A group of 83 major law firms in the United States has come together to support Covington & Burling’s opposition to a demand by the US Securities and Exchange Commission (SEC) to reveal clients impacted by a cyber attack on the firm. The group, made up of firms often rivals for clients and legal talent, filed a friend-of-the-court brief arguing that the SEC’s subpoena for Covington’s clients violates client confidentiality that any law firm would resist under similar circumstances.
The SEC seeks to force Covington to identify about 300 publicly traded clients whose information was accessed or stolen in the 2020 hack. This is part of an investigation into potential securities law violations. The Chinese-linked Hafnium cyber-espionage group allegedly carried out the hack.
In a filing to the court, the law firms said the SEC’s subpoena would potentially turn lawyers “into witnesses against their clients.” The law firms that signed onto the brief all have a significant presence nationally and in Washington, where Covington is headquartered, and many represent clients in matters involving the SEC.
In its filing last week, Covington said the subpoena was “an assault on the sanctity and confidentiality of the attorney-client relationship” that could expose the firm’s clients to SEC scrutiny without initial evidence of misconduct. Covington has argued that the SEC’s demand is not covered by attorney-client privilege and that its status as a law firm does not exempt it from complying with investigative demands.
The judge in the case has scheduled a hearing for next month to consider the arguments made by both sides.
The filing by the group of law firms highlights the importance of client confidentiality in the legal profession. The legal profession has long held that the attorney-client relationship is sacrosanct and that clients have a right to expect their communications with their lawyers to be kept confidential. Lawyers have an ethical obligation to keep client information confidential and can face disciplinary action if they breach this obligation.
The SEC’s demand for Covington to identify its clients reminds us of the risk to client confidentiality in the digital age. Law firms hold vast amounts of sensitive and confidential client information, and the increasing frequency of cyber-attacks means that this information is at risk of being accessed or stolen. Law firms must protect their clients’ information and ensure appropriate measures are in place to detect and respond to cyber-attacks.
The case also highlights the tension between the need for law enforcement to investigate potential wrongdoing and the importance of protecting client confidentiality. While the SEC has a legitimate interest in investigating potential securities law violations, it must balance this against clients’ rights to keep their information confidential. The courts must consider these competing interests when deciding whether to uphold the SEC’s demand for Covington to identify its clients.
REFERENCES:
83 law firms back Covington in SEC subpoena fight