MTC: Lawyers, Generative AI, and the Right to Privacy: Navigating Ethics, Client Confidentiality, and Public Data in the Digital Age

/ The Tech-Savvy Lawyer.Page/

Modern attorneys need to tackle AI ethics and privacy risks.

The legal profession stands at a critical crossroads as generative AI tools like ChatGPT become increasingly integrated into daily practice. While these technologies offer unprecedented efficiency and insight, they also raise urgent questions about client privacy, data security, and professional ethics—questions that every lawyer, regardless of technical proficiency, must confront.

Recent developments have brought these issues into sharp focus. OpenAI, the company behind ChatGPT, was recently compelled to preserve all user chats for legal review, highlighting how data entered into generative AI systems can be stored, accessed, and potentially scrutinized by third parties. For lawyers, this is not a theoretical risk; it is a direct challenge to the core obligations of client confidentiality and the right to privacy.

The ABA Model Rules and Generative AI

The American Bar Association’s Model Rules of Professional Conduct are clear: Rule 1.6 requires lawyers to “act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure”. This duty extends beyond existing clients to former and prospective clients under Rules 1.9 and 1.18. Crucially, the obligation applies even to information that is publicly accessible or contained in public records, unless disclosure is authorized or consented to by the client.

Attorneys need to explain generative AI privacy concerns to client.

The ABA’s recent Formal Opinion 512 underscores these concerns in the context of generative AI. Lawyers must fully consider their ethical obligations, including competence, confidentiality, informed consent, and reasonable fees when using AI tools. Notably, the opinion warns that boilerplate consent in engagement letters is not sufficient; clients must be properly informed about how their data may be used and stored by AI systems.

Risks of Generative AI: PII, Case Details, and Public Data

Generative AI tools, especially those that are self-learning, can retain and reuse input data, including Personally Identifiable Information (PII) and case-specific details. This creates a risk that confidential information could be inadvertently disclosed or cross-used in other cases, even within a closed firm system. In March 2023, a ChatGPT data leak allowed users to view chat histories of others, illustrating the real-world dangers of data exposure.

Moreover, lawyers may be tempted to use client public data—such as court filings or news reports—in AI-powered research or drafting. However, ABA guidance and multiple ethics opinions make it clear: confidentiality obligations apply even to information that is “generally known” or publicly accessible, unless the client has given informed consent or an exception applies. The act of further publicizing such data, especially through AI tools that may store and process it, can itself breach confidentiality.

Practical Guidance for the Tech-Savvy (and Not-So-Savvy) Lawyer

Lawyers can face disciplinary hearing over unethical use of generative AI.

The Tech-Savvy Lawyer.Page Podcast Episode 99, “Navigating the Intersection of Law Ethics and Technology with Jayne Reardon and other The Tech-Savvy Lawyer.Page postings offer practical insights for lawyers with limited to moderate tech skills. The message is clear: lawyers must be strategic, not just enthusiastic, about legal tech adoption. This means:

  • Vetting AI Tools: Choose AI platforms with robust privacy protections, clear data handling policies, and transparent security measures.

  • Obtaining Informed Consent: Clearly explain to clients how their information may be used, stored, or processed by AI systems—especially if public data or PII is involved.

  • Limiting Data Input: Avoid entering sensitive client details, PII, or case specifics into generative AI tools unless absolutely necessary and with explicit client consent.

  • Monitoring for Updates: Stay informed about evolving ABA guidance, state bar opinions, and the technical capabilities of AI tools.

  • Training and Policies: Invest in ongoing education and firm-wide policies to ensure all staff understand the risks and responsibilities associated with AI use.

Conclusion

The promise of generative AI in law is real, but so are the risks. As OpenAI’s recent legal challenges and the ABA’s evolving guidance make clear, lawyers must prioritize privacy, confidentiality, and ethics at every step. By embracing technology with caution, transparency, and respect for client rights, legal professionals can harness AI’s benefits without compromising the foundational trust at the heart of the attorney-client relationship.

MTC

MTC: Florida Bar's Proposed Listserv Rule: A Digital Wake-Up Call for Legal Professionals.

/ The Tech-Savvy Lawyer.Page/

not just Florida Lawyers should be reacting to New Listserv Ethics Rules!

The Florida Bar's proposed Advisory Opinion 25-1 regarding lawyers' use of listservs represents a crucial moment for legal professionals navigating the digital landscape. This proposed guidance should serve as a comprehensive reminder about the critical importance of maintaining client confidentiality in our increasingly connected professional world.

