The Alaska State Bar Association recently issued an ethics opinion barring attorneys from deploying “web bugs” to track opposing counsel’s location or interaction with emails. Ethics rules in many states provide the same basis to bar the use of “web bugs,” and other states are likely to follow suit. What are “web bugs” anyway?
“Web bugs,” sometimes referred to as “beacons,” cause the recipient’s computer to send information signals back to the sender. They commonly take the form of an image or web link embedded in an email that automatically directs the recipient’s computer to look up a web address and send information. Senders can use “web bugs” to determine whether, when, and how often an email or attachment was opened or viewed, the general geographic location of the recipient at that time, and whether the recipient forwarded the email or attachment. “Web bugs” were originally developed for marketing purposes to enable marketers to track how recipients interacted with email advertising, but as they have become more sophisticated and more common place, they have been used to track the behavior of email recipients in other contexts, including transactions and litigation.
The Alaska opinion cites two egregious examples of counsel using “web bugs” to spy on opposing counsel. See Alaska S.B.A., Ethics Op. 2016-1. In the first, a client had moved to another state but intended not to disclose where. Opposing counsel sent a bugged email to the client’s attorney attaching a blank signature page for the client’s signature. The client’s attorney forwarded the signature page to the client, and in the process unintentionally enabled opposing counsel to determine her location when she opened the attachment. In the second example, an attorney planted a “web bug” in a draft settlement agreement sent to opposing counsel as the attachment to an email. The receiving attorney then forwarded the draft agreement to his client. When the client opened and viewed the document, the attorney who planted the bug was able to track how much time he spent reviewing different pages of the document in order to gain an advantage in negotiations.
The Alaska opinion properly views the surreptitious use of “web bugs” as evidencing dishonesty, fraud, deceit, or misrepresentation. The opinion cited the only other state ethics decision to take up the issue, the New York State Bar Association’s 2001 opinion finding that surreptitious tracing of emails violated the letter and spirit of the disciplinary rules prohibiting dishonest and deceptive conduct and rules relating to the protection of client interests. See NYSBA Op. 749 (2001). The recent Alaska opinion goes further to hold that even the disclosed use of “web bugs” violates the attorney conduct rules where it provides the sender with information that invades the attorney-client relationship or discloses opposing counsel’s attorney work product.
Attorneys in other states should tread cautiously. Most state versions of Rule 8.4(c) of the Rules of Professional Conduct bar deceptive or misleading communications or conduct. The use of “web bugs” could land an attorney before the disciplinary authority. What about the routine received or read receipts that attorneys often include in emails to opposing counsel? For now, these should not pose a problem. The Alaska ethics opinion specifically carves out the use of “web bugs” to confirm that a document was received or opened by opposing counsel. But attorneys should be extremely wary of embedding any other technology designed to detect where the recipient is located, whether an email is forwarded, or when, how many times, for how long, or on what pages a document was viewed. Surreptitiously tracking opposing counsel in this way could run afoul of existing state ethics rules that prohibit deceptive or misleading behavior. Even where disclosed to opposing counsel, attorneys should ensure that none of the tracked information invades the attorney-client relationship or discloses any part of opposing counsel’s mental processes or work product.
Beyond refraining from using impermissible technology to monitor opposing counsel, attorneys must be competent in protecting their own communications from surreptitious monitoring. Many law firms are equipped with firewalls and filters that detect the most common kinds of “web bugs” and notify the recipient when they have been embedded. Standard Microsoft Word packages are equipped with security measures to detect or block external images, linked media, hyperlinks or data connections in documents. In addition, many law firms use virus scanning for all incoming and outgoing email attachments to strip linked media and malware. The Alaska ethics opinion specifically rejects, for now, the imposition of an affirmative obligation to engage in such proactive defensive filtering where there is no reason to suspect that emails have been bugged. But the opinion observes that attorneys should deploy common defensive technologies to detect “web bugs” to protect the confidentiality of their communications, mental processes, and work product.