Chapter 3: Online Legal Research and Professional Responsibility

Learning Outcomes

  • Describe the range of ethical and professional responsibility concerns associated with online information seeking.
  • Identify the extended elements of “competency” in legal research, including cost efficiency and fluency with emerging technologies.
  • Describe potential issues associated with protection of client information and online research.

3.1 Introduction to Professional Responsibility and Online Information Seeking

Lawyers handle large amounts of sensitive client information, and the obligation to preserve client confidentiality and privacy extends to the work a lawyer does online. However, ethical and responsible practice requires more than just attention to client privacy issues. The types of incidents that could be considered departures from ethical norms are increasing due to the emergence of new technologies and increased reliance on existing technologies. Lawyers using the online environment for information seeking and information management will engage with issues around ensuring data privacy and security, intellectual property rights, transparency, and cost effectiveness, as well as attribution of sources and integrity in practice before the courts and in relation to other lawyers. Additionally, lawyers will need to critically evaluate the quality, reliability and “fitness for purpose” of emerging technologies, remain vigilant about algorithm biases, and acknowledge that computer-assisted legal research tools may import inherent biases into information seeking that impact advice to clients.

Some of this is already regulated by provincial law societies, while other aspects are left to the diligence of the lawyer. But it may not yet be possible to articulate a comprehensive approach to managing tech in practice. This is a dynamic area of concern, with new issues and situations emerging almost daily. As new technologies become available, whether for information seeking, analysis or file management, practitioners will need to reassess the boundaries of ethical behaviour. Ideally, these boundaries will be based on the acknowledged persistent values fundamental to the legal profession: honesty, integrity, and competence in all its manifestations.

In this chapter, we briefly outline four elements of professional responsibility relevant to online information seeking: defining the scope of research “competence” in the context of modern practice; technological competence in the context of emerging technologies; the cost of computer-assisted legal research; and “Big Data’s” interest in client information.

3.1.1 The Law Society of Ontario and Research Competence

Although the Law Society of Ontario’s Rules of Professional Conduct[1] do not apply to law students, they nevertheless set the standard by which your research skills will be measured in practice. Rule 3.1-1 defines a competent lawyer as one who (among other things) “implement[s] as each matter requires, the chosen course of action through the application of appropriate skills, including… (i) legal research.”[2] Rule 3.1-2 states that “A lawyer shall perform any legal services undertaken on a client’s behalf to the standard of a competent lawyer.”

This seems quite straightforward, but Rule 3.1 is accompanied by extensive commentary designed to help lawyers parse the definition of competence in various situations. Competence is, in fact, contextual and must be assessed in relation to a variety of factors.

The Commentary accompanying Rule 3.1-2 is salient to both computer-assisted legal research in particular and to technological competence in general:

[4A] To maintain the required level of competence, a lawyer should develop an understanding of, and ability to use, technology relevant to the nature and area of the lawyer’s practice and responsibilities. A lawyer should understand the benefits and risks associated with relevant technology, recognizing the lawyer’s duty to protect confidential information set out in section 3.3.
[4B] The required level of technological competence will depend upon whether the use or understanding of technology is necessary to the nature and area of the lawyer’s practice and responsibilities and whether the relevant technology is reasonably available to the lawyer. In determining whether technology is reasonably available, consideration should be given to factors including:

(a) The lawyer’s or law firm’s practice areas;
(b) The geographic locations of the lawyer’s or firm’s practice; and
(c) The requirements of clients.

The commentary highlights three ethical obligations for online researchers.

First, the rule requires that lawyers’ (and by extension law students’) understanding of relevant technology be sufficiently developed to allow them to critically assess its utility — that is, the associated benefits and risks — in each context.[3] In the context of online information seeking, tech competence comprises a broad understanding of algorithms’ impact on research results and the trade-off between efficient online legal research and cost of legal research services, an ability to critically assess the utility of online resources and even to judge the appropriate use of technology in each research task.

Second, Commentary 4B says lawyers may assess their own “required level of technical competence” with reference to the lawyer’s particular area of practice. Although this suggests that that an understanding of technology may not be necessary in all practice contexts, this may no longer be the case. There will be fewer and fewer practitioners who can avoid the professional obligation described in Commentary 4A on the basis that they do not rely on technology in their practice. In fact, in contemporary practice, no matter the area of expertise, it is highly unlikely that a lawyer can research a client’s problem from start to finish using only print resources in a cost- and time-effective way. In other words, legal research technology the online services and databases in which legal information is published, indexed, and stored, and through which it is accessed are now essential to every lawyer’s practice.

