The non-legal press doesn’t usually get very deep into questions of legal ethics, but New York Magazine did a reasonable job of it in its hard-hitting piece this week on “The Bad, Good Lawyer” David Boies.

The article asks whether Boies has crossed an ethical line, principally in his work on behalf of Harvey Weinstein (This blog argued before that he did, in The Weinstein Saga: Now Featuring Lying Investigators, Duplicitous Journalists, Sloppy Lawyers.)

While admirably tough on Boies, it’s a shame the piece conflates unethical, illegal or even bad behavior with the decision by Boies to represent Russian oligarch Oleg Deripaska, Republican fundraiser Elliott Broidy or former Malaysian Prime Minister Najib Razak, who is accused of money laundering. There is no indication Boies enables these people or is somehow complicit in what they did to get themselves into trouble.

Similarly unnecessary in a serious look at a lawyer’s ethics are throwaway lines such as Boies’ “cozy personal relationship” with Bill Clinton. If that’s a negative, you could say the same about dozens of lawyers and hundreds of famous people.

But, the information in the story about the involvement of Boies’ daughter in movies produced by Weinstein’s company while Boies was advising Weinstein was interesting, as were the attacks by Boies on one outspoken Weinstein Company director, Lance Maerov, who turned out to be asking good questions about Weinstein’s personal conduct. Unlike some of the Weinstein Company directors, Maerov was doing his job.

What’s as disturbing as the way Boies and his firm failed to supervise a fraudulent investigation into Weinstein accusers and others by Israeli company Black Cube, is the defense of the practice by lawyers interviewed by the magazine. As we wrote about before, the agents of a U.S. lawyer shouldn’t go around pretending to be people they are not. A U.S. lawyer has the duty to supervise any agents the lawyer hires. Period.

Yet New York reports that “Some corporate litigators shrug off the Black Cube revelations, saying the only thing that was surprising was that all the embarrassing details escaped the usual vault of attorney-client confidentiality. ‘That happens, it doesn’t shock me,’ [prominent entertainment lawyer] Bert Fields says of the firm’s impersonation practices.”

Even worse was the quote from “another attorney who has dealt with Boies in the past,” who brushed the fraud off this way: “The technique is a tool … Lizzie Borden misused the ax.” Many lawyers said similar things to the article’s author: “This is just what lawyers do.”

If this is just what lawyers do, those lawyers ought to be disciplined for it.

Lawyers who know anything about professional responsibility know it is wrong to send investigators out to commit fraud. A quick instruction to “follow the rules” is not enough to qualify as adequate supervision.

Getting away with it is hardly justification. Imagine if someone defended unauthorized dipping into client escrow accounts. As long as the money gets paid back and the client is no wiser, who is harmed?

No lawyer would dare make that argument, but in the case of using fraudulent techniques, it’s all supposed to be OK if you don’t get caught.

If anyone wants to hire a lawyer they want to be sure won’t cross ethical lines, this is a good test question for them: Is it OK to hire investigators to set up fake identities to lure people into interviews?

For more good ways to screen for lawyers and investigators who know and abide by the rules, see my American Bar Association article, Five Questions Litigators Should Ask Before Hiring an Investigator (and Five Tips to Investigate it Yourself).

One of the most fruitful avenues of investigation is to look at material that nobody ever thought would harm them. That’s the kind of material people do not take great pains to hide. Why hide it when it won’t hurt you and there is so much else in the world to worry about?

Trusts set up in the Cook Islands that funnel their money via the Isle of Man and the British Virgin Islands are meant to be hard to find. The same for computer files that are erased – but erased inexpertly.

But in the category of things-we-never-thought-would-matter-much are the dull news releases praising the hiring of a new CFO in 2008, when that person went on to cause the company all kinds of problems the company should easily have been able to foresee. The news release comes off the website, but it’s there on the internet forever in a variety of places: news services that preserve it and the web archive that sucks up web material and keeps it – automatically.

risk and investigation.jpgThis topic came to mind today after the Wall Street Journal reported that the $6 billion settlement between Visa, MasterCard and millions of the cardholders’ merchants may come undone because of emails (just discovered) that were exchanged between opposing lawyers in the case.

