MTC: The Critical Role of Lawyers in Protecting Sensitive Data in an Era of Digital Vulnerability

Lawyers, ARE YOU AWARE OF where your client’s pii may have been exposed or is vulnerable?

The march on the fragility of personal data in our hyperconnected world continues from my editorial three weeks ago! From Elon Musk’s DOGE team attempting to access Social Security Administration (SSA) records, to Cabinet officials discussing military strike details on Signal, to 23andMe’s bankruptcy risking genetic data exposure, these incidents underscore systemic vulnerabilities. Lawyers now operate on the front lines of this crisis, bound by ethical mandates and legal obligations to shield personally identifiable information (PII) from misuse. Let’s discuss how the legal profession must adapt to safeguard client trust in the digital age.

The Expanding Threat Landscape

  1. DOGE’s Overreach at SSA
    A federal judge halted Elon Musk’s DOGE team from accessing SSA databases containing sensitive PII—including Social Security numbers and employment histories—after finding “unbridled access” violated privacy laws. Judge Hollander condemned the operation as a “fishing expedition” lacking justification, ordering the deletion of improperly obtained data. This case highlights risks when private entities bypass oversight to exploit bulk data repositories like SSA’s “crown jewel” Numident database.

  2. Signal’s False Sense of Security
    The Atlantic’s release of Signal chats among Trump administration officials revealed shockingly detailed military plans, including F-18 strike windows and target coordinates. While Signal offers encryption, experts warn it’s no substitute for secure government systems. Former NSA analyst Jacob Williams noted that desktop-linked Signal accounts create vulnerabilities via malware-prone devices. The incident illustrates how convenience-driven tools can jeopardize national security and client confidentiality alike.

  3. 23andMe’s Genetic Gamble
    23andMe’s bankruptcy filing exposes 12 million users’ DNA data to sale, raising fears of insurance discrimination and identity theft. Despite the protections of the Genetic Information Non-Discrimination Act (GINA) against health insurer bias, gaps remain in life/disability coverage. Lawyers must now confront novel risks as biometric data enters commercial markets.

Legal and Ethical Imperatives for Practitioners

Lawyers have to balance the convenience of a hyperconnected world and maintaining client PII!

A. Foundational Duties
Under ABA Model Rule 1.6(c), attorneys must employ “reasonable efforts” to prevent unauthorized PII disclosure.1, 2 This requires:

B. Emerging Best Practices

  1. Client Consent & Transparency

    • Disclose data collection purposes per FTC Act/GDPR principles. 5, 6

    • Obtain explicit authorization for third-party transfers. 7, 8

  2. Incident Response

    • Conduct breach analyses under ABA Opinion 498.

    • Notify affected clients promptly.

  3. Tech Competence

    • Track compliance across the jurisdictions where you practice.

    • Train staff on phishing/social engineering risks highlighted in the SSA and Signal breaches.

A Call to Action

GIven third-party activity, lawyers may be the publics best line of defense to maintaining PII!

The DOGE, Signal, and 23andMe cases are not outliers—they signal a paradigm shift. As Perkins Coie’s privacy team emphasizes, “reasonable efforts” now demand proactive measures:

  • Audit legacy systems: Identify where PII resides, as SSA failed to do.

  • Purge obsolete data: Align retention policies with storage limits in ABA guidelines.

  • Leverage AI cautiously: While predictive tools aid fraud detection (“ironically” DOGE’s stated goal), they risk algorithmic bias without human oversight.

Lawyers who treat data security as an afterthought risk disciplinary action, malpractice claims, and reputational harm. The alternative? Embrace plans to transform from reactive advisors to strategic guardians of the digital trust ecosystem.

MTC

MTC: ⚖️ ChatGPT and the Supreme Court: Two Years of Progress in Legal AI ⚖️

What can we learn about the evolution of generative aI in its ever growing analysis of the supreme court?