The Heart of the Matter: Confidentiality in Digital Spaces 💻

The Florida Bar's Professional Ethics Committee has recognized that online legal discussion groups and peer-to-peer listservs provide invaluable resources for practitioners. These platforms facilitate contact with experienced professionals and offer quick feedback on legal developments. However, the proposed opinion emphasizes that lawyers participating in listservs must comply with Rule 4-1.6 of the Rules Regulating The Florida Bar.

The proposed guidance builds upon the American Bar Association's Formal Opinion 511, issued in 2024, which prohibits lawyers from posting questions or comments relating to client representations without informed consent if there's a reasonable likelihood that client identity could be inferred. This nationwide trend reflects growing awareness of digital confidentiality challenges facing modern legal practitioners.

National Landscape of Ethics Opinions 📋

🚨 BOLO: florida is not the only state that has rules related to lawyers discussing cases online!

The Florida Bar's approach aligns with a broader national movement addressing lawyer ethics in digital communications. Multiple jurisdictions have issued similar guidance over the past two decades. Maryland's Ethics Opinion 2015-03 established that hypotheticals are permissible only when there's no likelihood of client identification. Illinois Ethics Opinion 12-15 permits listserv guidance without client consent only when inquiries won't reveal client identity.

Technology Competence and Professional Responsibility 🎯

I regularly addresses these evolving challenges for legal professionals. As noted in many of The Tech-Savvy Lawyer.Page Podcast's discussions, lawyers must now understand both the benefits and risks of relevant technology under ABA Model Rule 1.1 Comment 8. Twenty-seven states have adopted revised versions of this comment, making technological competence an ethical obligation.

The proposed Florida rule reflects this broader trend toward requiring lawyers to understand their digital tools. Comment 8 to Rule 1.1 advises lawyers to "keep abreast of changes in the law and its practice," including technological developments. This requirement extends beyond simple familiarity to encompass understanding how technology impacts client confidentiality.

Practical Implications for Legal Practice 🔧

The proposed advisory opinion provides practical guidance for lawyers who regularly participate in professional listservs. Prior informed consent is recommended when there's reasonable possibility that clients could be identified through posted content or the posting lawyer's identit1. Without such consent, posts should remain general and abstract to avoid exposing unnecessary information.

The guidance particularly affects in-house counsel and government lawyers who represent single clients, as their client identities would be obvious in any posted questions. These practitioners face heightened scrutiny when participating in online professional discussions.

Final Thoughts: Best Practices for Digital Ethics

Florida lawyers need to know their state rules before discussing cases online!

Legal professionals should view the Florida Bar's proposed guidance as an opportunity to enhance their digital practice management. The rule encourages lawyers to obtain informed consent at representation's outset when they anticipate using listservs for client benefit. This proactive approach can be memorialized in engagement agreements.

The proposed opinion also reinforces the fundamental principle that uncertainty should be resolved in favor of nondisclosure. This conservative approach protects both client interests and lawyer professional standing in our digitally connected legal ecosystem.

The Florida Bar's proposed Advisory Opinion 25-1 represents more than regulatory housekeeping. It provides essential guidance for legal professionals navigating increasingly complex digital communication landscapes while maintaining the highest ethical standards our profession demands.

MTC

BOLO: LexisNexis Data Breach: What Legal Professionals Need to Know Now—and Why All Lexis Products Deserve Scrutiny!

/ The Tech-Savvy Lawyer.Page/

LAWYERS NEED TO BE BOTH TECH-SAVVY AND Cyber-SavvY!

On December 25, 2024, LexisNexis Risk Solutions (LNRS)—a major data broker and subsidiary of LexisNexissuffered a significant data breach that exposed the personal information of over 364,000 individuals. This incident, which went undetected until April 2025, highlights urgent concerns for legal professionals who rely on LexisNexis and its related products for research, analytics, and client management.

What Happened in the LexisNexis Breach?

Attackers accessed sensitive data through a third-party software development platform (GitHub), not LexisNexis’s internal systems. The compromised information includes names, contact details, Social Security numbers, driver’s license numbers, and dates of birth. Although LexisNexis asserts that no financial or credit card data was involved and that its main systems remain secure, the breach raises red flags about the security of data handled across all Lexis-branded platforms.

