All posts
aba-512privacycomplianceopinion

ABA Opinion 512 and the Privacy Paradox in Legal AI

Formal Opinion 512 demands reasonable steps to protect client data when using generative AI. Most tools answer with a privacy policy. We answer with cryptography.

BarZero Editorial·April 8, 2026·3 min read

ABA Opinion 512 and the Privacy Paradox in Legal AI

In July 2024, the American Bar Association issued Formal Opinion 512 — its most direct guidance yet on attorney use of generative AI. The headline duty is simple: if you feed client data into an AI tool, you must take reasonable steps to prevent unauthorized disclosure.

But what counts as reasonable?

The Industry's Answer: Contractual Promises

Every major legal AI vendor — Harvey, CoCounsel, Spellbook, Casetext — addresses 1.6(c) the same way: a contract. Their DPAs promise not to use your data for training. Their SOC 2 reports attest to access controls. Their sales decks feature a padlock icon.

This is a legal promise, not a technical constraint. The data still lands on their servers. Their employees still could access it, even if policy says they shouldn't. If they're breached, the data was there to be breached.

For most SaaS, that's fine. For privileged legal communications, it creates a tension Opinion 512 doesn't resolve: is a contractual promise a reasonable step, or should you demand more?

The Architectural Alternative

BarZero takes a different position. Rather than promising not to look at your data, we've built an architecture where we cannot look at your data — even if we wanted to.

Here's how:

  1. Client-side encryption. Your document is encrypted in your browser using AES-256-GCM with a key that never leaves your device. BarZero's server sees ciphertext, not plaintext.

  2. Zero Data Retention routing. The encrypted payload is decrypted in memory on BarZero's stateless request handler, forwarded to Anthropic's Claude API on the Zero Data Retention path, and the response is returned. No plaintext is persisted on BarZero infrastructure.

  3. Signed attestation. Every request produces an Ed25519-signed certificate recording what model was used, whether ZDR was active, and which (if any) external tools were touched. The certificate is independently verifiable using our open-source script.

  4. RFC-3161 timestamping. Each certificate is anchored to a third-party Timestamp Authority (FreeTSA.org), so the issuance time is not something you have to take BarZero's word for.

What This Means for Solo Practitioners

Solo attorneys face a specific version of this problem: they can't afford a compliance team to vet every AI vendor's privacy architecture. They need the tool to be safe by default, not safe if you read the 40-page DPA correctly.

Opinion 512's "reasonable steps" standard is fact-specific. But an architecture that cannot retain your data is a stronger fact than one that promises not to. The attestation certificate is the receipt that proves it.

The Open Question

Opinion 512 doesn't name specific technologies. It doesn't say "use zero-knowledge architectures" or "demand Ed25519 signatures." It says "reasonable steps." The profession is still working out what that means in practice.

Our bet is that within five years, the bar will shift. Contractual promises will be necessary but not sufficient. Architectural guarantees — provable, downloadable, independently verifiable — will become the baseline. We're building for that future now.

BarZero is built for solo attorneys and small firms who take client confidentiality seriously enough to demand cryptographic proof, not just a vendor promise. Every feature ships with a signed attestation certificate you can verify yourself.