As a lawyer, I'm excited about this, but there are two roadblocks that I'm not sure how Anthropic will navigate:
(1) For non-lawyers who use these skills/connectors/whatchamacallits to try to get legal advice, their communications are not protected by attorney-client privilege. This will absolutely bite some people in the ass.
(2) If a lawyer uses this with confidential client information (which, to the uninitiated, doesn't just mean SSNs and bank account numbers, but "all information relating to the representation of a client") and forgets to toggle off "Help improve Claude" in their settings, they have possibly (maybe even likely) committed malpractice.[1]
> Judge Rakoff of the Southern District of New York — addressing “a question of first impression nationwide” — ruled that written exchanges between a criminal defendant and generative AI platform Claude were not protected by attorney-client privilege or the work product doctrine.
Much more to it than this one-liner that I pulled out, but safe to say, don't rely on or put your legal defense etc. (or elements of it) into AI unless you want it discovered.
(not a lawyer, unlike OP, who might be able to refine what I highlighted with more precision)
In the US, are Google queries about the law considered attorney-client privilege? What about library records? Browser history? Google Maps / Uber / car travel history (when traveling to an attorney's office)?
If somebody Googles "best attorney for murder NYC" a day after a murder is committed but before any case is filed against them (so they clearly had some reason to expect that case), could that be used as evidence?
> exchanges between a criminal defendant and generative AI platform Claude were not protected by attorney-client privilege or the work product doctrine
Shouldn't that have been relatively clear to all parties involved? Maybe not to the defendant, who's apparently clueless.
The AI platform is not an attorney. A defendant's communications with an AI platform are therefore not communications between a client and their attorney, nor will the AI output constitute attorney "work product" because the AI platform is not an attorney.
Doesn't really come across as a novel problem, aside from AI being involved. I'm sure countless defendants have made the stupid mistake of talking about the facts of their case to persons other than their attorney, and those communications came back to bite them in the ass when discovered.
It is my understanding that they must be certified. You are allowed to represent yourself, but it is my understanding that a non-lawyer cannot represent you.
You have to be admitted to the bar to practice law. Which is to say, other lawyers must recognize you as a lawyer, and this recognition can be taken away.
More practically, this means (in America) that you need a JD degree (4 year grad school), to pass an exam, and pass a(n oftrn horrifically thorough) character background check.
For (1) it's so wild to me that if I pay a lawyer, they can run the same queries on these tools and they are protected by attorney-client privilege, but if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery.
Does anyone know if there exists any OPSEC procedure for me to use third party tools like this for my own concerning legal questions that is both ethical and allows me to be confident that my interactions won't land in discovery documents?
If you are preparing for your own defense and don't have an attorney (you're acting pro se), your own LLM use would likely be protected under work product doctrine. The court would extend you some of the same protections an attorney would have, for the limited purposes of preparing your case.
This is a very narrow exemption, however.
(You would also want to make sure you're using a paid AI plan with contractually guaranteed privacy protections, otherwise it could be construed as third-party communications, which implicitly waives privilege.)
> Does anyone know if there exists any OPSEC procedure for me to use third party tools like this for my own concerning legal questions that is both ethical and allows me to be confident that my interactions won't land in discovery documents?
Isn't that a fundamental misunderstanding? Would "OPSEC" like that amount to destruction of evidence or contempt of court or something like that?
Like if all your incriminating documents are on some encrypted drive, it's not like that defeats discovery. You're supposed to decrypt them and hand them over.
Discovery in a criminal trial is more limited than in a civil trial.
Your only real defense against discovery is to not have said it, or to have destroyed all records of it before the hint of discovery wafted on the wind.
Yes? Which makes it feel like the answer is just “No.” Unless you use Mullvad, TailsOS, and don’t log into the service. But I’m not sure if that’s “ethical” for Google/DDG searches and it’s not really possible for Claude/Kagi. I would assume that simply using a “secret” account isn't a magic way to avoid discovery either.
>For (1) it's so wild to me that if I pay a lawyer, they can run the same queries on these tools and they are protected by attorney-client privilege, but if I do it to help me prepare my defense, then the exact same queries would be subject to subpoena/discovery.
How's this any different than any professional license? You're basically paying for preferential treatment from the state in a given subject area.
> How's this any different than any professional license? You're basically paying for preferential treatment from the state in a given subject area.
