NERA, a subsidiary of Marsh McLennan, is a leading economic consulting firm and Evans, until his resignation on March 15, 2004, was one of its more productive consultants. On December 9, 2002, Evans, in order to exercise Marsh McLennan stock options, executed a Non–Solicitation Agreement for Exercise of Stock Options which renewed and extended for three years his prior agreement not to solicit certain NERA employees, or solicit or perform services for certain NERA clients, for two years following the termination of his employment at NERA.
Before leaving NERA to join LECG, Evans conferred with his private attorney at the law firm of Nutter McClennen & Fish (“Nutter”) regarding various legal matters concerning his departure from NERA and the commencement of his employment at LECG. Many of these attorney-client communications were conducted by e-mail, with Evans sending and receiving e-mails from his personal, password-protected e-mail account with Yahoo rather than his NERA e-mail address. Evans often used the laptop issued to him by NERA to send and retrieve these e-mails via the Internet. Unknown to him, when one accesses information through the Internet from a private e-mail account, such as an account with Yahoo, all the information that is accessed is copied via a “screen shot” onto a temporary Internet file on that computer's hard drive. Therefore, each of the attorney-client communications between NERA and his Nutter counsel that were sent or retrieved by Evans with the NERA-issued laptop were stored in the hard drive of that laptop, even though Evans never sought to copy any of these e-mails onto his hard disk or forward them to his Intranet e-mail address. To be sure, these stored e-mail documents could not be easily retrieved through Windows Explorer or the equivalent, but they could be retrieved by a person with substantial computer expertise.
When Evans departed from NERA, he returned the laptop to NERA. Before doing so, he deleted personal computer files that related to his divorce and finances, and even ran a computer program known as a “disk defragmenter,” which he understood would prevent recovery of the deleted personal files. He did not delete the e-mails from his Yahoo account that he had retrieved with the laptop, because he did not know that they had been stored on the laptop's hard disk. He purposely left his work-related files on the laptop's hard disk.
*2 After his resignation, NERA retained a computer forensic expert to search the hard disk of Evans' NERA-issued laptop. During the course of this forensic search, the expert was able to retrieve from the laptop's hard disk various attorney-client communications between Evans and his Nutter attorney. All derived from communications made via Evans' Yahoo account. None were made on NERA's Intranet, and none were stored on any document that could be retrieved with Windows Explorer. After viewing and indexing the e-mails between Evans and his Nutter attorney, NERA's counsel properly instructed his expert to retain these e-mails but did not review them, awaiting guidance from the Court.
To establish that the attorney-client privilege applies to a communication, the burden rests with the party asserting the privilege to establish:
1. the existence of the attorney-client relationship;
2. that “the communications were received from a client during the course of the client's search for legal advice from the attorney in his or her capacity as such;”
3. that “the communications were made in confidence;” and
4. that “the privilege as to these communications has not been waived.”
In the Matter of the
Reorganization of Electric Mutual Liability Ins. Co. Ltd. (Bermuda) (“Emlico”), 425 Mass. 419, 421, 681 N.E.2d 838 (1997). The plaintiffs essentially contend that Evans cannot meet his burden of meeting the third and fourth elements, because he should have recognized that the hard disk on the laptop belonged to NERA and was subject to review by NERA.
Evans' use of his NERA laptop was governed by the policies set forth in NERA's Policies and Procedures Manual (“Manual”), which was posted on NERA's Intranet. Among the policies and procedures in the Manual is the Marsh McLennan Code of Business Conduct and Ethics, effective April 12, 2002, which notes in the section entitled “Computer and Communication Resources” that e-mails may be ordered to be disclosed in litigation and that e-mails “deleted in the ordinary course of business may be retrieved.” Manual at 11. It urges employees to use the same degree of professionalism and care in writing e-mails as they would in “traditional writing.” Id.
It then declares:
Any e-mail or voice mail sent or Internet site visited using Company resources is a reflection on the Company. Misuse of these resources can result in damage to the Company's reputation and even legal action. The personal use of e-mail, the Internet and telephones should be kept to a minimum for both productivity and financial reasons. All computer resources are the property of the Company. To the extent permitted by law and any applicable agreements, the Company may, from time to time and at its discretion, review any information sent or stored using these resources. Be aware that e-mails are not confidential and the Company may read them during routine checks.
Manual at 11–12.
*3 In the section of the Manual entitled, “Information Management Policies and Procedures,” effective September 18, 2003, NERA provided the following instruction to its employees as to e-mail:
Network administrators can read your [electronic] mail! Please use your Inbox as a temporary message store; delete your messages or (if you need to) archive them to the appropriate project directory after you have read them. Each Outlook installation has been set up to either delete or archive messages present in the Inbox and Sent Items folders.
Manual at 4. With respect to Internet usage, the Manual provided:
NERA does permit the use of Internet resources (dedicated or via dial-up) for personal use provided such use results in personal time savings that can be (at least partially) applied toward work.... Please note that all Internet access is logged by user and the logs are archived for at least 30 days. We do not make a habit of prying but any misuse of Internet resources can be easily traced.
Manual at 6. As to privacy of both e-mails and Internet use, the Manual warned:
A log may be kept of users' network activities to monitor network usage. This may include logins, Internet sites visited, and electronic mail sent or received and telephonic and voice-mail usage.
At times, it may be necessary for computer or law enforcement personnel to monitor network traffic or desktop activities, including electronic mail.
Manual at 5.
NERA contends that these warnings in the Manual provided reasonable notice to Evans that the hard disk of his laptop belonged to NERA and could be read by NERA. As a result, NERA contends, these e-mailed attorney-client communications should not be found to have been made “in confidence” because Evans reasonably should have understood that they could be read by NERA.
