Bressler Risk Blog

“Consultation Opens for AML/CTF Regulation of Real Estate Agents, Lawyers, Accountants and other Professions” —

• “The Commonwealth Attorney-General’s Department has opened a consultation process for the Tranche 2 reforms, expanding those industries and organisations regulated under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Act).”
• “Organisations captured under the reforms will need to assess the legal and regulatory impact on their current operations and should engage in the consultation with Government. Proactive engagement with the consultation will be critical for organisations in shaping the implementation of Tranche 2 and the timing of when compliance obligations will commence.”
• “These proposed reforms are particularly important as Australia remains one of the few countries in the Financial Action Task Force (FATF) Global Network (out of nearly 200 members) that has not regulated, or committed to regulating these sectors within its AML/CTF regime.”
• “With no draft legislation currently provided, it is has been reported in the consultation that there will be a further round of consultation prior to the introduction of any reforms to Parliament. This provides an opportunity to engage with Government on the legislation, including a staged implementation of the reforms and a longer ‘assisted compliance’ period, which would enable sufficient time for newly reporting entities to meet their compliance obligations.”

“Some Third-Party Litigation Funders Pose a Threat to US Security” —

• “Third-party litigation funding and, more broadly, litigation investment entities, have become prominent fixtures in the US legal landscape. These funders—including hedge funds, private equity funds, and even sovereign wealth funds—either pay for plaintiffs’ litigation costs with an agreement that they will receive a large portion of any eventual payment, or own shell companies that exist only to profit through litigation.”
• “Recent estimates put the US litigation funding market size at $13.5 billion with an additional $3.2 billion in new investments last year alone. Litigation investments disproportionately affect IP. Last year more than 20% of all new litigation financing capital commitments were directed toward patent litigation, following nearly 30% the prior year.”
• “Even more troubling than the growth of an industry that monetizes IP litigation and the courts is that the vast majority of investments go undetected. A few courts have introduced funding transparency requirements, but by and large, investment entities are able to direct lawsuits from behind the curtain, without ever revealing themselves.”
• “More specifically, by controlling litigation from overseas, foreign entities could damage the reputation of and drain resources from US competitors, while getting access to sensitive information during legal proceedings. The ILR report highlights TPLF in patent litigation as indicative of the litigation investment model’s risks, in general.”
• “Lawmakers are only just beginning to prioritize addressing the threat that litigation investment entities pose. A group of state attorneys general raised concerns in a letter to the Department of Justice ‘that TPLF is being used to harm our States and threaten our country’s economic and national security,’ and ‘through strategic lending, foreign adversaries could threaten our economic and national security by weaponizing the U.S. judicial system.'”

“Do Kwon’s Multi-Million Dollar Transfer To Law Firm Before Terra’s Collapse” —

• “South Korean prosecutors have made a new revelation in the fraud case against Do Kwon, the co-founder, and CEO of Terraform Labs. According to a report by national broadcaster KBS, the blockchain company paid nearly $7 million to Kim & Chang, one of the country’s largest law firms, before the collapse of its digital currencies last year.”
• “The payments were made in several transactions from Terraform’s Singapore headquarters and have raised suspicions that the company may have cashed out digital coins, which could lead to embezzlement charges. Prosecutors are cooperating with law enforcement in Singapore to confirm the source of the funds.”
• “The report suggests that Kwon was aware of the impending collapse of Terraform’s digital currencies and may have made legal preparations to mitigate the risks. Investigators are now focusing on the payments made to the law firm, which could provide valuable insight into the company’s financial dealings before its downfall. If proven, these payments could be crucial evidence in the ongoing fraud case against Kwon.”
• “Do Kwon, the founder of Terraform Labs, is facing extradition requests from both the United States and South Korea following his arrest in Montenegro.”

“Legal powerhouse Proskauer exposed clients’ confidential M&A data” —

• “A security lapse saw Proskauer Rose, an international law firm headquartered in New York City, expose sensitive client data for more than six months, TechCrunch has learned.”
• “A person with knowledge of the incident told TechCrunch that data from Proskauer’s merger and acquisitions business was left on an unsecured Microsoft Azure cloud server.”
• “TechCrunch obtained a portion of the exposed dataset, which included approximately 184,000 files total, the person told us. These files were accessible from the web browser by anyone who knew where to look, and contained private and privileged financial and legal documents, contracts, non-disclosure agreements, financial deals and files relating to high-profile acquisitions.”
• “Details of the exposed cloud server were captured by GrayHatWarfare, a searchable database that indexes publicly visible cloud storage and files. The files are understood to have been left public for at least six months.”
• “Proskauer resolved the spill about two weeks ago, but has not yet notified its clients, whose website lists Major League Baseball and Morgan Stanley as clients.”
• “In an email to TechCrunch, Proskauer, which incorrectly referred to the data exposure as a “cyber attack” since there is no evidence of malice, would not say whether the law firm has any evidence of data exfiltration.”

“Proskauer Rose Data Breach Stemmed From Common Oversight Mistakes, Not Cloud Technology” —

• “In early April, international law firm Proskauer Rose came under fire for leaving sensitive client information exposed in unsecured cloud storage for nearly six months.”
• “The law firm shortly thereafter released a statement saying that an unnamed third-party vendor, who was hired to create an information portal into Proskauer’s Microsoft Azure cloud, “had not properly secured it,” leading to the data breach.”
• “Cybersecurity professionals who spoke to Legaltech News noted that third-party vendors often make such fatal mistakes. Still, they weren’t so keen on entirely letting law firms off the hook for responsibility in such situations, noting that they’re ultimately accountable for the security of their clients’ data and have a responsibility to oversee vendor work.”
• “In Proksauer’s case, though the details of what exactly happened weren’t public, the firm did note that the middle-man, the vendor in charge of creating the information portal which was left misconfigured, was responsible. But having clearly defined roles in these situations is unusual, Sangster noted.”
• “Therefore, while cloud storage is not infallible, it often isn’t the technology that leads to data breaches, but rather human beings who deal with the system that fail to take proper security measures. And ideally, all facets of the storage ecosystem should be communicating and working together to avoid, such a scenario.”
• “‘Because ultimately, we see the same mistakes whether the place the law firm is storing the data is on premises or in the cloud,’ Sangster said. And in this case, the responsibility to investigate what happened, ‘falls on Proskauer, because they’re the ones who have a relationship with the clients.'”

