Tor for Lawyers: Digital Attorney-Client Privilege Protection

Attorney-client privilege protects the content of communications but standard email infrastructure exposes metadata that is not protected by privilege. Email service providers log: sending and receiving IP addresses, timestamps, recipient addresses, and subject lines (not privileged). ISPs log the existence of connections between attorneys and clients. Cloud storage providers (Dropbox, Google Drive used for case files) may receive law enforcement requests for file metadata. These metadata exposures create risks: in national security matters, surveillance programs may capture communications without the privilege analysis a court would apply; in corporate litigation, leaked email metadata reveals that a client sought legal counsel on specific dates related to events under investigation. Tor protects the IP address metadata layer that email encryption does not.

Most bar associations have updated their professional conduct rules to require attorneys to maintain competence in digital technology, including understanding the security risks of digital communications. ABA Model Rule 1.6 (Confidentiality) requires attorneys to make reasonable efforts to prevent unauthorized disclosure of client information. Several bar ethics opinions have specifically addressed email security: attorneys have obligations to assess whether standard email is adequate given client risk factors. For clients facing government surveillance (national security matters, political cases), corporate opponents with sophisticated intelligence capabilities, or cases where metadata exposure is independently damaging, the reasonable care standard may require more than standard email. Tor-based communication tools are a legitimate part of an attorney's digital security toolkit for high-risk client communications.

Attorneys can implement several layers of secure communication. For the most sensitive client communications: Signal (end-to-end encrypted, disappearing messages, accessible over Tor). ProtonMail over Tor (encrypted email without IP logging). Self-hosted .onion email or XMPP server for the highest-security client communications. For secure document exchange: OnionShare for one-off encrypted file transfer, or a self-hosted Nextcloud on a .onion for persistent secure file sharing. For client-accessible secure drop: a simplified SecureDrop or custom secure drop form on a .onion address allows clients to submit documents without email metadata exposure. Physical security: encrypted hard drives for case files, screen privacy filters in public spaces, and secure destruction of physical notes containing privileged information remain important alongside digital security.

Legal research involves topics that create significant metadata risk: researching criminal law (creates a record of a user investigating specific crimes), immigration law (reveals a client's status or concern), family law (reveals domestic situations), and national security law (may trigger surveillance program interest). Using Tor for legal research at Westlaw, LexisNexis (if accessible via Tor), and web research for case development protects the client-linked metadata that research access logs create. For researchers at opposing counsel who may discover what legal theories are being researched (via network monitoring or metadata from legal research platforms), Tor provides an additional layer of research privacy. Practical: install Tor Browser as the dedicated browser for legal research and client-related browsing, distinct from a standard browser used for personal and non-sensitive professional activities.

Attorneys representing whistleblowers - individuals who expose government misconduct, corporate fraud, or public safety violations - have heightened confidentiality obligations because even the existence of the attorney-client relationship may be information the adversary would exploit. For whistleblower representation: initial client contact should occur through channels that protect the client's identity - a .onion drop box, Signal with sealed sender, or in-person meeting. Communications about the case use encrypted, Tor-routed channels. Case files stored on encrypted, air-gapped devices. The attorney's own location should be obfuscated for communications from potentially surveilled client contacts. Organizations supporting press freedom and whistleblower attorneys (EFF, ACLU, Freedom of the Press Foundation) provide guidance and resources for attorneys working in this area.