Bressler Risk Blog

Continued bubbles surfacing on this one, starting with: “Coke’s Quest to Disqualify Paul Hastings Faces Big Hurdles” —

• “Legal experts say they can understand why Coca-Cola would be unhappy with Paul Hastings’ representation of a company suing the beverage giant for $100 million, but they call the company’s efforts to disqualify the law firm an uphill battle.”
• “Atlanta-based Coke asserts in its April 12 motion that Los Angeles-based Paul ‘abandoned its ethical obligations’ when it took on the case, even though Coke was a long-standing client.”
• “But Paul Hastings characterizes the motion as baseless, given that Coke in April 2021 signed an engagement letter with the law firm on a human rights matter, giving it wide latitude to work with any client it wishes, so long as the subject is ‘not substantially related to a matter in which we have represented you.'”
• “Attorneys not involved in the dispute say courts normally uphold such advance waivers, unless the party granting the waiver lacks the sophistication to understand its consequences.”
• “‘It is in my view quite unfair for one of the largest, oldest, most successful and most sophisticated corporate entities in the world to induce a law firm’s reliance by agreeing to a waiver and a short time later say, ‘No, not so much, we really didn’t have enough information to inform our consent,’’ said Michael McCabe Jr., managing partner of McCabe & Ali in Washington, D.C.”
• “‘Give me a break. If Coke can’t be held to an advance waiver, why would anyone honor an advance waiver?'[McCabe added]”
• “After reviewing the language in Paul Hastings’ advance waiver with Coke for Law.com, University of Minnesota law professor Richard Painter said: ‘Is it a clear waiver? It appears to be.'”
• “For its part, Coke argues that the advance waiver was ‘buried in a boilerplate attachment’ to the engagement letter and was so general as to be unenforceable. It noted that the waiver did not even include an expiration date.”
• “Coke said courts have found that such ‘open-ended advance waivers, like the one at issue here, do not provide ‘informed’ consent because they do not provide the signer with adequate information to evaluate the conflict… Paul Hastings knew that Coca-Cola did not intend for every potential future conflict to be waived in perpetuity.'”
• “Furthermore, Coke says its guidelines for outside counsel explicitly state that the company does not grant advance conflict waivers. It says those guidelines require full prior disclosure and written approval of potential conflicts.”
• “But Paul Hastings counters that such guidelines are subordinate to the letter of engagement containing the waver, which was signed by Derek Gilliam, who at the time was a Coke senior counsel and now is chief of staff for the Office of General Counsel.”
• “One case similar to Coke’s involved Texas-based Galderma Laboratories, which in 2012 filed a motion to disqualify one of its outside law firms, Vinson & Elkins. The law firm had been representing the company on employment matters but also represented a company that Galderma sued over an intellectual property dispute.”
• “Galderma had asked V&E to withdraw, but it refused, citing a conflicts waiver that was part of the engagement letter Galderma had signed. Texas federal Judge Ed Kinkeade rejected the disqualification request, calling the waiver language unambiguous. ‘Galderma is a sophisticated client who has experience engaging multiple large law firms and has twice signed similar waiver provisions with at least one other law firm it has hired,’ the ruling said.”

For those curious to read the specific language of the engagement letter, see page 37 of Coke’s: “Motion to Disqualify“. Here’s a snapshot of that:

And for other interesting perspective, see this from Rob Chesnut (former GC at Airbnb, former Justice Department prosecutor): “Paul Hastings Burns Coca-Cola, Reputation in Conflict Fight” —

• “No matter how the dispute shakes out, advance conflict-of-interest waivers are bad business. According to some courts, they’re also unenforceable.”
• “The Paul Hastings-Coke saga isn’t terribly surprising. It highlights an inherent conflict between law firms and their clients. Firms want to cast their nets as widely as possible to bring in work. Clients, of course, want lawyers that are loyal to them above all.”
• “Law firms, which have grown exponentially over the last three decades, face continued pressure to bring in new clients. Lawyers have jumped from one firm to the next more frequently over the same time, raising complicated questions about potential conflicts.”
• “During my time leading legal departments at companies like Airbnb and eBay, my relationships with outside counsel boiled down to a few questions: Do we approach legal problems the same way? Is the lawyer smart, well-versed in the relevant area of the law, practical, solutions-oriented, highly responsive and invested in the success of my company?”
• “If the answer to those questions is “yes,” we were likely to have long relationship. Even if the lawyer’s firm ticks up billing rates over the years. A total of seven outside lawyers—four men and three women—met this criteria for me. I trusted them completely to deliver what I wanted. If they moved law firms, I moved law firms. If I changed jobs, I retained them to advise my new company.”
• “By the same token, my outside counsel wouldn’t want to do anything to hurt my company. They would never, for example, send me an annual letter with an advance conflict-of-interest waiver buried in small print.”
• “Instead, I’d expect us to have a mature conversation about the issue up front. It usually would go something like this:
  • Outside counsel: Hey Rob, if we ever get approached for representation in a situation that might present a conflict of interest with your company, I’ll call you and we’ll discuss it. I know that you’ll be fair, and if there’s not a real conflict, you’ll waive it so that you can support my firm’s success. If the conflict is real, there won’t be much of a conversation…I’ll ensure that our firm turns down the work.
  • Me: Done.“

