When Westlaw Fuels ICE Surveillance: Legal Ethics in the Era of Big Data Policing

Introduction

Legal research companies are selling surveillance data and services to U.S. Immigration and Customs Enforcement (“ICE”) and other law enforcement agencies. This Article discusses ethical issues that arise when lawyers buy and use legal research services sold by the same vendors responsible for building ICE’s surveillance systems. As the legal profession collectively pays millions of dollars for computer assisted legal research services, lawyers should consider whether doing so in the era of big data policing compromises their confidentiality requirements and their obligation to supervise third party vendors. With new companies developing legal research services, lawyers have more options than ever and can choose to purchase legal research services from socially responsible vendors.

I. Introduction

Imagine that you are an immigration attorney with a client who was just arrested and detained by U.S. Immigration and Customs Enforcement (“ICE”). Days after receiving a ticket for driving without a license, your client is dropping their children off at school when ICE agents suddenly descend, separating your client from their family, job, and community without warning. Upon investigation, you learn that ICE located your client through a database that tracks license plate locations. Digging deeper, you find that the license plate data comes from Thomson Reuters,  the company whose legal research product, Westlaw, you use every day to research client matters and for which your employer pays thousands of dollars each month.1 In fact, the money that you and your colleagues pay for the legal research service is padding Thomson Reuters’ balance sheets at the same time that the company is purchasing and aggregating surveillance databases and technologies to sell them to law enforcement agencies like ICE.2

Contemporary law enforcement is a technology-driven enterprise that incorporates vast amounts of information, machine-learning algorithms, and artificial intelligence to identify and track potential law-breakers. 3 This “big data policing” 4 depends on a broader range of data than ever before—including “crime data, personal data, gang data, associational data, locational data, [and] environmental data”—gleaned from a “growing web of sensor and surveillance sources.”5 Like other areas of policing, “immigration control has rapidly become an information-centered and technology-driven enterprise”6 that depends on data collected and curated by private “data brokers.”7

Private data brokers play a critical role in government surveillance.8 While intelligence and law enforcement agencies certainly conduct their share of direct online surveillance,9they have become hungry consumers of the data profiles sold by private companies, a method of indirect data collection which allows these agencies to evade privacy protections.10Legal publishers have seized the opportunity created by this demand and become data brokers: Thomson Reuters and RELX Group,11the companies that supply lawyers with the legal research products Westlaw and Lexis, respectively, are building and maintaining surveillance tools for local, state, and federal law enforcement entities, including ICE.12Surveillance—including immigration surveillance—offers Thomson Reuters and RELX Group new sources of income as selling print resources and online case databases becomes less lucrative.13ICE is using more personal data than ever to track immigrants and increasingly depends on companies like Thomson Reuters and RELX for datasets.14 Recognizing the potential for profit, Thomson Reuters and RELX are researching and developing new ways to use artificial intelligence, cognitive computing, and big data collections to assist immigration enforcement.15

Policing technology is not value neutral.16U.S. immigration authorities rely on big data technology to employ increasingly cruel and invasive techniques as they accelerate arrests, detentions, and deportations of immigrants without legal status.17 ICE agents arrest immigrants at their homes,18 in courthouses,19 at work,20 and while dropping their children off at school.21 Agents pursue immigrants in car chases, leading on one occasion to multiple deaths.22 In another instance, immigration enforcement officers stopped and arrested a man while he was driving his pregnant wife to the hospital for a C-section, leaving her to drive herself to the procedure.23

These callous enforcement tactics are facilitated by surveillance technology. The technology is used to track and locate noncitizen targets, undermining city and state level “sanctuary” policies.24 Mijente, a national organization that advocates for immigrants’ rights, reports that surveillance tools help ICE agents “scour regional, local, state, and federal databases across the country, build profiles of immigrants and their friends and family based on both private and public information, and use those profiles to surveil, track, and ultimately deport immigrants.”25

The sophisticated, invasive surveillance products developed by companies like Thomson Reuters and RELX directly contribute to the increase in immigration enforcement.26 ICE agents rely on a plethora of records to learn about and track immigrants, from utility bills to law enforcement databases.27 Agents sift through various data points to find targets, “tap[ping] into local law enforcement and drivers’ license databases,” and tracking immigrants from home addresses to churches and workplaces.28 Aristides Jimenez, a former ICE agent, explains that the agency uses brokered data and analytical tools from private companies to “discover connections between individuals, their addresses, and their property.”29

When Thomson Reuters and RELX develop products for ICE and other law enforcement agencies, lawyers are contributing, albeit indirectly, to the surveillance of their clients. The fees lawyers pay for legal research contribute significantly to the profit margin of companies developing surveillance products. Both companies make millions of dollars selling your personal data, and the data of millions of other people, to law enforcement along with sophisticated research tools that transform our data into invasive surveillance dossiers with real-time tracking updates. This places lawyers in problematic ethical territory.

