As the recent Twitter hack has so aptly demonstrated, no social media platform is immune to systemic attacks, and we may never know the extent to which private direct messages on that platform were compromised. Hopefully most attorneys have always refrained from using Twitter DMs to communicate with their clients, but in light of the recent hack I suspect that doing so now would almost certainly violate the Model Rules of Professional Conduct, at least insofar as it relates to client representation. As the American Bar Association’s Standing Committee on Ethics and Professional Responsibility stated in Formal Opinion 477:
A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access to information relating to the representation. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.Link: https://www.americanbar.org/content/dam/aba/images/abanews/FormalOpinion477.pdf
Not using Twitter DMs to communicate information related to client representation may seem like a no-brainer, but what about using a communication platform like Telegram Messenger? One of the facts that really jumped out at me while reading Judge Castel’s March 24, 2020 Opinion & Order in SEC v. Telegram was the following:
[Telegram] Messenger generates no revenues; nearly all of Messenger’s expenses prior to 2018, including salaries and server costs, were paid for by Pavel [Durov – the founder of Telegram Messenger] out of his personal fortune.
After receiving the $1.7 billion from the private offering of 2.9 billion Grams, Telegram used this newly raised capital to cover “way over 90 percent” of Telegram’s expenses, which includes the costs of Messenger.Link: https://gulovsen.io/wp-content/uploads/2020/07/telegram_opinion.pdf
Since that opinion came out, Telegram has agreed to give the money back to investors. And since Telegram Messenger still doesn’t actually generate any revenue (thanks to the SEC 😅) any continued development/support of that platform is presumably going to rely exclusively on Pavel Durov’s willingness to continue paying out of his own pocket to support it…
Pavel Durov may be an okay guy, but relying on his infinite generosity as the only assurance you have that Telegram Messenger will remain secure while continuing to use it to send communications that you have an ethical duty to “protect against … inadvertent or unauthorized disclosure” is, to put it simply, a REALLY BAD IDEA. Also note that by default, Telegram does not use end-to-end encryption except for its “Secret Chats,” which have themselves been criticized for having a strange encryption scheme. [Thanks to Ɱ (Proof of Antlers) for that last bit]
So please, if you are an attorney still using Telegram Messenger to communicate privately with clients, stop now and move to a more secure platform. This site has some great alternatives: https://www.privacytools.io/software/real-time-communication/. Your clients will thank you for it.