Ed Bershitskiy’s recent SCOTUSblog article, “We’re not there to provide entertainment. We’re there to decide cases,” offers a compelling analysis of how ChatGPT has evolved since its launch in 2023, particularly in its application to Supreme Court-related questions. The article highlights both the successes and shortcomings of AI models, providing valuable insights for legal professionals navigating this rapidly advancing technology.

In 2023, the original ChatGPT model answered only 42% of Supreme Court-related questions correctly, often producing fabricated facts aka “hallucinations” and errors. Fast forward to 2025, newer models like GPT-4o, o3-mini, and o1 have demonstrated significant improvements. For instance, o1 answered an impressive 90% of questions correctly, showcasing enhanced accuracy and nuanced understanding of complex legal concepts such as non-justiciability and the counter-majoritarian difficulty. Krantz’s analysis also underscores the importance of verifying AI outputs, as even advanced models occasionally produce mistakes or hallucinations.

Always Check Your Work When Using Generative AI - It Can Create Hallucinations!

🚨

Always Check Your Work When Using Generative AI - It Can Create Hallucinations! 🚨

The article compares three distinct AI models: GPT-4o is detail-oriented but prone to overreach; o3-mini is concise but often incomplete; and o1 strikes a balance between depth and precision. This comparison is particularly relevant for legal professionals seeking tools tailored to their needs. For example, GPT-4o excels at generating detailed narratives and tables, while o1 is ideal for concise yet accurate responses.

Lawyers are not going to be replaced by ai but those lawyers who do not know how to use ai in their practice and mindful of its constant changes will be left behind!

Krantz also explores how the line between search engines and AI-powered tools is blurring. Unlike traditional search engines, these AI models analyze queries contextually, offering more comprehensive answers. However, legal practitioners must exercise caution when relying on AI for research or drafting to ensure ethical compliance and factual accuracy - in other words, always check your work when using AI!

As AI continues to evolve, its role in legal practice is becoming indispensable. By understanding its strengths and limitations, lawyers can leverage these tools effectively while safeguarding against potential risks. Krantz’s article provides a detailed roadmap for navigating this technological transformation in law.

PS: I can’t stress enough to always check your work when using AI!

Happy Lawyering!

MTC

MTC: Editorial: "Masters of Their Domain: Why Lawyers Must Control Their Firm's Online Presence" 📊💻

Lawyers are the first line defenders of their online reputation by owning their firm’s domain name!

In today's digital age, having a strong online presence is crucial for law firms. One often overlooked aspect of this presence is their (e-mail/website) domain name ownership. Lawyers should be aware of who owns their firm's domain name, as it can have significant legal implications, especially if the firm splits or even if a solo practitioner is involved. I’d like to discuss the importance of domain name ownership, the risks associated with using website builders like Wix, Squarespace* or LawLytics and how lawyers can independently purchase and manage their domain names to ensure flexibility and security.

Importance of Domain Name Ownership

Domain names are more than just web addresses; they are valuable assets that can significantly impact a firm's identity and reputation. When a law firm splits, disputes over domain name ownership can arise, leading to potential legal battles. For instance, if one partner retains the domain name, it could cause confusion among clients and hinder the ability of other partners to establish their new practices effectively 🤝. Recently attorneys in a (former) firm in Kansas had a similar dispute that led to litigation. Thus, it is essential for lawyers to ensure they have control over their domain names from the outset.

Risks with Website Builders

Using website builders like Squarespace* or LawLytics services can simplify the process of creating a website, but it often comes with a hidden cost: potential loss of domain name ownership. When you register a domain through these platforms, you might not fully own the domain. Squarespace*, for example, acts as a middleman, facilitating domain registration but not retaining ownership 📈. However, if you rely solely on their services, you could face issues if you decide to switch providers. This is why it's prudent to purchase and manage your domain name independently (and likely before you go public with your site through one of these builders).

