If you think metadata and zombie botnets sound like the stuff of science fiction, you could be putting your practice and professionalism at risk. They’re part of the lingo of new information technologies that, if ignored, could violate standards of professional conduct, practice competence and client confidentiality.
An informal survey of lawyers across Canada found that most “were not acquainted with the term ‘metadata,’ much less its implications,” says David Day, co-chair of the CBA’s Ethics and Professional Issues Committee.
Recognizing that gap, the committee began work in 2005 to explore the most commonly used information technologies and establish best practices for Canadian law firms. In September 2008, the committee released the Guidelines for Practising Ethically with New Information Technologies, a supplement to the CBA Code of Professional Conduct, offering advice on topics such as security, storage, deletion and marketing in an era of rapidly changing global technology.
Mining for metadata
Metadata is information embedded in a computer document: when and where it was created, the author(s), word count, distribution, various versions and edits, plus the time spent working on it.
That’s not the kind of data you want falling into the wrong hands, and the CBA guidelines stress the ethical obligation not to reveal client information through the metadata.
Mobile devices also pose a target for prying eyes if lost or connected to a main computer through a wireless network. The CBA guidelines recommend that lawyers protect confidential information by encryption, which makes the data unreadable by anyone without the “key” to decode it.
Hands-on security
Further security measures are required to block hackers and spammers who infiltrate computer systems through unprotected wireless networks or via the Internet. These measures include firewalls and strong passwords — a mix of numbers and letters, upper and lower case, more than eight characters long — that protect computers from the likes of malware, spyware, Trojan horses, worms and zombie botnets (which hijack a system and use it to send out spam in the middle of the night).
The CBA guidelines also give practical advice for the storage, archiving and deletion of sensitive files, and for “scrubbing” electronic devices before they are discarded.
Whether a law firm engages a private IT contractor or manages its electronic security in-house, the onus is on lawyers to understand the ethical implications of practising in a digital world.
Download a copy of Guidelines for Practising Ethically with New Information Technologies.
Amy Jo Ehman is a freelance writer based in Saskatoon. The full version of this article will appear in the January/February 2009 issue of National magazine.