Blog Viewer

Ethics and Zoom Today

By John D. Mabley posted 04-23-2020 18:02


"May you live in interesting times," is an English expression that certainly applies to the practice of law in Michigan these days. Lawyers find themselves thrust into the world of remote practice, which brings with it all sorts of technology issues and challenges. One of the tools that is getting a lot of use lately by lawyers attempting to maintain client and firm contact is the Zoom app. A question raised by many attorneys, and some clients, however, is whether the use of Zoom creates any ethical problems. In this piece, I will try to briefly outline the issues and my take on the implications of using Zoom in the practice.

Three of the Michigan Rules of Professional Conduct appear to be applicable to the use of Zoom: MRPC 1.1 (competence); MRPC 1.4 (communication); and MRPC 1.6 (confidentiality). In September 2019, the Michigan Supreme Court adopted a change to the comment to MRPC 1.1, effective January 1, 2020. After the language, “To maintain the requisite knowledge and skill, a lawyer should engage in continuing study and education,” the court added, “including the knowledge and skills regarding existing and developing technology that are reasonably necessary to provide competent representation for the client in a particular matter.” So the commentary change adopted by the ABA to Model Rule 1.1 several years ago has now come to Michigan. Thus, in using Zoom as a lawyer, you must have the knowledge "reasonably necessary" to represent the client. MRPC 1.4 requires that we keep our clients reasonably informed about their matter. With the “Stay Home, Stay Safe” executive order in place due to the COVID-19 pandemic, this is often being accomplished through Zoom meetings with the client and other advisors. Finally, MRPC 1.6 requires that we protect the confidential information of our clients. Improper disclosures made during a Zoom meeting could potentially result in a significant problem for the lawyer involved. This would include remote signings being conducted pursuant to Mich Exec Order 2020-41.

As the use of Zoom took off in March, concerns arose about the program’s security measures. In response, Zoom incorporated a number of new security features and modified its privacy policy. Since Zoom operates over the Internet, general concerns about cloud computing apply here. One area that has received attention is the question of Zoom meeting recordings, particularly concerning remote signings and notarization under Mich Exec Order 2020-41, since these meetings must be recorded and stored either 3 or 10 years, depending on the nature of the signing. The Zoom Privacy Policy of March 29, 2020, provides the following guidance:

  • Your meetings are yours. We do not monitor them or even store them after your meeting unless we are requested to record and store them by the meeting host. We alert participants via both audio and video when they join the meeting if the host is recording, and participants have the option to leave the meeting.

  • When the meeting is recorded, it is, at the host's choice, stored either locally on the host's machine or in our Zoom cloud. We have robust and validated access controls to prevent unauthorized access to meeting recordings saved to the Zoom cloud.

This gives you an understanding of how Zoom handles meeting content and recordings. Following these procedures will preserve confidentiality and prevent “Zoombombing”—an unauthorized intrusion into your Zoom meetings:

  1. If you are acting as host, familiarize yourself with the available meeting controls. Controlling the meeting is easier if you display the meeting controls on the host screen. As you set up the meeting, click on the three dots on the right side of meeting controls, select "Meeting Settings," and under "General" activate "Always Show Meeting Controls."
  2. Always generate a new meeting ID for each meeting. Do not use your user meeting ID, which could be compromised in the future and create issues.
  3. Always require a password for participants to join the meeting. I recommend sending the password separately from the meeting ID so it is more difficult for a hacker to associate the two.
  4. Once all the participants are there, lock the meeting.
  5. Keep track of the participants in the meeting so you can detect an uninvited participant.
  6. Use the Waiting Room feature to segregate participants when that is appropriate to the subject matter or type of meeting.
  7. Be sensitive to using the screen-sharing feature in a meeting that is being recorded. As a participant you will be made aware if the meeting is being recorded, and you may not want to share information that could later be discovered as not being subject to a privilege, and thus be subject to an e-discovery request.
  8. If you are using Zoom on a subscription, rather than free basis, you will have the ability to restrict the Zoom global server centers that may be dealing with your meeting data. Deletion of the China center is popular these days, but you should take a look at the selections and understand that your meeting may involve a server in a country you may have some concerns with.

Finally, a reminder. Although this tip comes up often, it seems not to hit home too well based on many of the meetings I have attended recently. When you set up your camera or device for videorecording, be sure that you are not sitting in front of a window during the day or have a bright light source behind you with the result that you appear on the screen as an unrecognizable silhouette. Not an impressive presentation to a client or other attorneys. If you are recording a remote signing, you should also review this idea with the client to be sure the recording properly captures a recognizable face.

Next time, we'll consider storage options for those Zoom meeting recordings that must be stored for all those years under Mich Exec Order 2020-41 and the methods you can use to safely accomplish that task.