Independent Domain Name Management

Lawyers need to be savvy about using website builders and who owns the site’s domain name

To maintain control over your domain name, it's advisable to register it through a registrar like GoDaddy, hover* or Namecheap. This allows you to manage your domain settings, transfer it to different web hosts, and ensure continuity even if you change website builders 🚀. Here’s how you can do it:

  1. Choose a Registrar: Select a reputable domain registrar where you can purchase your domain name.

  2. Register Your Domain: Ensure the domain is registered in your name with your contact information.

  3. Set Up DNS: Configure your DNS settings to point to your desired web host.

  4. Transfer if Needed: If you switch web hosts, you can easily transfer your domain without losing control.

Legal Implications

Legal implications arise when domain name ownership is not clearly established. Disputes can lead to costly legal battles, especially if cybersquatting or trademark infringement is involved 🚫. The Uniform Domain Name Dispute Resolution Policy (UDRP) and the Anti-Cybersquatting Consumer Protection Act (ACPA) provide frameworks for resolving such disputes, but prevention is always better than cure. By owning your domain name outright and from the start, you avoid potential conflicts and protect your firm's online identity.

Final Thoughts

The type of domain, .e.g., “.com”, “.biz”, “.law”, etc., can help identify the type of business you have.

Lawyers must prioritize domain name ownership to safeguard their firm's online presence and avoid potential legal issues. By understanding the risks associated with website builders and taking steps to independently manage their domain names, lawyers can ensure they remain masters of their digital domain 🌐.

Happy Lawyering!

MTC

MTC: Navigating the Legal Landscape of DOGE: Lessons for Lawyers from Ongoing Litigation 🚀

many are worried doge is mishandling citizens’ pii!

The recent involvement of Elon Musk's Department of Government Efficiency (DOGE) in accessing sensitive government databases has sparked a wave of lawsuits, raising significant concerns about data privacy and security 🚨. For lawyers, these legal challenges offer valuable insights into how to protect your clients’ personally identifiable information (PII) in light of DOGE's actions. I’d like to share some of the key takeaways from these lawsuits and explore how lawyers can apply these lessons to safeguard sensitive data, focusing on the ABA Model Rules and best practices for data protection.

Understanding the Legal Challenges:

At least a dozen lawsuits have been filed to stop DOGE from accessing tax records, student loan accounts, and other troves of personal data, often invoking the Privacy Act of 1974 📜. Created in response to the Watergate Scandal, this law restricts the sharing of sensitive information without consent, making it a crucial tool for plaintiffs seeking to limit DOGE's access to personal data 📝.

Legal and Ethical Responsibilities

Lawyers have a legal duty to protect client confidentiality, as outlined in ABA Model Rule 1.6 📜. This rule prohibits revealing information related to a client's representation unless exceptions apply, such as informed client consent or implied authorization to carry out the representation 📝. The duty of confidentiality extends beyond attorney-client privilege, covering all information related to the representation, regardless of its source 🌐.

Key Takeaways for Lawyers

are you ready to help protect your client'S DATA IF THE GOVERNMENT BREACHES Their pii?

  1. Privacy Act of 1974: Lawyers should be aware of the Privacy Act's provisions, which prohibit unauthorized disclosure of personal information from federal systems of records 📊. This law is being used to challenge DOGE's access to sensitive data, highlighting its importance in protecting client confidentiality 🚫.

  2. Standing and Harm: Courts have often ruled that plaintiffs must demonstrate irreparable harm to succeed in these lawsuits 📝. Lawyers should ensure that their clients can establish a clear risk of harm if seeking injunctive relief against similar data access efforts 🚨.

  3. Data Security Protocols: The lawsuits emphasize the need for robust data security measures to prevent unauthorized access. Lawyers should implement strong encryption and access controls to protect client data, as suggested by ABA Formal Opinion 483, which emphasizes the duty to notify clients of data breaches and take reasonable steps to safeguard confidential information 🔒.

  4. Compliance with Data Protection Regulations: Beyond the Privacy Act, lawyers must comply with other data protection laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and The Personal Information Protection and Electronic Documents Act (PIPEDA) 🌎. Ensuring compliance with these regulations can help prevent unauthorized disclosures and maintain client trust 📨.

  5. Transparency and Consent: The lawsuits highlight the importance of transparency and consent in handling personal information. Lawyers should ensure that clients are informed about how their data is used and processed, as required by ABA Model Rule 1.4, which mandates explaining matters to the extent necessary for clients to make informed decisions regarding the representation 📝.