Why Should You Worry About Other Lexis Products?

LexisNexis Risk Solutions is just one division under the LexisNexis and RELX umbrella, which offers a suite of legal, analytics, and data products widely used by law firms, courts, and corporate legal departments. The breach demonstrates that vulnerabilities may not be limited to one product or platform; third-party integrations, development tools, and shared infrastructure can all present risks. If you use LexisNexis for legal research, client intake, or case management, your clients’ confidential data could be at risk—even if the breach did not directly affect your specific product.

Ethical Implications: ABA Model Rules of Professional Conduct

ALL LawyerS NEED TO BE PREPARED TO FighT Data LeakS!

The American Bar Association’s Model Rules of Professional Conduct require lawyers to safeguard client information and maintain competence in technology. Rule 1.6(c) mandates that attorneys “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Rule 1.1 further obligates lawyers to keep abreast of changes in law and its practice, including the benefits and risks associated with relevant technology.

In light of the LexisNexis breach, lawyers must:

  • Assess the security of all third-party vendors, including legal research and data analytics providers.

  • Promptly notify clients if their data may have been compromised, as required by ethical and sometimes statutory obligations.

  • Implement additional safeguards, such as multi-factor authentication and regular vendor risk assessments.

  • Stay informed about ongoing investigations and legal actions stemming from the breach.

What Should Legal Professionals Do Next?

  • Review your firm’s use of LexisNexis and related products.

  • Ask vendors for updated security protocols and breach response plans.

  • Consider offering affected clients identity protection services.

  • Update internal policies to reflect heightened risks associated with third-party platforms.

The Bottom Line

The LexisNexis breach is a wake-up call for the legal profession. Even if your primary Lexis product was not directly affected, the interconnected nature of modern legal technology means your clients’ data could still be at risk. Proactive risk management and ethical vigilance are now more critical than ever.

🚨 BOLO: Android Ad Fraud Malware and Your ABA Ethical Duties – What Every Lawyer Must Know in 2025 🚨

/ The Tech-Savvy Lawyer.Page/

Defend Client Data from Malware!

The discovery of the “Kaleidoscope” ad fraud malware targeting Android devices is a wake-up call for legal professionals. This threat, which bombards users with unskippable ads and exploits app permissions, is not just an annoyance - it is a direct risk to client confidentiality, law firm operations, and compliance with the ABA Model Rules of Professional Conduct. Lawyers must recognize that cybersecurity is not optional; it is an ethical mandate under the ABA Model Rules, including Rules 1.1, 1.3, 1.4, 1.6, 5.1, and 5.3.

Why the ABA Model Rules Matter

  • Rule 1.6 (Confidentiality): Lawyers must make reasonable efforts to prevent unauthorized disclosure of client information. A compromised device can leak confidential data, violating this core duty.

  • Rule 1.1 (Competence): Competence now includes understanding and managing technological risks. Lawyers must stay abreast of threats like Kaleidoscope and take appropriate precautions.

  • Rule 1.3 (Diligence): Prompt action is required to investigate and remediate breaches, protecting client interests.

  • Rule 1.4 (Communication): Lawyers must communicate risks and safeguards to clients, including the potential for data breaches and the steps being taken to secure information.

  • Rules 5.1 & 5.3 (Supervision): Law firm leaders must ensure all personnel, including non-lawyers, adhere to cybersecurity protocols.

Practical Steps for Lawyers – Backed by Ethics and The Tech-Savvy Lawyer.Page

Lawyers: Secure Your Practice Now!

  • Download Only from Trusted Sources: Only install apps from the Google Play Store, leveraging its built-in protections. Avoid third-party stores, the main source of Kaleidoscope infections.

  • Review App Permissions: Be vigilant about apps requesting broad permissions, such as “Display over other apps.” These can enable malware to hijack your device.

  • Secure Devices: Use strong, unique passwords, enable multi-factor authentication, and encrypt devices-simple but essential steps emphasized by our blog posts on VPNs and ABA guidance.

  • Update Regularly: Keep your operating system and apps up to date to patch vulnerabilities.

  • Educate and Audit: Train your team about mobile threats and run regular security audits, as highlighted in Cybersecurity Awareness Month posts on The Tech-Savvy Lawyer.Page.

  • Incident Response: Have a plan for responding to breaches, as required by ABA Formal Opinion 483 and best practices.