“Cadwalader Hit With Class Action Stemming From Data Breach” —

• “Law firm Cadwalader, Wickersham & Taft is at fault for exposing personal data in a November 2022 breach, according to a proposed class action filed Wednesday in Manhattan.”
• “The firm ‘failed to prevent the data breach because it did not adhere to commonly accepted security standards and failed to detect that its databases were subject to a security breach,’ the suit alleges.”
• “Ohio-based attorney Patrick Perotti filed the lawsuit in the Southern District of New York, claiming more than 93,000 people had identifying information compromised and are at risk of credit fraud or identity theft.”
• “The New York-founded firm fell victim to the cyberattack on Nov. 15 and 16 when an unauthorized third party gained remote access to the firm’s systems and acquired information from the Cadwalader’s network, the complaint said.”
• “The data breach prompted the firm to wipe firm-issued laptop hard drives and forced many of its internal systems offline, according to media reports.”

“November Cyberattack Hobbled Cadwalader for Weeks, Internal Emails Show” —

• “Weeks later, the firm’s internal document management system remained offline, according to internal emails from managing partner Pat Quinn obtained by The American Lawyer. An attorney with knowledge of the situation provided evidence that some documents were unrecoverable for an extended period of time and potentially lost for good, contradicting a firm spokesperson’s statement that Cadwalader had made a full recovery by the end of the year.”
• “The firm also declined to answer specific questions about the hack, including whether any client data had been accessed or encrypted by the hackers.”
• “Third-party cybersecurity experts said Cadwalader’s response appeared to be mostly in-line with industry best practices in the wake of a breach, although those practices include calculated risks that are unavoidable for law firms.”
• “Two weeks after the initial attack, the firm restored Citrix and most iManage functions in the U.S., although U.S. employees were only able to access their documents through the Citrix remote desktop. However, the attorney who spoke with The American Lawyer said the roundabout access method hamstrung lawyers’ ability to circulate documents, causing consternation among attorneys and clients. (A Cadwalader spokesperson disputed the attorney’s account.)”
• “The attorney also said they felt the firm wasn’t completely forthcoming with clients about the security of their documents. In a conference call and in subsequent emails, the firm asked attorneys to access client documents on their personal computers if they had Microsoft Word installed as the firm worked to reinstall the Microsoft Office suite on its computers.”
• “Cadwalader declined to say what the perpetrators of its cyberattack were after, but Pollock said hackers’ motives are almost always financial. ‘It’s always extortion,’ Pollock said. ‘Obtaining data to extort someone, to delete the data or sell it on the dark web.'”
  “Not all law firm data breaches get reported. Data breach reporting laws vary by state but tend to focus on personal information rather than business information, and states such as New York don’t maintain public databases of required data breach reports.”

“American Bar Association data breach hits 1.4 million members” —

• “The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.”
• “Thursday night, the ABA began notifying members that a hacker was detected on its network on March 17th, 2023, and may have gained access to members’ login credentials for a legacy member system decommissioned in 2018.”
• “‘On March 17, 2023, the ABA observed unusual activity on its network. The incident response plan was immediately activated response, and cybersecurity experts were retained to assist with the investigation,’ warns a notification email sent to impacted members and seen by BleepingComputer.”
• “BleepingComputer was told by the ABA that 1,466,000 members were affected by this breach.”
• “While BleepingComputer has learned that this was not a ransomware attack and that no corporate or personal data was stolen, there are some concerns that the threat actors could abuse the credentials. The American Bar Association says these legacy credentials were hashed and salted, meaning they were converted from plaintext into a more secure format.”

“Appellate Division Says Law Firm May Not Withdraw From Case Despite Disqualifying Conflict of Interest” —

• “In an unpublished opinion, the New Jersey Appellate Division consolidated two back-to-back appeals arising from a 2013 complaint filed by Allstate against a group of medical defendants which alleged a number of violations of the Insurance Fraud Prevention Act—one of which addressed a firm’s motion to be relieved as counsel in the case.”
• “As to the Gloucester County matter, the Flynn firm argued that the court erred in denying its motion to be relieved as counsel and claimed that Vernon’s dissolution action against Carabasi created a disqualifying conflict of interest under RPC 1.7(a). According to the opinion, the firm stated that ‘with the demise of the SJHW entity in bankruptcy, the individuals’ stated position at the outset of the case that any potential liability would be paid by the entity and thus shared between all defendants has vanished.'”
• “Additionally, the firm asserted that Vernon’s allegations against Carabasi constituted an alteration to the original agreement due to unanticipated, extenuating circumstances and that the conflict is nonwaivable under RPC 1.7(b), according to the opinion.”
• “‘We decline to adopt the court’s finding that Dr. Vernon’s claims against Dr. Carabasi did not create a RPC 1.7 disqualifying conflict of interest for the Flynn Firm,” the opinion said. “Nevertheless, we are satisfied the court did not abuse its discretion in denying the Flynn Firm’s motion to withdraw as counsel.'”
• “According to the opinion, an attorney is not automatically relieved from representing a client on discovering their representation is in violation of a rule of professional conduct. The appeals court stated that here, as in the New Jersey Supreme Court opinion in Dewey v. R.J. Reynolds Tobacco, the court found it would be near impossible for substitute counsel to develop the same knowledge of complex litigation as the Flynn firm.”
• “‘As noted, we depart from the court’s reasoning to the extent it determined the Flynn Firm was not faced with a disqualifying conflict of interest under RPC 1.7,’ the appeals court said. ‘As explained in Loughry’s ethics review, Dr. Vernon’s claims against Dr. Carabasi could have a material impact on the Flynn Firm’s joint representation of the medical defendants in the Gloucester County litigation. Even if a disqualifying conflict existed, however, the court was within its discretion to determine equitable factors precluded the Flynn Firm’s withdrawal.'”

