New Advisory Opinion Prohibits Use of Undisclosed “Web Bugs”

web-bugA “web bug” or “tracking bug” is a tag that an email sender can include in a message that will report back to the sender about the recipient’s handling of the email. See Wikipedia, Web Beacon. A “bug” included in an email message (usually in a URL for an image) will report the following to the sender: whether, when, and where the recipient read the message and any attachments; whether the recipient forwarded it; and the IP address of all computers used to read the message. A sender who wants to use a web bug to track an email can choose from a large number of email tracking services on the Internet, including the following: Banana Tag, HubSpot, Mailtrack, and Yesware. Such bugs are commonly used in newsletters and marketing communications to track readers’ interests in topics, products or services.

Is it ethical for a lawyer to use such bugs and beacons to surreptitiously track emails sent to clients or opposing counsel without the informed consent of each recipient? No, according to a recent ethics opinion from the Illinois State Bar Association. See Il. State Bar Assoc’n, Op. No. 18-01 (Jan. 2018). This practice, according to the Illiniois committee, is “dishonest” and “deceitful,” and as a result, violates Rule 8.4(c):

The undisclosed use of email tracking software by a lawyer, without the informed consent of the recipient, conceals the fact that the sending lawyer is secretly monitoring the receipt and handling of the email message and its attachments by the original recipient as well as each subsequent receiving party. Any competent lawyer receiving an email from an opposing counsel would obviously wish to know that the opposing counsel is acquiring instantaneous and detailed private information concerning the opening and subsequent handling of the email and its attachments. At a minimum, concealing the use of tracking software constitutes “dishonesty” and “deceit” within the meaning of Illinois Rule 8.4(c).

Id. In addition, “covertly obtaining” protected confidential information is an “unwarranted intrusion into the client-lawyer relationship,” and raises questions under Rule 4.4(a) (prohibiting means of obtaining evidence that violate the rights of a third person). Finally, the committee observed that using web bugs is “closely analogous” to the surreptitious recording of telephone calls, which Illinois prohibits.1

This Illinois advisory opinion is consistent with a similar position taken by the Alaska Bar Association. See Alaska Bar Assoc. Op. 2016-1 (Oct. 26, 2016). According to the Alaska committee:

The use of a tracking device that provides information about the use of documents–aside from their receipt and having been “read” by opposing counsel–is a violation of Rule 8.4 and also potentially impermissibly infringes on the lawyer’s ability to preserve a client’s confidences as required by Rule 1.6.

More particularly, the Alaska committee opined that the use of such bugs is “conduct involving dishonesty, fraud, deceit, or misrepresentation.” Furthermore, because the bug can give the sender a glimpse into what the recipient-lawyer shared with a client, and where the client is located, it “unethically interferes with the lawyer-client relationship and the preservation of confidences and secrets.” Id.

I disagree with these opinions. Every day lawyers receive emails embedded with tracking bugs and read-receipts. There is nothing “fraudulent,” “deceitful,” or “dishonest” about sending such emails. They are commonplace.

Considering this, the burden should be on the lawyer-recipient to make sure that privileged and confidential information is not reported back to a sender. Indeed, Rule 1.6(c), requires a lawyer to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” See La. Rules of Prof’l Conduct R. 1.6. It is the rare case indeed in which a read-receipt or other tracked information is truly sensitive. In that unusual case, the recipient lawyer ought to undertake reasonable measures to protect it.  As to what those measures should be turns on the sensitivity and importance of the information disclosed, and the cost and difficulty of employing safeguards. See ABA Model Rule 1.6, cmt. 18. So, if the location of a lawyer’s client is truly top secret—as the Alaska opinion hypothesizes—the recipient lawyer should scrub an email of any bugs prior to forwarding it the client-in-hiding by deleting embedded images or by sending it in plain-text format. Simple.

Worried about being tracked by a web bug in your inbox? You can easily avoid it by configuring your email client to stop automatically retrieving remote content via URLs embedded in email messages. To learn how to do this in Gmail, click here.

  1. Notably, the ABA Model Rules do not prohibit the surreptitious—but legal—recording of telephone calls. See ABA Formal Op. 01-422.

Leave a Reply

Your email address will not be published. Required fields are marked *