If the clerk of courts e-mails you an order that your client must pay $1 million in attorney fees to the opposing party, but your spam filter catches the e-mail and then deletes it after 30 days without alerting you, and you therefore fail to appeal the order in time — well, your client may be out of luck, as a Florida court of appeals ruled recently.  (There is a motion for rehearing pending.)

Spam canned?

The ruling thus far is a cautionary tale and shines a light on some ethics duties as they might apply to your process for handling and keeping on top of spam e-mail — especially the duties of diligence (Model Rule 1.3) and competence (Model Rule 1.1, and see cmt. 8 on technology).

The facts:  Company sued Utility Authority, and Company won.  Company’s Lawyer moved for attorney fees, and after more than a year, the trial court granted them — reportedly as high as $1 million.  It’s worth noting that during the time that his client’s fee motion was pending, Company’s Lawyer had the firm’s paralegal check the court’s on-line docket every three weeks for a ruling.

When the court finally issued the ruling, the clerk e-mailed it to all counsel.  Technology experts who later testified said that the e-mail server at the Utility Authority’s Lawyer’s firm received the e-mail. But the firm’s e-mail filtering system was configured to drop and permanently delete e-mails perceived to be spam without further alert.

Apparently that’s what happened to the e-mailed attorney-fee order.  After 30 days passed without the fee award being paid (i.e. after the time to appeal the order had run), Company’s lawyers contacted opposing counsel.

No relief

The Utility Authority moved for relief from the judgment, arguing that its lawyers didn’t receive the order in time to file an appeal.  The trial court rejected the argument, and the court of appeals agreed:  this was not “mistake, inadvertence, surprise or excusable neglect,” it held.  The Utility Authority’s Lawyer’s firm did receive the order — the equivalent, the court of appeals said, of placing a physical copy of the order in a mailbox.  The e-mail just went right to spam, from where it apparently was deleted without further notice.

At the hearing on the motion, the law firm’s former IT consultant testified that he advised against that configuration; the firm rejected the advice, as well as advice to get a third-party vendor to handle spam filtering, and advice to get an online backup system that would have cost $700-1200 per year.  Financial considerations played a part in these decisions, the court found.

The decision to use this filtering configuration despite warning was a conscious decision to use “a defective e-mail system without any safeguards or oversight in order to save money.  Such a decision cannot constitute excusable neglect,” said the court of appeals.

Adding further sting, the court noted the Company’s Lawyer had a paralegal regularly check the court’s online docket during the long pendency of the fee motion.  If the Utility Company’s Lawyer had done something similar, the court said, he would have received notice of the fee order in time to appeal.  “The neglect” of that duty “was not excusable.”

Spam:  not tasty but good to check

The harsh result here may yet be ameliorated if the court of appeals grants rehearing.  In the meantime, however, the scary scenario points to the need to pay attention to your firm’s  technology and processes for handling spam.  And old-fashioned procedures like checking the court’s docket can also help avoid an unpalatable spam situation.

The ACLU and the Electronic Frontier Foundation have sued the Department of Homeland Security to block U.S. Customs and Border Protection personnel from searching travelers’ electronic devices without warrants.  This has implications for lawyers who cross in and out of the U.S. with phones and laptops  containing confidential client information.  The CBP’s policy, which the ABA also has questioned, currently authorizes such searches even without a suspicion of wrongdoing.

We first wrote about the issue last month, when the New York City Bar Association published an ethics opinion raising the client confidentiality issues and advising that in some circumstances lawyers should consider using “burner” phones, and avoid taking client confidential information across borders.

The ACLU and EFF’s lawsuit, in Massachusetts district court, alleges violations of the First and Fourth Amendments on behalf of 11 plaintiffs whose electronic devices were searched as they reentered the U.S.  None were subsequently accused of any wrongdoing.

