On
Friday
afternoon
at
SXSW,
Meredith
Whittaker,
CEO
of
Signal,
painted
a
sobering
and
downright
alarming
picture
of
the
modern
privacy
landscape.
Whittaker
argued
that
the
world
today
is
more
surveilled
than
ever
before,
with
a
handful
of
corporations
and
governments
wielding
unprecedented
access
to
our
personal
data.
Her
comments
highlighted
the
risks
that
everyone
—
but
especially
lawyers,
given
our
duty
of
confidentiality
—
need
to
take
seriously.
The
Erosion
of
Privacy
Whittaker
noted
that
privacy
is
not
a
luxury;
it
is
a
fundamental
condition
for
free
thought,
secure
relationships,
and
democratic
engagement.
Yet,
we
live
in
an
era
where
every
message,
search
query,
and
interaction
is
recorded,
stored,
and
could
potentially
be
weaponized
against
us.
The
sheer
volume
of
data
collected
by
companies
like
Google,
Meta,
and
telecommunications
providers
creates
vast
vulnerabilities.
Whether
through
government
subpoenas,
corporate
data
sales,
or
hacking
incidents,
this
information
is
accessible
in
ways
many
of
us
just
don’t
fully
appreciate.
To
illustrate
her
point,
Whittaker
posed
a
chilling
hypothetical
that
quieted
the
room:
Every
single
message
you’ve
ever
sent
in
your
life
is
suddenly
on
a
database
and
a
link
just
got
sent
to
everyone
you
know.
That’s
your
boss,
that’s
your
best
friend,
that’s
your
dad’s
best
friend,
that’s
the
weird
guy
who
comes
to
your
Thanksgiving.
That’s
everyone
you
know,
and
they
click
on
that
link,
and
they
can
access
that
database.
And
there’s
a
little
AI
bot
that’s
like
appended
onto
that
database
so
they
can
quickly
summarize
everything
in
that
database,
search
their
name.
Search
that
one
time
you
told
that
weird
lie
because
you
hadn’t
had
coffee,
searched
that
time
you
taught
shit
on
your
best
friend
because
you
were
in
a
weird
place…Search
that
message
to
your
doctor?
Search
that
thing
you
sent
to
your
colleague
that
was
really
mean
about
your
other
colleagues,
search
your
prescription
information.
Search
the
time
you
talk
to
a
union
organizer,
search
the
time
you
reported
corruption
at
your
workplace
with
journalists,
all
of
that
is
on
there.
As
large
language
models
and
AI
become
more
powerful,
it
will
become
even
easier
for
an
AI
bot
to
summarize
and
search
everything,
exposing
your
personal,
professional,
and
even
legal
conversations.
Whittaker
says
this
is
not
science
fiction;
it
reflects
today’s
reality.
Why
Lawyers
Should
Care
For
lawyers,
the
implications
of
these
privacy
risks
are
particularly
critical.
Attorney-client
privilege
and
confidentiality
are
not
just
ethical
obligations,
they
form
the
very
basis
of
attorney
client
relationships.
Lawyers
need
to
be
aware
of
and
comply
with
their
ethical
duty
to
protect
“information
relating
to
the
representation
of
a
client.”
They
also
need
to
understand
and
satisfy
the
ethical
obligation
to
understand
the
risks
and
benefits
of
technology
under
the
rules
of
professional
responsibility.
At
a
minimum,
these
duties
require
lawyers
to
be
informed
of
the
threats
technology
poses
to
client
confidentiality.
Moreover,
both
lawyers
and
clients
need
to
be
secure
in
the
knowledge
that
their
conversations
are
protected
and
not
easily
accessible
to
others.
Lawyers
also
need
to
be
prepared
to
advise
clients
on
privacy
risks
and
how
to
mitigate
them.
The
Threats
Legal
professionals
need
to
be
informed
of
the
vulnerabilities
presented
by
modern
communication
tools.
Here
are
some
examples:
-
Law
Enforcement
and
Legal
Requests: Whittaker
pointed
out
that
law
enforcement
has
been
able
to
obtain
Facebook
messages
as
evidence
in
a
criminal
cases.
