Many of those earlier ethics opinions were based on the belief that e-mail, like some cordless telephone communications, is easily susceptible to interception, making e-mail inappropriate for the conveyance of sensitive or confidential client communications. More recent opinions have re-examined this assumption and rejected it.
For example, the District of Columbia Bar Legal Ethics Committee recently opined that the transmission of confidential information by unencrypted electronic mail does not per se violate the applicable ethics rules on protecting a client's confidences. It concluded that the earlier opinions prohibiting such electronic communications overlooked three key factors relating to the susceptibility of interception, the e-mail itself, and applicable federal law.
The opinion noted that all methods of information transmission are, to some degree, susceptible of interception: Conference rooms can be bugged, telephone lines can be tapped, and facsimile transmissions can be intercepted in the fax room. The test is therefore not whether interception is possible, but whether one has a reasonable expectation the message sent will remain confidential. The ethics rules require only reasonable efforts to maintain confidentiality, not absolute security.
Second, many of the earlier opinions fail to recognize that e-mail messages traveling over the Internet are broken into several "packets" of information. The packets are sent individually over different transmission lines and are only reassembled at the recipient's mailbox. Accordingly, it is extremely difficult for a third party to trap and reassemble all of the relevant packets, except at the points of transmission and reassembly. Although a risk remains, the D.C. Committee found the risk no different from the risk that a careless or dishonest phone company employee will have access to telephone messages.
Finally, the Committee notes that under the Electronic Communications Privacy Act (ECPA), as amended in 1994, the interception of electronic transmissions over the Internet is clearly illegal. The opinion cites several court decisions that establish that because of the ECPA, e-mail users now have a reasonable expectation of privacy.
For these reasons, the committee adopted the "prevalent view" that "electronic transmission is in most instances in acceptable form of conveying client confidences even where the lawyer does not obtain specific client consent". In so holding, the committee nevertheless warned that the sensitivity of the message contents and/or the circumstances of transmission may sometimes dictate a higher level of security.
Other jurisdictions that recently reached a similar conclusion include North Dakota, Illinois, Arizona, Vermont, and South Carolina. The South Carolina decision is noteworthy because in effectively reversed its off-cited 1995 opinion holding that the use of unencrypted e-mail, absent an express waiver by the client, may violate Rule 1.6 of the ABA Model Rules of Professional Conduct. The more recent opinion concludes that "there now exists a reasonable level of 'certainty' and expectation that such communications may be regarded as confidential", especially because interception is now illegal under the ECPA. Nevertheless, the opinion urges lawyers to discuss with clients the need to encrypt or otherwise protect certain sensitive information.