Christian L. Castle, Attorneys -- Austin, Texas

Austin Music Lawyer

We practice in transactions at the nexus of the traditional music industry, content based technology and public policy.

More about C/C.


Free Email and the Attorney Client Privilege

by Chris Castle

[from Texas Lawyer 22 (October 13, 2014), recommended by State Bar of California as an ethics resource to lawyers]

         A lawyer’s duty to maintain the confidentiality of privileged communications is axiomatic. Given Google’s scanning and data mining capabilities, can lawyers using Gmail comply with that duty without their clients’ informed consent?

         Texas Disciplinary Rule of Professional Conduct 1.05 prohibits lawyers from “[using] privileged information of a client for the advantage of the lawyer or of a third person, unless the client consents after consultation.”

         An example of an “advantage” would be commercial tips gained from acting on the substantive content of a privileged email. But “advantage” arguably includes the selling and reselling of the privileged information itself as advertising inventory or for data mining. That “advantage” arguably benefits both the lawyer (free or near free email) and the email provider.

         If a lawyer chooses Gmail or Google Apps for Business, does the lawyer have a duty to obtain the client’s consent given Gmail’s functionality?

         Gmail and Google Apps for Business offer lawyers a deal—barter data from emails (and possibly file attachments) for cheap or free email service. In return, Google “asks” the lawyer to consent to (1) in-context advertising being served to free Gmail, (2) data mining to “profile” both the sender and recipients, and (3) combining the profiled data with other user data collected by Google from its other products such as YouTube or Google+. Even a large law firm purchasing Google’s software suite may have no advertising, but lack the bargaining leverage to negotiate a “no data mining” condition.

         Gmail uses several patented analytical tools, chiefly the “Content OneBox” located in the “delivery stream” of Gmail. Content OneBox provides Google with data analytics by scanning email in transit and after it is stored by Google. This is like asking an overnight delivery driver to hand over their mailbag for data mining before delivering your mail. (Chris Hoofnagle of the Berkeley Center for Law & Technology posted a detailed discussion of “bMail and Google’s ‘Content One Box’” at the Berkeley Blog.)

         In addition to scanning the text, senders and recipients, Google’s patents for its Gmail applications claim very broad functionality to scan file attachments. (The main patent is available on Google’s site. A good discussion of these patents is in Jeff Gould’s article, “The Natural History of Gmail Data Mining”, available on Medium.)

         However scary that is, it is unclear if Google has implemented its scanning capacity beyond viruses and child pornography in attachments. It is also unclear what Google does with the information harvested from scanning attachments determined to be benign—such as a client’s privileged documents. (Theoretically, Google’s patent claims could even be read to permit scanning other documents in the file attachment folder on the lawyer’s network.)

         Even if we accept that there is no breach of a lawyer’s duty because Google’s scanning and harvesting is done by machines, the data mining and profiling is not so easily resolved. Can lawyers give advance consent to data mining and profiling of client Gmail and attachments, perhaps even before being engaged? Or should lawyers properly obtain express client consent?

         If a lawyer or client marks the subject line of Gmail as “PRIVILEGED,” is that sufficient notice to Google that the lawyer or client asserts their privacy interests so Google should not harvest? 

         There’s little direct ethical guidance to these questions about Gmail. However, recent rulings are informative in Dunbar v. Google from the U.S. District Court for the Eastern District of Texas, a recent putative class action against Google by lawyers from Texarkana (Wyly-Rommel PLLC and others). The case was heard before U.S. District Judge Lucy Koh as In Re Google Gmail Litigation for the U.S. District Court for the Northern District of California. As of this writing, it is effectively settled.

         Because Google Gmail Litigation arose under various state and federal privacy and wiretap statutes and did not expressly address privileged communications, the case is not directly on point. However, Judge Koh’s analysis of general privacy and consent issues involving Gmail data mining under Google’s integrated privacy policy is instructive.

         As Hoofnagle observes, Google asserted in the case that news reporting on Google’s Gmail data mining was so pervasive that the world was essentially on notice of Google’s practices.

         Judge Koh rejected Google’s position in her Sept. 26, 2013 order on Google’s motion to dismiss stating “[i]mportantly, Plaintiffs who are not Gmail or Google Apps users are not subject to any of Google’s express agreements.”

         It follows from this common sense assertion that a lawyer using Gmail to communicate with a nonuser client subjects confidential communications to Google’s data mining and profiling without the client’s informed consent.

         Judge Koh also found that Google’s polices were so misleading that even Gmail users did not properly consent to Google’s data mining. So for lawyers, Google’s data mining is a potential problem and a significant one.

         Google seems to be taking Judge Koh’s rulings seriously. As Alistair Barr reported in the Wall Street Journal blog, “Google Stops Scanning Student Gmail Accounts for Ads,” Google stopped serving advertising to student accounts using Google Apps for Education. Google has said nothing of its data mining, however, so that practice presumably continues, even for students.

         What, then, is the lawyer’s duty? Consider a thought experiment. Imagine a lawyer had an opportunity to get free services for allowing the lawyer’s paper client files to be scanned by a direct marketing company. Should the lawyer get the client’s consent? One would think that if common sense did not require it, Rule 1.05 surely would.

         It seems that the ethical issues surrounding obtaining a client’s consent to Gmail data harvesting may well be more trouble than Gmail is worth. It should not be that hard to compete with free.


Reprinted with permission from the October 13, 2014 edition of Texas Lawyer. © 2014 ALM Media Properties, LLC. All rights reserved. Further duplication without permission is prohibited.  Cite as Castle, Free Email and Attorney Client Privilege, Texas Lawyer 22 (October 13, 2014).  Thank you to Lindsay N. Nelson, Esq. for research on this article.


Copyright 2006 - 2019 Christian L. Castle