 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 
|
|
 |
||||||||||||||||
|
Bar News - June 17, 2005 Technology ~ Reading Behind the Lines: Metadata Uncovers Our Secrets By: Todd Cheesman
These steps typically include information security policies to protect network integrity and best practices in our offices for hardware configuration, the appropriate use of software, software update schedules, including virus definitions and the establishment of protective e-mail policies. Yet, perhaps surprisingly, many law firms do not have electronic document policies. At risk is the potential dissemination of highly sensitive information in the form of metadata. Metadata is information about the file that is invisible to the casual user but which can be retrieved by someone with even moderate computer skills. Virtually all electronic files contain at least some metadata: Microsoft Office Products, WordPerfect documents—even PDF and image files all contain this secret data. Types of metadata include: document authors, creation and modification dates, total time spent working on the file, hidden text, comments, embedded objects and even changes made to the file. While the types of metadata can vary from software application to software application, it can also vary to some degree from document to document. Examples of clearly compromising data that have been inadvertently sent by attorneys in the past include: client comments regarding their desired settlement amount, work product intended for the client but not for opposing counsel, information about prior clients where the document sent was derived from a template and prior versions of the document indicating that the original amount sought was half of what the demand letter stated. In response, a recent decision by the New York State Bar Association Committee on Professional Ethics has interpreted the obligation of attorneys to maintain client confidences to include the protection against the dissemination of metadata that might reveal a confidential client secret. See 2004 WL 3021157 (N.Y. St. Bar Assn. Comm. Prof. Eth.). As you might expect, the degree of duty imposed by this decision varies depending on the circumstances surrounding the transmission of the file. Attention to metadata should be paid, for instance, regarding any sensitive subject matter, documents that have undergone multiple drafts or received comments from the client or when the intended recipient of the file is known to have adverse interests to those of the client. While New York is the most recent state to define the attorney’s role regarding metadata, many states have enacted electronic discovery rules impacting file metadata including Arkansas, California, Florida, Illinois, Maryland, New Jersey, New York, Texas and Wyoming. Most other states are in the process of adapting such rules. In New York, the use of computer technology to access another attorney’s client confidences revealed in the file’s metadata constitutes an impermissible intrusion on the attorney-client relationship in violation of ethical rules. However, non-attorney recipients would not necessarily have such an obligation. Further, in states where no such rules are in place, it may be considered an attorney’s obligation to examine incoming electronic documents for metadata as part of zealously representing their client’s interests. It is always wise therefore to warn your clients about potential metadata risk. The bottom line is that it is a wise practice to understand the risks metadata poses to you and your client and to take proactive steps to protect yourself from exposure. There are third-party applications that will strip your files of much of their metadata. For the 90 percent of attorneys who use MS Office, Microsoft offers a free application to scrub their documents of most metadata. If your copy of Office was purchased since 2002, patches to scrub your documents of metadata can be found on the Microsoft Web site: http://www.microsoft.com/downloads/. Microsoft also publishes articles detailing step-by-step procedures on how to manually remove much metadata. Another free application you may want to try is called Trace and can be found at: http://www.workshare.com/products/trace/default.aspx. While neither of these applications is a panacea, they are both sound steps toward protecting your client. Converting documents to PDF format (which used to be thought of as metadata-safe by many attorneys) does not eliminate all metadata, but there are commercial applications like Appligent that will remove most of such compromising data from PDF files. Another approach acknowledges that your electronic files will likely contain some sensitive information embedded in the metadata. If your client approves, you may wish to discuss entering into an agreement with opposing counsel in which both parties agree not to mine electronic documents for such data. If he or she agrees, you get all the benefits of sharing electronic files with none of the metadata risks. If not, at least you know opposing counsel intends to cull your documents for this data and that you need to take an appropriate response. While the above solutions should work for most circumstances, if you are still uncomfortable with the basic inner workings of computers, you may resort to the tried if true methods of the past: fax and FedEx. Todd Cheesman is an attorney in Concord and an adjunct faculty member at the Massachusetts School of Law. |
We have all heard about viruses and spam, and, presumably, our computers or computer networks now sport some form of protection from outside nefarious influences.|
Home | About the Bar | For Members | For the Public | Legal Links | Publications | Online Store New Hampshire Bar Association |
