When your device has been compromised—whether by malware, theft, or unauthorized access—communicating with your attorney requires extra precautions. Standard email and messaging platforms may expose sensitive discussions to whoever controls your compromised device. This guide covers practical methods to maintain attorney-client privilege and keep your legal communications private even when your primary device is not secure.

Why Standard Communication Methods Fail After Device Compromise

A compromised device grants attackers varying levels of access depending on the type of compromise. Keyloggers can capture everything you type, including passwords and message content. Screen recorders may capture sensitive documents you view. Some malware provides full remote access, allowing attackers to read your communications in real time before you even send them.

Email presents particular risks because unencrypted messages can be intercepted at multiple points. Standard email providers store messages on servers that may be subpoenaed or hacked. Even encrypted email leaves metadata—information about who you contacted, when, and how often—which can be valuable to adversaries.

Immediate Actions Before Communicating with Your Attorney

Before reaching out to your lawyer, take these critical steps to prevent further exposure:

1. Disconnect the compromised device from the internet if you suspect active remote access malware
2. Avoid logging into any accounts from the compromised device, including email
3. Use a different, trusted device for all sensitive communications
4. Change passwords for email and messaging accounts from a clean device
5. Enable two-factor authentication on all important accounts using a new authentication method

If you have no access to a clean device, visit a library computer, a friend’s phone, or a public computer. Document what happened and preserve evidence if the compromise relates to legal matters.

Secure Email Options for Attorney Communication

Proton Mail

Proton Mail provides end-to-end encryption where only you and your recipient can read messages. Even Proton cannot access your email content. For attorney communication:

1. Create a new Proton Mail account from a clean device
2. Share your public key with your attorney (they must also use Proton Mail or import your key)
3. Compose messages using the encryption feature
4. Set expiration times on sensitive messages

Proton’s zero-access encryption means that even if legal requests are made, the provider cannot disclose message content—only metadata.

Secure Email with PGP Encryption

For technically inclined users, PGP encryption provides the strongest email security. Both parties need to set up PGP keys:

# Generate a new PGP key pair
gpg --full-generate-key

# Export your public key
gpg --armor --export your@email.com > mypublickey.asc

# Encrypt a message for your attorney
gpg --encrypt --armor --recipient attorney@lawfirm.com --output encrypted_message.asc message.txt

Share your public key securely—ideally in person or through a verified channel. Your attorney will need their own PGP setup to reply securely.

Encrypted Messaging Alternatives

Signal

Signal provides end-to-end encryption by default for text messages, voice calls, and video calls. However, phone number registration creates metadata concerns. For sensitive legal matters:

1. Install Signal on a clean device
2. Register with a dedicated number not linked to your primary identity
3. Enable disappearing messages with short expiration times
4. Verify your attorney’s safety number in person or through a separate verified channel

Remember that while message content is encrypted, Signal collects metadata including who you contacted and when.

Session

Session offers messenger-style communication without requiring a phone number. This eliminates the metadata link between your identity and your communications:

1. Install Session from the official website
2. Generate a Session ID that functions as your identifier
3. Share this ID with your attorney through a separate channel
4. Messages route through decentralized nodes, providing strong anonymity

Session does not collect phone numbers or require personal information, making it suitable for high-sensitivity communication.

Secure File Sharing for Legal Documents

When sharing sensitive documents with your attorney, avoid standard file sharing services:

Onion Share

Onion Share lets you share files directly through the Tor network:

1. Install Onion Share from the official site
2. Select “Share Files”
3. The software generates a unique .onion URL valid for one download or a specified time
4. Share this URL with your attorney through a separate channel
5. The file transfers directly between computers without centralized servers

This approach leaves no metadata on third-party servers.

Tresorit

Tresorit provides encrypted cloud storage with end-to-end encryption:

1. Create a tresor (encrypted folder)
2. Invite your attorney to the tresor
3. Files encrypt locally before upload—tresorit cannot access content
4. You can revoke access at any time

This service works well for ongoing legal matters requiring document sharing.

