Michael Lowe is Celebrating Over 20 YEARS of Service

Learn More


Posted on by

How Can Criminal Lawyers and Their Clients Protect Their Attorney-Client Communications From Snooping And Hacking?

Lawyers, especially criminal defense attorneys, are very careful to protect their communications with clients and potential clients; however, in the past few years technological advancements have made it particularly difficult for both lawyers and clients to insure that their privileged and private communications are safe from prying eyes or ears.

Law firms, individual attorneys, and most criminal clients use computers, tablets, smart phones, flash drives, and other digital devices that are convenient and helpful in any criminal defense fight but are extremely vulnerable to all kinds of snooping. Most everyone knows to use standard protections including firewalls, encryption software, and anti-virus software to block intrusions into computer files and online communications.



Five Examples of the Vulnerability of Private Criminal Lawyer – Client Communications Today

Unfortunately, in 2014, there are almost daily news stories revealing how easily these privacy protections are disregarded or circumvented by a wide variety of third parties as well as government agencies and law enforcement. Consider the following revelations:

1. In 2009, the federal government listened to all communications between a criminal defense lawyer and his potential client (such as their 42 telephone conversations) as the future defendant discussed his situation with the attorney before hiring him as counsel, from when he became worried that he was being investigated by law enforcement through the time of his indictment. This violation of private communications was revealed in news coverage in the Guardian and the Nation reporting on criminal attorney Robert Gottleib’s discovery that all his communications with his client, Adis Medunjanin, had been overheard and recorded by the National Security Agency.

2. In 2014, the New York Times exposed an item discovered in former NSA worker Edward Snowden’s revelations that communications between an existing client, the Government of Indonesia, with its Chicago law firm, Mayer Brown, had been overheard, recorded, and shared by Australia’s spy agency with the National Security Agency (NSA). The lawyers and their client discovered this from the reporting of the Edward Snowden documentation.

3. In February 2014, hundreds of people in San Antonio, Texas, got letters from the Federal Bureau of Investigation informing them that there had been a federal wiretap on the phone of attorney Al Acevedo, Jr., as part of a sting operation into judicial bribery and that “… you, or someone using a telephone on which you are the listed subscriber, were intercepted pursuant to a series of federally authorized wiretaps between August 20, 2013, and November 15, 2013.”

Clients, potential clients, as well as other attorneys, judges, prosecutors, clerks, and others all may have had their communications overheard by federal agents while they had no warning or knowledge that their communications were being overheard.

4. FinSpy and FinFisher are two examples of surveillance spyware currently being sold by a British software company, The Gamma Group, to any number of governments and law enforcement agencies. They work by infecting the target’s computer, phone, and other devices through fake email attachments. The email attachments have malware hidden within them that are extremely sophisticated and hard for many security software programs (like the ones most people purchase as anti-virus or spyware protection) to locate and remove.

FinSpy and FinFisher allow law enforcement or the government agency to wiretap calls, access and monitor people through the device web cabs, and essentially snoop on all uses of all connected devices via that introductory email attachment. They’re available for purchase today.

5. At the Black Hat Asia Cybersecurity Conference this year, the “Snoopy” drone will be introduced to the private, commercial marketplace. This drone hovers overhead and masks itself as a trusted WiFi network that a smartphone has used in the past, inviting a connection which then enables the evildoer to grab all the contents from that smartphone or tablet. The Snoopy drone was successfully tested in London by CNN Money reporters who confirmed in their report that this small drone (a quadcopter) can everything that is sent or received on that phone or tablet while it is connected to the fake Snoopy WiFi network.

Snoopy will be made available for sale to anyone. It’s already being predicted that law enforcement could use Snoopy drones to determine the location of individuals, to track their movements, as well as to learn the identities of people in groups (e.g., meetings, demonstrations, gatherings, parties, etc.). As for example, Snoopy could determine who is meeting with any criminal defense law firm at any given time….

Two Big Dangers to Privacy in Attorney Client Communications

The first danger to attorney-client communications comes from the speed with which modern technological advancements take place. New ways to hack and new types of software (spyware, malware) are being created every day. Manufacturers of smartphones, tablets, and other devices have not been able to keep up the pace, leaving most of us vulnerable with even the newest model versions and product upgrades.

The second real danger to privacy in lawyer client communications, from a criminal defense perspective, comes from changing and intrusive law enforcement methods. One prime example: federal wiretaps.

Under the FISA Amendment Act of 2008, reauthorized in 2012, warrantless wiretapping was approved by federal authorities, although this is currently being challenged and fought against via the recent decision of the United States Supreme Court in Clapper v. Amnesty International. (The ACLU’s challenge to the law itself before the U.S. Supreme Court in February 2013 was unsuccessful.)

This is key legislation that has allowed the NSA to eavesdrop on citizen communications without the need to get a judge to sign a warrant okaying their spying on the citizen (albeit that the NSA is supposed to listen into international communications ONLY).

From a federal criminal defense standpoint, this involves motions to disclose that get nowhere as the position of the Department of Justice has been that the federal government not only will engage in warrantless wiretapping but that federal prosecutors need not disclose that they had obtained information used in their case via warrantless surveillance.