In addition to their financial conflict, lawyers must also consider how their profession’s ethical standards mesh with the vendors they rely upon. While the American Bar Association (“ABA”) Model Rules of Professional Conduct and accompanying guidance materials demand that lawyers make efforts to hold parties they “directly supervise” to their own professional obligations, the ABA has not specifically addressed ethical issues related to legal research vendors.30 Nevertheless, Thomson Reuters and RELX’s surveillance products should spark discussions about lawyers’ ethical duties regarding their legal research products. The legal industry must ask: Should lawyers use products that are linked to the surveillance of their clients? And more concretely, is it possible that these products are sharing lawyers’ research data with law enforcement?

Lawyers should follow the lead of other consumer groups that have focused on supply chain ethics to ensure that the products and services they consume as part of their legal practice comply with ethical standards.31 In an era where consumers can research purchasing choices with more ease than ever before, ethical priorities have become a key consideration in consumer decision-making.32 Buyers can trace the corporate roots and supply chains for their goods and services while shopping from home or standing in a store. The increased availability of information to consumers online has exposed unethical supply chains, driving consumers to insist on ethical manufacturing practices for products ranging from clothing to coffee beans.33 Similarly, legal professionals can harness their power as consumers to hold legal research companies accountable for providing an ethical supply chain.

Because lawyers are bound to an ethical code, they must remain vigilant and actively ensure that the products they use in their work comports with their ethical principles. While LexisNexis and Westlaw continue their decades-long grip on the legal research market, new companies have emerged that provide attorneys with less problematic alternatives. Lawyers should explore using other legal research companies like Casetext, which promises not to sell or provide user data to third parties,34 or products that are not owned by data brokerage services.

This Article explores the ethical issues raised by legal research companies selling surveillance services to ICE and other law enforcement. Part II reviews the U.S. government’s extensive history of tracking immigrants, and U.S. immigration enforcement’s gradual incorporation of sophisticated surveillance technologies, demonstrating how today’s immigration enforcement uses more data-based surveillance than ever before in new, ethically fraught ways. Part III describes legal research companies’ expansion into the surveillance market, and Part IV examines the ethical issues that expansion raises. As legal research companies enter the surveillance market, they provide a test case to explore ethical issues related to big data policing and the legal profession.

II. The Evolution of ICE Surveillance: An Overview

A. The Origins of Immigrant Surveillance

The current immigrant surveillance scheme may seem shocking, with its layers of intrusive digital probes that reach into almost every aspect of immigrants’ lives, from where their cars are driving to who they “friend” on Facebook. However, immigration surveillance is a centuries-old practice in the United States. As far back as 1798, the Alien and Sedition Acts called for the collection of information about immigrants’ political beliefs,35 ordering shipmasters to report noncitizen passengers upon arrival in U.S. ports in order to prevent those with undesirable political views from remaining in the country.36

Through the decades, the federal government gradually recorded more and more information about the nation’s newcomers. In the late 1800s, spurred by the “hysteria [of] a civilizational threat,” Congress authorized the creation of registries to identify and track Chinese immigrants by recording their names, dates, ages, occupations, addresses, and even physical “peculiarities.”37 In 1893, the U.S. Supreme Court clarified that plenary power authorizes Congress to create legislation allowing for the deportation of resident noncitizens who had failed to obtain identification proving lawful residency.38 Just a decade later, Congress passed a law requiring prospective immigrants to answer questions about their political backgrounds.39 Similar laws, like the Alien Registration Act of 1940,40 increased the scope of immigration surveillance in the pre-internet era by requiring noncitizens to be registered and fingerprinted.

Although many contemporary academics and policy-makers decry the discriminatory immigration policies of early America,41 similar and even more intrusive modes of surveillance remain ingrained in our laws.

B. The Development of Contemporary Immigrant Surveillance

Since the 1990s, and the beginning of the digital era, immigration surveillance databases have grown far more complex. Computers are capable of storing large quantities of personal data for software programs to mine, allowing ICE to track immigrants more easily than ever. For instance, the Department of Homeland Security’s E-Verify program, first implemented in the 1990s, mines government citizenship data and checks it against the information that employees working for government contractors and vendors provide in their I-9 forms.42 Every federal contractor must use the E-Verify system to examine all newly-hired employees as well as existing employees assigned to the contract, and any employees that are deemed not to be in compliance with U.S. immigration laws are ineligible for government contractor jobs.43

After the September 11, 2001 terrorist attacks, national security concerns trumped due process considerations and the U.S. surveillance regime exploded from individualized to mass surveillance.44 Congressional investigations linked the terrorists’ success to poor agency coordination,45 so Congress expanded the scope of permissible surveillance and inter-agency coordination. The Patriot Act, passed shortly after the attacks, amended the Foreign Intelligence Surveillance Act of 1978 (“FISA”) and empowered federal agents to use new, more invasive surveillance tactics.46 Subsequent amendments, including the FISA Amendments Act of 2008—containing the controversial Section 70247—further broadened the scope of surveillance.48