The plaintiffs include journalists, students, an artist, a NASA engineer and a business owner — but no lawyers.  Despite the absence of lawyers from the roster of plaintiffs, the client confidentiality issues are obvious, and have received a lot of notice.  See here for the New York Times story on the lawsuit, and here and here for commentary on the N.Y. City bar ethics opinion.

I’d be interested in hearing whether lawyers have personal experience with border searches of their electronic devices.

Stay tuned for additional developments on this issue.

Travelling abroad for work?  What should you do if a Customs and Border Patrol agent, claiming lawful authority, demands that you unlock your computer or thumb drive or cell phone — full of client confidential information — and hand it over to be searched as you cross the U.S. border?

New York City bar association ethics opinion issued on July 25 offers some practical tips, and spotlights the ethical duties of confidentiality and client communication involved in this increasingly-common scenario.

Cause for concern

The confidentiality concern is more than hypothetical.  According to the Department of Homeland Security, in February 2017 alone, CBP agents searched more than 5,000 cell phones, laptops and other devices.  That’s as many searches as in all of 2015.  CBP policy apparently permits U.S. customs agents to review any information that physically resides on travelers’ electronic devices, with or without any reason for suspicion, and to seize the devices pending inspection.

The ABA voiced concern in May, requesting that the Department of Homeland Security revise CBP’s procedures in order to better protect client confidential information from search or seizure at border crossings.

Evasive tactics necessary?

Under every state version of Model Rule 1.6, you have an ethical duty to safeguard the confidentiality of client information in your possession, and “few principles are more important to our legal system,” the opinion notes.

The thoroughly-reasoned and detailed New York opinion concludes that Rule 1.6, coupled with Rule 1.1 (Competence), raises obligations before a lawyer approaches the U.S. border; at the border when an agent seeks access to a device; and after an agent has reviewed clients’ confidential information.

  • Before crossing the border, Rule 1.6(c) and its comments, which require “reasonable efforts to prevent … unauthorized access to” client confidential information, means that you must take reasonable precautions in advance to avoid disclosing such information unless authorized by the client (which is unlikely).  Depending on the circumstances, including the sensitivity of the information, these efforts may include not carrying any client confidential information across the border.  If so, the opinion suggests:  securely backing up client information and then crossing the border with a blank “burner” phone or laptop; turning off syncing of cloud services; signing out of web-based services; and/or uninstalling applications providing local or remote access to confidential information.
  • At the border, Rule 1.6(b)(6) and its comments come into play.  It permits lawyers to disclose confidential information to the extent reasonably believed to be necessary when required “to comply with other law or court order,” including “a governmental entity claiming authority pursuant to … law.”  But, the opinion cautions, disclosure is not “reasonably necessary” to comply with law if there are reasonable lawful alternatives to disclosure.  The opinion concludes that “it would be an unreasonable burden” to require a lawyer to forgo entering the U.S. or to allow herself to be taken into custody or litigate the lawfulness of a border search. But the opinion also says that lawyers have a duty not to comply “unless and until” the lawyer “undertakes reasonable efforts to dissuade border agents from reviewing clients’ confidential information or to persuade them to limit the extent of their review.”  To facilitate that challenge, you should carry ID confirming that you are a lawyer, notify agents that your device has client confidential information on it, request that the agents limit their review, and ask to speak to a superior officer, says the opinion.
  • After a search or seizure of client confidential information, Rule 1.4 (Communication) requires that you notify affected clients about what occurred and the extent to which their confidential information may have been reviewed or seized.  That communication will let the client decide on possible responses, including a potential legal challenge.

Globe-trotting implications

Tennessee ethics lawyer Brian Faughan shared his comments on this opinion under the headline “Practicing law like it’s espionage.”  The ways to carry out the potential duty to avoid taking confidential information across U.S. borders, as well as the other recommendations in the New York opinion, indeed make me think of spy craft, and to wonder if we are entering the world of novelist John LeCarre.  That’s an uncomfortable thought — but under the reasoning of this opinion, such considerations are necessary as a matter of ethics.

