Is Threat of Surveillance New Reality for Law Firms?
For many lawyers who represent foreign governments, the recent revelation that the U.S. National Security Agency's Australian ally has been privy to communications between an American law firm and its international client comes as no surprise.
"Every domestic industry trade lawyer in Washington has had their systems hacked by the government of China," says one Washington, D.C.–based Am Law 200 lawyer. "Those of us who work in this area try to take as much precaution as possible, but we’re all realistic that international communications—and even domestic communications—are simply not secure. … We have to accept that there's international espionage going on."
Washington attorney Bart Fisher, who has represented Sudan since 2011, said he assumes that the United States spies on the African nation and may monitor the country's communications with him. Sudan hired Fisher to get it off the U.S. Department of State's list of state sponsors of terrorism, among other issues, according to U.S. Department of Justice records on agents of foreign entities.
"In this day and age, it would be idiotic not to assume conversations aren't being listened to by the government," he said.
The comments come in response to a New York Times article that reported on the Australian Signals Directorate's monitoring of communications between a U.S. firm and its client, the government of Indonesia, while the firm was assisting the country in trade disputes with the United States. A top-secret document obtained by former NSA contractor Edward Snowden that formed the basis of the story did not name the firm being monitored, but the Times pointed to Mayer Brown as the law firm that represented the Indonesian government at the time.
Australia's spy agency, according to the Times, alerted NSA that the monitoring was underway, saying in the document that "information covered by attorney-client privilege may be included" in the surveillance. After discussions with the NSA's general counsel to seek guidance on the spying, the Australians continued "to cover the talks, providing highly useful intelligence for interested U.S. customers," according to the document.
In a statement, Mayer Brown said, in part, that "there is no indication, either in the media reports or from our internal systems and controls, that the alleged surveillance occurred at the firm. Nor has there been any suggestion that Mayer Brown was in any way the subject of the alleged scrutiny."
Some industry observers say the Times article should not be immediate cause for alarm.
Cybersecurity expert Richard Bejtlich, pointing to a post on security blog LawFare, said a few facts make the Australia agency's actions more palatable, including that the surveillance doesn't appear to have taken place within the U.S.; that the agency targeted Indonesian government officials engaged in trade talks with the U.S., not the law firm itself; and that Australia alerted the NSA that it was monitoring U.S. citizens. "This is an example of the system working," says Bejtlich, who serves as chief security strategist at cybersecurity company FireEye, which works with some large law firms. "It's not this really nefarious thing," he says, adding that unlike allies of the U.S. that follow protocol to omit citizens' information when they can, countries like China and Russia do not give the same courtesies when snooping into American systems.
Still, the Times article has put some lawyers decidedly on edge and has reminded others that even in an age when messages can be transmitted across the world in seconds, precautions need to be taken.
"I honestly was shocked. Absolutely shocked," says Carolyn Lamm, an international dispute resolution partner at White & Case and former American Bar Association president. "I think one of the tenets of our legal system, of course, is lawyer-client privilege and confidentiality. To have someone just eavesdropping is totally inappropriate."
As sibling publication The National Law Journal reports, conservative watchdog group Freedom Watch is using the Times story to bolster a legal challenge to the NSA's surveillance practices. The report, Freedom Watch founder Larry Klayman said in a Monday court filing, helps demonstrate that his attorney-client communications had been subject to government surveillance and that he should have standing to sue over NSA's practices.
Fisher, who represents Sudan, said lawyers providing counsel to foreign governments have to be "very careful and cautious," possibly forgoing telephone and email communications with these clients if they want their conversations to remain private.
"The surest way to avoid surprise is to have face-to-face meetings with the client," he said.
Seconded the D.C. trade attorney: "We've gone back to doing hard copies" of communications, in some instances. "We'll do faxes over emails because it's more secure."
Bejtlich says law firms have become susceptible to international hacking by foreign entities, who are often interested in their clients' intellectual property, because the investment needed to properly secure a system often doesn't make sense in companies with fewer than 10,000 employees.
Many Am Law firms were unwilling to talk Tuesday about the implications of government spying. Requests for comment sent to lawyers at nearly two dozen firms registered with the Justice Department as agents of foreign entities turned up mostly radio silence. At seven of those firms—Akin Gump Strauss Hauer & Feld, Alston & Bird, Covington & Burling, Hogan Lovells, McGuireWoods, Sidley Austin, and Steptoe & Johnson—representatives said lawyers at the firm could not comment.
As a Steptoe spokeswoman put it: "While we do have a large and talented international department, not to mention a terrific cybersecurity practice, we’re declining any comment on this topic."