  • Communicate with Clients: Discuss with clients how their information is protected and notify them promptly in the event of a breach, as required by Rule 1.4 and ABA opinions.

  • Label Confidential Communications: Mark sensitive communications as “privileged” or “confidential,” per ABA guidance.

Advanced Strategies

Lawyers need to have security measures in place to protect client data!

  • Leverage AI-Powered Security: Use advanced tools for real-time threat detection, as recommended by The Tech-Savvy Lawyer.Page.

  • VPN and Secure Networks: Avoid public Wi-Fi. But if/when you do be sure to use VPNs (see The Tech-Savvy Lawyer.Page articles on VPNs) to protect data in transit.

  • Regular Backups: Back up data to mitigate ransomware and other attacks.

By following these steps, lawyers fulfill their ethical duties, protect client data, and safeguard their practice against evolving threats like Kaleidoscope.

MTC: Legal Cybersecurity Crisis - How the CVE System's Defunding Compromises Digital Safety for Law Firms 🚨

/ The Tech-Savvy Lawyer.Page/

In the chaos, Lawyers need to defend client data as CVE shield may be in jeopardy!

CVE Program’s Last-Minute Rescue: What Lawyers Must Learn from the Cybersecurity Near-Crisis 🚨

The legal world narrowly avoided a digital disaster last week week. The Common Vulnerabilities and Exposures (CVE) program—the backbone of global cybersecurity—came within hours of losing its federal funding, sending shockwaves through the legal and cybersecurity communities. In an eleventh-hour move, the Cybersecurity and Infrastructure Security Agency (CISA) extended funding for MITRE to continue operating the CVE program, averting a shutdown that could have left law firms and their clients exposed to unprecedented cyber risk. The episode is a wake-up call for every legal professional: Our reliance on a single, government-funded system for vulnerability intelligence is a vulnerability in itself.

The Alarm: How Close We Came to Losing the CVE Program ⚠️

On April 16, 2025, MITRE, the non-profit that manages the CVE database, announced its contract with the Department of Homeland Security would expire at midnight. The news triggered widespread alarm across the cybersecurity sector, as the CVE program is essential for tracking, cataloging, and sharing information about software vulnerabilities. Legal technology vendors, law firm IT teams, and risk managers all depend on CVE data to prioritize security updates and defend against cyber threats.

The potential consequences were immediate and severe. Experts warned that a lapse in CVE services would delay vulnerability disclosures, disrupt incident response, and create a dangerous window for attackers to exploit unpatched systems. Law firms, which handle highly sensitive client information, would have faced heightened risks of data breaches, malpractice claims, and regulatory penalties.

The Save: CISA Steps In—But Only for Now

CISA’s rescue: Legal cybersecurity lifeline survives—uncertainty remains.

In response to the outcry, CISA executed a last-minute contract extension, ensuring there would be no interruption in CVE services for at least the next 11 months. MITRE confirmed that the funding would keep the program running, and the global cybersecurity community breathed a collective sigh of relief.

Yet, this solution is temporary. The extension lasts less than a year, and the long-term sustainability of the CVE program remains uncertain. The episode has already spurred the formation of a new nonprofit, the CVE Foundation, aimed at ensuring the program’s independence and stability beyond government sponsorship.

Why This Matters for Lawyers and Law Firms ⚖️

The CVE program is more than a technical tool—it is a legal lifeline. The American Bar Association’s Model Rules require lawyers to safeguard client confidentiality, maintain technological competence, and supervise staff and vendors on cybersecurity practices. See MRPC 1.1[8] & 1.6. Without reliable, up-to-date vulnerability intelligence, law firms cannot meet these obligations.

If the CVE program had gone dark, lawyers would have faced:

  • Increased risk of data breaches: Without a unified system for tracking vulnerabilities, attackers would have more time and opportunity to exploit unpatched systems, putting client data at risk.

  • Malpractice exposure: Failing to implement timely security updates could be seen as a breach of the duty of competence and confidentiality, opening the door to claims of negligence or breach of fiduciary duty.

  • Compliance headaches: With regulatory requirements around breach notification and data protection tightening, law firms would struggle to demonstrate they had taken “reasonable efforts” to protect client information.

  • Vendor management chaos: Many legal technology providers rely on CVE identifiers to communicate security patches. Without them, law firms would face confusion and delays in applying critical updates.