FISA also established a system of judicial review to oversee foreign intelligence surveillance through the Foreign Intelligence Surveillance Court (“FISC”).49 Before 2001, the FISC focused on reviewing and issuing individualized warrants where foreign intelligence was sought to protect the U.S. from external threats, avoiding the “dragnet” surveillance techniques that the Fourth Amendment was designed to prevent.50 That changed in the years following 9/11.51 Today, the government can get a FISA warrant for any “tangible things” it has “reasonable grounds” to believe may be related to a terrorism investigation.52 The term “tangible things” has been construed broadly, allowing the government to engage in bulk collection of personal data, including call detail records.53 The government also uses its FISA authority to collect user data from giant technology companies like Facebook, Skype, Apple, and Google.54

A powerful tool for law enforcement, post-9/11 FISA warrants have raised red flags for skirting constitutional protections and thwarting civil rights: individual lawyers and groups from the ACLU to the ALA have criticized the U.S. government’s post-9/11 “surveillance society” as threatening civil liberties and privacy rights.55 In 2013, Eric Snowden leaked government records revealing that the National Security Administration (“NSA”) had invoked Section 702 far beyond its intended scope and was collecting detailed personal data with no connection to investigations of potential terrorism.56 In 2013, Eric Snowden leaked government records revealing that the National Security Administration (“NSA”) had invoked Section 702 far beyond its intended scope and was collecting detailed personal data with no connection to investigations of potential terrorism.57 A coalition of thirty-two groups decried the expansion of FISA warrants in 2017, pointing to the litany of surveillance abuses and citing due process concerns.58

Finally, while FISA is administered by the NSA rather than the Department of Homeland Security (“DHS”), the agency under which ICE operates, there is evidence that ICE has access to FISA surveillance data.59

C. ICE's Current Surveillance Apparatus

Whether or not it has access to FISA surveillance data, ICE is gradually accruing its own surveillance program to rival the NSA’s. In 2017, ICE entered into a $2.4 million contract with PenLink,60 a software company whose products help law enforcement track people using “real-time” “live monitoring” through phone data analysis and geolocation data mining and tracking.61 Julian Sanchez, a surveillance expert at the Cato Institute, said that PenLink’s deal with ICE “looks not that different from the language that the NSA used to do bulk collection of telephone records” under the PRISM program.62 This comparison signals the troubling expansion of immigration policing into surveillance realms previously reserved for tracking suspected international terrorism.

How will ICE use this more robust surveillance technology? If what’s past is prologue, ICE will use software like PenLink, as well as biometric recognition technology, to track immigrants and implement policing schemes that profile entire classes of people under the guise of gang affiliation or drug trafficking rather than focusing on individual instances of criminal activity.63 In 2005, ICE launched “Operation Community Shield,” an initiative in which the agency’s National Gang Unit64 combines information gathered by the federal government, third-party data like that sold by Thomson Reuters and RELX, and data from gang databases shared through partnerships with state and local police to identify and crack down on noncitizen “gang members.”65

The gang databases ICE uses to identify and track noncitizens raise due process concerns due to their notoriously inaccurate information, and the inability of individuals to challenge their inclusion in the stigmatizing databases.66 Gang databases are riddled with errors that result in law enforcement targeting and criminalizing people with no gang affiliation.67 The results of Operation Community Shield reveal the accuracy issues inherent to big data policing: as of 2006, 70 percent of immigrants deported under the Operation were never found guilty of a crime.68 Moreover, these opaque databases give authorities an opportunity to effectively criminalize whoever they please. A federal judge in Washington state recently found that ICE agents who arrested a DACA recipient had lied to two different immigration courts when they asserted that the man was “gang-affiliated.”69 Indeed, false claims of gang involvement are a “routine” part of ICE’s deportation strategy.70

ICE’s reliance on inaccurate data and a lack of proper investigation has led to mistaken arrests, and even deportation, of people with legal status. One recent investigation found that 1,488 immigrants have been wrongly detained by ICE agents since 2012 “based on incomplete government records, bad data and lax investigations.”71 It is particularly troublesome that big data collected and sold by brokers like Thomson Reuters and RELX often contains many errors72 that unfairly place individuals in legal limbo. Despite these alarming shortcomings, ICE continues to practice big data policing, claiming the tactics are necessary to prevent terrorism, drug trafficking, and other crimes.73

Bad data in databases used by ICE is all the more worrisome as concern mounts over ICE’s mission.74 ICE is a controversial vestige of the September 11th attacks: the Homeland Security Act of 2002, which authorized ICE’s creation, was passed in tandem with the Patriot Act, as part of a reflexive effort to prevent terrorism.75 To create ICE, Congress melded the investigative and intelligence resources of the U.S. Customs Service with the investigative, detention, and deportation resources of the Immigration and Naturalization Service.76 ICE’s mission focused on preventing terrorism and not on wide-scale surveillance of immigrants.77 But where previous administrations had directed ICE to focus on “serious criminals” who threaten national security and public safety, in 2017 the Trump Administration issued an executive order directing the agency to instead prioritize all undocumented immigrants for removal, including those with no criminal history.78 The executive order shifted ICE’s focus to the interior of the country, empowering them to seek out unauthorized immigrants in their communities rather than simply stopping unauthorized passage at the border.79

