|Oregon State Bar Bulletin MAY 2010|
In January, Judge Garr King of the U.S. District Court for Oregon ruled on what the court called the “new frontier” in jurisprudence, searches and seizures of electronic data over wireless networks. The case involved an Aloha area neighbor who discovered child pornography on a computer hard drive she accessed through a wireless network from her home.
Though this decision dealt with decidedly unsavory content, the decision does remind attorneys of the need to be ever vigilant with their confidential information on wireless-enabled laptop computers. But, happily, just a few steps can protect lawyer confidences.
In the federal criminal case, the person with the child pornography was unknown to the neighbor, but she called the sheriff, who came to her home, viewed a file briefly and then obtained a warrant to enter the insecure network to obtain the IP (Internet protocol) address of the router that connected it to the Internet. Having obtained the address, the sheriff served a summons for information from the Internet service provider to determine the name and address of the subscriber.
Armed with the name and address, the sheriff then obtained a second warrant to search the owner’s computer equipment for child pornography. They found it, and criminal charges followed. On a motion to suppress for violation of privacy rights protected by the Fourth Amendment, the court denied the motion and upheld the search.
Significantly, the court found that a computer owner has no reasonable expectation of privacy of files that may be accessed through peer-to-peer file sharing. The court compared two types of open networks — peer-to-peer file sharing, and unsecured networks, either of which deprives the owner of an expectation of privacy, and use of which would lead a lawyer to violate ethics rules.
Said the court:
When a person shares files on LimeWire (a peer-to-peer file sharing program for music, videos, etc.), it is like leaving one’s documents in a box marked ‘free’ on a busy street. When a person shares files on iTunes (which shares files over a local network, not on the Internet) it is like leaving one’s documents in a box marked ‘take a look’ at the end of a cul-de-sac” if the local network is not secured by a password. US v Ahrndt, Criminal Case No. 08-468-KI (Jan. 27, 2010). The same comparison applies to a computer that enables file sharing of documents through word processing or other programs.
The take-away message to lawyers is that the ethics rules require us to keep confidential information confidential. When lawyers use laptops for both social and business purposes, they risk compromising the confidentiality of any information that can be accessed through file sharing programs (including operating systems, like Windows and Apple’s operating system).
For example, many lawyers have office networks that allow document files to be shared across the network so that paralegals, secretaries or other lawyers may view them. If the lawyer stores those documents on a laptop, takes the laptop to a coffee-shop with a wireless network to work and uses the shop’s Internet access, the lawyer may be granting access to the document files to anyone else logged into the shop’s network. Even firewalls may not protect the documents if they are configured to allow document access.
Worse yet, there are commercially available programs that scan other computers on a network that allow nosy neighbors to peruse files on other computers. And those don’t include “hacker” programs that evil doers use to gather information, like Social Security numbers, bank account numbers and the like.
This article will not try to tell lawyers how to configure their laptops. That is a matter for qualified IT personnel. But, lawyers essentially have two choices: either never connect to insecure networks in public places like coffee shops or airports, or disable file sharing of all confidential documents, pictures, recordings and data that may be on a laptop. And that means talking to your IT adviser whenever you add a file-sharing program, because it may change settings during installation.
Finally, be aware of which programs have file-sharing capabilities, and check their settings from time to time. When it comes to maintaining client secrets, these are small, but necessary, steps.
ABOUT THE AUTHOR
Ed Trompke is an attorney with Jordan Schrader Ramis in Lake Oswego. A different version of this article appears in the Spring 2010 newsletter of the OSB Constitutional Law Section.
For additional information on a variety of options for secure mobile computing, see “Hit the Road, Jack,” by Sharon D. Nelson and John W. Simek, OSB Bulletin February/March 2010M.
© 2010 Ed Trompke