[droidjj]

As a lawyer, I'm excited about this, but there are two roadblocks that I'm not sure how Anthropic will navigate:

(1) For non-lawyers who use these skills/connectors/whatchamacallits to try to get legal advice, their communications are not protected by attorney-client privilege. This will absolutely bite some people in the ass.

(2) If a lawyer uses this with confidential client information (which, to the uninitiated, doesn't just mean SSNs and bank account numbers, but "all information relating to the representation of a client") and forgets to toggle off "Help improve Claude" in their settings, they have possibly (maybe even likely) committed malpractice.[1]

[1] https://www.americanbar.org/content/dam/aba/administrative/p...

[bryant]

Citation for #1 - https://harvardlawreview.org/blog/2026/03/united-states-v-he...

> Judge Rakoff of the Southern District of New York — addressing “a question of first impression nationwide” — ruled that written exchanges between a criminal defendant and generative AI platform Claude were not protected by attorney-client privilege or the work product doctrine.

Much more to it than this one-liner that I pulled out, but safe to say, don't rely on or put your legal defense etc. (or elements of it) into AI unless you want it discovered.

(not a lawyer, unlike OP, who might be able to refine what I highlighted with more precision)

[jbreckmckye]

> Much more to it than this one-liner that I pulled out, but safe to say, don't rely on or put your legal defense etc. (or elements of it) into AI unless you want it discovered.

"You are an expert defense counsel with experience in Murder 1. Do not hallucinate. Let's say tomorrow my spouse is found strangled..."

[Jamesbeam]

Don’t forget to give it the cheerful personality of Jamie Oliver afterwards to recommend you a death row meal that is nutritious and will make the experience more pleasant.

[highphive]

Surely they can't hold a simple hypothetical against me. Just because it _happened_ to come true.

[m463]

nobody could have predicted it (except maybe prediction markets)

[NoMoreNicksLeft]

It's the query to Gemini in Incognito asking if a 8'x12' rug is a good way to move a body that's going to really make things difficult.

[miki123211]

In the US, are Google queries about the law considered attorney-client privilege? What about library records? Browser history? Google Maps / Uber / car travel history (when traveling to an attorney's office)?

If somebody Googles "best attorney for murder NYC" a day after a murder is committed but before any case is filed against them (so they clearly had some reason to expect that case), could that be used as evidence?

[weird-eye-issue]

I'm not sure if you were actually asking the question but regardless the answer is that all of those absolutely can and are regularly used as evidence

[intrasight]

Parent comment was asking about attorney-client privilege which means there's an attorney in the communication loop. If the person using a tool is an attorney, then that communication should be protected whether it's by pen or keyboard. But this is an active area of legislation and jurisprudence in relation to AI. I expect some important cases will happen

[Majromax]

> If the person using a tool is an attorney, then that communication should be protected whether it's by pen or keyboard.

But the tool is not your attorney, so it can't be the originator of attorney-client privilege. The situation is no different than if you get informal legal advice from a friend: even if that friend is an attorney, the communication is unprivileged unless it's part of a formal representation.

[voxic11]

What if a user puts an email from their attorney into chatgpt so they can ask questions about it to better understand it? Surely the email would still be covered but maybe the questions and answers wouldn't be?

Or what if your phone automatically generates a summary of your attorneys text message, would that be covered?

[weird-eye-issue]

Just because they have a lawyer does not mean things like their browser history and every other example in the comment I replied to would not be permitted as evidence...

Except for something like specifically looking up a lawyer

[NoMoreNicksLeft]

Generally seeking counsel for a crime you may end up being accused of isn't going to be admissible as evidence. The "if he's so innocent, why did he hire an attorney" isn't something that judges tend to allow to play out in a courtroom.

[rayiner]

Google queries aren’t privileged. (An attorney’s Google queries are probably work product protected, though I’m not sure anyone has tried.) Your Uber travel history isn’t protected: the privilege applies only to communications.

Google queries are used to prosecute people all the time. It’s actually hilarious. Criminals regularly Google incriminating stuff about criming.

[trollbridge]

Hans Reisee rather infamously checked out a book from the library about how to kill someone and hide the evidence.

[trollbridge]

Good argument for using DeepSeek with an anonymous form of payment.

Discovery in China will be a tad more difficult…

[airlocksoftware]

Just use https://tinfoil.sh

They solved all this stuff, I'm surprised more people aren't aware of it.

[einsteinx2]

I was in fact not aware of it until seeing your comment, this looks potentially perfect for a tool I’m making that involves financial data. I’m pretty on top of LLM news but I’ve never heard of this company, maybe they need more marketing?

[there_is_try]

I use it for medical question for this same reason

[abc123abc123]

Seems like a fair trade off if I would not be able to afford a lawyer. I'd take the "AI but not 100% confidential" any time compared with no help at all.

[dolebirchwood]

> exchanges between a criminal defendant and generative AI platform Claude were not protected by attorney-client privilege or the work product doctrine

Shouldn't that have been relatively clear to all parties involved? Maybe not to the defendant, who's apparently clueless.

