In a recent book, a law firm partner observed in respect of the legal profession the following:
The growth of organizational law departments in capability, size, responsibility and confidence has been one of the most important changes in the legal profession in America in recent decades. The key point is that many law departments have become both knowledgeable and competent suppliers of legal services to their employers and, when necessary, knowledgeable and competent buyers of legal services from private practice firms and alternative legal service providers.[1]
Although the growth and increased sophistication of the in-house bar has occurred over several decades, in-house lawyers have become much more sophisticated in how they purchase services from their external service providers.[2] They have come to realize that the service needed varies considerably from situation to situation. Consequently, matching the service provider to the particular type of service needed to achieve a business organization’s objective requires a much more deliberate and, on occasion, detailed process than was the case historically. We should note that as in-house legal departments have grown more sophisticated, the choices available to them for top-drawer legal services have increased. Meeting their internal clients’ greater demands for value while facing more numerous choices of outside service providers (including law firms) has made in-house lawyers’ jobs considerably more complex. Meeting those simultaneous needs tests the project-management training and skills of those in-house counsel.
The increasing sophistication of corporate law departments and their determination to take greater control of the management of the legal service needed by their companies equates to a greater need on the part of outside counsel to understand what in-house lawyers seek from their external counterparts. Firms must manage their client relationships much differently than they once did. Firms no longer provide clients all necessary services. Firms compete with alternative legal service providers (ALSPs) and technology utilizing artificial intelligence (AI). We suggest that the vague mandates of past retentions (e.g., “we need to win this case” or “we expect to acquire another company”) will no longer suffice. Greater precision in such instructions will be needed to meet the client’s expectations and to serve that client in the desired manner. Anything else risks leading to a dissatisfied client. Woe to the firm that allows that to happen by failing to learn what its clients want. In today’s hyper-competitive marketplace, such a client could easily become a former client with little notice.
How can firms today ensure they meet client expectations? The technique revolves around improved and more focused communication (including the all-important, but often overlooked, talents of listening carefully and collaborating willingly). Clients often know what they want, but may not have drilled down to isolate the specific traits of the service or the provider that they need to achieve their business objectives as effectively and directly as possible. It behooves outside lawyers to devote time and energy to exploring their clients’ service-related preferences in order to identify those necessary traits.
To do so firms should focus on more specific factors than they typically do. We suggest using “value-related qualities” (VRQ) for that purpose. A VRQ is an attribute of the service or provider or of the context in which the service is needed that can increase or decrease the utility (and, therefore, the value) of the service for the client in that particular situation. As an example, a business client that lost a senior executive to a competitor and realizes that the executive took with her valuable intellectual property for the benefit of that competitor needs injunctive relief as quickly as possible. In such a situation, speed likely would be the highest-ranked VRQ, even if in other contexts cost would supersede speed as the most desirable characteristic of the firm’s service. Another example is the process of review and discovery for hundreds of thousands of electronic documents and images. Effective and efficient review of a population this size demands high-powered technology with state-of-the-art AI capabilities. ALSPs have seized this space. The related VRQs could encompass accuracy, speed, and costs per terabyte.
The VRQs for a client should match up against the in-house lawyers’ responsibility to their internal clients. Whether the same as the VRQs that they apply with their outside counsel, business clients should express their service-related needs in terms akin to those utilized by the in-house and outside lawyers for the company.
Where is the list of VRQs? There is no list. Each legal matter will have a handful of VRQs rooted in dynamics that are important to the client. Naturally, the client can rank the VRQs in order of importance. As firms carefully listen to clients during the planning phases of an engagement, firms will likely create VRQs important to them, which will allow for rich dialogue surrounding the management of the engagement, specific accountabilities, and anticipated costs. The VRQ concept allows for the unambiguous establishment of expectations, which will lead both in-house legal departments and firms to the proverbial win-win and help establish a fruitful relationship for years to come.
[1] Michael H. Trotter, What’s To Become Of The Legal Profession? 41 (2017).
[2] For some historical background on the corporate law department, see Carl Liggio, A Look at the Role of Corporate Counsel: Back to the Future—Or Is It the Past?, 44 Ariz. L. Rev. 621 (2002); Steven Harmon & Steven Lauer, Development of the Corporate Law Department and Its Consequences, 29 Of Counsel 12, 6 (Dec. 2010).
Note: This article was drafted before the global COVID-19 outbreak, which has been accompanied by the widespread implementation of emergency business continuity plans for commercial banks allowing employees and clients to work remotely and, often involving adoption of e-signature processes.[1] It is now more timely than ever given its focus on legal risks for commercial banks to consider when using e-signature to execute commercial lending agreements.[2]
In today’s digital economy, lenders are eager to implement innovative technological solutions to service clients’ needs faster and more efficiently while reducing costs. E-signature is one such potential solution that is currently receiving significant attention within the commercial banking industry. Replacing wet ink signature with electronic signature in a paperless process can save time and money for both lenders and their customers, reducing document handling time and expense, as well as the need for post-closing re-execution of loan documents to correct mistakes made when originally signing and dating the documentation. Although e-signature usage is widespread by online retail and small business lenders, it has not yet been widely adopted by commercial banks for larger transactions despite its time- and money-saving advantages. In this article, we discuss e-signature laws in a few key markets and highlight some important legal risks for commercial banks to consider before implementing e-signature for larger domestic and cross-border bilateral deals.
Many countries have enacted laws and regulations governing the enforceability of e-signed documents, establishing a predictable framework for local transacting parties to use e-signature when executing contracts. Although e-signed contracts are generally enforceable in most modern countries, there is no uniform global standard, and laws vary across geographic boundaries and regions. In evaluating the risks of using e-signature for bilateral commercial lending documents in any jurisdiction, one of the first questions lenders should ask is whether e-signed contracts have the same legal effect as wet ink-signed contracts. When e-signature has the same legal effect as wet ink signature, it typically carries a presumption of validity. If a borrower were to challenge the validity of such an e-signature in court, the borrower would have the burden of disproving the validity of such e-signature. In contrast, when e-signature has a lesser legal effect than wet ink signature, it would not typically carry a presumption of validity. If a borrower were to challenge the validity of such an e-signature in court, the lender would have the burden of proving its validity.
In addition to questioning the legal effect, lenders should ask several more questions. First, are additional criteria or technologies required under applicable law for bilateral e-signed loan documents to have the same legal effect as wet ink signature? Second, does local law exclude any key lending documents?[3] Third, do local security registries accept e-signed collateral agreements or filing or registration to perfect a secured lender’s rights against third parties? Fourth, is the lender engaged in cross-border activity? Cross-border lending creates additional challenges and legal risks for monitoring compliance in multiple jurisdictions and are discussed in more detail below.
Certain jurisdictions, such as the U.S., Canada, and England, have broadly permissive laws recognizing the enforceability of e-signature without specifying technical requirements, creating a predictable e-signature framework for transacting parties. As a general rule, in the United States, through a combination of federal and state law (Electronic Signatures in Global and National Commerce Act 2000 [ESIGN]), Uniform Electronic Transactions Act [UETA] [recommended to states in 1999]), e-signature is generally recognized as having the same legal effect as wet ink signature so long as the transacting parties have consented to its use and all legal requirements for a contract are met. [4] The laws are technologically neutral. Common practice is to include an express consent provision in the body of an e-signed agreement, although it is not specifically required. However, lenders should also be aware of exceptions to the general rule, carving out specific document types from the generally permissive framework by law or practice. For example, wet ink signatures should be required for promissory notes and notarized documents.[5] In addition, wet ink signatures should also be required for collateral documents, such as mortgages, deeds of trust, and other agreements that are perfected by filing with governmental registries. Although e-signed collateral documents are typically enforceable under the law between contracting parties to the same extent as wet ink signed agreements, many governmental registries have not kept pace with the law and do not accept e-signed collateral documents for recordation. If a collateral agreement requiring filing for perfection purposes is not filed by a registry, then the agreement would be enforceable only between contracting parties but not enforceable against third parties, creating a risk for the secured party against challenge by a third party creditor or bankruptcy trustee.