Lessons Learned: What Lawyers Should Do Next 🛡️

The CVE funding scare revealed that even the most established cybersecurity programs can be vulnerable. For the legal profession, this is a clear signal to take proactive steps:

Lawyers have a duty to protect their clients’ PII from cyberattacks!

  • Diversify threat intelligence sources: Don’t rely solely on the CVE program. Lawyers and IT teams should monitor additional resources such as the National Vulnerability Database (NVD), CISA Alerts & Advisories, and vendor-specific feeds.

  • Review and update incident response plans: Ensure your breach response protocols account for the possibility of disruptions in vulnerability intelligence. Document your reliance on CVE and alternative sources for compliance purposes.

  • Strengthen vendor contracts: Require legal technology providers to maintain robust vulnerability management practices, even if the CVE system is disrupted.

  • Stay engaged and advocate: Support efforts to make the CVE program sustainable and independent. The legal community should join calls for diverse funding and governance to avoid future crises.

  • Educate staff and clients: Communicate the importance of cybersecurity vigilance and the evolving landscape. Make sure everyone understands their role in protecting client data.

Final Thoughts: A Fragile Peace and a Call for Vigilance 🔍

The CVE program’s last-minute rescue is a relief, but not a resolution. The legal sector must recognize that the stability of our cybersecurity infrastructure is not guaranteed. With only 11 months of assured funding, the risk of another crisis looms. The new CVE Foundation may provide a path forward, but it will require broad support from both public and private sectors.

Lawyers must remain vigilant, proactive, and informed. The next funding scare could come with less warning—and with even higher stakes for client confidentiality, professional responsibility, and the very trust that underpins the legal profession.

MTC

Shout Out: Unlock AI's Potential with Ethics Expertise 🚀💻

/ The Tech-Savvy Lawyer.Page/

Keep up with the constant changing world of AI and Legal ethics!

In the rapidly evolving legal landscape, embracing artificial intelligence (AI) is no longer optional—it's essential 🌟. The upcoming AI and Legal Ethics: A Risk-Benefit Analysis 2025 webinar offers a unique opportunity for lawyers to enhance their practice while navigating the complex ethical considerations surrounding AI use 📚. Join Hilary P. Gerzhoy and Julienne Pasichow of HWG LLP delve into critical areas such as competence in technology, supervision of AI tools, reasonable fees, confidentiality, truth in advertising, and client communication standards 📊.

By attending this webinar, you'll gain practical insights into integrating AI responsibly, ensuring compliance with professional conduct standards, and staying ahead in the legal tech revolution 🚀. Whether you're looking to improve efficiency, enhance client services, or simply stay updated on the latest legal tech trends, this event is a must-attend for any forward-thinking lawyer 🚀.

You can attend this information packed cle virtually!

Don't miss out! Register now and elevate your legal practice with AI expertise 💻👉 https://dcbar.inreachce.com/Details/Information/11092a42-cde2-426d-9dbf-25f270b2df09

I hope to “virtually” see you there!

Shout Out to Robert Ambrogi: AI Legal Research Platforms - A Double-Edged Sword for Tech-Savvy Lawyers 🔍⚖️

/ The Tech-Savvy Lawyer.Page/

The use of ai is a great starting point - but always check your work (especially your citations)!

Robert Ambrogi's recent article on LawNext sheds light on a crucial development in legal tech: the comparison of AI-driven legal research platforms. This "AI smackdown" reveals both the potential and pitfalls of these tools, echoing concerns raised in our previous editorial about Lexis AI's shortcomings.

The Southern California Association of Law Libraries' panel, featuring expert librarians, put Lexis+AI, Westlaw Precision AI, and vLex's Vincent AI to the test. Their findings? While these platforms show promise in answering basic legal questions, they're not without flaws.

Each platform demonstrated unique strengths: Lexis+AI's integration with Shepard's, Westlaw Precision AI's KeyCite features, and Vincent AI's user control options. However, inconsistencies in responses to complex queries and recent legislation underscore a critical point: AI tools are supplements, not replacements, for thorough legal research.

This evaluation aligns with our earlier critique of Lexis AI, reinforcing the need for cautious adoption of AI in legal practice. As the technology evolves, so must our approach to using it.