“My advice to firms is to rip these waivers out of your terms of service, now. Don’t show up on the other side of a lawsuit, suing my company, without so much as an advance phone call and a discussion.”
“Paul Hastings might manage to get a court to enforce the waiver in this case. But, by allegedly failing to have the conversation with Coke—and later threatening to walk away from the company if it doesn’t agree to waive the conflict—the firm hurt its own brand.”

“Paul Hastings Slams Coke Bid to Boot Firm From SuperCooler Suit” —

• “Coca-Cola Inc. is seeking a ‘tactical advantage’ by asking a federal judge to have Paul Hastings removed from a lawsuit against the beverage giant, the Big Law firm said in a case highlighting its fallout with a one-time client.”
• “Paul Hastings lawyers should not be barred from representing a company suing Coke for more than $100 million, the law firm said Wedenesday in a filing in federal court in Orlando, Florida. Coke, which Paul Hastings represents in a human rights matter, has accused the firm of trying to ‘fire’ it as a client by working for SuperCooler Technologies Inc. in an unrelated lawsuit against the soda-maker.”
• “The dispute tests the limits of ‘advance conflict waivers,’ in which firms ask clients to agree ahead of time to allow their lawyers to represent others in situations that could otherwise pose an ethical problem.”
• “Paul Hastings called Coke’s attempt to remove the firm from the SuperCooler case a ‘technique of harassment’ designed to help the company fight off the lawsuit. Coke agreed Paul Hastings could represent other clients in future litigation against the company when it signed an engagement letter in 2021 that included a ‘waiver of prospective conflicts,’ according to the firm.”
• “SuperCooler alleges Coke misused its trade secrets and broke promises to use its technology that rapidly chills beverages, according to court filings.”
• “A group of lawyers from Cahill Gordon & Reindel representing SuperCooler jumped to Paul Hastings over the last two months, bringing the case with them. Coke said at least one of those lawyers, Bradley Bondi, did not alert the company he was joining Paul Hastings to work on the lawsuit even after Coke raised concerns about the firm taking a case against it.”
• “The conflict waiver Coke signed was ‘fully informed’ and signed by a ‘sophisticated consumer of legal services,’ the firm said.”

“Advance Conflict Waivers: Use Them or Lose Them?” —

• “Many lawyers use advance or future conflicts waivers to streamline the conflict waiver process for future matters involving current clients, including those who may subsequently become former clients. An effective advance conflict waiver will permit lawyers to take on matters adverse to a client without the need for a subse- quent waiver from that client.”
• “This article offers two suggestions for the possible use of advance waivers. First, advance waivers may permit lawyers to seek more streamlined consents to conflicts that come up repeatedly with the same client or clients.”
• “Second, recent case law suggests that con- flicts waivers may be an effective tool for maintaining representation of one client when adversity arises during a joint representation. Courts appear to be more likely to enforce advance waivers in the context of jointly represented clients because the lawyer is at least arguably able to be more specific as to both 1) the clients whose interests may become adverse in the future, and 2) the types of matters covered by the waiver.”
• “Although not the focus of this article, two other points bear noting. First, a lawyer seeking a conflict waiver, whether for a current conflict or a future one, would be well-advised to discuss the waiver with the client before signing. Such discussions are especially important in the context of an advance waiver. Second, all waivers should, at a minimum, discuss loyalty/zealousness and confidentiality/privilege, as noted in greater detail below.”

“As Holland & Knight Grows, Another Partner Leaves Because of Conflicts” —

• “With two recent major mergers in the books, Holland & Knight is losing another partner to a dispute resolution firm in South Florida, the latest in a string of conflict-related departures.”
• “Rodolfo ‘Rudy’ Sorondo Jr., a longtime partner and former state court judge, is leaving the Am Law 100 firm after more than 20 years. He’ll join newly launched alternative dispute resolution firm Private Resolutions, founded by another local ex-judge, Alan Fine, after he left the bench earlier this year.”
• “Sorondo is referring to being conflicted out of certain arbitration cases at Holland & Knight because of the firm’s size.”
• “‘The conflict database [at Holland & Knight] is enormous. And consequently, there are many arbitrations and special master assignments that I simply cannot take,’ he said. ‘In those instances, you are an adjudicative officer and people don’t feel comfortable if there is a conflict.'”
• “And although mediations typically avoid conflict issues because a mediator has less power than an arbitrator, Sorondo said the conflicts also bled into mediation at times.”

