Does ABA Rule 1.6 apply to voice-to-text software?

Yes. ABA Model Rule 1.6 requires attorneys to make reasonable efforts to prevent unauthorized disclosure of client information. When you use voice-to-text software for client matters, the audio you dictate is client information subject to Rule 1.6. Cloud-based voice-to-text tools transmit that audio to third-party servers, which creates a confidentiality question that must be evaluated before use.

Is cloud dictation software safe for lawyers?

Cloud dictation software creates a Rule 1.6 exposure that attorneys must actively manage. The audio is processed on the vendor's servers, and the vendor's terms govern data retention and potential disclosure. Attorneys who use cloud dictation for client work should review the vendor's data processing terms, negotiate a data processing addendum where possible, and document their risk assessment. On-device dictation software avoids this risk entirely because no audio leaves the machine.

What ethics rules apply to attorney technology use?

ABA Model Rule 1.6 (confidentiality) is the primary rule governing technology choices for client work. ABA Model Rule 1.1 (competence) was amended in 2012 to include technology competence as part of the duty of competence, requiring attorneys to understand the benefits and risks of relevant technology. ABA Formal Opinion 477R (2017) specifically addresses securing communication of client information and covers cloud services.

How do I ensure my dictation software is privilege-safe?

The most reliable way to ensure privilege-safe dictation is to choose software that processes speech entirely on-device, with no audio transmitted to external servers. VoicePrivate Legal Edition does this by design. If you use cloud-based dictation software, you should review the vendor's data processing terms, confirm that your audio data is not used for training or retained beyond the session, and document your compliance analysis under Rule 1.6.

ABA Rule 1.6 and Voice-to-Text: What Attorneys Must Know

Law books on a shelf representing legal ethics and professional responsibility

Most attorneys thinking about dictation software focus on accuracy and features. That's reasonable. But there's a compliance question hiding in the product selection process that deserves the same attention you'd give any other client data management decision.

When you dictate into voice-to-text software, you're creating audio of client information. Where that audio goes, who processes it, and who can potentially access it are all Rule 1.6 questions. Get the answer wrong and you've created a confidentiality exposure for every client matter you've dictated.

This post explains what Rule 1.6 actually requires, how voice-to-text software fits into that framework, and what questions you should ask before using any dictation tool for client work.

ABA Model Rule 1.6 in Plain English

ABA Model Rule 1.6 is the confidentiality rule. Subsection (a) says lawyers shall not reveal client information without the client's consent, except in specific enumerated circumstances. Subsection (c) says lawyers shall make "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."

A few things worth noting about that standard.

First, it covers "information relating to the representation," not just privileged communications. That's broader than attorney-client privilege. It covers anything learned during the representation, including publicly available information that the client doesn't want disclosed.

Second, "reasonable efforts" is a standard, not a rule with bright lines. The Comment to Rule 1.6 says relevant factors include "the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer's ability to represent clients."

Third, the duty isn't to guarantee security. It's to make reasonable efforts. That word "reasonable" does a lot of work, and it means the analysis depends on context.

How Voice-to-Text Creates a Rule 1.6 Question

Look at what happens when you dictate a client matter using cloud-based voice-to-text software. You speak. Your microphone captures the audio. That audio is transmitted over the internet to the software vendor's servers. The vendor's systems process the audio and return text to your device.

At each step in that process, client information is at risk of disclosure:

The audio transmission can potentially be intercepted (less likely with TLS encryption, but not impossible)
The audio exists on the vendor's servers during processing
Depending on the vendor's terms, the audio may be retained after the session for quality improvement, model training, or other purposes
The vendor's systems are subject to breach, subpoena, government access requests, and their own employees' access

None of this means cloud dictation tools are reckless or malicious. It means they create a third-party access point for client data that you need to account for in your Rule 1.6 analysis.

The question isn't whether your dictation vendor would misuse your data. The question is whether using them creates a disclosure to a third party that you haven't analyzed or documented.