Physical Methods for Maximum Security

For the most sensitive communications, consider methods that don’t involve digital transmission:

Paper Documents

Print documents on a clean printer—ideally one you control. Hand-deliver documents to your attorney’s office when possible. If mailing, use a postal service that doesn’t require identification and consider anonymous drop points.

Dead Drops

For ongoing anonymous communication, establish a dead drop location where both parties can exchange documents without meeting. Use a location with foot traffic that doesn’t require surveillance footage review.

In-Person Meetings

Whenever possible, meet your attorney in person. Choose locations without surveillance cameras if possible. Turn off phones before the meeting and leave them in your car or a faraday bag.

What to Avoid

Several common communication methods pose unacceptable risks after device compromise:

• Standard SMS/MMS: No encryption, easily intercepted
• Regular email: Often unencrypted, leaves extensive metadata
• Cloud storage links: Unless end-to-end encrypted before upload
• Video calls on standard platforms: Can be recorded, metadata collected
• Messaging apps requiring phone number linkage: Metadata exposes relationships

Preserving Attorney-Client Privilege

Beyond secure communication channels, protect privilege through careful practices:

1. Clearly label communications as “Attorney-Client Privileged”
2. Use dedicated devices for legal matters when possible
3. Avoid discussing privileged matters on any device you don’t control
4. Document your security measures so privilege isn’t waived
5. Confirm your attorney’s security practices before sharing sensitive information

Your attorney should understand device compromise scenarios and have their own recommendations. Many law firms now offer secure client portals specifically designed for sensitive communications.

Legal Tool Recommendations and Setup

Proton Mail Enterprise for Law Firms

If your attorney uses Proton Mail:

Setup:
1. Create dedicated Proton Mail account
2. Attorney shares their Proton Mail address
3. Both parties enable encryption for message
4. Enable message expiration (30 days)
5. Disable forwarding to prevent leaks

Cost: Free for basic setup, €4/month for paid features

Tresorit Secure Sharing for Documents

For larger case files or document exchanges:

1. Create Tresorit account from clean device
2. Create encrypted folder ("Legal Matter 2024")
3. Invite attorney's Tresorit account
4. Upload documents (encrypted before leaving device)
5. Set expiration dates on sensitive documents
6. Revoke access when case concludes

Cost: €15-30/month depending on storage needs

Benefits: No centralized server stores unencrypted data. Tresorit cannot access contents even if subpoenaed.

SecureSafe for Ongoing Communication

Alternative with higher privacy focus:

1. Create account from clean device
2. Generate secure link for attorney
3. Upload documents to secure folder
4. Attorney accesses via link without creating account
5. All data encrypted end-to-end
6. Automatic expiration available

Cost: CHF 50-250/year depending on storage

Threat Assessment Decision Tree

Use this to decide what tools you need:

Is your device definitely compromised?
├─ Yes: Use alternative device (library computer)
│   └─ Case is time-sensitive?
│       ├─ Yes: Use phone (from library)
│       └─ No: Meet attorney in person
├─ No (just suspected):
│   └─ Can you bring the device to attorney?
│       ├─ Yes: Let attorney examine it
│       └─ No: Use alternative device anyway

What type of law are we discussing?
├─ Criminal: Assume maximum surveillance
│   └─ Use most secure methods (Signal, in-person)
├─ Civil (family, contracts, etc): Standard secure email works
│   └─ Proton Mail + PGP sufficient
└─ Immigration/refugee: Sensitive but less surveillance than criminal
    └─ Session or Signal works well

How time-critical is the communication?
├─ Emergency (24 hours): Phone call from safe location
├─ Urgent (1 week): Signal or Proton Mail
└─ Standard (2+ weeks): In-person meeting preferred

Privilege and Waiver Avoidance

Maintaining attorney-client privilege requires careful practices:

What Preserves Privilege

• Marked “Attorney-Client Privileged” in subject line
• Directly to your attorney, not shared
• Created for purpose of obtaining legal advice
• Between you and attorney (no third parties)

What Waives Privilege

• Accidentally disclosing to unauthorized third party
• Using communications for non-legal purposes
• Discussing with your spouse or friends
• Forwarding to someone who isn’t your attorney

Critical: If your attorney instructs you to use a specific communication method, follow those instructions. Courts recognize attorney’s judgment about what maintains privilege.