Because it's got nothing to do with the professional part? Licensing should affect their practice of law, sure, but it shouldn't grant random other privileges.
If you use a stateless client (like just rawdogging cli llama.cpp) there’s nothing to discover. Setting a program with an option to have logs to not do that could conceivably get you in trouble but using a widely used program that never had logs seems like it has to be fine. Maybe they could nail you for googling “which local llm approach generates logs?” also, don’t get nailed by your bash history!
Slightly related:
Amazon’s bedrock has better privacy guarantees. This seems to be skills that can be added to Desktop app, which can connect to Bedrock for inference.
#1 is a little complicated. Communications with an AI are possibly sometimes protected by work-product doctrine... but only if you're representing yourself as a pro se litigant, and strictly limited to mental impressions and opinion work product of counsel (in this case, extended to the pro se litigant). See: Warner v. Gilbarco, Inc.
In the legal world are there certifications for handling privileged information?
For example in the medical world if you are a provider covered by HIPAA you must have a signed "Business Associate Agreement" with any party that handles the covered protected health information (PHI).
Just remember that your AI chat history is not protected like attorney client privilege and can be used as evidence against you in court. If you talk to a lawyer and they use AI, those chats are privileged.
No. If you talk to an attorney and they take reasonable precautions to maintain the integrity of the confidential attorney client relationship, the privilege is preserved. If not, not preserved.
I don’t understand this situation .. where in your court case the prosecutor asks a judge to get a warrant for your AI chat logs … this is just not gonna happen.
I'm not sure if you're joking but there's actually active court cases right now where they have done just that
Just a few of the perps: Hisham Abugharbieh (Florida student murders), Jonathan Rinderknecht (Palisades Fire arson), Phoenix Ikner (FSU shooter), Ryan Schaefer (Missouri State vandalism)
There's also that thing involving somebody I think he used to be in the NFL and he was using ChatGPT to try to hide the body of his wife or something iirc
Digital evidence is huge for the last couple of decades and this is no different...
Curious if Thomson Reuters (Westlaw) felt threatened if they were this compelled to moan about it. All it does is make me wonder how well these skills perform when paired with Lexis (if possible?) instead of Westlaw.
As someone who has represented themselves in tribunal before I'm definitely interested in this.
The only issue is that in some jurisdictions, like the UK, you can't just offer someone legal advice without being SRA accredited or FCA regulated.
I.e. this would effectively make Anthropic a claims management firm under the UK law.
> Under article 89I of Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 ("The Order"), advising a claimant or potential claimant, investigating a claim and representing a claimant, in relation to a financial services or financial product claim is a defined regulated activity.
I'm a bit bothered by this line. Does it mean this is based on customer's sessions? Are they entitled to build knowledge bases for every profession, topic and workflow in the world using customer data?
Yes they are training on your business's data so that their AI can replace your business later. If you don't believe it, name one thing they didn't train on.
It definitely looks like the old tale come true - at Microsoft people would warn against using Google because then Google could figure out what we're working on, since it was pretty easy to tell where a query was coming from.
Sounded far fetched back then, and on the face of it illegal, but now it's just common sense I imagine.
I guess at some point we will have lawyers, attorneys and judges using this stuff ... at the point lawyers will become kinda "seo"/"copywriter" experts on how to better trick the others LLM.
I think the problem is that laws overlap, with decades of case law clarifying their interactions. Looking at one law probably isn't enough to determine whether an LLM is lying to you.
This is why I think many of the current application-layer AI startup valuations are a bit iffy. When the big AI companies like Anthropic start expanding their vertical products, the calculus changes.
I'm just wondering how committed they'll be - I guess the edge some startups still have, is the fear that product suites from OpenAI / Anthropic / etc. will go the way of Google products, a year or two then straight to the morgue.
It's like asking what if AWS starts doing it, they have all the infrastructure in place. LLMs are just one cog. There is a lot on the application side they are not doing at all.
Every valuation in the AI space is iffy. Nobody actually has a solid business plan, only vibes, but that isn't stopping people from throwing money at them.
I wonder what clients would think if they discovered their lawyer uses a chatbot with their confidential story. Even with redaction, patterns still emerge. Certainly I wouldn't be happy in any case.
I see this as a strong case for private AI, or an in-house stack.
This seems like a shot across the bow for all large Claude API customers, which I'm sure they saw coming.