Being inexperienced can contribute to getting into disciplinary trouble, but it can also be a mitigating factor in a bar disciplinary case.  That’s the message of a recent opinion of the Oklahoma Supreme Court, which imposed a six month suspension from state practice as reciprocal discipline on a lawyer who had already been suspended from federal bankruptcy court practice for five years.

Raising the risk?

Something like 37,000 students likely graduated from law school this year; that’s a lot of newly-minted JD’s coming into the world of practice.  And while they might know more about legal ethics when they graduate than they ever will again (as I tell the law students I teach as an adjunct ethics prof), it’s also surely true that simple inexperience can play a role in going astray and getting into disciplinary trouble.

For one thing, with the legal job market being what it is, many new lawyers will likely be hanging out their own shingles.  There are lots of opportunities for a novice to get mentoring, advice, and hand-holding from more-veteran members of the  bar.

But failing to take advantage of those resources can mean that an inexperienced solo lawyer is stuck in an echo-chamber, without the corrective that a more-seasoned viewpoint can contribute.  And even in a firm, it’s easy to make a mistake if the proper supervision is lacking.

Sooner State of confusion 

The lawyer in this disciplinary case was admitted to the Oklahoma bar and started practicing in 2013.  About 18 months later, she got her first client — a couple who were attempting to set aside a bankruptcy court order.

Her attempt on the couple’s behalf went badly wrong, and then spiraled out of control:  the bankruptcy court found the lawyer’s set-aside motion to be without any legal or factual basis; she missed the deadline to supplement the filing; and then she sued the trustee, the judge, the state courts of two counties and the layers representing the creditors.

The court dismissed that suit with prejudice, and the creditors moved for sanctions against the lawyer in the bankruptcy court, asserting among other things that she had filed frivolous litigation, misrepresented facts, and had threatened the bankruptcy trustee and attorneys with criminal prosecution in bad faith.

Before the sanctions hearing, the lawyer entered into a settlement, accepting a five-year suspension from practice in both Oklahoma bankruptcy courts.

Inexperience counts

It’s a little-known fact that drawing professional discipline in one jurisdiction where you are admitted to practice (including before federal courts), can bring reciprocal discipline in other jurisdictions where you are admitted.  That’s what happened here.

In response to the state bar’s disciplinary charges, the lawyer creatively argued that because her bankruptcy suspension was a result of an agreed settlement and not an “adjudication,” there was no basis for reciprocal state discipline.  The Oklahoma supreme court swept that argument aside, and held that her conduct violated the Sooner State’s versions of Model Rules 1.1 (competence); Rule 3.4 (unfairness to opposing parties and counsel; and Rule 8.4(d) (conduct prejudicial to the administration of justice.

But in weighing the appropriate reciprocal discipline, the court significantly took as a mitigating factor that the lawyer “was new to the practice of law and without supervision or training.”  Without intending to hold “new legal practitioners to different standards from  more seasoned lawyers,” the court nonetheless took account of the fact that the lawyer “was practicing on her own with little prior training or supervision and refused to ask for help.”

Thus, although acknowledging that the lawyer exceeded the bounds of zealous advocacy, and “displayed a lack of competency and insolence in the practice of bankruptcy law,” the court imposed only a six-month suspension from practice.

Don’t let this happen to you 

If you’re a newbie, recognize the limits of your knowledge and get help.  Don’t count on your inexperience to save you from harsh professional discipline; you don’t want to go there in the first place.  If you practice by yourself, take advantage of all the formal and informal mentoring and training resources available via state and local bar associations and law schools.

My hometown Cleveland Metropolitan Bar Association, for instance, has a solo and small firm practice section.  The Ohio Supreme Court has a lawyer-to-lawyer mentoring program, linking veteran lawyers with new practitioners.  Last, here are other mentoring programs, listed by state.