ICE’s controversial mission to target all undocumented immigrants makes it particularly unsettling that the agency is building an invasive surveillance system as the backbone of its “deportation machine.”80 A surveillance system built up during the Obama administration is now being deployed with animus:81 Under Trump, ICE agents are a “bullying squad,” rounding up immigrants and engaging in ethically fraught practices fueled by surveillance.82 This surveillance data supplements the information that the U.S. government collects through visa petitions83 These traditional visitor and immigration forms already collect copious personal data including addresses, education levels, and even fingerprints.84

Predictably, the combination of ICE’s sweeping new directive to arrest any unauthorized immigrant and its enhanced surveillance capacities has led to soaring immigration enforcement numbers. ICE arrests increased by 30 percent from 2016 to 2017,85 and increased another 11 percent in 2018.86 More troubling still, ICE contracts signed during the Trump administration indicate that surveillance will play an even larger role in future ICE enforcement efforts.87

To help fund more ICE surveillance initiatives, the federal government is funneling money into the ICE deportation machine. Funds are being redirected to ICE from other DHS offices like FEMA and the Coast Guard.88 Flush with government funding and support, ICE is on a surveillance shopping spree, spending tens of millions of dollars on the most invasive technology available.89 For instance, ICE is paying Palantir, a data technology firm, over $50 million to create a system that will sift through data from intelligence platforms, allowing “agents to access a vast ‘ecosystem’ of data to facilitate . . . in both discovering targets and then creating and administering cases against them.”90

In practice, ICE’s surveillance technology and police powers in immigration enforcement create scenes that could be found in a dystopian novel. Since its inception in 2003, ICE has evolved from an organization focused on the targeted policing of serious crimes to one implementing a surveillance dragnet that uses technology to indiscriminately surveil, target, arrest, and detain immigrants in their communities regardless of their criminal history, in accordance with Trump’s executive order. 91 For example, in 2017, ICE officers stopped at a Michigan restaurant, ate breakfast, complimented the chef on their meals, and then proceeded to arrest three restaurant employees.92 In another case, a 10-year old girl with cerebral palsy, who had lived in the U.S. since she was three months old, was detained immediately after she had surgery—ICE agents tracked and located her at 2 a.m. as an ambulance transported her between hospitals.93 In New York, ICE agents arrested a high schooler hours before his senior prom,94 as well as a couple visiting their son-in-law, a sergeant in the U.S. Army, on the Fourth of July95 ICE’s inhumane tactics have led many to believe the agency is out of control.96

As ICE’s role creeps beyond its original mission of securing the public safety into the detainment and removal of noncitizens who do not pose a threat to the public and who are on a pathway to legal citizenship, people have decried the agency’s actions on legal and ethical grounds.97 Lawyers have condemned instances of ICE enforcement as unconstitutional and unethical, and as shaping a national immigration policy that violates common decency.98 What many of these attorneys do not know is that ICE enforcement is bolstered by an ever-growing big data surveillance structure, and that their legal research subscriptions may be facilitating the very same ICE practices they condemn.

A. Corporate Models Shift Toward Information Sales

Westlaw and LexisNexis have invested in keeping their legal product lines ahead of the pack, incorporating artificial intelligence into their search functions100 and creating new modes of analyzing case law.101 Yet, even with these updates, their expensive products must now compete with a proliferation of new, improved, free or low-cost online research resources.102 At the same time, the print products that lawyers formerly relied on, like case reporters and digests, are waning in popularity.103 Law libraries across the nation are tossing their print collections, especially volumes of primary legal sources like cases and statutes which have historically been the cornerstones of LexisNexis and Westlaw’s legal publishing empires.104 Many law firm libraries are shrinking their book collections105 and switching from pricey electronic databases to cheaper alternatives.106 Reflecting this trend, both RELX Group107 and Thomson Reuters have shifted their business models away from traditional publishing and into the provision of digital data services.108 Their former profit sources—print resources and the proprietary ownership of legal and academic materials—are being outmoded by online and open access resources as scholars who provide Thomson Reuters and RELX Group with proprietary materials push back on companies profiting off of their unpaid labor.109 These companies’ profit models have also contributed to worsening customer relations with their legal customers.110 Still, legal professionals rely so heavily on Westlaw and Lexis for their work that law librarians, the gatekeepers for these products in law schools and many law firms, have refused to discuss controversial Westlaw and LexisNexis practices for fear of upsetting the companies.111 Even as LexisNexis was widely criticized for engaging in coercive sales practices, legal professionals continued to use the product and the company’s profit margins remained strong.112

As the traditional legal publication market shrinks, the market for big data policing services is quickly growing.113 Indeed, Thomson Reuters and RELX Group have found a new cash cow in law enforcement surveillance.114 The companies have both turned to data brokering from traditional legal and academic publishing.