Likewise, Canadian federal and provincial law (Bank Act [Canada] [BA], e.g. Electronic Commerce Act, 2000 [Ontario][6] and the equivalent legislation in other Canadian common law provinces), are generally permissive in relation to the use of e-signature so long as the e-signature technology used is reliable and meets the basic characteristics of an enforceable e-signature (i.e. (1) the electronic signature is reliable for the purpose of identifying the person; and (2) the association of the electronic signature with the relevant electronic document is reliable). The laws are technologically neutral, and market practice is to include explicit consent provisions in e-signed contracts (as previously mentioned), although such provisions are not specifically required. However, lenders should also be aware of exceptions to the general rule. Wet ink signatures should be required for certain documents, including promissory notes, personal guarantees, notarized mortgage documents, and security registered with the Bank of Canada.[7]
Similarly, under English law, through a combination of legislation, case law, and common law principles, e-signature is broadly recognized as having the same legal effect as wet ink signature so long as the transacting parties intend to authenticate the document and have adhered to all formalities relating to execution (Electronic Communications Act 2000 [ECA 2000]).[8] The law does not specify the technology required for enforceability and does not require express consent provisions; however, market practice is to include express consent provisions in e-signed contracts. Like in the U.S. and Canada, the generally permissive legal framework in England is subject to certain exceptions. For example, wet ink signatures should be obtained for guarantees and other documents created in the form of a deed requiring witnessing. English law does not recognize remote witnessing of deeds. A witness must be in the physical presence of the signer when a deed is executed, making e-signature of such deeds impractical. As in the U.S., not all English security registries accept e-signed collateral documents for filing. Lenders should either be assured in advance of the policies of a particular registry or, for ease of monitoring, adopt a blanket policy of requiring wet ink signatures for all collateral documents to be filed with security registries.
In order to create a predictable framework for e-signature use by transacting parties across borders in EU member countries, the Council of the European Union adopted an e-signature regulation (Regulation [EU] No. 010/2014 [eIDAS Regulation]) applicable to all EU members. Similar to local law in the U.S., Canada, and England, the EU regulation provides that among member countries, e-signature cannot be denied legal effect simply because it is in electronic form. However, unlike the law in the U.S., Canada, and England, in order for e-signature to have the same legal effect as wet ink signature, the e-signature must meet the heightened criteria of a “qualified electronic signature (QES).” The QES criteria focus on verifying the identify and authenticity of the signer and require, among other things, the use of a “qualified electronic signature creation device” such as a configured USB token or smart card when creating the e-signature, and e-signature certification by a “qualified trust service provider.” a pre-approved commercial or governmental authority. QES has been slow to gain acceptance among commercial parties outside of a few regulated industries due to the impracticalities of complying with the eIDAS requirements. Before implementing e-signature, lenders in EU member countries should consider whether their commercial clients are willing to comply with the QES requirements in order to deliver e-signed loan documents with the same legal effect as wet ink signature.
Outside the EU, there is little harmony across geographic regions or country borders with respect to e-signature requirements and laws. Like in the EU, many countries also require the use of heightened digital technology and/or certification by governmental authorities for e-signed loan agreements to have the same legal effect as wet ink signature. In certain Latin American countries, key credit and lending documents are expressly excluded from protection under e-signature statutes, while in some Middle Eastern countries, courts have been known to reject e-signed lending agreements despite legislation recognizing their enforceability. The lack of global uniformity is significant for commercial cross-border lending transactions where the jurisdiction of the documents’ governing law, as well as the jurisdiction of formation for each borrower and guarantor, must be taken into account in order to avoid potential challenges to enforceability by borrowers or guarantors under the applicable law of their own jurisdiction of formation, in addition to the jurisdiction of the documents’ governing law. For lenders engaged in cross-border lending activity, monitoring compliance with the laws of multiple jurisdictions can be unwieldy, time consuming, and expensive, creating new challenges and legal risks to be weighed against the benefits of using new technology to streamline processes, improve customer experience, and reduce internal costs.
Commercial banks seeking to implement e-signature solutions should evaluate the risks described above. We suggest creating an internal working group of stakeholders and risk stewards from across business products and functions to develop an integrated and iterative approach for using e-signature for each of the various types of documentation involved in a commercial lending transaction. As an additional step, we suggest piloting the proposed solution with a small team of bankers and their clients. In the course of the pilot and wider roll-out, the working group should continue to address new challenges and risks as they arise.
[1] This article is a summary of the CLE Program Panel entitled “What’s Ink Got to Do With It: Enforceability of Electronic And Technology-Based Commercial Loan Documentation,” presented in September 2019 at the Business Law Section’s Annual meeting. Special thanks to our co-panelists, Linda Filardi, Elizabeth Leckie, Charles Morgan, and Steve Weise. Program materials and audio can be accessed by Section members at https://www.americanbar.org/groups/business_law/resources/materials/2019/annual_materials/whats_ink/; a video summary is also available at American Bar Association, Business Law Today, “Program Spotlight: Jon Rubens Interviews Kiriakoula Hatzikiriakos and Tracy Springer on Digital Signatures,” https://businesslawtoday.org/video/program-spotlight-jon-rubens-interviews-kiriakoula-hatzikiriakos-tracy-springer-digital-signatures/ (14-11-2019).
[2] The views and opinions expressed in this article are solely those of Tracy Springer and Kiriakoula Hatzikiriakos in their personal capacities and do not represent those of their respective employers.
[3] The discussion in this article is limited to bilateral commercial lending agreements, and, as a result, we do not discuss other types of documents that typically require wet ink signatures under the laws of many jurisdictions. In addition, the exceptions discussed are examples only and are not intended to be an exhaustive or comprehensive list. Lenders should always engage counsel for legal advice in connection with implementing an e-signature program.
[5] Please note that in order to accommodate a workforce largely working from home due to COVID-19, by Executive Order No. 202.7 on March 19, 2020, Gov. Andrew Cuomo temporarily permitted notarial acts under New York State law to be performed using audio-video technology provided certain conditions are met.
[7] See e.g. Guarantees Acknowledgment Act (Alberta), RSA 2000, c. G-li s. 3; Alberta Regulation 66/2003, Schedule; Farm Security Act (Saskatchewan), SS 1998, c. S-171, s. 31(1) (applies to guarantees to farmland or other assets used in farming). In Quebec, the Chamber of Notaries of Quebec announced that certain measures will be taken as of April 1, 2020 to allow for technological solutions for passing notarial deeds, see www.cnq.org.
[8] In 2016, the U.K. Law Society published a practice note on the execution of a document using an electronic signature, see www.lawsociety.org/uk/support-services/advice/practice-notes/execution-of-a-document-using-an-electronic-signature/. The U.K. Law Commission confirmed the validity of electronic signature in September 2019, see www. https://www.lawcom.gov.uk/electronic-signatures-are-valid-confirms-law-commission/.
Parties to business transactions and their counsel seldom gather in the same location to exchange manually-signed agreements and other documents; virtual closings have been and are the norm.* The COVID-19 crisis has resulted in increased focus on the widespread practice of giving opinions on the execution of agreements signed electronically. This Comment explains the legal basis for the conclusion underlying those opinions that the electronic signatures on those agreements have the same legal effect as manual signatures.
The Uniform Electronic Transactions Act (UETA) is the law in all but a few United States jurisdictions, and the Electronic Signatures in Global and National Commerce Act, 15 USCA §§ 7001 et seq. (E-SIGN), is federal law. E-SIGN provides substantially the same rules as UETA.
The interplay of UETA and E-SIGN is as follows:
E-SIGN is the law in states that have not adopted UETA or a statute providing alternative procedures for the use of electronic signatures consistent with E-SIGN.