Last WillWhat if you suddenly became disabled and couldn’t handle your law practice?  Or, if you were to die, who would deal with your pending matters?  Who has the password for your computer?  Who knows where you bank?  The Ohio Board of Professional Conduct last week published an ethics guide titled “Succession Planning” that addresses these issues, and it’s worthwhile reading if you practice on your own or in a small firm, in any jurisdiction.

Trendlines point to need for planning

Two trends are converging that underscore the topic of succession preparedness:  the predominance of solo and small firms, and the graying of the profession.

  • The ABA reports that in 2005, 63% of all private practitioners were in firms of fewer than five people.  And 49% practiced on their own.  (Seventy-five percent of U.S. lawyers were in private practice in 2005.)
  • And we are not getting any younger — in fact, the opposite.  The median age of lawyers in 2005 was 49; 13% were over 65 years old.  And recent trends are going to increase the proportion of older lawyers:  total J.D. enrollment between 2011-12 and 2013-14 decreased by 12%, or by more than 17,000 students.  First-year law school enrollment decreased by 29% between 2010 and 2016, and for the 2016-17 school year it remained flat over the previous year.

Be prepared

The Ohio ethics guide notes that “failing to plan for the unexpected can result in harm to clients and in confusion and hardship for the lawyer’s family, staff and professional colleagues.”

Every state’s lawyer conduct rules has some version of Model Rule 1.1 and 1.3, dealing with competence and diligence, and the Ohio guide notes that while having a succession plan is not mandated by the Ohio rules, having a plan “can be viewed as a continuation of a lawyer’s duty of competent and diligent representation.”

Some jurisdictions go further.  As of June 2015, the ABA reported that several specifically addressed succession planning in their conduct rules, registration rules or in comments.  (A state-by-state chart is here.)  For instance, Florida requires the designation of an “inventory attorney,” who can agree to take action in the event of a lawyer’s death or disability.  Indiana provides as part of its annual registration process for permissive designation of an “attorney surrogate.”  South Carolina’s Rule 1.19, “Succession Planning,” says that lawyers “should prepare written succession plans” in anticipation of their death or disability.

What to do & who can help?  

The Ohio guide points to several components of a succession plan, which will help avoid the burden on your family and possible prejudice to your clients if the unexpected happens:

  • a written agreement with a designated successor lawyer;
  • information on the status and location of open and closed client files;
  • details regarding trust accounts, operating accounts and client ledgers;
  • location of log-in and password information for office computers, mobile devices, e-mail, voicemail, billing and calendaring systems, online banking, etc.;
  • location of accounts payable and receivable information;
  • information on leases, insurance, key vendors and other details needed to wind up a law practice, if needed.

Here in Ohio, two city bar associations have specific programs and resources.  My hometown bar, the Cleveland Metropolitan Bar Association, has a “What-If Preparedness” program, with a site that links to a wealth of material, including forms.  The Columbus Bar Association has a program called the “Advance Succession Registry.”  Details are here.  The ABA likewise has resources and links, including to jurisdiction-specific materials.

Think about the unthinkable

Thinking about death and disability is never easy — for lawyers or anyone else.  But coming to grips with these topics and taking action can put your mind at ease that you have protected your clients and minimized a possible future burden on those you love.  That’s worth doing, no matter how difficult.

Close up photo of red large letters spelling emergencyWhat happens when your ethical duty of competence meets up with an emergency situation where you are called on to give legal advice — immediately?  I was thinking about this question because of a ruling that the Ohio Supreme Court handed down late last month, holding that the state’s Good Samaritan law applies to any person administering aid at the scene of an emergency, and not just health care professionals.  I wondered whether a Good Samaritan concept applies to “emergency legal services.”

Duty of competence — even in an emergency?