Finally, the commentary suggests that the strict requirement for tech competence can be tempered in cases where the relevant technology is not “readily available”. The implication here is that if the technology is neither common nor widely adopted, then a lawyer may be held to a less rigorous standard of competence. While it may once have been the case that computers and the internet were not part of every lawyer’s practice, those days are all but gone. Legal research technology essentially nothing more than a computer with internet access is so integral to the contemporary practice of law that there is virtually no excuse for saying legal research technology is not “reasonably available”. And more and more frequently, this metric will be applied to emerging technologies as well.

A lawyer ignores these obligations at their own professional risk. When assessing a lawyer’s tech competency in the context of legal research, the courts have shown themselves ready and willing to enforce a standard. Historically, such cases usually involved simple research capability[4] and emanated from a period when many legal researchers still relied on print resources. However, given the ease of online access to legal information, there is now no reason for a lawyer to come to court (or to a transaction or an important client meeting) without having performed competent online legal research in support of their client’s position. More recent cases on tech competence and ethical legal research have tended to arise in the context of taxation for costs, where law firms must justify their billings to clients including billings for computer-assisted legal research (see below). We predict this will evolve yet again with the emergence of new technologies such as generative AI large language models (LLMs) and their adoption and integration in legal practice tools.[5]

3.2 Technological Competence and Emerging Research Technologies

Technological competence is a serious obligation. Notwithstanding the proliferation and widespread availability of emerging technologies, our tendency to be curious about and experiment with them does not equate to competence. The launch of an AI tool is often surrounded by hype, which can easily lead to misinformation about its actual utility and risks and can mislead users into thinking such tools are simple to integrate into practice tasks. For a good example, we once again turn to the advent of LLMs.

LLMs such as ChatGPT can be a tempting shortcut for those unaware of the contours of these tools — with disastrous results. In 2023, New York lawyer Steven Schwartz became the poster child for lack of technological competence using ChatGPT, after submitting a court filing that cited fake cases generated by the AI system. Schwartz testified that it never occurred to him that ChatGPT could fabricate cases because he mistakenly thought the tool functioned as a search engine.[6] In this case, while the mere use of ChatGPT was probably not an action worthy of discipline, the lawyer’s lack of competence in critically assessing the result most definitely was. Schwartz’s blind trust in the tool caused him to forego crucial steps in information seeking and legal analysis, such as verifying — and reading — the cases that he was relying on in a written submission.

We will surely see more cases regarding the use of AI and professional competence in the coming years — and we will likely see other revolutionary technologies that will have an impact on practice. With generative AI, as with any emerging technology, as it becomes embedded in the major legal research services, it will be crucial to maintain an understanding of these tools’ capabilities and to understand how to use them with competence. One good analogy is to think of using AI in legal practice as akin to supervising an articling student. A supervising lawyer is responsible for the actions of the student acting under their direction.[7] In the same way, you hold responsibility for ensuring that the work you generate or supplement with an AI tool is accurate.

3.3 The Cost of Online Legal Research: Overhead or disbursement? And why does it matter?

Does a lawyer have an obligation to minimize the cost-to-client of competent legal research? Should law firms be able to charge clients for computer-assisted research as a line-item disbursement, separate from that of overall legal advice? To answer these questions, it helps to understand the ways in which a law firm or any business for that matter can characterize legal research costs.

In the early days of computer-assisted legal research, firms had the option to subscribe to the commercial legal research services (Westlaw or Lexis) on a pay-as-you-go basis. The firm was charged based on its use of the service and would, in turn, pass that cost along to the client as part of the work on that client’s file. However, this is no longer the most prevalent model for commercial service subscriptions. At present, a firm typically subscribes on a flat-fee basis, which is calculated on factors such as the number of users in the firm, the premium features included in the subscription, and usage rates in prior years. The subscription cost paid by the firm is stable, no matter how much or how little research is done on behalf of any client file. In other words, a commercial service subscription is a known annual cost to the firm. In this situation, a law firm could characterize its Westlaw or Lexis subscription cost in one of two ways: as a disbursement or as overhead.