If a state has adopted UETA, E-SIGN does not preempt UETA in that state, except to the extent the state’s version of UETA is inconsistent with E-SIGN.
If a state has adopted alternative procedures for the use of electronic signatures consistent with E-SIGN, E-SIGN does not preempt those procedures.
The net effect of these rules is that every jurisdiction in the United States has substantially the same rules for the use of electronic signatures. (New York has enacted the Electronic Signatures and Records Act, State Technology Law §§ 301-309 (ESRA). ESRA is different from UETA but that should not change the result that an electronic signature will ordinarily be effective because if ESRA is not consistent with E-SIGN, it is preempted by E-SIGN.)
Generally, UETA and E-SIGN provide that a signature may not be denied legal effect solely because it is in electronic form. UETA § 7; E-SIGN, 15 USCA § 7001(a). When the parties to a business contract subject to one of these statutes agree to use an electronic signature, the electronic signature ordinarily will have legal effect. The agreement of the parties can be implicit and can be based on all the circumstances broadly construed. UETA § 5(b). An opinion, therefore, that a business agreement has been duly executed can be based on the parties’ conduct. Under UETA, the exchange of electronically-signed documents manifests the requisite agreement of the parties to use electronic signatures.[1] Electronic signatures include signatures in emails, PDFs, and faxes and signatures provided by processes offered by commercial firms, such as DocuSign and Adobe Sign, so long as they are affixed to or associated with the relevant agreement with an intent to sign by the persons providing them.
Except for agreements governed by Articles 2 (sales of goods) and 2A (leases of goods) of the Uniform Commercial Code (UCC), UETA and E-SIGN do not apply to agreements to the extent the agreements are governed by the UCC. The UCC governs only certain aspects of transactions within its scope, leaving the remaining issues to be governed by other law. The definition of “sign” in Article 1 and the definition of “authenticate” in Article 9 provide substantially the same rules as UETA and E-SIGN for the use of electronic signatures. Thus, for example, in cases where an agreement that bears an electronic signature does not qualify as a “negotiable instrument” for UCC purposes because it is not a “writing,” execution by electronic signature pursuant to UETA or E-SIGN (or other consistent state law) is still sufficient to create an enforceable agreement as a matter of contract law.
Agreements sometimes require that they and any amendments be signed manually. When giving a duly executed opinion, therefore, on an agreement or amendment that has been signed electronically, the opinion giver must confirm that the agreement does not prohibit electronic signatures.
As a matter of customary practice,[2] duly executed opinions can be based on an assumption, which may be unstated, that all signatures are genuine. That assumption applies to electronic as well as manual signatures.
The legal effect of the execution of a business agreement by a legal entity could also depend on the statute under which the entity was formed and the provisions in the entity’s constituent documents relating to its internal actions. For example, the entity statutes of some states provide rules for the electronic execution of documents needed to create the entity and written consents authorizing the signing of agreements on its behalf. See, e.g., Delaware Limited Liability Company Act § 18–113; Delaware General Corporation Law §§ 141(f) and 228(d)(1).
*The TriBar Opinion Committee currently includes designees of the following organizations functioning as a single Committee: (i) Special Committee on Legal Opinions in Commercial Transactions, New York County Lawyers’ Association; (ii) Corporation Law Committee, The Association of the Bar of the City of New York, and (iii) Special Committee on Legal Opinions of the Business Law Section, New York State Bar Association. The Committee also includes members of the state bars of California, Delaware, Georgia, Michigan, North Carolina, Pennsylvania, Texas, and Washington, of the Bar Association of the District of Columbia, and of the Boston Bar Association, and the Chicago Bar Association. The views expressed in this Comment reflect a consensus of the members of the TriBar Opinion Committee and on any particular point are not necessarily those of particular members of the Committee or the law firms and other organizations with which the members are associated.
[1] Although not applicable to the question whether an electronic signature on an agreement is valid, the Committee notes that the Governor of New York issued an Executive Order on March 19, 2020 in connection with the COVID-19 crisis providing for the use of audio-video technology for notarial acts.
The coronavirus pandemic has caused millions of people to work from home and forced thousands of companies to adapt to an environment where all or most of their employees are working remotely. For the legal industry, this unexpected and sudden transition to a virtual office model is likely to have a lasting effect. Before the pandemic, most law firms had little or no experience with a virtual office component to their business. Now these firms, and their attorneys, paralegals and staff, are experiencing the virtual office environment first-hand.
As a partner with ten years’ experience working in a virtual law firm, founded in 2008 as one of the pioneers in the virtual office movement, I have personally experienced both brick and mortar and virtual workplace scenarios. Prior to joining the virtual model, I had sixteen years of experience working in large and small law firms, with little or no options for working remotely. Based upon my considerable experience with both models, I believe that it is very possible that the coronavirus pandemic will mark the end of the strictly brick-and-mortar law firm model where everyone is required to commute to work and sit at their office desk all day, where face-time is key to upward mobility, and where investing in opulent, marble-floored office space with exquisite and pricey paintings on the walls is a good business decision. Below is a discussion of the primary forces behind this tectonic shift in the industry.
Law Firms Are Acquiring the Tools Necessary to Operate On A Virtual Office Model. Whether they like it or not, law firms are being forced to figure out how to operate in a virtual office environment. They will be acquiring new technology and/or adapting existing technology to ensure that their people are able to work effectively from home for extended periods of time, rather than just on occasion. For example, many traditional firms do not have adequate online tech support to address the volume of questions and repairs that result from a large portion of the workforce working from home. They will learn this quickly and will find solutions, such as investing in system upgrades and hiring the necessary IT professionals to support such arrangements.
Firms will also need to adopt solutions to the data privacy and other cyber security challenges associated with people working remotely. Examples include the use of two-factor authentication, encryption through virtual private networks (VPN’s), drive and data encryption on mobile devices and enhanced identity management and access control.
Beyond technology concerns, firms will have to adapt their policies and procedures for monitoring and enforcing productivity, because in a virtual office you can’t see what people are doing by simply walking down the hall. Most people will be equally as productive working from home as they were in the traditional office setting. Many people will be even more productive because they will not need to waste time commuting to work, and they will not be interrupted by the distractions found in a traditional office setting. However, not every employee possesses the discipline and focus needed to work from home effectively.
Firms will also find that the more their attorneys, paralegals, and staff are working remotely, the more they will need to take proactive measures to maintain a positive firm culture. When people are not working in the same office space, they can feel isolated, lonely, and out of touch. Such feelings can reduce morale and become a major impediment to maintaining a healthy practice. For example, firms may begin to implement regularly scheduled office-wide or firm-wide video conference calls, frequent check-in calls by group managers, a dedicated email group to chat online about various non-work topics, and even virtual happy hours in an effort to maintain connections among colleagues. These and other initiatives have allowed VLP to effectively promote a culture of collegiality and collaboration among attorneys, paralegals, and staff despite each person working from his or her own remote office location.
Attorneys, Paralegals and Staff Will Work from Home During the Pandemic and Like It. Having worked in a virtual office environment for the past ten years and having spent the previous sixteen years working in the traditional office setting, I can say with great confidence that the vast majority of people I have worked with over all of these years prefer working from home. Among the many benefits are less time (and money) spent commuting to work and back, no office distractions, a more flexible schedule, less stress, and more time spent with family and friends.
Stereotypes Associated With “Working from Home” Will Further Fade. There are some in the legal industry that still associate working from home with a lack of ambition and low productivity. In general, those that hold this view have had little or no direct experience with a virtual office model. Due to the coronavirus pandemic, thousands of law firms are being forced to adopt a virtual office environment, and as a result, virtually everyone in the legal industry will either personally experience the virtual office model to some extent or will know someone who has. Many of the stereotype believers will learn firsthand that working from home can be equally productive as working in a tradition law office setting (or more so). At the very least, the stereotype believers will have to acknowledge that it is feasible to operate a law firm on a virtual model, and that law firms might be forced to adopt a virtual model again in the future if an event such as the coronavirus pandemic occurs again.