The substance of the emails isn’t the topic of this posting, but rather how the emails were even discovered.

The opposing lawyers were old friends who socialized on the family level. It turns out that one of them was charged with her husband of conspiracy to commit wire fraud against her law firm and her client.

Once that happened, the firm began examining her emails closely and found the exchanges with her opposite and friend.

Her opposite and friend was probably as shocked as everyone else when the lawyer and her husband were charged, but it was too late. Everyday emails (which the article quoted experts and saying were ethically problematic) became headline emails because of events that one of the parties was unable to predict.

It’s a lesson that bears constant repetition: don’t write anything down that would cause you great personal embarrassment if for some reason it ever leaked out. That will cover crimes, ethical violations, and unforeseen circumstances that turn the everyday event into something that is memorable for all the wrong reasons.

Clients often ask us whether we tape-record phone calls we make in the course of an investigation. Our brief answer is, “never.” Here is why:

  • Recording could be illegal.

Some states allow tape recording conversations if one of the two people in the conversation is aware that a tape is rolling, but some require that both parties be aware. These include California, Florida, Illinois, Pennsylvania, Massachusetts, Connecticut and several more.

tape recorder.jpgWhat’s the problem with deciding you’re in a one-party state, calling up someone and letting the tape roll? Say the person you are calling has his phone forwarded to a two-party state. Even if you think you are calling someone down the street from you, how are you to know the phone isn’t ringing in Miami or L.A.?

  • Even if legal recording could be construed to be unethical for lawyers. Since we are lawyers, we pay the same close attention to the ethical rules as our clients do.

In a wonderful story in the current issue of the ABA’s Litigation News, (website here but current issue not on line yet), the ABA’s Lisa R. Hasday delivers a thorough  survey of the various ethical rules that govern phone recording. In short, it’s a minefield out there and any decision to tape is one that our clients would need to approve only after some serious reflection and research.

The one-party states fall into four categories.

  1. Surreptitious recording is not unethical  in Texas, Tennessee, North Carolina, Minnesota and a variety of other states. Of course, the same problem as avoiding a two-party state applies: a person sitting in Dallas calls a Houston number with the tape rolling, but the Houston number is answering the call in Orlando. Potential problem.
  2. Surreptitious recording is unethical except in certain circumstances in New York, Virginia, Colorado, Kentucky, Indiana and a few other states.
  3. Surreptitious recording is evaluated on a case-by-case basis in Arizona, Michigan and Wisconsin.
  4. Some states have no position on surreptitious recording. These include Georgia, New Jersey, Nevada, Louisiana and Arkansas, among others.

What’s the big deal courts make of taping when legislatures say it’s OK? It stems from ABA Model Rule of Professional Conduct 8.4(c) which has been adopted in most states, and says that lawyers commit professional misconduct if they “engage in conduct involving dishonesty, fraud, deceit or misrepresentation.”

According to Hasday’s article, “courts have almost uniformly determined whether secret recording is misconduct based on additional facts surrounding the recording and not merely on the fact of the recording itself.”

The cases in which secret recording is most likely to be allowed involve the limited categories that have allowed attorneys to tell lies in the course of their duties: investigations into intellectual property infringement, housing discrimination, and for a lawyer’s self-preservation.

  • A recording could be legal and ethical, but is it admissible?

The decision to record a phone call is one that should be among the most heavily researched and carefully considered of the thousands of decisions a lawyer makes during the course of a matter. Even then, getting the recording admitted as evidence presents its own set of problems of authentication.

What kind of recorder is it? Is the operator competent? Were there any changes made to the recording? Are the speakers on the call identified? Did they speak without inducement?

Sometimes, making a recording of a phone may be a make-or-break decision in a case. But in our experience, recording has never been important enough to risk breaking the law, professional sanctions, and failure to get the material admitted.