Lessons from Specific Lawsuits:

Multiple law suits have been filed to enusre doge is not misusing pii - are your client’s pii at risk?

Implementing Best Practices

To safeguard client data effectively, lawyers should:

  1. Conduct Regular Audits: Regularly review data handling practices to ensure compliance with privacy regulations and ethical standards 📊.

  2. Enhance Data Security: Implement robust data encryption and access controls to protect client information, aligning with ABA Model Rule 1.6's requirement to prevent unauthorized disclosure 🔒.

  3. Stay Informed: Keep up-to-date with legal developments and court rulings related to DOGE's access to sensitive data, ensuring compliance with ABA Model Rules 1.1 and 1.1[8], which requires lawyers to stay abreast of the benefits and risks associated with technology used in client services 📰.

Final Thoughts

The ongoing litigation surrounding DOGE provides valuable lessons for lawyers on protecting clients and personally identifiable information. By understanding legal obligations, implementing robust data security measures, and complying with data protection regulations, lawyers can uphold the trust that is fundamental to the client-lawyer relationship 💼.

MTC: Apple's UK Retreat - Navigating Client Confidentiality in a Post-ADP World 🌍🔐

Lawyers need to be aware of foreign governments’ software security permissions when traveling abroad! ✈️

In the wake of Apple's recent withdrawal of Advanced Data Protection (ADP) from the UK, lawyers face a critical challenge in safeguarding client confidentiality. This development underscores the ongoing tension between government surveillance demands and the legal profession's ethical obligations. As tech-savvy legal professionals, we must adapt our practices to ensure robust data protection, particularly when traveling with Apple devices.

The New Landscape of Digital Security 📱💼

Apple's decision to remove ADP from the UK market stems from governmental pressure to create backdoors for law enforcement access. This move significantly impacts the level of encryption available to UK users, potentially exposing sensitive client information to increased vulnerabilities. Lawyers must now reassess their digital security strategies, especially when crossing borders with client data.

* The US government has come out in support of Apple on this issue - I don’t quite know what to make of it. 🤔

* The US government has come out in support of Apple on this issue - I don’t quite know what to make of it. 🤔

Practical Steps for Lawyers 🛡️📊

  1. Device Sanitization: Before international travel, thoroughly sanitize your devices. Remove non-essential client data and consider using "travel-only" devices with minimal sensitive information1.

  2. Encryption Alternatives: With ADP unavailable, explore third-party encryption tools compatible with Apple devices. Solutions like VeraCrypt or Cryptomator can provide an additional layer of security for client files.

  3. VPN Usage: Always use a reputable VPN when connecting to public Wi-Fi networks. This practice encrypts your internet traffic, making it significantly harder for malicious actors to intercept sensitive data4.

  4. Cloud Storage Considerations: Reevaluate your use of iCloud for storing client information. Consider alternative cloud services with robust encryption or, preferably, on-premises storage solutions for highly sensitive data.

  5. Two-Factor Authentication: Implement strong two-factor authentication on all accounts. This adds an extra layer of security, even if passwords are compromised3.

Advising Clients on Data Protection 📝🔒

When counseling clients on data security while traveling:

Cybersecurity should be on your mind before you travel overseas! Know before you go!

  1. Education is Key: Inform clients about the risks associated with international data transfer and storage. Emphasize the importance of encryption and cautious data handling practices.

  2. Device Management: Advise clients to use dedicated travel devices when possible, containing only essential data. Encourage the use of strong, unique passwords and biometric authentication.

  3. Data Minimization: Recommend that clients only carry necessary data when traveling. Sensitive information should be securely stored and accessed remotely only when absolutely required.

  4. Secure Communication Channels: Suggest using end-to-end encrypted messaging apps for sensitive communications. Apps like Signal or WhatsApp provide a higher level of security compared to standard SMS or email.

  5. Regular Security Audits: Encourage clients to regularly review their device and account security settings. This includes checking for unauthorized access and updating software promptly.

