II. The Ethics of Intentionally Taking Advantage of Other People's Failures

“The first thing [some lawyers] often do when they get documents[-i.e., electronic files-]from the opposition is to look for metadata to see who drafted it or look for embedded versions of earlier drafts.”16 Most likely, the lawyer who looks for embedded data is hoping that the lawyer who sent it either failed to remove the information or failed in his attempt to do so. The bar associations are split on whether trying to uncover this hidden information is ethical. Some hold that taking active steps to view embedded data violates two ethical rules, while others hold it violates none.

Two issues arise in this context. First, is the inclusion of embedded confidential data in an intentionally transmitted file “inadvertent,” requiring that the recipient notify the sender of the mistake as if the embedded data was a misdirected fax? Second, is it “dishonest” to take active steps to view embedded data?

A. Is Embedded Confidential Information Inadvertently Sent?

1. The Law of Inadvertent Transmission

It is important to survey the approach that courts and bar associations take to the typical form of inadvertent transmission-a misdirected fax or e-mail-in order to understand whether the same law applies to the receipt of embedded data. This section briefly describes that body of law.

The authorities have identified two forms of transmission that implicate the ethical rules. One occurs when a lawyer inadvertently includes an unintended person as a recipient of correspondence.17 For example, this scenario occurs when counsel sends a fax to opposing counsel that was intended for a client.18 The second form, which is actually an unauthorized transmission, occurs when an unauthorized person intentionally transmits privileged information to an opposing party.19 This latter form of transmission happens when, for example, disgruntled employees mail opposing counsel confidential documents that harm their employer.20 Presumably, a file sent without authority will continue to be viewed under the “unauthorized” rubric and not as an instance of inadvertent transmission. Therefore, this Article focuses on the more prototypical form of inadvertent transmission.

Even before the rise of e-mail, this form of inadvertent transmission was so common that the American Bar Association (ABA) issued a formal opinion in 1992 addressing the obligations of lawyers who receive inadvertent transmissions. In ABA Formal Opinion 92-368,21 the ABA concluded that lawyers who receive facially confidential or privileged materials should refrain from examining them, notify the sender, and follow the sender's instructions. Moreover, many individual jurisdictions have concluded that when a lawyer receives confidential information and the circumstances clearly indicate that the transmission was inadvertent, the recipient has an ethical duty to notify the transmitting lawyer of the mistake and, in some jurisdictions, follow the transmitter's instructions on how to proceed.22

Later, the ABA adopted a rule that specifically governs the obligations of lawyers who receive information inadvertently sent by another party. Model Rule 4.4(b) provides: “A lawyer who receives a document relating to the representation of the lawyer's client and knows or reasonably should know that the document was inadvertently sent shall promptly notify the sender.”23 A comment to the rule explains that a lawyer who knows or reasonably should know that a document was sent inadvertently should “promptly notify the sender in order to permit that person to take protective measures.”24 The comments also specifically state that the rule covers inadvertently sent e-mail.25

In some ways, Model Rule 4.4(b) is broader than Formal Opinion 92-368; it covers all inadvertent transmissions, not just those which involve confidential information. On the other hand, the obligation imposed is narrower. In contrast to Formal Opinion 92-368, the only obligation imposed by Rule 4.4(b) is notice; whether the lawyer should refrain from looking at the document and whether the lawyer must abide by the sender's instructions are matters not addressed by the Model Rules.26

Model Rule 4.4(b) has been adopted in roughly fifteen jurisdictions.27 In addition, bar and judicial opinions in many jurisdictions continue to impose more demanding duties upon lawyers who receive inadvertently transmitted documents from another lawyer than those imposed by Rule 4.4(b).28 The requirements imposed upon lawyers by these bar opinions vary significantly,29 however, and not every jurisdiction has adopted either an opinion or Model Rule 4.4(b) to address this issue.30 Nonetheless, the authorities addressing the issue have imposed at least an obligation of notice on lawyers who receive information under circumstances where he or she knows, or should know, that the information is confidential and was inadvertently sent.31

2. The Nature of Inadvertence

Because the ethical obligations of lawyers depend on the presence of “inadvertence,” it is important to be clear about what is “inadvertent” and what is “advertent” in this context. This traditionally clear dichotomy is challenged by electronic communication. Consider the lawyer who creates a file and sends it to the very lawyer to whom he meant to send it, but the file contains embedded confidential information that the sending lawyer did not know was going along with the file. Can the transmission of the embedded data be characterized as inadvertent when it is clear that the lawyer intended to transmit the file, but not to send the embedded data? Thus, the inadvertence associated with the embedded data is the converse of the fax situation: the recipient is intended but the content is not.

