(stevanovic igor)

For many lawyers who represent foreign governments, the recent revelation that the U.S. National Security Agency’s Australian ally has been privy to communications between an American law firm and its international client comes as no surprise.



“Every domestic industry trade lawyer in Washington has had their systems hacked by the government of China,” says one Washington, D.C.–based Am Law 200 lawyer. “Those of us who work in this area try to take as much precaution as possible, but we’re all realistic that international communications—and even domestic communications—are simply not secure. … We have to accept that there’s international espionage going on.”



Washington attorney Bart Fisher, who has represented Sudan since 2011, said he assumes that the United States spies on the African nation and may monitor the country’s communications with him. Sudan hired Fisher to get it off the U.S. Department of State’s list of state sponsors of terrorism, among other issues, according to U.S. Department of Justice records on agents of foreign entities.



“In this day and age, it would be idiotic not to assume conversations aren’t being listened to by the government,” he said.



The comments come in response to a New York Times article that reported on the Australian Signals Directorate’s monitoring of communications between a U.S. firm and its client, the government of Indonesia, while the firm was assisting the country in trade disputes with the United States. A top-secret document obtained by former NSA contractor Edward Snowden that formed the basis of the story did not name the firm being monitored, but the Times pointed to Mayer Brown as the law firm that represented the Indonesian government at the time.



Australia’s spy agency, according to the Times, alerted NSA that the monitoring was underway, saying in the document that “information covered by attorney-client privilege may be included” in the surveillance. After discussions with the NSA’s general counsel to seek guidance on the spying, the Australians continued “to cover the talks, providing highly useful intelligence for interested U.S. customers,” according to the document.



In a statement, Mayer Brown said, in part, that “there is no indication, either in the media reports or from our internal systems and controls, that the alleged surveillance occurred at the firm. Nor has there been any suggestion that Mayer Brown was in any way the subject of the alleged scrutiny.”



Some industry observers say the Times article should not be immediate cause for alarm.

Cybersecurity expert Richard Bejtlich, pointing to a post on security blog LawFare, said a few facts make the Australia agency’s actions more palatable, including that the surveillance doesn’t appear to have taken place within the U.S.; that the agency targeted Indonesian government officials engaged in trade talks with the U.S., not the law firm itself; and that Australia alerted the NSA that it was monitoring U.S. citizens. “This is an example of the system working,” says Bejtlich, who serves as chief security strategist at cybersecurity company FireEye, which works with some large law firms. “It’s not this really nefarious thing,” he says, adding that unlike allies of the U.S. that follow protocol to omit citizens’ information when they can, countries like China and Russia do not give the same courtesies when snooping into American systems.



Still, the Times article has put some lawyers decidedly on edge and has reminded others that even in an age when messages can be transmitted across the world in seconds, precautions need to be taken.



“I honestly was shocked. Absolutely shocked,” says Carolyn Lamm, an international dispute resolution partner at White & Case and former American Bar Association president. “I think one of the tenets of our legal system, of course, is lawyer-client privilege and confidentiality. To have someone just eavesdropping is totally inappropriate.”