Skip to main content

Do Lawyers Have an Ethical Obligation to Encrypt E-mail?

By March 27, 2004October 6th, 2023legal ethics, security

I’m at the ABA TechShow seminar on E-mail Ethics, listening to a discussion about the use of E-mail encryption. Speaker Tom Mighell asked the audience if anyone out there was actually using E-mail encryption. About seven hands went up, maybe more, from lawyers who use PGP encryption.

I’m not surprised to find lawyers who actually use encryption, not surprised because the ABA TechShow is a watering hole that draws lawyers who are extremely tech-savvy. The willingness of some of these techie-attorneys to learn how to use cutting edge technology is obviously high. But they don’t represent the typical lawyer, not even the typical lawyer who is interested in technology (i.e., people like me).

I think it is a given that PGP encryption is not a mainstream technology. If you need proof, go to any law firm, start knocking on doors, and ask the lawyers if they know what “PGP” stands for.

Ignore the blank stare and then follow up with an easier question; ask them if they know what “E-mail encryption” is and offer to give them $1,000 if they can name one person they have met who knows anything about E-mail encryption.

Then, for laughs, offer to give them $1 million dollars if they know what a “hash function” is or what the “Diffie-Hellman protocol.”

I tried to use the PGP encryption technology with a tech-savvy friend once. I won’t describe the process, but if you are interested, click here. The important thing to understand is that even if you can figure out how actually encrypt and decrypt emails, part of the process involves creating a special private/public key.

In short, it’s a pain in the ass to encrypt emails, even if you know what you are doing. After having done it myself, I have come to the conclusion that the only people who are routinely encrypting emails are either uber-geeks or criminals/terrorists.

In fact, I noticed something interesting when I used the PGP program and then registered my ‘public key.’ I noticed as I browsed through the list of names of people who had registered their public keys that there were a lot of entries for Osama bin Laden.

I suppose that is a popular name to use when you register your PGP key in the same way that certain baby names get popular at certain times. Or maybe the real Osama bin Laden actually took the trouble to register his public key.

I guess the good news is that if Osama ever manages to get a law degree, he won’t have to worry about being charged with violating an ethical duty to encrypt email. And the good news for the hoards of lawyers who don’t use encryption is that they probably won’t be charged with terrorism.

Update: CNN has a nice article on encrypting email, including a profile of a new (and supposedly easier-to-use) system called Hushmail.

And be sure to keep yourself secure when using free WiFi.

P.S. If you're a practicing lawyer, check out this Law Practice Assessment . After answering a few questions, you'll get detailed recommendations for improving five key areas of your practice.
Skip to content