In the typical Model Rule 4.4(b) scenario, the receiving lawyer knows that the document was not intended for him, since it was probably addressed to another person or the document revealed strategies for litigation or settlement. It is not a great leap, under those circumstances, to conclude that the recipient knew or should have known that the information was inadvertently sent.

Can the same thing be said about embedded data? After all, intentionally sending a file with the embedded data makes the transmission, to some extent, advertent. There was no mistake as to which file to send.

An analogous situation would be when a lawyer mails one document to opposing counsel, but unknowingly includes in the envelope another document that contains confidential information. No doubt, the lawyer intended to send one document. The courts and bar associations have had no difficulty in concluding that this does not mean that he intended to send both.32 Thus, the unintentional inclusion of a confidential document is inadvertent notwithstanding its association with a document that was sent intentionally.

Arguably, the situation of embedded data may be different because there is only one document involved; the lawyer intended to transmit the file and that file contained the embedded data. Even so, can the transmission of confidential data in the file nonetheless be deemed to be inadvertent?

The authorities are split on the answer to this question.

3. Existing Authority on Embedded Information and Inadvertent Transmission

The New York Bar Association was the first to address this issue and took the position that inclusion of embedded confidential information may be inadvertent, even if it is included in an intentionally transmitted file.33 New York Opinion 749 established a strong presumption of inadvertence, recognizing that, although the transmitting party intended to transmit the “visible” document, “absent an explicit direction to the contrary counsel plainly does not intend the lawyer to receive the 'hidden' material or information.”34 Thus, the New York State Bar concluded that lawyers who receive files with embedded data either know, or should know, that the embedded data was not sent advertently.

More recently, an opinion from Florida confirmed this view.35 It concluded that lawyers should “not try to obtain from metadata information relating to the representation of the sender's client that the recipient knows or should know is not intended for the recipient. Any such metadata is to be considered by the receiving lawyer as confidential information which the sending lawyer did not intend to transmit.”36 Thus, the bar associations of Florida and New York have both concluded that, even if the document was transmitted intentionally, the embedded data was not.

These opinions seemed to make sense. However, in an August 2006 opinion,37 the ABA rejected the proposition that embedded data is always unintentionally sent.38 Although the ABA seemed to suggest that some embedded data could be deemed to be inadvertently sent, its analysis on this critical point is less than clear.39

The ABA first concluded that Model Rule 4.4(b) by its terms does not apply and, instead, characterized the rule as merely the “most closely applicable rule” because it “relates to a lawyer's receipt of inadvertently sent information.”40 Emphasizing its disagreement with the proposition that embedded data is never unintentionally sent, the ABA stated that, although Model Rule 4.4(b) might require the lawyer to notify the sender of the receipt of the information if it was sent inadvertently, “the Rules do not contain any specific prohibition against a lawyer's reviewing and using embedded information in electronic documents.”41 Further, the Committee noted that it “does not characterize the transmittal of metadata either as inadvertent or as advertent, but observes that the subject may be fact specific.”42 The Committee ultimately stated that whether a receiving lawyer knows or should know that embedded data was sent “inadvertently” in terms of Model Rule 4.4(b) was a question “outside the scope of this opinion.”43

4. Who got it right?

Embracing the proposition that embedded data is not always-or at least not presumptively-included unintentionally is startling, and it opens the door for lawyers to review embedded data first and ask questions later. This is striking because it is hard to imagine a scenario where a lawyer would intentionally include confidential information in the form of embedded information. Thus, as two other bar associations realized, a lawyer at least should know that any embedded confidential information was sent inadvertently.

