Massachusetts State House.
Boston Bar Journal

Sealing the Virtual Envelope: Protecting Attorney-Client Privileged Email in Criminal Investigations

September 12, 2012
| Fall 2012, Vol 56, #4

By Michele L. Adelman and Jennifer S. Behr

Heads Up

The use of email permeates every aspect of our lives – including communications between attorneys and clients.  No longer does an attorney provide all advice to a client in a written memorandum or letter – clearly marked “privileged and confidential.”  Now, such advice is often provided in an email chain that lacks any indicia of the communication’s privileged nature.

Prosecutors often seek to obtain a suspect’s communications with others as part of a criminal investigation – and what is better than a written communication such as email?  Moreover, with court approval, prosecutors may obtain a suspect’s email directly from a service provider (such as Google) without the suspect’s knowledge.  It is possible, and often likely, that a suspect’s email contains privileged communications, which may be difficult to identify.

Prosecutors have always had to identify privileged communications during the execution of search warrants.  But pulling a folder of written memoranda or correspondence clearly labeled “privileged and confidential” is much easier than sifting through an email chain starting with “what do you think?”  Despite the potential magnitude of the problem, there are few published opinions and scholarly commentaries addressing the issue.  As set forth below, prosecutors and defense attorneys should construct a system to protect attorney-client privileged email messages.

Prosecutors may obtain emails directly from service providers.

Both federal and state laws allow prosecutors to obtain a criminal suspect’s emails directly from service providers without notice to the suspect.  Section 2703(a) of the Stored Communications Act, 18 U.S.C. §§ 2701, et seq. (“SCA”) limits the means by which a prosecutor may obtain email from service providers.  SCA, available at, a search warrant is required for unretrieved email stored less than 180 days, while a search warrant or simply a court-order or subpoena with notice to the subscriber is required for retrieved email or unretrieved email stored more than 180 days.  Massachusetts similarly requires a search warrant or grand jury or trial subpoena to obtain email from service providers in criminal matters.  See M.G.L. c. 276, § 1B; M.G.L. c. 271, § 17B.  Available at Because these laws are not limited to situations in which a suspect has not yet been charged with a crime, the government may secretly seize a defendant’s email even after charges have been brought.

Email accounts contain privileged communications.

Given the widespread use of email by attorneys, criminal suspects’ email accounts may well contain communications covered by the attorney-client privilege.  See, e.g., United States v. Warshak, 631 F.3d 266 (6th Cir. 2010) (noting that after executing search warrants for offices and email accounts case agents “had access to approximately 60,000 email communications from or to attorneys representing [defendants]”).

This is especially true where the suspect has already been charged with a crime and obtained counsel.  For example, in a recent case in Suffolk Superior Court, Commonwealth v. Kishore, SUCR2011-11006, the Massachusetts Attorney General’s Office used a search warrant to obtain emails directly from Google after the defendant was indicted for an alleged Medicaid fraud kickback scheme.  The email account contained hundreds of privileged emails.

The challenge of identifying privileged communications.

Even if prosecutors assume that a suspect’s email contains privileged communications and endeavor to protect them, it is not easy to identify privileged emails.  While the use of search terms may be a good first step – searching for words such as “law,” “legal,” and “advice” will not reliably capture all privileged emails.  Moreover, even if a prosecutor is aware of the suspect’s lawyer’s or law firm’s name, searching for these names will not be enough.  Emails from outside consultants, accountants, and experts working with a suspect’s attorneys may also be privileged.  And the presence of these third parties on an otherwise privileged email chain will not destroy the privilege.  Cf. Cavallaro v. United States, 284 F.3d 236, 247 (1st Cir. 2002).  Nonetheless, there are ways to minimize the risk that the privilege will be violated.

Some proposed solutions.

Protecting attorney-client privileged emails during criminal investigations is easier where the suspect has already been charged and is represented by counsel.  In such cases there is little danger that the government will undermine its investigation by revealing that it intends to obtain the suspect’s emails.  In such circumstances, prosecutors should strongly consider serving a subpoena on defense counsel, requesting production of defendant’s emails, except in cases where countervailing factors make this impractical – e.g., evidence of a significant risk that the defendant will delete emails or that defense counsel will not make a full production.   Alternatively, prosecutors may subpoena emails directly from service providers with notice to the defendant (eliminating the risk of deletion or incomplete production), and defense counsel may be given the opportunity to review the emails in the first instance, create a privilege log, and produce the responsive non-privileged emails.  Even if prosecutors decline to permit defense counsel review, defense counsel will at least be on notice that the defendant’s emails are being seized.  Counsel may then approach the court to make sure adequate protections are in place before privileged emails are in the prosecution’s hands.

It is more challenging to devise a system to protect privileged communications where a suspect has not yet been charged and search warrants are used.  The key in these cases is for the government to plan ahead.  As the Department of Justice suggests, “Agents contemplating a search that may result in the seizure of legally privileged computer files should devise a post-seizure strategy for screening out the privileged files and should describe that strategy in the affidavit [supporting the search warrant.]”  Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, ch. 2(F)(2)(b) (3d ed. 2009) available at  There are basically three choices in this situation: in camera review by the presiding judge, review by a special master, or review by a filter or “taint” team of prosecutors or investigators not otherwise involved in the prosecution.  Id.  Given the scarcity of judicial resources, the only realistic choices are usually using a special master or a filter team, and filter teams are preferred by prosecutors and judges in the majority of cases, because they are faster and far less expensive.  Id.

Filter teams have been accepted by courts.  For example, in U.S. v. Taylor, 764 F. Supp. 2d 230 (D. Me. 2011), prosecutors obtained a defendant’s emails from Microsoft via search warrant after the defendant was indicted, knowing counsel had been appointed.  When the reviewing agent discovered emails between the defendant and his attorney, he contacted the prosecutor.  The prosecutor went to court to get approval of a “filter agent” procedure “whereby an AUSA uninvolved with the prosecution would review the e-mail materials to cull out any potentially privileged materials before the investigating agent and the prosecuting AUSA received them.”  Id. at 233.  Once the privileged emails were identified, they were provided to defense counsel.  The defendant objected to the procedure, but the magistrate judge permitted it.  Defendant’s motion to suppress was also unsuccessful.  While the court recognized that “there is a healthy skepticism about the reliability of a filter agent or Chinese or ethical wall within a prosecutor’s office . . . the government behaved reasonably” in the case by seeking instructions from the court before reviewing the emails.  Id. at 234. The judge recognized that it may have been preferable for defense counsel to review the emails first and create a privilege log, however defense counsel had not suggested that procedure.  Id. 234-5.; see also United States v. Vogel, No. 4:08-CR-224(1), 2010 WL 2268237, at 7 (E.D. Tex. May 25, 2010) (approving filter agent approach).

But filter teams may be only part of the solution.  Defense attorneys and their agents should assist in protecting a client’s privileged communications by more carefully labeling their communications as “Privileged and Confidential.”  While there is no guarantee that using the magic words “Privileged and Confidential” will suffice, it would go a long way towards flagging communications as privileged.

Defense counsel and prosecutors should be aware of the risk to attorney-client privilege when criminal suspects’ email accounts are obtained without their knowledge and should work together to construct a plan to protect privileged communications.

Michele L. Adelman is a partner in the business crimes group at Foley Hoag, LLP.   She is a member of the BBA Criminal Law Section Steering Committee.

Jennifer S. Behr is an associate in the business crimes group at Foley Hoag, LLP.