 

“Three may keep a secret,” wrote Benjamin Franklin, “if two of them are dead.” While attorney-client privilege confers a lot of power on lawyers and their agents to keep a secret, the privilege is never absolute. It can be waived by the client anytime, and can be breached in all sorts of ways.

GettyImages_confidential.jpg

That’s why it’s unwise to promise an interview subject that what he tells us will forever remain confidential, no matter what.  

As investigators, we are sometimes asked by people we interview whether what they tell us can be kept “secret,” “just between us,” “confidential” or “off-the-record.” Those terms and other similar ones may have specific legal meanings under the rules of evidence, but can also mean different things to different people.

Good reporters always go over the ground rules of an interview if a subject seeks to put a limitation on what may be reported or disclosed to third parties.

Good investigators ought to do the same if asked. We’ve written before about the importance of using templates – a script of how an investigator will represent himself and the degree to which he will identify his client, in Trial Ethics: A Template Can Save Your Life.

In every one of our templates is a response to the question from the person we are seeking to interview, (if asked): “Can my comments remain confidential?”

Our answer tends to be something like, “Our firm has to share anything I hear from you with our client, but we won’t tell anyone else that you’ve told us anything unless a court orders us to do that.” This makes the investigator’s promise truthful, but doesn’t promise that what the person making the comments says will forever stay between that person and the investigator.

If we are hired by an attorney, then we will assert that anything we report to that attorney is protected by attorney-client privilege. As agents of the attorney, for the purposes of privilege it’s as if the attorney is doing the interviews we do.

But what happens if word gets out that we have done an interview, and the other side in litigation seeks a court order demanding that we hand over our notes or divulge the contents of our conversation? Our letter of engagement with attorneys promises that

we will promptly notify you [our client] and follow your direction with respect to any third-party effort, by subpoena or otherwise, to gain access to any document or information pertaining to this matter, including any effort to obtain testimony from us.

In other words, we’ll get our clients the information we learn in an interview, because our first duty is to our clients. And, we’ll fight as hard as our client would to preserve that secret. Beyond that, what happens to the information we report can be taken out of our control.

What works best for everyone concerned is that everything we promise is written down in an interview template and a letter of engagement. It helps our clients sleep better, and when they are happier, so are we.

GettyImages_106055172.jpgInvestigators need to be familiar with all the ins and outs of social media sites in order to best help their clients.  For example, through social media we’ve tracked down witnesses for litigation and beneficiaries of wills and trusts.  Social media is a great tool for uncovering evidence of adultery in a divorce case.  In addition, social media can provide evidence of intellectual property infringements or corporate policy violations. 

Unfortunately, keeping up with the changes in social media technology may be easier than keeping up with the changes in Internet law.  The legal community and the courts are still trying to figure out how social media, free speech, legal ethics and privacy laws intersect.  In fact, it seems like every other week there is an important judicial decision or ethical ruling regarding how social media can and cannot be used in legal and corporate investigations.

Case in point: earlier this month a federal judge in California significantly curtailed the social media postings that defendant Home Depot could obtain in an unlawful termination case brought by a former employee.  The Southern California magistrate judge explained that the federal rules dictating that electronic document requests be specific and directly relevant to the lawsuit apply to social media postings as well. Therefore Home Depot’s expansive request for all posts that reveal the plaintiff’s emotional state and every photograph she posted on her social media accounts was impermissibly broad.  

So what sort of social media information can investigators working for attorneys obtain for their clients? State Bar associations have been wrestling with this issue for the past several years. The general consensus appears to be that any information that a social media user made publically available to all members of a network can be obtained without restriction. (see the NYSBA Opinion #843 (9/10/2010) and Philadelphia Bar Opinion 2009-02 (March 2009)) This means that everything is fair game if the user’s privacy settings are turned off.

But what happens if the social media user has privacy settings that block access to anyone who is not a “friend?” In those cases clients will ask if we can overcome this pesky restriction and friend the person using an alias. Our answer is always an unequivocal “No, we can’t.”

