AI Notetakers for Lawyers: Avoiding Privilege Waiver with On-Device Transcription

If you are a lawyer choosing an AI notetaker in 2026, the question is no longer whether the transcripts are accurate. It is whether using the tool quietly waives attorney-client privilege the moment a third-party vendor receives your client's audio. Cloud-based notetakers like Otter, Fireflies, and Zoom AI Companion introduce a non-lawyer third party into otherwise confidential communications — and state bars from New York to Illinois to Massachusetts have made clear that lawyers are responsible for what happens to that data. On-device transcription is the cleanest way to eliminate the vendor-as-third-party problem entirely.

Why AI notetakers are a privilege problem, not just a privacy problem

Attorney-client privilege protects confidential communications between a lawyer and client made for the purpose of legal advice — but only as long as those communications stay confidential. The minute a third party with no privilege of its own gains access to the content, the privilege analysis collapses. Cloud AI notetakers are designed to do exactly that: send audio to a vendor, transcribe and summarize it on the vendor's servers, store the result in the vendor's cloud, and often use it to train models.

The American Bar Association's guidance on transcription and notetaking software is blunt: while no reported case has yet pierced privilege specifically because of an AI notetaker, courts "routinely regard third-party access as a waiver event," and transcripts stored in third-party repositories are discoverable unless privilege applies.

That risk is no longer hypothetical. In United States v. Heppner, decided February 17, 2026, the Southern District of New York held that a defendant's exchanges with Anthropic's Claude were not protected by attorney-client privilege or the work product doctrine and could be inspected by the government. The court found no reasonable expectation of confidentiality because Anthropic's privacy policy disclosed that it collects user inputs and outputs, uses data to train the model, and may disclose data to third parties. The same logic applies to any cloud AI notetaker with similar terms — and most of them have similar terms.

What state bars now require before you turn on an AI notetaker

In December 2025, the New York City Bar Association published Formal Opinion 2025-6 specifically on AI tools used to record, transcribe, and summarize attorney-client calls. The opinion concludes that an attorney should obtain client consent before recording, consider whether transcribing is tactically advisable, and check AI-generated work product for accuracy. It also directs attorneys to evaluate where data will be stored and for how long, how it might be retrievable in discovery, whether the tool uses inputs for training, and whether there is a right to data deletion.

The Boston Bar Association takes the analysis further, identifying four factors every lawyer must address before using AI notetakers: consent, security, confidentiality and privilege, and client file retention. Its guidance is unusually direct on the architectural question: "lawyers must ensure that the inputs and outputs of AI notetakers and transcribers are retained on their own devices or clouds and are not disclosed to a third-party."

Illinois lawyers have similar duties. The Illinois 2Civility commission (May 2026) lays out a three-step framework adapted from the ARDC's AI guidance: classify the sensitivity of the information, identify whether the AI tool is internal or third-party, and evaluate vendor data safeguards including retention, model training, and staff access. And nationally, ABA Formal Opinion 512 requires lawyers to obtain informed client consent before inputting confidential information into self-learning AI tools and to understand the terms of use of any tool they deploy.

The competence duty has teeth

Don't dismiss this as soft ethics guidance. Under ABA Model Rule 1.1, comment 8, lawyers must keep abreast of the benefits and risks associated with relevant technology. State bar opinions on AI notetakers are increasingly cited by courts as the "standard of care" in malpractice cases. "I didn't know Otter trained on the audio" is no longer a defense.

Cloud vs. on-device AI notetakers: the comparison that matters

Here is the architectural decision every law firm faces, broken down across the dimensions the ABA and state bars actually care about:

The row that matters most for the privilege analysis is the second one. Every other dimension flows from it. If the vendor never receives the audio, there is no third party to waive privilege to, no server to subpoena, no training corpus to worry about, and no business associate agreement to negotiate.

The state wiretap problem most law firms underestimate

Before privilege is even on the table, AI notetakers have to clear a more basic hurdle: state wiretap law. According to the 2026 Recording Law guide, twelve states currently require all-party consent: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Oregon, Pennsylvania, and Washington. Penalties are not symbolic — Massachusetts treats illegal recording as a felony punishable by up to five years in state prison and a $10,000 fine, and Pennsylvania's Wiretapping and Electronic Surveillance Control Act allows up to seven years and $15,000.

The Boston Bar specifically flags this: because AI notetakers record audio, their use must comply with the wiretap statute of each participant's state, and most videoconference embeddings of these tools do not request all-party consent automatically. If your client is in California, your co-counsel is in Pennsylvania, and your witness is in Massachusetts, your AI notetaker has just walked into the strictest law's jurisdiction — and the consent prompt that did not appear is your problem, not the vendor's.

How the Heppner reasoning extends to meeting notetakers

Although Heppner involved a defendant using Claude for legal research rather than an AI notetaker recording a meeting, the court's three-part privilege test transfers directly. Judge Rakoff asked whether the communications were (1) between client and attorney, (2) intended and kept confidential, and (3) for the purpose of obtaining legal advice. The AI documents failed on at least the first two elements because Claude is not an attorney and Anthropic's terms disclosed that it collects inputs and outputs, trains on them, and may disclose them to third parties.

Now apply that same test to a cloud AI notetaker recording a privileged conversation. The communications between lawyer and client may be privileged in the abstract, but the moment Otter or Fireflies receives the audio, the second element — confidentiality — fractures the same way. If the vendor's privacy policy reserves the right to retain, analyze, or train on the recording, the lawyer has voluntarily disclosed privileged content to a third party with no fiduciary duty and no privilege of its own. As the Duane Morris analysis of Heppner notes, all recognized privileges presuppose "a trusting human relationship" with a licensed professional bound by fiduciary duties — and an AI vendor is not one.

