A document from Edward Snowden dated February 2013 showed that the Australian Signals Directorate spied on an American law firm and passed the results to the NSA, the New York Times said Saturday.
Chicago-based Mayer Brown was advising the Indonesian government during sensitive trade talks with Australia. The Signals Directorate “notified the [NSA] that it was conducting surveillance of the talks, including communications between Indonesian officials and the American law firm, and offered to share the information,” the Times said.
The Australians told officials at an NSA liaison office in Canberra, Australia that “information covered by attorney-client privilege may be included” in the intelligence gathering.
The document Snowden leaked indicated that the NSA general counsel’s office “provided clear guidance” that the surveillance and information sharing was legal and could proceed.
The Australian agency, according to the leaked document, was “able to continue to cover the talks, providing highly useful intelligence for interested U.S. customers.”
What about attorney-client privilege?
“The attorney-client privilege is one of the oldest and most sacrosanct privileges under the law,” according to the DOJ’s U.S. Attorney’s Manual at Chapter 9-28.710. It serves “an extremely important function in the American legal system,” the DOJ has said.
That didn’t stop the NSA from listening in on Mayer Brown’s privileged communciations. As the New York Times reported Saturday, most attorney-client conversations do not get special protections under American law from NSA eavesdropping.
U.S. interests in trade talks between Indonesia and Australia somehow trumped both attorney-client privilege and U.S. laws limiting NSA surveillance of Americans. The same could happen with FCPA advice about an energy project anywhere in the world, or a military or aerospace supply deal. Or anything to do with China or Russia. And so on.
There are signs it may be happening.
In June last year, a story in the American Spectator said the NSA’s Echelon spy satellite system had been used to collect “economic intelligence.” Former CIA Director James Woolsey told a German newspaper the intelligence included evidence of non-U.S. companies “paying bribes to obtain contracts that might otherwise go to American companies.”
Last month, Edward Snowden said on German TV that the NSA spies on companies as well as people.
“If there is information at Siemens that they [the NSA] think would be beneficial to the national interests, not the national security, of the United States, they will go after that information and they’ll take it,” Snowden said during an interview.
What does it all mean for American FCPA lawyers and compliance officers? They’re now on notice that their work, particularly for or with non-U.S. companies, is fair game for NSA spying.
And as the New York Times suggested, it’s hard to see what those lawyers can do to meet their obligation imposed by the ABA to “make reasonable efforts” to protect confidential information from unauthorized disclosure to outsiders.
Richard L. Cassin is the Publisher and Editor of the FCPA Blog. He can be contacted here.
I feel that increased/proper use of password-protected materials could make things harder for snoops.
A document encrypted with AES encryption and a 16+ character password is unbreakable by the NSA or anyone else.
Quite shocking information, though unfortunately not entirely surprising given the revelations we have heard over the last few months. You make a good point on the duty of protecting confidential information from disclosure. I believe that, in general, many players in the field are not doing enough to ensure that information is kept secure.
While the NSA and other spy agencies have a lot of technical tools and expertise at their disposal, a few basic precautions can contribute to better security: 1. Encrypt emails between the law practice/service provider and the client through the use of open source encryption software like GnuPG. 2. Store client information only in encrypted format (e.g. through the use of TrueCrypt). 3. Ensure your IT system is up-to-date and the use of risky software like Java kept to a minimum. Monitoring of network traffic generated by the IT systems should also be done intermittently to ensure that no malicious third-party tools have been installed.
In the end, however, if a government agency wishes to intercept or obtain information in your possession, there is only so much you can do about it. I believe that the only solution is for proper regulation of the security apparatus that sets clear boundaries.
Comments are closed for this article!