The Power of Perspectives

The Canadian Bar Association

CBA/ABC National

Panama Papers and the value of privacy offered to clients

April 14 2016 14 April 2016


Tyler Cowen voices concerns about the public response to the release of the Panama Papers:

Let’s say a group of criminal defense lawyers kept a database of their confidential conversations with their clients.  That would include clients charged with murder, robbery, DUI, drug abuse, and so on.  In turn, a hacker would break into that database and post the information from those conversations on Wikileaks.  Of course a lot of those conversations would appear to be incriminating because — let’s face it — most of the people who require defense attorneys on criminal charges are in fact guilty.  When asked why the hack was committed, the hacker would say “Most of those people are guilty.  I want to make sure they do not escape punishment.”

How many of us would approve of that behavior?  Keep in mind the hacker is spreading the information not only to prosecutors but to the entire world, and outside of any process sanctioned by the rule of law.  The hacker is not backed by the serving of any criminal charges or judge-served warrants.

Yet somehow many of us approve when the victims are wealthy and higher status, as is the case with the Panama Papers.  Furthermore most of those individuals probably did nothing illegal, but rather they were trying to minimize their tax burden through (mostly) legal shell corporations. 

The FT’s David Allen Green weighs in and draws a parallel to the Apple-FBI fight over encrypted phones:

In the cases of both Apple and Mossack Fonesca there is (a) a commercial service provider, (b) offering a service to those expecting complete data security, but (c) a service that others believe should be subject to interference on the basis of the greater good. What is the difference?

The difference, most would say, is the public interest. There is a public interest in Apple not complying with the order of the FBI but there is also a public interest in exposing how the rich and powerful use offshore tax havens to hide their assets.

The problem with that response is that there are contrary public interest arguments: the FBI needs to be able to access encrypted devices, it is claimed, to fight crime and protect lives, and all people — not just the Good Guys — are entitled to private and confidential legal advice, even tax law clients.

Peter J. Henning expresses some sympathy for the lawyers caught in the middle and argues that it’s up to lawmakers to step in:

Lawyers often defend themselves by asserting that their only obligation is to represent their clients, with no greater public obligation. As long as they do not know the client will engage in criminal or fraudulent conduct, then advancing the client’s interests by ostensibly legal means is not only permissible, but a positive social good, even if their services might be misused.


It is no surprise that lawyers are at the center of the debate about how to deal with the use of shell companies and secret accounts to hide assets because lawyers are frequently involved in structuring the entities. Despite the elevated rhetoric about the role of lawyers in society, the legal ethics rules do little to restrict how lawyers can represent clients who flirt with the edges of the law.

Limiting the tools for helping clients engage in misconduct would make it harder for lawyers to claim they are only serving the wishes of those clients.

Mark Cohen worries about the long-term  fallout for law firms as it relates to law firms dealing with data breaches generally:

How did this happen?  The Mossack Fonseca firm, founded in Panama, has 34 offices globally. It makes one wonder how quality control was ensured across such a broad global footprint and, equally, how steps were taken to integrate IT platforms and to protect against breaches (internal or external). And while neither of us has conducted an inquiry to assess it, one might infer poor cyber hygiene.  The firm has ancillary businesses, and one wonders whether the computing systems of these businesses are intertwined (especially the document digitization and storage company)?

Was there a breach of Duty?  Because the Mossack Fonseca breach touches so many jurisdictions, there will be an interesting debate as to what the standard of care is for maintaining client confidentiality in the cyber realm.  This is emerging as a significant issue in the US; what measures are sufficient to satisfy the standard of care and where is the line?  The standard of care may well be different in international jurisdictions, and the choice of law briefs will be flying around the globe on this one.

Photo licensed under Creative Commons by Theodore Scott

No comments

Leave message

 Security code