April 10, 2016

By David Ackerman

biometric email

It is without doubt that attorneys live ina highly demanding occupation, where time is always at a premium with endless task deadlines.  That challenge is even greater for small law firms or sole legal practitioners with limited resources to meet all of the requirements as it relates to regulatory compliance matters.   In 2015, the American Bar Association released its email technology survey for the legal industry.  Despite amendments to Model Rule 1.6, it was not surprising to learn that nearly 71% of attorneys rely solely on a blanket legal disclaimer for email communication privacy.  You know the one. Statistically, the one you rely upon on daily toprotect the confidentiality of your client. Why, because it is inexpensive, fast, and simple.   For most small practices,alternative email technology solutions have been considered too complicated, time consuming, and expensive.

Currently, the majority of the legal industry still uses a boiler plate email disclaimer. But will it protect you from potential malpractice?  The ABA raised the bar for reasonable care as it relates to email communications with multiple amendments to the Model Rules of Professional Conduct under rule 1.6.  Have you made reasonably efforts to avert the unintentional disclosure of, or unlawful access to, information related to the symbol of a client Model Rule 1.6 (c). Have you made reasonable efforts to investigate the email security system used by your client or other third parties that receives your confidential communications Model Rule 4.4 (b).  Have you competentlyinformed your client of the security and privacy benefits and risks associated with other currenttechnology solutions to protect email communication privacy Model Rule 1.1?  Even with the new amended Model Rules of Professional Conduct, the vast majority of attorneys still rely exclusively on the blind faith privacy protection of their email disclaimer.  A fallacy that may well fall below a reasonable standard of care to avoid potential malpractice.

For the small firm attorney, the email legal disclaimer is an antidote for the absents of adequate, reasonable, economicaland practical technology to solve electronic internet communication privacy issues.  So what does a legal declaimer actually provide an attorney. First, there is no legal doctrine under which an email disclaimer is enforceable. Second, an attorney email disclaimer is not a contract.  According to the American Bar Association Advice 11-459 decided that attorneys must notify clients concerning the risks of sending secret communications while using the email. In the event of malpractice, the burden of reasonable care still resides on the professional responsibility of the attorney.

So what does an attorney email disclaimer not do? First, it does not provide blanket protection against legal malpractice.  Under the provisions of ABA amended Model Rule of Professional Conduct 1.6, the majority of attorney’s using unsecured email that is solely dependent upon an email disclaimer for communications privacy does not meet the sufficient requirement definition of reasonable care.  To reiterate, the attorney legend is a band aid solution to an email technology problem.  An email disclaimer will not prevent the inadvertent dissemination of confidential information.  Equally, the email disclaimer will not prevent or control email forwarding or “reply all” of confidential information that can be read by anyone.  An email disclaimer, will not prevent someone from reading confidential communications or breach the attorney client privilege.A boiler plate legal disclaimer can only warn of the risk, but only technology solutions can prevent it.  This is why many professional malpractice insurance policies do not provide standard policy protection on email communication claims.The legal disclaimer cannot prevent the occurrence of an act.

In 1999, the ABA attempted to endorse a technology solution by adopting the use of email encryption to protect the privacy of attorney email communications.  Fast forward 17 years later, the adoption rate has been disastrous, especially in small law firms.  In 2015, the American Bar Association Legal Technology Survey report stated that less than 35% of all attorney’s use email encryption. That number dramatically falls even further for small firms down to 24%.  Further, the study revealed the complex nature of email encryption use.  Nearly one third of lawyers who had access to email encryption technology simply didn’t know what type of encryption they had or how to use it!   Why has email encryption technology failed so badly in the legal industry?   Here is a hint:  Apple’s greatest business achievement was not technology itself, but understanding the needs of the average consumer and developing complex technology that is simple to use.  Email encryption is virtually the opposite.  Email encryption was developed by cybersecurity engineers for the cybersecurity industry.   Encryption technology was not developed for practical consumer use, including lawyers.   Generally,encryption technology requires the expense of a qualified software security engineer to set it up.  Second, there are no email encryption standards, which createscommunication compatibility issues.  Why invest in email encryption if it is subject to limitations, complex, expensive, and highly cumbersome to use?