The ABA's determination that inadvertence of embedded data transmission depends on the facts in which transmission arises ignores reality and gives license to recipient lawyers to contend that such information was included advertently. The ABA's approach also cannot be harmonized with the opinion's own characterization of embedded data as well-known. If the existence of embedded data was well-known, the transmission of embedded confidential information would have to be inadvertent because no lawyer intentionally sends confidences to the opposition. Thus, even on the ABA's own premises, the only reasonable conclusion is the presumption that embedded data was sent inadvertently.

What is even more troubling about the ABA's opinion is its failure to acknowledge that opening a document in a word processing program generally will not reveal embedded data. It takes intentional steps beyond the double-clicking required to view a word processing file to view embedded data. As the New York Opinion emphasized: “[I]t is a deliberate act by the receiving lawyer, not carelessness on the part of the sending lawyer, that would lead to the disclosure of client confidences and secrets.”44 The ABA did not address the fact that only active steps by the recipient result in true receipt of the embedded data.45 As a result, the ABA permits lawyers to intentionally take advantage of other people's failures.

B. Is it Dishonest to Review Embedded Data?

Model Rule 8.4(c) provides that it is “professional misconduct” for a lawyer to “engage in conduct involving dishonesty, fraud, deceit or misrepresentation.”46 Rule 8.4(c)'s “prohibition . . . is a broad one. It encompasses conduct toward clients, tribunals, parties, witnesses, opposing counsel, and everyone else, both within and outside the realm of the practice of law. It covers the act of failing to disclose, as well as affirmatively lying.”47

This section analyzes whether it is dishonest, within the meaning of Model Rule 8.4(c), to view embedded confidential information. The authority, once again, splits on this question and even on whether the answer matters.

1. Does it Matter if it's Dishonest?

Model Rule 8.4(c) is often characterized as a “catch-all.”48 In other words, “[o]ften, the same behavior that violates subsection (c) also violates . . . other ethics rules.”49 The role of these catch-all provisions, as well as the need to avoid reading them too broadly, was succinctly explained by the American Law Institute:

Modern lawyer codes contain one or more provisions (sometimes referred to as “catch-all” provisions) stating general grounds for discipline, such as engaging “in conduct involving dishonesty, fraud, deceit or misrepresentation” (ABA Model Rules of Prof'l Conduct, Rule 8.4(c) (1983)) . . . . Such provisions are written broadly both to cover a wide array of offensive lawyer conduct and to prevent attempted technical manipulation of a rule stated more narrowly. On the other hand, the breadth of such provisions creates the risk that a charge using only such language would fail to give fair warning of the nature of the charges to a lawyer respondent and that subjective and idiosyncratic considerations could influence a hearing panel or reviewing court in resolving a charge based only on it. . . . Tribunals accordingly should be circumspect in avoiding overbroad readings or resorting to standards other than those fairly encompassed within an applicable lawyer code.

No lawyer conduct that is made permissible or discretionary under an applicable, specific lawyer-code provision constitutes a violation of a more general provision so long as the lawyer complied with the specific rule . . . . 50

Thus, although Rule 8.4(c) is intended to catch conduct that falls outside the technical reading of the other rules, it should not be interpreted in a manner that either results in a failure of notice or punishes what another rule permits.

As noted below, other bar associations have applied this catch-all to the question of whether it is dishonest to review embedded data. However, the ABA reasoned that because Model Rule 4.4(b) addresses inadvertent transmission, the issue of dishonesty was irrelevant: “[T]he recent addition of Rule 4.4(b) identifying the sole requirement of providing notice to the sender of the receipt of inadvertently sent information, [is] evidence of the intention to set no other specific restrictions on the receiving lawyer's conduct found in other Rules.”51 In support of its conclusion that Model Rule 8.4(c) was no longer intended to play its gap-filling role under these circumstances, the ABA pointed only to the following reporter's explanation of why Model Rule 4.4(b) was added to the Model Rules:

