Another Dropbox blunder led to the release of private emails in the investigation of the Jan. 6 riots, begging the question: Are file sharing platforms lawyers’ kryptonite?
by Cassandre Coyer, originally published in Legaltech News.
It was only months ago that the trial of Infowars’ owner Alex Jones led to an infamous e-discovery blunder when a lawyer inadvertently put privileged information in a Dropbox folder shared with opposing counsel.
But this week, it seems a new inadvertent disclosure could overshadow this lawyer’s mistake.
In fact, emails showing Donald Trump’s legal team discussing how Supreme Court Justice Clarence Thomas was their “only chance” to stop the certification of the 2020 election were made public after lawyers failed to deactivate a Dropbox link in a public court filing, a Politico reporter disclosed.
It started when District Judge David O. Carter ordered Trump lawyer John Eastman to turn over emails that likely contained evidence of potential criminal activity to the House select committee investigating the Jan. 6 riots.
So you can protect yourself from some mistakes with sort of a belt and suspenders approach, where in the first place you make sure you’re storing the information in a secure way so that if you accidentally did send a link to the wrong place, that they still won’t be able to get the documents. You need to make more than one mistake in order for that to happen.
David R. Cohen, Partner, Reed Smith
The New Republic reported that, minutes before the deadline, Eastman’s legal team sent a Dropbox link including the emails to the committee—while also requesting that they did not read these until the Ninth Circuit Court of Appeals ruled on a request for an emergency stay made earlier that day.
When the Court of Appeals asked for filings from both parties, the committee sent over Eastman’s emails, which still had the active Dropbox link.
“We were not aware that the links in Dr. Eastman’s email remained active and had no intention to provide this type of public access to the materials at this stage,” House General Counsel Douglas N. Letter said in a letter to the U.S. Court of Appeals for the Ninth Circuit on Nov. 2. “Providing public access to this material at this point was purely inadvertent on our part.”
These two highly publicized disclosures raise the question of why filesharing platforms like Dropbox are proving to be such a pitfall for legal professionals during e-discovery and investigations. After all, don’t they know better?
Lawyers’ ‘Blind Spots’
To be sure, Dropbox, or other file sharing platforms for that matter, aren’t lawyers’ kryptonite and have been used in e-discovery for quite some time, e-discovery experts say.
“This is more about process than about technology,” said Mary Mack, CEO and chief legal technologist for The Electronic Discovery Reference Model (EDRM), noting that some legal teams still don’t have workflows in place to ensure the confidentiality of privileged information when using file sharing platforms.
That the legal arguments are so sophisticated for this type of privilege, but yet, it’s not being protected at the basic practical level—that’s what you call a blind spot for attorneys.
Mary Mack, CEO EDRM
“It does surprise me, because privilege is so important in these cases and it’s relied upon for court strategy,” Mack said. “That the legal arguments are so sophisticated for this type of privilege, but yet, it’s not being protected at the basic practical level—that’s what you call a blind spot for attorneys.”
When using file sharing platforms in e-discovery, Mack noted that legal teams should have roles clearly defined for who is to share what specific files and when.
“A lot of it has to do with technical competence and education, making sure that the legal teams have somebody on the team that knows what’s important and how to produce electronic evidence,” she noted, adding, ”I would argue that you need an elevated quality control when you’re producing disputed privileged documents.”
Of course, taking these additional steps takes longer. And attorneys don’t always have—or take—the time to do so.
“One of the biggest things that happened here is that the production happened last minute,” Mack said. She added, “They waited until the last minute and at that point, you don’t have a lot of time to do the multi-step level—let’s encrypt this, let’s produce this properly and have multiple levels of unlocking of the files.”
‘With Great Power Comes Great Responsibility’
Over the years, technology has dramatically changed discovery, allowing parties to share a massive amount of files in a quick turnaround. But it has also made it easier—and quicker—for these kinds of mistakes to happen.
“Part of it is lawyers aren’t really trained in technology, but part of it is how easy it is to make these mistakes in this fast evolving technological world,” said David Cohen, chair of Reed Smith’s Records & E-Discovery Group.
Still, Cohen noted that lawyers who leverage file sharing technologies in discovery should be more vigilant to guard against those mistakes.
“Was it Spiderman who said, ‘with great power comes great responsibility?’ And well technology has brought us great power and also brings us greater responsibility because we have to be more careful about securing the data of our clients,” he added.
Cohen noted that platforms like Dropbox often offer features to add additional levels of security. For example, some platforms allow users to password-protect sensitive documents, rendering them inaccessible even to someone with a link. Others offer the option to set up dual factor authentication.
“So you can protect yourself from some mistakes with sort of a belt and suspenders approach, where in the first place you make sure you’re storing the information in a secure way so that if you accidentally did send a link to the wrong place, that they still won’t be able to get the documents,” Cohen added. “You need to make more than one mistake in order for that to happen.”
Time And Training
Inadvertent disclosures are more common that the ones exposed in these publicized cases, e-discovery experts say. And this likely won’t be the last one.
I think that you’ve got a fundamental problem of technology evolving and the practice of law needing to evolve with it and lawyers having no training or expectations on how to leverage or use technology. They are instead met with increasing demands to do things more cost effectively, do things faster, do things better—but don’t give me any time to learn any new tools to do any of that.
Kelly Twigger, principal at ESI Attorneys
“I think that you’ve got a fundamental problem of technology evolving and the practice of law needing to evolve with it and lawyers having no training or expectations on how to leverage or use technology,” noted Kelly Twigger, principal at ESI Attorneys, an Information Law and eDiscovery law firm in Colorado. “They are instead met with increasing demands to do things more cost effectively, do things faster, do things better—but don’t give me any time to learn any new tools to do any of that.”
Still, the publicity behind these two cases is likely to put these risks on lawyers’ radars—if they weren’t already.
Cohen noted that, following the Alex Jones case, he saw an uptick in demand for webinars about the mistake and ethical rules related to it, “so it clearly does raise awareness.”
Similarly, other steps are being taken at the state level to raise attorneys’ awareness. For example, earlier this year, New York became the first state to add a requirement mandating that lawyers take legal education courses in cybersecurity, privacy and data protection.
“I think these high profile failures will elevate the practice over the next year. I think attorneys will be like, Oh my God, I don’t want that to happen,” Mack said. “Sometimes it takes high profile mistakes to move the competence forward.”