Model Rule 1.1 of course requires you to bring to each situation the “legal knowledge, skill, thoroughness and preparation reasonably necessary.”  It turns out that Comment [3] addresses emergency situations — and it takes a somewhat wary approach.  The comment says that “In an emergency a lawyer may give advice or assistance in a matter in which the lawyer does not have the skill ordinarily required where referral to or consultation or association with another lawyer would be impractical.”

But, caution is called for:  “Even in an emergency, however, assistance should be limited to that reasonably necessary in the circumstances, for ill-considered action under emergency conditions can jeopardize the client’s interest.”

You might think of several kinds of extreme situations that could call for emergency lawyering.  One hypothetical that has cropped up in various permutations on the Multistate Professional Responsibility Examination, for instance, is a tax lawyer who stops at the scene of a car accident and the dying accident victim begs the lawyer to write down the victim’s last will and testament.  The correct answer is that the lawyer would not be subject to discipline for helping out, even if the lawyer doesn’t know how to write a valid will.

How about malpractice liability if the will is invalidated?  Well, there would certainly be issues about whether that tax lawyer had any duty to the third parties bringing suit.  But in addition, courts routinely look to the Rules of Professional Conduct to supply the standard of care, even though the Rules themselves do not provide an independent basis for tort liability.  (See Model Rules Preamble, cmt. [20].)  So, on a showing that the lawyer’s help was urgently required, that no referral or consultation was practical, and that the legal assistance was limited to what was necessary under the circumstances, I’d say that the lawyer should get out of a malpractice case on summary judgment.

Hurricane Katrina and its lessons

The issues regarding emergency lawyering got a real-life workout in the aftermath of Hurricane Katrina in 2005.  Many lawyers were displaced; and many lawyers from outside the crisis areas volunteered their legal services.  The situation raised multiple ethics questions, including regarding competence, multi-jurisdictional practice, conflicts of interest and client solicitation.  In an interesting 2009 article for the ABA’s Professional Lawyer magazine, two Louisiana attorneys discussed how these issues were addressed on the ground, and how they might be addressed in future natural disaster situations.

On the competence issue, the Louisiana State Bar Association’s ethics committee quickly issued a September 2005 opinion applicable to that state’s licensed lawyers.  While giving approval to working an advice hotline, or providing on-the-spot legal services at a booth, the opinion took a conservative approach:  “The Committee warned that hotline callers are desperate for help and likely more vulnerable than average clients; thus the Committee discouraged lawyers who lacked the competence  in the specific, relevant area of law from volunteering, as doing so could cause more harm than good.”  The opinion advised that lawyers should decline to provide advice in areas unfamiliar to them, and should refer clients, instead.

Put your own oxygen mask on first

So there’s no unqualified Good Samaritan protection under the Model Rules for lawyers giving emergency advice.  As in other situations, your home jurisdiction may have its own rule and/or ethics opinion, and they could certainly provide helpful guidance in case of a natural disaster situation, such as a hurricane.

But what if you find someone injured on the side of the road, and they need emergency lawyering?  I know that I’d help write that last will and testament and think about the consequences later.

scam alertYou know those e-mails out of the blue that start “We would like to engage you to handle our $1 million legal matter”?  From our friends over at Lawyerist.com comes a description of what happened when Steven Chung, an L.A. tax attorney, actually took the bait and pursued one of those invitations.

Chung’s story is headlined, “Dear Lawyers, if a client you never met sends you $350,000, it’s probably a scam” — and of course it was a scam, although the tale ends happily, and Chung avoided getting ripped off.

Set-up for a scam

Here’s how it unfolded: The “client,” supposedly located in an Asian country, asked for representation to file a visa application for an executive who needed to work in the U.S.  Chung asked for a retainer in advance; the potential client asked for an engagement letter.

In the meantime, Chung started digging around, and several things didn’t check out:

  • although the company was apparently real, its purported e-mail address was a Gmail account that anyone can open for free;
  • the “executive” had a LinkedIn profile, but had only four connections, none of whom were connected to the company;
  • other websites did associate the executive with the company, but again, the potential client could have set those up.

