The Ethics of E-mail Tracking Software and Web Bugs: More Complicated Than You Might Think

Yesterday's feature on Attorney at Work was Does Email Tracking Violate the Rules of Professional Conduct? It was written by Mark C. Palmer, who is Professionalism Counsel for the Illinois Supreme Court Commission on Professionalism. He cites a recent Professional Conduct Advisory Opinion from the Illinois State Bar Association, (Opinion No. 18-01, issued January 2018) along with advisory opinions from Alaska Bar Association, New York State Bar Association and Pennsylvania Bar Association to conclude that using e-mail tracking software is unethical.

(Since I am discussing legal ethics, please note these opinions expressed are my own and not those of my employer.)

Palmer cites an instructive example of tracking an email with a settlement offer as it is opened by counsel, forwarded, and then opened by the client's general counsel and several client representatives so the sender can unethically gauge how serious the settlement offer is being taken. Illinois opinion 18-01 makes the same point: "The undisclosed use of email tracking software by a lawyer, without the informed consent of the recipient, conceals the fact that the sending lawyer is secretly monitoring the receipt and handling of the email message and its attachments by the original recipient as well as each subsequent receiving party." The New York Opinion also noted that the use of these web bugs may violate The Electronic Communications Privacy Act, 18 U.S.C. § § 2510, et seq. (I note these are widely used in email marketing today and I haven't heard of prosecutions.)

Web bug 2I do understand. Web bugs are creepy and invasive.

But this leads to another question. Is using U.S. Postal Service certified mail an ethics violation? I doubt you could find any lawyer who says that it is. Certified mail is used daily in law offices for service of process, to confirm delivery and when mailing valuable items. It is simple and straight-forward with none of the hidden aspects of web bugs. No law office wants to run out of certified mail supplies because almost every law office uses certified mail regularly.

But with drafting committees focused on creepy web bugs, I fear they have used language that might be interpreted as also prohibiting what I consider a legitimate practice of using "certified emails." One can easily think of many legitimate uses for such a service, such as accepting a settlement offer with an expiration date by email. We have even heard of cases where a judge has authorized delivery of process or notices by electronic means. One would certainly want to have the digital equivalent of a USPS certified mail "green card" in that situation. And isn't it pretty obvious that we will see greater use of electronic service of process as more laws are changed to allow this?

The Pennsylvania Bar Association's Formal Opinion 2017 – 300 discusses email receipts. It states: "This Opinion relates to the use of web bugs and similar devices, but does not prohibit the use of “Read Receipts” or “Delivery Receipts” or similar tools used by Microsoft Outlook and other email programs. Because recipients are aware of, and may configure their software to permit such receipts, to make their use optional, or to preclude their use, their use by lawyers does not violate the Rules of Professional Conduct...."

"This Committee concludes that the Pennsylvania Rules of Professional Conduct prohibit lawyers from using “web bugs” or any other method to track the receipt and distribution of email sent to opposing counsel. While the use of visible tracking devices such as those used in commercial email do not violate the Rules of Professional Conduct, the use of a web bug, which opposing counsel cannot determine is present, violates rules 4.4 and 8.4."

Since an e-mail recipient can decline a "Read Receipt Request," it is ineffective to prove someone read something if they do not cooperate --and sometimes those for whom you most want to have proof of delivery are also those who would never click on a "Read Receipt" agreement. The other problem is referring to visible vs invisible tracking. Computers maintain a lot of information that is available for those who know how to find it. Is that visible or not? For example, every email in your inbox has an Internet header that contains much information if you know how to view it. Is that visible or invisible? It is important to note that the title of the Pennsylvania opinion is Ethical Obligations of Lawyers Using Software To Track Email Sent To Opposing Counsel. So in that context, I am quite comfortable with the conclusion that anything that reports back to you anything more than delivery and opening from opposing counsel's email should be known to opposing counsel. Certified email providers can provide notices within the email that their product is in use.

Illinois State Bar Association Opinion 18-01 is not limited to opposing counsel, however— and that is problematic. This opinion states: "A lawyer may not use tracking software in emails or other electronic communications with other lawyers or clients in the course of representing a client without first obtaining the informed consent of each recipient to the use of such software." I understand that they were focused on those nasty web bugs. But certified email is still a form of "tracking software." In these days of lost emails, emails that are mysteriously never delivered and spam filters grabbing emails, one can make a case that competent representation today involves making certain that a client has actually received and read an important digital communication. A process that insures that is quite different from a web bug telling you that a young client forwarded your email to his mother for her interpretation.

Lawyer regulators must appreciate that not all legal representation involves corporations with general counsel. Sometimes lawyers represent individuals who made bad decisions which led to the representation and who will continue to make poor decisions during the representation. It is a lawyer's obligation to assist them in making good decisions— if possible. So making certain a client opened an email advising them of the change in the time of next week's hearing or the location of their deposition sounds more like good lawyering than inappropriate spying to me. A delivery receipt alone could still mean it was trapped by a spam filter and never seen by the intended recipient.

But that's not the only practical problem. The ABA released Ethics Opinion 477 on encryption of attorney-client email on May 11, 2017. This opinion makes it clear that some attorney-client communications cannot be sent via plain unencrypted email. The opinion notes that a hard and fast rule cannot be crafted to apply to all situations, and therefore a fact-based analysis must be applied. That could be a bit time-consuming for the law firm and mistakes may be made. Plus some individual clients may not be comfortable with the mechanics of decryption processes.

I have long believed that smaller law firms will be well-served to use client portals to share documents and other communications.  See Email Attachments vs. Client Portals. It is likely Emaileasier to get a client to log into a portal these days. They may have done something similar for items ranging from HIPAA-protected medical records to their Amazon account. Most of the cloud-based practice management systems available for lawyers include built-in client portals, making their use much quicker and easier for the law firm than other methods. It is a great client service to have all of the documents related to a matter organized and available for online client access 24 hours a day.

But, of course, online portals log everything that happens from the number of times a client logged in to the number of times they opened a particular document. These logs could also provide some protection to the attorney if a client denies ever seeing a document and the log shows the client opened it on ten different occasions. Lawyers often document their files for their protection against false claims or bad memories. Most would think that is a good business practice. Labeling these logs as unethical seems wrong to me.

Illinois State Bar Association Opinion 18-01 notes that recording of phone calls without permission is illegal in Illinois and it is therefore unethical for lawyers to record client phone calls without permission. It cites that precedent  among several supporting the proportion that web bug e-mail tracking is likewise unethical. Would it extrapolate this opinion to say that examining a client portal access log was unethical?

While that may seem unlikely to some observers, Illinois lawyers using client portals may consider documenting the client's consent to this aspect of representation. That may involve adding language to their attorney-client agreement referencing client portals and how their logs operate to obtain informed client consent or other methods. But today most people understand that logging into a password-protected website leaves a record of your visit.

Hopefully if ethics authorities examine the web bug issue in the future, they will make note of the possibility of laws authorizing digital service of process, an ethical lawyer's need to make certain important client communications are not lost in a spam filter and that it might be a good thing, at least in some cases, if a lawyer was aware that a client was not opening the attorney's emails.

An old saying is bad facts make bad law. Maybe bad web bugs do, too. But "bad" is a value judgment and, to be clear, if you receive any electronic newsletter or regular emails from any electronic mailing list, the odds are the sender not only knows whether you open each e-mail, but the average time of day you open their e-mails— if not more.