On February 17, 2026, Judge Jed Rakoff of the U.S. District Court for the Southern District of New York issued a ruling that sent shockwaves through the legal profession. In United States v. Heppner, the court held that documents a defendant created using a consumer AI platform were not protected by attorney-client privilege or the work product doctrine. The reasoning was devastating in its simplicity: the AI tool's privacy policy reserved the right to collect user inputs, use them for training, and share data with third parties—including government authorities.
The implications extend far beyond one criminal case. If you are a lawyer, corporate counsel, or any professional handling privileged communications, this ruling should change how you think about every AI tool that touches your confidential conversations—including meeting transcription services.
What Happened in United States v. Heppner
Bradley Heppner, a corporate executive charged with securities fraud, used a publicly available version of the AI platform Claude to research and develop his legal defense strategy. He later shared those AI-generated documents with his attorneys. When the FBI seized his electronic devices during a search warrant, Heppner claimed the 31 AI-generated documents were protected by attorney-client privilege.
The court rejected this argument on three grounds. First, as the Harvard Law Review's analysis explained, Judge Rakoff found that the communications were not between Heppner and his attorney—they were between Heppner and an AI tool. Second, the communications were not confidential because the AI platform's privacy policy permitted data collection and third-party sharing. Third, the documents were not created at the direction of counsel.
As Bryan Cave Leighton Paisner noted in their April 2026 alert, the ruling extends beyond chatbot interactions. Consumer-grade AI tools broadly disclaim confidentiality and reserve the right to use user inputs—which means any sensitive information discussed during a recorded meeting and processed by a cloud transcription service faces the same privilege risk.
Why Cloud AI Meeting Transcription Is Now a Privilege Minefield
The Heppner ruling didn't happen in isolation. It arrived amid an explosion of AI transcription tools entering the workplace. As the Littler Mendelson analysis from February 2026 documented, one in five professionals reported frequently using AI to draft meeting notes in a 2025 survey. These tools are recording, transcribing, and cloud-processing conversations at a pace that legal governance has not kept up with.
The privilege problem is straightforward. Under long-established legal doctrine, attorney-client privilege requires three elements: a communication between a client and their attorney, that is kept confidential, for the purpose of obtaining legal advice. When a cloud AI transcription tool processes a privileged meeting, it introduces a third party—the cloud service provider—into that communication. And as the Heppner court emphasized, the provider's privacy policy governs whether confidentiality is maintained.
Consider what this means in practice. A legal team holds a sensitive strategy meeting over Zoom. An AI transcription bot joins the call, records every word, uploads the audio to cloud servers, and generates a transcript stored on the provider's infrastructure. The provider's terms of service may permit data use for model training, analytics, or sharing with third parties. At that moment, the confidentiality element of privilege is potentially destroyed.
The Privacy Policy Problem
The court in Heppner placed significant weight on the AI platform's privacy policy. The policy disclosed that user inputs and outputs could be collected, used for training, and disclosed to third parties including government regulatory authorities. This is not unique to chatbot platforms. Major cloud transcription services operate under similarly broad privacy policies.
Otter.ai's privacy policy, for example, grants the company rights to process and use the data you provide through its service. The consolidated class action In re Otter.AI Privacy Litigation alleges that Otter uses meeting transcripts to train its AI models without adequate consent from all participants. If a court applies the Heppner reasoning to meeting transcription tools, any privileged communication processed through such a service could be deemed non-confidential—and thus unprotected.
The Multi-State Wiretapping Trap Compounds the Risk
The privilege problem doesn't exist in a vacuum. As we explored in our article on employer liability for AI meeting tools, the legal landscape for AI recording is a patchwork of conflicting state laws. Approximately 13 states require all-party consent before any recording of a confidential conversation. A single virtual meeting with participants in California, Illinois, and New York can trigger overlapping and sometimes contradictory consent obligations.
For legal professionals, this creates a compounding risk. Not only might the cloud transcription destroy privilege, but the recording itself may violate state wiretapping statutes if proper consent was not obtained from all participants. As the Goodwin Law analysis from April 2026 warned, AI transcription tools that auto-join meetings without explicit consent expose organizations to both civil liability and, in egregious cases, criminal penalties.
The Law Firm Response: Bans, Policies, and Panic
The legal industry's response to the Heppner ruling has been swift. The Duane Morris analysis from February 2026 recommended that law firms immediately review vendors' terms of service and data retention policies, establish internal safeguards preventing employees from using third-party AI transcription tools, and implement companywide policies governing AI use for meeting transcription.