Mark Gediman's wise words from Bob’s article serve as a fitting conclusion:

Whenever I give the results to an attorney, I always include a disclaimer that this should be the beginning of your research, and you should review the results for relevance and applicability prior to using it, but you should not rely on it as is.
— Mark Gediman

For tech-savvy lawyers, the message is clear: Embrace AI's potential, but never forget the irreplaceable value of human expertise and critical thinking in legal research. 🧠💼

MTC

MTC: AI in Legal Email - Balancing Innovation and Ethics 💼🤖

/ The Tech-Savvy Lawyer.Page/

lawyers have an ethical duty when using ai in their work!

The integration of AI into lawyers' email systems presents both exciting opportunities and significant challenges. As legal professionals navigate this technological frontier, we must carefully weigh the benefits against potential ethical pitfalls.

Advantages of AI in Legal Email 📈

AI-powered email tools offer numerous benefits for law firms:

  • Enhanced efficiency through automation of routine tasks

  • Improved client service and satisfaction

  • Assistance in drafting responses and suggesting relevant case law

  • Flagging important deadlines

  • Improved accuracy in document review and contract analysis

These capabilities allow lawyers to focus on high-value work, potentially improving outcomes for clients and minimizing liabilities for law firms.

AI Email Assistants 🖥️

Several AI email assistants are available for popular email platforms:

  1. Microsoft Outlook:

    • Copilot for Outlook: Enhances email drafting, replying, and management using ChatGPT.

  2. Apple Mail:

  3. Gmail:

    • Gemini 1.5 Pro: Offers email summarization, contextual Q&A, and suggested replies.

  4. Multi-platform:

Always Proofread Your Work and Confirm Citations!

🚨

Always Proofread Your Work and Confirm Citations! 🚨

Ethical Considerations and Challenges 🚧

Confidentiality and Data Privacy

The use of AI in legal email raises several ethical concerns, primarily regarding the duty of confidentiality outlined in ABA Model Rule 1.6. Lawyers must ensure that AI systems do not compromise client information or inadvertently disclose sensitive data to unauthorized parties.

To address this:

lawyers should always check their work; especially when using AI!

  1. Implement robust data security measures

  2. Understand AI providers' data handling practices

  3. Review and retain copies of AI system privacy policies

  4. Make reasonable efforts to prevent unauthorized disclosure

Competence (ABA Model Rule 1.1)

ABA Model Rule 1.1, particularly Comment 8, emphasizes the need for lawyers to understand the benefits and risks associated with relevant technology. This includes:

  • Understanding AI capabilities and limitations

  • Appropriate verification of AI outputs (Check Your Work!)

  • Staying informed about changes in AI technology

  • Considering the potential duty to use AI when benefits outweigh risks

The ABA's Formal Opinion 512 further emphasizes the need for lawyers to understand the AI tools they use to maintain competence.

Client Communication

Maintaining the personal touch in client communications is crucial. While AI can streamline processes, it should not replace nuanced, empathetic interactions. Lawyers should:

  1. Disclose AI use to clients

  2. Address any concerns about privacy and security

  3. Consider including AI use disclosure in fee agreements or retention letters

  4. Read your AI-generated/assisted drafts

Striking the Right Balance ⚖️

To ethically integrate AI into legal email systems, firms should:

  1. Implement robust data security measures to protect client confidentiality

  2. Provide comprehensive training on AI tools to ensure competent use

  3. Establish clear policies on when and how AI should be used in client communications

  4. Regularly review and audit AI systems for accuracy and potential biases

  5. Maintain transparency with clients about the use of AI in their matters

  6. Verify that AI tools are not using email content to train or improve their algorithms

Ai is a tool for work - not a replacement for final judgment!

By carefully navigating ⛵️ these considerations, lawyers can harness the power of AI to enhance their practice while upholding their ethical obligations. The key lies in viewing AI as a tool to augment 🤖 human expertise, not replace it.

As the legal profession evolves, embracing AI in email and other systems will likely become essential for remaining competitive. However, this adoption must always be balanced against the core ethical principles that define the practice of law.

And Remember, Always Proofread Your Work and Confirm Citations BEFORE Sending Your E-mail (w Use of AI or Not)!!!

🎙️Ep. 106: How Lawyers Can Protect Client Data in the Age of AI - A conversation with Erich Dylus!

/ The Tech-Savvy Lawyer.Page/

Our next guest is Erich Dylus, an attorney and programmer who founded Varia Law, a consulting and programming firm focused on autonomous technology, and CamoText, a fully offline text anonymization tool for secure and compliant AI workflows. In this episode, Erich shares practical strategies for protecting client data in the age of AI, explains how CamoText helps lawyers anonymize sensitive information before using large language models (LLMs), and outlines best practices for maintaining confidentiality. He also offers clear advice on choosing the right AI LLM for specific legal tasks.