The Cloud vs. On-Device Distinction Under Rule 1.6

Here's where the architecture of dictation software becomes a compliance question. Cloud-based tools process your audio on remote servers. On-device tools process your audio locally on your machine.

The Rule 1.6 analysis for on-device processing is simple: no audio leaves your device, so there's no transmission to a third party, no third-party server exposure, and no third-party access risk. The analysis for on-device tools stops there. The risk is zero by design.

The Rule 1.6 analysis for cloud-based tools is more involved. You need to understand: Who owns the servers? What are the data retention policies? Does the vendor have a data processing addendum available? Have you reviewed and signed it? Is the audio used for model training, and if so, can you opt out? What happens if the vendor is acquired, as Nuance was by Microsoft? What law enforcement disclosure policies does the vendor have?

None of that analysis is impossible. Plenty of attorneys use cloud tools for client data after completing it. But it's analysis that must happen, and it's analysis you have to redo whenever the vendor changes their terms or is acquired.

On-device processing eliminates the analysis entirely. That's a real benefit, not just a marketing talking point.

What the State Bars Have Said

The ABA issued Formal Opinion 477R in 2017, titled "Securing Communication of Protected Client Information." It establishes a risk-based framework for evaluating cloud and electronic communication technologies. The core holding is that attorneys must make a "fact-specific determination" about whether a given technology satisfies Rule 1.6's reasonable efforts standard.

Factors the opinion identifies as relevant include: the nature of the threat, the sensitivity of the information, the potential for adverse impact on the client, the ABA's technology security guidance, and whether the attorney has fulfilled their duty of competence regarding technology under Rule 1.1.

State bars have issued their own opinions applying similar frameworks to specific technologies. California, New York, Florida, and many other states have addressed cloud storage of client data. The consistent thread is: attorneys can use cloud technology for client data, but they must do the vendor assessment and take appropriate measures.

No state bar opinion has addressed voice dictation specifically, to our knowledge. But the framework applies directly. Voice data containing client information is client information. The cloud vs. on-device question is exactly the question these opinions address.

The practical implication: if you're using Dragon Legal Anywhere, Otter.ai, or any other cloud-based dictation tool for client matters, you have some analysis to do. If you're using VoicePrivate Legal or another on-device tool, the analysis is complete: no third-party exposure exists by design.

What "Reasonable Measures" Means for Dictation Software

The Comment to Rule 1.6 identifies factors relevant to the "reasonable measures" standard. Let's apply them to dictation software choice.

Sensitivity of the information. Legal dictation routinely captures highly sensitive information: client names, the nature of legal problems, case strategy, witness information, financial details, and confidential communications. This is among the most sensitive data any professional handles. That pushes toward stronger protective measures.

Likelihood of disclosure if safeguards aren't employed. For cloud dictation, there's an ongoing transmission of audio data to a third party with every use. The likelihood of eventual exposure isn't zero. Server breaches happen. Vendors get acquired. Law enforcement requests happen. The likelihood is non-trivial over a practice lifetime.

Cost of additional safeguards. On-device dictation tools are available at the same or lower price as cloud alternatives. VoicePrivate Legal starts at $9.99/month. Dragon Legal Anywhere starts at roughly $45/month. The on-device alternative is not only available but less expensive. This factor argues strongly for choosing on-device tools.

Difficulty of implementing safeguards. Switching to on-device dictation is not difficult. It requires installing different software. The difficulty factor doesn't support continued use of cloud tools when an equivalent on-device alternative is readily available.

Run through this analysis honestly, and "reasonable measures" for dictation software in client matters looks a lot like "use on-device processing."

Third-Party Vendor Risk: The Specific Problem

When you use cloud dictation software, you're sharing client data with a vendor. That vendor relationship carries specific risks that most attorneys don't think through carefully.

Subpoena risk. Opposing parties, government agencies, and others can subpoena your dictation vendor. Your vendor will generally comply. The data they hold about your client is potentially discoverable through the vendor even if you'd object to direct discovery.

