Paranoid Androids[1]: Artificial Intelligence, In-House Counsel, and the Attorney-Client Privilege

Many things go without saying. But the fact that attorneys wear many hats—especially those working as in-house counsel—shouldn’t be one of them. These professionals must not only appear Janus-like in their ability to vacillate between roles on demand, but they must now do so while wrangling their new, un-bonnetable teammate, Artificial Intelligence.

As the Chamber of Commerce observed, “[i]n circumstances tragic and ordinary, involving issues mundane and groundbreaking, [in-house] lawyers are called upon to advise businesses on problems with legal and nonlegal dimensions” all the time.[2] Indeed, the Washington Legal Foundation rightly notes that “few corporate communications with counsel are ever solely [for the purpose of seeking or rendering] legal advice.”[3]

Underlying each of these communications is the ever-present question: Will they be subject to future disclosure in litigation? Of course, the attorney-client privilege generally covers those seeking or providing legal advice, but what happens when counsel replies with AI-generated (or -assisted) communications? Does the privilege extend there as well? If so, how far?

This article first presents a general primer on attorney-client communications to answer those questions. Next, it assesses confidentiality considerations that come into play when using AI and offers suggestions as to best practices for in-house counsel to ensure their communications receive as much protection as possible.

  1. The Attorney-Client Privilege

First recognized in the 16th century,[3] the safeguarding of confidential attorney-client communications “is the oldest of the privileges . . . known to the common law.”[5] At bottom, it shields from disclosure confidential communications between an attorney and his or her client made to obtain or provide legal advice.[6] The Supreme Court has long recognized that “for the attorney-client privilege to be effective, it must be predictable.”[7] The Court has stressed that “[a]n uncertain privilege, or one which purports to be certain but results in widely varying application by the courts, is little better than no privilege at all.”[8]

For qualifying communications, the privilege is absolute and indefinite. As a result, courts generally construe its application narrowly, limiting its scope to those communications with key indicia suggesting protection is necessary.

To that end, there are three essential elements companies must be able to show in seeking to claim the privilege for any given communication: (1) the existence of an attorney-client relationship; (2) that the communication relates to legal advice; and (3) that it is kept confidential. We briefly address all three elements.

  1. Element 1: The Existence of an Attorney-Client Relationship

Courts are unanimous in holding that the attorney-client privilege belongs to the client, whether that client is an individual or a corporate entity. In the corporate context,[9] the default assumption is that any communications between counsel and employees are done to advance corporate representation.

Unsurprisingly, courts universally agree that corporations can enjoy the privilege with their counsel—in-house and outside. At the same time, [m]any courts have relied on two rebuttable presumptions (though often not stated expressly) regarding the role of the lawyer in determining the nature of the advice: (1) if outside counsel is involved, the confidential communication is presumed to be a request for and the provision of ‘legal advice’; and (2) if in-house counsel is involved, the presumption is that the attorney’s input is more likely business than legal in nature. As a result, most of the courts apply ‘heightened’ scrutiny to communications to and from in-house counsel in determining attorney-client privilege.[10]

A similar presumption has arisen that an attorney employed in the legal department of a corporation is employed to provide legal advice, but one employed in the business or management side is not.[11] To that end, assigning in-house attorneys to business projects to try to secure the privilege in prospective litigation for business decisions will be subject to heightened scrutiny.

Thus, to qualify for protection, the in-house lawyer’s communications must, at a minimum, meet the other requirements for receiving the privilege (they must relate to the confidential provision of legal advice). The mere fact that a corporate officer has a law degree will not insulate from compelled disclosure communications between him or her and other employees.

  • Element 2: The Communication Must Relate to Legal Advice

There are generally four protected types of communications: (1) the client’s relaying of facts that the lawyer needs to provide legal advice; (2) the client’s request for legal advice; (3) the lawyer’s request for facts that the lawyer needs to provide legal advice; and (4) the lawyer’s legal advice if the advice reflects the client’s confidences. Typically, communications between a corporation’s lawyer and employees of corporate affiliates are subject to protection.

  • Element 3: The Expectation of Confidentiality and the Risk of Waiver

Though related, the attorney-client privilege’s confidentiality requirement and the potential for waiver are distinct concepts. As to the former, if there is no expectation of confidentiality at the time a communication occurs, the privilege never attaches. For example, when a third party either searches for and discovers the communication, or otherwise is able to stumble upon it. In both situations, a court will likely determine either that (1) the communication or document never deserved privilege protection in the first instance due to sloppy handling or (2) the privilege once existed but has since been lost. Either way, companies should ensure that communications for which they plan to seek protection are secure and accessible by only those within its corporate hierarchy who are allowed to make legal decisions on the company’s behalf.

Unlike confidentiality, waiver occurs when the client divulges an already protected communication to a third party, despite reflecting an initial desire for confidentiality. It generally occurs in three situations.