A disbursement is an expense incurred and paid by a law firm on behalf of a specific client, for a specific good or service, the benefit of which accrues to that client. When a firm bills research as a disbursement, the client is charged for specific research costs commensurate with the amount and types of research done on their file. This approach is known as a “chargeback” to the client (or sometimes “transactional costs”). To facilitate this, the subscription services provide tables of suggested chargeback amounts. Firms can track transactional costs on a per-file basis by using a feature in each commercial service that allows a researcher to enter a file number at the beginning of each search session. Searches and document access is then tracked based on that file number and billed to the client accordingly.

In the alternative, firms may characterize their subscription costs as overhead. Overhead is the aggregate of essential ongoing operational expenses for any business, including salaries, rent, utilities or office supplies. Overhead costs are not related to any specific client’s file but rather to the operation of the firm as a whole. They are recouped in the hourly fees or fees for service that the firm charges to a client for a lawyer or law student’s time.

Traditionally, costs associated with legal research were charged as disbursements. This approach was facilitated by both the suggested transactional or chargeback amounts and the per-client usage tracking feature. But this approach has the potential to result in a windfall for the firm, especially in a case where a subscription represents a stable cost within a billing or fiscal period, but many clients are getting charged for research. The defensibility of such an approach is being challenged. Cases have arisen in which this approach has been impugned both by clients — for the large monetary amounts firms chargeback to a client for research on their file — and by courts themselves.[8] Judges have begun to recognize the ethical disconnect between a firm’s flat-fee subscription cost (which tends to look like overhead) and a chargeback approach to invoicing (which tends to look like a disbursement). While the issue is not settled, there does seem to be a trend towards the “research costs as overhead” approach. Nevertheless, students should be alive to the question of how research costs are presented to clients and ensure that their information-seeking practice is as cost effective as possible, as a matter of professional ethics as well as research competence.

3.4 Client Information and “Big Data” Data Collection

The online legal research environment presents a host of questions regarding unintentional or inadvertent disclosure of client information in the context of third-party data collection. The collection of large amounts of data in a commercial context, often without direct consent of users, is sometimes termed Big Data, which can be defined as “a combination of structured, semi-structured and unstructured data collected by organizations that can be mined for information and used in machine learning projects, predictive modeling and other advanced analytics applications.”[9] There is a clearly commercial benefit to the data collector, as the information collected can be used in ways that improve and target products to users based on subtle user preferences. This, in turn, makes further purchases, and thus profitability, more likely. Data collectors may also sell user information to third parties, allowing more detailed tracking of user preferences in cognate markets for the purposes of creating highly targeted marketing, and again, thereby improving profitability.

The risk of data collection via legal research technologies is not directly addressed in the LSO Rules of Professional Conduct or in the Federation of Law Societies of Canada Model Code of Professional Conduct.[10] However, we can infer lawyers’ ethical duties around the intersection of confidentiality and Big Data from the Rule 3 Commentary [4A] when read together with section 5.7 of the LSO’s Technology Practice Management Guideline.[11] Commentary [4A] states that a lawyer’s competence includes an “understanding of, and ability to use, technology relevant to the nature and area of the lawyer’s practice and responsibilities”, including a duty to “protect confidential information” as set out in section 3.3 of the FSLC Model Code. The Technology Practice Management Guideline expands this, noting that a lawyer should “take appropriate measures to secure confidential information when using cloud-based services”.[12] To the extent that the legal research services are a type of cloud-based service, it is incumbent on researchers to understand what information an online legal research tool is collecting when you are engaging with it. This is especially important if the tool requires you to input facts about your client or otherwise might collect data that is your professional obligation to protect. This is ever more frequently a concern with legal research tools that invite you to search by uploading documents as opposed to you entering a query via keywords and connectors. It’s one thing to know that your search terms are being tracked by a service; it’s another to know that a research memo you uploaded could be collected and stored as “data” associated with your account.

For example, consider a newer type of legal research tool called a “document analyser”. These tools use AI to closely inspect a document that you upload, and then recommend citations and resources based on that original document. In using such a tool, you might be tempted to upload a communication to or from a client, a document from a client’s file, or a pleading in a case that is still before the courts. But what is the system doing with that document once you have uploaded it? Does the data in that document become part of the system database for that service? Is the document indexed or otherwise saved or made available for the system to access in future? Lexis’ Brief Analysis tool is one example of a legal research tool that allows you to upload your own document. Interestingly, their privacy policy does not address this security concern specifically, but their data security statement (available within the tool itself as viewed on Lexis+) states that “the full text from the user’s document is not stored beyond the current session”.[13] If you can’t find information that alleviates your concerns about how a tool uses your data, you may need to reconsider its necessity or utility as part of your research process. At the very least, you should redact personal or identifying information — names, places and dates — before you upload.

