Picture a sole practitioner on a Tuesday morning. She leaves the office at 9:15 to meet a client across town. On the way, she takes a call from a second client on CarPlay. She dictates a quick note to Siri before parking. She asks her car's built-in navigation assistant to route her to the county courthouse after the meeting. She's back at her desk before lunch.
In those ninety minutes, three separate AI systems processed information about her client matters. None of them was evaluated for compliance with professional conduct rules. None of them was listed in her firm's technology inventory. None of them required her to create an account, accept terms of service, or consciously decide to share anything. She wasn't thinking about AI at all. She was just driving.
This is the confidentiality exposure that almost no one in the legal profession is talking about, and it may be the most widespread one in small-firm practice.
What the Car Is Actually Doing
The modern connected vehicle is not a telephone with cup holders. It is a data collection platform with an engine. Manufacturers, technology partners, and mobile operating system providers all have distinct and overlapping interests in the information your car gathers, and those interests are reflected in terms of service that most drivers have never read.
The data collection happens at several layers, and understanding them separately matters because the risk profile of each is different.
The first layer is the mobile operating system assistant: Siri via Apple CarPlay, or Google Assistant via Android Auto. When an attorney says "Hey Siri, add a note: call opposing counsel about the deposition schedule," that voice query is transmitted to Apple's servers for processing. Apple does not process Siri requests on the device when CarPlay is involved in the same way it might with certain on-device tasks. The query leaves the car. Apple's consumer privacy practices are generally considered strong relative to other platforms, but Siri is not a product governed by a data processing agreement for professional use. There is no BAA, no DPA, no contractual acknowledgment that the data relates to privileged legal work.
The second layer is the manufacturer's own connected services. Ford, GM, BMW, Toyota, and virtually every other major automaker now operates its own data platform that collects vehicle telemetry, location history, and, on systems with voice-activated features, voice command logs. The data practices vary meaningfully by manufacturer, but the common thread is that they exist, they are disclosed in lengthy agreements accepted at purchase or first setup, and attorneys are not a contemplated category of user in any of them.
The third layer is call audio. When an attorney takes or makes a phone call through the car's Bluetooth system, the audio is processed through the vehicle's microphone array and routed through CarPlay or Android Auto before reaching the phone. Depending on the system and settings, wake-word detection runs continuously. The call itself is not recorded by the car in the ordinary case, but ambient audio processing is active, and the line between "listening for a wake word" and "processing audio content" is not as clear in practice as it is in marketing copy.
A 2023 study by the Mozilla Foundation evaluated 25 major car brands against privacy criteria and found that all 25 collected more personal data than necessary, and 19 shared or sold that data to third parties. Sixteen of the 25 were found to collect data that could be shared with law enforcement simply upon request, without requiring a court order. Mozilla characterized the automobile as "the worst product category we have ever reviewed for privacy."
The study was not written for attorneys. But its findings map directly onto Rule 1.6's requirement that attorneys make reasonable efforts to prevent inadvertent disclosure of client information.
The Specific Exposures in Legal Practice
The risk is not theoretical and it is not uniform. Different behaviors in the car create different exposure profiles. The table below maps the most common attorney behaviors to the systems they engage and the data those systems collect.
| Behavior | System Engaged | Data at Risk | Severity |
|---|---|---|---|
| Client call on speakerphone | CarPlay / Android Auto mic array | Call audio, contact identity, call duration and timing | High |
| Siri / Google Assistant voice notes | Apple / Google servers | Voice query content, timestamps, associated device identity | High |
| Phone synced to infotainment system | OEM connected platform | Contacts, call logs, recent message previews, app data | Medium |
| Navigation to client location or courthouse | OEM / Apple / Google Maps | Destination, route, timestamp, pattern of travel | Medium |
| Dictation of case notes or draft language | Siri / Google Assistant | Full text of dictated content, client and matter references | High |
| Playing a recorded client voicemail through car speakers | CarPlay / Android Auto | Audio content of client communication | High |
The severity ratings above reflect the nature and specificity of the information involved, not the probability that any given piece of data will cause a specific harm. That distinction matters: the question under Rule 1.6 is not whether harm has occurred but whether the attorney made reasonable efforts to prevent unauthorized disclosure. A disclosure that causes no immediate harm is still a disclosure.
The car passed through the firm's governance perimeter without anyone realizing the perimeter existed.
Why This Is Different From a Phone Call
Attorneys have conducted confidential conversations by telephone for over a century. The professional conduct rules have never prohibited using a phone to communicate with clients, and they do not now. So what makes the car different?
The phone call itself is the communication. The car is a processing environment layered on top of the communication, introducing additional systems, additional data collection, and additional third parties who are not party to the conversation and have no professional obligation to treat what they receive as privileged.
When an attorney takes a call on her cell phone in a conference room, the call audio goes to her carrier and to the other party's carrier. Both carriers are common carriers with legal obligations around call content. When she takes the same call through CarPlay in her car, the audio is additionally processed through Apple's CarPlay stack, the vehicle's microphone system, and potentially the OEM's connected services platform, none of which carry common carrier obligations, none of which have signed a data processing agreement with the attorney, and at least one of which explicitly reserves the right to use interaction data to improve its products.
The attorney didn't make a decision to involve these additional parties. She pressed "Answer" on her steering wheel. The car made the routing decision for her, pursuant to terms she accepted when she plugged in her phone the first time and tapped "Allow."
The Rule 1.6 Analysis
Model Rule 1.6(c) requires attorneys to make reasonable efforts to prevent the inadvertent or unauthorized disclosure of information relating to the representation of a client. ABA Opinion 512, issued in 2023 and directly addressing generative AI, extended this analysis to any tool that transmits client-related information to third-party servers, including consumer AI tools used in circumstances the attorney may not have consciously categorized as AI use.