Legal ethics decisions dictate that neither an attorney nor an agent working on their behalf, like an investigator, can gain access to any secure information if doing so requires either directly or indirectly deceptive behavior. This means an investigator can’t use an alias and pretend to know the social media user in order to be deemed a “friend” and be granted permission to otherwise restricted information. 

Keep in mind that even if the investigator does not use an alias, the act may be deemed unethical.  This is because the investigator has omitted a material fact to the social media user—namely that they were being contacted solely to obtain information for an attorney to be used in a pending matter.

The issue is much more complicated if the social media user is a represented or unrepresented party in a pending litigation.  If the person is a represented party, then under no circumstances can they be contacted without the prior consent of their lawyer.  And if they are unrepresented, then the lawyer can’t claim that they are disinterested in the issue at hand.  Furthermore, if the user is unrepresented, the lawyer has an obligation to correct any misunderstandings as to their role and to ensure that they don’t offer any legal advice if the social media user’s interests conflict with those of the attorney’s client. 

GettyImages_dv485145.jpgAttorneys have a professional obligation to protect client confidences and communications, but technology has made this increasingly difficult.  As a recent article in the Wall Street Journal, “Lawyers Vigilant on Cybersecurity,” explains, lawyers face serious cybersecurity threats precisely because their clients entrust them with highly sensitive and classified information.  Criminal and state-sponsored hackers target law firms to gain access to these confidential cases, especially if the information involves corporate mergers or acquisitions.  In some instances, insider information could be sold for millions, and so tech-savvy criminals go after the weakest link—the lawyers with access to this sensitive data.

There are no statistics of how many firms have been hacked: The FBI doesn’t keep records on which types of businesses have been the subject of attacks, and law firms have been less than forthcoming about whether they’ve had security breaches.  Admitting client information leaks would be far too damaging to a firm’s reputation.  Law-enforcement officials suggest, however, that more and more often, law firms find themselves the targets of cyberattacks.  As the Wall Street Journal article notes, the FBI has evidence of confidential business documents exfiltrated from law firms via cyberattacks.

Recently proposed changes to attorney ethical rules by the American Bar Association (ABA) also suggest that the profession sees technical breaches as an industry-wide problem.  Earlier this week the ABA Commission on Ethics announced that its proposed changes to the Model Rules includes requiring lawyers to take proactive measures to protect their client’s information when using new technologies.  The proposed edits suggest that lawyers have to be more aware of both “inadvertent and unauthorized” disclosures—in other words, leaks from inside and hacks from outside a firm. These changes warn technophobes that they need to abandon their Luddite ways, because lawyers now have a duty to “keep abreast of changes in the law,… including the benefits and risks associated with relevant technology.” In other words, claiming ignorance is simply not an excuse.

By putting the onus on lawyers, the ABA is acknowledging what those of us who study and track security breaches have been shouting from the rooftops for years: preventing security breaches is not just about technology; it’s about changing human behavior.  As the Wall Street Journal article makes clear, “the weakest link at law firms of any size are often their own employees.”

Other industries face similar problems.  For example, a recent article on data breaches in the health care industry suggests that the epidemic of breaches of confidential health care information has more to do with human error than it does with IT shortcomings. As Larry Clinton, president and CEO of the trade association Internet Security Alliance succinctly points out, when it comes to data  breaches, “[p]eople are the biggest problem.”  Consequently, Collins predicts that breaches in hospitals and health care systems will only be prevented if these organizations approach these breaches as a “human-resource management issue and not an IT issue.” 

In other words, phones don’t just go around leaking information. Email accounts don’t shoot off confidential messages at random.  Computers are not really out to get us.  These technologies become weapons in the hands of adversaries because users didn’t take the necessary precautions to protect their data.   