“Dane County judge rejects effort to disqualify law firm suing over fake electors” —

• “A Dane County judge on Wednesday rejected a request by one of the attorneys involved in the Republican attempt to hand Wisconsin’s Electoral College votes to Donald Trump to disqualify the law firm suing the group.”
• “Jim Troupis, a former Republican-appointed Dane County judge who represented Trump in a failed effort to overturn Wisconsin’s 2020 election results, filed the motion last summer alleging he and his wife had an ongoing attorney-client relationship with Stafford Rosenbaum attorney Johanna Allex at the time that other lawyers with the law firm brought the lawsuit against him and several others in May 2022.”
• “Troupis and his wife retained the firm in late 2019 and worked with Allex to develop and prepare an estate plan, which involved providing the law firm with ‘intensely private and confidential matters and information about their family, assets, and finance,’ according to Troupis’ motion.”
• “While the estate plan was never finalized, Troupis considers himself a client of Stafford Rosenbaum. He contended the financial information provided to the law firm as part of preparing an estate plan is relevant to the lawsuit, as it seeks punitive damages from the defendants.”
• “Dane County Circuit Judge Frank Remington ruled that Troupis’ attorney-client relationship with Allex ended in February 2020, after he paid the firm for services related to the estate plan — more than two years before the lawsuit was filed. Remington said Troupis’ belief that he continued to have an attorney-client relationship after that point ‘was not reasonable.'”

Above the Law writes: “ChatGPT: A Menace To Privacy” —

• “Open AI in its terms of use states the following:
  • You may provide input to the Services (“Input”), and receive output generated and returned by the Services based on the Input (“Output”). Input and Output are collectively “Content.” As between the parties and to the extent permitted by applicable law, you own all Input.“
• “The above statement is a little misleading. If the user owns all input, then input should not be stored in the database without the user’s permission. The terms of use are silent as to how this AI will be storing input and how a user can exercise their rights on the input that they own. Merely stating that the user owns input is not enough.”
• “This should stand out as a big red flag for privacy professionals. Privacy laws around the globe are in place to protect an individual’s personal data or personally identifiable information.”
• “As mentioned earlier, legal professionals are using this tool to proofread contracts and even draft contracts. As a result, they are exposing sensitive information and at times inadvertently entering personal information into the system as well. That information shall remain in ChatGPT’s possession to use for whatever purpose they chose to. Well, isn’t that illegal? Technically yes, but Open AI nowhere claims to be compliant with GDPR, CCPA/CPRA, or any other privacy standard for that matter. So the user assumes the risk when using the chatbot, giving ChatGPT an easy escape.”
• “Here are a few ways ChatGPT could violate standard privacy regulations:
  • It does not state a legal basis for processing the personal information it receives.
  • Users are not given a mechanism to exercise their ‘right to be forgotten’ or “right to amend” personal information.
  • Personal information is stored indefinitely with no insight on how that data is secured and protected.
  • ChatGPT gathers information from unknown sources on the internet. If a user has any digital footprint, chances are ChatGPT knows a great deal about that user depending on what is available on the internet. This knowledge may be false, and the user has no recourse to correct, amend, or even delete the false information.”
• “Here are some measures we can take while using ChatGPT:
  • Never enter personal information into ChatGPT. Always redact prior to exposing a legal document for review.
  • Never enter information about a client or customer. Always create vague scenarios unrelated to the client prior to asking ChatGPT for assistance.
  • Keep your questions broad and generic so that they cannot be tied to another individual.”

For example: “Samsung Software Engineers Busted for Pasting Proprietary Code Into ChatGPT” —

• “Multiple employees of Samsung’s Korea-based semiconductor business plugged lines of confidential code into ChatGPT, effectively leaking corporate secrets that could be included in the chatbot’s future responses to other people around the world.”
• “One employee copied buggy source code from a semiconductor database into the chatbot and asked it to identify a fix, according(Opens in a new window) to The Economist Korea. Another employee did the same for a different piece of equipment, requesting ‘code optimization’ from ChatGPT. After a third employee asked the AI model to summarize meeting notes, Samsung executives stepped in. The company limited each employee’s prompt to ChatGPT to 1,024 bytes.”
• “The OpenAI user guide(Opens in a new window) warns users against this behavior: ‘We are not able to delete specific prompts from your history. Please don’t share any sensitive information in your conversations.’ It says the system uses all questions and text submitted to it as training data.”
• “Samsung is reportedly considering building its own AI to prevent future mishaps, though engineers could likely bypass any measures by using ChatGPT on personal devices. Microsoft Bing and Google Bard can also detect bugs in lines of code, so banning ChatGPT is not a bulletproof solution.”