If
privileged
attorney-client
communications
exist
on
platforms
that
comply
with
such
requests,
legal
confidentiality
is
at
risk. -
Hacking
and
Cybersecurity
Threats: The
recent
Solar
Typhoon
hack
exposed
how
a
foreign
government
infiltrated
U.S.
telecom
networks,
potentially
accessing
call
logs,
text
messages,
and
metadata.
If
a
law
firm
or
in-house
legal
department
relies
on
insecure
channels,
adversaries
—
whether
state
actors,
opposing
parties
or
cybercriminals
—
could
gain
access
to
confidential
materials. -
Metadata
Matters: Even
when
message
content
is
encrypted,
metadata
—
who
you
talk
to,
when,
and
how
often
—
can
reveal
critical
details.
As
Whittaker
noted,
metadata
to
can
be
used
to
track
relationships,
map
influence
networks,
and
uncover
confidential
activities.
In
legal
matters,
this
could
expose
privileged
consultations,
witness
communications,
or
legal
strategies.
The
Need
for
Stronger
Protections
Given
these
risks,
lawyers
and
legal
professionals
should
think
through
their
approach
to
digital
communications.
Steps
to
consider
include:
-
Limiting
the
Use
of
Commercial
Messaging
Apps: Mainstream
platforms
like
WhatsApp,
iMessage,
and
Telegram
may
offer
some
encryption,
but
they
still
collect
metadata
and,
in
some
cases,
retain
message
content.
Lawyers
should
avoid
discussing
sensitive
matters
on
these
apps. -
Implementing
Secure
Communication
Protocols: Law
firms
and
legal
departments
should
prioritize
end-to-end
encryption
tools
that
minimize
data
collection
and
do
not
store
metadata. -
Educating
Clients
on
Privacy
Risks: Confidentiality
doesn’t
just
depend
on
lawyers;
clients
also
need
to
understand
the
risks
of
discussing
legal
matters
on
insecure
channels
both
when
talking
to
their
lawyers
and
in
their
day-to-day
business
activities. -
Challenging
Data
Retention
Policies: Many
tech
companies
store
years’
worth
of
messages,
call
logs,
and
search
history.
Lawyers
should
advocate
for
stricter
data
retention
limits
and
ensure
their
own
firms
do
not
store
unnecessary
digital
records
that
could
later
be
subpoenaed
or
hacked.
The
Signal
Platform
To
be
fair,
Whittaker’s
keynote
also
highlighted
the
potential
role
of
the
Signal
tools
in
addressing
the
risks
to
privacy.
Signal
is
a
nonprofit,
open-source
messaging
platform
that
Whitaker
says
was
designed
to
provide
secure
and
private
communications.
Unlike
commercial
platforms
that
collect
metadata
and
comply
with
government
requests,
Whittaker
told
us
that
Signal
was
built
to
collect
and
retain
as
little
data
as
possible.
Because
it
is
open
source,
she
argued
that
its
security
protocols
can
be
independently
audited,
ensuring
transparency
and
trust.
If
all
this
is
correct
(I
haven’t
investigated
Signal
or
used
it),
for
lawyers
seeking
to
protect
attorney-client
privilege,
adopting
tools
like
Signal
could
be
a
useful
step
to
protect
confidentiality.
The
Bottom
Line
The
risks
Whittaker
described
aren’t
hypothetical
—
they
are
unfolding
now.
Sensitive
legal
information
is
potentially
more
exposed
today
than
ever.
Yet,
many
lawyers
and
legal
professionals
remain
unaware
of
the
real
nature
of
these
threats.
Safeguarding
attorney-client
privilege
and
protecting
client
confidences
requires
more
than
lip
service
to
ethical
commitments.
It
demands
ongoing
education,
awareness
of
evolving
risks,
and
concrete
steps
to
mitigate
threats
before
they
compromise
the
very
foundation
of
the
legal
profession.
Stephen
Embry
is
a
lawyer,
speaker,
blogger
and
writer.
He
publishes TechLaw
Crossroads,
a
blog
devoted
to
the
examination
of
the
tension
between
technology,
the
law,
and
the
practice
of
law.