Government Spying on Privileged Communications

With the recently-revealed intel that the U.S. government has been collecting phone and internet usage information from millions of Americans for years, what steps must attorneys take to safeguard the attorney-client privilege?

Recent news reports have broken the story that the government has exercised authority that many will argue they do not have, to collect data on phone and internet usage of millions of people without cause. These are not cases of a warrant being sought for a specific individual suspected of some wrongdoing, but rather wholesale collection of data from phone and internet service providers on all of their users. Thus far, available reports state that phone calls are not being recorded, but data such as what phone numbers are contacting other phone numbers, when and for how long, are being logged. Details of internet usage being collected appear to include extraction of files such as audio, video, photographs, emails and documents, to track people’s movements and contacts. It is not yet known whose internet data is being collected, but it may well be everyone’s.

Many advocates and scholars are discussing the Constitutional problems with this massive surveillance of the general public, but attorneys have another potential concern – the ethical issues that may arise with the knowledge that details of their attorney-client communications are in the hands of the government.

The Rules We Know

The Model Rules of Professional Conduct Rule 1.6 states that an attorney “shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation, or the disclosure is permitted” to prevent a range of significant harms, including the death of another person. Communications between a lawyer and his client are privileged, and neither may be compelled to disclose the content of those communications, but the privilege must be safeguarded. Without taking steps to ensure the communication is confidential, the privilege may be lost. The attorney would then be in violation of Model Rule 1.6.

We typically hear of losing the privilege by allowing a third party to be present or listen into a conversation, either intentionally or because the conversation takes place somewhere public such as an elevator or coffee shop. Wiretaps, such as those put in place by virtue of a proper search warrant, generally may not be used to record privileged conversations and if any privileged conversation is recorded without the knowledge of the parties involved in the conversation, the privilege would not be lost.

The New World

Prior to the recent disclosure of the government’s surveillance program, no attorney would have any reason to suspect that his phone and electronic communications with clients were compromised. Now, though, we all have reason to believe that all of our communications are being monitored to some degree. How can we maintain privilege if we know this is happening?

Without advocating either panic or complacency, here are some things to think about when considering what course of action to take to protect the privilege.

  • It is the government, not an opposing party, who has this information. Unless you are litigating against the Federal government in a criminal or civil action, your opposing party has no more access to your privileged information than they did prior to this revelation.
  • It has not happened yet, but keep an eye out for a private litigant to subpoena the government or phone or internet provider for attorney’s call records; they will have to argue that privilege was broken when the government collected the data. Since this was done without attorney or client knowledge prior to recent revelations, this does not sound like a winning argument, but consider whether it would be accepted by a court for data gathered after the public revelation of the surveillance.
  • Everyone is impacted by this surveillance, so every attorney who might make the argument that privilege is broken will also be subject to losing his own and his clients’ privilege.
  • There is virtually no way to communicate effectively with our clients without using some form of electronic or telephonic means. To have nothing but in-person meetings and exchanges of documents is impossible for most attorneys if they are going to keep their practices working. If this issue ever reaches litigation and a ruling, this will have to be taken into account.
  • The type of information being gathered does not allow attorneys to place any sort of privilege warning on the communications. An attorney meeting a client he suspects of being tapped in some way can announce before speaking to the client something to the effect of “stop recording, this is a privileged conversation.” An attorney sending an email can put in the text “ATTORNEY CLIENT PRIVILEGED COMMUNICATION.” There are no safeguards to be put in place when the data collected is what phone number called what other phone number at what time and for how long, nor can an attorney place a warning on the internet usage history that shows the research done for a client.

It seems that there is little attorneys can do to maintain strict compliance with Model Rule 1.6 when privileged communications are being logged by the government. The only protections are functions of reality – that all lawyers are equally subject to the surveillance, that we cannot put warnings on our communications, and that to withdraw completely from the information grid subject to surveillance is unrealistic. Perhaps the only thing we can do is evaluate our own comfort level with the situation and advise our clients accordingly.

Please comment below on how you plan to handle privilege in this now-known era of massive government surveillance.