“Cadwalader Partner Steps Down to Represent Trump in Manhattan DA’s Criminal Case” —

• “Todd Blanche, a partner at Cadwalader, Wickersham & Taft, has resigned from the law firm to join the defense team representing former U.S. President Donald Trump in a criminal case brought by the Manhattan District Attorney’s office. According to reports by Politico and Law.com, Blanche will eventually lead Trump’s representation. A spokesperson for Cadwalader confirmed Blanche’s departure but declined to comment further.”
• “In an email obtained by Politico, Blanche stated that he resigned from Cadwalader because he had been asked to represent Trump in the recently charged Manhattan District Attorney’s case. He further explained that after careful thought and consideration, he believed it was the best opportunity for him and an opportunity he should not pass up. Blanche’s LinkedIn profile indicates that he was a partner at Cadwalader from September 2017 to April 2023 and is now listed as the founding partner of Blanche Law.”
• “Blanche will join a defense team that includes lawyers Joe Tacopina and Susan Necheles. In a statement to Law.com, an anonymous source described Blanche’s departure from Cadwalader as a ‘happy uncoupling.'”

“Pitfalls for Corporate Counsel in Business Divorce Disputes” —

• “No corporate lawyer wants to get drawn into a nasty litigation between an entity’s owners. But the reality is that corporate and general counsel often find themselves unwittingly ensnared in business divorce cases. Sometimes a corporate transaction is the genesis of litigation, and corporate counsel’s role or advice may be exceedingly important.”
• “Other times, corporate counsel may have served in a joint, dual, or uncertain capacity, providing advice to the entity and its owners simultaneously. This can create particular problems when formerly aligned interests diverge.”
• “In this week’s business divorce, we’ll consider three doctrinal pitfalls for corporate and general counsel in business divorce litigation: the fiduciary exception to the attorney client privilege, the joint representation exception to the attorney-client privilege, and a virtual per se rule of disqualification for litigation counsel who previously served as corporate counsel for a closely-held entity whose owners become adverse.”
• “A final rule of law that crops up repeatedly in business divorce cases: ‘One who has served as attorney for a corporation may not represent an individual shareholder in a case in which his interests are adverse to other shareholders’ (Matter of Greenberg, 206 AD2d 963 [4th Dept 1994]).”
• “Under this principle of law, an attorney may not serve as corporate or general counsel for an entity, or its owners jointly, then morph roles to become litigation counsel for one owner adverse to the other.”
• “The bottom line of all of these concepts is that corporate and general counsel should be exceedingly careful when taking on taking on new representation to spell out in their engagement letters exactly who are the clients, who are not the clients, and the precise scope of the representation.”
• “Recently, my firm and I successfully relied upon the Deerin line of case law for disqualification of opposing counsel in a pair of cases involving a 50% / 50% father-son shareholder dispute in the Suffolk County Commercial Division.”
• “According to our client (the father), opposing counsel previously served as both trust and estate counsel for the father and as corporate counsel for the entity and its shareholders, including drafting the shareholders’ agreement on behalf of both shareholders. Opposing counsel then switched roles, becoming litigation counsel for the son suing the father for attempted rescission and damages relating to a stock purchase agreement both sides allege the other breached. You can read the resulting disqualification decisions here and here.”

“Purdue Pharma Law Firm Builds ‘Ethical Wall’ to Shield Ex-Judge” —

• “Skadden, after hiring the judge who approved a $6 billion opioid settlement for its client Purdue Pharma LP, will bar him from matters involving the OxyContin maker and block him from company fees.”
• “There’s an ‘ethical wall’ between Purdue and retired Judge Robert Drain, Skadden, Arps, Slate, Meagher & Flom said in a filing last week at the Southern District of New York Bankruptcy Court. Skadden made the filing a day after it said Drain will join its corporate restructuring group in New York as of counsel.”
• “Drain in March 2022, three months before he retired, approved an opioid settlement conditioned on Purdue Pharma prevailing in an ongoing appeal of its bankruptcy plan. The plan was controversial because it gave broad protections to Purdue owners—members of the Sackler family—from future opioid suits.”
• “Under the New York rules of professional conduct, Drain is barred from working on any matter that he heard as a jurist. The rule also notes that judges cannot negotiate for employment at a firm arguing before him, indicating that talks between Drain and Skadden would have had to commence following his retirement.”
• “While Drain’s move to a firm involved in the Purdue case violates no ethics rules, it shows how narrow the ethics restrictions are, said Kathleen Clark, a professor at Washington University School of Law in St. Louis.”
• “‘It’s not a great look, even though the rules allow it,’ Clark said. ‘Of all the law firms, Drain goes and works for one of the firms in one of the most controversial recent cases he’s been involved in.'”
• “Drain’s example is unique from other judges that have joined law firms because Skadden came under scrutiny itself during the case, Lipson said. Skadden and two other law firms in 2021 agreed to give up $1 million in legal fees to resolve claims from the US Trustee that they failed to properly disclose an information-sharing agreement between Purdue, the Sacklers, and their respective lawyers.”
• “Skadden said in a statement that the firm ‘complied with all applicable rules that enable retired judges to work at law firms.'”