Conclusion. It is very possible that the combination of (1) law firms acquiring the tools necessary to operate on a virtual office model, (2) attorneys, paralegals and staff demanding more flexibility to work from home in light of their positive experience working from home during the coronavirus pandemic, and (3) the further fading of the stereotypes in the legal industry associated with working from home, will result in an unprecedented shift in the legal industry toward embracing some version of the virtual office model. I don’t expect hordes of brick and mortar firms to suddenly shed their offices completely and become entirely virtual, but I do expect two things. First, when the dust from the coronavirus pandemic settles, there will be an industry-wide shift in the number of attorneys, paralegals, and staff that work from home. The increase will be substantial, and I expect the number of people working from home to only increase over time. Second, the increased demand for greater flexibility to work from home will result in an increase in the number of attorneys, paralegals, and staff working in virtual law firms with no brick and mortar footprint. Brick and mortar firms will have varying levels of success marrying their traditional office model with a virtual office component, and people may find that a law firm that has fully embraced the virtual office model is a better fit for them.
This could be the dawn of the virtual office revolution in the legal industry.
No country appears to be immune from the spread of coronavirus. COVID-19 is now impacting individuals and businesses in Mexico, as it has impacted many of their trading partners in recent weeks. According to Mexican health authorities, coronavirus is not likely to peak in Mexico for a number of weeks, but precautionary measures are now being implemented. Just as Mexican individuals are adapting to the need for social distancing, so too are Mexican companies assessing how to lessen the impact of this pandemic, including reviewing the coverage afforded by insurance policies.
Health insurance: Coverage for illness related to COVID-19 is available both under Mexico’s public universal health care program, as well as through private health insurance. The Mexican Institute of Social Insurance (IMSS) affords health care coverage to persons registered with IMSS. Under the IMSS program, employers must register all employees with IMSS and pay a monthly fee giving employees access to the IMSS clinics. Individuals registered with IMSS will have access to those clinics for diagnosis and treatment of COVID-19. As in the United States, it is reported that these clinics lack supplies (personal protective equipment such as respirators, masks, gowns, face shields, and ventilators) needed to handle their patients.
In connection with private insurance, the Mexican Association of Insurance Companies (“AMIS”) recently reported that 28 out of the total 32 private health insurers operating in Mexico will cover treatment of COVID-19 as a respiratory disease. According to AMIS, only the health insurance policies issued by 4 of these insurers have exclusions relating to diseases with pandemic effects (such as COVID-19). A review of the terms and conditions of a specific health insurance policy would be needed to fully understand the conditions of coverage; however, the main concern is that hospitals’ capacity may be insufficient to attend all cases if the contagious wave increases, as experienced in other countries, and as is anticipated in Mexico. In this regard, on March 30th, President Lopez Obrador urged Mexicans to stay at home to help limit the COVID-19 spread, as the number of confirmed cases rose to 717. It is anticipated that this date may likely shift into April or further.
Life insurance: According to this AMIS report, life insurance policies issued in Mexico by Mexican insurers afford coverage for death resulting from COVID-19. Mexican authorized life policies do not exclude pandemic as a cause of death. It is possible that, as insurance regulators in other countries have noted, life insurance companies in Mexico may experience financial difficulties if the number of deaths covered by insurance policies rises to unexpected levels, and/or if the investment yields of these life insurers is impacted, as is presently the case, given the volatility in capital markets.
Travel insurance: Many travel policies in Mexico, which include health insurance coverage, likely will cover expenses for treatment of COVID-19 (e.g., cover expenses for diagnosis and treatment as a result of coronavirus infection incurred during travel). However, COVID-19, as a pandemic, has not generally been accepted as cause for cancellation of a trip or for trip interruption under those policies. Thus, there would be no coverage if an insured elects to cancel for fear of contracting the virus or for any other reason relating to COVID-19. Some travel insurance companies are now offering travel insurance plans with restrictive or limited coverage, and other travel insurance companies have disclosed that as of March 12, 2020, any coverage relating COVID-19 will be excluded. Therefore, it would appear that travel insurance policies are being amended in Mexico to exclude treatment of COVID-19. Also, travel insurance companies are offering information on travel restrictions as such information is provided to the IATA Travel Centre (their list is updated regularly.)
Business Interruption Insurance: This coverage is generally available as a rider or optional coverage included in commercial property insurance policies in Mexico. Coverage for business interruption in Mexico is usually triggered by the physical loss or damage caused to the property of the insured in certain situations such as fire, flood, earthquake, and hurricane. Determining whether loss of business income due to COVID-19 would be covered by these types of policies would require an analysis of the specific policy terms and conditions, and many policies expressly exclude loss caused by virus or bacteria, such as COVID-19, and COVID-19 contamination on business premises might not satisfy the physical damage to property requirement of many of these policies. Also, this coverage would need to be analyzed in light of any future government orders (i.e., civil authority) that may require businesses to shut down (or if civil authority imposes conditions denying access to buildings). It is also possible that other types of policies such as General Liability or Directors and Officers insurance, may offer some type of coverage whose conditions are met by the COVID-19 crisis, again dependent on the policy language in the context of possible policy exclusions. All of these coverages are available in Mexico; the insurers issuing these policies are regulated in Mexico by the Comision Nacional de Seguros y Fianzas (CNSF) and governed by the General Law of Insurance Companies. Given that Mexico insurance law does not regulate business interruption insurance specifically, any claim for business interruption or relating to COVID-19 arising under other these types of insurance policies would need to be interpreted under the general provisions in Mexico’s Insurance Contract Law. Recognizing that the interpretation as to availability of coverage relative to a particular type of policy derives from the Insurance Contract Law as opposed to case law, it is not clear, absent express business interruption coverage language in a policy, whether such coverage would be available in Mexico.
Mexican insurance companies will undoubtedly be impacted by claims derived from insurance policies relating to COVID-19. Mexico’s sovereign rating downgrade from BBB+ to BBB by Standard & Poor’s credit rating agency on March 27, 2020, coupled with the decrease in oil prices and the devaluation of the Mexican peso against the U.S. dollar, may be evidence of economic turmoil yet to come.
A recent California appellate court decision, Techno Lite, Inc. v. Emcod, LLC, et. al, (Cal. Ct App. 2d Dist. Jan. 21, 2020), involves the common law duty of loyalty of an employee to the employer, and the statute that voids most covenants not to compete.[1]
In this case, the only thing the “suspenders” (as in belt and suspenders) held up was an award of punitive damages, but I believe the court got it wrong and should have let the fraud cause of action drop.
The facts and procedural history of the case are both complex. For purposes of this analysis, I am limiting the background to the salient facts and law that focus on what became an award of punitive damages to the employer based upon the employees’ promise that, if they were allowed to conduct a side business selling the same products as those they were hired to sell for the employer, they would not do so in a manner that would compete with the employer’s business. It does not appear from the opinion that this promise was in a written document.
By way of further background, in the year I turned one year old, two major events happened (in addition to my first birthday party): the Japanese bombed Pearl Harbor, dragging the United States into WWII, and the California legislature passed a law that was signed by the governor and subsequently codified as Business and Professions Code section 16600: “Except as provided in this chapter, every contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void.” That seems pretty clear, unambiguous, and easy to understand, even for lawyers. What is “excepted” are, as explained by the California Supreme Court: “noncompetition agreements in the sale or dissolution of corporations (§ 16601), partnerships (ibid. § 16602), and limited liability corporations (sic) (§ 16602.5).”[2]
What I refer to as the “belt” in this article is the California common law doctrine of an employee’s duty of loyalty to his or her employer. Many cases focus on this duty, and a good number of them are cited to in the Techno Lite opinion in section A.1. of the discussion portion of the opinion captioned: “A Promise Not to Compete with an Employer While Employed Is Not Void.” California Labor Code section 2863 is the only codification I could find that partially addresses the employee duty of loyalty, and it provides: “An employee who has any business to transact on his own account, similar to that intrusted to him by his employer, shall always give the preference to the business of the employer.”[3]
As noted above, sometime after their employment began with Techno Lite, the three employees began a separate limited liability company (defendant Emcod, LLC) that was engaged in essentially the same business of selling lighting fixtures as Techno Lite. When Techno Lite’s owners learned of this activity, they obviously were concerned. This led to serious discussions that culminated in the three employees’ “agreement” that they would not conduct Emcod’s business in a way that would compete with Techno Lite. This subsequent agreement is what I refer to as the “suspenders” because the obligation to avoid competing with the employer was already an important part of their employment agreement which, by law, incorporates both the common law duty of loyalty and Labor Code section 2863.