Both Westlaw and Lexis collect personal information — provided by you when you register for the service — such as your contact details, job title, and educational background. They also collect information about how you interact with their product. Lexis’ privacy policy states that they collect data regarding “the features you used, the settings you selected, your URL click stream data, including date and time stamp and referring and exit pages, search terms you used, and pages you visited or searched for on the Service”.[14] Westlaw collects “personal information in content and communications uploaded, sent, shared, or inputted through our Services” as well as “usage, search, and browsing history, user journey history (including clicks, navigation, user actions, interactions, and session replays), usage and diagnostics analytics and metrics”.[15] In other words, you should assume that everything you do in the subscription service platforms is tracked, collected, and associated with you as a user. If you think about a firm that bills legal research costs from within the services, you know this already. In many legal workplaces, the services pass along this usage information to the law firm for purposes such as generating chargeback fees for clients to pay for the use of these expensive services.

You should also consider the scope of personal information collected by a service, and the sources it is collected from. Westlaw’s policy, for example, shows that they collect information not only from your direct interaction with the service but also from third parties (e.g. advertisers or data brokers), your organization, governmental agencies, and publicly available sources of information, all of which is kept in their system and associated with you as a user. Lexis provides a similar list, including marketing partners, social networks, and publicly available sources. This means that you may not have a clear picture of how your data — or your client’s data — is being assembled behind the scenes. The concerns here are further compounded by the fact that you may not know who the services are sharing information with,[16] and where that information may be stored.[17]

These models of data collection, retention, and sharing may have different levels of ramifications for a practicing lawyer. At the more benign end of the spectrum, you may receive targeted advertising from third parties that a company has sold your personal data to. On the more extreme side of the spectrum, however, some researchers have pointed to more troubling data sharing practices which actively endanger client interests.[18]

It is worth comparing these policies with CanLII’s privacy policy, which states that the service “collects and stores only that personal information necessary… to fulfil its mandate” but does store information including IP addresses, pages visited, duration of visit, and queries made on CanLII’s search engine in order to improve its services.[19] CanLII also states that the site “does not disclose users’ personal information to third parties except as required or permitted by law”, and provides the example of sharing information with their partner Lexum, “who assist CanLII in operating and hosting the website and fulfilling its mandate”.[20]

To mitigate concerns around Big Data, lawyers should exercise good online hygiene. Provide only the required elements of information, and nothing more, when activating an account. Strip out or anonymize personal or identifying information from any documents before uploading them to a service for search purposes. Ensure that searches conducted in more traditional ways (e.g. keywords and Boolean connectors) do not contain personal identification of you or a client that could be used to infer a litigation strategy or client issue. Ensure that in-firm client data is properly encrypted and kept behind firewalls. Finally, don’t assume that every legal research service, product, or tool behaves the same way. Researching privacy policies or engaging in conversations with privacy experts at your workplace is an important aspect of professional responsibility.