Equally, most encryption technology that are sold on the market have a huge security vulnerabilitythat is not much better than unsecured email.  Why is email encryption vulnerable?Most email encryption requires cumbersome passcodes or tokens that must be transferred to third parties in order to effectively use it.  If an unauthorized party obtains your password, your encrypted privacy is compromised and your confidential communications is lost. Being in the professional services industry for nearly 26 years, I have come across numerous cases where the famed trusted employee with the “secret password” turned out not to be no so trustworthy after all.  Who is professionally liable, not the employee or third party.  As an attorney you must stand before the State Bar to protect your license and defend the burden of reasonable care on how you protected the use of passcodes to your private email communications. It’s an unfortunate avenue for obtaining new clients, but the use of unauthorized passcodes by third parties is very much alive and well without controls.

If that was not enough, now the U.S. government is battling the use of encryption email, and is likely to be a subject of public controversy in the near foreseeable future. Who should be allowed to use it, and when can the government access your privacy?  And now the famous “Panama Papers” exposing more vulnerabilities of encryption technology in the legal industry.  As it currently stands, email encryption is growing in controversy, which may not be solved anytime soon.

In 2013, Internet Biometric Security Systems spent nearly three years developing a technology communication solution to solve the inherent problems of using unsecured email disclaimers, and the complexity challenge of email encryption.First, the email communication system had to be designed so that it was simple to use.  So simple, that the average attorney could be up and running in minutes, without the need to hire a software engineer.  Second, it needed toprovide a seamless transition user experience fromregular email. It had to have the same look and feel as regular email, but with advanced communication privacy protection.  Third, it needed to prevent inadvertent disclosure so that confidential communications email would be impossible to open, forward or broadcast to unauthorized third parties.  Fourth, the new email solution would eliminate the vulnerability of transferable credentials to unauthorized third parties. Fifth, a better email solution required not only the protection of confidential email communications, but equally certifythe identitymanagement of each user.  Providing monitoring and audit capabilities of all communication between the senderand recipient. The end result, it would eliminate anonymous communications. Sixth, it required an internal private social media engine, so that clients, and professionalcolleagues could transition to the new email privacy communication platform on the fly.  Lastly, it needed to be designed on a self-contained communication platform so that confidential email communications could not copied into the public domain, unlike unsecured email systems.

Basic email technology has not fundamentally changed since the inception of the internet. In 2016, IBSSMail was released to the professional services industry to solve many of the above email privacy problems.  The core objectives were to design a superior email privacy solution that would be easy to use, be economical, and solve the majority of problems inherent with unsecured and encryption email. First, IBSSMail was built on a multi-factor identification management platform, to either enhance the security of username password technology, or eliminate it all together.  Unlike conventional email, IBSSMail requires each subscriber to be legally certified.  IBSSMail eliminate anonymous emailidentities so that every single communication can be legally certified to its source of origination.  Second, IBSSMail couples the use of advanced biometric face and voice recognition technology.  Only the intended email subscriber can open the email communication. Third, the entire communications environment is managed through real time point to point biometric processing.  The originating email author must biometrically authenticate before an email communication can be transmitted, and only the intended email recipient can view that communication through biometric authentication.  This eliminates the potential use of unauthorized passcodes received by unintended third parties.  The only person who can open the email communication is you. Fourth, IBSSMail is simple to use, no security engineer required. You can set up an IBSSMail account in a matter of a few minutes. Once its set up, it works as fast as your current email system, except with a more advanced level of communication privacy.  Fourth, to build up your contacts quickly with clients, and colleagues, IBSSMail has a built in private social media engine to transition the privacy of your email communications in a short period of time.

In sum, unlike unsecured or encryption email, IBSSMail is the first email technology solution that prevents inadvertent disclosure and raise the bar for protecting confidential legal communications, and the attorney client privilege that is economical in cost, and easy to use.

For more information on simple security solution using biometric email communications for the legal industry, visit

David Ackerman is the President of Internet Biometric Security Systems and has been actively involved in cloud based biometric internet security and communication solution for over the last 17 years. Mr. Ackerman worldwide patent holder for many biometric technology inventions over the last 14 years, and has worked extensively with the legal industry for over the last 26 years.


Leave a Reply

Your email address will not be published. Required fields are marked *