A hypothetical scenario will illustrate the principle in question: A suspicious wife accesses her husband’s personal e-mail account on their mutually-owned computer by using a password he created for some of their other accounts. Her review of the e-mails proves that he has not been the faithful husband she thought he was. Wife files for divorce and forwards e-mails to her attorney.
Can the attorney use those e-mails as proof in a case, or should the attorney be worried about possible criminal charges for himself/herself or the client? What about possible disciplinary charges for the attorney? Would the thought process change if the password is not one both spouses had used before, but rather a secret password that the wife successfully guessed? Is it different if the computer is in his home office? Is it different if his home office computer is used for family bills? Is it different if the data resides on his laptop instead of the home computer?
There are several Rules of Professional Conduct that are implicated by these scenarios. It is clear that attorneys have an ethical obligation under Rule 4.4(b) of the Rules of Professional Conduct (Respect for Rights of Third Persons) to avoid using any “methods of obtaining evidence that violate the legal rights” of others. Therefore, an attorney cannot use anything that was obtained in violation of either a criminal or civil law.
If the attorney concludes that the evidence was illegally obtained, Rule 3.3 (Candor Toward the Tribunal) provides that: “A lawyer who represents a client in an adjudicative proceeding and who knows that a person … has engaged in criminal or fraudulent conduct related to the proceeding shall take reasonable remedial measures, including, if necessary, disclosure to the tribunal.” In an extreme case, an attorney’s duties under Rule 3.3, can even trump the client confidentiality protections afforded under Rule 1.6. However, “reasonable remedial measures” may be taken by persuading the client not to use the wrongfully obtained e-mails.
Rule 4.1 (Truthfulness in Statements to Others) may also be at issue. This rule requires lawyers to disclose material facts to third persons in connection with a representation whenever necessary to “avoid aiding and abetting a criminal or fraudulent act by a client, unless disclosure is prohibited by Rule 1.6.” Of note, Rule 1.6(c)(2) does not prohibit the disclosure of information relating to the representation of a client that the lawyer reasonably believes is necessary in order to “prevent the client from committing a criminal act that the lawyer believes is likely to result in substantial injury to the financial interests or property of another.” Is violation of privacy a “substantial injury”? Many courts could say yes, if the violation of privacy proximately causes substantial economic harm.
The question remains: Has the client violated the law? It remains unclear from the hypothetical and the suggested ancillary questions, but this most certainly falls into the category of “definitely maybe.”
The Electronic Communications and Privacy Act makes it a crime when someone “intentionally accesses without authorization a facility through which an electronic communication service is provided; or intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” Title II of the act is the Stored Communications Act, which regulates the intentional access of stored electronic communications and records. (Unlike the Wiretap Act, the Stored Communications Act does not provide for exclusion of evidence obtained in violation of the act.)
In Pennsylvania, similar felony offenses are found at 18 Pa. C.S. ?? 7611 (Unlawful Use of Computer); 7613 (Computer Theft); 7614 (Unlawful Duplication); and 7615 (Computer Trespass) — each of which constitutes a felony of the third degree. These state statutes make it a crime to knowingly access without authorization a computer, computer network, telecommunications device or Web site to obtain, alter, delete or copy confidential information, passwords or other data.
A New Jersey case implicated many of these same principles in interpreting the New Jersey Wiretapping and Electronic Surveillance Control Act and New Jersey’s common law right of privacy against intrusion on seclusion. In White v White, the defendant (wife) used an investigator to forensically image and analyze the files from the family computer’s hard drive, which was kept in a commonly used room in the home. Among those files were stored files of the plaintiff’s e-mails. The court noted that plaintiff had failed to password protect his files and that the e-mails were stored on the home server, not intercepted, or stored on a remote Web server. Based on these factors, and the fact that the computer was not accessed “without authorization,” the court concluded that New Jersey’s Wiretap Statute was not violated.
As to the right of privacy claim, the court found that New Jersey law requires that the intrusion be “highly offensive” to a reasonable person’s expectation of privacy. The court concluded that this expectation did not exist when plaintiff used a computer in a common room in the family home and that both the room and the computer were accessible by everyone in the house.
Recent Comments