Eileen Garczynski of Ames & Gough shares: “ChatGPT and the Emerging AI Risk Landscape” —

• “Al’s knowledge is limited since it’s based only on the information used to train it… As a result, employers cannot be certain that the information this technology provides or what it produces is accurate. In some cases, Al-generated errors can be costly, subjecting organizations to liability, government audits, fines and penalties. Employers would be wise to verify the information produced by Al tools before using it.”
• “This technology can create potential privacy issues for organizations. For example, employees may share proprietary, confidential or trade secret information with ChatGPT (or a similar Al chatbot) which will then become part of its database and could be included in responses to other parties’ prompts… Before using Al technology, employers should consider reviewing and updating their confidentiality and trade secret policies to ensure they cover third-party Al tools.”
• “Al-generated content can also potentially violate IP infringement laws. For example, if the chatbot generates content similar to existing copyrighted or trademarked material, the organization using that content could be held liable for infringement.”
• Organizations can train employees on potential copyright, trademark and IP infringement issues or restrict access to Al tools to reduce legal risks.

Jeff Brandt noted: “New report on ChatGPT & generative AI in law firms shows opportunities abound, even as concerns persist” —

• “A new report discusses the evolving attitudes towards the use of generative AI and ChatGPT within law firms, surveying lawyers about the opportunities and potential risks”
• “It didn’t take long after OpenAI released its ChatGPT prototype for public use — shedding light on the myriad abilities that its underlying technology, generative artificial intelligence (AI), possessed — that many lawyers and legal industry experts became keenly aware of what these tools could mean for the profession and for law firms in particular.”
• “In fact, a recent survey of law firm lawyers illustrated this dichotomy well — a large majority (82%) of those surveyed said they believe that ChatGPT and generative AI can be readily applied to legal work; and a slightly smaller majority (51%) said that ChatGPT and generative AI should be applied to legal work.”
• “The survey, conducted in late-March by the Thomson Reuters Institute, gathered insight from more than 440 respondent lawyers at large and midsize law firms in the United States, United Kingdom, and Canada.”
• “A large portion of respondents had concerns with use of ChatGPT and generative AI at work — 62%, which included 80% of partners or managing partners. Further, many of the concerns voiced in our survey seemed to revolve around the technology’s accuracy and security, most specifically about how law firms’ concerns of privacy and client confidentiality will be addressed.”
• “Still, many legal industry observers (and many of our respondents) know that by any measure, we are still early in the game for generative AI and ChatGPTs. It is expected that time and experimentation will make users more comfortable with these tools, and a day will come when generative AI and ChatGPT is in as common use within law firms as online legal research and electronic contract signing are now.”

“Accounting firm EY calls off ‘Project Everest’ to break up firm” —

• “Accounting firm EY has called off its plan to break up its auditing and consulting divisions. The firm, formally known as Ernst & Young, announced it was ‘stopping work on the project’ because its US arm decided to not to move forward.”
• “The plan came as regulators called for major industry reforms over conflicts of interest and poor working practices.”
• “EY’s announcement ends a year-long battle to build internal support to split the units.”
• “‘We acknowledge the challenges with separating some of our businesses that have the deepest technical expertise in a way that gives both organisations the capabilities they need to compete in the market effectively,’ according to an internal note seen by the BBC.”
• “Financial supervisory bodies in the US, UK and Europe have raised concerns about large accounting firms, claiming they cannot fairly serve as an auditor of clients who also use their consultancy services.”
• “The project cost the firm more than $100m (£80.3m) according to the Wall Street Journal.”

“SEC fines Corvex Management $1M for SPACs conflicts” —

• “New York-based investment adviser Corvex Management agreed to pay $1 million to settle allegations it failed to disclose personnel ownership in certain sponsors of special purpose acquisition companies (SPACs) and didn’t have policies and procedures reasonably designed to thwart conflicts of interest.”
• “Between 2020 and 2021, unnamed Corvex personnel were involved in the formation of three SPACs and shared ownership of the SPACs’ sponsors, according to the SEC’s order.”
• “Corvex had the power “to make investment decisions on behalf of private funds that Corvex advised, including by causing such private funds to purchase securities … to assist with financing SPAC business combinations,” the order stated. The firm would cause its clients to participate in transactions amounting to $52.5 million, $45 million, and $25 million in connection with the business combinations, according to the SEC.”

“Independence, Conflict and the In House Solicitor” —

• “The SRA has in the past expressed concern that solicitors who represent clients whose business is particularly valuable to their firm can find themselves in a difficult position if the client instructs them to do something which potentially conflicts with their professional obligations. The SRA has therefore reminded the profession of the importance of acting with independence in such situations notwithstanding the obvious tension that this can create especially for solicitors working in an in house legal team where the instructions come from their employer. The possibility for conflict between the commercial needs of the business and the legal adviser’s regulatory obligations will inevitably be even greater.”
• “This issue has been highlighted by a recent thematic review conducted by the SRA of in house legal teams. In its survey the SRA asked over 1200 in house solicitors what the main issues that affected them were and in response 10% said that they felt that they had been forced to compromise their regulatory obligations to meet the needs of the businesses for whom they work.”
• “This is a worrying but arguably not surprising statistic. In times of economic downturn the pressure on businesses necessarily increases and the need to ‘get the deal done’ will likewise increase. Alternatively, if a solicitor is working in house for a business which itself is the subject of scrutiny, there is a risk that they could be asked to suppress information in a way that is again at odds with their regulatory duties. In fact 5% of those who responded to the SRA’s survey said that this had been their experience.”
• “The SRA described the results of its survey as “generally encouraging” but this has provoked an outcry from a number of GCs of large and reputable companies, who have posted their response on social media. These GCs say that the SRA has seriously underestimated the ethical challenges faced on a daily basis by many in house lawyers and has called for measures to be put in place by the Regulator to help to support those who find themselves in such situations.”