“Clarence Thomas didn’t recuse himself from a 2004 appeal tied to Harlan Crow’s family business, per Bloomberg” —

• “Justice Clarence Thomas didn’t recuse himself from a 2004 appeals case, even though the company being sued was part of the real estate empire run by Harlan Crow, the GOP mega-donor who has showered Thomas with lavish trips starting in 1997 and more recently bought Thomas’ childhood home, according to Bloomberg.”
• “Thomas previously told Bloomberg that it was OK for him to accept gifts from Harlan Crow because the GOP mega-donor did not have ‘business before the court.'”
• “But the 2004 appeal ties the Crow family name to a case that did come before the Supreme Court: In January 2005, the court denied the appeal petition, a $25 million copyright claim brought by an architecture firm against Trammell Crow Residential Co., a development company that’s part of the real estate empire built by Crow’s father. The Supreme Court’s decision ultimately benefitted Trammell Crow Residential.”
• “Thomas is facing heavy scrutiny following a series of ProPublica reports earlier this month that said he sold his childhood home to Crow and didn’t disclose the sale, and that he’s been accepting pricey vacations from Crow — without disclosing them — for over 20 years.”
• “It’s not known whether Thomas would have made the connection between Trammell Crow Residential and Harlan Crow, who, at the time, had already begun to give Thomas gifts and trips, according to a 2004 Los Angeles Times report.”
• “But Thomas should have been ‘hypervigilant to the prospect of a Crow interest showing up on the Court’s docket,’ given their friendship, Stephen Gillers, a judicial ethics expert at New York University School of Law, told Bloomberg.”

“Head of a Major Law Firm Bought Real Estate From Gorsuch” —

• “Legal experts said that the justice’s disclosure of the sale, which came right after the justice’s appointment, did not violate the law but underscored the need for ethics reforms.”
• “One month after Neil M. Gorsuch was appointed to the Supreme Court in April 2017, he and two partners finally sold a vacation property they had been trying to offload for nearly two years. But when he reported the sale the next year, he left blank a field asking the identity of the buyer.”
• “County real estate records in Colorado show that Brian L. Duffy, the chief executive of Greenberg Traurig, a sprawling law firm that frequently has business before the court, and his wife, Kari Duffy, bought the property.”
• “The buyer’s identity — and Justice Gorsuch’s decision not to disclose it — was reported earlier on Tuesday by Politico. The revelation comes as scrutiny on Supreme Court ethics and financial entanglements has intensified, prompting Democratic lawmakers to call for tightening the rules for justices.”
• “Justice Gorsuch did not break the law by omitting the buyer’s identity, said Stephen Gillers, a New York University professor and specialist in legal ethics. Under a 1978 statute governing financial disclosures, federal judges are not required to disclose who bought property from them.”
• “Gabe Roth, the executive director of Fix the Court, a nonpartisan group that presses for greater transparency and accountability by the justices, agreed that the omission did not violate the law. But he argued that Congress should pass legislation expanding what justices must disclose, including losses from any sales, the nature of partnerships that hold real estate and who buyers are.”
• “Mr. Duffy, who lives in Colorado, did not respond to an email from The New York Times. But he told Politico that he bought the property because he is a fly fisherman and that he has never argued before Justice Gorsuch or met him socially. He also said he did not know that the jurist had a stake in the property when he made his first offer.”

“Consultation Opens for AML/CTF Regulation of Real Estate Agents, Lawyers, Accountants and other Professions” —

• “The Commonwealth Attorney-General’s Department has opened a consultation process for the Tranche 2 reforms, expanding those industries and organisations regulated under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Act).”
• “Organisations captured under the reforms will need to assess the legal and regulatory impact on their current operations and should engage in the consultation with Government. Proactive engagement with the consultation will be critical for organisations in shaping the implementation of Tranche 2 and the timing of when compliance obligations will commence.”
• “These proposed reforms are particularly important as Australia remains one of the few countries in the Financial Action Task Force (FATF) Global Network (out of nearly 200 members) that has not regulated, or committed to regulating these sectors within its AML/CTF regime.”
• “With no draft legislation currently provided, it is has been reported in the consultation that there will be a further round of consultation prior to the introduction of any reforms to Parliament. This provides an opportunity to engage with Government on the legislation, including a staged implementation of the reforms and a longer ‘assisted compliance’ period, which would enable sufficient time for newly reporting entities to meet their compliance obligations.”

