Bench & Bar May/June 2026

3. AMBIENT INTELLIGENCE We are surrounded by always on devices. These are sophisticated datacollection nodes designed to listen for wake words. 4 These devices constantly buffer audio to the cloud. An overheard conversation may become a stored conversation. A stored conversation may become discoverable. 4. HIDDEN COMPUTERS For many of us, the term computer conjures up an image of a desktop or laptop. Our mobile phones, our televisions, and even our ovens are now computers. These devices are networked, sensor-rich, and voice-en abled. Each device adds a node area where privileged or sensitive information can be captured, cached, or inferred from seem ingly innocuous conversations. NO LONGER JUST FOUR WALLS Your office is no longer contained within four walls. Your firm is defined by the reach of the devices in any physical location in which work is being conducted. Every firm should have an audio & visual AI No-Fly Zones. Consider: The Smart Speaker Rule: Prohibit smart speakers in any room where client meetings or privileged calls occur ( e.g. , a home office, relative’s homes, a hotel room). Mobile Voice Assistants: Require voice assistants to be disabled during client work. They are listening for a trigger which will prompt them to upload a client’s confiden tial data to a manufacturer’s server. Spatial & Wearable Tech: Prohibit smart glasses and devices which can map the room visually, creating a digital twin of your confidential documents and workspace. The Dashboard Risk: Prohibit taking sensitive client calls in cars with smart dashboards that listen in, then sync audio to the manufacturer’s cloud to improve the user experience. TECHNICAL GOVERNANCE ECOSYSTEM 1. NO CONSUMER SOFTWARE ALLOWED I have two bedrock rules for AI. The first is

4. HUMAN-IN-THE-LOOP AND THE AUDIT TRAIL Our second bedrock rule is a human-in-the loop policy: every AI-assisted document receives human review. This is not unique to AI—an attorney should always review work produced by nonattorneys. Because we trust AI less than humans, our review of AI-generated work is more thorough. AI may draft, summarize, or flag inconsisten cies, but it does not exercise legal judgment. Where appropriate, we keep an audit trail by saving the original AI output alongside the attorney’s review. This shows that AI was used only for efficiency and that a licensed lawyer made all final judgments and verifi cations. We also treat prompts as sensitive work product and scrub them from deliv erables to prevent any leakage of internal legal strategy. MY AI STACK My AI stack is always evolving but currently includes tools for (1) drafting and editing; (2) review of individual documents and entire plans; (3) maintaining and search ing a curated set of codes, regulations, case law, and agency manuals for specific topics; (4) generating graphics and plainlanguage explanations for clients; and, (5) creating a learning library for the firm. 1. MICROSOFT COPILOT – BUSINESS LICENSE We use Copilot as an editor and drafting partner for correspondence, marketing materials, conference papers, articles, and other nonlegal documents. We use it to help confirm that our individual documents and our plans are complete, consistent, and grammatically sound. We also use Copilot as an audit tool for large data sets to confirm that human review was accurate and complete. For complex Med icaid applications and probate inventories, we create structured review packets—our human analysis, source data, and governing rules—so Copilot functions as a secondary audit layer. Because Teams transcriptions stay within our Microsoft tenant, we use Teams for meetings. Copilot can convert Teams tran scripts into summary emails, log entries,

simple: all work must be done in business or enterprisegrade software and accounts. Consumer platforms may be convenient, but in many of them you are not the cus tomer—the data recipient is. That data may be your client’s. Because AI impossible to avoid, software should be under a business or enterprise license. Use services that explicitly promise a walled garden. For example, Microsoft 365 Business keeps our prompts and responses inside our organization’s tenant and does not use them to train the model. We only use tools that state this clearly in writing in their terms of service and published documentation. If HIPAA applies to your client matter, you are not automatically protected by a busi ness or enterprise license. HIPAA doesn’t come from a license—it requires a Busi ness Associate Agreement (BAA) with any vendor that will create, receive, maintain, or transmit PHI. You must have an executed BAA, or you are not protected. HIPAA pro tection through a BAA is available only for inscope services when the firm is a covered entity and properly configured. While you can safely use a Mac in your law firm, do not use iCloud for storage. Apple’s iCloud Terms explicitly prohibit using iCloud in any way that would make Apple a HIPAA Business Associate. For non-HIPAA client work, we still avoid Apple’s consumer cloud and products that piggy-back on it because it lacks the contractual commit ments we require. 2. NO SHADOW ECOSYSTEMS, NO MIXED ECOSYSTEMS Anyone handling client data must use our approved ecosystem on any device. Shadow ecosystems ( e.g. , personal or student sub scriptions) and personal desktops are not permitted. 3. INFORMED CONSENT: THE AI DISCLOSURE CLAUSE Our engagement letters now include a specific AI Disclosure Clause informing clients that we utilize advanced technology to enhance efficiency and accuracy, main tain a sovereign environment, and enforce human review protocol.

17 bench & bar