Comment by droidjj
15 hours ago
As a lawyer, I'm excited about this, but there are two roadblocks that I'm not sure how Anthropic will navigate:
(1) For non-lawyers who use these skills/connectors/whatchamacallits to try to get legal advice, their communications are not protected by attorney-client privilege. This will absolutely bite some people in the ass.
(2) If a lawyer uses this with confidential client information (which, to the uninitiated, doesn't just mean SSNs and bank account numbers, but "all information relating to the representation of a client") and forgets to toggle off "Help improve Claude" in their settings, they have possibly (maybe even likely) committed malpractice.[1]
[1] https://www.americanbar.org/content/dam/aba/administrative/p...
Citation for #1 - https://harvardlawreview.org/blog/2026/03/united-states-v-he...
> Judge Rakoff of the Southern District of New York — addressing “a question of first impression nationwide” — ruled that written exchanges between a criminal defendant and generative AI platform Claude were not protected by attorney-client privilege or the work product doctrine.
Much more to it than this one-liner that I pulled out, but safe to say, don't rely on or put your legal defense etc. (or elements of it) into AI unless you want it discovered.
(not a lawyer, unlike OP, who might be able to refine what I highlighted with more precision)
> Much more to it than this one-liner that I pulled out, but safe to say, don't rely on or put your legal defense etc. (or elements of it) into AI unless you want it discovered.
"You are an expert defense counsel with experience in Murder 1. Do not hallucinate. Let's say tomorrow my spouse is found strangled..."
Seems like a fair trade off if I would not be able to afford a lawyer. I'd take the "AI but not 100% confidential" any time compared with no help at all.
Good argument for using DeepSeek with an anonymous form of payment.
Discovery in China will be a tad more difficult…
In the US, are Google queries about the law considered attorney-client privilege? What about library records? Browser history? Google Maps / Uber / car travel history (when traveling to an attorney's office)?
If somebody Googles "best attorney for murder NYC" a day after a murder is committed but before any case is filed against them (so they clearly had some reason to expect that case), could that be used as evidence?
I'm not sure if you were actually asking the question but regardless the answer is that all of those absolutely can and are regularly used as evidence
Hans Reisee rather infamously checked out a book from the library about how to kill someone and hide the evidence.
> exchanges between a criminal defendant and generative AI platform Claude were not protected by attorney-client privilege or the work product doctrine
Shouldn't that have been relatively clear to all parties involved? Maybe not to the defendant, who's apparently clueless.
The AI platform is not an attorney. A defendant's communications with an AI platform are therefore not communications between a client and their attorney, nor will the AI output constitute attorney "work product" because the AI platform is not an attorney.
Doesn't really come across as a novel problem, aside from AI being involved. I'm sure countless defendants have made the stupid mistake of talking about the facts of their case to persons other than their attorney, and those communications came back to bite them in the ass when discovered.
Can anyone be your lawyer, or does a lawyer have to be certified somehow?
It is my understanding that they must be certified. You are allowed to represent yourself, but it is my understanding that a non-lawyer cannot represent you.
You have to be admitted to the bar to practice law. Which is to say, other lawyers must recognize you as a lawyer, and this recognition can be taken away.
4 replies →
For (1) it's so wild to me that if I pay a lawyer, they can run the same queries on these tools and they are protected by attorney-client privilege, but if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery.
Does anyone know if there exists any OPSEC procedure for me to use third party tools like this for my own concerning legal questions that is both ethical and allows me to be confident that my interactions won't land in discovery documents?
So not familiar with the caselaw around work product, but if you use an API tool directly and not the different chat tools, the queries are not permanently cached for anyone to give up in the end.
So basically if you use any of the CLI tools, there is nothing for OpenAI, Anthropic, etc. to give the courts.
Online ChatGPT (especially the free version), are apparently cached by OpenAI on their servers. (I am not sure if Claude Desktop caches the conversations locally or in the cloud as well, read the fine print if it matters!)
