James Ellis Arden (persuade@ardenlaw.com), whose background is in malpractice litigation, computing, and psychology, writes for other lawyers. A member of Los Angeles County Bar Association's Professional Responsibility and Ethics Committee, and the Association of Professional Responsibility Lawyers, yet he is the only one to blame for the opinions expressed herein.

Articles are provided regularly by LACBA’s longstanding Professional Responsibility and Ethics Committee.

---

Our Duty of Technological Competence1 is an ever widening duty, because technology is ever advancing. The Internet of Things (IoT) is what we call the refrigerators, cameras, beds, pillboxes, and everything else that connects to the Internet. It creates privacy issues for everyone, and special hazards for lawyers.

The IoT includes cars now. Lawyers beware. All new cars are “privacy nightmares on wheels.2

Mozilla, maker of the Firefox browser and Thunderbird email app, is a community that promotes exclusively free software and open standards. Mozilla’s judgment about the state of privacy in passenger cars can be summed up by the title of a September 6, 2023, article on its website: “It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy.” In the article, the authors note:

While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.3

Car Makers Know More Than Your Mother About You

Privacy and convenience exist at opposite ends of a spectrum. People readily reveal personal data and allow themselves to be tracked just so they can use Google while away from home or work. Well, once those people get in their cars and sync their phones, all their data will be sucked up and sold. Businesses of various sorts will get to know them very well.

“Data” is an innocuous sounding term for all the very personal information that gets vacuumed from a phone once it is plugged into a car. It also gets taken by sensors in cars, microphones, cameras, and other plugged-in devices. It includes not just driver names and addresses (email and physical), but also contact lists, call records, and text messages; driver’s license numbers; location data showing where people are, and have been; voice recordings collected by car voice assistants; biometrics collected by car microphones and cameras; as well as information about “sexual activity, immigration status, race, facial expressions, weight, health and genetic information.”4 Car makers share such data with business partners, and they use it to develop inferences about drivers’ intelligence, abilities, characteristics, and preferences, and more.

This is called car data monetization. Mozilla says estimates are that by 2030, it could be an industry worth $750 billion.5

Ever rent a car? According to Ben LeMere, the founder of a company that manufactures “vehicle forensics kits” used by U.S. Customs and Border Protection (CBP), when CBP pulled data from a Ford Explorer that had been rented at an airport outside Washington D.C.,

[w]e recovered 70 phones that had been connected to it. All of their call logs, their contacts and their SMS history, as well as their music preferences, songs that were on their device, and some of their Facebook and Twitter things as well . … And it’s quite comical when you sit back and read some of the text messages.”6

Make Sure Your Car is Not Revealing Client Confidences

Lawyers should consider the possibility that client confidences could be revealed by the cars they drive. Business and Professions Code section 6068(e)(1), and Rule 1.6 of the California Rules of Professional Conduct, require attorneys to keep confidential the information relating to the representation of a client. But here’s the thing, whereas intent is needed in order to violate a criminal statute, attorneys can violate ethics rules without having any intent to violate. (See, e.g., Phillips v. State Bar, 49 Cal.3d 944, 952 (1989)–a willful violation of a rule does not require that the lawyer intend to violate the rule.) An attorney who negligently reveals confidential client information still commits an ethical violation.

Now, many lawyers (for the sake of convenience) use their phones for the same purposes as their office computers: to communicate with clients via voice, email, and text, to do research, and to draft documents. So, do you leave your phone with the valet when you park, or with the attendant who takes your car when you wash it? Maybe you do. Still, you’re probably safe at most parking lots and car washes – unless someone steals your car and, with it, your phone. And note that modern keyless vehicles have become more vulnerable to theft thanks to cloning devices such as JBL Unlock + Start.7

Lawyers Having Sex With Clients Should Avoid Nissans and Kias Particularly

Rule 1.8.10 of the Rules of Professional Conduct forbids sexual relations with clients. Well, Nissan admits in its privacy policy to collecting information that includes sexual activity, health diagnosis data, and genetic data.8 Kia, according to its privacy policy, can collect information about a user’s “sex life.” Six car companies say they can collect “genetic information” or “genetic characteristics.”9

By far, the two most asked questions Mozilla received from their readers in response to its article “Privacy Nightmare on Wheels” were “How is Nissan collecting information about my sexual activity?” and “How is this even legal?”10 Lawyers ought not have sex with clients, but those who do should not drive Kias or Nissans.

By the way, a growing number of jurisdictions now consider sexting with a client to be a Rule violation too. “Sext messages” get sucked from phones like everything else. Accordingly, attorneys who sext should avoid U.S. Customs and Border Protection.

Sharing Isn’t Caring as to Law Enforcement

Car makers, beyond unnecessarily collecting too much personal data, share all that data with many others. Nissan (again!) says it can sell our “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” to data brokers, law enforcement, and other third parties.11

Fifty-six percent of the car makers will share data with law enforcement upon request–no subpoena needed. Most (92%) give users little to no control over personal data; only Renault and Dacia (owned by the same parent) allow personal data to be deleted.12

Volkswagen collects demographic data (like age and gender) and driving behaviors (e.g., your seatbelt and braking habits) for targeted marketing purposes.13 Toyota has “a near-incomprehensible galaxy of 12 privacy policy documents.”14 Mercedes-Benz manufactures certain models with TikTok, which has its own privacy issues, pre-installed.15

How might your personal privacy affect your clients? If an attorney’s own privacy is compromised, it could potentially risk client confidentiality, lead to unauthorized access to sensitive client information, or subject the attorney to undue influence or pressure.

The actress and activist Alexandra Paul said: “The cars we drive say a lot about us.” Yes, they do; and far too much.