Example: Complete Threat Response Workflow

Scenario: Your laptop appears to have malware. You need to discuss this with your criminal attorney immediately.

MINUTE 1: Recognize the threat
- System behaving oddly (slow, crashes, unexpected programs)
- Assume device is compromised

MINUTE 5: Take immediate action
- Disconnect from internet
- Do not log into any accounts from this device again
- Do not use this device for attorney communication

MINUTE 15: Move to safe device
- Find alternative: friend's phone, library computer
- Bring your attorney's contact information (phone number)

MINUTE 30: Call attorney
- Use phone from safe device
- Provide summary of situation
- Establish secure communication method
- Arrange in-person meeting if possible

MINUTE 60: Follow up in writing
- Use attorney's recommended secure method
- Send written summary of phone conversation
- Include: What happened, when, what data might be affected
- Preserve everything for privilege

HOUR 2: Device handling
- If attorney recommends: bring device to law office
- Attorney may have forensics expert examine it
- If irreplaceable: back up to clean drive first (if attorney approves)

This workflow minimizes exposure while preserving privilege.

Documenting Your Security Measures

For privilege protection, document that you took reasonable security precautions:

SECURITY LOG FOR ATTORNEY COMMUNICATIONS
Matter: [Your Case Name]
Date Started: [Date]
Communication Methods Used: [List]

Device Security:
- Operating System: [macOS 14.2 / Windows 11]
- Last Security Updates: [Date]
- Anti-malware tool: [Windows Defender / ClamAV]
- Firewall: [Status]

Network Security:
- Network Type: [Home WiFi / Library / Public]
- VPN Used: [Yes/No]
- Network Encryption: [WPA3 / WPA2]

Communication Tools:
- Primary: [Signal / Proton Mail / In-person]
- Backup: [Alternative method]
- Verification: [How attorney identity verified]

This documentation demonstrates good faith security practices if privilege is challenged in court.

Working With Your Attorney on Security

Coordinate security practices with your legal team:

1. Initial discussion: Ask about their security practices
   • “What communication methods do you use?”
   • “What if I need to send documents securely?”
   • “How do you protect client communications?”
2. Establish preferences: Work with their preferences
   • Use their recommended methods
   • Follow their instructions on encryption
   • Respect their compromise comfort level
3. Maintain documentation: Keep records of your practices
   • Why you chose each method
   • When you verified their identity
   • What precautions you took
4. Escalation procedures: Know what to do if suspected compromise
   • How to reach them in emergency
   • Alternative contact methods
   • In-person meeting procedures

A good attorney will have thought through these issues already.

Red Flags: When to Get a Different Attorney

If your attorney:

• Refuses to use encrypted communication for sensitive matters
• Recommends standard email for criminal case discussions
• Doesn’t understand basic security concepts
• Never discusses communication security
• Pushes all sensitive discussion to in-person (extreme but suspicious)

These red flags suggest limited security awareness. Consider consulting an attorney at a firm with dedicated security practices, especially for sensitive legal matters.

Related Articles

• How To Use Cryptocurrency Privately Without Leaving Traceabl
• Lawyer Client Privilege Digital Communication Secure Setup C
• How To Communicate During Internet Shutdown Alternative Netw
• How To Communicate Securely When All Messaging Apps Are Moni
• Ultrasonic Beacon Tracking How Smart Devices Communicate Thr

Built by theluckystrike — More at zovo.one