Cloud computing, or software as a service (SaaS), means moving your applications from your computer to the “cloud.” It is the difference between Microsoft Word (locally-hosted, since it is on your computer) and Google Docs (remotely-hosted, since it is on Google’s computers).
The most-common objection to using SaaS is the fear of waiving the attorney-client privilege, usually because “free” e-mail services like Yahoo! Mail, Gmail, and Hotmail scan users’ e-mail for keywords to target advertising. But SaaS is an attractive alternative for many lawyers, who would rather not deal with IT themselves or maintain an expensive IT consultant. As a result, many lawyers and law firms are looking at Google Apps, hosted Exchange, and Zimbra as less-expensive alternatives to having a local server.
I use Google Apps, and I am not worried about security, privacy, or waiving the attorney-client privilege. Here is why:
You and your clients are already using SaaS
If you use e-mail, you are probably using SaaS, even though you may not realize it.
First, many—perhaps most—of your clients are already using cloud services like Gmail, Yahoo! Mail, Hotmail. These are SaaS providers that scan your clients’ messages—including the ones from you—to provide relevant advertising. Whether or not you use SaaS yourself, if the attorney-client privilege was so easily waived, you would probably have waived it already for many of your communications.
Second, you are also probably using SaaS yourself. Have a Blackberry, iPhone, or any other mobile messaging device? That information is going through the servers of RIM, Apple, or whoever, where third parties have access to it. If you are like most law firms, you have a hosted e-mail provider like Comcast, A2, or GoDaddy, where third parties also have access to your e-mail. They may not scan it for advertising, but their computers store it, just like Google’s.
But don’t worry . . .
The clouds are not reading your e-mail
The difference between free services and paid services is usually advertising. If you buy a premium Google Apps account or you pay for a hosted Exchange server, your provider will not scan your e-mail to insert advertising. They probably will still scan your e-mail and (calendar and other items) so you can search for things, later.
Inadvertent disclosure does not waive the attorney-client privilege
Only the client can waive the attorney-client privilege, although they can do so through carelessness. If using a cloud-based e-mail service is enough to waive the privilege, then many clients have already done so. But at least one New Jersey court did not bring up this possibility when finding that the attorney-client privilege protected a client’s Yahoo! Mail account, even when she accessed it on her employer’s computer.
It seems unlikely that a data breach at your SaaS provider would mean your attorney-client communications must be revealed to opposing counsel.
Although suspicion prevails, talk to your IT provider and your local ethics board before deciding whether or not you are comfortable using the cloud for your client-related data.