Texas Rules Of Disciplinary Conduct Require All Texas Attorneys To Protect Communications

Lawyers in Texas, as in all other states in the union, are under an ethical duty to protect all communications where privilege is involved. Lawyers are required to “keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information…” and to “… explain a matter to the extent reasonably necessary to permit the client to make informed decisions regarding the representation.” Rule 1.03 of the Texas Rules of Professional Conduct.

Likewise, Texas attorneys are duty bound to keep all communications with clients and potential clients protected and secure as best they reasonably can and they are subject to punishment, including the loss of license, if they fail to do so. TRPC Rule 1.05.

It is one of the most time-honored traditions of the Texas criminal defense bar to know how to keep a secret and to do it well. Our lips are sealed when our client or potential client speaks. This is vital to our being trustworthy advocates and it is essential for any attorney, whether they practice criminal defense or not, to have the confidence of their client that what is said between them stays between them.

However, there is currently a real and growing threat to attorney-client privacy as evolving spyware and malware, and hacking, threaten a client’s privacy as well as that of the lawyer or law firm. It is a growing problem of epidemic proportions.

Lawyers must have a reasonable expectation of privacy in order to effectively communicate with their clients and provide them a strong defense against serious and perhaps life-altering charges being made against them. Clients, meanwhile, are often tied to things like the rapid, immediate give and take that communications by email, text messaging, and phone conferences provides.

How best to balance the client (or potential client’s) needs and the lawyer’s requirements against today’s technological dangers to privacy?

One Solution? Go Old School

Hopefully, there will be technological solutions made available in the future to these technological threats to privacy. However, for now, the answer for many of us may be a retro approach.

Cell Phones without WiFi Capability

For instance, many executives and other concerned about the security of their phone communications are abandoning the latest phone technology for older, less advanced models which don’t offer web access. One particularly popular model appears to be the Nokia 6310 which lets you call and chat with others but doesn’t offer you the ability to check e-mail (and therefore doesn’t offer the eavesdropper the ability to hack into your phone via an Internet connection).

Using an Old School Phone may not impress your teenage kids but it may mean a big difference, safety wise, if you’re looking for a lawyer or if you’re a lawyer who is concerned that your communications are being hacked or recorded.

Face to Face Meetings with Pad and Pen

Another way to keep lawyer client communications protected? A strategy implemented at our law office: a return to the pad and pen. It may not offer the speed and immediacy of a smartphone chat, but it’s a lot more secure.

Here, for example, we offer potential clients concerned over possible monitoring of their phones and interested in interviewing lawyers for their case the ability to meet with me in our offices as “walk in” clients. Specifically:

  • I’ll meet with anyone charged or investigated for any federal or state criminal activity for 30 minutes for $100.
  • If I am not in the office, I will make certain that an appointment gets scheduled in person while you wait with my secretary.
  • The purpose for the meetings is for the client to decide whether I will be the right lawyer for their case. If the client likes me, he/she can hire me.
  • The purpose for the meeting is NOT to formulate a complete and final criminal defensive strategy for their case.
  • The purpose is to decide whether the client likes me and wants to hire me.
  • These meetings are totally confidential, no phone call to explain your case and no electronic devices will be present at the meeting.
  • Just me, the client, a pen with a pad of paper.
  • The client will meet personally with me, no other lawyer or assistant will be present at the meeting.
  • I cannot offer legal advice concerning any on going criminal activity.
  • Office hours are Monday – Friday. 830 am – noon and 1pm to 5pm.

It’s the Old School way for clients to meet with a criminal defense lawyer and decide whether or not to hire them as their criminal attorney. Once that attorney-client relationship is in place, there is still the risk of eavesdropping and hacking, of course, but in the legal arena these intrusions can be fought using the formal and time-honored Attorney Client Privilege against the use of lawyer-client communications against a person in a criminal proceeding.

As explained by the American Bar Association in its letter to the National Security Agency demanding an explanation for the eavesdropping of communications between the Chicago law firm and its international client:

The interception and sharing of attorney-client privileged communications by government agencies—or any third party—raises concerns, including chilling the full and frank discussion between lawyer and client that is essential for effective legal representation. Any government surveillance and interception of confidential communications between law firms and their clients threaten to seriously undermine and weaken the privilege, because as the U.S. Supreme Court noted in Upjohn Co. v. United States, 449 U.S. 383 (1981), “an uncertain privilege…is little better than no privilege at all.”


About the Author: Michael Lowe is a Texas trial attorney practicing criminal defense law in the Dallas area for many years after first serving as a felony prosecutor for the Office of the District Attorney for Dallas County. He is Board Certified by the State Bar of Texas in Criminal Law. Mr. Lowe has tried to verdict over 150 criminal trials so far in the state and federal systems.

Comments are welcomed here and I will respond to you -- but please, no requests for personal legal advice here and nothing that's promoting your business or product. Comments are moderated and these will not be published.

Leave a Reply

Your email address will not be published. Required fields are marked *