Disclaimer: This is a charge and it has not been proven. These are mere allegations by the ARDC.
The case is worth reading because it is relatively rare for the ARDC to allege that a lawyer wrongfully accessed an email account. The underlying case involved a former employee. The lawyer was employed as the CFO of the former employer. According to the allegations, the lawyer used a work email address of the former employee to reset the password on the employee’s personal email account. The lawyer then read the personal emails and used them in the litigation. The allegations of wrongdoing are as follows:
21 t all times alleged in this complaint, there was in full force and effect Chapter 720, Section 5/17-51 of the Illinois Compiled Statutes, which provided, in part:
Sec. 17-51. Computer Tampering
- A person commits computer tampering when he or she knowingly and without the authorization of a computer’s owner or in excess of the authority granted to him or her:
- Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data;
- Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data, and obtains data or services;
- Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data, and damages or destroys the computer or alter, deletes, or removes a computer program or data;
22. Wokoun’s personal email account at Yahoo constituted a computer under 720 ILCS 5/17-51.
23. By copying the emails between Wokoun and Jackson, Respondent obtained data from Wokoun’s computer.
24. By changing the password in order to access Wokoun’s personal email, Respondent altered Wokoun’s computer program or data.
25. At no time did Respondent have authority to access Wokoun’s personal email account, or obtain or alter any data contained therein.
26. In the course of accessing Wokoun’s personal email account, Respondent changed the password to that email account. Respondent’s representation to Yahoo that Wokoun forgot his password was false because Respondent was neither Wokoun nor someone with authority to access Wokoun’s personal email.
27. Respondent knew that his representations to Yahoo, described in paragraphs 13 and 26, above, were false at the time he made them.
By reason of the conduct described above, Respondent has engaged in the following misconduct:
- committing a criminal act that reflects adversely on the lawyer’s honesty, trustworthiness or fitness as a lawyer in other respects, by conduct including changing the password to Wokoun’s personal email, knowingly accessing Wokoun’s personal email account and obtaining data therein, without authorization, in violation of 720 ILCS 5/17-51 and Rule 8.4(b) of the Illinois Rules of Professional Responsibility (2010);
- engaging in conduct involving dishonesty fraud, deceit or misrepresentation by conduct including accessing Wokoun’s personal email without authorization and falsely representing to Yahoo that he was Wokoun or someone with authority to change the password to, and access, Wokoun’s personal email, in violation of Rule 8.4(c) of the Illinois Rules of Professional Conduct (2010).
These types of cybersecurity issues will, unfortunately, grow more common as lawyers and clients become more dependent on computers.