Here’s How to Conduct Videoconferences Ethically and Securely

Like most lawyers, you’ve probably been working remotely due to the COVID-19 pandemic, and more likely than not you’ve been conducting a lot of video meetings. After all, now that social distancing is commonplace, videoconferencing has become the new normal.

Of course for lawyers, many conversations with both their colleagues and clients are confidential. And regardless of the mechanism for any discussion, lawyers should always ensure that confidential communications are protected. That being said, because videoconferencing is such new  phenomenon for most lawyers, you may understandably have questions about how to ethically and securely conduct videoconferences.

Good news! The Pennsylvania Bar Association issued an ethics opinion just last month that squarely addressed this very topic. In Formal Opinion 2020-300, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility addressed a number of issues relating to remote working by lawyers and their staff, including how to ethically conduct meeting via videoconference.

At the outset, the Committee explained that due to the pandemic most law firms had quickly transitioned to providing virtual representation, and would likely continue to function remotely both in the near future and at other times down the road:

Most questions (posed to the Committee) related to the use of technology, including email, cell phones, text messages, remote access, cloud computing, video chatting and teleconferencing. This Committee is therefore providing this guidance to the Bar about their and their staff’s obligations not only during this crisis but also as a means to assure that attorneys prepare for other situations when they need to perform law firm- and client-related activities from home and other remote locations.

Next, the Committee focused on the ethical duty of technology competence. The Committee emphasized that lawyers practicing in the 21st century have a continuing duty to understand and stay abreast of technological changes. According to the Committee, that duty encompasses a broad range of technologies:

The duty of technological competence requires attorneys to not only understand the risks and benefits of technology as it relates to the specifics of their practices, such as electronic discovery. This also requires attorneys to understand the general risks and benefits of technology, including the electronic transmission of confidential and sensitive data, and cybersecurity, and to take reasonable precautions to comply with this duty.

The Committee then honed in on the ethical obligation of securing communications. The Committee adopted the analysis set forth in ABA Formal Opinion 477R, and determined that because of improved technology, unencrypted communications are insufficient for particularly sensitive information. The Committee explained that lawyers must assess the sensitivity of confidential communications on a case-by-case basis and, for particularly sensitive matters, use encrypted communication methods, such as encrypted email, secure client portals, and secure videoconferencing tools:

At a minimum, when working remotely, attorneys and their staff have an obligation under the Rules of Professional Conduct to take reasonable precautions to assure that: All communications, including telephone calls, text messages, email, and video conferencing are conducted in a manner that minimizes the risk of inadvertent disclosure of confidential information…One method of communicating that has become more common is the use of videoconferencing (or video-teleconferencing) technology, which allows users to hold face-to-face meetings from different locations. For many law offices, the use of videoconferences has replaced traditional teleconferences, which did not have the video component.

After recognizing the newfound popularity of videoconferencing amongst lawyers, the Committee then turned to the practicalities of using video for confidential discussions. This discussion included an acknowledgement of the associated risks:

 As the popularity of videoconferencing has increased, so have the number of reported instances in which hackers hijack videoconferences. These incidents were of such concern that on March 30, 2020 the FBI issued a warning about teleconference hijacking during the COVID-19 pandemic.

Next, the Committee provided guidance to help lawyers ensure that their videoconferences were secure. The Committee shared the following recommendations of the FBI and opined that lawyers should take the following steps “to mitigate teleconference hijacking threats:”

• Do not make meetings public;
• Require a meeting password or use other features that control the admittance of guests;
• Do not share a link to a teleconference on an unrestricted publicly available social media post;
• Provide the meeting link directly to specific people;
• Manage screensharing options. For example, many of these services allow the host to change screensharing to “Host Only;”
• Ensure users are using the updated version of remote access/meeting applications.

So if your firm is using videoconferencing to stay connected during the pandemic, make sure that the recommendations above are implemented for each and every video call. One of the easiest ways to accomplish this is to change the security settings for the law firm’s administrative videoconferencing account. That way the security settings will be applied automatically to every videoconference conducted by any and all law firm users.

The security settings are particularly important now that courts are beginning to hold hearings, trials, and conferences via videoconference. Speaking of court appearances via videoconference, make sure to check out our recent blog post on that very topic for lots of great advice on putting your best foot forward during remote court hearings: 8 Tips for Court Appearances via Videoconference.