With his Spidey sense tingling, Chung turned down the work and thought that would be the end of the matter.  Instead, the client dangled some more bait:  $350,000 that Chung would receive from one of the company’s customers “from an unpaid invoice,” and from which Chung would be able to deduct his fee.  At that point, Chung writes, he “shifted from wariness to the full-fledged realization that this was a scam.”  Chung decided to ignore the communication.

Then, a check for $350,000 arrived in the mail.  It certainly didn’t check out:

  • The return address was from California — but the envelope bore non-U.S. postage.
  • The check was drawn on the Bank of Nova Scotia, though the business had no presence there (and many check scams seem to use Nova Scotia banks).

Temptation…

Chung writes that it was “hard to ignore my name attached to the receiving end of a $350,000 check,” but if he had cashed it, it “could immediately be returned for insufficient funds, at which point either the sender would make an excuse, or possibly accuse me of stealing money and try to blackmail me.  Or the check would be placed on hold by the bank and in the meantime, either the sender or the potential client would ask that I repay them immediately before the check cleared.  Assuming I had a spare $350,000, that money would be transferred and likely never be seen again after the check bounced.  Worst of all, I could have transferred existing money in my trust account, which can result in ethics violations.”

Chung didn’t fall for it, but he kept the check as a memento.

How to avoid the peril

Last year, we wrote about an ethics opinion from the Association of the Bar of the City of New York, which identified an ethical duty to exercise “reasonable diligence” in avoiding internet-based scams like this.  That is certainly an opinion to take to heart, because of the potential for client harm, as well as the obvious downside to you and your firm.

Chung did well to unmask the scam.  You, too, can avoid being a victim.  We agree with Chung’s advice:

  • Just say no, and don’t respond to unsolicited requests for legal representation.
  • If you do respond, “make sure that their documents match their stories.”
  • “Don’t be afraid to ask the tough questions.”
  • “Finally, and most importantly, do not send any money until all checks clear.  Don’t be afraid to wait for an extended period.”

Although Chung did not opt to report the scam, you should consider doing so if you find yourself faced with one.  You can report suspicious e-mails to the FBI’s Internet Crime Complaint Center (www.ic3.gov).

Pokemon Go App Icon on iPhoneSince it debuted in the U.S. a couple weeks ago, Pokémon Go has become a nationwide phenomenon. If you’re like I was, you may need a primer in order to understand what the hoopla is about.  The smartphone game was launched by Nintendo and The Pokémon Company.  It involves capturing and “training” phantasmagorical creatures called Pokémon, who feature in a longtime videogame franchise.  And yes, there’s an ethics issue for you to think about.

Here’s what USA Today says about our latest digital obsession:

“What makes the game special is its use of augmented reality, where Pokémon will appear [on your phone] as if they’ve been spotted in the real world.  The game presents a map powered by GPS, using real-world locations to spot Pokémon and collect items.  When you find one, the game opens up your smartphone’s camera, giving you a view of Pokémon in the real world.  Once you spot them, you flick a Poke Ball toward the creature to capture it.”

So, when you see people — and they’re all ages — walking around gazing down at their phone these days, they may well be engrossed in playing the game.

Pokémon can be found all over the place — homes, stores, parks, cemeteries, your law office, behind police departments and even the U.S. Holocaust Museum, before administrators said people couldn’t play there.

What does it mean for lawyers?

First of all, be careful!  People have reportedly been injured because they weren’t paying attention to their surroundings in their quest for getting to the next level of the game.  Two players fell off a cliff near San Diego, for instance, and had to be rescued.

The obvious ethics issue is your duty of competence under your jurisdiction’s version of Model Rule 1.1.  Comment 8 says that “a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…”

Twenty-one jurisdictions have already adopted the comment, which came into the Model Rules in 2013.  But even if your jurisdiction is not one of them, your general duty to have “the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation” still means you need to understand technological developments sufficiently to be able to advise your clients.