An attorney-client communication is not confidential and therefore not protected by the attorney-client privilege if:
• the communication was made in the presence of a third party who was not a necessary agent of the attorney or the client; see Commonwealth v. Rosenberg, 410 Mass. 347, 354 n. 10, 573 N.E.2d 949 (1991); or
• the communication was intended to be made privately but the client reasonably should have understood from the circumstances of the communication that it was likely to be overheard; see Commonwealth v. Petty,
4 Mass. L. Rep. 611 (Mass.Super.Ct.1995) (attorney-client communication in busy clerk's office is not protected by privilege because client could have no reasonable expectation of privacy when he chose to converse there); or
• the communication was made privately but it was understood that the information communicated was to be conveyed to others. See Commonwealth v. Rosenberg, 410 Mass. at 354 n. 10, 573 N.E.2d 949; Peters v. Wallach, 366 Mass. 622, 627, 321 N.E.2d 806 (1975).
Based on the warnings furnished in the Manual, Evans could not reasonably expect to communicate in confidence with his private attorney if Evans e-mailed his attorney using his NERA e-mail address through the NERA Intranet, because the Manual plainly warned Evans that e-mails on the network could be read by NERA network administrators. The Manual, however, did not expressly declare that it would monitor the content
of Internet communications. Rather, it simply declared that NERA would monitor the Internet sites
visited. Most importantly, the Manual did not expressly declare, or even implicitly suggest, that NERA would monitor the content of e-mail communications made from an employee's personal e-mail account via the Internet whenever those communications were viewed on a NERA-issued computer. Nor did NERA warn its employees that the content of such Internet e-mail communications is stored on the hard disk of a NERA-issued computer and therefore capable of being read by NERA.
*4 NERA contends that any reasonable person would have known that the hard disk of a computer makes a “screen shot” of all it sees, which the computer then stores in a temporary file, including e-mails retrieved from a private password-protected e-mail account on the Internet. NERA further contends that any reasonable person would have known that these temporary files, although not readily accessible to the average user, may be located and retrieved by a forensic computer expert. This Court does not agree that any reasonable person would have known this information. Certainly, until this motion, this Court did not know of the routine storing of “screen shots” from private Internet e-mail accounts on a computer's hard disk. Moreover, this Court notes that the American Bar Association issued its Formal Ethics Opinion 99–413 on March 10, 1999, entitled “Protecting the Confidentiality of Unencrypted E–Mail,” which outlined the various ways in which e-mails may potentially be seen by third parties, but nonetheless concluded that “lawyers have a reasonable expectation of privacy when communicating by e-mail maintained by an [on-line service provider],” such as Yahoo. The ABA Ethics Opinion did not even mention the possibility that such e-mails may be seen by anyone with access to the computer by examining the “screen shot” temporary file on the hard disk. Since a reasonable person in Evans' position would not have recognized that e-mail communications with his private attorney made from a private Internet e-mail account could be read by NERA simply by examining the hard disk of his NERA laptop, he cannot reasonably have understood that these attorney-client communications could be “overheard” by NERA. Therefore, this Court finds that these attorney-client communications are protected by the attorney-client privilege.
Evans has not waived this privilege. In Emlico,
the Supreme Judicial Court made clear that the mere fact that an otherwise privileged attorney-client communication is overheard or inadvertently disclosed does not, by itself, constitute a waiver of the privilege. 425 Mass. at 422, 681 N.E.2d 838. “Thus, a client may be deemed to have met the burden of establishing that a privilege exists and no waiver has occurred if adequate steps have been taken to ensure a document's confidentiality.” Id. at 423, 681 N.E.2d 838. Here, Evans has met that burden. He did not engage in these attorney-client communications through the NERA Intranet but through his private, password-protected Yahoo e-mail account that he accessed through the Internet. He did not forward these communications to his Intranet e-mail address or save and store them as Word or Wordperfect documents in his My Documents (or equivalent) file on the NERA laptop. He attempted to delete all personal documents on his NERA laptop before returning it, and even ran a “disk defragmenter” program in an attempt to ensure that these personal documents could not be retrieved. The totality of these efforts are “adequate steps” to protect the confidentiality of his privileged communications with his Nutter attorney.
*5 If NERA's position were to prevail, it would be extremely difficult for company employees who travel on business to engage in privileged e-mailed conversations with their attorneys. If they used the company laptop to send or receive any e-mails, the e-mails would not be privileged because the “screen shot” temporary file could be accessed by the company. If they used the hotel computer to avoid this risk, the communication would still not be privileged because the hotel could access the temporary file on its computer. Pragmatically, a traveling employee could have privileged e-mail conversations with his attorney only by bringing two computers on the trip—the company's and his own. NERA's attorney at the hearing appeared to recognize the impracticality of this consequence by arguing that the employee would still enjoy the privilege with respect to attorney-client conversations he reasonably believed the company would not be interested in reading. This attempted limitation is equally impractical, because a client should know before
speaking with his attorney whether the conversation will be privileged. The client-employee cannot reasonably be expected to foresee whether the anticipated conversation would, at some time in the future, be of interest to the company or whether the conversation might stray into areas of company interest.
The bottom line is that, if an employer wishes to read an employee's attorney-client communications unintentionally stored in a temporary file on a company-owned computer that were made via a private, password-protected e-mail account accessed through the Internet, not the company's Intranet, the employer must plainly communicate to the employee that:
1. all such e-mails are stored on the hard disk of the company's computer in a “screen shot” temporary file; and
2. the company expressly reserves the right to retrieve those temporary files and read them.
Only after receiving such clear guidance can employees fairly be expected to understand that their reasonable expectation in the privacy of these attorney-client communications has been compromised by the employer.