Why You Need to Discuss Generative AI with Your Clients---Before It's Too Late
Lawyers Need To Do More Than Just Inform Clients That They Are Using AI.
image created by Dall-e
To date, one of the biggest concerns lawyers have surrounding GenAI is privacy. I've heard from lawyers and judges alike that they worry about what large language models (LLMs) will do to and with their clients' data. Countless hours and hundreds of thousands of dollars are being spent on securing client privacy through private data lakes, RAGs1, fine-tuning LLMs, and other measures. Yet lawyers and law firms are likely overlooking a preventable source of client confidentiality slippage.
The Temptation of Convenience
Lawyers are adopting GenAI because of the convenience it brings. But it also brings a peril that you might not have considered. I've written about the importance of talking to your clients about your firm's use of AI. I've even suggested ways to address your use of AI with your clients. But there is another topic we need to address. As with any potent technology, it comes with significant risks--one of the most pressing being the potential for breaching client confidentiality--not by you entering your clients' information into an LLM, but by what your client types into an LLM. It is imperative that lawyers initiate conversations with their clients about their clients’ use of GenAI, especially before any (more) confidential information is unintentionally exposed and privileges are in jeopardy. In other words, you need to be contacting your clients today.
Imagine a scenario where your client inputs sensitive information from a document they received from you, their attorney, into a GenAI tool like ChatGPT. It might be an email or status update letter, answers to discovery requests to review, or various other legal documents. The client might be seeking clarity, a deeper understanding, advice, or even "double checking" their lawyer's work. The client might even just be curious. What they likely will not realize is that this act, done in the interest of convenience or curiosity, could lead to a waiver of certain privileges.
When a client inputs confidential information into a GenAI model, they could be seen as sharing that information with a third party. This action can potentially:
Waive Attorney-Client Privilege
Waive Attorney Work-Product Privilege
Expose sensitive information to discovery
Violate confidentiality agreements
The Fragility of Privacy, Work-Product, and Privileges
There are several issues that we must consider when thinking about the implications of your client feeding privileged communications into a Generative AI tool: Attorney Work-Product protections, Attorney-Client Privilege, and Professional Responsibility issues.
Attorney Work-Product
The Attorney Work-Product privilege is embodied in Federal Rule of Civil Procedure 26(b) and analogous state procedural rules, along with a great deal of common law. Under the Work-Product privilege, the attorney's mental impressions, conclusions, opinions, and legal theories are protected from disclosure to the opposing party. That is true even if an adverse party can show sufficient need to obtain a court order requiring the disclosure other documents and things prepared in anticipation of litigation.
Although your mental impressions, conclusions, and theories normally receive a very high level of protection, that protection can still be waived. We are still in the early days of litigation regarding the use of GenAI, and so must act more cautiously rather than less so. No one wants to be the next ‘ChatGPT Lawyer’ who misunderstood the technology.
A client typing information about their case into a GenAI tool is not generally worrisome, but it is potentially problematic for them to enter confidential or privileged information into a GenAI tool. Allow me to suggest a few scenarios that could arguably lead to waiver of a privilege.
During an appointment, you discuss your strategy of the case with your client, including your mental impressions. When they get back to the office, they type your mental impressions and strategy into a GenAI tool, asking if it is good advice.
The same scenario, except you send an email to your client laying out your strategy for their case and your mental impressions, and they subsequently feed that into a GenAI tool at home, asking for explanations of what it means.
The same scenario as the first example, except that after they type in confidential information, they share a link to their chat with a friend or on social media, which, by the way, can be accomplished frighteningly easily, in 2 mouse clicks.
In each of these examples there is an argument to be made that the client has waived Attorney Work-Product privilege. Generative AI tools that your clients are using might not be private. This is especially true if they are using a free version, or are using an employer’s resources by having a chat at work on a work computer. Their input and the model’s output, especially if their issue involves unusual facts, could be stored in locations accessible to third parties. Lawyers are cautious about putting confidential information into GenAI tools in order to avoid violating confidentiality and must educate their clients about the same.