“Some Third-Party Litigation Funders Pose a Threat to US Security” —

• “Third-party litigation funding and, more broadly, litigation investment entities, have become prominent fixtures in the US legal landscape. These funders—including hedge funds, private equity funds, and even sovereign wealth funds—either pay for plaintiffs’ litigation costs with an agreement that they will receive a large portion of any eventual payment, or own shell companies that exist only to profit through litigation.”
• “Recent estimates put the US litigation funding market size at $13.5 billion with an additional $3.2 billion in new investments last year alone. Litigation investments disproportionately affect IP. Last year more than 20% of all new litigation financing capital commitments were directed toward patent litigation, following nearly 30% the prior year.”
• “Even more troubling than the growth of an industry that monetizes IP litigation and the courts is that the vast majority of investments go undetected. A few courts have introduced funding transparency requirements, but by and large, investment entities are able to direct lawsuits from behind the curtain, without ever revealing themselves.”
• “More specifically, by controlling litigation from overseas, foreign entities could damage the reputation of and drain resources from US competitors, while getting access to sensitive information during legal proceedings. The ILR report highlights TPLF in patent litigation as indicative of the litigation investment model’s risks, in general.”
• “Lawmakers are only just beginning to prioritize addressing the threat that litigation investment entities pose. A group of state attorneys general raised concerns in a letter to the Department of Justice ‘that TPLF is being used to harm our States and threaten our country’s economic and national security,’ and ‘through strategic lending, foreign adversaries could threaten our economic and national security by weaponizing the U.S. judicial system.'”

“Do Kwon’s Multi-Million Dollar Transfer To Law Firm Before Terra’s Collapse” —

• “South Korean prosecutors have made a new revelation in the fraud case against Do Kwon, the co-founder, and CEO of Terraform Labs. According to a report by national broadcaster KBS, the blockchain company paid nearly $7 million to Kim & Chang, one of the country’s largest law firms, before the collapse of its digital currencies last year.”
• “The payments were made in several transactions from Terraform’s Singapore headquarters and have raised suspicions that the company may have cashed out digital coins, which could lead to embezzlement charges. Prosecutors are cooperating with law enforcement in Singapore to confirm the source of the funds.”
• “The report suggests that Kwon was aware of the impending collapse of Terraform’s digital currencies and may have made legal preparations to mitigate the risks. Investigators are now focusing on the payments made to the law firm, which could provide valuable insight into the company’s financial dealings before its downfall. If proven, these payments could be crucial evidence in the ongoing fraud case against Kwon.”
• “Do Kwon, the founder of Terraform Labs, is facing extradition requests from both the United States and South Korea following his arrest in Montenegro.”

“Legal powerhouse Proskauer exposed clients’ confidential M&A data” —

• “A security lapse saw Proskauer Rose, an international law firm headquartered in New York City, expose sensitive client data for more than six months, TechCrunch has learned.”
• “A person with knowledge of the incident told TechCrunch that data from Proskauer’s merger and acquisitions business was left on an unsecured Microsoft Azure cloud server.”
• “TechCrunch obtained a portion of the exposed dataset, which included approximately 184,000 files total, the person told us. These files were accessible from the web browser by anyone who knew where to look, and contained private and privileged financial and legal documents, contracts, non-disclosure agreements, financial deals and files relating to high-profile acquisitions.”
• “Details of the exposed cloud server were captured by GrayHatWarfare, a searchable database that indexes publicly visible cloud storage and files. The files are understood to have been left public for at least six months.”
• “Proskauer resolved the spill about two weeks ago, but has not yet notified its clients, whose website lists Major League Baseball and Morgan Stanley as clients.”
• “In an email to TechCrunch, Proskauer, which incorrectly referred to the data exposure as a “cyber attack” since there is no evidence of malice, would not say whether the law firm has any evidence of data exfiltration.”

