There has been some discussion lately about the legal ethics of using computers in law practice. In particular, there’s been discussion of cloud computing and “software as a service.” See here and here, for example. Ethics opinions and ethics pundits are discussing exactly how much security these services must have, and how much an attorney has to investigate them before ethically using them.
I confess I don’t understand this. The ethics rules already require lawyers to maintain their clients’ confidences, and already require lawyers to maintain their clients’ property and records. In the pre-computer days, all records were stored on paper. Lawyers typically stored them in their offices, or in separate file rooms. No one, however, ever bothered to ask: “Are deadbolt locks on office doors sufficient? Are they required? If you use a combination lock instead, do you have to call up the lock company and inquire how secure their combinations are? Do you have to interview your janitorial staff and conduct background checks on them on a regular basis to ensure that client files to which they have physical access are safe?”
All of these physical security questions in pre-computer days were left up to a reasonableness standard. If you were exercising reasonable care in preserving client documents and files, then you were complying with the rules.
What’s the difference with computers? Why do some people feel that it is necessary to spell out in great detail what is secure, what’s not secure, and how much security needs to be investigated? This seems like a waste of time and energy, especially given the rapid pace of technological change. Not to mention the fact that modern, encrypted computer storage is probably much safer than the average physical deadbolt lock, as well as the fact that attorneys are not particularly well-situated to evaluate computer security.