As commercial data brokers, RELX Group and Thomson Reuters aggregate and resell individualized data. At the beginning of the information supply chain, individuals provide their personal information to various government entities115 and share their online consumer data and location data with software companies who sell the bundled data to firms specializing in data tracking.116 Powerful data aggregators like Thomson Reuters and RELX Group then purchase and consolidate the information held by individual data tracking firms, along with further data gleaned from public records, to create an informational mosaic describing millions of different people in great detail.117 Through this supply chain, Thomson Reuters and RELX Group hold stores of personal data including public records held by local, state, and federal governments, online data including individuals’ use of social networks, blogs, chat rooms, lists of relatives and associates, and any other data they can purchase or collect.118 These brokers then sell these detailed individualized databases to businesses and law enforcement.

RELX Group and Thomson Reuters have been gradually pivoting towards the law enforcement data market for over a decade. In 2004, RELX Group, LexisNexis’s parent company, then called Reed Elsevier, purchased Accurint, one of the country’s largest public records databases.119 With the addition of Accurint to LexisNexis services, law students could use Lexis’s public records search to check up on old friends and love interests. In 2005, one legal scholar described the ease with which one could use systems like Accurint to covertly acquire information about people without any sort of legal authorization: “[t]he easiest way to get useful data is to contact one of the many companies, usually called commercial data brokers (“CDBs”), that use computers and the internet to dig up ‘dirt’ from public and not-so public records.”120

Today, RELX Group has amassed over 78 billion public records from over 10,000 diverse sources.121 In 2015, Reed Elsevier officially rebranded itself as RELX Group,122 and in 2018 it purchased ThreatMetrix, a cybersecurity company that specializes in tracking and authenticating people and their online activities.123Technology reporters called RELX Group’s cyber-tracking company purchase “an interesting development, considering the company’s roots in educational and scientific publishing,”124 but an RELX representative characterized the acquisition as “in line with our organic growth driven strategy, supported by acquisitions of targeted data sets and analytics that are natural additions to our existing business.”125

Thomson Reuters, Westlaw’s parent company, has similarly positioned itself to compete in the surveillance data and technology market. Thomson Reuters Special Services was created to market Thomson Reuters’ surveillance products, and it has worked to create a positive relationship with ICE. This branch of Thomson Reuters employs several former ICE officials in high-ranking positions,126 and its CEO, Stephen Rubley, is a board member of the ICE Foundation, a nonprofit organization that “supports the men and women of ICE.”127

In 2008, Reed Elsevier had created such a powerful data empire that the Federal Trade Commission (“FTC”) was compelled to intervene, splitting the data giant’s holdings to prevent the creation of a monopoly. First acknowledging that Thomson Reuters and Reed Elsevier had already formed a duopoly on surveillance data brokering,128 the FTC forced Reed Elsevier to divest assets related to its electronic public records services, ChoicePoint’s AutoTrack XP and Consolidated Lead Evaluation and Reporting (“CLEAR”), to Thomson Reuters to comply with anti-trust laws.129 Thomson Reuters took CLEAR and ran with it, building a powerful investigation tool that links together millions of databases brimming with public and proprietary records.130

Contracting with ICE

Both Thomson Reuters and RELX Group contract directly with ICE to provide the agency with their informational services. RELX operates as both a direct and indirect source of information for ICE operations. As early as 2013, ICE had purchased direct access to RELX databases to help track immigrants as part of its Fugitive Operations program.131 Notably, the size of ICE’s contract with RELX increased between 2017 and 2018, a shift that ICE attributed to the executive order expanding the scope of immigration enforcement.132 In addition to its direct arrangement with ICE, RELX retains over 1,300 contracts with other law enforcement agencies.133 These relationships likely serve as an indirect source of RELX data for ICE, as ICE’s law enforcement information sharing initiative draws data from law enforcement entities across the nation.134

Thomson Reuters has been even more successful than RELX in profiting from ICE surveillance. Thomson Reuters has signed at least three contracts to provide ICE with surveillance services totaling over $46 million.135 Among those services is the CLEAR system, which:

. . . allows ICE access to a ‘vast collection of public and proprietary records’ including phone records, consumer and credit bureau data, healthcare provider content, utilities data, DMV records, World-Check listing, business data, data from social networks and chatrooms, and ‘live access’ to more than seven billion license plate detections.’136

These ICE contracts have come under fire from civil liberties groups concerned that the surveillance tools and data Thomson Reuters is selling violate peoples’ rights.137

The first contract is a 2015 agreement giving ICE access to Thomson Reuters’ CLEAR system. Under that contract, ICE enjoys access to millions of databases containing both public records from government entities and proprietary data collected from smaller data firms, which it uses to, according to the contract, “identify criminal suspects, businesses and assets of targets of investigations for potential arrest, seizure and forfeiture.”138 The contract specifies that Thomson Reuters will provide the data and the technology firm Palantir will conduct the real-time analysis to determine who to target through system-to-system communication.139 Together with a host of law enforcement agency databases provided by Thomson Reuters, Palantir’s controversial “automated policing” system will determine whether people should be targeted for investigations140 in support of ICE’s increasingly aggressive scheme to arrest noncitizens.