“Law Firm Can’t Represent Ex-DLA Piper Atty In Cannabis Row” —

• “A California state appeals court on Tuesday upheld the disqualification of an attorney who used emails his client provided him in a tort dispute over a cannabis company, finding that the emails were improperly acquired since they were protected by spousal privilege.”
• “Following an internal dispute, the owners of Cannaco Research Corp., a Northridge, California-based firm that manufactures and distributes cannabis products, engaged in a legal battle during which company emails between one of the owners, Ann Lawrence Athey, and her husband were given to an attorney, who then used the emails in a related case.”
• “The order noted that the courts cannot police what clients tell their lawyers, but it can police how information given attorneys is obtained. The panel said not to restrict the use of improperly obtained communications would be a breach of the public’s trust in the legal system.”
• “‘To allow continued representation of a client after counsel has been provided with, and then used, improperly obtained confidential information would undermine the public’s trust in the fair administration of justice and the integrity of the bar,’ Second Appellate District Justice Dennis Perluss wrote in the order.”

“Coca-Cola Says It Was ‘Fired’ by Law Firm Assisting Opponent” —

• “The Coca-Cola Co. is trying to stop one of its outside law firms, Paul Hastings, from representing a beverage cooling company suing Coke for more than $100 million over an alleged breach of contract.”
• “Paul Hastings ‘fired’ Coca-Cola to take on a more lucrative lawsuit by SuperCooler Technologies Inc., according to a motion the beverage maker filed Wednesday in federal court in Orlando, Florida.”
• “Judge Carlos Mendoza should remove Paul Hastings from the case because the firm has a conflict of interest, having represented Coca-Cola for years on ‘sensitive matters with respect to international human rights concerns,’ according to Coke’s motion.”
• “The motion shows the tangle law firms can get themselves into when a client objects to the representation of others with industry ties.”
• “SuperCooler’s representation in the case switched to Paul Hastings from Cahill Gordon & Reindel after Paul Hastings hired the Cahill lawyers who worked on the lawsuit.”
• “‘We have a long standing attorney-client relationship with Paul Hastings and are extremely disappointed that the firm would pursue litigation against The Coca-Cola Company while actively handling legal matters on our behalf,’ Coca-Cola said in a statement.”
• “Paul Hastings argues that an ‘advance waiver’ Coke agreed to allows the firm to represent SuperCooler, according to a court filing. Paul Hastings is prepared to end its Coke representation if the beverage maker doesn’t withdraw its demand on SuperCooler, according to an email attached to the motion.”
• “In the Coca-Cola case, the company says it only found out about the conflict when two associates representing SuperCooler alerted Coke’s outside counsel that they’d been hired by Paul Hastings and would be changing their information on the docket.”
• “‘Paul Hastings knew Coca-Cola would never voluntarily consent to such a representation and deliberately did not inform Coca-Cola of the conflict, nor try to obtain informed consent,’ the Coke motion says. ‘Paul Hastings should not be permitted to profit from this duplicitous and fundamental violation of its duty of loyalty to Coca-Cola, and its lack of candor with its own client.'”

“Johnny Doc Raises ‘Serious Concerns’ About Ballard Spahr’s Conflicts: Federal Judge” —

• “A Pennsylvania federal court judge found that Philadelphia union leader John Dougherty, who was convicted in November on federal bribery charges, has raised ‘serious concerns’ about potential conflicts of interests involving his former Ballard Spahr attorneys, but he concluded the issue did not stand in the way of a second embezzlement trial set to begin next month.”
• “U.S. District Judge Jeffrey Schmehl of the Eastern District of Pennsylvania on April 13 denied a request by Dougherty, the once politically powerful boss of Local 98 of the International Brotherhood of Electrical Workers, to vacate his public corruption conviction as well as the embezzlement indictment.”
• “But he concluded that it was necessary to hold an evidentiary hearing on the alleged conflicts of the Ballard Spahr team after the conclusion of the remaining proceedings. Dougherty specifically asserted that the firm’s lawyers were also beholden to client Comcast and an another attorney benefitted from the alleged embezzlement.”
• “‘The concerns raised by Mr. Dougherty are indeed serious,’ Schmehl said in the opinion. ‘If true, his allegations—that the importance of Comcast as a client to Ballard Spahr compromised the latter’s defense strategy, and that a Ballard Spahr attorney was implicated in the embezzlement scheme—suggest that the ‘personal interests of counsel’ … were ‘inconsistent, diverse or otherwise discordant’ with those of his client.””
• “Dougherty was first indicted in 2019 along with seven others on a total of 116 counts involving public corruption, including bribery and a conspiracy to steal from Dougherty’s former union, the Local 98 of the International Brotherhood of Electrical Workers. At a trial that concluded in November, Dougherty was convicted on eight counts and acquitted on three. Former City Councilmember Bobby Henon, who is due to report to prison Monday, was convicted on 10 counts and acquitted on three.”
• “According to the opinion, Dougherty and his current defense team have alleged that Ballard Spahr ‘stood on both sides of this prosecution [for public corruption] by representing both [Dougherty] and certain victims of his alleged crimes,’ namely Comcast and Local 98.”
• “The four Ballard Spahr attorneys who represented Dougherty in his first trial, David Axelrod, Emilia McKee Vassallo, Henry Hockeimer Jr. and Terence Grugan, requested to withdraw from the case in August 2022, when they claimed they held ‘significantly diverging opinions’ from Dougherty regarding defense strategy for his embezzlement trial.”
• “Hockeimer and Ballard Spahr media representative Robin Ireland both declined to comment on the matter. The firm’s ties to Comcast have been established for decades; former Ballard Spahr chairman David Cohen served as the company’s chief lobbyist from 2002 through 2019.”