Acquisition risk. Vendors get acquired, as Dragon was by Microsoft. New ownership means new data policies, new terms of service, and potentially different attitudes about attorney data. You accepted the original vendor's terms; you may not have evaluated the acquirer's.

Breach risk. Cloud vendors get breached. When a breach affects attorney data, the notification requirements and privilege implications can be significant. On-device processing means there's no vendor holding your client audio to breach.

Model training risk. Many AI vendors use customer data to train their models. Some allow opt-out; some don't. Carefully review whether your dictation vendor uses your audio for model training. If your client's case details are being used to improve the vendor's AI, that's a disclosure that hasn't been authorized by your client.

Practical Questions to Ask Any Dictation Vendor

Before using any dictation software for client matters, ask these questions. A vendor that can't or won't answer them isn't a vendor you should trust with client data.

Where is audio processing performed? On the user's device, or on your servers?
Is audio transmitted over the internet? If so, how is it encrypted in transit?
Is audio stored after the session? For how long?
Is audio or transcription data used for model training or product improvement?
Do you offer a data processing addendum for professional clients?
What is your law enforcement disclosure policy? Will you notify customers of requests?
What happens to data in an acquisition scenario?
Are you SOC 2 Type II certified or equivalent?
What is your data breach notification policy?

If the vendor processes on-device, most of these questions become moot: there's no transmission, no server storage, and no third-party access to assess. That's why on-device architecture is a compliance advantage, not just a privacy preference.

The Safest Approach: On-Device Processing by Design

The cleanest Rule 1.6 answer for dictation software is to choose a tool that never transmits audio outside your device. No transmission means no third-party access, no breach scenario, no subpoena risk, and no ongoing vendor assessment obligation.

VoicePrivate Legal Edition processes 100% on-device. When you dictate, your audio stays on your machine. The text appears in whatever app you're working in. Nothing goes to VoicePrivate's servers, Apple's servers, Microsoft's servers, or anyone else's. The privilege protection is architectural, not policy-based.

This matters because policy-based protection requires ongoing vigilance. You have to re-evaluate the policy every time the vendor updates their terms. You have to track acquisitions and re-assess when ownership changes. You have to keep documentation of your compliance analysis for matters that happened years ago.

Architectural protection is permanent. The on-device design is the product. It doesn't change when a vendor updates their privacy policy. It doesn't require re-evaluation on an ongoing basis. You make the assessment once at purchase, and the architecture holds.

The Competence Duty and Technology

One more rule is worth mentioning. ABA Model Rule 1.1, the competence rule, was amended in 2012 to add Comment 8: "To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology."

This technology competence duty means attorneys can't plead ignorance about how their tools work. If you're using cloud dictation for client matters and you haven't understood how the audio is processed, you may have a Rule 1.1 issue on top of the Rule 1.6 question.

Understanding whether your dictation software is on-device or cloud-based is exactly the kind of basic technology literacy the competence rule requires. It's not a deep technical question. It's a vendor selection question that has a clear, discoverable answer for any reputable tool.

Getting It Right

The bottom line is this: voice-to-text software for client matters is a confidentiality decision, not just a productivity decision. ABA Rule 1.6 applies. The analysis is straightforward when you know what to look for.

If your dictation software processes audio on-device, you're in the clear. If it's cloud-based, you need to complete the vendor assessment, document it, and repeat it when conditions change.

Given that on-device alternatives exist at the same or lower price point with comparable legal vocabulary accuracy, most attorneys who do this analysis will conclude that on-device is the right choice. The compliance benefit is real. The cost difference is either neutral or favorable. The legal vocabulary is equivalent.

Start with the architecture question. Everything else follows from there.

Privilege-Safe Dictation by Architecture

VoicePrivate Legal Edition processes 100% on-device. No audio leaves your machine. No third-party exposure. No Rule 1.6 analysis required. From $9.99/month.

See VoicePrivate Legal Edition