Despite their promise that they would not compete with Techno Lite through the Emcod business, the employees not only did compete, but also diverted to Emcod customer inquiries directed to Techno Lite. Eventually this led to litigation, with Techno Lite suing the employees for a host of causes of action, and in an amended complaint adding causes of action for fraud and unfair business practices. The trial court found the three employees liable for fraud and unfair competition. On appeal, the employees argued that they could not be guilty of fraud (when they allegedly agreed to a covenant not to compete) because that agreement was void under section 16600. Without a finding of fraud, there was no basis for the trial court to impose punitive damages in the original amount of $625,926, but subsequently reduced to $29,321 each, for a total award of $87,963.[4]
Where the appellate opinion in Techno Lite goes off track is in its discussion of section 16600. For instance:
[S]ection 16600 has consistently been interpreted as invalidating any employment agreement that unreasonably interferes with an employee’s ability to compete with an employer after his or her employment ends. However, the statute does not affect limitations on an employee’s conduct or duties while employed.
(Citation omitted; emphasis in original.) And later, referring to the Edwards v. Arthur Anderson opinion: “Edwards did not address—much less invalidate—agreements by employees not to undermine their employer’s business by surreptitiously competing with it while being paid by the employer.” That last sentence is absolutely true. What is also true is that the Edwards court was not addressing a covenant not to compete that was effective during the person’s employment. The Edwards opinion, to the extent it pertains to section 16600, is limited to considering whether the Ninth Circuit’s “narrow restraint”[5] exception to section 16600 was the law of California. In addition, the court concluded it was not. One can deduce that the Supreme Court was reading the statute’s unambiguous language—“every contract” imposing a covenant not to compete, other than the three statutory exceptions, is void. A “narrow restraint,” and presumably a “current employee” exception, is inconsistent with that language.
This analysis presents yet another puzzling question. It would seem that the combination of the employee’s duty of loyalty with Labor Code section 2863 imposes, at the very least, a narrow restraint on the employee’s ability to engage “in a lawful profession, trade, or business”. The employee cannot work for a competitor of her employer. Each employment arrangement is based upon a written, oral, or implied contract between the employer and the employee. What is the logical reasoning that exempts employment contracts from the unambiguous language of section 16600? With this disconnect between the employment laws discussed above and section 16600, it would seem that the only way to avoid litigation over the confusing state of the law would be for the legislature to create a fourth exception to section 16600. The following is proposed for that exception: “Section 16602.6: Section 16600 does not apply to any employer-employee agreement, whether written or oral, during the period of the employee’s active employment.”
However, that simple clarification runs smack into another confounding California innovation: AB5. This new law, effective January 1, 2020, mandates that any worker who cannot be shown to be outside the law’s ABC test[6] must be treated as an employee in California, irrespective of the intent of the hiring entity and the worker with regard to their relationship. AB5 has already generated massive litigation concerning truckers, “gig” workers such as Lyft and Uber drivers, stringers for publications, singers, dancers, etc. Assuming it applies to Uber and Lyft, for example, tens of thousands of those drivers will be classified as employees of both companies. Does that give either company the right to demand adherence to the duty of loyalty? Alternatively, consider the highly skilled winemaker who works for three or four different wineries. As an independent contractor, he or she has no obligation to refrain from working for a competitor of one of his or her winery clients; as an employee, there is that duty of loyalty that can create a messy and unintended situation.
Taking this issue to the level of the absurd (but why not, we are in California), how does a literal reading of section 16600 square with the duties of partners to one another? How does it not make void any provision in a partnership agreement such as: “Each partner shall devote his or her full time and attention to the conduct of the Firm’s business and account to the Firm for any compensation or payment received from any person if the work performed is within the scope of the Firm’s usual business activities.”? If you are in one of the many states that are considering legislation similar to section 16600, as has been reported in recent legal publications, it will behoove you to ensure that the statute actually adopted addresses these issues with appropriate carve-outs for all relationships that business people believe should be allowed to be protected by a covenant not to compete.
[1] Niesar & Vestal LLP. The author acknowledges the valuable contributions to this article made by Carolina Juvin, Esq., associate with Niesar & Vestal LLP.
[2] Edwards v. Arthur Anderson LLP, 44 Cal. 4th 937, 946 (2008).
[3] Forgive the rather dated language; this section was added to the Labor Code in 1937.
[4] In 1988, a California court of appeal held that there is no cause of action for “tortious breach of contract,” which had been used in lower courts to establish a basis for awarding punitive damages in a breach of contract action. Pugh v. See’s Candies, 203 Cal. App. 3d 743, 250 Cal. Rptr. 195 (1988) (review denied).
[5] The restrictive covenant in Edwards would have prevented him from: (a) working for any client he had worked for while at his employer, for a period of 18 months following end of employment; and (b) soliciting any client of the employer to whom he had been assigned, for a period of 12 months post-employment. The services were advising wealthy clients on financial matters. The trial court determined, in ruling that the restrictions were a permitted “narrow restraint”: “There were more than enough of these wealthy folks . . . in L.A. for all CPAs to do the kind of work [Edwards] was doing. . . . There wasn’t even perhaps a minimal restriction on his ability to work.”
[6] The worker will be a statutory employee if he or she fails to satisfy any one of the following tests: (a) the worker is free from control and direction from the hiring entity; (b) the work performed is outside of the usual course of the hiring entity’s business; and (c) the worker is customarily engaged in an independently established trade, occupation, or business of the same nature as that involved in the work performed.
Having served as a mediator for twenty-plus years, I am generally a proponent of having the mediation take place in person, with all decision makers physically present. I have always believed it was important to be able to see people during the mediation in order to secure trust and develop rapport, and also to read and evaluate micro-expressions during the process. Humans by nature connect and evaluate one another in various ways, including through eye contact and body language, both of which are visual cues, as opposed to voice inflection, which can, of course, be detected over the phone. Yet, from time to time, I have conducted mediations by telephone, although I have tried to limit those to instances where the issues were discrete enough that telephonic shuttle diplomacy would still get the job done. However, in the face of COVID-19, at a time when so many courts are not even allowing in-person hearings or any hearings at all, finding a way to conduct online mediations becomes essential for many to continue their business.