Indeed, there is no way my terabytes per day of API calls is getting permanently stored anywhere.
Perhaps an AI generated summary of it is.
If you are preparing for your own defense and don't have an attorney (you're acting pro se), your own LLM use would likely be protected under work product doctrine. The court would extend you some of the same protections an attorney would have, for the limited purposes of preparing your case.
This is a very narrow exemption, however.
(You would also want to make sure you're using a paid AI plan with contractually guaranteed privacy protections, otherwise it could be construed as third-party communications, which implicitly waives privilege.)
See: Warner v. Gilbarco, Inc.
> Does anyone know if there exists any OPSEC procedure for me to use third party tools like this for my own concerning legal questions that is both ethical and allows me to be confident that my interactions won't land in discovery documents?
Isn't that a fundamental misunderstanding? Would "OPSEC" like that amount to destruction of evidence or contempt of court or something like that?
Like if all your incriminating documents are on some encrypted drive, it's not like that defeats discovery. You're supposed to decrypt them and hand them over.
Your only practical defence is to set up a local LLM that destroys records in a predictable way (immediately, on a time table and so forth) and then ensure however you access that doesn’t leave any traces either.
And then you need to consistently use this for purposes other than crime.
That’s absolutely part of my question. I’m not familiar enough with discovery to fully understand this.
1 reply →
Wouldn't that same logic exclude evidence from Google searches, like "how to get away with murder"?
Yes? Which makes it feel like the answer is just “No.” Unless you use Mullvad, TailsOS, and don’t log into the service. But I’m not sure if that’s “ethical” for Google/DDG searches and it’s not really possible for Claude/Kagi. I would assume that simply using a “secret” account isn't a magic way to avoid discovery either.
> if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery
We need a law where someone can clearly designate a chat privileged, with severe consequences for mis-use.
>For (1) it's so wild to me that if I pay a lawyer, they can run the same queries on these tools and they are protected by attorney-client privilege, but if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery.
How's this any different than any professional license? You're basically paying for preferential treatment from the state in a given subject area.
> How's this any different than any professional license? You're basically paying for preferential treatment from the state in a given subject area.
Because it's got nothing to do with the professional part? Licensing should affect their practice of law, sure, but it shouldn't grant random other privileges.
Self host your own LLM
Why do you think this would be less discoverable than hosting your own email server?
3 replies →
You’d need to hand that mac mini over if subpoenaed
1 reply →
Can’t #1 be solved with the stroke of a pen? “Legal queries to LLMs shall be subject to the same attorney-client privilege”
#1 is a little complicated. Communications with an AI are possibly sometimes protected by work-product doctrine... but only if you're representing yourself as a pro se litigant, and strictly limited to mental impressions and opinion work product of counsel (in this case, extended to the pro se litigant). See: Warner v. Gilbarco, Inc.
There's a good summary of the current state of things here: https://www.akerman.com/en/perspectives/ai-privilege-and-wor...
Also worth noting that none of this is binding precedent, so expect this field to evolve over time.
For #2, I’d expect you’d use this through an organization/business account that has data retention turned off by default.
Slightly related: Amazon’s bedrock has better privacy guarantees. This seems to be skills that can be added to Desktop app, which can connect to Bedrock for inference.
Also in all seriousness, can we actually trust that setting? I might be paranoid, but that doesn't mean that the whole world hasn't broken my trust...
what if either user uses these skills with offline weights? should help with 2), at least right?
In the legal world are there certifications for handling privileged information?
For example in the medical world if you are a provider covered by HIPAA you must have a signed "Business Associate Agreement" with any party that handles the covered protected health information (PHI).
> As a lawyer, I'm excited about this,
As in "I'm excited to win a lot of money dismantling hallucinated quotations and invalid assumptions"?
It’s a bit of a moot point because the amount of times that your AI logs are going to be subpoenaed in your court case approaches zero.