Attorney-Client Privilege
The Attorney-Client privilege is the oldest common law privilege. In re Teleglobe Communications Corp., 493 F.3d 345 (3rd Cir. 2007). Today it can be found in various federal and state rules of evidence and professional conduct. Some of these include Rules 501 and 502 of the Federal Rules of Evidence, along with equivalent state laws; Model Rule of Professional Conduct 1.6, and equivalent state rules of professional conduct.
The specific application of Attorney-Client Privilege can vary based on jurisdiction and circumstances, but here are some widely accepted principles. The burden of establishing the existence of the Privilege lies with the party asserting it. United States v. Graf, 610 F.3d 1148, 1156 (9th Cir. 2010). Attorney-Client Privilege should be strictly construed, because it inhibits full and truthful disclosure. In re Lindsey, 158 F.3d 1263 (D.C. Cir. 1998) (holding the purpose of Attorney-Client Privilege is to encourage full and open communication between lawyer and client, but should not be construed broadly because such is in derogation of the truth). The Privilege belongs to the client. It is theirs to maintain or to waive. H. Sampson Children’s Trust v. L. Sampson 1979 Trust, 271 Wis.2d 610, 2004 WI 57, 679 N.W.2d 794 (Wis. 2004); Losavio v. Dist. Court, 188 Colo. 127, 133, 533 P.2d 32, 35 (1975). The burden of establishing a waiver or an exception lies with the party seeking to overcome the Privilege. Wesp v. Everson, 33 P.3d 191, 198 (Colo. 2001).
The Attorney-Client Privilege might be waived in several ways, most relevant of which for our purposes are implied waiver and subject matter waiver. A client might impliedly waive their Attorney-Client Privilege by disclosing privileged communications to a third party. See, eg, Wesp, 33 P.3d at 198 (holding that "if a communication to which the privilege has previously attached is subsequently disclosed to a third party, then the protection afforded by the privilege is impliedly waived"). An implied disclosure must be voluntary. However, the disclosing person “need not be aware that the communication was privileged, nor specifically intend to waive the privilege.” Restatement (Third) of the Law Governing Lawyers: Section 79(f).
It is currently unclear whether a client entering Attorney-Client protected information into a GenAI tool is sufficient to be deemed a waiver of that privilege—either the entire Attorney-Client Privilege or just subject matter privilege. Some of the most important factors to consider are what the specific End User License Agreement or Terms of Service for the GenAI tool state, the understanding of the client, and perhaps most importantly how the AI tool processes and stores information.
There are a number of situations where clients might be deemed to have voluntarily, though inadvertently, waived Attorney-Client Privilege. Consider these examples.
Your client, out of curiosity or convenience, types the confidential advice you gave them into a GenAI tool like ChatGPT, Claude, Grok, or Bing CoPilot, and asks if the AI tool agrees with your analysis. The case involves very unusual facts. The prompts the client typed in and the output are likely stored on the platform’s system, and used to train their subsequent models.
Same scenario, except that after typing in the information and asking if your advice was sound, the client shares that chat with a friend, or on social media, which again, can be accomplished in 2 easy mouse clicks.
Opposing counsel makes a discovery request such this:
Produce all documents, records, and data relating to any and all interactions with Generative AI tools, including but not limited to chat requests, chat prompts, history, outputs, and any associated metadata regarding [your case]. This request includes any logs, transcripts, recorded sessions, and other documents--electronic or otherwise--reflecting communications with or outputs generated by the use of such AI tools.
Your client brings in a GenAI tool’s output. The printout contains sensitive information. The information was exchanged with the GenAI tool before the client ever spoke with you. Had they spoken with you first, it is the type of information that would have been protected by Attorney-Client Privilege, but now there is some doubt as to whether they have already waived Privilege.
Any of these might be deemed an implied waiver, or even just subject matter waiver. If it is a criminal case, the prosecutor should be subpoenaing chat histories, just like they would Google search histories. And if you are in the civil arena, you should be requesting chat histories in discovery.
Until we gain clarity on this, either through court rules, laws, or cases, it is imperative that we act always in the interests of our clients. Lawyers' duties of confidentiality, competence, and care require that we educate our clients about the risks of their using GenAI with their legal issues.
