Technologist - The FindLaw Legal Technology Blog

More NSA Revelations: Now Your Cellphone Isn't Safe

One of the big surprises at last night's Oscars was the win of "Citizenfour" for Best Documentary. Though that category often involves controversial issues, "Citizenfour" is Laura Poitras' documentary about the Edward Snowden NSA revelations. Snowden himself remains a controversial figure. Depending on your politics, he's either a whistleblower or a traitor.

Of course, without Snowden, we'd have no way of knowing just how insecure our "secure" communications channels are. Week by week, the news just keeps coming that the NSA is listening in on things every way they possibly can. Including your cellphone calls.

They've Got Your SIMs

That's a problem for regular folks, but it's especially a problem for confidential attorney-client communications. Last week, Jeremy Scahill and Josh Begley of The Intercept reported that the NSA had found a way to break the encryption on SIM cards, the removable microchips through which cell phone communications flow.

A joint task force of the NSA and its British counterpart, the Government Communications Headquarters, worked together to hack into the computer system of the world's largest manufacturer of SIM cards and steal the encryption keys for millions of SIM cards. With the keys, the government can listen in on cell phone conversations, which are encrypted, without the need for a warrant compelling the service provider to hand the keys over.

It really makes you wonder whether any communications medium is secure enough anymore that the lawyer and client have a reasonable expectation of privacy. So far, no government agency has had the gall to argue that, because the NSA can hack a medium, communications made over that medium aren't privileged. Generally, the fact that someone could be listening to a conversation isn't enough to destroy client confidentiality. (There could always be someone outside with a stethoscope or a glass to the door.)

More of the Same

The cellphone incident is just another vector for a conversation we've been having for years: To what degree can lawyers rely on technology when they have to balance their duty of confidentiality? As far back as 2008, the New York State Bar asked this question of Gmail, which processes mail through a computer in order to extract keywords and display advertising. Does this act undermine a reasonable expectation of privacy, especially because Gmail is up front that they do it?

In that case, the New York State Bar said "no," but only because a machine, and not a human, reviews the content and passively scans it for the purpose of targeted advertising.

Unless your clients are accused of terrorism or mafia connections, it's not likely the government is actively seeking out your particular privileged cellphone communications. But the continued encroachment of the government on communications is troubling and could potentially lead to state bars advising lawyers against using things like Gmail and cellphones to communicate with clients.

Related Resources: