© 2020 Published in GPSolo Magazine Vol. 37, No. 6, COVID-19 and the Law, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in any electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.
The pandemic of 2020 has dramatically raised the bar on capabilities required to comply with an attorney’s duty of technological competence. The same bar applies regardless of whether your state has adopted Comment 8 to American Bar Association (ABA) Model Rule of Professional Conduct 1.1.
Duty of Technological Competence
In 2012, the ABA amended Comment 8 to Model Rule 1.1 to require lawyers to keep abreast, to some extent anyway, of technology. With the relevant language emphasized below, Comment 8 reads:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
For a change-resistant profession always a step or three behind the rest of society regarding technology, this was a tremendous revision, Slowly, the states began to adopt it; currently, 38 states embraced the comment.
Even absent adoption of Comment 8, the practice of law evolved such that before COVID-19, many ethicists would agree that technological incompetence was a significant risk for ethics compliance.
The outer boundary of exactly what constitutes tech competence has never been definitively determined, nor will it be; technology changes too fast, as do societal attitudes, adoption, and norms. But this does not mean lawyers have been left without direction. Guided by our own choices of what technology to engage, how to work, and how to work with clients, we could largely navigate the tech world using the guidance we received from regulators. Gleaning key principles from ethics opinions, lawyers could adopt technology that enhanced their practices and complied with the ethics rules.
Various ethics opinions around the country speak to tech competence either generally or through reference to specific conduct. In 2017, the ABA issued Formal Opinion 477R discussing a lawyer’s ethical obligations to protect client confidentiality when using the Internet. The ABA had recognized that it needed to update an earlier opinion from 19999, ABA Formal Opinion 99-413, titled Protecting the Confidentiality of Unencrypted E-Mail, thus leading to Formal Opinion 477R. The ABA noted that cyber threats were a bigger issue than ever before, particularly than they were in 1999, and lawyers now had a duty of technological competence. Thus, it placed on lawyers the duty to analyze on a case-by-case basis how they communicate with clients and to determine each time what steps were reasonable to take to ensure a client’s confidences were maintained.
In 2014 California issued Formal Opinion 20150193, dealing specifically with a lawyer’s duty of competence with respect to litigation and e-discovery. There, regulators determined that lawyers must either know how to properly use the technology or hire (and supervise) someone who does. Otherwise, the lawyer could not continue the representation. Many states issued similar guidance, particularly on e-discovery, which was an early tech topic for lawyers.
Opinions were also issued on how to run a virtual law office, as those slowly gained traction, although many opinions were focused more on advertising and unauthorized practice of law (UPL) than they were on technology. (Ohio issued Opinion 2017-5, Washington issued Advisory Opinion 201601, and California issued Formal Opinion 2010-179, focusing largely on technology; North Carolina issued 2005 Formal Ethica Opinion 10, New York issued Formal Opinion 2019-2, and Illinois issued Advisory Opinion 12-09, all focusing more on advertising and UPL issues.)
Although the ethics opinions did not contain a single “how-to” guide for meeting the tech competence duty, read together they gave us reasonable guidance.
Pre-COVID-19 Guidance on Working Remotely and Other Hot Topics
As time went on, enough regulators put forth guidance that we as a profession could see the general concept quite clearly: We had to know how to use the commonly accepted tools before us, we could not ignore them or blame them when our skills failed, and we could use less commonly accepted tools available to us so long as we vetted them for security and learned their functions so we employed them properly.
We did not often have very specific guidance, for tools evolve much faster than ethics rules or opinions. Ethicists could glean from existing guidance how to handle the next hot tool; past guidance had identified the key concerns that went into any analysis. Lawyers knew confidentiality was a key concern; security issues were at the forefront of networked technology solutions; and at the very least everyone should read the user’s manual to know whether their mobile communications were being sent as “reply all.”
