Lawyers’ Use of Email Encryption Remains Dismally Low, ABA Survey Says


Only a third of lawyers use encryption when sending confidential or privileged documents to their clients. Instead, the great majority of lawyers rely on a confidentiality statement in the message body to protect the email’s privacy.

According to the 2015 edition of the annual Legal Technology Survey Report, compiled by the American Bar Association’s Legal Technology Resource Center. only 35% of lawyers use email encryption. That percentage has remained virtually unchanged over the last four years of the survey, even as understanding of the need for encryption has grown throughout the professional and business worlds.

When the survey asked lawyers what security precautions they use when sending confidential or privileged communications to clients via email, the answer given by 71% of lawyers was that they rely on the confidentiality statement in the message body.

I simply do not understand the logic of this. If the confidentiality statement is inside the email, then by the time anyone sees it, they’ve seen the email. It is akin to putting a note inside a box that says, “Do not open this box.”

Other ways lawyers say they protect client email include:

  • A confidentiality statement in the subject line.
  • Requiring clients to provide written or oral consent.
  • Password protecting documents.
  • Using registered email.

It gets worse. Of the lawyers who say they use encryption, fully a third cannot say what kind of encryption they use. Those who could say what type of encryption they use most commonly identified it as a general purpose software with encryption features that required the recipient to be sent a separate password.

Lawyers in larger firms are most likely to use email encryption. More than half of lawyers in firms of 500 or more and 41% of lawyers in firms of 100-499 use it. Among solos, only 24% encrypt their emails.

Posted in:
  • Reed

    It is unfortunate. I would use encryption but my clients do not like it. They do not want the trouble of using encryption or a secure message system. Until my clients change I cannot either. (And FWIW, I do not like their secure message systems either.)

    • Bob Ambrogi

      Interesting that your clients do not want it. There are several options available that make it very easy, either by one-time installation of an email plug-in or by following a link to a secure website.

      • Patrick Daly

        Bob, what is your recommendation for the best way for a sole practioner or an attorney in a small firm to use encrypted email on a regular basis? Ease of use and a reasonable financial outlay would appear to be the key factors for attorneys in this category. Thanks.

    • Rudy

      When you mean the “trouble of using encryption” and “they do not like it” what feedback are you getting from your clients? Are they having trouble with simple usernames and passwords or is it maybe that on the receiving end it is not user friendly?

  • A confidentiality statement doesn’t even count as a precaution.

    I don’t think every attorney-client communication needs to be encrypted, but I do think every lawyer needs a way to communicate securely when it’s appropriate. Balancing the factors (level of security and ease of use, mainly) I think a client portal is ideal, but there are other good options. But words in the body of the email don’t count.

    • Bob Ambrogi

      I agree that not every attorney/client communication needs to be encrypted. But some clearly do, and for those times you need a method of secure file transfer. Email encryption isn’t the only route. You mention client portals. There are also secure file transfer options through services such as Citrix Sharefile and Adobe Document Cloud.

      • Oh absolutely. Just something other than a disclaimer — preferably something that actually provides a measure of security.

  • My experience is similar to Reed’s. I use Clio to send >90% of all documents to clients and co-counsel/opposing counsel, and while most of the time there are no issues, there are always some who prefer (or flatly demand) I send docs via email. Privacy is the only concern/reason I prefer to use Clio; it does one better than encryption—with Clio I can track every document sent, and confirm that it was received/downloaded. Using Clio also eliminates any issues with sending large files. Nevertheless, there continues to be a faction of document recipients who won’t take the simple step of logging in to download.

  • Pingback: 70% of Lawyers Think Words Make Email Safe, Are Incompetent()