Many practitioners are turning to existing tools, such as WebEx and Zoom. These programs still satisfy that “in-person” touch that so many mediators and participants desire because they allow the parties to hear and see each other via webcams, and they also allow for separate sessions to be created, thereby mimicking joint and private caucuses. While these are great options, there are a few considerations that users should keep in mind. First, no matter which platform you choose, you must be facile with the program and have the ability to not only use it yourself, but also be able to guide the participants who may not be as familiar with the platform so that they are equally comfortable. To that end, aside from taking the many training sessions that are popping up, be sure to practice the use of the technology yourself. There is nothing more frustrating to a mediation advocate or participant than technology that impedes rather than enhances the mediation process. Thereafter, I would recommend that you set up a time before the actual mediation to virtually “meet” with each side, including clients, to be sure they are equally comfortable with the technology. Just as you would ensure that participants are comfortable in your conference room and understand where the amenities are located, they need to be sure they know how to use the mute button, or discretely request, set up and/or participate in a private caucus session. Second, as the mediator you need to ensure that all parties are comfortable with the confidentiality of the online process. It is easy to gauge confidentiality when you are sitting in a private conference space and can determine that what is being said is only being heard by the actual participants who are present in that room. With online programs, there is a limited view of where the other participants are physically sitting. Moreover, all of the platforms have recording features, which you should ensure are turned off and you should request that all participants do the same. You should review and identify the confidentiality expectations with all the participants and stress the importance of maintaining confidentiality of the process; whatever presentation you normally give for confidentiality should be modified for this new format. Further, you should stress, in advance, that the parties themselves should be in a private space where they cannot be overheard. The parties should not be on public WiFi and should be in an area with good connectivity to avoid disruptions to the process. Third, you need a contingency plan in case the technology does not work and/or the participants, despite prior testing, cannot get it to work.
Mediation is always dependent upon the parties having trust in the mediator and the process. It is important to keep in mind that not everyone is comfortable with or trusts technology. Therefore, in order for the process to work while utilizing these alternative methodologies, it is up to you as the mediator to do your part to properly set the stage, and establish the trust in you, the technology method, and the process. Any good mediator spends time setting the stage in advance by reading position statements and speaking to the parties in advance; now mediators should add a review of the technology to ensure that the parties are comfortable as one more step to achieving a successful process. How you build that extra time into your fee structure must be decided by each of you, but presently, my thought is not to charge for X hours of technological preparation.
Meredith Ritchie, general counsel and chief ethics and government affairs officer of Alliant Credit Union and co-chair of the Governance Subcommittee of the ABA Credit Union Committee, sat down with three accomplished general counsels to discuss the issue of diversity and inclusion. Faith Anderson is general counsel of American Airlines Federal Credit Union and is former chair of the ABA Credit Union Committee. Lisa Washington is SVP and chief legal officer of WSFS Bank. Jacquelyne Belcastro is VP and general counsel of Hydro Extrusion North America.
Meredith Richie: What does diversity and inclusion mean to you (or your company)?
Faith Anderson: To me, diversity and inclusion means having a diverse workforce where everyone is allowed and encouraged to participate.
Lisa Washington: In my opinion, it’s important that the composition of the workforce reflect the current marketplace in order to properly serve our customers. Additionally, diversity and inclusion goes beyond gender and race but also encompasses socioeconomic and physical abilities.
Meredith Richie: What are the benefits of having a diverse workforce (or legal department)?
Jacquelyne Belcastro: The benefits of having a diverse workforce and legal department include encouraging the voicing of different views and opinions. Research demonstrates that diverse teams are smarter because they are more likely to remain objective, reexamine facts, question assumptions, and overcome biases.
Faith Anderson: By having a diverse department, you begin to mirror your credit union members (customers) that you are actually serving. You learn to be more empathetic to issues that you may not have experienced; diverse team members can bring a different skillset to the workforce. Most importantly, your members see that you are valuing them when you hire people that they relate to and that look like them.
Lisa Washington: An organization needs diverse experience to grow as an organization! In today’s world, we have so many media choices and can filter what we want to see and what we do not want to see, which can lead to a sheltered existence and point of view. We need to make sure that our workforce and legal departments are diverse so that we consider all perspectives and therefore make better informed decisions.
Meredith Richie: How can the legal department drive diversity and inclusion?
Jacquelyne Belcastro: There are a number of ways that a legal department can drive diversity and inclusion. First, the legal department can demand that its outside counsel firms include diverse attorneys working on matters. The best way I’ve found to do this is to include a requirement in requests for proposal when seeking out counsel on new matters. Do not be afraid to be direct with outside counsel firms on this issue. Second, start a diversity committee at your organization or in the legal department. I just spearheaded this effort at my company. Third, participate in summer intern programs like the Association of Corporate Counsel Chicago Chapter’s Diversity Summer Internship Program.
Faith Anderson: A legal department can drive diversity and inclusion in many ways: by hiring firms that are diverse and inclusive, mentoring diverse law students, hiring diverse candidates, and volunteering.
Lisa Washington: Try to identify in firms strong attorneys who are diverse and work with them. It’s important that as GC we ensure that the diverse attorney bringing in business or working on a matter at a firm is getting credit that results in compensation.
Meredith Richie: What steps have you taken personally or in your role to help with diversity and inclusion?
Faith Anderson: As a diverse general counsel (petite Asian woman), I am always aware of the types of people that I am with at any given time. This came about from growing up in a small town of 2,000 people where my family and I were the minorities. Even today when I attend meetings or conferences, I always notice if the attendees and speakers are diverse. The ABA Business Law Section does a very good job of being diverse and inclusive. I am proud that my department is very diverse and inclusive. For example, in my department we have employees who are African American, Asian, White, Indian, and Hispanic.
Meredith Richie: Is there a difference, in your opinion, between diversity and inclusion? If so, what is the difference?
Faith Anderson: Yes, there is a big difference. One of the analogies that I have heard and like is that “diversity” is being asked to the dance, and “inclusion” is being asked to actually participate and dance!
Meredith Richie: If you had to give advice to a new general counsel on diversity and inclusion, what advice would that be?
Faith Anderson: It’s tempting to hire someone who is a clone of yourself. Be open to working with all different types of people and you will enrich yourself and your department. You will be surprised how much you can learn from others, maybe because they take a different approach, come from a different background, or are more technology savvy, etc. It opens your mind to a different approach and way of thinking. To begin, you need to look at and be aware of what is around you and start by making small changes.
The Black Death stole people’s identities. Sweeping through Europe and Asia periodically from the 14th to the 18th century, the disease erased entire cities, and individual graves were traded for huge trenches with scores of nameless bodies. Spread by traders and human travel that brought disease carriers everywhere, people were reduced to numbers, as not only the sick disappeared but so did everyone who might have remembered them.
COVID-19 is unlikely to cause such a demographic catastrophe, but it may have an effect on our identities, stripping away privacy protections in the name of pandemic control. Our most significant technology companies are leading the charge to harness data and the newest industry tools to both fight the spread of this disease and to reduce our personal privacy in the process.
Two social benefits are in direct conflict right now, and the business of technology is tipping the scale from one to the other. On one hand, actions needed to slow the spread of COVID-19 can save countless lives depending on how soon and how effectively they are deployed. On the other hand, many of these same actions target individuals and pull them from anonymity or isolate their information in databases and bring them to public attention.
The most significant privacy infringements are playing out on a macro scale as governments and businesses join together to track and halt the spread of the disease. China locked down more than 500 million mostly healthy people to keep COVID-19 in check, and it has been using unmanned aerial vehicles to scan crowds and spot feverish people from hundreds of feet away, signaling to watchers on the ground. Chinese state television noted that people in Shanghai who were ordered to sequester have digital monitoring devices attached to the doors of their homes.
Giant search engine company Baidu developed an algorithm for the Beijing subway police to quickly identify commuters not wearing masks. Baidu’s online doctor consultation platform has handled over 15 million inquires and hosts over 100,000 doctors answering questions. Chinese law does not seem to limit what Baidu may do with this health information about its users.. The world’s largest e-commerce company, Alibaba, launched a drug delivery service to treat people with chronic diseases to relieve hospitals burdened by COVID-19 overcrowding. This takes patients’ health information out of the hospital setting into an extensive database that also tracks their online purchases. Chinese gaming company Tencent, operator of WeChat, is providing a chatbot to people seeking basic diagnoses and the company has launched free online health consultation services. We have seen no reporting on what personal information is required to receive these services.