Moreover, despite what people usually assume, taking these precautions doesn’t require having a Masters degree in computer science.  In many instances, all that’s called for is simple behavior modification coupled with a healthy dose of common sense

  • Password protect your cell phone, tablet and laptop. 
  • Use different passwords for different devices and accounts, and make sure they are hack-proof. Programs like Kaspersky Password Manager can generate virtually hack-proof passwords and keep a running list of all your different passwords.  
  • Don’t use free Wi-Fi connections, since hackers rely on free Wi-Fi to eavesdrop on users’ conversations.  
  • Don’t click on links in text messages because doing so might activate malware that could log keystrokes or even record phone calls. 
  • Be suspicious of any emails from unknown senders that ask you to open attachments or click on links—these so-called Trojan emails will retrieve data from your computer. 
  • Invest in good computer security software, and for heaven’s sake, keep its settings updated and make sure to run checks on it on a regular basis.  Otherwise, it’s like investing in an expensive alarm system for your home but refusing to set it before you go out. 

The real key to security for cell phone communications, internet browsing and emailing is human behavior. Peace of mind will only come once people change how they act. For lawyers, that time may be sooner, rather than later.   

A thought-provoking column in the Wall Street Journal here that argues in favor of routine changes of auditors got me thinking.

If we should change our auditors on the grounds that they get too close to us and are afraid to displease us for fear of losing our business, why shouldn’t the same thing apply to other professionals we hire over long periods? Say, financial advisors and even lawyers?

GettyImages_emo012.jpg

The case for firing auditors is that even though companies hire them and are responsible for paying them, auditors are really there to deliver what can often be “bad news” to company management keen to suppress unpleasant facts from public view. When bad decisions get translated from company spreadsheets into annual reports, bonuses get cut and executives get fired.

So instead of giving independent advice, auditors work for the same company for so long that they end up being “co-dependent,” says the Journal’s Jason Zweig.

Would that ever affect a lawyer or a financial advisor? At least with financial advisors, there are independent benchmarks that can compare your investment returns to those of similarly placed individuals. You can see whether or not your annual fee helps you beat an index, and you can shop around to see if your advisor’s fee is excessive.

What about lawyers? They are bound to a code of ethics, but so are accountants. Lawyers can’t just ignore wrongdoing, but accountants too are supposed to blow the whistle on that kind of thing. The problem arises in life’s hundreds of shades of gray, between best possible behavior and reportable criminal activity.

Many a lawyer reading this can easily recall putting down the phone after an uncomfortable call with a major client who has just instructed that lawyer to do something that gives the lawyer pause. The lawyer might think to himself: “Is it ethical to do this?” but then go ahead and do it anyway. If it just passes the smell test, how many lawyers tell their clients they are treading a very fine line? We hope some, but does yours?

Changing auditors can be a real pain, which is why companies don’t like to do it. Barriers to entry can be high because there are only four big firms to service the world’s largest companies, and because it can take a new audit team a long time to get up to speed on a complex set of accounts.

That can be true of personal investment portfolios and legal issues, but often a lawyer is not tasked with taking care of every aspect of a company’s or individual’s set of legal issues.

So if you don’t feel like firing your longtime attorney or other professional, at least do what you might with your trusted physician. Get the occasional second opinion.

This story on the Huffington Post sneeringly treats a new offering in the financial world: negative publicity insurance. The policy will be offered by a division of AIG, and will give companies in crisis access to PR damage-control specialists Burson-Marsteller and Porter Novelli.

Why is this a story anyone should feel negative about? The fact that AIG didn’t do very well controlling its own damage is immaterial, since it’s offering insurance so that the reputation of others can be helped by companies other than AIG.

Media-scrums-are-a-featur-007.jpg

Beyond a gratuitous swipe at AIG, lazy journalists don’t tend to like PR companies, period. That’s because journalists like to get right at the company they’re writing about and often resent intermediaries. Yet intermediaries are simply another kind of specialist. Why would the CEO of an oil company know the best way to talk to the media, any more than a reporter would know how to run an oil company?

It’s not always a matter of just “telling the truth,” because during a crisis litigation is almost always pending and certain facts are subject to attorney-client privilege.

Better journalists mind PR companies less, because better journalists use a lot of the same resources good lawyers and investigators use: public records and interviews with former employees of the company they are looking at.