  1. Law Society of Ontario, Rules of Professional Conduct, online: <https://lso.ca/about-lso/legislation-rules/rules-of-professional-conduct/complete-rules-of-professional-conduct>.
  2. Research competence — locating authorities relevant to the determination of your client’s issue and then analyzing and applying those authorities to your client’s facts — also implies legal citation competence. Citation instruction is beyond the scope of this text, but students are encouraged to see this as an ethical obligation and work toward mastery of the citation format used by their institution. This should include a grounding in the policy underpinnings of legal citation: attribution and acknowledgement of work that is not your own when you use it in your own product, and the facilitation of access so that readers can read and assess the source cited for themselves. Particularly in the case of attribution, it is easy for errors of omission to be made. Students must aim to develop an impeccable citation technique as an element of professional responsibility.
  3. For a proposed framework for assessing benefits and risks of technology in legal practice, see Iantha Haight, “A Rubric for Analyzing Legal Technology Using Benefit/Risk Pairs” (29 June 2023) [unpublished, forthcoming in U St Thomas LJ], online: <ssrn.com/abstract=4495752>.
  4. There are a handful of well-known cases in this regard, where courts have dressed-down counsel for their failure to discharge their duty of research competence. These include Gibb v Jiwan, (1996) 62 ACWS (3d) 607, 1996 CarswellOnt 1222 (ONCJ (GD)); Lougheed Enterprises Ltd v Armbruster, (1992) 10 BCAC 226, 63 BCLR (2d) 316 (BCCA); and Central & Eastern Trust Co v Rafuse, [1986] 2 SCR 147, 31 DLR (4th) 481 (SCC).
  5. Amy Salyzyn, “AI and Legal Ethics 2.0: Continuing the Conversation in a Post-ChatGPT World”, Slaw (28 September 2023), online: <slaw.ca/2023/09/28/ai-and-legal-ethics-2-0-continuing-the-conversation-in-a-post-chatgpt-world/>.
  6. Josh Russell, “Lawyer who cited bogus legal opinions from ChatGPT pleads AI ignorance”, Courthouse News Service (8 June 2023), online: <courthousenews.com/lawyer-who-cited-bogus-legal-opinions-from-chatgpt-pleads-ai-ignorance/>.
  7. Rules of Professional Conduct, supra note 1, Rule 6.2-2, Commentary [1].
  8. See Fairchild v Vancouver Coastal Health Authority, 2011 BCSC 616 at para 77; Drummond v The Cadillac Fairview Corp Ltd, 2018 ONSC 5350 at para 10; Matthews v Lawrence, 2022 ABQB 288 at para 19; Laura Olsen, “Inside Track: Still Charging Clients for Legal Research? You Might Want to Rethink That” (15 Oct 2014), online: <wisbar.org/newspublications/insidetrack/pages/article.aspx?volume=6&articleid=23620>; Ted Tjaden, Legal Research and Writing, 4th ed (2016, Toronto: Irwin Law) at 12 et seq.
  9. Bridget Botelho & Stephen J Bigelow, “Definition: Big Data” (January 2022), online: <techtarget.com/searchdatamanagement/definition/big-data>.
  10. Federation of Law Societies of Canada, Model Code of Professional Conduct (October 2022), online: <flsc.ca/what-we-do/model-code-of-professional-conduct>.
  11. Law Society of Ontario, “Technology Practice Management Guideline”, online: <lso.ca/lawyers/practice-supports-and-resources/practice-management-guidelines/technology>.
  12. Ibid at s 5.7.
  13. Lexis+ Canada, “Brief Analysis” (last visited 12 June 2023), online: <plus.lexis.com/BriefAnalysis>.
  14. LexisNexis, “LexisNexis Privacy Policy” (20 December 2022), s 2.4, online: <lexisnexis.com/global/privacy/en/privacy-policy-ca.page>. Interestingly, Lexis characterizes this as “usage” data in its policy text, but it is in fact more than that.
  15. Thomson Reuters, “Thomson Reuters Privacy Statement” (1 January 2023), online: Thomson Reuters <thomsonreuters.com/en/privacy-statement.html>.
  16. Lexis states that they share personal information with their affiliates (any of a massive group of companies associated with LexisNexis or RELX) as well as their “service providers, suppliers, agents and representatives”. Westlaw states that they will also share personal information with your organization, business affiliates, third parties who market their products/services, governmental agencies, and law enforcement agencies.
  17. According to Westlaw, “your personal information may be transferred outside of your home country” including to the United States. Lexis lists several examples of countries where information may be stored, including Australia, China, India, the United Kingdom, and the United States. Data storage in other jurisdictions raises concerns about government surveillance due to differing laws about what the government can and cannot access.
  18. For example, see Sarah Lamdan, “When Westlaw Fuels ICE Surveillance: Legal Ethics in the Era of Big Data Policing” (2019) 43:2 NYU Rev L & Soc Change 255. Sarah Lamdan is a well-respected librarian and data surveillance researcher. See also Sarah Lamdan, Data Cartels: The Companies That Control and Monopolize Our Information (New York: Stanford University Press, 2022). This book outlines links between both Lexis and Thomson Reuters acting as data brokers to agencies and organizations including U.S. Immigration and Customs Enforcement (ICE), as well as for tenant screening software companies and predictive policing.
  19. See CanLII, “Privacy Policy” (last modified 11 November 2023), ss 1, 6, online: <canlii.org/en/info/privacy.html>.
  20. Ibid, s 8.
definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Legal Research Online Copyright © 2024 by Christa Bracci and Erica Friesen is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book