South Korea is often cited as handling its virus response better than most other countries—its government employed disinfectant-spraying drones and thermal goggles that read people’s temperature from a distance. South Korea also “rolled out a ‘Self-Quarantine Safety Protection’ tracking app to keep digital eyeballs on the roughly 30,000 people officials told to stay home for two weeks. If a person brings their phone out of the permitted area, a mobile alert gets beamed to the individual and their government case officer.” The country has also worked with industry to introduce a mobile app based facial recognition system that allows health providers and others quickly identify the names of patients. The secrecy, religious practices, and fingerprint scanning requirements of a South Korean sect fell under international scrutiny when a high number of its members filled the country’s COVID-19 statistics.
The State of Israel gave an order to shelter at home to all of its citizens and used a cell phone tracking tool previously only used by the government for fighting terrorism. This tool notes movement of mobile phones so the government can tell if you are defying its orders and track your activities. Prime Minister Netanyahu said, “We will very soon begin using technology… digital means that we have been using in order to fight terrorism.” Opposing politicians criticized mobile phone monitoring as an assault on the privacy of Israelis.
Established biometric company SuperCom, headquartered in Israel, sees the COVID-19 pandemic as a way to sell its biometric infected population monitoring system, explaining, “The solution is a scalable electronic monitoring and tracking platform ready for deployment. It includes a waterproof, hypoallergenic Bluetooth ankle bracelet, a smartphone and SAAS software in the cloud, but is also customizable such as for smartphone-only monitoring. SuperCom says is already speaking with a number of government organizations to roll out the solution globally.” Japan has used temperature scanners for all incoming airplane passengers. Singapore worked with local technology companies using QR codes to track citizens.
The U.S. is not immune to acceleration of government surveillance to fight the novel coronavirus. According to the Wall Street Journal, data mining company Palantir is working with the Centers for Disease Control to model the viral spread, and, “Other companies that scrape public social-media data have contracts in place with the agency and the National Institutes of Health.” The same article points out, “Crimson Hexagon, now part of Brandwatch, has a $30,000 contract with the CDC that was initiated last fall, according to government records. Crimson provides companies and governments with ‘social listening’ tools, meaning it scrapes public Facebook, Instagram and Twitter posts in part to gauge sentiment.” Social media databases can be used to look for symptoms people discuss like shortness of breath, fever, or cough.
That Google-sponsored website noted by President Trump, called Project Baseline, will link the information of people seeking testing with the other data Google collects about them. The Washington Post writes that the U.S. government is working with Facebook to track people’s movements and with Google to find insights through personal use of mapping applications. We also know that federal law enforcement has purchased large cell phone location databases from Verizon and AT&T, likely at least in part a reaction to the SCOTUS Carpenter decision, limiting the government’s subpoena-free access to this information. No word of what kind of government databases will be left in the hands of the administration after the crisis is over.
Facial recognition database giant Clearview A.I., the current (and justified) boogie man of privacy intrusion, is, according the WSJ, “in discussions with state agencies about using its technology to track patients infected by the coronavirus.” This would entail states tracking individuals using facial recognition and matching to public or business cameras. It is likely that license plate recognition operated by nearly all state law enforcement agencies will be harnessed for this task as well.
All of these new biometric-based technology implementations run counter to a trend in privacy law. The EU’s General Data Protection Regulation, as well as laws in U.S. states like Illinois, Washington, and Texas, have restricted the use of biometric identifiers by businesses. The clear utility of biometric readings as a practical security and health care tool fights against lawmakers’ suspicion of capturing our physical characteristics. The conflict will likely intensify thanks to our use of privacy-threatening, COVID-19-fighting biometric tools.
Our individual health information may also be at risk. Group health protection trumps individual privacy protection. At this stage, the U.S. is failing to provide adequate testing resources to properly measure the growth of COVID-19 infections. If you should be tested, or if you have been tested positive, what happens to that information? Reports of your illness are dropped into aggregated statistics for national, state, and local governments, but some people need more specificity to protect them from your contraction of this highly contagious illness.
Your employer, for example, will likely find out, and what will the company do with the information? Will HR keep your name under wraps—formally and informally? Even if they don’t use your name, but announce that someone has contracted the disease, or several people contracted it, how easy will it be to figure out that one of them was you? The same may be true for your neighborhood association, the schools that your children attend and other social groups. If you attended a conference, everyone you contacted may be alerted to your condition. Climbing off a cruise ship can get you quarantined and tracked by government. Protecting the community from infection runs entirely counter to your desire to hide your contraction of a seriously infectious disease.
Containing the COVID-19 outbreak is vital, and, in such crises, the health of the many outweighs the privacy of the one. But will this incident simply push us three steps further into a complete surveillance community? It has allowed China to test technological methods for social control, and I doubt those tools will be shoved back in the closet. Our own government is building many new types of databases and analytics for learning about the population, including individual people and small communities. Will these tools be maintained or ditched? State and local police are bringing more surveillance technology to bear as well. They will surely keep using the information they learned even after the viral threat is gone.
The fight against COVID-19 has triggered implementation of extensive new electronic and data-focused technology that will clearly help save lives. As this technology is implemented, we must also be careful of what we lose. Thanks to the attention paid to changes in the European and California privacy laws, companies are building internal practices for protecting the privacy of the people they encounter.
Fighting the virus places some of this private information at risk. COVID-19 threatens our health and the fight to contain it threatens our economy. We can only hope that what remains of our privacy emerges from this disaster intact.
Early in 2018, Business Law Today published an article of mine dealing with the legal ethics implications of border search policies of the Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) relating to portable electronic devices. The article adverted to a then-recently filed lawsuit in federal court in Boston challenging the validity of these policies as a general proposition (i.e., not related to any issues of professional ethics). Nominally brought on behalf of 11 travelers whose smartphones and other electronic devices were searched without a warrant at the U.S. border, the case was funded by the ACLU, the Electronic Frontier Foundation, and the ACLU of Massachusetts.
The case was originally styled Alasaad v. Duke because the initial suit was filed against Elaine Duke, then acting secretary of DHS. Summary judgment was granted late in 2019 for the plaintiffs under the case name Alasaad v. Nielsen (because Kirstjen M. Nielsen had been substituted as secretary of Homeland Security (until earlier this year) pursuant to Fed. R. Civ. P. 25(d)).
Bear in mind that we are talking here about forensic searches of electronic devices, not the less intrusive manual searches. The latter have previously been upheld by federal appellate decisions in the 4th Circuit and the 9th Circuit. Alasaad is the first case to consider the question with regard to forensic searches.
Prior to summary judgment, the court denied the government’s motion to dismiss and in the process made several critical rulings about how the Constitution protects digital privacy and free speech at the border. The district court relied heavily on the Supreme Court’s 2014 decision in Riley v. California, which balanced the privacy interests in cell phones against the government’s interest in conducting warrantless searches incident to arrest, to wit: officer safety and preservation of evidence. Riley held that the Fourth Amendment requires police officers to get a warrant before searching an arrestee’s cell phones.
Privacy at the border, however, presents more difficult questions. The Fourth Amendment to the U.S. Constitution protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Nevertheless, border searches of international travelers are a well-settled exception. It implicates the sovereign’s right to control who and what may enter the country and is justifiable from a number of different perspectives, including territorial integrity, national security, and interdiction of criminal conduct ranging from contraband to terrorism. The U.S. border is not a Constitution-free zone, however, and those sovereign interests must be balanced against individual rights, including the right to privacy.
On the privacy side of the balance, the Alasaad court explained that “electronic devices implicate privacy interests in a fundamentally different manner than searches of typical containers or even searches of a person.” U.S. District Court Judge Denise Casper quoted from the Riley decision extensively:
“The sum of an individual’s private life can be reconstructed through a thousand photographs labeled with dates, locations, and descriptions . . .”
A person’s internet browsing history, historic location information, and mobile application software (or “apps”) “can form a revealing montage of the user’s life.”
“[A] cell phone search would typically expose to the government far more than the most exhaustive search of a house.”