And guess what? If you call up a PR company standing between you and the CEO of an embattled company and you ask a great question based on lots of research in securities records, court documents, and interviews, it will matter much less whether there’s a PR company in your way. If the company needs to answer the question, it will do so regardless of any PR advisor. If they can’t or won’t answer it, a good question is still a good question whether or not there’s a “no comment” after it.

This blog takes no position on the merits of a motion filed to disqualify Kasowitz from representing plaintiffs in a lawsuit against SAC Capital Advisors and others.

We haven’t even read the motion, but are relying solely on a report from New Jersey state court on it via Bloomberg.

The fact pattern reads like an ethics exam question in law school, but the stakes are anything but theoretical. If the motion goes against Kasowitz the firm could be thrown off the case. It doesn’t get much worse than that.

The motion reportedly alleges that investigators hired by Kasowitz contacted a represented party, and then misrepresented the identity of their client in attempting to get information during an interview. Kasowitz says the motion if meritless.

If you were Kasowitz, what would you first ask your attorneys to produce when confronted with a motion like this? 

Item one would be the template that any lawyer ought to get from an investigator before the investigator picks up a telephone or talks to anyone outside the firm about a case. That template becomes a roadmap for how the principal (the lawyer) instructs his agent (the investigator) to behave as to the ethical questions that come up during an investigation.

Among the many questions a good template answers are:

  • How is the investigator representing himself? If the attorney approves a script that says the investigator will identify himself as the agent of a fictitious company, that’s a problem for the attorney. Or, the attorney could approve a template that gives the investigator’s real name and affiliation and says something like “I’m doing an investigation but I can’t tell you who my client is.” If the investigator then went off-script and got into ethical hot water, the attorney would have some protection.

Note: the more vague the presentation, the less likely it is that some people will talk to you. That’s the price you pay for refusing to lie. Happily, lots of people will still talk to you even if they have no idea who your client is. It’s remarkable but true.

  • Has the investigator taken adequate precautions against inadvertently talking to a represented party? Sometimes it’s hard to know if a person you’re talking to is a represented party, and therefore off-limits because of the no-contact rule. In the context of litigation, did the investigator say, “Before we get going I just want to make sure that you’re not represented by an attorney in this case. If you are, I’ll have to terminate this call.” Notes for each interview should clearly reflect that this question was asked and answered.
  • The same kind of question goes for privileged or confidential information. Make sure your investigator issues a warning before the interview begins in earnest that he wants no privileged or confidential information divulged. Then if it turns out to be part of the case you can have an argument about excluding that evidence, but ethically the law firm can say it did its best and shouldn’t be punished.
  • Last but of course not least, the questions themselves. In addition to inoculating the principal against an agent doing what he’s not supposed to do, it always makes sense to run a proposed list of questions past the attorney. It may be preferable given the facts of the case to start with one kind of question and to move to other subjects later on. Sometimes you may not want to telegraph the amount of information you already have. The way you ask a question and the order in which it’s asked could be critical in sending just the message you wish to send to that particular interview subject. 

Following is an entry from our firm’s website originally published in September 2009 and, we think, timely.

Plenty of people – even sophisticated lawyers – sometimes ask us in the course of an investigation: “Can you get me his phone or medical records?”

The answer for anyone interested in staying out of jail is no. If you’re interested in hiring a firm that plays fast and loose with the rules, just remember that you could be held liable for the actions of your agents.

Medical records have been strictly off limits under federal law since 1996 under HIPAA, and there are state laws that may also restrict information flow.

As for phone records, despite all those ads on the Internet featuring companies that can get you someone’s cell phone records, you might want to ask them how they’re doing it before you hand over your money. Investigators used to love to pretend to be someone else when they called up a phone company and requested a duplicate copy of their cell phone bill.  But since 2007, that’s against federal law too.

Put simply, you should stay clear of any investigator who uses pretexting – impersonating someone else – to obtain information. If an investigator seems vague about how he’s getting his information, back away. Nothing he’s doing for you is rocket science and it should all be easily explainable.