The first is when the client shows an intent to disclose a privileged communication to outsiders. This can occur before the client discloses the communication, so long as it has sufficiently documented a desire to do so. The second—and most obvious way, particularly when it comes to AI—is through the actual disclosure of privileged information.[12] To that end, waiver can occur regardless of the client’s intent to do so. As the Restatement makes clear, “[t]he disclosing person need not be aware that the communication was privileged, nor specifically intend to waive the privilege.”[13] And the third way a claiming party can lose the privilege is through implied waiver based on the client’s conduct—again, something about which counsel using AI should be wary.

In limited circumstances, courts have continued to protect communications even when they were shared with a company’s outside consultants, so long as those third parties are integral members of the team assigned to deal with the pertinent issues or otherwise facilitate communication.[14] Still, for the privilege to apply, there must be a reasonable expectation that no other third parties will discover the communications’ contents.

  1. Best Practices for In-House Counsel and AI

Against this backdrop, how should in-house counsel address the intersection of the attorney-client privilege and AI?

Well, first things first. We need to define what we mean when we say “AI.” At bottom, the umbrella term “Artificial Intelligence” encompasses machines that are capable of imitating human functions and, over time, mimicking our thought processes. Though the concept has been around for some time, “the potential business and growth opportunities created by AI have exploded with the advent of commercially available generative AI,” like ChatGPT and others targeted toward the legal profession that generate text, images, and other content based on specific input from which the model was trained.[15] For in-house counsel, generative AI can be helpful in everything from drafting contracts to conducting preliminary research and data interpretation/analysis in response to basic legal questions. But for AI to “generate” that work product, counsel has to input the necessary data to get the most useful output.

Of course, attorneys have a professional obligation to maintain the confidentiality of their clients’ information, and this continues to apply when generative AI tools are used to assist with legal work. In many ways, “the confidentiality-related risks associated with generative AI are the same as the now-familiar risks that apply whenever attorneys use software programs such as email, cloud storage, or Internet search engines: they may involve inherent or inadvertent disclosures, and may be vulnerable to hacking and other security breaches.”[16]

However, generative AI presents novel issues that warrant additional precautions. As Carole Basri has observed, counsel should be concerned with AI’s ability “not only to ingest confidential or sensitive information but also to automatically reproduce it, including in ways that may be unpredictable.”[17] Put differently, “if any of the data that is provided to a model in the course of its training constitutes confidential or sensitive information, there is a risk that the data could be intentionally or inadvertently disclosed or used later by a generative AI tool deploying the same model.”[18]

In-house counsel using AI to draft (or assist with) their communications should consider taking the following steps to avoid inadvertently voiding or waiving the attorney-client privilege:

  • Evaluate AI Tools: Identify, vet, and secure prior approval for any new AI tools.[19] In other words, in-house counsel needs to collectively agree on which tools their company will use before anyone actually does. This entails monitoring new and developing AI technologies and ensuring there is a conscious and deliberative choice to use new tools as they appear on the market. Put another way, make sure you read the dust jacket and search the author/publisher before you buy the book with the flashy cover.[20]
  • Consider the Source: If the AI tool is public or open source, rather than internal or proprietary, then allowing access to company data could compromise confidentiality. This is a crucial part of the vetting process because inputting confidential materials into widely available generative AI tools will likely result in waiver, especially where the information can be accessed through the output generated to third parties.
  • Affirmatively Address Confidentiality Concerns: Users often assess an AI model’s utility based on its ability to improve its algorithm through input data. Therefore, counsel should implement safeguards to prevent disclosure of the company’s privileged, sensitive, or material nonpublic information through these inputs. Attorneys need to learn how information is stored and secured by each generative AI tool and its provider before deciding whether to use it. To that end, “[v]ery few tools currently provide the level of protection clients (and regulators) would expect from their counsel, and while it is becoming more commonplace, it is still not ubiquitous that in-house counsel are seeking assurances from their external counsel about how tools and technologies are being responsibly deployed to secure their information.”[21]
  • Do Not Input Privileged Communications: Entering privileged information and communication can risk waiving the privilege because the information and communication could be stored, used, and potentially accessed by third parties.[22] Along with the potential loss of privilege protections through the inadvertent disclosure of inputs, it is possible courts may find the outputs of certain generative AI tools are not found protectable under the attorney-client privilege for the same reasons discussed above—for example, where a model reproduces the same content in an output for a third party.

****

As Gandalf told Frodo in the Lord of the Rings, “It’s a dangerous business . . . going out your door. You step onto the road, and if you don’t keep your feet, there’s no telling where you might be swept off to.” At this early stage of our collective adventure with AI, it is more important now than ever to ensure that we keep our wits about us, lest we lose our footing and inadvertently harm the very clients we have sworn to protect.


[1] Radiohead, Paranoid Android, on O.K. Computer (Capitol Records 1997).

[2] Chamber of Com. Amicus Br. 24, In re Grand Jury, U.S. (No. 21-1397).