Legal ethics and malpractice expert Chuck Lundberg writes :”Quandaries & Quagmires: Ethical emergencies when a lawyer makes a mistake“ —

• “Every law firm should have a designated ethics partner or firm counsel, a lawyer who advises the firm and its lawyers when ethics and risk management matters arise. For many reasons, the firm counsel role has become an essential part of managing a law firm.”
• “For ethical emergencies… firm counsel is the firm’s First Responder — someone designated to respond to an emergency.”
• “Everyone makes mistakes. A law firm is composed of people; to err is human. Mistakes will happen. Sometimes the mistake has grave consequences. For lawyers and law firms, mistakes can result in claims of malpractice or ethics violations. When mistakes happen, the key for firm counsel is not to compound the error.”
• “It is well-settled that lawyers have both legal and ethical duties to disclose to current clients material errors or mistakes during the representation. A failure to do so can give rise to liability for malpractice or breach of fiduciary duty; it also can have disciplinary consequences.”
• “As Hinderks notes, a potential claim between client and lawyer inserts itself as a wedge in the delicate fiduciary relationship of trust and confidence. Indeed, that kind of ‘diverging interests between attorney and client’ is the hallmark of a material limitation conflict of interest, which requires withdrawal of the lawyer and law firm from the underlying representation, in the absence of an informed and effective waiver.”
• “Malpractice policies typically require timely reporting of claims and known circumstances that might ripen into a claim. The firm’s decision whether and when to report… to the carrier may affect coverages, limits applicable to particular policy periods, and deductibles and self-insured amounts. Indeed, by the time a lawyer starts thinking about disclosing a potential malpractice problem to the client, there is already a legal duty to report it to the malpractice carrier.”
• “A firm facing a potential malpractice situation should report the claim to the malpractice carrier immediately and request counsel concerning whether, when, and how to disclose the matter to the client. Malpractice carriers will also consider bringing in outside ethics or malpractice experts to assist in fulfilling the attorney’s legal and ethical duties to advise the client in a way that will preserve any defenses to a potential claim.”

Cozen O’Connor counsel Deborah Winokur discusses the American Bar Association’s Model Rules of Professional Conduct; industry clients’ roles in diversity, equity, and inclusion initiatives; and seconding lawyers: “Don’t Let Client Demands Erode Law Firm Autonomy” —

• “When clients make demands that directly target the hiring practices and criteria used, a law firm’s culture can be shaken. As a self-regulating profession, the practice of law is unique in that lawyers have duties to clients and third parties under the American Bar Association’s Model Rules of Professional Conduct.”
• “Industry clients have had a significant role in moving the needle on diversity in large law firm settings. Compared to other industries, law firms lag on diversity measures related to women, racial and ethnic minorities, and other groups.”
• “Over the past 10 years, major corporations have been a driving force behind diversity initiatives implemented by their outside law firms. Some of these initiatives can be potentially invasive and risk jeopardizing attorney privacy.”
• “If a client’s policy requires that the firm provide detailed demographic information about all billing attorneys, including race, ethnicity, sexual orientation, gender identity, participation in the military, disability status, etc., the firm’s human resources department must confirm with the attorneys that they are agreeable to the sharing of this personal information.”
• “In addition, in order to protect their lawyers, law firms should perform due diligence about how this private personnel information will be used and stored.”
• “Certainly, in order to provide diversity of thought and experience, firms must have clear policies that meaningfully involve and remunerate lawyers who are assigned to matters as part of a DEI policy. In addition, as part of their duties to clients, law firms should be sensitive to their staffing needs in light of a client’s DEI policies.”
• “Another area where client demands relating to, and potentially infringing upon, a law firm’s autonomy is in the area of attorney secondment.”
• “When faced with a client’s demand to hand over a developing associate, the firm needs to consider a number of factors, both ethical and holistic, in terms of an attorney’s development.”
• “Furthermore, the seconded attorney must be particularly mindful of the duties of competence and confidentiality.”
• “In addition, the seconded attorney and the other attorneys at the firm must both be aware of the broad duties of confidentiality. It is possible that the seconded attorney may work on matters adverse to other clients of the firm. For example, the company may be performing in-house research about suing a different client of the law firm.”
• “The seconded attorney may not share that information with the firm, and may need to be screened from participation in the matters relating to that firm client upon return to the firm.”

“To Share or Not to Share: Avoiding Privilege Waiver When Working with PR Consultants” —

• “In today’s environment, clients are increasingly interested in retaining public relations (PR) firms, crisis managers or media consultants—especially when a potential scandal is about to break or an investigation is underway or on the horizon.”
• “Indeed, sometimes those responsible for internal or external PR are the first to get wind of a brewing crisis. The fast-paced news cycle and social media pressure often create a need for ‘instant’ responses, and shareholders, boards of directors and news outlets expect an immediate reaction to the possibility of a negative story.”
• “So, what is a practitioner to do in the face of this fluid state of the law? Although there is no one-size-fits-all approach, here are a few tips to mitigate the risk of waiver when engaging with a PR consultant:
  • “Ideally, outside counsel, rather than the client, should retain the PR consultant. And the engagement letter with the consultant should specify the purpose of the engagement and explain why that consultant’s services are necessary to enable counsel to provide legal advice to the client. Courts tend to disfavor a simple ‘to assist with media coverage’ or ‘to help rehabilitate [client’s] reputation.'”
  • “Exercise caution when considering the retention of a consultant who has previously worked with the client in a business capacity. Although such engagements have received more attention in the context of work product challenges, courts may scrutinize whether the new work is really just an extension of prior activity to which the privilege does not extend. See, e.g., In re Premera Blue Cross Customer Data Sec. Breach Litig., 296 F. Supp. 3d 1230 (D. Or. 2017).”
  • “Even with an engagement whose scope would satisfy the most rigorous application of Kovel, not all actions by or communications with the PR consultant will be in aid of legal advice. To that end, the lawyers, consultants and client should clearly mark as ‘confidential’ and ‘attorney-client privileged’ all communications that convey or facilitate legal advice. But merely affixing such a label to a communication with a consultant does not make it so. Counsel and clients should avoid reflexively copying the PR consultant on privileged communications without thinking through the potential privilege waiver consequences.”
  • “A PR firm retained by counsel should understand the importance of protecting privileged information and the risks of waiver, and should be instructed not to share protected information with anyone outside the scope of the privilege.”