“Proskauer Rose Data Breach Stemmed From Common Oversight Mistakes, Not Cloud Technology” —

• “In early April, international law firm Proskauer Rose came under fire for leaving sensitive client information exposed in unsecured cloud storage for nearly six months.”
• “The law firm shortly thereafter released a statement saying that an unnamed third-party vendor, who was hired to create an information portal into Proskauer’s Microsoft Azure cloud, “had not properly secured it,” leading to the data breach.”
• “Cybersecurity professionals who spoke to Legaltech News noted that third-party vendors often make such fatal mistakes. Still, they weren’t so keen on entirely letting law firms off the hook for responsibility in such situations, noting that they’re ultimately accountable for the security of their clients’ data and have a responsibility to oversee vendor work.”
• “In Proksauer’s case, though the details of what exactly happened weren’t public, the firm did note that the middle-man, the vendor in charge of creating the information portal which was left misconfigured, was responsible. But having clearly defined roles in these situations is unusual, Sangster noted.”
• “Therefore, while cloud storage is not infallible, it often isn’t the technology that leads to data breaches, but rather human beings who deal with the system that fail to take proper security measures. And ideally, all facets of the storage ecosystem should be communicating and working together to avoid, such a scenario.”
• “‘Because ultimately, we see the same mistakes whether the place the law firm is storing the data is on premises or in the cloud,’ Sangster said. And in this case, the responsibility to investigate what happened, ‘falls on Proskauer, because they’re the ones who have a relationship with the clients.'”

“Cadwalader Hit With Class Action Stemming From Data Breach” —

• “Law firm Cadwalader, Wickersham & Taft is at fault for exposing personal data in a November 2022 breach, according to a proposed class action filed Wednesday in Manhattan.”
• “The firm ‘failed to prevent the data breach because it did not adhere to commonly accepted security standards and failed to detect that its databases were subject to a security breach,’ the suit alleges.”
• “Ohio-based attorney Patrick Perotti filed the lawsuit in the Southern District of New York, claiming more than 93,000 people had identifying information compromised and are at risk of credit fraud or identity theft.”
• “The New York-founded firm fell victim to the cyberattack on Nov. 15 and 16 when an unauthorized third party gained remote access to the firm’s systems and acquired information from the Cadwalader’s network, the complaint said.”
• “The data breach prompted the firm to wipe firm-issued laptop hard drives and forced many of its internal systems offline, according to media reports.”

“November Cyberattack Hobbled Cadwalader for Weeks, Internal Emails Show” —

• “Weeks later, the firm’s internal document management system remained offline, according to internal emails from managing partner Pat Quinn obtained by The American Lawyer. An attorney with knowledge of the situation provided evidence that some documents were unrecoverable for an extended period of time and potentially lost for good, contradicting a firm spokesperson’s statement that Cadwalader had made a full recovery by the end of the year.”
• “The firm also declined to answer specific questions about the hack, including whether any client data had been accessed or encrypted by the hackers.”
• “Third-party cybersecurity experts said Cadwalader’s response appeared to be mostly in-line with industry best practices in the wake of a breach, although those practices include calculated risks that are unavoidable for law firms.”
• “Two weeks after the initial attack, the firm restored Citrix and most iManage functions in the U.S., although U.S. employees were only able to access their documents through the Citrix remote desktop. However, the attorney who spoke with The American Lawyer said the roundabout access method hamstrung lawyers’ ability to circulate documents, causing consternation among attorneys and clients. (A Cadwalader spokesperson disputed the attorney’s account.)”
• “The attorney also said they felt the firm wasn’t completely forthcoming with clients about the security of their documents. In a conference call and in subsequent emails, the firm asked attorneys to access client documents on their personal computers if they had Microsoft Word installed as the firm worked to reinstall the Microsoft Office suite on its computers.”
• “Cadwalader declined to say what the perpetrators of its cyberattack were after, but Pollock said hackers’ motives are almost always financial. ‘It’s always extortion,’ Pollock said. ‘Obtaining data to extort someone, to delete the data or sell it on the dark web.'”
  “Not all law firm data breaches get reported. Data breach reporting laws vary by state but tend to focus on personal information rather than business information, and states such as New York don’t maintain public databases of required data breach reports.”

“American Bar Association data breach hits 1.4 million members” —

• “The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.”
• “Thursday night, the ABA began notifying members that a hacker was detected on its network on March 17th, 2023, and may have gained access to members’ login credentials for a legacy member system decommissioned in 2018.”
• “‘On March 17, 2023, the ABA observed unusual activity on its network. The incident response plan was immediately activated response, and cybersecurity experts were retained to assist with the investigation,’ warns a notification email sent to impacted members and seen by BleepingComputer.”
• “BleepingComputer was told by the ABA that 1,466,000 members were affected by this breach.”
• “While BleepingComputer has learned that this was not a ransomware attack and that no corporate or personal data was stolen, there are some concerns that the threat actors could abuse the credentials. The American Bar Association says these legacy credentials were hashed and salted, meaning they were converted from plaintext into a more secure format.”

