Ensuring Attorney Confidentiality with AI Models: Navigating the Intersection of Duties and Technology

TL;DR:

  • IP attorneys express concerns about confidentiality when using large language models (LLMs).
  • LLM queries and web search engine queries involve temporary third-party sharing.
  • Google’s data retention policies include storing search terms for service improvement.
  • OpenAI’s Privacy Policy allows opt-out for prompts used in ChatGPT training.
  • Attorneys are bound by ethical obligations to protect client information.
  • Cloud storage and email services are considered secure for preserving confidentiality.
  • Security measures provided by Google and OpenAI are sufficient for safeguarding client data.
  • Banning LLMs solely due to confidentiality concerns may be irrational in today’s tech-driven world.

Main AI News:

As the legal profession increasingly integrates technology into its daily operations, one pressing concern for intellectual property (IP) attorneys is how to uphold their confidentiality obligations while utilizing large language models (LLMs). During a recent panel discussion hosted by the U.S. Patent and Trademark Office (USPTO), a consensus emerged among the panelists that attorneys should exercise caution when performing LLM queries, primarily due to the remote storage of these queries, as opposed to the more transient nature of traditional Internet searches. This article seeks to shed light on this issue by examining the data retention policies of prominent tech giants like Google and OpenAI and how these policies intersect with attorneys’ confidentiality responsibilities.

The Functionality of Queries in the Digital Age

The proliferation of websites on the internet during the 1990s led to the emergence of web search engines, which have consistently relied on remote processing of user queries. These engines crawl and index websites using servers operated by search companies. When a user submits a query, the search engine’s database software processes it against the indexed websites and presents a list of results.

Consequently, when attorneys employ web search engines, their queries are temporarily shared with a third party, namely the servers operated by the search engine. A similar process unfolds when attorneys use large language models (LLMs) such as OpenAI’s ChatGPT, Google’s Bard, or Meta’s LLaMa. In this case, the prompt submitted to the LLM provider is also shared with a third party, the servers maintained by the LLM provider, albeit temporarily.

Google’s Approach to Data Handling

Google, a prominent web search engine, offers several reasons for retaining user queries for future use. Their Privacy Policy explicitly states that search terms may be collected and stored, associated with the user’s Google Account, or linked to the specific browser, application, or device in use. This data can be instrumental in improving services, such as spell-check features, personalized content, and customized search results. Google emphasizes the use of encryption to protect user data during transmission. Furthermore, they allow users to disable search history and delete activity information at their discretion.

In addition to stored search terms, Google Chrome incorporates settings that sync and personalize user experiences across devices, send URLs of visited pages to Google, and track topics of interest based on browsing history. These settings can also be deactivated, with corresponding data presumably deleted upon deactivation.

OpenAI’s Privacy Provisions

Similar to web search engines, LLM providers like OpenAI may retain prompts submitted by users for future use. OpenAI’s Privacy Policy specifies that content provided by users, including input, file uploads, or feedback, may be utilized to enhance their services, such as training the models behind ChatGPT. However, OpenAI provides an opt-out mechanism, allowing users to prevent prompts submitted to ChatGPT from being used for training. Additionally, OpenAI commits to implementing appropriate technical, administrative, and organizational measures to safeguard Personal Information both online and offline.

OpenAI extends enhanced privacy assurances to Enterprise and API customers. For Enterprise customers, prompts are not used for training, remain accessible only to authorized OpenAI employees for specific purposes, and are removed from OpenAI’s systems within 30 days. Similarly, API customer prompts are excluded from training, accessible only to authorized personnel for defined reasons, and securely retained for up to 30 days for abuse identification. OpenAI also offers “zero data retention (ZDR) for eligible endpoints for qualifying use-cases.”

Preserving Confidentiality and Privacy in Legal Practice

Attorneys are ethically bound to safeguard client information and maintain confidentiality, refraining from disclosing it to third parties without consent or legal authorization. While certain exceptions exist, such as communications with agents facilitating client-attorney interactions, these must ensure that the content remains protected from unauthorized disclosure.

In practice, cloud storage and email services often implement robust security measures to uphold attorney-client privilege and confidentiality. Notably, the risk of disclosure through cloud storage services is deemed minimal, especially when compared to other communication methods.

Likewise, attorneys routinely perform internet searches, assuming that their actions will not be revealed to third parties. They also rely on browser features for seamless synchronization between devices, with the reasonable expectation that activity information will remain confidential.

Conclusion: Embracing Technological Progress Responsibly

Given the established practices of using email and cloud storage services to handle confidential and privileged information, concerns surrounding LLMs may appear unwarranted. While LLM prompts tend to be more detailed than standard web queries, the robust security options provided by tech giants like Google and OpenAI should be deemed adequate to preserve confidentiality and privilege.

Attorneys can take additional steps to enhance security and reduce data exposure, such as optimizing Google settings or opting out of ChatGPT training. Nonetheless, outright bans on LLMs due to confidentiality concerns may seem illogical in an era of technological advancement, echoing the notion that prudent utilization of available security measures can effectively safeguard client information.

Conclusion:

The legal market should recognize that while AI and LLMs present confidentiality challenges, existing security measures offered by technology giants like Google and OpenAI can effectively protect client information. Embracing these advancements responsibly can help attorneys navigate the evolving landscape of legal practice in the digital age.

Source