Crossing Borders: ADP vs. Non-ADP Countries 🛂🔐

When traveling between countries with different ADP policies, lawyers and their clients must take additional precautions:

  1. Data Backup: Before leaving an ADP-permitted country, securely back up all ADP-protected data to a trusted cloud service or encrypted external drive.

  2. Disable ADP: When entering a non-ADP country, disable ADP on your devices. This prevents potential conflicts with local laws and reduces the risk of forced access.

  3. Temporary Device Switch: Consider using a separate, "clean" device when entering non-ADP countries, leaving your ADP-enabled device securely stored elsewhere.

  4. Re-enable ADP: Upon returning to an ADP-permitted country, re-enable the feature and restore your data from the secure backup.

  5. Client Notification: Inform clients about the potential risks and your mitigation strategies when traveling between ADP and non-ADP jurisdictions.

The Broader Implications 🌐⚖️

lawyers need to be aware of other countries security standards when advising their clients who travel internationally! 🌎 🌍 🌏

The removal of ADP in the UK sets a concerning precedent that may embolden other governments to demand similar concessions. This trend could lead to a global weakening of encryption standards, posing significant challenges to attorney-client privilege and data security worldwide.

As legal professionals, we must stay informed about these developments and advocate for policies that protect client confidentiality. Engaging with bar associations and legal organizations to take a stand against government-mandated backdoors is crucial for preserving the integrity of our legal system.

Final Thoughts: Vigilance in a Changing World 🚀🔐

The withdrawal of Apple's ADP from the UK serves as a stark reminder of the fragility of digital privacy. As guardians of client confidentiality, lawyers must rise to this challenge, implementing robust security measures and staying informed about technological developments. By doing so, we can continue to uphold our ethical obligations and protect our clients' interests in an increasingly complex digital world. Remember, in the realm of digital security, complacency is our greatest enemy. Stay vigilant, stay informed, and always prioritize the protection of your clients' sensitive information.

MTC

Shout Out to Robert Ambrogi: AI Legal Research Platforms - A Double-Edged Sword for Tech-Savvy Lawyers 🔍⚖️

The use of ai is a great starting point - but always check your work (especially your citations)!

Robert Ambrogi's recent article on LawNext sheds light on a crucial development in legal tech: the comparison of AI-driven legal research platforms. This "AI smackdown" reveals both the potential and pitfalls of these tools, echoing concerns raised in our previous editorial about Lexis AI's shortcomings.

The Southern California Association of Law Libraries' panel, featuring expert librarians, put Lexis+AI, Westlaw Precision AI, and vLex's Vincent AI to the test. Their findings? While these platforms show promise in answering basic legal questions, they're not without flaws.

Each platform demonstrated unique strengths: Lexis+AI's integration with Shepard's, Westlaw Precision AI's KeyCite features, and Vincent AI's user control options. However, inconsistencies in responses to complex queries and recent legislation underscore a critical point: AI tools are supplements, not replacements, for thorough legal research.

This evaluation aligns with our earlier critique of Lexis AI, reinforcing the need for cautious adoption of AI in legal practice. As the technology evolves, so must our approach to using it.

Mark Gediman's wise words from Bob’s article serve as a fitting conclusion:

Whenever I give the results to an attorney, I always include a disclaimer that this should be the beginning of your research, and you should review the results for relevance and applicability prior to using it, but you should not rely on it as is.
— Mark Gediman

For tech-savvy lawyers, the message is clear: Embrace AI's potential, but never forget the irreplaceable value of human expertise and critical thinking in legal research. 🧠💼

MTC

MTC: AI in Legal Email - Balancing Innovation and Ethics 💼🤖

lawyers have an ethical duty when using ai in their work!

The integration of AI into lawyers' email systems presents both exciting opportunities and significant challenges. As legal professionals navigate this technological frontier, we must carefully weigh the benefits against potential ethical pitfalls.

