Should You Warn Your Client About Hacked Email Services?

After posting last night about the trade-off between confidentiality and client communication, I came across Joe Hodnicki’s post at the Law Librarian’s Blog about the rise of services like Yourhackerz.com which enables users to buy a password to another anyone’s online email accounts like AOL, Yahoo, gmail or social networking sites like Facebook for one hundred dollars.  So I got to thinking — are these hacking threats so pervasive and so potentially dangerous that we ought to warn our clients about them?  After all, if our clients’ emails are vulnerable to hacking by opposing parties, their case could be jeopardized.

We can’t have it both ways — if these hacking services do pose a strong enough threat, then as lawyers, I believe we have an affirmative obligation to warn clients about the risks.  On the other hand, if these hacking services aren’t a threat, then we don’t owe that duty – and there’s no reason to dwell on publicizing these services and scaring lawyers and clients from using email.  So one thing I would like to know is whether these hacking services really work because if they don’t, then there’s not much risk to clients.  (I for one want to test the service, but I’d better get consent from the target first, lest I lose my own bar license for trying to unlawfully hack an account)?

My other concern about warning clients about the dangers of hacking services is that rather than secure their own email, clients would try to capitalize on vulnerabilities in their opponents’ email.  I could very easily see a client thinking “Hey, I didn’t realize that I could buy my soon-to-be-ex-husband’s password — what a great idea!”  If that were to happen, could we be deemed culpable by dint of suggestion?

Do you have an email policy with your clients?  Do you require them to use secure email, password protected portal or phone to communicate with you?  I’d be interested in hearing your feedback below.  My own gut reaction remains the same as in my earlier post — until I see some hard evidence that this kind of hacking activity takes place on a regular basis or has otherwise adversely impacted other litigants’ cases, I’m inclined to give my clients full discretion over the kind of email service they want to use to communicate with me.

Leave a Comment