Introduction
Generative AI tools and platforms are being used in many ways across all facets of business and daily life. Publicly available AI tools, such as ChatGPT, Claude, and Gemini, are used to answer questions, draft documents, and summarize data, among other uses. These public-facing generative AI tools use technology such as large learning models (LLMs) to train and learn from data imported by users. While there are various types of AI platforms with differing security features, users must understand the associated risks. A recent federal court decision—United States v. Heppner—underscores a critical risk: user inputs into public generative AI platforms and output documents derived from those interactions are not necessarily confidential and, in the context of litigation, may not be protected from disclosure by the attorney-client privilege or the work product doctrine.
Summary of the Case and Holding
In United States v. Heppner, Judge Jed Rakoff of the U.S. District Court for the Southern District of New York addressed whether documents reflecting a client’s interactions with a generative AI platform—later provided to defense counsel—were protected from disclosure to the government by the attorney-client privilege or work product doctrine. In this criminal proceeding, the defendant, Bradley Heppner, was charged with securities fraud and related crimes. After receiving a grand jury subpoena but before indictment, Heppner used a publicly available generative AI tool, Claude, to generate documents and explore potential legal strategies. This was done independently, without direction from counsel, and the materials were later shared with his attorneys.
Following indictment, the FBI seized documents and devices, including the AI inputs and outputs. The defendant asserted attorney-client privilege and work product protection, arguing that the materials were created for the purpose of seeking legal advice and later shared with counsel. The court rejected these arguments.
Attorney-Client Privilege
The court reaffirmed that attorney-client privilege protects confidential communications between a client and an attorney made for the purpose of obtaining legal advice. However, it held that the privilege did not apply because the communications were made to a third-party AI platform, not to an attorney or agent of an attorney. The court also found that any expectation of confidentiality was waived, as the AI platform’s terms allowed use of the data for training and potential disclosure to third parties. The fact that the documents were later shared with counsel did not restore privilege.
Work Product Doctrine
The court also rejected application of the work product doctrine, which protects materials prepared by or at the direction of counsel in anticipation of litigation. The documents at issue were created independently by the defendant and did not reflect counsel’s strategy or direction. Accordingly, they did not qualify for protection.
Takeaways and Lessons
The decision reinforces that voluntarily sharing information with a non-confidential third party can destroy privilege protections, which may have serious consequences in litigation. Users of generative AI must understand the terms of use, privacy policies, and security features of the platforms they use. Open AI platforms, such as publicly accessible tools, may use inputs and outputs for training and may share data with third parties, meaning they are not truly confidential.
In contrast, closed or secure AI platforms may offer greater confidentiality protections, as they typically do not use data for training and restrict access through security controls. However, users must still carefully evaluate the terms and safeguards of these systems.
Clients should consult counsel before using AI tools to analyze legal issues or develop legal strategies in connection with actual or anticipated litigation. These considerations apply not only to individuals but also to businesses and organizations. Companies should implement policies and training regarding AI use, and lawyers must remain mindful of their ethical obligations to maintain client confidentiality and technological competence.
Author:
Matthew D. Dunn/Partner