“Appellate Division Says Law Firm May Not Withdraw From Case Despite Disqualifying Conflict of Interest” —

• “In an unpublished opinion, the New Jersey Appellate Division consolidated two back-to-back appeals arising from a 2013 complaint filed by Allstate against a group of medical defendants which alleged a number of violations of the Insurance Fraud Prevention Act—one of which addressed a firm’s motion to be relieved as counsel in the case.”
• “As to the Gloucester County matter, the Flynn firm argued that the court erred in denying its motion to be relieved as counsel and claimed that Vernon’s dissolution action against Carabasi created a disqualifying conflict of interest under RPC 1.7(a). According to the opinion, the firm stated that ‘with the demise of the SJHW entity in bankruptcy, the individuals’ stated position at the outset of the case that any potential liability would be paid by the entity and thus shared between all defendants has vanished.'”
• “Additionally, the firm asserted that Vernon’s allegations against Carabasi constituted an alteration to the original agreement due to unanticipated, extenuating circumstances and that the conflict is nonwaivable under RPC 1.7(b), according to the opinion.”
• “‘We decline to adopt the court’s finding that Dr. Vernon’s claims against Dr. Carabasi did not create a RPC 1.7 disqualifying conflict of interest for the Flynn Firm,” the opinion said. “Nevertheless, we are satisfied the court did not abuse its discretion in denying the Flynn Firm’s motion to withdraw as counsel.'”
• “According to the opinion, an attorney is not automatically relieved from representing a client on discovering their representation is in violation of a rule of professional conduct. The appeals court stated that here, as in the New Jersey Supreme Court opinion in Dewey v. R.J. Reynolds Tobacco, the court found it would be near impossible for substitute counsel to develop the same knowledge of complex litigation as the Flynn firm.”
• “‘As noted, we depart from the court’s reasoning to the extent it determined the Flynn Firm was not faced with a disqualifying conflict of interest under RPC 1.7,’ the appeals court said. ‘As explained in Loughry’s ethics review, Dr. Vernon’s claims against Dr. Carabasi could have a material impact on the Flynn Firm’s joint representation of the medical defendants in the Gloucester County litigation. Even if a disqualifying conflict existed, however, the court was within its discretion to determine equitable factors precluded the Flynn Firm’s withdrawal.'”

“Dane County judge rejects effort to disqualify law firm suing over fake electors” —

• “A Dane County judge on Wednesday rejected a request by one of the attorneys involved in the Republican attempt to hand Wisconsin’s Electoral College votes to Donald Trump to disqualify the law firm suing the group.”
• “Jim Troupis, a former Republican-appointed Dane County judge who represented Trump in a failed effort to overturn Wisconsin’s 2020 election results, filed the motion last summer alleging he and his wife had an ongoing attorney-client relationship with Stafford Rosenbaum attorney Johanna Allex at the time that other lawyers with the law firm brought the lawsuit against him and several others in May 2022.”
• “Troupis and his wife retained the firm in late 2019 and worked with Allex to develop and prepare an estate plan, which involved providing the law firm with ‘intensely private and confidential matters and information about their family, assets, and finance,’ according to Troupis’ motion.”
• “While the estate plan was never finalized, Troupis considers himself a client of Stafford Rosenbaum. He contended the financial information provided to the law firm as part of preparing an estate plan is relevant to the lawsuit, as it seeks punitive damages from the defendants.”
• “Dane County Circuit Judge Frank Remington ruled that Troupis’ attorney-client relationship with Allex ended in February 2020, after he paid the firm for services related to the estate plan — more than two years before the lawsuit was filed. Remington said Troupis’ belief that he continued to have an attorney-client relationship after that point ‘was not reasonable.'”

Above the Law writes: “ChatGPT: A Menace To Privacy” —

• “Open AI in its terms of use states the following:
  • You may provide input to the Services (“Input”), and receive output generated and returned by the Services based on the Input (“Output”). Input and Output are collectively “Content.” As between the parties and to the extent permitted by applicable law, you own all Input.“
• “The above statement is a little misleading. If the user owns all input, then input should not be stored in the database without the user’s permission. The terms of use are silent as to how this AI will be storing input and how a user can exercise their rights on the input that they own. Merely stating that the user owns input is not enough.”
• “This should stand out as a big red flag for privacy professionals. Privacy laws around the globe are in place to protect an individual’s personal data or personally identifiable information.”
• “As mentioned earlier, legal professionals are using this tool to proofread contracts and even draft contracts. As a result, they are exposing sensitive information and at times inadvertently entering personal information into the system as well. That information shall remain in ChatGPT’s possession to use for whatever purpose they chose to. Well, isn’t that illegal? Technically yes, but Open AI nowhere claims to be compliant with GDPR, CCPA/CPRA, or any other privacy standard for that matter. So the user assumes the risk when using the chatbot, giving ChatGPT an easy escape.”
• “Here are a few ways ChatGPT could violate standard privacy regulations:
  • It does not state a legal basis for processing the personal information it receives.
  • Users are not given a mechanism to exercise their ‘right to be forgotten’ or “right to amend” personal information.
  • Personal information is stored indefinitely with no insight on how that data is secured and protected.
  • ChatGPT gathers information from unknown sources on the internet. If a user has any digital footprint, chances are ChatGPT knows a great deal about that user depending on what is available on the internet. This knowledge may be false, and the user has no recourse to correct, amend, or even delete the false information.”
• “Here are some measures we can take while using ChatGPT:
  • Never enter personal information into ChatGPT. Always redact prior to exposing a legal document for review.
  • Never enter information about a client or customer. Always create vague scenarios unrelated to the client prior to asking ChatGPT for assistance.
  • Keep your questions broad and generic so that they cannot be tied to another individual.”