The vehicle scenario falls squarely within this framework. The connected infotainment system is a tool. It transmits client-related information to third-party servers. The attorney's obligation under Rule 1.6(c) is to make reasonable efforts to prevent that disclosure or, where disclosure is authorized, to ensure that the client has given informed consent with an understanding of the material risks.
The California State Bar's 2024 AI guidance reinforces this analysis at the state level, requiring attorneys to assess the data practices of tools used in connection with client matters and to implement appropriate safeguards. California RPC 1.6 is substantively parallel to the Model Rule on the confidentiality question.
What makes the vehicle scenario difficult is the "reasonable efforts" standard. Reasonable efforts are assessed against what a similarly situated attorney exercising reasonable care would do. In 2026, with connected vehicles now comprising the majority of cars on the road and manufacturer data practices widely reported, the argument that an attorney had no reason to consider the vehicle's data practices is becoming harder to sustain. The standard moves as awareness moves.
In April 2023, Samsung engineers pasted proprietary chip designs and internal meeting notes into ChatGPT while debugging code. The data was transmitted to OpenAI's servers before the implications were recognized. Samsung subsequently banned generative AI tools on company devices while developing internal policies.
The vehicle scenario follows the same structure: a capable, convenient tool is used in a context where the data implications were not considered, because the governance conversation had not yet caught up to the technology. Samsung's engineers were not acting in bad faith. Neither are attorneys who take client calls through CarPlay. The exposure is structural, not intentional, and structural exposures are the ones that compound quietly across hundreds of matters before anyone notices.
What No One Has Asked in the Intake Process
In conducting AI risk assessments for small law firms, the intake questionnaire covers personal devices, cloud storage, consumer AI tools, practice management software, and email platforms. It has not, until recently, included a question about vehicles.
That gap is common across the profession. AI governance frameworks for law firms tend to focus on deliberate AI adoption: the ChatGPT account, the legal research platform with an AI feature, the document drafting tool. The vehicle doesn't look like an AI deployment decision because no one decided to deploy it. It arrived in the parking lot already configured, already connected, already collecting.
The question that belongs in every small-firm intake going forward is something like: do attorneys take client calls, dictate notes, or use voice-activated features in a connected vehicle for firm business? The honest answer, for most practices, is yes, at least occasionally. That answer should appear in the assessment, it should be mapped against Rule 1.6 and California RPC 1.6, and it should produce a recommendation, even if that recommendation is simply a written policy acknowledging the risk and establishing a minimum standard of care.
What Reasonable Mitigation Looks Like
The goal is not to tell attorneys to stop driving or to prohibit phone calls in the car. The goal is to bring the vehicle into the firm's governance picture, the same way the firm's email provider, cloud storage, and document management system belong in that picture. Governance doesn't require perfection. It requires awareness, documentation, and proportionate controls.
Four steps constitute a reasonable minimum for most small practices:
Inventory the vehicle as a data environment. Identify which systems are active: CarPlay or Android Auto, OEM connected services, manufacturer voice assistants. Review what each collects and what the current data-sharing settings are. This is a thirty-minute exercise, not a technical project.
Establish a policy on call handling. A written policy that addresses client calls in vehicles does not need to prohibit them. It needs to acknowledge the environment and set a standard: for calls involving sensitive matter details, privileged communications, or client-identifying information, consider whether a more controlled environment is available. The policy gives the attorney a framework for judgment rather than a blanket prohibition that nobody will follow.
Disable or limit voice assistant scope. CarPlay and Android Auto allow granular control over which apps and features are accessible. Voice assistant access can be restricted. OEM voice features can be disabled independently of CarPlay. These settings are not buried: they are reachable in a few minutes. Turning off the OEM voice assistant and limiting Siri's scope to non-confidential tasks is a proportionate control that meaningfully reduces the exposure without eliminating any functionality the attorney actually needs.
Incorporate vehicle use into AI governance documentation. The firm's AI usage policy should include at least one sentence acknowledging that connected vehicle systems are subject to the same confidentiality considerations as other technology tools. This is not a long addition. It is the signal that the firm has thought about the question, which is what supervision under Rule 5.3 requires.
None of these steps require outside help to implement. A sole practitioner can address all four in an afternoon. What they require is the recognition that the question exists, which is the part of the problem that has been missing.
The Governance Perimeter Has Moved
Every AI governance conversation in the legal profession eventually arrives at the same question: what counts as the firm's technology environment, and what falls outside it? The traditional answer was: the firm's computers, the firm's servers, the firm's email. Personal devices were a later addition, awkward because they required asserting some control over property the attorney or employee owned. Cloud storage was a later addition still.
The vehicle is the newest addition to this expanding perimeter, and it is arriving the same way the others did: not through a deliberate policy decision but through a change in what the technology does. Cars became data platforms gradually, then comprehensively. Attorneys kept using their cars for client business without anyone pausing to ask whether the car's terms of service were compatible with the duty of confidentiality.
The answer, in most cases, is that they are not, at least not in any meaningful professional sense. The car was not designed with attorney-client privilege in mind. The manufacturer's data team has never heard of Rule 1.6. The CarPlay engineers at Apple are optimizing for user experience, not for professional conduct compliance. None of that is anyone's fault. It becomes a problem only when the attorney treats the absence of a deliberate violation as the equivalent of an affirmative safeguard.
The most dangerous AI at your firm may not be the one anyone chose. It may be the one everyone drove to work.