The AI platform is not an attorney. A defendant's communications with an AI platform are therefore not communications between a client and their attorney, nor will the AI output constitute attorney "work product" because the AI platform is not an attorney.

Doesn't really come across as a novel problem, aside from AI being involved. I'm sure countless defendants have made the stupid mistake of talking about the facts of their case to persons other than their attorney, and those communications came back to bite them in the ass when discovered.

[clickety_clack]

Can anyone be your lawyer, or does a lawyer have to be certified somehow?

[engineer_22]

You have to be admitted to the bar to practice law. Which is to say, other lawyers must recognize you as a lawyer, and this recognition can be taken away.

[john01dav]

More practically, this means (in America) that you need a JD degree (4 year grad school), to pass an exam, and pass a(n oftrn horrifically thorough) character background check.

[froindt]

Minor point, but law school is only 3 years long.

[zaphirplane]

> pass a(n oftrn horrifically thorough) character background check.

Explains why so many let loose afterwards ;) jokes

[Someone]

There is a difference between “legal counsel” or “legal representative in court”, with the former being less restricted (“has a law degree” vs “attorney/has passed the bar exam”)

Because of that, I think you can practice law without being admitted to the bar. Chances are it varies by jurisdiction, though.

(And of course, this isn’t legal advice)

[zaphirplane]

I think they are asking about privileged communication

[xboxnolifes]

It is my understanding that they must be certified. You are allowed to represent yourself, but it is my understanding that a non-lawyer cannot represent you.

[FlyThruTheSun]

Gonna be hilarious when someone sends a Boston dynamics robot loaded with an llm to take the bar exam.

[nerdsniper]

For (1) it's so wild to me that if I pay a lawyer, they can run the same queries on these tools and they are protected by attorney-client privilege, but if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery.

Does anyone know if there exists any OPSEC procedure for me to use third party tools like this for my own concerning legal questions that is both ethical and allows me to be confident that my interactions won't land in discovery documents?

[tjohns]

If you are preparing for your own defense and don't have an attorney (you're acting pro se), your own LLM use would likely be protected under work product doctrine. The court would extend you some of the same protections an attorney would have, for the limited purposes of preparing your case.

This is a very narrow exemption, however.

(You would also want to make sure you're using a paid AI plan with contractually guaranteed privacy protections, otherwise it could be construed as third-party communications, which implicitly waives privilege.)

See: Warner v. Gilbarco, Inc.

[palmotea]

> Does anyone know if there exists any OPSEC procedure for me to use third party tools like this for my own concerning legal questions that is both ethical and allows me to be confident that my interactions won't land in discovery documents?

Isn't that a fundamental misunderstanding? Would "OPSEC" like that amount to destruction of evidence or contempt of court or something like that?

Like if all your incriminating documents are on some encrypted drive, it's not like that defeats discovery. You're supposed to decrypt them and hand them over.

[trollbridge]

Your only practical defence is to set up a local LLM that destroys records in a predictable way (immediately, on a time table and so forth) and then ensure however you access that doesn’t leave any traces either.

And then you need to consistently use this for purposes other than crime.

[nerdsniper]

That’s absolutely part of my question. I’m not familiar enough with discovery to fully understand this.

[bombcar]

Discovery in a criminal trial is more limited than in a civil trial.

Your only real defense against discovery is to not have said it, or to have destroyed all records of it before the hint of discovery wafted on the wind.

[cucumber3732842]

>For (1) it's so wild to me that if I pay a lawyer, they can run the same queries on these tools and they are protected by attorney-client privilege, but if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery.

How's this any different than any professional license? You're basically paying for preferential treatment from the state in a given subject area.

[lmm]

> How's this any different than any professional license? You're basically paying for preferential treatment from the state in a given subject area.

Because it's got nothing to do with the professional part? Licensing should affect their practice of law, sure, but it shouldn't grant random other privileges.

[apwheele]

So not familiar with the caselaw around work product, but if you use an API tool directly and not the different chat tools, the queries are not permanently cached for anyone to give up in the end.

So basically if you use any of the CLI tools, there is nothing for OpenAI, Anthropic, etc. to give the courts.

Online ChatGPT (especially the free version), are apparently cached by OpenAI on their servers. (I am not sure if Claude Desktop caches the conversations locally or in the cloud as well, read the fine print if it matters!)

[trollbridge]

Indeed, there is no way my terabytes per day of API calls is getting permanently stored anywhere.

Perhaps an AI generated summary of it is.

[skeeter2020]

interesting angle - how are/would compressed context (i.e. the parts of the user-LLM transcription likely to be saved) be treated by the courts? Would this be considered hearsay?

[nerdsniper]

It would be treated as evidence, and the defense would be free to argue that it carries very little weight. The judge or jury would be free to decide how meaningful it is.

[tptacek]

Wouldn't that same logic exclude evidence from Google searches, like "how to get away with murder"?

