By: Michael Koss and Hon. Kay M. Hanlon (Ret.)
Remote dispute resolution is only nominally different from its in-person counterpart, but attorneys must do more to prepare for remote sessions than would be necessary if they gathered for a proceeding in person. Preparation is key to a smooth and secure start to any remote session.
Review Your Ethical Obligations
Remote dispute resolution involves ethical rules governing confidentiality, competence, and supervision.[i] Attorneys are duty-bound to protect client information against unauthorized disclosures and access,[ii] keep abreast of the “benefits and risks” of practice-relevant technology,[iii] and make reasonable efforts to ensure that non-attorneys and associates also comply with those ethical standards.[iv]
To that end, attorneys should evaluate the technology that an ADR provider uses to host virtual mediations and arbitrations to be sure it complies with the legal profession’s ethical standards:
- Request a platform demonstration so that they and associates are familiar with the application’s interface
- Scrutinize how the session administrator will leverage the application’s security settings to control the session and limit user capabilities.
- Read the platform’s terms of service to understand how it protects confidentiality in accordance with ethical standards[v]
- Investigate whether the session administrator will host the session on a secure network (since they may be working from home) and whether the ADR provider’s computer systems use anti-virus and/or anti-malware software to protect submission information now stored on their server or in the cloud[vi]
Attorneys should also audit their home office set-ups and speak with their in-house IT professionals or contracted cybersecurity vendor for assistance. The computers that an attorney and their assistants use should connect to a secure, non-public Wi-Fi source, and attorneys should password-protect PDFs and other documents[vii] exchanged with opposing counsel and the ADR provider despite the profession’s reasonable expectation of privacy over email.[viii]
Clarify Procedures with the ADR Provider
Attorneys should know the who, what, and when of receiving access information for a remote session from their ADR provider: Who will send the access link? What will that email look like? When will it arrive? With this information noted, attorneys can evaluate an email from an ADR provider against their expectations of it and trust that the link they received is safe.
As cyberthreats mount, it is entirely possible that an attorney may encounter a deceptively familiar email that is “typosquatting” in their inbox: That is, it appears to be from a familiar colleague or company but possesses a misspelled domain name or link. These emails pose a probable threat; malware, phishing scams, viruses, and other clever cyberthreats can lurk behind them, desiring to steal and ransom information.[ix] By knowing how they will receive a videoconference access link, attorneys can circumvent this risk.
Additionally, attorneys should know how the session will be structured and how a settlement agreement will be finalized and preserved before the session begins. They should provide full lists of attending participants to the ADR provider for security purposes, and they should share their phone number with the neutral so the two can communicate when the neutral is in another breakout room or if they experience a temporary technology glitch.
Where settlement agreements are concerned, attorneys should again put on their cybersecurity hats and assess whether the method by which an agreement will be memorialized and archived is secure and accessible.[x] If it will be recorded, what safety measures are in place to guard it? And if memorialized in a document form, will the PDF be password protected and/or e-signed?
Test Your Technology Beforehand
Attorneys should test their technology the day before a remote session is scheduled. This includes downloading the videoconference application onto their computer before the session or updating the application to “correct security and functionality problems in software and firmware,”[xi] if any. Doing so will ensure that an attorney accesses the remote session with the most up-to-date edition of the videoconferencing tool. Attorneys should also run an anti-virus scan on their computer for good measure.
Additionally, attorneys should conduct a practice run with the videoconferencing tool, especially if unfamiliar with it. They can create a free account through the videoconferencing tool and learn how to navigate its interface and connect their audio and video feeds to the test session.
Attorneys should be prepared to access a remote session through a tablet or smart phone if their computer connection falters. Download the mobile application onto those devices in case the need arises. Be sure that those devices also connect to a secure Wi-Fi network or Virtual Private Network (VPN) and are free of any viruses or malware.
Check Background Optics and Confirm Privacy
Optics are important. When preparing for a remote session, attorneys should consider the background of their session feed. Attorneys may want to temporarily remove family photos or other personal features to preserve privacy and position the computer perpendicular to a window to reduce glare. Attorneys can display virtual backgrounds, but their quality is often limited by the color of clothing and wall paint and they may be distorted by pictures or cabinetry.
Lastly, attorneys should confirm that their in-home office is private: that besides the family dog, nobody else can hear what is discussed during the remote session. At its start, attorneys should disclose if family members are home but clarify that they will not be able to hear what is happening.
Videoconferencing is a modern marvel for alternative dispute resolution, but attorneys must plan carefully and think critically to utilize such tools for remote sessions. Ethical obligations to confidentiality, privacy, supervision, and technology competence can guide their preparation and help them resolve disputes through alternative means in a secure virtual setting.
ADR Systems, It’s Settled. ®
[i] ABA Comm. on Ethics & Prof’l Responsibility, Formal Op. 498 (2021), https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba-formal-opinion-498.pdf
[ii] Rule 1.6 – Confidentiality of Information, Ill. Sup. Ct. R. 1.6, https://casetext.com/rule/illinois-court-rules/illinois-supreme-court-rules/article-viii-illinois-rules-of-professional-conduct-of-2010/rule-16-confidentiality-of-information#:~:text=Rule%201.6%20%2D%20Confidentiality%20of%20Information%20(a)%20A%20lawyer%20shall,paragraph%20(b)%20or%20required%20by
[iii] ABA Model Rules of Professional Conduct, Rule 1.1 – Comment, https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1_1_competence/comment_on_rule_1_1/
[iv] ABA Model Rules of Professional Conduct, Rules 5.1 & 5.3, https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_5_1_responsibilities_of_a_partner_or_supervisory_lawyer/ & https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_5_3_responsibilities_regarding_nonlawyer_assistant/
[v] ABA Comm. on Ethics & Prof’l Responsibility, Formal Op. 498 (2021), https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba-formal-opinion-498.pdf
[vi] ABA Comm. On Ethics & Prof’l Responsibility, Formal Op. 477R (2017), https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba_formal_opinion_477.authcheckdam.pdf
[vii] Ibid
[viii] ABA Comm. On Ethics & Prof’l Responsibility, Formal Op. 99-413 (1999), https://www.americanbar.org/products/ecd/chapter/219976/
[ix] Alison Grace Johansen, What is typosquatting? How misspelling that domain name can cost you, NortonLifeLock (Oct. 6, 2020), https://us.norton.com/internetsecurity-online-scams-what-is-typosquatting.html
[x] ABA Comm. on Ethics & Prof’l Responsibility, Formal Op. 498 (2021), https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba-formal-opinion-498.pdf
[xi] Karen Scarfone and Murugiah Souppaya, Guide to Enterprise Patch Management Technologies, National Institute of Standards and Technology (July 2013), https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf