SXSW Privacy Discussion: The Rising Risks Lawyers Can’t Ignore

On Friday afternoon at SXSW, Meredith Whittaker, CEO of Signal, painted a sobering and downright alarming picture of the modern privacy landscape. Whittaker argued that the world today is more surveilled than ever before, with a handful of corporations and governments wielding unprecedented access to our personal data. Her comments highlighted the risks that everyone — but especially lawyers, given our duty of confidentiality — need to take seriously.

The Erosion of Privacy

Whittaker noted that privacy is not a luxury; it is a fundamental condition for free thought, secure relationships, and democratic engagement. Yet, we live in an era where every message, search query, and interaction is recorded, stored, and could potentially be weaponized against us. The sheer volume of data collected by companies like Google, Meta, and telecommunications providers creates vast vulnerabilities. Whether through government subpoenas, corporate data sales, or hacking incidents, this information is accessible in ways many of us just don’t fully appreciate.

To illustrate her point, Whittaker posed a chilling hypothetical that quieted the room:

Every single message you’ve ever sent in your life is suddenly on a database and a link just got sent to everyone you know. That’s your boss, that’s your best friend, that’s your dad’s best friend, that’s the weird guy who comes to your Thanksgiving. That’s everyone you know, and they click on that link, and they can access that database. And there’s a little AI bot that’s like appended onto that database so they can quickly summarize everything in that database, search their name. Search that one time you told that weird lie because you hadn’t had coffee, searched that time you taught shit on your best friend because you were in a weird place…Search that message to your doctor? Search that thing you sent to your colleague that was really mean about your other colleagues, search your prescription information. Search the time you talk to a union organizer, search the time you reported corruption at your workplace with journalists, all of that is on there.

As large language models and AI become more powerful, it will become even easier for an AI bot to summarize and search everything, exposing your personal, professional, and even legal conversations. Whittaker says this is not science fiction; it reflects today’s reality.

Why Lawyers Should Care

For lawyers, the implications of these privacy risks are particularly critical. Attorney-client privilege and confidentiality are not just ethical obligations, they form the very basis of attorney client relationships. Lawyers need to be aware of and comply with their ethical duty to protect “information relating to the representation of a client.” They also need to understand and satisfy the ethical obligation to understand the risks and benefits of technology under the rules of professional responsibility. At a minimum, these duties require lawyers to be informed of the threats technology poses to client confidentiality.

Moreover, both lawyers and clients need to be secure in the knowledge that their conversations are protected and not easily accessible to others. Lawyers also need to be prepared to advise clients on privacy risks and how to mitigate them.

The Threats

Legal professionals need to be informed of the vulnerabilities presented by modern communication tools. Here are some examples:

• Law Enforcement and Legal Requests: Whittaker pointed out that law enforcement has been able to obtain Facebook messages as evidence in a criminal cases. If privileged attorney-client communications exist on platforms that comply with such requests, legal confidentiality is at risk.
• Hacking and Cybersecurity Threats: The recent Solar Typhoon hack exposed how a foreign government infiltrated U.S. telecom networks, potentially accessing call logs, text messages, and metadata. If a law firm or in-house legal department relies on insecure channels, adversaries — whether state actors, opposing parties or cybercriminals — could gain access to confidential materials.
• Metadata Matters: Even when message content is encrypted, metadata — who you talk to, when, and how often — can reveal critical details. As Whittaker noted, metadata to can be used to track relationships, map influence networks, and uncover confidential activities. In legal matters, this could expose privileged consultations, witness communications, or legal strategies.

The Need for Stronger Protections

Given these risks, lawyers and legal professionals should think through their approach to digital communications. Steps to consider include:

1. Limiting the Use of Commercial Messaging Apps: Mainstream platforms like WhatsApp, iMessage, and Telegram may offer some encryption, but they still collect metadata and, in some cases, retain message content. Lawyers should avoid discussing sensitive matters on these apps.
2. Implementing Secure Communication Protocols: Law firms and legal departments should prioritize end-to-end encryption tools that minimize data collection and do not store metadata.
3. Educating Clients on Privacy Risks: Confidentiality doesn’t just depend on lawyers; clients also need to understand the risks of discussing legal matters on insecure channels both when talking to their lawyers and in their day-to-day business activities.
4. Challenging Data Retention Policies: Many tech companies store years’ worth of messages, call logs, and search history. Lawyers should advocate for stricter data retention limits and ensure their own firms do not store unnecessary digital records that could later be subpoenaed or hacked.

The Signal Platform

To be fair, Whittaker’s keynote also highlighted the potential role of the Signal tools in addressing the risks to privacy. Signal is a nonprofit, open-source messaging platform that Whitaker says was designed to provide secure and private communications. Unlike commercial platforms that collect metadata and comply with government requests, Whittaker told us that Signal was built to collect and retain as little data as possible. Because it is open source, she argued that its security protocols can be independently audited, ensuring transparency and trust. If all this is correct (I haven’t investigated Signal or used it), for lawyers seeking to protect attorney-client privilege, adopting tools like Signal could be a useful step to protect confidentiality.

The Bottom Line

The risks Whittaker described aren’t hypothetical — they are unfolding now. Sensitive legal information is potentially more exposed today than ever. Yet, many lawyers and legal professionals remain unaware of the real nature of these threats.

Safeguarding attorney-client privilege and protecting client confidences requires more than lip service to ethical commitments. It demands ongoing education, awareness of evolving risks, and concrete steps to mitigate threats before they compromise the very foundation of the legal profession.

Stephen Embry is a lawyer, speaker, blogger and writer. He publishes TechLaw Crossroads, a blog devoted to the examination of the tension between technology, the law, and the practice of law.

The post SXSW Privacy Discussion: The Rising Risks Lawyers Can’t Ignore appeared first on Above the Law.