Tor for Lawyers and Attorney-Client Privilege

Attorney-client privilege protects communications between lawyers and clients from compelled disclosure. Traditional privilege applied to in-person meetings and physical documents. Digital communications create new challenges: emails pass through multiple servers, video calls are logged by commercial platforms, and documents stored in cloud services are potentially accessible to the provider and law enforcement via legal process. Courts have begun addressing digital communications and privilege, but the law evolves slowly. Practically, lawyers protecting privilege in high-stakes cases cannot rely solely on the legal doctrine - they must also implement technical protections. The strongest protection combines legal privilege with technical measures: end-to-end encryption (so no intermediary can read the content) and Tor (to prevent network-level surveillance of who communicates with whom).

A privacy-conscious law firm can establish .onion-accessible communication infrastructure: a secure document exchange platform accessible only via .onion address (similar to SecureDrop), an encrypted chat server (Matrix/Element on a .onion server) for client-lawyer messaging, and a .onion file exchange for document sharing with clients. Clients access these via Tor Browser - no account registration required, no IP logged, no personal information required. The lawyer communicates with clients through these channels knowing that: the communication platform does not log IP addresses (since access is via .onion), content is end-to-end encrypted, and metadata is minimized. For clients in particularly sensitive situations (criminal defense in surveillance states, national security cases): this infrastructure significantly raises the bar for surveillance of attorney-client communications.

Lawyers conducting research on sensitive topics - terrorist cases, organized crime, controversial medical or political matters - create digital trails via their search queries. Legal databases (Westlaw, LexisNexis) log searches and could disclose them under legal process. For criminal defense lawyers: research into prosecution theories, criminal techniques, or sensitive evidence may be logged by legal databases and potentially requested in discovery or investigation. Accessing legal databases via Tor prevents the database from logging the lawyer's identifying IP address. The exit node's IP appears instead. For very sensitive research: use Tor Browser with Safest security level and access only via .onion versions of research resources where available.

Lawyers representing clients in countries with internet censorship or strong government surveillance face a particular challenge: communicating with clients is both monitored and potentially blocked. A lawyer in a Western country representing a client in Russia, China, Iran, or another high-surveillance state: the client may have difficulty accessing any communication channel that is not monitored by their government. .onion services provide a communication channel that is not monitored by the client's ISP or government. The lawyer hosts a secure communication endpoint at a .onion address; the client accesses it via Tor Browser, bypassing government surveillance of their internet traffic. This enables confidential attorney-client communication even across borders with strong surveillance states.

Legal ethics rules increasingly require lawyers to be competent in cybersecurity as it relates to their practice. The ABA Model Rules (particularly Rule 1.6 on confidentiality) require reasonable measures to protect client information. Many state bars have issued formal opinions on electronic communications and privacy obligations. Lawyers have an affirmative duty to protect client information using appropriate technology. Bar associations in the US, EU, and other jurisdictions have guidance on encrypted communications - most endorse or require encryption for sensitive client communications. Using Tor for sensitive legal communications is consistent with the competence duty. Lawyers who work in high-risk practice areas (national security, criminal defense, human rights) and do not implement strong technical privacy measures may be failing their competence duty. Document your privacy practices in an information security policy for the firm.