Free Email Services: Is There a Free Lunch?

This is the first in what will be a regular series of blogs on issues and developments of interest to the ADR community. It is hoped that they will be both informative as well as stimulative.

In that spirit then, this first blog deals with what may be a deceptively simple question: Is it appropriate for neutrals to use G-mail, Hotmail or other similar “free” email services for communications which are made in the course of an arbitration or mediation and which by their nature are expected by the parties to be confidential? The alternative to using one of these free services would be to adopt a custom personal or firm domain name and use and pay for a commercial email service provider such as Network Solutions.

To answer this question we first need to understand the differences between the contractual provisions under which free and commercial email services are provided. These provisions are typically contained in the “privacy policy” and “terms and conditions of use” of provider in question which in turn are usually available by clicking on links to them displayed at the bottom of the provider’s home or email page. Although each email service provider, whether for a free or paid-for service, will have its own set of provisions, there are characteristically common themes both within each group (free or paid-for) and across groups. And although these provisions may be several pages in length, there are only a few of them which are pertinent to the question being addressed here.

First, the common provisions. Email service providers will generally reserve the right to scan all email for spam as well as for viruses and other harmful code. These scans can be and are done electronically, with no need for human review. Email service providers will also make it clear that they may turn over the contents of emails in response to legal process. Reviews necessary to comply with legal process may start as an automated electronic process, but one would logically assume that inevitably the emails would be subject to some human access.  And, although not specifically on point, it is worth noting that providers commonly also reserve the right to unilaterally amend their privacy policies and terms and conditions of use.   

The chief difference between the provisions of the free providers and those of the commercial ones is that the former will customarily allow the provider the right to scan the content of the emails to provide targeted advertising. Like the virus scans, these scans can be done electronically. This targeted advertising is the lynch pin of the free email business model. Secondly, both types of providers must store users’ emails even if only to make them available to users when they access the service; but the free email business model arguably encourages those providers to do so for longer periods of time. Obviously, the longer email is stored by the provider, the longer is the period of time in which it may be subject to disclosure whether inadvertently, as a result of legal process or otherwise. Finally, probably as a result of the free email business model there is a perception held by some that the content of email sent through a free provider may not be confidential.

As is not unexpected, there is not much direct guidance on this question. In light of the dynamics of arbitration and mediation, the likelihood that the precise question will reach the courts is somewhat remote. The rules of most ADR bodies do speak generally to the confidentiality of the proceedings but do not specifically go to the question being discussed here. The pronouncement closest on point is in FINRA’s Arbitrator’s Guide which provides:

Do not use shared email accounts to receive or send case-related information. Only arbitrators assigned to the case should have access to case-related information. Individuals who are not involved with a particular matter are not authorized to view any correspondence or materials related to a FINRA arbitration case. Accordingly, no one other than the arbitrator should have access to the arbitrator’s email account containing such information.  (available at http://www.finra.org/web/groups/arbitrationmediation/@arbmed/@neutrl/documents/arbmed/p009424.pdf at p. 15) (emphasis added).

The issue has, however, been considered in what may be a related area – attorney client privilege. In the first pronouncement on the subject the New York State Bar Association Committee on Professional Ethics in 2008 issued an opinion to answer the question: “May a lawyer use an e-mail service provider that scans e-mails by computer for keywords and then sends or displays instantaneously (to the side of the e-mails in question) computer-generated advertisements to users of the service based on the e-mail communications?” (Opinion #820 – 02/08/2008 available at http://www.nysba.org/AM/Template.cfm?Section=Ethics_Opinions&TEMPLATE=/CM/ContentDisplay.cfm&CONTENTID=13652). In this opinion the Committee ruled that the mere electronic scanning of email to generate directed advertising does not violate the privilege as long as no human access occurs and as long as the email service provider does not reserve “the right to disclose the e-mails or the substance of the communications to third parties without the sender’s permission (or a lawful judicial order).” For a discussion of this opinion see Raudebaugh, Trusting the Machines: New York State Bar Ethics Opinion Allows Attorneys to Use Gmail, 6 Wash. J.L. Tech. & Arts 83 (2010).

More generally the courts have ruled that an email sent by a client to an attorney will be protected by the privilege if the client had a reasonable expectation that the emails were being sent in private. See, e.g., Stengart v. Loving Care Agency, 990 A 2d 650 (N.J. 2010). Assuming that an analogous test would be applicable to arbitrator or mediator emails, it could cut either way depending on the neutral’s belief as to the privacy of the emails and whether he or she had a reasonable basis for it.

Where does all that leave us? With the possible exception of FINRA arbitrators, the use of a free email service probably does not violate any ADR obligation of confidentiality at least in the United States so long as the conditions set forth in Opinion #820 are actually met. It would then follow that a neutral who wishes to use a free email service has an obligation to make a reasonable inquiry regarding whether or not unauthorized human access is contemplated or permitted. This in turn should require the neutral at the very least to review and be familiar with the email service provider’s privacy policy and terms and conditions of use, both at the time the neutral signs up for the service and subsequently whenever they are amended by the provider. But, in light of the low cost of a commercial email account and the more professional look to custom domain name, it is not wholly unreasonable to conclude that a free account is not worth the effort or the risk, however small they may be.