When working remotely became more common, there were few ethics opinions addressing all the issues raised by working from a laptop in a coffee shop, but there were some. And we could determine from existing guidance some basic concepts. We should not leave our laptop on the table when we step away for a moment. even if our laptop is left with a trusted person, it should be secured and a password required to log in. If we are going to have a privileged or confidential conversation, we need to move to a private location. On public WiFi, a virtual private network (VPN) is a minimum best practice.
If we were working in coworking space, the same guidelines would apply. At home, network security might be handled differently, but still, it needs to be handled. Phone conversations need to be private.
What was completely different before COVID-19, however, was that all the ethics concerns regarding working remotely could effectively be avoided by simply not working remotely.
When COVID-19 hit the world in early 2020, the legal profession was, of course, thrown off course like everything else. Suddenly, business ground to a halt; all viable options to restart progress were technological in nature.
Overnight, working remotely went from a luxury or a choice to a basic necessity. Law firms that survived (and even thrived) in those first weeks were those already set up to work remotely; the next to ride the wave to success were those firms that could rapidly adapt to remote life.
Working remotely also hit sectors of the legal profession that had never had any form of remote work before. Judges never held court from home before COVID-19; new lawyers were not sworn in via Zoom until 2020. In sectors where remote work had never been contemplated on any real scale, change had to be implemented quickly. And it was.
In the period from March 2020 to May 2020, courts that had eschewed e-filing for years (often citing budget constraints and technological hurdles of building an e-filing platform) began accepting e-mails and attachments as formal filings. Mediations and arbitrations that otherwise would be canceled or postponed indefinitely quickly pivoted to being held by Zoom. In the blink of an eye, court trials were being conducted remotely, too.
As institutions found their bearings and reopened their virtual doors to allow legal business to be conducted once again, the players in those institutions had to adapt as well.
We could no longer simply rely on the tools we chose to use or the tools that had achieved such a level of acceptance in the profession that they could no longer be ignored. In the 20 years between the 1999 ABA ethics opinion permitting the use of unencrypted e-mail and the 2017 opinion requiring weighing of factors in determining the use of the Internet, e-mail went from optional in the profession to mandatory. (State bar opinions even make an up-to-date e-mail address mandatory as part of the member’s state bar record.) With COVID-19, videoconferencing went from optional to mandatory in about three months.
We were thrust into using tools that were optional in 2019, and we could not misuse them to the detriment of our clients. We quickly had to learn to use them and use them well. Misuse now accepted or mandated tech tool, and you could find yourself violating multiple rules beyond the duty of tech competence.
Regulatory Bodies Took Note
For a profession that is notoriously sluggish to have ethics opinions or guidance issued, the legal profession stepped up when it came to COVID-19.
On April 10, 2020, less than a month after most of the country had shut down due to the pandemic, Pennsylvania became the first state to release official ethics guidance on working remotely. Judged by the usual timeline of ethics guidance, this was insanely fast.
Although Pennsylvania’s Formal Opinion 2020-300, Ethical Obligations for Lawyers Working Remotely, was issued due to COVID-19, and in fact explicitly references it, its precepts govern all remote work regardless of why someone is working remotely. Its guidance will be just as relevant when COVID-19 is resigned to history books as it is today.
In issuing the new opinion, Pennsylvania reaffirmed its previous opinions on cloud computing and virtual law offices, and it affirmed and adopted ABA Formal Opinion 477R. The rules and obligations did not actually change due to COVID-19, but they needed to be put down in clear, current form for all to see because their implementation was changing.
Pennsylvania clearly delineated bare minimum requirements for working remotely. Some of these could previously have been avoided by lawyers who chose not to work remotely, thus allowing them to meet their duty of technological competence without having to take these specific steps. The steps included securing communications, including phone, text, video, or e-mail; designing remote work spaces to ensure paper and electronic data remain secure; and educating and equipping remote staff to maintain compliance with the ethics rules.