Advantages of AI in Legal Email 📈

AI-powered email tools offer numerous benefits for law firms:

  • Enhanced efficiency through automation of routine tasks

  • Improved client service and satisfaction

  • Assistance in drafting responses and suggesting relevant case law

  • Flagging important deadlines

  • Improved accuracy in document review and contract analysis

These capabilities allow lawyers to focus on high-value work, potentially improving outcomes for clients and minimizing liabilities for law firms.

AI Email Assistants 🖥️

Several AI email assistants are available for popular email platforms:

  1. Microsoft Outlook:

    • Copilot for Outlook: Enhances email drafting, replying, and management using ChatGPT.

  2. Apple Mail:

  3. Gmail:

    • Gemini 1.5 Pro: Offers email summarization, contextual Q&A, and suggested replies.

  4. Multi-platform:

Always Proofread Your Work and Confirm Citations!

🚨

Always Proofread Your Work and Confirm Citations! 🚨

Ethical Considerations and Challenges 🚧

Confidentiality and Data Privacy

The use of AI in legal email raises several ethical concerns, primarily regarding the duty of confidentiality outlined in ABA Model Rule 1.6. Lawyers must ensure that AI systems do not compromise client information or inadvertently disclose sensitive data to unauthorized parties.

To address this:

lawyers should always check their work; especially when using AI!

  1. Implement robust data security measures

  2. Understand AI providers' data handling practices

  3. Review and retain copies of AI system privacy policies

  4. Make reasonable efforts to prevent unauthorized disclosure

Competence (ABA Model Rule 1.1)

ABA Model Rule 1.1, particularly Comment 8, emphasizes the need for lawyers to understand the benefits and risks associated with relevant technology. This includes:

  • Understanding AI capabilities and limitations

  • Appropriate verification of AI outputs (Check Your Work!)

  • Staying informed about changes in AI technology

  • Considering the potential duty to use AI when benefits outweigh risks

The ABA's Formal Opinion 512 further emphasizes the need for lawyers to understand the AI tools they use to maintain competence.

Client Communication

Maintaining the personal touch in client communications is crucial. While AI can streamline processes, it should not replace nuanced, empathetic interactions. Lawyers should:

  1. Disclose AI use to clients

  2. Address any concerns about privacy and security

  3. Consider including AI use disclosure in fee agreements or retention letters

  4. Read your AI-generated/assisted drafts

Striking the Right Balance ⚖️

To ethically integrate AI into legal email systems, firms should:

  1. Implement robust data security measures to protect client confidentiality

  2. Provide comprehensive training on AI tools to ensure competent use

  3. Establish clear policies on when and how AI should be used in client communications

  4. Regularly review and audit AI systems for accuracy and potential biases

  5. Maintain transparency with clients about the use of AI in their matters

  6. Verify that AI tools are not using email content to train or improve their algorithms

Ai is a tool for work - not a replacement for final judgment!

By carefully navigating ⛵️ these considerations, lawyers can harness the power of AI to enhance their practice while upholding their ethical obligations. The key lies in viewing AI as a tool to augment 🤖 human expertise, not replace it.

As the legal profession evolves, embracing AI in email and other systems will likely become essential for remaining competitive. However, this adoption must always be balanced against the core ethical principles that define the practice of law.

And Remember, Always Proofread Your Work and Confirm Citations BEFORE Sending Your E-mail (w Use of AI or Not)!!!

🚨 MTC: Government Backdoors - A Looming Threat to Attorney-Client Privilege and Data Security 🔐

Legal Cyber Balance: Safeguarding Client Data While Navigating Government Backdoors and Cyber Threats 🚪💻⚖️

The UK government's recent demand for Apple to create a backdoor to iCloud accounts worldwide has sent shockwaves through the legal community. This unprecedented move raises serious concerns for lawyers on both sides of the Atlantic, particularly regarding their ethical obligations to maintain client confidentiality and safeguard sensitive information.

As attorneys, we have a fundamental duty to protect our clients' confidences. The American Bar Association's Model Rule 1.6 explicitly states that lawyers must make "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client". Similarly, the UK's Solicitors Regulation Authority emphasizes the importance of maintaining client confidentiality.