For example: “Samsung Software Engineers Busted for Pasting Proprietary Code Into ChatGPT” —

• “Multiple employees of Samsung’s Korea-based semiconductor business plugged lines of confidential code into ChatGPT, effectively leaking corporate secrets that could be included in the chatbot’s future responses to other people around the world.”
• “One employee copied buggy source code from a semiconductor database into the chatbot and asked it to identify a fix, according(Opens in a new window) to The Economist Korea. Another employee did the same for a different piece of equipment, requesting ‘code optimization’ from ChatGPT. After a third employee asked the AI model to summarize meeting notes, Samsung executives stepped in. The company limited each employee’s prompt to ChatGPT to 1,024 bytes.”
• “The OpenAI user guide(Opens in a new window) warns users against this behavior: ‘We are not able to delete specific prompts from your history. Please don’t share any sensitive information in your conversations.’ It says the system uses all questions and text submitted to it as training data.”
• “Samsung is reportedly considering building its own AI to prevent future mishaps, though engineers could likely bypass any measures by using ChatGPT on personal devices. Microsoft Bing and Google Bard can also detect bugs in lines of code, so banning ChatGPT is not a bulletproof solution.”

Eileen Garczynski of Ames & Gough shares: “ChatGPT and the Emerging AI Risk Landscape” —

• “Al’s knowledge is limited since it’s based only on the information used to train it… As a result, employers cannot be certain that the information this technology provides or what it produces is accurate. In some cases, Al-generated errors can be costly, subjecting organizations to liability, government audits, fines and penalties. Employers would be wise to verify the information produced by Al tools before using it.”
• “This technology can create potential privacy issues for organizations. For example, employees may share proprietary, confidential or trade secret information with ChatGPT (or a similar Al chatbot) which will then become part of its database and could be included in responses to other parties’ prompts… Before using Al technology, employers should consider reviewing and updating their confidentiality and trade secret policies to ensure they cover third-party Al tools.”
• “Al-generated content can also potentially violate IP infringement laws. For example, if the chatbot generates content similar to existing copyrighted or trademarked material, the organization using that content could be held liable for infringement.”
• Organizations can train employees on potential copyright, trademark and IP infringement issues or restrict access to Al tools to reduce legal risks.

Jeff Brandt noted: “New report on ChatGPT & generative AI in law firms shows opportunities abound, even as concerns persist” —

• “A new report discusses the evolving attitudes towards the use of generative AI and ChatGPT within law firms, surveying lawyers about the opportunities and potential risks”
• “It didn’t take long after OpenAI released its ChatGPT prototype for public use — shedding light on the myriad abilities that its underlying technology, generative artificial intelligence (AI), possessed — that many lawyers and legal industry experts became keenly aware of what these tools could mean for the profession and for law firms in particular.”
• “In fact, a recent survey of law firm lawyers illustrated this dichotomy well — a large majority (82%) of those surveyed said they believe that ChatGPT and generative AI can be readily applied to legal work; and a slightly smaller majority (51%) said that ChatGPT and generative AI should be applied to legal work.”
• “The survey, conducted in late-March by the Thomson Reuters Institute, gathered insight from more than 440 respondent lawyers at large and midsize law firms in the United States, United Kingdom, and Canada.”
• “A large portion of respondents had concerns with use of ChatGPT and generative AI at work — 62%, which included 80% of partners or managing partners. Further, many of the concerns voiced in our survey seemed to revolve around the technology’s accuracy and security, most specifically about how law firms’ concerns of privacy and client confidentiality will be addressed.”
• “Still, many legal industry observers (and many of our respondents) know that by any measure, we are still early in the game for generative AI and ChatGPTs. It is expected that time and experimentation will make users more comfortable with these tools, and a day will come when generative AI and ChatGPT is in as common use within law firms as online legal research and electronic contract signing are now.”