We had occasion to make the same observation about the many legal issues connected with the internet of things — you need to know this stuff because your clients are looking to you for advice and counsel on it.  As legal tech guru Bob Ambrogi has said, “You cannot assess the benefits and risks associated with various kinds of technology if you know nothing about the technology.”

Potential hot issues

The ABA Journal has collected some of the developing legal issues with Pokémon Go:

  • “Does placing a Pokémon character on a private property, without permission, affect the owner’s interest in exclusive possession?”
  • What about putting the creatures in potentially dangerous places — has that created an attractive nuisance?
  • “Does owning real property extend property rights to intellectual property elements that are placed on it?”
  • An augmented reality game like Pokémon Go can lead to competition for the use of the same physical space.  What if that disrupts the ability of players or non-players to enjoy the same space?  What if it leads to violence?  Who’s liable?
  • What First Amendment rights might be involved if government limits the players in a public space?
  • What about the game’s terms of service?  They “disclaim liability for property damage, personal injury or death while playing” Pokémon Go, “as well as claims based on violation of any other applicable law.”  How well will that disclaimer hold up?  There’s also a notice “that generally requires arbitration of disputes,” a contested provision in many contracts.

Clients may come to you with these and other novel questions related to Pokémon Go or other augmented reality games, as they become a bigger part of our modern lives.  You’ll need to research and analyze the issues if you have clients that might be affected — and many clients will be.

The take-away is to be aware of how these issues may affect your clients, because competent representation involves giving informed advice — not “off the cuff” answers.

Held to ransomA cyber-alert issued earlier this month by the non-profit Center for Internet Security warns of a dangerous wave of malicious e-mails that are specifically targeting lawyers.  The fake e-mails are calculated to get your adrenaline pumping and to get you to open them and click on a link — because they’re personalized, they look urgent, and they’re disguised as coming from your own state’s disciplinary body or bar association.

Don’t fall for these e-mails

The CIS, through its Multistate Information Sharing and Analysis Center, reports that the subject and body of these phishing or spoofing e-mails look like they are from your board of bar examiners, bar association, or disciplinary counsel.  In the subject line and/or body, they claim that a disciplinary complaint has been filed against you, or that your bar membership has lapsed.  You are asked to respond by clicking on a link — which, according to the CIS, “leads to a malicious download, potentially ransomware.”

We tweeted out the warning when it came in from Minnesota, but other states where lawyers have been targeted, according to the CIS, also include AL, CA, FL, GA and NV.

Tweet2

Well-written, well-disguised

The CIS says that unlike the obvious Nigerian-lottery-type e-mails we know to avoid, this latest wave consists of e-mails that are “well-written and appear to originate from the appropriate authority,” and they are personalized, too, which of course boosts their effectiveness.

As a member of my local certified grievance committee, I know the procedure my home state of Ohio uses to notify lawyers of grievances — and it does not include e-mail.  I doubt that your jurisdiction’s process does either.

Your full name, bar membership status, bar number, office address and other professional details are publicly available, usually through your supreme court’s web listing of enrolled lawyers.  So it is easy for the bad guys to find you, and relatively easy to match you up with an e-mail address.  If  Avvo can do it, why not criminals?

Ways to be savvy

CIS recommends several steps in response to this latest threat:

  • Know how to identify spear-phishing e-mails.  “This particular series of emails includes what appears to be a link to the state bar association, but when the user hovers over the link it shows that the link is really to a different website.  Copying and pasting the link, instead of clicking on it, would defeat this social engineering attempt.
  • Back up all your systems regularly “to limit the impact of data loss from ransomware infections.  Backups should be stored offline.”
  • CIS is a § 501(c)(3) non-profit; check out its additional recommendations for protecting against and responding to phishing campaigns, available here and here.
  • Report any suspicious e-mails to the FBI’s Internet Crime Complaint Center (www.ic3.gov) as well as to the legal organization that is spoofed in the e-mail.

