Our colleague, Anne Klinefelter, has written a stunner of a new article at 16 Virginia Journal of Law & Technology 1 (16 VJoLT 1), Spring, 2011, WHEN TO RESEARCH IS TO REVEAL: THE GROWING THREAT TO ATTORNEY AND CLIENT CONFIDENTIALITY FROM ONLINE TRACKING. The title explains a lot about her ideas, but here is a bit more detail. Her thesis is that online legal research providers often track, either for their own use, for corporate parents, or for advertisers or other third parties, the actions of the researcher. This includes the really expensive commercial services, like Lexis or Westlaw, as well as the lower-rent services that I immediately assumed we were talking about! ISPs (the internet service providers) also track use, as most librarians know. Both types of trackers (as well as vendors of all types) use or resell the info, but the tracking info can also be "hacked" by unaffiliated third parties as well.
This has been recently highlighted by a subpoena issued for the music service, Pandora, to share information about its app for the Android and Apple mobile platforms. The concern is that both iOS and Android have been reported to share user data with third parties, and it appears that federal prosecutors are considering bringing very rare criminal charges for violation of online privacy laws, or civil charges under the Computer Fraud and Abuse Act. The creators of the apps could also face charges from the FTC for unfair and deceptive practices, since the users of Pandora on their mobile devices, for instance, had no idea that they were also sharing all their information with third parties. The apps appear to be free, because they are supported by ads in the "Apple store," and users download them in the belief that the ads have "paid for" the application, without ever considering that part of the payment or "monetization" might be tracking their internet use. Well, it turns out that free legal research sites, as well as some rather expensive research sites also "monetize" our research behavior in similar fashion!
Using Google or other ISP sites that begin with https:// means you are using encrypted technology and that stops a certain amount of the "packet sniffing." You can search Lexis-Nexis, Westlaw and GoogleSearch (and GoogleScholar) over https ISPs. But other research services often do not allow encrypted searching. Klinefelter mentions Casemaker, a popular, lowercost search service that is offered as a free option with bar membership in many states.
Klinefelter briefly glances over the issues raised by government tracking of internet users, mentioning a wide variety of issues, but specifically stating that this article is focused on the problem of commercial tracking. She also glances at the problem of mal-ware designed to track users' movements, but again, the focus is elsewhere. In both cases, Klinefelter provides a rich trove of citations on both topics for those who wish to explore the side-bars.
She sees two threats specifically for legal practitioners in this development:
1) Breach of Attorney-Client Privilege;
2) Damage to the Work Product Protection rule.
Ethical rules governing requirements of confidentiality and competency drive developments for attorneys. Read the article.