However, government-mandated backdoors pose a significant threat to these ethical obligations. If implemented, such measures would essentially create a vulnerability that could be exploited not only by law enforcement but also by malicious actors. This puts attorneys in an impossible position: How can we fulfill our duty to safeguard client information when the very systems we rely on are compromised?

Moreover, the implications of such backdoors extend far beyond individual privacy concerns. The attorney-client privilege, a cornerstone of our legal system, could be severely undermined. This privilege exists to encourage open and honest communication between lawyers and their clients, which is essential for effective legal representation. If clients fear that their confidential discussions may be accessed by government agencies, it could have a chilling effect on their willingness to disclose crucial information.

Cybersecurity Crossroads: US & UK Government Interests vs. Hackers vs. Attorney-Client Privilege – The Legal Tightrope in the Digital Age 🌍🔒

To address these challenges, lawyers must take proactive steps to enhance their cybersecurity measures. As discussed in The Tech-Savvy Lawyer.Page Podcast Episode 93, Revolutionizing Law Practice. How Alexander Pakin Leverages Tech 🖥️ for Legal Success! (Part I & Part II), updating security protocols are essential practices for modern law firms. Recall, the ABA MRPC 1.1[8] requires attorneys to be up to date in their use of technology. Additionally, attorneys should consider on-premises storage solutions with zero-trust data access to maintain control over sensitive client data.

It's crucial for legal professionals to stay informed about these developments and advocate for policies that protect client confidentiality. Bar associations and legal organizations should take a strong stance against government-mandated backdoors, emphasizing the potential risks to the justice system and individual rights.

As we navigate this complex landscape, it's clear that the intersection of technology, privacy, and legal ethics will continue to present challenges. However, by remaining vigilant and adapting our practices to meet these challenges, we can uphold our professional responsibilities and protect the fundamental rights of our clients in the digital age.

MTC

Editorial Follow Up - From Apple Intelligence’s Inaccurate News Summarization of BBC News, to BBC’s Study on AI’s Accuracy Problem: What Lawyers Must Know After this Study 📢⚖️

Lawyers must keep a critical eye on the AI they use in their work - failure to do so could lead to violations of the MRPC!

Earlier, we discussed how "Apple Intelligence, made headlines for all the wrong reasons when it generated a false news summary attributed to the BBC 📰❌”.  Now, a recent BBC study has exposed serious flaws in AI-generated news summaries, confirming what many tech-savvy lawyers feared—AI can misinterpret crucial details. This raises a significant issue for attorneys relying on AI tools for legal research, document review, and case analysis.

As highlighted in our previous coverage, Apple’s AI struggles demonstrate the risks of automated legal processes. The BBC’s findings reinforce that while AI is a valuable tool, lawyers cannot blindly trust its outputs. AI lacks contextual understanding, often omits key facts, and sometimes distorts information. For legal professionals, relying on inaccurate AI-generated summaries could lead to serious ethical violations or misinformed case strategies. (Amazingly, the sanctions I’ve reported from Texas and New York seem light thus far.)

The ABA Model Rules of Professional Conduct emphasize that lawyers must ensure the accuracy of information used in their practice. See MRPC Rule 3.3: Candor Toward the Tribunal. This means AI-assisted research should be cross-checked against primary sources. Additionally, attorneys should understand how their AI tools function—what data they use, their limitations, and potential biases. See MRPC 1.1[e].

Human oversight by lawyers over the ai they use is a cornerstone to maintaining accuracy in their and ethical compliance with the Bar!

To mitigate risks, legal professionals should:
Verify AI-generated content before using it in legal work.
Choose AI solutions designed for legal practice, not general news or business applications, e.g., LawDroid.
Stay updated on AI advancements and legal technology ethics, and stay tuned to The Tech-Savvy Lawyer.Page Blog and Podcast for the latest news and commentary on AI’s impact on the practice of law and more!
Advocate for AI transparency, ensuring tech providers disclose accuracy rates.