And a duty to be savvy

As we’ve noted before, not only is it obviously in your own interest to avoid scams that would lock up your own computer data — it can also be part of your ethical duty of competence to your clients.  Law departments have been identified as particularly susceptible to falling for scam e-mails.

Our complete dependence on our computers makes them a point of vulnerability — take the steps necessary to avoid being exploited.

Arrrgh Button on Modern Computer Keyboard.My spouse and I visited Chicago years ago, and confusedly started driving the wrong way down a one-way street.  We were promptly pulled over by one of the Windy City’s finest.  I gave him my best smile, and said, “Sorry, officer, we’re from out of town.”  He grunted, “Don’t they have one-way streets where you come from?”  But he didn’t give us a ticket.  A recent disciplinary opinion out of Oklahoma, involving a tech-challenged bankruptcy lawyer, brings the story to mind.

E-filing woes bring bankruptcy court discipline

The lawyer in Oklahoma Bar Ass’n v. Oliver was admitted to practice in 1967, and represented clients in federal bankruptcy court for almost 30 years.  He ran into problems complying with the bankruptcy court’s electronic pleading requirements, which he acknowledged were caused by his lack of computer skills.  The bankruptcy court tried to work with the lawyer; its staff gave him personalized help on more than one occasion, but to no avail.  There was evidence that in his frustration, the lawyer even “insulted court staff when the Bankruptcy Court refused to bend the rules for him.”

These problems led the Bankruptcy Court for the Western District of Oklahoma first to suspend the lawyer from practice for 30 days in 2014 and then, in January 2015, to suspend him for 60 days.

At that point, the bankruptcy court took the unusual step of assigning the lawyer nine pages of “homework” to complete in order to demonstrate his technological competence and ability to conform to the court’s electronic filing procedures.  The lawyer flunked; the court charged him with getting unauthorized help with the “homework” (he strongly disputed that), and finally, in June 2015, permanently suspended him from practicing in that court.

In violation of the Oklahoma rules of practice, the lawyer failed to report his suspension to the state bar regulators; he claimed this was an oversight resulting from ignorance of the rule.

No tech knowledge?  No problem in OK.

But in its proceeding to determine whether to impose reciprocal discipline on the lawyer, a divided  Supreme Court of Oklahoma only saw fit to publicly censure the lawyer.  Refusing to suspend him for any amount of time, the court said that the lawyer’s “problem was technological proficiency.  This in itself, does not disqualify him from practicing law in the courts of Oklahoma.”

In their dissent, two judges said that the bankruptcy court’s series of disciplinary orders “reveal an attorney not only unable to meet the minimum requirements of modern bankruptcy practice but also one unwilling to make any substantial effort to do so.”  The dissenters were “unconvinced Respondent will represent future clients with any more competence than he displayed in his bankruptcy practice.”

Don’t be a legal Luddite

So what’s up Oklahoma?  As the Chicago cop asked us so many years ago (kinda), “Don’t you have e-filing in your state courts?”  And as the dissenting justices asked in this case, will this lawyer do any better in meeting the tech requirements — or the soon-to-be requirements — inherent in modern law practice before the tribunals of the Sooner State?

Oklahoma’s Rule 1.1, titled “Competence,” requires a lawyer to possess the legal knowledge and skill reasonably necessary for each representation.  And comment [6] advises that maintaining the requisite knowledge and skill means keeping abreast of changes in the law and its practice.  Being a legal Luddite doesn’t really pass muster under the ethics rules, as we’ve had a couple occasions to note before.

At the very least, technophobes should hire someone to do what they think they can’t learn to do, or they might risk an actual suspension, like the one the Kansas Supreme Court issued in 2008 to another bankruptcy lawyer who (among other things) failed to get up to speed on e-filing.

Seems like this Oklahoma lawyer, like we did in Chicago, escaped without a ticket.