A Professional Creed

On AI, Custody, and What Attorneys Actually Owe Their Clients

Published by CloseVector — Legal AI Infrastructure

Written by Dean Hoffman, CloseVector. Not an attorney.

Creed

I do not owe an AI company my trust. I owe my client my vigilance.

The ABA does not ask me to be impressed by marketing. It asks me to act competently and to protect client information. Rule 1.6 treats “information relating to the representation” as confidential, not just the glamorous parts, not just the life-or-death parts, all of it. (ABA Rule 1.6) “Informed consent” is not a checkbox. It requires that I communicate adequate information and explanation about the material risks and alternatives. (ABA Rule 1.0(e)) And when I use outside services, including internet-based services, Rule 5.3 makes me responsible for ensuring those services are compatible with my professional obligations. (ABA Rule 5.3 Comment 3)

Now the reality. When I send client facts, client documents, or privileged strategy into a cloud AI system, I am not just “using a tool.” I am moving my client’s information across a boundary I do not control and cannot independently audit. I do not get to see the full handling path. I do not get to control the environment. I cannot independently verify the processing path: what system ran, where it ran, who could access it, what was retained, and what changed over time. I can ask. I can receive assurances. I still cannot produce an end-to-end chain of custody for the processing and access events inside the vendor boundary.

That is the informed consent problem. Not “AI sometimes hallucinates.” The hard problem is that I cannot truthfully explain the complete set of material risks and controls when the system is a moving vendor boundary.

If I cannot enumerate the risk paths with specificity, my client cannot evaluate them. If my client cannot evaluate them, their consent is not informed. It is paperwork pretending to be ethics. ABA Formal Opinion 512 makes this stricter, not looser. It says boilerplate engagement-letter language is not sufficient and it demands that lawyers understand and communicate risks tied to how the tool handles client information. (ABA Formal Opinion 512)

And this is not a theoretical debate. The harm, when it happens, is irreversible. Once privileged strategy or sensitive facts escape, you cannot unsee them. You cannot unshare them. You cannot rewind who received them. You can litigate after the fact, but that is damage control. It is not prevention. In high-stakes matters, that irreversibility is the whole game. We do not run privilege on hope. We run it on custody, control, and proof.

—

Even if you could clear consent, custody is still broken.

I do not confuse industry custom with the standard of care. In T.J. Hooper, Judge Learned Hand said plainly that an entire industry can lag behind reasonable prudence. (60 F.2d 737 (2d Cir. 1932)) “Everyone does it” is not a defense when safer options were available and you chose convenience.

So I am not going to “balance” my duty against vendor convenience. I am not going to let procurement checklists launder the core issue. I am not going to pretend that “no training” language, SOC reports, or nice dashboards change the structural fact that the vendor boundary is opaque and changeable. I am not going to take my client’s life, freedom, custody, reputation, leverage, or safety and route it through a system where I cannot maintain custody and cannot prove what happened.

—

Here is the rule I will live by.

I do not transmit privileged or client-confidential information to any system unless I can prove, with objective artifacts, what happens to it: where it goes, who can access it, how long it persists, and how I would detect and respond to exposure. If I cannot prove those facts, it stays local. And today, I cannot prove those facts for cloud AI systems in a way that is independent, complete, and stable over time, so I cannot responsibly ask a client to consent to using them for privileged or client-confidential matter content.

I do not place client-confidential or privileged material into third-party custody unless there is no practicable safer option. Local custody is the default for storage and compute. Local custody is not perfect, but the audit surface is mine to control and verify independently, without requiring vendor cooperation or vendor visibility into internal handling. Cloud is reserved for truly non-confidential work or practicably unavoidable constraints, and it is treated as a known exposure, not a safe default.

This is not anti-technology. It is pro-client. It is the only posture that respects what confidentiality actually means in practice.

The minute you make “exceptions” routine, you turn irreversibility into a probability argument, and that is how lawyers get trapped. You do not wait to buy insurance until you have proof you will crash. You also do not hand your client’s crown jewels to a third party and tell yourself it is fine because the probability feels low. In legal work, the tail risk is the risk.

I will use AI. Aggressively. But I will use it under my custody and under my client’s control. The standard described here is not aspirational. It is the minimum level of proof I require before I expose a client to irreversible disclosure risk.

Disclosures

This piece was written to articulate the compliance reasoning behind on-premises AI deployment for legal practice. The author is not an attorney. This is not legal advice. Nothing on this page constitutes legal counsel or creates an attorney-client relationship. The first-person voice is a rhetorical device to articulate the author's understanding of compliance reasoning. It does not represent legal practice or the rendering of legal opinions.

The author has a direct commercial interest in the subject matter: CloseVector builds air-gapped, on-premises AI infrastructure for law firms. Attorneys should evaluate these arguments independently and consult ethics counsel for jurisdiction-specific application.

Practitioners should review ABA Formal Opinion 512 independently for jurisdiction-specific application. Citations to ABA Model Rules reflect the Model Rules as published; individual state bars may apply different or additional requirements.