Tune in for actionable tips and expert insights on safeguarding privacy while leveraging AI in legal practice and more!

Enjoy!

Join Erich and me as we talk about the following questions and more!

What is our guest's top three tips for maintaining privacy and security when using messaging apps like Signal, WhatsApp, Telegram, Messages, etc.?

What are the top three ways CamoText helps lawyers ensure they maintain their clients’ PII?

What is our guest's top three specific ways for solo or small firm lawyers (or maybe any entrepreneur, for that matter) to use LLMs 

In our conversation, we cover:

[00.37] Tech Setup - Erich’s current tech setup.

[04.46] Messenging - The top three privacy and security maintenance tips for messaging apps.

[10.26] Suspicious Links - The importance of being suspicious about links and files received in messaging apps.

[11.45] CamoText – Erich explains the origin of CamoText.

[15.32] Personally Identifiable Information – CamoText’s features for reducing privacy risks.

[21.43] LLM – Erich’s concerns and suggestions for using LLMs (Large Language Models).

[24.32] Recommendations – Erich shares his recommendations for different LLMs, highlighting their strengths and typical uses.

Resources

Connect with Erich Dylus

LinkedIn - linkedin.com/in/erich-dylus/

                  linkedin.com/company/camotext/

                  linkedin.com/company/varia-law/

Website - camotext.ai/

varia.law/            

Equipment Mentioned in the Podcast

Software & Services Mentioned in the Podcast

🚨 MTC: Government Backdoors - A Looming Threat to Attorney-Client Privilege and Data Security 🔐

/ The Tech-Savvy Lawyer.Page/

Legal Cyber Balance: Safeguarding Client Data While Navigating Government Backdoors and Cyber Threats 🚪💻⚖️

The UK government's recent demand for Apple to create a backdoor to iCloud accounts worldwide has sent shockwaves through the legal community. This unprecedented move raises serious concerns for lawyers on both sides of the Atlantic, particularly regarding their ethical obligations to maintain client confidentiality and safeguard sensitive information.

As attorneys, we have a fundamental duty to protect our clients' confidences. The American Bar Association's Model Rule 1.6 explicitly states that lawyers must make "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client". Similarly, the UK's Solicitors Regulation Authority emphasizes the importance of maintaining client confidentiality.

However, government-mandated backdoors pose a significant threat to these ethical obligations. If implemented, such measures would essentially create a vulnerability that could be exploited not only by law enforcement but also by malicious actors. This puts attorneys in an impossible position: How can we fulfill our duty to safeguard client information when the very systems we rely on are compromised?

Moreover, the implications of such backdoors extend far beyond individual privacy concerns. The attorney-client privilege, a cornerstone of our legal system, could be severely undermined. This privilege exists to encourage open and honest communication between lawyers and their clients, which is essential for effective legal representation. If clients fear that their confidential discussions may be accessed by government agencies, it could have a chilling effect on their willingness to disclose crucial information.

Cybersecurity Crossroads: US & UK Government Interests vs. Hackers vs. Attorney-Client Privilege – The Legal Tightrope in the Digital Age 🌍🔒

To address these challenges, lawyers must take proactive steps to enhance their cybersecurity measures. As discussed in The Tech-Savvy Lawyer.Page Podcast Episode 93, Revolutionizing Law Practice. How Alexander Pakin Leverages Tech 🖥️ for Legal Success! (Part I & Part II), updating security protocols are essential practices for modern law firms. Recall, the ABA MRPC 1.1[8] requires attorneys to be up to date in their use of technology. Additionally, attorneys should consider on-premises storage solutions with zero-trust data access to maintain control over sensitive client data.

It's crucial for legal professionals to stay informed about these developments and advocate for policies that protect client confidentiality. Bar associations and legal organizations should take a strong stance against government-mandated backdoors, emphasizing the potential risks to the justice system and individual rights.

As we navigate this complex landscape, it's clear that the intersection of technology, privacy, and legal ethics will continue to present challenges. However, by remaining vigilant and adapting our practices to meet these challenges, we can uphold our professional responsibilities and protect the fundamental rights of our clients in the digital age.

MTC