The legal field is evolving, and AI will continue to play a role in law practice. However, as the BBC study highlights, human oversight remains essential. Lawyers who embrace AI responsibly—without over-relying on its outputs—will be best positioned to leverage technology ethically and effectively.

MTC

MTC: 🔒 Unlocked Laptop, Suspended License: How One Lawyer’s Cybersecurity Blunder Became a Near? Career-Killer (And What You Must Learn).

lawyers, don’t leave your tech unattended and accessible - it could lead to severe bar actions!

I was so astonished when I heard about this case that I needed to share it with you, The Tech-Savvy Lawyer.Page community!

A recent disciplinary case involving a Jefferson County, Missouri prosecutor’s suspension over a prank email highlights the escalating stakes of cybersecurity negligence in legal practice. The incident—where an unattended, unlocked laptop in an empty jury room used by attorneys to do some work, allowed a mischievous actor, a prosecutor nevertheless, to send a fake email to a sheriff about how she looked in khakis—serves as a stark reminder: basic physical safeguards are no longer sufficient in an era of sophisticated digital risks. Below, let’s discuss what NOT to do and the ethical landmines lurking in outdated tech habits.  

What Went Wrong: A Breakdown of Failures

The prosecutor’s missteps reflect a cascade of poor judgments:  

1. Leaving a device unattended and unlocked in a public setting, enabling unauthorized access.  

2. Failing to implement automatic screen locks or password protections during brief absences.  

3. Ignoring encryption tools for sensitive communications, despite ABA guidance.  

This lapse violated core duties under the ABA Model Rules of Professional Conduct:  

  • Rule 1.6 (Confidentiality): Lawyers must take “reasonable precautions” to prevent unauthorized disclosure of client information. An open laptop in a public space falls far short of this standard.  

  • Rule 1.1[8] (Competence): The 2012 amendment to Comment 8 mandates that lawyers understand the “benefits and risks associated with relevant technology”. Ignoring basic device security—a well-known risk—breaches this duty.  

How Tech Security Expectations Have Evolved  

The shift from casual vigilance to rigorous tech protocols is unmistakable:  

The ABA’s Formal Opinion 477R (2017) clarifies that lawyers must assess risks based on factors like data sensitivity and network security. Public Wi-Fi and unattended devices are now red flags requiring mitigation—not mere inconveniences.  

Consequences of Complacency 

The Jefferson County case underscores the professional, legal, and reputation fallout:   

  • Ethical investigations: State bars increasingly treat tech negligence as a violation of competency rules.

  • License suspension: The prosecutor faced disciplinary action for failing to safeguard confidential systems - in this case, an indefinite suspension.

  • Loss of client trust: Even non-malicious breaches erode confidence in a lawyer’s judgment.

* Interestingly, it appears the public defender got off lightly with a slap on the wrist, although the public defender did leave exposed client files and working notes. This led to the prosecuting attorney being moved off 19 cases he and the defense attorney were both working on - someone got lucky! 😲

What NOT to Do: A Checklist ✅

Avoid these critical mistakes:  

Not all nefarious tech interlopers wear masks! Keep your tech secure!

❌ Assume “quick” errands are harmless. Even 30 seconds unlocked can compromise data.

❌ Use unsecured public networks without a VPN.  

❌ Skip software updates, leaving devices vulnerable to exploits.  

❌ Store sensitive data locally without encryption or cloud backups.

❌ Use someone’s unsecured technology for malicious means or even for a prank.

Secure Your Practice: Best Practices  

  1. Enable automatic screen locks (under 5 minutes of inactivity).  

  2. Adopt encryption for emails and files containing client data.  

  3. Train staff on phishing scams and physical security protocols.  

  4. Develop an incident response plan to address breaches swiftly.  

Final Thoughts 🧐

As the Lawyer Behaving Badly Podcast highlighted in their episode Silly Little Goose, even “harmless” pranks can derail careers. In a world where a single unlocked laptop can trigger ethics investigations, proactive tech competence isn’t optional—it’s survival! Lock your devices, encrypt your data, and treat every public space as a potential threat vector. Your license depends on it. 🔒  

MTC