Professor Alberto Bernabe opines: “Do Attorneys Need to Implement Email Encryption?” —

• “Most states have adopted the view that the duty of competence includes a duty to keep up with modern technology. Also, most states have adopted the view that the duty of confidentiality includes a duty to take reasonable measures to protect confidential information from unauthorized or negligent disclosure (which can happen if a lawyer is not familiar with certain aspects of modern technology).”
• “So, given those two facts, do lawyers need to implement e-mail encryption? I have not seen any specific decision or opinion that answers that question with an unequivocal “yes” but I have seen articles suggesting that it would be the logical answer.”
• And here is the latest, published in Law Technology Today.

“Lawyers and AI: How Lawyers’ Use of Artificial Intelligence Could Implicate the Rules of Professional Conduct” —

• “From chatbots to image generators, news outlets have been inundated with stories discussing the implications of artificial intelligence or ‘AI’ programs.”
• “Rather than relying on an AI program for a final product, it may be best to limit use to first drafts or a potential framework.[7] Even as these technologies improve, a lawyer ‘must review and be responsible for the work product of’ an AI program just as a lawyer must do for the work of any nonlawyer staff.[8]”
• “Rule 4-3.3 prohibits a lawyer from knowingly ‘making a false statement of fact or law to a tribunal or fail[ing] to correct a false statement of material fact or law previously made to the tribunal[.]’ Similarly, when representing a client, ‘a lawyer shall not knowingly… make a false statement of material fact or law to a third person[.]'[9]”
• “AI programs do not always cite to their sources, and some AI programs have been caught making ‘’surprising mistakes’ with basic math'[10] or even creating facts (or polling data) that doesn’t exist.[11]”
• “Lawyers are prohibited from voluntarily disclosing any information relating to the representation of a client absent the client’s informed consent or an applicable exception in the confidentiality rule.[14] While a lawyer is ‘impliedly authorized to make disclosures about a client when appropriate in carrying out the representation,’ that authorization is still subject to the ‘client’s instructions or special circumstances [which] limit that authority.'[15]”
• “Consistent with these obligations, The Florida Bar’s Professional Ethics Committee advised that a lawyer may utilize cloud computing services provided that the lawyer ‘take[s] reasonable precautions to ensure that confidentiality of client information is maintained, that the service provider maintains adequate security, and that the lawyer has adequate access to the information stored remotely.'[16] The lawyer must also research the cloud computing service prior to use[17] and assure that files stored electronically are ‘readily reproducible and protected from inadvertent modification, degradation or destruction.'[18]”
• “Given that many AI programs frequently rely on user input and proprietary methods to generate responses, it may be difficult or impossible to determine whether client information is kept confidential when shared with an AI program. Further, it is unclear whether sharing information with an AI program would be discoverable and would waive claims of attorney-client privilege. Absent answers to these questions, lawyers should exercise extreme caution when sharing client information with AI programs and should carefully explain the implications of these disclosures when seeking a client’s informed consent.”
• “Many questions regarding a lawyer’s use of A.I. programs are currently unanswered and may remain unanswered for the indefinite future. For this reason, lawyers are advised to maintain a healthy dose of skepticism regarding AI programs and to proceed with caution. While these programs may someday revolutionize the practice of law, a lawyer’s ethical obligations have not changed. Duties of candor, competence, and confidentiality have remained steadfast in the face of prior technological innovations and should be expected to guide the practice of law indefinitely into the future.”

“Kyle Roche Hidden Video May Be Deepfaked, Expert Says” —

• “Freedman Normand Friedland LLP told a California federal judge overseeing allegations Dfinity sold unregistered securities that the crypto company cannot rely on secretly recorded comments from ex-firm partner Kyle Roche to bolster its attempt to disqualify the plaintiffs’ firm, saying Wednesday an expert report shows the video clips might be deepfaked.”
• “Dfinity in October asked U.S. District Judge James Donato to disqualify Freedman Normand from representing a proposed class of investors, saying Roche boasted in video clips posted online in August that the firm uses litigation to advance the commercial interests of Dfinity’s rival Ava Labs, including to get confidential information about competitors through discovery.”
• “The video on the website CryptoLeaks purportedly shows Roche claiming that his firm — Roche Freedman, at the time — was acting on behalf of Ava Labs in filing the class action against Dfinity, the company said at a hearing last month. The attorney has denied forming a ‘secret pact’ with Ava Labs to sue competitors.”
• “Freedman Normand hit back in its opposition, arguing that the video clips were secretly recorded during a dinner meeting set up under false pretenses and published on a website controlled by Dfinity. Now, Freedman Normand said it has an expert report explaining ‘that many of the videos on which defendants rely are the product of manipulation, are inauthentic, and contain indicators consistent with the use of deepfake technology.'”
• “According to the report prepared by David Kalat, a director at Berkeley Research Group LLC with a film degree and experience in forensic computer examinations, the video segments that appear to show Roche talking about the instant case show signs of ‘repeated compression, tampering, and extensive manipulation.'”
• “The term ‘deepfake’ refers to technology that uses machine learning or artificial intelligence to create realistic looking but fake images, videos and audio, according to the report. Users of such software can edit the transcript of the video to delete words, rearrange existing words or add new words, Kalat said, while the AI makes the subject of the video appear to say the new transcript.”

