Duty of confidentiality at the border

Given a number of recent reports that people's phones are being "searched" by customs officials when entering the US or other countries, it is not surprising to know that the New York City Bar Association recently issued an ethics opinion holding that lawyers must take reasonable precautions to protect confidential information if the lawyer is searched by U.S border/customs agents.  You can read the opinion here: NYCBA Opinion 2017-5.

Although the specific context in which the topic is discussed, the actual content of the opinion is nothing new or surprising.  It is merely an application of the principle already expressed in Model Rule 1.6(c) which states that "a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."

Since the duty is to take reasonable measures to protect the information, the fact that the information is disclosed, by itself, would not result in a violation of the rule.  Whether an attorney violates the rule, will depend on the reasonableness of his or her efforts to protect the information, Thus, the key question is what will be considered "reasonable."

On this, the opinion restates the comment to the Model Rule which explains that reasonableness will depend on may factors and that factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).

The opinion then adds that the simplest way to avoid a problem is to not possess any client confidential information when crossing the border and instead opting for other alternatives such as carrying a “burner” telephone, laptop computer, or other digital device, removing confidential information from digital devices, signing out of cloud-based services, uninstalling applications allowing remote access to confidential information, storing confidential information in secure online locations rather than locally on digital devices, and using encrypted software.