Professional Responsibility
American Bar Association Model Rule of Professional Responsibility 1.6(a) states that lawyers shall not reveal information relating to their clients with a few exceptions, but also places an affirmative duty on the attorney. The lawyer must take "reasonable efforts" to prevent others from obtaining information regarding the representation. Comment 18 to that rule sets out an affirmative duty to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer. Make sure that your associates also aren't using unauthorized GenAI, and that your clients aren’t using GenAI that could put them at risk..
Most GenAI tools, including popular ones like ChatGPT, operate on vast datasets and rely on cloud-based servers to process and generate responses. While these tools offer a semblance of privacy and are often secure, they are not governed by the same strict confidentiality standards that bind lawyers. Information input into these models can potentially be stored, analyzed, or even repurposed by the service provider, creating a significant risk that sensitive client data could be exposed or misused.
Bar Opinions
Although as of the date of this writing there are no state bar opinions specifically addressing the issue of instructing your clients about their use of GenAI tools, there are some instructive opinions that touch on related technological issues. For example, New York State Bar Association Ethics Opinion 1240 addresses lawyers' need to understand the technology on their smartphones when an application attempts to gain access to all contacts, where client contacts are on the phone. It required lawyers to take reasonable precautions to protect client information stored on their smartphones. The Florida State Bar Advisory Opinion 12-3 (2013) discusses lawyers' responsibilities to protect their clients' information while using cloud computing and technology. Further, the California State Bar issued Formal Opinion No. 2020-203. This opinion addresses lawyers’ ethical duties of competence and confidentiality when using technology and remote work options, even if a device is accidentally lost or stolen. The logical extension of these opinions is that we must use competence and educate our clients as needed in regard to the newest technology, generative artificial intelligence.
These cases indicate that the bar associations are expecting lawyers to carefully consider their use of technology, and how it affects their clients’ privacy. In addition to protecting your use of technology, consider how you can educate your clients in order to maintain their privacy. Until you have clarity from your state bar, err on the side of caution.
Legal and Ethical Implications
The cornerstone of the attorney-client relationship is trust, underpinned by the assurance of confidentiality. When a client unknowingly compromises this confidentiality by using GenAI, it can lead to serious legal and ethical consequences. If privileged information is disclosed or if the opposing counsel gains access to inadvertently shared details, it could damage the client's case or even result in legal malpractice claims against .
Moreover, the use of GenAI tools by clients can complicate the discovery process. If a client utilizes an AI tool to double-check their lawyer, or to better understand information they received from their lawyer, these chats and the resulting output may become discoverable and admissible against that client.
Client Education
Given these risks, it is critical that lawyers engage in early and proactive discussions with their clients about the use of GenAI. Make your clients aware that while these tools can be incredibly helpful, they should never be used to input, analyze, or share confidential legal information such as that protected by Attorney-Client Privilege. Likewise inform your clients that they should not put anything amounting to your Work-Product into a GenAI tool. Until this issue is settled, you should provide clear guidelines to your clients on when not to use GenAI tools, emphasizing the importance of maintaining the benefits of privileged communications.
Consider adding these warnings to your engagement letters to make your clients aware of potential risks associated with them. By incorporating these discussions into the initial client onboarding process, lawyers can help ensure that their clients are better-informed and protected from inadvertent breaches of confidentiality.
The Role of Lawyers in the Age of AI
Since GenAI is still shrouded in uncertainty in many ways in the legal arena, act in an abundance of caution. Make sure your clients know not to put Attorney Work-Product communications and Attorney-Client Privileged information into any GenAI tools, just as you would warn them about waiving these privileges in other ways. Until the reprecussions of our clients’ use of these tools are more widely known, lawyers must stay ahead of the curve--not only by adopting these technologies themselves but also by warning their clients about the complexities and potential pitfalls associated with them. The responsibility of maintaining client confidentiality does not diminish with the advent of new technology; rather, it becomes more complex and demands greater vigilance.
The rise of generative AI in the legal field is both an opportunity and a challenge. Lawyers must take the lead in educating their clients about the risks associated with these tools, ensuring that the convenience of AI does not come at the cost of confidentiality.
© 2024 Amy Swaner. All rights reserved.
Retrieval-Augmented Generation is a technique used in natural language processing where the AI model retrieves relevant information from a specific database of information in order to improve the accuracy of the generated text.