[3] Wash. Legal Found. Amicus Br. 3, In re Grand Jury, U.S. (No. 21-1397).

[4] See A. Kenneth Pye, Fundamentals of the Attorney-Client Privilege, 15 Practical Lawyer 15, 16 (1969).

[5] Upjohn Co. v. United States, 449 U.S. 383, 389 (1981); accord United States v. Louisville & Nashville R.R. Co., 236 U.S. 318, 336 (1915) (“The desirability of protecting confidential communications between attorney and client as a matter of public policy is too well known and has been too often recognized by textbooks and courts to need extended comment now.”); Hunt v. Blackburn, 128 U.S. 464, 470 (1888) (explaining that the attorney-client privilege is “founded upon the necessity, in the interest and administration of justice, of the aid of persons having knowledge of the law and skilled in its practice”); Conn. Mut. Life Ins. Co. v. Schaefer, 94 U.S. 457, 458 (1876) (“If a person cannot consult his legal adviser without being liable to have the interview made public the next day by an examination enforced by the courts, the law would be little short of despotic. It would be a prohibition upon professional advice and assistance.”); Mitchell v. Superior Ct., 37 Cal. 3d 591, 599–600 (1984) (“The attorney-client privilege has been a hallmark of Anglo-American jurisprudence for [more than] 400 years,” which “our judicial system has carefully safeguarded with only a few specific exceptions.”).

[6] See Fisher v. United States, 425 U.S. 391, 403 (1976); Restatement (Third) of the Law Governing Lawyers § 68 (2000).

[7] United States v. Jicarilla Apache Nation, 564 U.S. 162, 183 (2011) (emphasis added).

[8] Upjohn, 449 U.S. at 393.

[9] Some courts have applied a higher burden on companies than they do for individuals asserting the privilege. See Preferred Care Partners Holding Corp. v. Humana, Inc., 258 F.R.D. 684, 689 (S.D. Fla. 2009). This, however, appears to be the minority approach.

[10] Lindley v. Life Investors Ins. Co. of Am., 267 F.R.D. 382, 389 (N.D. Okla. 2010).

[11] Breneisen v. Motorola, Inc., No. 02 C 50509, 2003 WL 21530440, at *3 (N.D. Ill. July 3, 2003) (“There is a presumption that a lawyer in a legal department of the corporation is giving legal advice, and an opposite presumption for a lawyer who works on the business or management side.”).

[12] We note that in some situations, courts have applied the “subject-matter waiver doctrine,” which requires a client that has waived the privilege to disclose all privileged communications on the same subject.

[13] Restatement (Third) of Law Governing Lawyers § 79 cmt. g (2000).

[14] F.T.C. v. GlaxoSmithKline, 294 F.3d 141, 148 (D.C. Cir. 2002).

[15] Emily Westridge Black, K. Mallory Brennan, and Abdul Althebaity, 6 Focus Areas for Companies Managing the Risks of AI Use, Law 360 (January 12, 2024), https://www.law360.com/articles/1784165/6-focus-areas-for-companies-managing-the-risks-of-ai-use.

[16] Carole Basri, Confidentiality, Attorney-Client Privilege, and Work Product Doctrine: Safeguarding Sensitive Information and Materials,eDiscovery for Corporate Counsel § 26:15 (2024).

[17] Id.

[18] Id.

[19] Florida Bar, Proposed Advisory Opinion 24-1 Regarding Lawyers’ Use of Generative Artificial Intelligence (Official Notice) (Nov. 13, 2023) (“When using a third-party generative AI program, lawyers must sufficiently understand the technology to satisfy their ethical obligations. For generative AI, this specifically includes knowledge of whether the program is ‘self-learning,’” which “raises the possibility that a client’s information may be stored within the program and revealed in response to future inquiries by third parties.”).

[20] California State Bar Association Committee on Professional Responsibility and Conduct, Practical Guidance for the Use of Generative Artificial Intelligence in the Practice of Law (Nov. 16, 2023) (“A lawyer . . . should consult with IT professionals or cybersecurity experts to ensure that any AI system in which a lawyer would input confidential client information adheres to stringent security, confidentiality, and data retention protocols.”).

[21] Ryan Black, Shea Coulson, Morgan McDonald, Keri Bennett, & Tyson Gratton, Using AI Responsibly as In-House Counsel: Law Society of BC Releases Guidance on Professional Responsibilities, DLA Piper (Nov. 27, 2023), https://www.dlapiper.com/en-ae/insights/publications/2023/11/using-ai-responsibly-as-inhouse-counsel.

[22] California State Bar Association Committee on Professional Responsibility and Conduct, Practical Guidance for the Use of Generative Artificial Intelligence in the Practice of Law (Nov. 16, 2023) (“A lawyer must not input any confidential information of the client into any generative AI solution that lacks adequate confidentiality and security protections. A lawyer must anonymize client information and avoid entering details that can be used to identify the client.”).

Finis