  1. Avatar David W. says:

    The fact that this program is supposedly “top secret” might actually work in lawyers’ favor when it comes to privilege, as it makes it highly unlikely that anyone could just subpoena the information. Given that we only know about the program because of a leak by a seemingly low-level IT guy, however, I see a different cause for concern. I’d be more worried, potentially about leaks of information about privileged communications, in some sort of uncontrolled data dump.

  2. Avatar Greg Broiles says:

    From a California perspective, it seems to me that the real excitement should be centered on the attorney’s duty of confidentiality (per Bus. & Prof Code 6068(e)(1)), ““[t]o maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client” – and not the attorney-client privilege.

    More specifically, it’s my understanding that the *client* is the holder of the attorney-client privilege (per Evidence Code 953), and that the privilege is only waived by the *client*, when they disclose the confidential information, or consent to its disclosure.

    Still, I’m pretty skeptical that bar disciplinary committees are going to subject attorneys to discipline, or that courts will rule that the attorney-client privilege has been waived, because of a mere possibility that confidential information has been captured by intelligence/law enforcement agencies, or third parties working on their behalf.
    In particular, the Supreme Court’s recent ruling in _Clapper v. Amnesty International_ ( held that various attorneys and human rights workers who were apparently (but not provably) subject to surveillance lacked standing, without proof that they had been surveilled, to challenge 50 USC 1881a (authorizing surveillance of non-US persons located abroad without individualized suspicion).

    If the Supreme Court is going to take the position – which conveniently allowed them to sidestep addressing the constitutionality of 1881a – that we can’t assume the surveillance is happening, absent specific proof that it *is* happening – then it seems reasonable to take the same approach with respect to the potential loss of privilege/confidentiality.

    What would be a closer question – if I didn’t believe that practicality will require that trial courts avoid the issue at all costs – would be to subpoena records from private companies such as Booz, Allen, and Hamilton. It’s one thing to say that we can’t send a subpoena to the NSA or the CIA for their records, vis-a-vis sovereignty and the state secrets doctrine. It’s another thing to say that third parties – private actors – can also hide under that shield. It would strain credulity to claim that the contents of ordinary communications are themselves classified – if Divorcing Party A wants to subpoena phone metadata of Divorcing Party B, calling back & forth with Irresponsible Adulterer, and where that metadata has been voluntarily disclosed to telephone service providers (per _Smith v. Maryland_) so there’s no expectation of privacy – it’s tough to argue that the simple evidence of adultery has, by reason of its capture, somehow become a matter of national security, such that Divorcing Party B and Irresponsible Adulterer – who probably aren’t cleared for that information – can no longer look at their own phone bills.

    The courts have been asked to bend so many rules, and reach such strained conclusions, that we’re really left with a jumble of contradictions that provides no guidance and makes no sense. We might once have chosen to hold our noses and turn our heads aside and ignore small contradictions or inconsistencies in the name of national security and expediency – but the recent developments reveal that we’re far past the occasional bending of a rule when absolutely necessary (or expedient) to prevent great harm, and we’re deep in “just because we can” territory.

  3. Avatar Colin Leicht says:

    I have questions (which maybe have no answers):

    If nobody knows the information was learned by the NSA, and the NSA claims its own compelling national security interest over disclosure of the records in a possible court case, can it break any attorney privilege before the information is ascertained to be known by the NSA?

    Additionally, I wonder then if NSA surveillance is different from the idea that using email already involves granting known third-parties access to confidential data, much less potential hackers. Do they know about the content of the communication if they never read them, never opened them, or no one ever discovered that the hackers were there?

    In other words, if a tree falls in the forest, and no one hears it…did a specific person chop it down?

    I’m not sure if that rationale is sufficient or not, but I sure hope I never encounter such a scenario in my practice.

  4. Avatar Ted says:

    Well, you could take steps to ensure the confidentiality of your communications by using strong end-to-end encryption, which is pretty easy to do and which, as far as I think is publicly known, is secure. That doesn’t solve the “traffic analysis” problem, though.

Leave a Reply