Warrantless searches of a “particular category of effects” such as cell phones must be sufficiently “tethered” to the government’s interests, the Alasaad court concluded. At the border, the government’s interests in conducting warrantless searches are to collect duties and to prevent the entry of contraband and other harmful items. The key inquiry became whether warrantless searches of electronic devices sufficiently advance these interests. Agreeing with plaintiffs that there is an important difference between border officers conducting warrantless searches for “contraband” (where tethering is stronger), as opposed to conducting warrantless searches for “evidence” of contraband or other unlawful activity (where tethering is weaker), the court found unpersuasive the government’s claim that child pornography is a form of digital contraband that justifies warrantless searches of electronic devices.
The court then emphasized that border searches of electronic devices burden travelers’ First Amendment rights to free speech and association by exposing membership in organizations, unmasking anonymous speech, and intruding on freedom of the press. In light of these substantial First Amendment interests, the court held the government must prove a “substantial relation between the governmental interest and the information required to be disclosed.”
The court thus denied the motion to dismiss but left open the issue of the appropriate level of individualized suspicion a border officer must have before searching an electronic device: “reasonable suspicion” or a warrant based on probable cause. Resolution of this question had to await summary judgment.
In her November 2019 summary judgment opinion, Judge Casper held that border agents must have “reasonable suspicion” that a device contains digital contraband before searching or seizing the device. The traditional border search exception to the warrant requirement applies only to routine searches, but searches of personal electronic devices are nonroutine given the magnitude of the privacy and First Amendment interests at stake. The “reasonable suspicion” standard is a common-sense approach, the court held, and is met when border agents can point to specific, articulable facts—more than just a hunch—and the inferences reasonably to be drawn therefrom, suggesting that the device contains contraband.
As to relief, the court entered a declaratory judgment that the CBP and ICE policies violate the Fourth Amendment to the extent that they do not require reasonable suspicion that the devices contain contraband and that noncursory searches and/or seizures of electronic devices, without such reasonable suspicion, violate the Fourth Amendment. The court declined, however, to enter any nationwide injunctive relief.
With only one (thus far) decision at the trial court level on forensic border searches, where does that leave traveling with electronic devices containing confidential client information (CCI), which, as a lawyer, you have a special responsibility to safeguard?
The professional responsibility advice in the earlier article remains on point and is worthy of consideration. Here is a short recapitulation of the key suggestions, along with a few elaborations:
If you can (especially if you are traveling for vacation), leave the devices containing CCI at home.
Consider having a portable device designated for international travel that does not contain CCI. Mobile phones using the GSM standard (common in most countries) let you switch a SIM card from one phone to another, so you can keep your phone number while using a temporary travel phone. In addition, some laptop brands minimize the data stored on the device itself and are particularly easy to clear or reset.
If a separate device is not possible, and you bring with you one or more devices containing CCI, try to scrub them of the CCI (using software professionally designed by IT experts for that purpose and not merely by pressing the “delete” button) or better yet, have a teenager do it. If you will have reliable internet access where you are going, you will not need to bring the CCI on your device. Be aware, however, that moving data to the cloud is not a panacea: border agents or other government officials may try to search your cloud data without your knowledge by dealing directly with the service provider (but if they do, in all likelihood under the Electronic Communications Privacy Act and relevant case law, such demands will be subject to a higher legal standard (i.e., a warrant based on probable cause) than a border search.
Encryption of CCI is not sufficient to comply with your ethical obligations. Border agents may demand that you provide password or other decrypting information, and failure to do so can lead to unpleasantness for you and, at a minimum, your device being seized and detained for a period of time.
Familiarize yourself with, and stay up to date on, ethics rules and opinions relating to:
confidentiality (cf. Model Rule 1.6)
professional competence on technology matters (cf. Model Rule 1.1)
disclosure obligations to clients (cf. Model Rule 1.4)
supervisory responsibilities for ethical compliance by subordinate attorneys in your law firm or corporate law department (cf. Model Rule 5.3)
in the jurisdiction(s) in which you are admitted. Be mindful as well of pertinent ABA ethics opinions. If you are too busy (as many lawyers are) to do this research yourself, ask your firm’s general counsel or a legal ethics expert for assistance.
If any of your clients or the firm’s clients or any jurisdiction in which you are admitted requires you to take extra steps to safeguard the confidentiality of information on a portable electronic device, be sure you have fully complied with those requirements in advance of travel.
Beyond that, here are some additional helpful pointers:
If the device(s) in question are not your property but belong to your employer, consult the appropriate person about data security and relevant policies. A border agency may be (slightly) more sympathetic if you can honestly say that the data belongs to your employer and your employer prohibits access by anyone else.
Back up the data on your device before you leave. If you don’t and your device is seized, you may experience difficulties in obtaining access to critical information for the duration of the seizure.
As a matter of both professionalism and common sense, be polite to border agents. They have a difficult (and frequently thankless) job, and most of them are doing their best to protect all of us. Yes, you will encounter them when you’re tired and cranky after a long international journey—all the more reason to be conscious of the benefits of civility.
If you are not a U.S. citizen, like many of the ABA’s wonderful foreign lawyer members, be aware that refusing to comply with a border agent’s demand that you unlock your device, provide your device password, or disclose your social media information may raise special concerns. If you are a foreign visitor, you may be more easily denied entry into the country. Even if you are a lawful permanent resident, you do not want to explore the government’s ability to challenge your continuation in that status.
If you have traveled to certain countries regarded by the U.S. government as problematic (e.g., those connected to terrorism, narcotics trafficking, or sex tourism), you may draw additional scrutiny from border agents.
If your international travel is frequent or of significant duration, you may be subject to added screening.
Border agents may seek access to your device by demanding that you enter your password, furnish your password, or (if you use a fingerprint key) press your finger to the sensor, all of which will give them access to information stored on your device. They may also ask you to disclose your social media identifiers, with which they can examine your public social media content even when they do not have access to your devices. In advance of your trip, reflect, perhaps in consultation with your employer and/or with ethics experts, on how you should respond to such requests. In that regard, recall that under existing official policies, CBP agents (but not necessarily ICE agents) must consult with the CBP Associate/Assistant Chief Counsel’s Office before searching devices allegedly containing privileged or work product protected information.
Be wary of implicit consent. If the border agent is vague about whether he or she is asking or ordering you to unlock your device, provide a password, or furnish social media identifiers, politely establish whether it is a request or a command.
If the former, you have the ability to courteously but firmly withhold your consent.
If the latter, inform the agent that you are complying under protest and that you do not consent; this is even more effective if you have someone with you who can be a witness. If you fail to protest, then in the event you subsequently seek to mount a legal challenge to the search, the government may claim that you consented.
Under no circumstances should you lie to a border agent or seek physically to interfere with the agent’s performance of official duties.
Do not succumb to the blandishments of “techies” or others who recommend concealing data on your devices by “hidden volume” features or other techniques designed to vary the data that will appear depending on the password that is used. Border agents may characterize this as making a false or fraudulent statement to them or obstructing their investigations or the proper administration of their duties, each of which is a serious federal criminal offense.
If any of your devices is seized, you are entitled to a property receipt.
If, in response to a demand, you provide any passwords or identifiers or other account credentials to a border agent, nothing requires you to leave them unchanged afterwards. If you do nothing, the government will have continued access to your accounts, and, for what it is worth, there is an article in the popular media that suggests they will use it. Therefore, promptly after re-entering the country you should change all such passwords, identifiers, and credentials.
In the valedictory words of the morning roll call on an iconic 1980s police drama, “Let’s be careful out there.”
The author, in addition to serving as BLT’s Executive Editor for Ethics & Professional Responsibility, has been the Business Law Section’s liaison to an ABA Border Search Task Force that was organized in 2017 by former ABA President Linda Klein. He also served on the ABA Standing Committee on Ethics and Professional Responsibility and was a former chair of the Section’s Committee on Professional Responsibility. The views expressed herein are, however, entirely the author’s own.
Connect with a global network of over 30,000 business law professionals