For more on how Heppner reshapes the broader doctrine, see our deep dive on the Heppner ruling and the on-device alternative.

The vendor terms most lawyers never read

Two policies illustrate the problem. Otter.ai's privacy policy grants the company broad rights to process audio for service improvement and AI development. Fireflies' privacy policy similarly contemplates retention and use of meeting content. Zoom's privacy statement describes the ways meeting content can be processed by Zoom and shared with service providers.

None of these are extreme outliers — they are typical SaaS terms. But under ABA Formal Opinion 512 and NYC Bar 2025-6, those terms are exactly what the lawyer is now responsible for reviewing before turning the tool on in a privileged conversation. "I didn't know" is malpractice, not a defense.

Why some firms are simply banning AI notetakers in sensitive meetings

The most cautious response in the market right now is an outright prohibition. Dykema recommends that boards and executive sessions ban AI notetakers entirely because they create permanent verbatim records that can inadvertently waive attorney-client privilege, expose confidential strategies, and become discoverable in litigation. For other business contexts, Dykema advises using only enterprise tools with proper data governance and necessary consent.

That is one defensible policy. The problem is that it leaves lawyers without the productivity benefits — automatic action items, searchable transcripts, summaries — that drove adoption in the first place. The architectural answer is to keep the benefits but remove the vendor from the trust circle.

How Basil AI solves this with on-device transcription

Basil AI runs transcription locally on the lawyer's iPhone, iPad, or Mac using Apple's Speech framework. The audio never leaves the device. There is no vendor cloud, no SaaS server, no business associate to vet, and no third party for privilege analysis to discover.

Technically, Basil uses Apple's SFSpeechRecognizer with the requiresOnDeviceRecognition flag, which Apple's developer documentation describes as "a Boolean value that determines whether a request must keep its audio data on the device." In iOS 26, this stack is being modernized into SpeechAnalyzer, which Apple's iOS engineering community describes as designed for "performance, flexibility, and full offline operation." Both APIs run on the Apple Neural Engine — the same silicon Apple Intelligence uses — meaning real-time transcription, speaker diarization, and summarization happen without a single network call.

Concretely, that produces the following outcomes a privilege-aware lawyer can actually rely on:

• No vendor as third party. There is nothing for opposing counsel to subpoena from a Basil server because no Basil server holds the recording.
• No training on your audio. The audio is never transmitted, so it cannot be added to a model corpus by definition.
• File retention stays with the firm. The Boston Bar requires lawyers to maintain client files and produce them on request — Basil keeps the transcript on the device and in the lawyer's own Apple Notes / iCloud account, where the firm controls retention.
• Works offline. Useful for in-person depositions, courtroom prep rooms, and travel — where cloud notetakers fail.

For background on the underlying architecture, see our piece on how Basil processes audio locally, and our broader AI notetaker comparison guide.

What lawyers still have to do, even with on-device tools

On-device transcription eliminates the vendor-as-third-party problem. It does not eliminate every duty. A lawyer using Basil AI in a client meeting should still:

1. Obtain informed consent on the record from every participant, addressing both wiretap compliance and ethical duties to the client. The Illinois 2Civility guidance is clear that secretly activating an AI notetaker is inconsistent with the candor lawyers owe clients.
2. Address AI use in the engagement letter. Both NYC Bar 2025-6 and Boston Bar guidance call for disclosure and consent language in client engagements.
3. Review the transcript and summary for accuracy before relying on it. Hallucinations are real, and the lawyer — not the tool — bears responsibility for what gets relied on.
4. Decide retention with intent. Preserved transcripts can help an "advice of counsel" defense; they can also surface spontaneous client remarks that opposing counsel will read in the worst possible light. NYC Bar 2025-6 specifically flags this tradeoff.
5. Treat AI outputs as part of the client file for production and inventory purposes.

A practical decision tree for choosing a lawyer-grade notetaker

If you are evaluating AI notetakers for your practice, work through this in order:

• Does the tool send audio to a vendor server? If yes, you are in the privilege-waiver risk zone and need a signed BAA/DPA, training opt-out, and retention controls — at minimum. Consider whether the tool should be banned in privileged meetings entirely, as Dykema recommends for boards.
• If you must use a cloud tool, is it enterprise-tier with isolated tenancy? Free and consumer tiers (the version your associate likely installed) are typically the highest-risk configuration.
• Can you eliminate the vendor entirely? If the workflow can run on-device, the privilege analysis simplifies dramatically — no third-party disclosure, no vendor subpoena exposure, no training opt-out fight.
• Have you handled consent under each participant's state law? Default to all-party consent on the record; it is the only safe rule for multi-state calls.
• Have you documented the choice? Engagement letters, retention policies, and firm AI policies should reflect the architecture you picked and why.

For a closely related vertical analysis, see our companion piece on AI notetakers for therapists, which works through the same architectural choice under HIPAA rather than the model rules of professional conduct.

The bottom line for 2026

The legal profession's relationship with AI notetakers is shifting from "is this allowed?" to "prove you vetted it." ABA Formal Opinion 512, NYC Bar Formal Opinion 2025-6, the Boston Bar's four-factor test, and the Illinois ARDC framework all converge on the same point: the lawyer is responsible for what happens to client audio after it leaves the room, and a vendor's marketing page is not a defense. The cleanest way to satisfy every one of those tests at once is to make sure the audio never leaves the room in the first place. That is what on-device transcription is for.

Protect Privilege with On-Device AI Notes

Basil AI runs entirely on your iPhone, iPad, or Mac. No vendor cloud. No training on your audio. No third party in the privilege analysis.