But still, a TSMC style pure play model provider would win huge business in the space given how many application companies are being eaten by model companies.
This is only for PR. No one checks what's in those docs, or if these are real, valid or ethical. The goal here is for all news outlets to pick them up. You're not the audience.
Given the amount of free PR they can get from some AI-generated .md files, I'd probably do the same if I was on their boat.
Right now, I don't think any other AI company generates as much as slop as Anthropic does.
It will be hilarious to see this one play out because ChatGPT and Perplexity already do wonders for small-claim issues like tenancy laws, various personal letters, etc.
It's already doing wonders for small time businesses and individuals that municipalities think they're free to jerk around because the size of the screwing they're trying to dish out isn't worth hiring a lawyer and/or fighting through court over.
I assure you, in most democracies, most people are jerked around by other people acting in bad faith far more often than their government acting in bad faith.
Landlords, tenants, vendors, business and former romantic partners, clients, banks, even your local gym is way more likely to try to fuck you over than the government is.
I would love this for poor people to fight giant corporations via 'lawfare'. It's largely unethical (just like many corporations) but just knowing how to file junk lawsuits that cost corporations millions to fight would be nice.
I dont mean 'frivolous' like prisoners who file pro-se about their ice cream melting [1], but a level or two above that , that costs time and money to produce records and testimony to defend, even if nary a dime is paid out. Basically ask GPT to figure out the terms and theories to file to get your lawsuit accepted, and done by poor people who cannot afford to post $ or repay if they lose. aka "asymmetric warfare" that benefits the little guy, just like the kind private equity or other terrible corporations wield against the poor via"mandatory arbitration" clauses or damages caps and similar rules that always benefit corporations.
Does anyone find it weird that Anthropic's Github org is `anthropics` (with an 's') and the `anthropic` username is owned by some random dude in Australia? Imagine the shenanigans someone can achieve with that user.
But for a beautiful window of a few minutes absolute chaos will ensue. Seems like a huge risk. And if Github/MS have power to do what you're saying, does it feel irresponsible not to do it pre-emptively with an apparently inactive account?
Harvey was always an upstart in the legal tech industry. There's other companies that have a much better understanding of the market and compliance issues but you don't hear about them because nobody wants to talk about legal tech.
(1) For non-lawyers who use these skills/connectors/whatchamacallits to try to get legal advice, their communications are not protected by attorney-client privilege. This will absolutely bite some people in the ass.
(2) If a lawyer uses this with confidential client information (which, to the uninitiated, doesn't just mean SSNs and bank account numbers, but "all information relating to the representation of a client") and forgets to toggle off "Help improve Claude" in their settings, they have possibly (maybe even likely) committed malpractice.[1]
[1] https://www.americanbar.org/content/dam/aba/administrative/p...
> Judge Rakoff of the Southern District of New York — addressing “a question of first impression nationwide” — ruled that written exchanges between a criminal defendant and generative AI platform Claude were not protected by attorney-client privilege or the work product doctrine.
Much more to it than this one-liner that I pulled out, but safe to say, don't rely on or put your legal defense etc. (or elements of it) into AI unless you want it discovered.
(not a lawyer, unlike OP, who might be able to refine what I highlighted with more precision)
If somebody Googles "best attorney for murder NYC" a day after a murder is committed but before any case is filed against them (so they clearly had some reason to expect that case), could that be used as evidence?
Shouldn't that have been relatively clear to all parties involved? Maybe not to the defendant, who's apparently clueless.
The AI platform is not an attorney. A defendant's communications with an AI platform are therefore not communications between a client and their attorney, nor will the AI output constitute attorney "work product" because the AI platform is not an attorney.
Doesn't really come across as a novel problem, aside from AI being involved. I'm sure countless defendants have made the stupid mistake of talking about the facts of their case to persons other than their attorney, and those communications came back to bite them in the ass when discovered.
Does anyone know if there exists any OPSEC procedure for me to use third party tools like this for my own concerning legal questions that is both ethical and allows me to be confident that my interactions won't land in discovery documents?
This is a very narrow exemption, however.
(You would also want to make sure you're using a paid AI plan with contractually guaranteed privacy protections, otherwise it could be construed as third-party communications, which implicitly waives privilege.)
See: Warner v. Gilbarco, Inc.
Isn't that a fundamental misunderstanding? Would "OPSEC" like that amount to destruction of evidence or contempt of court or something like that?
