How to Talk to Attorneys About AI Ethics and Attorney-Client Privilege

"But what about attorney-client privilege?" If you've ever pitched AI tools to a managing partner, you've heard this question. It's the first objection, the loudest objection, and — when addressed properly — the easiest to resolve. Here's how.

The #1 Objection

When attorneys hear "AI," they think of ChatGPT — a consumer product that ingests everything you type and uses it to improve its models. For a lawyer bound by Rule 1.6 (Confidentiality), typing a client's medical records into ChatGPT would be an ethical violation. Period.

The objection is valid. The mistake is assuming all AI tools work like ChatGPT. They don't. Enterprise legal AI platforms operate under fundamentally different data architectures — and understanding the difference is the key to productive conversations with skeptical attorneys.

ABA Formal Opinion 512

In July 2024, the ABA issued Formal Opinion 512, titled "Generative AI Tools." This opinion provides the framework attorneys need to evaluate AI tools ethically. The key obligations are:

• Competence (Rule 1.1): Attorneys must understand how the AI tool works well enough to assess its reliability.
• Confidentiality (Rule 1.6): Client data shared with AI must remain confidential. This means understanding the vendor's data handling practices.
• Supervision (Rules 5.1/5.3): AI outputs must be reviewed by an attorney — they cannot be used as-is without human oversight.
• Communication (Rule 1.4): Attorneys should consider disclosing AI use to clients when appropriate.
• Billing (Rule 1.5): Fees must be reasonable and transparent about AI-assisted work.

For a full breakdown of how Legience addresses each of these obligations, see our ABA Ethics & Compliance page.

Zero-Knowledge Architecture

This is the concept that resolves 90% of attorney concerns. Here's what "zero-knowledge" means in practice:

• Ephemeral Processing: When you send a query to LegiSearch™ or LegiDraft™, your data is processed in memory and discarded after the response is generated. It is not stored, indexed, or cached by the AI provider.
• No Model Training: Your client data is never — under any circumstances — used to train, fine-tune, or improve any AI model. This is contractually guaranteed.
• Encryption End-to-End: AES-256 encryption at rest, TLS 1.3 in transit. Data is encrypted before it leaves your browser and stays encrypted until it's processed.
• US-Only Hosting: All data processing occurs in AWS US-East regions. No offshore processing, no data leaving US jurisdiction.

In simple terms: it's the difference between telling a secret to someone with perfect amnesia (zero-knowledge AI) versus telling it to someone who writes everything down and shares it with friends (consumer AI). Legience's AI legal research and drafting tools are built on this zero-knowledge foundation.

5 Questions to Ask Any AI Legal Tech Vendor

Before adopting any AI tool, ask these questions. The answers will tell you whether the vendor takes privilege seriously:

1. Is client data used to train your AI models? The only acceptable answer is "No, never, contractually guaranteed."
2. Where is data processed and stored? Look for US-only hosting with named cloud providers (AWS, GCP, Azure).
3. What is your data retention policy? Ephemeral processing (no retention) is the gold standard.
4. Do you have a SOC 2 Type II certification? This demonstrates independently audited security controls.
5. Can you provide a Data Processing Agreement? Any serious vendor will have one ready.

Having the Conversation

When talking to attorneys about AI, lead with their concerns, not your features. Acknowledge that privilege is sacred. Explain that the right AI architecture actually strengthens data protection compared to the email attachments and USB drives that most firms rely on today.

The attorneys who are most resistant to AI are often the ones who care most about their clients. That's a good thing. Channel that concern into due diligence — ask the hard questions, demand architectural answers, and choose tools that treat privilege as a design constraint, not a marketing talking point.

If your firm handles Massachusetts client data, you should also review our 201 CMR 17.00 compliance checklist for AI-specific requirements.

Want to learn more about how Legience protects client data? Visit our Security page or book a demo →