The second contract integrates license plate recognition (“LPR”) data into the CLEAR system that Thomson Reuters supplies to ICE.141 LPR data comes from systems of roadside cameras that photograph passing license plates and convert the images into a computer-readable format, creating a “massive vehicle-tracking network generating as many as 100 million sightings per month, each tagged with the date, time, and GPS coordinates of the sighting.”142 CLEAR subscribers can enter a license plate number and get insights such as the vehicle’s make and model, state of registration, the best locations to find a vehicle, and set up a virtual stakeout for the vehicle.143 The system simultaneously allows ICE to query historical license plate data (for instance, running a search for every time a given license plate was spotted in the last five years) to construct a detailed record of a target’s movements, and can provide ICE with instant alerts whenever a new image of a particular license plate is found.144 This forward- and backward-looking system gives ICE the power to “drill down into the data to build a detailed picture of your private life, including where you work, where you live, when you go to the doctor, [] what political demonstrations you attend,” and even who you associate with.145

Finally, a five-year contract between Thomson Reuters and ICE Enforcement and Removal Operations, a division of ICE that tracks hundreds of thousands of noncitizen U.S. residents each month, will give ICE a “continuous monitoring and alert system” that supplies:

FBI numbers; State Identification Numbers; real time jail booking data; credit history; insurance claims; phone number account information; wireless phone accounts; wire transfer data; driver’s license information; vehicle registration information; property information; pay day loan information; public court records; incarceration data; employment address data; Individual Taxpayer Identification Number (ITIN) data; and employer records.146

This broad swathe of data is pulled from all sorts of local, state, federal, and private databases and consolidated by Thomson Reuters for ICE’s convenience.147

 

C. Looking Ahead: The Future of ICE's Big Data Policing Program

The last contract also hints at things to come, demanding that the data services be “flexibly structured to adapt to changing priorities in the law enforcement continuum,” allowing for possible increases in the amount of services and data types required by the agency.148 Other ICE surveillance proposals reveal the types of surveillance projects legal information vendors will support in the future. When ICE held an investor day program related to the administration’s proposed Extreme Vetting Program,149 both Thomson Reuters and RELX Group representatives attended.150 ICE wanted a data company to “‘scrape’ social media profiles using vague and unproven criteria to monitor individual visa applicants and holders both in the United States and abroad.”151 After the investor day, ICE shelved the program because it found that data companies had not yet developed technology that could provide the level of monitoring the agency desired.152 For now, the agency plans to hire people to manually surveil noncitizen social media accounts until the right technology is developed.153

While that aspect of the Extreme Vetting Program could not be implemented due to lagging technology, other technology-driven immigration surveillance efforts are in the works. The DHS’s Office of Biometric Identity Management just reached a $95 million contract with Northrop Grumman to create a system that will match face, finger, and eye biometrics to identify people in photographs and videos.154

In addition to technological developments that deepen the amount and degree of information available to ICE, immigration surveillance is also undergoing a paradigm shift. Namely, immigration surveillance is moving from a reactive model that focuses on tracking individuals known or believed to be involved in criminal activities to a predictive model that uses artificial intelligence and computer models to forecast whether people who have no criminal record or ties to criminal activity may nonetheless commit a crime in the future.155

A. Westlaw and LexisNexis: A Duopoly Breeds Ethical Impunity

LexisNexis and Westlaw are not “mom n’ pop law companies.”173 Their legal research platforms are just one source of profit for these large corporate conglomerates that also sell news content to journalists, science materials to doctors, financial data to traders, and surveillance data to law enforcement. On the virtual shelves of Thomson Reuters’ and RELX Group’s information warehouses, the Westlaw/Lexis legal product packages sit right next to the “risk solution” law enforcement surveillance products. Legal research products are part of the legal profession and as such they must meet lawyers’ professional standards. When they wind up in the same information funnel as government surveillance products, legal research products no longer meet the ethical standards required by their lawyer consumers.

Lawyers need computer-assisted legal research to do their jobs, as proper legal research is necessary to avoid malpractice.174 So long as the law is based upon a system of statutes, regulations, and case law precedent, the legal profession will rely on computerized database systems to sort, cite check, and update sources of law. Westlaw and LexisNexis have cornered the computer-assisted legal research market.175

Westlaw and LexisNexis’s duopoly is easily explained by their corporate histories. The West company has been building its key number system since the 1800s,176 and LexisNexis has been building its electronic case law resource since the 1960s.177 Westlaw and LexisNexis had electronic legal research terminal services long before launching their online research systems.178 Because they had already amassed electronically formatted legal records and organized case law, statutes, administrative law materials, and secondary sources, Westlaw and LexisNexis were able to create complex research systems that linked various legal materials together. These services also provide invaluable annotated information about primary sources of law by fusing content from their headnotes, citators, and secondary resources. By focusing narrowly on legal publishing, Westlaw and LexisNexis developed the top legal research tools, including their proprietary citator and headnote systems.179 Despite numerous attempts, no other legal research product has broken into the upper echelon of the legal research market.180

1. Rule 1.7: Conflicts of Interest

Lawyers who represent immigrant clients in immigration court or the criminal justice system should consider whether using products related to the law enforcement surveillance of their own clients amounts to a conflict of interest. Rule 1.7, which governs conflicts of interests, suggests that legal research’s connection to surveillance is a conflict which, although attenuated, is worth considering more closely.