“Disciplinary Commission issues advisory opinion on navigating conflicts of interests for government workers” —

• “The Indiana Supreme Court Disciplinary Commission issued a nonbinding advisory opinion Thursday discussing when a lawyer who is a current or former government worker should decline to accept a legal matter due to a conflict of interest. The advisory opinion is focused on Rules of Professional Conduct 1.9, 1.10 and 1.11.”
• “In short, the commission said a lawyer should not participate in a legal matter if the lawyer was ‘personally and substantially’ involved in the matter as part of their government role; if the lawyer learned “damaging confidential information” about a person involved in the matter; and if the representation would involve revealing information that all attorneys are prohibited from disclosing under rules regarding duties to former clients.”
• “The commission noted in its advisory opinion that the duty of loyalty in an attorney-client relationship requires the protection of information related to the representation. ‘However,’ the commission wrote, ‘because the conduct of government employees implicates public interest in a way that private practice usually does not, there are nuances to the conflict analysis.'”
• “For lawyers who are former government employees and are deciding whether a conflict exists, the commission said they should first examine whether the matters at issue are the same.”
• “The lawyer should next examine whether they learned confidential information about a person through their role as a government employee that could be used to damage the person in the new matter.”
• “If the answers to those questions are ‘no,’ the commission said the lawyer “likely is free” to represent the client, assuming other factors under the customary Rule 1.9 analysis don’t apply.”
• “The commission also recommended a screening process for partners at law firms who want to avoid ‘having imputed to them’ the conflicts of a colleague who is a former government employee.”

“Colorado Supreme Court approves licensing of paraprofessionals to perform limited legal services” —

• “The rules become effective on July 1, 2023. The new rules will permit the licensed paraprofessionals to complete and file standard pleadings, represent clients in mediation, accompany clients to court proceedings, and respond to a court’s factual questions. The rules will prohibit paraprofessionals from presenting oral arguments and examining witnesses in a hearing.”
• “According to the press release, the goal of the new rules is to make legal representation more widely available and more affordable in certain domestic relations matter.”
• “To obtain a license, the paraprofessional will be required to pass a written licensed legal paraprofessionals exam, submit to a character and fitness review, pass an ethics class, and pass a professional conduct exam. They will also have to complete 1,500 hours of law-related practical experience, including 500 hours of experience in Colorado family law. The rules provide for a disciplinary process which is similar to the process for Colorado lawyers.”
• “Bottom line: Colorado joins Arizona, Minnesota, Oregon, and Utah in authorizing paraprofessionals to provide limited legal services.”

“This ‘No extensions’ Policy Won’t Last Long” —

• “…the announcement (though it was more a leak of an internal email memo) that Morgan and Morgan will not be letting its lawyers grant any extensions or courtesies to insurance defense lawyers as a reaction to the latest tort reform initiative down in Florida. Here if you haven’t seen it is the screenshot of the internal email that Above the Law first publicized.”
• “The reaction within the defense bar, at least online in places like Twitter, was pretty heated. In addition to folks decrying this as contrary to tenets of civility and professionalism, some folks started tossing around assertions that this kind of policy was inherently unethical.”
• “I think this is not a smart policy. If it isn’t dropped before it starts, it will make many, many judges upset when they have to adjudicate motions for routine extensions. It also might lead to an influx of new clients for a while who think they want this kind of hard-nosed lawyering, but it will likely come back to bite a few clients when they find themselves in need of additional time and salty defense lawyers end up declining to grant a courtesy if only on a ‘tit for tat’ basis.”
• “Also, in any jurisdiction where some sort of ‘guidelines’ involving civility or professionalism or courtesy are adopted by reference as part of ethical rules for a particular court, then the ethical analysis is entirely different from what I offer below.”
• “When you talk about the role of lawyers in agreeing to things that delay litigation, most of the ethics rules are drafted with an eye towards trying to address whether lawyers have any latitude to be courteous and agree to extensions over any objections of their own clients. Not surprisingly, none of those rules are violated when a lawyer refuses to agree to proposed delays.”
• “Model Rule 3.2 for example actually makes it the ethical duty of lawyers to ‘make reasonable efforts to expedite litigation.’ Model Rule 1.3 requires lawyers to ‘act with reasonable diligence and promptness in representing a client.'”
• “That leaves us with Model Rule 4.4(a). This rule ‘might’ be the one that an opposing party or counsel could seize upon for arguing that implementation of this policy would be unethical. That rule prohibits a lawyer from using ‘means that have no substantial purpose other than to embarrass, delay, or burden a third person.'”

“‘No extensions’ – Part 2” —

• “Unlike opposing counsel, a lawyer within the firm attempting to live under this policy will at all times have to live with two ethics rules that can create real problems. The first is one that is rarely talked about: Model Rule 2.1. The first sentence of that rule reads: ‘In representing a client, a lawyer shall exercise independent professional judgment and render candid advice.'”
• “The duty to exercise independent professional judgment means that every time a situation comes up in which the lawyer is being asked by the other side for the extension of a deadline that the lawyer is supposed to use their own independent professional judgment, in consultation with the client, about what should be done.”
• “Slavishly applying the firm policy as the basis for action would always run the risk of technically violating Model Rule 2.1, but firms have lots of less publicized and less controversial policies that also arguably encroach on the independent professional judgment of lawyer employees.”
• “Now, of course, almost all of the above is largely academic because (a) one would hope the first time this comes up in reality that the firm will reexamine the situation and refine its stance to let their lawyers practice law as appropriate to each situation; and (b) even if they do not, lawyers who are not fans of the policy will more likely find other pastures rather than ever go down a path of filing a grievance against the powers-that-be in their own firm.”
• “Ironically, I think that the powers-that-be at M&M would be able to understand immediately that an insurance company could not demand through counsel guidelines that the lawyers it hires must refuse all extensions to opposing counsel because Model Rule 1.8 and 5.4 make certain that a lawyer can only accept payment of fees from someone other than their client if that third-party does not interfere with the lawyer’s independent professional judgment.”