secret, the policies favoring
competition, and the interests, including first amendment rights, of innocent
third parties who acquire information from the Internet.[lix]
More
recently the California state courts examined the issue in a series of
decisions, beginning with DVD Copy Control Ass’n,
Inc. v. McLaughlin.[lx] There, the licensor of an encryption system
to protect copyrighted materials stored on DVDs sued to enjoin a web site’s
posting of algorithms and master keys to this system. The trial court rejected
a literal reading of Religious Technology Center, and held that the
posting of the trade secret on the Internet did not destroy its status as a
legally protected property right. The
trial court stated “[t]o hold otherwise would do nothing less than encourage misappropriaters of trade secrets to post the fruits of
their wrongdoing on the Internet as quickly as possible and as widely as
possible thereby destroying a trade secret forever. Such a holding would not be prudent in this
age of the Internet.” The trial court
further noted that the plaintiff had moved quickly and reasonably to protect
its proprietary information as soon as it discovered that the information had
been disclosed.
However,
in DVD Copy Control Ass’n, Inc. v. Bunner, the California Court of Appeals reversed the
lower court’s preliminary injunction.[lxi]
The Court of Appeals found that the web site posting was “pure speech”
protected by the First Amendment and that the plaintiff’s interest in
protecting its trade secret pending trial could not justify a prior restraint
on defendant’s publication of the information.
The California Supreme Court then left the matter unanswered, ruling in Pavlovich v. Superior Court[lxii]
that the trial court lacked personal jurisdiction over the defendants.
Conclusion
No
form of communication is completely secure, as each may be lost, intercepted,
or inadvertently disclosed. Case law strongly supports the conclusion that, so
long as prompt action is taken to assert a claim of privilege or trade secret
status, privileged information in an intercepted email or email unintentionally
released by a virus sent to its author or intended recipient will be protected
from use in evidence and trade secrets retain their legally protected
character.
Including
a disclaimer with each email message may also protect privileged information
and, as the case law discussed indicates, may weigh in favor of a finding of no
waiver. A disclaimer lets the recipient
know that the email message contains confidential information and that if the
email is inadvertently sent to an unintended recipient, the email should not be
read, copied or forwarded. Disclaimers
are virtually cost free and this easy, and potentially determinative, method of
protection is recommended for emails that contain confidential information
But,
the accidental sending of a trade secret to the wrong recipient might result in
its losing trade secret protection.
Significant issues also exist if someone posts the information on the
Internet, both legal and practical.
In
view of these issues, those who use email should avoid the temptation to treat
email as a casual means of communication.
They should also weigh the costs, advantages, and difficulties of
technological barriers such as network security including strong passwords,
anti-virus software, firewalls, and the use of encryption software for external
and internal email.
Most
companies utilize anti-virus software and detection systems. It is a good idea to keep these up to date so
as to minimize the risk that a virus will maliciously disseminate confidential
email and alert employees if any viruses have been detected. Network security and the use of strong
passwords reduce the risk of intruder access. Firewalls come in various
configurations and at varying costs.
They provide varying degrees of protection against intruder access to
networked information.
With
respect to encryption, the sender and all receiving parties must utilize
compatible software and care must be taken to assure that the encryption
differs among categories of recipients if inadvertent disclosure to one of
information intended for another would case problems. Also, the encryption of a
message when sent will not assure that a plain text version stored or sent
internally will not be disseminated by a rogue emailing virus or procured by a
hacker. Even encryption does not guarantee privacy from a motivated interceptor
because systems can be overcome with sufficient technical skill. Use of a password
to open documents attached to email is another possible method available to
protect privileged documents. Using such
a system, the document cannot be opened unless the recipient enters the
password.
People rely on the efficiency of email every
day both to conduct business and keep in touch with family and friends. This
trend will continue. Although the law
thus far attempts to accommodate the use of this new medium of communications,
both legal and practical problems continue to exist. The “best” solution is to avoid the
unintended dissemination of privileged or confidential information.
If you have an opinion on these issues, please write to us and let us know.
Visit the home page of Legal Column Archives to see other original
articles.
Visit the 
web site.
URL: http://www.fmew.com
NOTES