The ABA Model Rule of Professional Conduct 1.7 prohibits lawyers from representing clients if there is a significant risk that their representation will be materially limited by the lawyer’s responsibilities to a third person.182 Conflicts of interest are not always easy to decipher. As one lawyer describes it, “Conflicts of interest appear in an infinite variety of situations and are frequently fact-specific, yet they often are difficult to identify.”183

Using a legal research service connected to ICE surveillance presents one of those difficult-to-identify situations. If an attorney is obligated to pay a third party (Thomson Reuters or RELX Group), and that third party is helping ICE (opposing counsel) with a client’s case, has the attorney fallen on an ethical tripwire wherein the attorney will materially limit the representation of her client? The possibility that you are helping ICE spy on your clients rises significantly when you use legal research products like Westlaw that reserve the right to share user data with other Thomson Reuters products and with law enforcement.184

Overall, lawyers’ ethical standards and the ABA model rules focus on being honest and forthright with clients. Would clients feel that lawyers who pay Westlaw and LexisNexis, and possibly even type incriminating searches into those same programs, have their best interests at heart? In cases where ICE surveillance data harms a client, lawyers who pay for subscriptions to Westlaw or Lexis may have contributed to the client’s adverse circumstances. While, in its current iteration, Rule 1.7 does not appear to implicate lawyers who use services that indirectly contribute to surveillance, it is worth considering whether lawyers’ ethics should require a formal ethical boundary between client work and client surveillance.

2. Rule 1.6: Confidentiality of Information

Client confidentiality is a cornerstone of the legal profession: the attorney-client privilege allows clients to safely confide in their lawyers without inhibition. A critical piece of confidentiality is the assumption that clients’ personal information is safe in their lawyers’ hands. Under the microscope of confidentiality, Thomson Reuters and RELX Group’s coziness with law enforcement yields an additional concern: Are Westlaw and LexisNexis keeping records of lawyers’ research and, through their parent companies, making it available to their law enforcement clients? And if so, does exposing your legal search terms constitute a breach of confidentiality?

Notably, neither Thomson Reuters nor RELX Group has promised that their legal research product is independent from the data services they provide to law enforcement. In fact, when asked about whether they use legal research user data in their surveillance search platforms, Bloomberg Law immediately responded that their product does not save user data, but Thomson Reuters representatives were “notably silent.”185 Thomson Reuters’ lack of response corresponds to their privacy statement, updated in May of 2018, which explicitly states that the company shares its user information with a range of entities, including “within the Thomson Reuters group, with our business partners and third party service providers, the person providing for your access to our Services (if that is not you) and in accordance with law.”186 This raises the additional concern that confidential information could be crossing between corporate subsidiaries, from Westlaw to the data services being sold to law enforcement.

The ABA has not directly opined on whether using products that participate in surveillance projects violates confidentiality obligations. When considering confidentiality and technology, ABA opinions have focused on communications between lawyers and clients187 and been relatively silent on issues related to ethics and legal research. This is likely because legal research privacy is a contemporary issue. Until recently, research was done with books and by perusing court reporters—this was hardly a public communication. Further, law libraries comply with stringent patron privacy standards.188 Online legal research services are a relatively new development,189 and the purchase of these companies by larger data corporations that also sell surveillance products is an even newer phenomenon. Indeed, the ABA Standing Committee on Ethics and Professional Responsibility’s notoriously slow response to technological changes in the profession190 means there is no guidance on attorney use of legal research products linked to law enforcement surveillance.

Yet ABA opinions are unambiguous that using online services, email or otherwise, that do not protect client information can violate the lawyers’ ethical code.191 Model Rule 1.1 requires that lawyers be competent, an obligation that includes being aware of the risks of using various technologies.192 Moreover, in 2012, the ABA’s Standing Committee on Ethics and Professional Responsibility amended Rule 1.6(c) to require that lawyers “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of the client.”193 This modification specifies that lawyers must try to prevent the disclosure of client data related to case work.

In 2017, the ABA Committee issued guidance for the 2012 amendments to Rule 1.6 to help lawyers determine whether they are doing enough to protect client information when they use technology in their practice.194 The guidance asks lawyers to independently weigh the costs and burdens of implementing safeguards against the sensitivity of the disclosed information.195

Applying the 2017 guidance, an attorney’s use of legal research providers indirectly involved in surveillance raises confidentiality concerns. Search data associated with lawyers’ Westlaw and Lexis accounts can be sensitive material. In some states, search strategy and legal research fall squarely in the realm of confidential lawyer work product.196 The balance of safeguarding sensitive legal research information against the costs of selecting legal research products that guarantee confidentiality becomes easier as the legal research market proliferates, offering ever-improving technology and competitive rates.197 In a profession that prohibits even email tracking bugs for their breach of client confidentiality,198 something as harmful to clients as police surveillance should be walled off from the legal profession, both personally and financially, and lawyers should opt to use legal research systems that protect sensitive client information.