Like if all your incriminating documents are on some encrypted drive, it's not like that defeats discovery. You're supposed to decrypt them and hand them over.
Your only real defense against discovery is to not have said it, or to have destroyed all records of it before the hint of discovery wafted on the wind.
We need a law where someone can clearly designate a chat privileged, with severe consequences for mis-use.
How's this any different than any professional license? You're basically paying for preferential treatment from the state in a given subject area.
Because it's got nothing to do with the professional part? Licensing should affect their practice of law, sure, but it shouldn't grant random other privileges.
There's a good summary of the current state of things here: https://www.akerman.com/en/perspectives/ai-privilege-and-wor...
Also worth noting that none of this is binding precedent, so expect this field to evolve over time.
As in "I'm excited to win a lot of money dismantling hallucinated quotations and invalid assumptions"?
For example in the medical world if you are a provider covered by HIPAA you must have a signed "Business Associate Agreement" with any party that handles the covered protected health information (PHI).
Just a few of the perps: Hisham Abugharbieh (Florida student murders), Jonathan Rinderknecht (Palisades Fire arson), Phoenix Ikner (FSU shooter), Ryan Schaefer (Missouri State vandalism)
There's also that thing involving somebody I think he used to be in the NFL and he was using ChatGPT to try to hide the body of his wife or something iirc
Digital evidence is huge for the last couple of decades and this is no different...
Curious if Thomson Reuters (Westlaw) felt threatened if they were this compelled to moan about it. All it does is make me wonder how well these skills perform when paired with Lexis (if possible?) instead of Westlaw.
The only issue is that in some jurisdictions, like the UK, you can't just offer someone legal advice without being SRA accredited or FCA regulated. I.e. this would effectively make Anthropic a claims management firm under the UK law.
> Under article 89I of Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 ("The Order"), advising a claimant or potential claimant, investigating a claim and representing a claimant, in relation to a financial services or financial product claim is a defined regulated activity.
https://www.fca.org.uk/freedom-information/dual-regulation-c...
I'm a bit bothered by this line. Does it mean this is based on customer's sessions? Are they entitled to build knowledge bases for every profession, topic and workflow in the world using customer data?
Sounded far fetched back then, and on the face of it illegal, but now it's just common sense I imagine.
I'm just wondering how committed they'll be - I guess the edge some startups still have, is the fear that product suites from OpenAI / Anthropic / etc. will go the way of Google products, a year or two then straight to the morgue.
I see this as a strong case for private AI, or an in-house stack.
Or I have to be missing something.
But still, a TSMC style pure play model provider would win huge business in the space given how many application companies are being eaten by model companies.
Harvey is valued at $11b
A life of every thin wrapper company will be the same. Anthropic/OpenAI will just cut the middle-man as soon as they see potential.
`/loop 2days /create-new-{insert-industry}-md-files`
This is only for PR. No one checks what's in those docs, or if these are real, valid or ethical. The goal here is for all news outlets to pick them up. You're not the audience.
Given the amount of free PR they can get from some AI-generated .md files, I'd probably do the same if I was on their boat.
Right now, I don't think any other AI company generates as much as slop as Anthropic does.
Each cycle gets shorter and shorter to sustain the high.
[1] https://www.youtube.com/watch?v=HUngLgGRJpo
Landlords, tenants, vendors, business and former romantic partners, clients, banks, even your local gym is way more likely to try to fuck you over than the government is.
I dont mean 'frivolous' like prisoners who file pro-se about their ice cream melting [1], but a level or two above that , that costs time and money to produce records and testimony to defend, even if nary a dime is paid out. Basically ask GPT to figure out the terms and theories to file to get your lawsuit accepted, and done by poor people who cannot afford to post $ or repay if they lose. aka "asymmetric warfare" that benefits the little guy, just like the kind private equity or other terrible corporations wield against the poor via"mandatory arbitration" clauses or damages caps and similar rules that always benefit corporations.
1. https://www.deseret.com/1994/3/21/19098386/melted-ice-cream-...
First step out of line and that account along with anything remotely connected will be banned to oblivion.
Given they share models on Azure, Anthropic will have someone at Microsoft on speed dial.
I've even seen disconnected commit hashes disappear during their security responses which the repo owner has no way of removing.
I half-suspect they threatened him and he stuck to his guns.
er, wait