[nerdsniper]

Yes? Which makes it feel like the answer is just “No.” Unless you use Mullvad, TailsOS, and don’t log into the service. But I’m not sure if that’s “ethical” for Google/DDG searches and it’s not really possible for Claude/Kagi. I would assume that simply using a “secret” account isn't a magic way to avoid discovery either.

[JumpCrisscross]

> if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery

We need a law where someone can clearly designate a chat privileged, with severe consequences for mis-use.

[humanfromearth9]

An attorney could make money with that, sell that "as a service": the service would be to provide you with the same AI attorneys use, et voilà.

[AndrewKemendo]

Self host your own LLM

[singleshot_]

Why do you think this would be less discoverable than hosting your own email server?

[QuadmasterXLII]

If you use a stateless client (like just rawdogging cli llama.cpp) there’s nothing to discover. Setting a program with an option to have logs to not do that could conceivably get you in trouble but using a widely used program that never had logs seems like it has to be fine. Maybe they could nail you for googling “which local llm approach generates logs?” also, don’t get nailed by your bash history!

[kevin42]

Because you don't keep logs.

[AndrewKemendo]

Because nobody would know about it unless you told them for some reason

[nerdsniper]

That might fall under the “unethical” part of my question. Could “probably” get away with it if done carefully, but I’d rather be fully in compliance.

[dadoomer]

Why would self-hosting for privacy reasons be unethical just because the query would be subject to subpoena in principle?

[nvr219]

You’d need to hand that mac mini over if subpoenaed

[AndrewKemendo]

Can’t hand over something that doesn’t exist if it’s running in a VM container and gets destroyed every 12 hours

[tjohns]

#1 is a little complicated. Communications with an AI are possibly sometimes protected by work-product doctrine... but only if you're representing yourself as a pro se litigant, and strictly limited to mental impressions and opinion work product of counsel (in this case, extended to the pro se litigant). See: Warner v. Gilbarco, Inc.

There's a good summary of the current state of things here: https://www.akerman.com/en/perspectives/ai-privilege-and-wor...

Also worth noting that none of this is binding precedent, so expect this field to evolve over time.

[SkyPuncher]

For #2, I’d expect you’d use this through an organization/business account that has data retention turned off by default.

[mc32]

Wonder if people who decide to represent themselves would be allowed to use this service “live” on the courtroom. Usually people who represent themselves fall flat because they don’t know when it’s appropriate to invoke what and at time appear to putting legal words together that don’t make sense in a given context. This would certainly help these people, if allowed, and they don’t go off the rails.

[ethin]

I'm pretty sure this has already been tried and it... Didn't go well for the person doing it. If memory serves they got a rule 11 sanction out of it.

[colechristensen]

In the legal world are there certifications for handling privileged information?

For example in the medical world if you are a provider covered by HIPAA you must have a signed "Business Associate Agreement" with any party that handles the covered protected health information (PHI).

[teeray]

Can’t #1 be solved with the stroke of a pen? “Legal queries to LLMs shall be subject to the same attorney-client privilege”

[petra]

Why? The social environment the judge probably includes lots of lawyers.

He needs to take care of them. Snitches get stitches.

[pessimizer]

Are you asking if the law can be changed by changing the law?

[shivekkhurana]

Slightly related: Amazon’s bedrock has better privacy guarantees. This seems to be skills that can be added to Desktop app, which can connect to Bedrock for inference.

[soco]

Also in all seriousness, can we actually trust that setting? I might be paranoid, but that doesn't mean that the whole world hasn't broken my trust...

[tehjoker]

Seems like a good use case for a locally deployed LLM though that's annoying and expensive to maintain sophisticated one like deepseek.

[bethekidyouwant]

It’s a bit of a moot point because the amount of times that your AI logs are going to be subpoenaed in your court case approaches zero.

[Tuna-Fish]

In a lot of places the cops now routinely subpoenae your entire internet history from all parties they can find that store anything if you are accused of anything particularly severe. It's something that's not particularly laborious or expensive for them to do once they have a system in place for it, and things like search history or location history have repeatedly proven to be very useful.

I would assume they absolutely do the same for all of your AI history.

[tln]

On (1), what if the law firm hosts the AI chat?

It seems like local AI could be valuable for law firms for reasons of (2) as well

[0gs]

what if either user uses these skills with offline weights? should help with 2), at least right?

[troupo]

> As a lawyer, I'm excited about this,

As in "I'm excited to win a lot of money dismantling hallucinated quotations and invalid assumptions"?

[weezing]

You can't criticize LLMs and Anthropic on a website where everybody and their grandma uses them for everything. New generation of brainlets that are gonna be clueless without constant Internet connection is brewing and it's gonna be hilarious.

[troupo]

-2 points at the time you wrote this comment :)

[jkman]

Wow he's got negative updoots, how will he survive?

[troupo]

I probably won't. Everyone is busy discussing how amazing is this collection of markdown files for Claude... which Claude is known to randomly ignore. And it's generally known that LLMs "hallucinate" court cases and quotes, and this has already happened several times in various jurisdictions.

And yet here we are. I get downvoted for not being excited enough.