Many other states issued less formal guidance to lawyers navigating the pandemic, but these, too, highlighted how the world had quickly changed, but our duties had not. What we needed to do to fulfill those duties shifted right along with the COVID-19 curve.
Michigan issued informal guidance on meeting ethical obligations during the pandemic (https://tinyurl.com/y3hkh3lc). It admonished lawyers that its rules of professional conduct remained in effect despite the crisis. The guidance included explicit acknowledgment with respect to tech competence that “Many of us are taking a crash course in remote access, video conferencing, and establishing normalcy when we are not in our offices.”
The California Lawyers Association’s Ethics Committee issued informal guidance, too (https://tinyurl.com/y5vyee46). It included some “obvious and simple measures” lawyers should be taking, such as keeping their laptop charged, having access to client files remotely, and handling hard copy mail addressed to their office (where they are not physically present).
What It Means to Be Tech Competent During the Pandemic
The evolution of the ethics guidance, the rush to provide some solace to struggling lawyers in the midst of COVID-19, and the massive change in how legal business has been conducted over the past few months changed the duty of tech competence. Pre-COVID-19, most non-Luddites could easily fulfill this duty without giving it much thought; mid-COVID-19, it has challenged even most tech-savvy lawyers.
Yet, despite the challenges, technological ignorance will never be an acceptable excuse for a lawyer to breach a duty of confidentiality, a duty to communicate, a duty to supervise, or any other ethical duty. Today, it takes more willingness to learn and more careful integration of technology to meet those obligations.
Consider how the environment in which we work has changed beyond our control. Most lawyers, and many judges, have worked from home during the pandemic. At one time, we could work from home alone while our children were at school. Today, most children are also home. Add to that virtual schooling, so a home is filled with multiple devices streaming video and audio to multiple non-secure locations at once. Before COVID-19, no lawyer working from home was worried that their confidential client call would be picked up and transmitted to 28 second graders and their parents, but that precise situation could easily happen today.
Our surroundings are of the biggest security risks, leading to tech competence issues. Speakerphones, thin walls and floors, people wandering through the house where we are working, all create security risks. Computers being accessible to more people in a home than were in an office is a security risk. These are brick-and-mortar problems with technological solutions.
Before COVID-19, a lawyer could easily avoid violating the duty of tech competence on the handling of sensitive client documents by not having these documents transmitted electronically. Now it is not reasonably possible to operate entirely in hard copy.
Actual use of the technology that some lawyers had not used before is key, and this is often without the benefit of an associate or IT professional in the room. Excuses about not knowing how to use the technology began to fall flat within weeks of widescale tech adoption in our institutions. Court is now held by Zoom; lawyers who cannot find the mute/unmute button or turn on their camera properly are no longer shown grace. It quickly faded when the majority got on board.
It would now likely be a violation of your duty to perform competently to appear in video court on a client’s behalf and not be able to unmute yourself when it was time to talk. It would certainly be a breach of confidentiality to fail to mute when fielding a phone call from your client while on video with the court. Similarly, turning on your video camera while sitting in front of your wall-mounted whiteboard listing all of your client matters is a sure confidentiality breach.
Adding to the complexity of meeting our duties is the fact that we are not always in control of the tools we will use. Courts choose their video platforms, clients may choose their encryption tools, and court reporters may require a specific platform for depositions. To meet our obligations, we must swiftly learn how to use the app we are given when it is beyond our control. If you are charged with a failure to perform competently, your defense cannot be that you were on a new platform and did not know how to use it.
The way we have changed how, when, and where we work in the midst of COVID-19 has upended what it means to remain technologically competent. The tools we once chose are now thrust upon us. There are no Luddite choices; technology is absolutely required.
Many of the changes we are testing out now in the pandemic will stay with us when it ends. We will never go back to the old way of working, and we will always need to meet the current standard of tech competence as a bare minimum. The bar has been raised, and it will not be lowered again.