3. Rule 5.3: Responsibilities Regarding Nonlawyer Assistance

Beyond a lawyer’s own conflict of interest and confidentiality considerations, lawyers must make reasonable efforts to ensure that non-lawyers under their authority engage in conduct that is compatible with the lawyer’s own professional obligations.199 To be sure, legal research companies are not “under the authority” of lawyers like companies providing discovery assistance or trial exhibits. Nevertheless, many similarities exist between legal research companies and other non-lawyer assistance. Representatives from Lexis and Westlaw are in regular contact with their attorney clients, assisting with specific research questions200 and designing special training packages to meet their clients’ needs.201 This personal contact, the digital customization of research results as well as the storing of research histories, and the suggestions of alternate research sources in response to search queries arguably create a similarly close and dependent assistant relationship to that of traditional non-lawyer assistance. In these types of vendor relationships, the ABA instructs lawyers to conduct due diligence on vendors that provide communication technology.202

According to the ABA, when lawyers use a third-party vendor in their practice, they must ensure: 1) that the vendor maintains the same confidentiality and security standards that the lawyer must maintain, and 2) that the vendor does not use lawyer information in a way that creates a conflict of interest. The 2017 ABA opinion on technology and client communication builds on a 2008 opinion to clarify that lawyers have professional responsibility obligations when they outsource legal and non-legal services in their legal practices.203 These obligations include considering vendors’ security policies and protocols, using confidentiality agreements, and making sure the vendors do not have any conflicts of interest204—considerations lawyers should be applying with scrutiny to their legal technology vendors.

Obligations aside, the privacy agreements that Westlaw and LexisNexis provide to users do not make any assurances that they will maintain the necessary confidentiality and security standards to which lawyers ascribe.205 Thomson Reuters does not separate products and work across “all platforms” as they develop their AI and machine-learning technology.206Based on Thomson Reuters’ and LexisNexis’s privacy statements,207 the legal community should expect that the information they put into their Westlaw and Lexis accounts, including search histories and saved documents, are not confidential. The data you enter into Lexis and Westlaw could become part of ICE’s surveillance data trove, linking your clients’ personal data to your search histories and research and placing your clients’ safety in jeopardy.

V. A Call to Action to Divest from Lexis and Westlaw

It is time for lawyers to be more vigilant about our “supply chain.” If legal research products are engaged in unethical practices, or in practices that fail to comply with professional responsibility rules, lawyers should condemn those practices. No conscientious lawyer can stand by idly when Westlaw and LexisNexis’s parent companies are building a “digital deportation machine”208 with profits from their lawyer customers. Instead, lawyers should switch to alternative products.

Westlaw and Lexis do not have to be the only choices for legal research. Even though these legal research services are universally blessed by the legal profession and considered the “top tier” research products,209 a bevy of newer online legal research platforms are disrupting the legal technology field. Services like Bloomberg Law, Fastcase, and Casetext are building their own citators, headnote systems, and other legal research tools to sort and update primary and secondary sources of law. Many of these alternative legal research products do not participate in law enforcement surveillance. As we discuss the ethically fraught overlap of legal research and surveillance systems, we should consider opening our minds to these new legal research alternatives. Along with fancy bells and whistles like citators and annotations, big data ethics should be a guiding factor in selecting the legal research products we use in our practice.

Other professions have exerted pressure on companies whose contracts enable government cruelty.210 and Google declined to renew a contract to provide artificial intelligence services to the Pentagon after thousands of employees signed a letter of protest and a handful resigned.211 The public has also stepped in to discourage companies from building technology to assist the administration’s deportation machine.212 In order to also take a stand against the destructive practice of immigration surveillance, it is time for lawyers to do the same.

VI. Conclusion

The technological advancements of the last few decades have required lawyers to consider new ethics scenarios around email communications,213 social media use in practice,214 and blogging. Similarly, lawyers must now consider the ethical ramifications of using Westlaw and Lexis in the big data policing era, where legal research supports and overlaps with the very systems that turn data over to government enforcement entities, including ICE.

It’s imperative that lawyers focus on these ethical quandaries now because the government grows thirstier for more personal information as new surveillance and data technologies develop. RELX Group, Thomson Reuters, and other information companies will continue to build products to please this ever-growing surveillance customer base. At the Extreme Vetting Program investor day, ICE asked data companies for products the companies had not yet developed. It is likely that the investor day attendees will work to build those products and more for ICE in the near future. As long as legal research companies play a role in enabling government and ICE surveillance—and it is clear that they do—the legal community should condemn them and replace their products with more ethical alternatives.