Numerous inquiries have been directed to ethics committees regarding the proper course of conduct for a lawyer who receives a fax or other document from opposing counsel that was not intended for the receiving lawyer. ABA Standing Committee on Ethics and Professional Responsibility Formal Opinion 92-368 advised that the receiving lawyer is obligated to refrain from examining the materials, to notify the sending lawyer and to abide by that lawyer's instructions. That opinion has been criticized, in part because there is no provision of the Model Rules directly on point. The Commission decided that this Rule should require only that the lawyer notify the sender when the lawyer knows or reasonably should know that material was inadvertently sent , thus permitting the sending lawyer to take whatever steps might be necessary or available to protect the interests of the sending lawyer's client. 52

By relying on this unadopted reporter's note that fails to mention Rule 8.4(c), the ABA's opinion ignores a key distinction between the problem of embedded data and other instances of inadvertent transmission. While the reporter's note does emphasize that the lawyer's only obligation upon receiving information inadvertently is to notify the recipient, it fails to address whether it is dishonest for a lawyer to search for it in the first place. Rather, the note merely states that his only obligation under the Model Rules is to notify the sender if he finds it. Thus, the ABA's conclusion that the dishonesty of the conduct is irrelevant places more weight on the reporter's note than it can support.

Moreover, the reporter's note does not necessarily make the dishonesty of lookingat the embedded data irrelevant, nor does any authority cited in the ABA's opinion require the conclusion that Model Rule 8.4(c) is irrelevant. Reading Model Rule 8.4(c) to prohibit examining embedded data does not conflict with Model Rule 4.4(b), because nothing in Model Rule 4.4(b) necessarily permits a lawyer to look at embedded data. Additionally, Rule 4.4(b), as interpreted by the ABA, requires a lawyer who knows embedded data has been sent inadvertently to notify the transmitting lawyer, which suggests that looking may be unethical.

The question then becomes, is it dishonest to look?

2. Is It “Dishonest” to View Embedded Data?

Recall that, normally, embedded confidential information is invisible; that is why it is accidentally included. Thus, for a recipient to view embedded data, he typically must take active, deliberate steps to reveal the information.

Not surprisingly, bar associations have concluded that taking active steps to look at confidential information is dishonest. The New York bar association recognized that it smacked of dishonesty for a lawyer to “intentional[ly] use . . . computer technology to surreptitiously obtain privileged or otherwise confidential information from an opposing party.”53

The ABA disagrees on this issue, as well. After finding the issue of dishonesty irrelevant, the ABA reasoned that it was not dishonest for a lawyer to take active steps to review embedded data that had been inadvertently sent by another lawyer.54 Its conclusory explanation states twice only that “the Committee does not share” the view of other bar associations that intentionally looking to see if a lawyer included client confidences was dishonest.55

Because of the factual premises of the ABA's argument, the opinion's conclusion is untenable. The ABA opinion assumes that it is well-known that files contain embedded data and that embedded data comes in an understandable form.56 These assumptions57 do not change the fact that sensitive embedded data will be included in a transmitted document only when the lawyer sending it makes a mistake, i.e., an inadvertent transmission. No lawyer intentionally transmits confidential information to an opponent. Indeed, the fact of common inadvertent transmission is what led the ABA to adopt Model Rule 4.4(b) in the first place.58 Yet, the ABA opinion reasoned that it is not dishonest for the receiving lawyer to actively take steps to uncover confidential information that-under the opinion's assumptions-almost by definition had to be inadvertently included.

Finally, the assumptions that embedded data is well-known and understood crumble in the face of continued reports of inadvertently transmitted embedded data. The only study located found that, rather than being well-known, in as late as 2004, only 43% of respondents were aware that embedded data even existed.59 Reflecting that fact, major law firms have posted “filed versions” of complaints on the Internet which contained embedded data that revealed prior revisions, comments, and other embedded data.60 Corporations, governments, individual lawyers, and others have done the same.61 Patches offering fixes and warning about embedded data were released only in late 2006,62 at virtually the same time the ABA issued its opinion stating that everyone knew and understood about embedded data. Given the realities, the ABA's conclusion that embedded data is not sent inadvertently, or is not presumed to have been sent inadvertently, is inexplicable.

The notion that a lawyer should be permitted to look for inadvertently transmitted embedded data and, thereby, intentionally take advantage of the accidental failure of a colleague to understand the inner workings of software is startling. The characterization of the intentional act of taking advantage of those mistakes as anything less than dishonest is disappointing.