The NYC Bar Association issued Formal Opinion 2025-6 specifically addressing AI recording of attorney-client conversations. The key requirements include obtaining client consent before using AI to record or transcribe, evaluating vendor data storage and training practices, and independently verifying AI-generated transcripts for accuracy.
But there's a fundamental problem with the "ban and govern" approach: it doesn't change the underlying technology. As long as meeting audio is uploaded to a cloud service with a privacy policy that permits data use and third-party sharing, the confidentiality required for privilege is structurally undermined. No corporate policy can override a vendor's terms of service.
The On-Device Solution: Why Architecture Matters for Privilege
The Heppner ruling crystallized a truth that privacy advocates have been arguing for years: where your data is processed determines whether it remains confidential. The court specifically noted that Heppner communicated with a public, non-enterprise version of an AI tool. The distinction between "public cloud" and "on-device" processing is now a legally meaningful one.
On-device AI transcription eliminates the third-party disclosure problem entirely. When audio is captured, processed, and transcribed on your own device—never leaving that device, never touching a cloud server—there is no third-party privacy policy to worry about. There is no vendor collecting your inputs. There is no data training pipeline consuming your privileged conversations.
This is precisely the architecture Apple has committed to with Apple Intelligence. As Apple doubles down on on-device AI processing ahead of WWDC 2026, the company's approach minimizes exposure to breaches, surveillance, or unauthorized access that can plague cloud-centric systems. Data processed directly on your iPhone, iPad, or Mac never leaves the device unless absolutely necessary.
| Factor | Cloud AI Transcription | On-Device AI (Basil AI) |
|---|---|---|
| Third-party data access | ❌ Vendor accesses audio & transcripts | ✅ No third party ever sees your data |
| Privacy policy risk | ❌ Vendor may use data for training/sharing | ✅ No vendor privacy policy applies |
| Privilege preservation | ❌ Confidentiality element at risk per Heppner | ✅ No disclosure to any third party |
| Data retention | ❌ Cloud servers may retain data indefinitely | ✅ Data stays on your device; delete anytime |
| Discoverability | ❌ Cloud records may be subpoenaed from vendor | ✅ No cloud records to subpoena |
Practical Steps for Legal Professionals After Heppner
The ruling provides a clear roadmap for legal professionals who want to use AI transcription without destroying privilege:
- Audit your current AI tools immediately. Review the privacy policies and terms of service for every AI tool used in connection with legal work. If the policy permits data collection, model training, or third-party sharing, the tool is a privilege risk.
- Distinguish enterprise from consumer tools. The Heppner court left open the possibility that enterprise-grade AI tools with contractual confidentiality protections could produce different outcomes. But as the Duane Morris analysis noted, due diligence on vendor terms is essential.
- Switch to on-device transcription for privileged meetings. The most structurally sound approach is to eliminate cloud processing entirely. On-device tools like Basil AI process everything locally using Apple's on-device Speech Recognition framework, meaning no audio or transcript data ever leaves your device.
- Establish clear AI governance policies. Direct employees and clients that any use of AI tools in connection with legal matters must be coordinated with counsel—the precise gap that destroyed privilege in Heppner.
- Obtain documented consent for all recordings. In the 13 all-party consent states, including California, Florida, and Illinois, activate AI recording only after every participant has expressly agreed. As we discussed in our analysis of AI transcripts as eDiscovery time bombs, these recordings create discoverable evidence regardless of privilege status.
The Bigger Picture: Privacy Architecture as Legal Infrastructure
The Heppner ruling is a harbinger of a larger transformation in how the legal system evaluates AI tools. The EU AI Act's high-risk AI system requirements, taking effect in August 2026, will add additional compliance obligations for AI systems used in worker monitoring and management. The convergence of GDPR requirements, as outlined under Article 5 of the GDPR (data minimization), with the Heppner privilege analysis points to a consistent legal principle: the less data you share with third parties, the more legal protection you retain.
On-device AI isn't just a privacy feature. After Heppner, it's legal infrastructure. It's the architectural choice that preserves the confidentiality element of privilege, eliminates third-party disclosure risk, avoids wiretapping liability in all-party consent jurisdictions, and keeps your data outside the reach of vendor subpoenas, government data requests, and AI training pipelines.
For legal professionals who handle privileged communications—which is to say, all legal professionals—the question after Heppner is no longer whether cloud AI tools are convenient. It's whether you can afford the privilege risk of using them.
🔒 Protect Privileged Conversations with On-Device AI
Basil AI processes everything on your device. No cloud uploads. No third-party access. No privilege risk. Record up to 8 hours of meetings with real-time transcription that never leaves your iPhone or Mac.
