• Home
  • Blog
  • How to Securely Share Sensitive Documents With Your Lawyer
security legal document sharing encryption attorney

How to Securely Share Sensitive Documents With Your Lawyer

April 07, 2026

Email attachments, shared drives, and fax machines aren't secure enough for your most sensitive legal documents. Here's how zero-knowledge encryption keeps attorney-client communications truly private.

image-3.jpg

Your Attorney-Client Privilege Is Only as Strong as Your File Transfer Method

Attorney-client privilege is one of the oldest and most sacred protections in law. But here's the uncomfortable truth: most people share their most sensitive legal documents over email — a technology designed in the 1970s with essentially no built-in security.

Wills, financial disclosures, tax returns, medical records, business agreements, estate plans — they're all routinely sent as unencrypted email attachments, sitting in plain text on servers that neither you nor your attorney control.

According to the American Bar Association's 2023 TechReport, 17% of law firms reported a security breach at some point, and email was the most common attack vector. When sensitive documents get intercepted, attorney-client privilege doesn't protect you — the privilege assumes confidentiality, and a breach destroys that assumption.

Let's look at what's actually safe and what isn't.

Why Email Is a Problem

When you attach a PDF to an email and hit send, here's what actually happens:

  1. Your email client sends the message to your email provider's server (Gmail, Outlook, etc.)
  2. The server routes it through the internet to your attorney's email provider
  3. It's stored on your attorney's email server
  4. Your attorney downloads it

At every step, your document exists in plain text on servers you don't control. Specifically:

  • Your email provider can read it (and may scan it for advertising purposes)
  • Your attorney's email provider can read it
  • Anyone who compromises either email account can read it
  • Any intermediary server the email passes through could theoretically intercept it
  • The email exists forever in both sent and received folders, backups, and archives

TLS Isn't Enough

You might think: "But Gmail uses encryption!" Gmail and most modern email providers use TLS (Transport Layer Security), which encrypts the connection between servers. But:

  • TLS only protects data in transit, not at rest
  • Both email providers still have access to the unencrypted content
  • If either end doesn't support TLS, the email falls back to unencrypted
  • TLS doesn't protect against compromised accounts, which is the most common attack

Common Methods Ranked by Security

1. Regular Email (Attachments) — Poor

  • Security: Minimal. Content readable by email providers and anyone who compromises accounts.
  • Convenience: Very high — everyone knows how to use email.
  • Verdict: Acceptable for non-sensitive communications. Not suitable for financial records, medical documents, or anything you'd be uncomfortable seeing published.

2. Encrypted Email (S/MIME or PGP) — Good but Impractical

  • Security: Strong encryption when properly configured.
  • Convenience: Very low. Both parties need certificates/keys. Setup is complex. Most attorneys won't support it.
  • Verdict: Technically secure, practically unusable for most attorney-client relationships.

3. Secure Client Portals — Good

  • Security: Most reputable firms use portals with server-side encryption and access controls.
  • Convenience: Moderate — you need to create an account and navigate an unfamiliar interface.
  • Verdict: A solid option when your attorney offers one. But: the law firm still has access to your unencrypted documents on their servers. In a firm breach, your documents are exposed.

4. Cloud Storage (Google Drive, Dropbox, OneDrive) — Moderate

  • Security: Server-side encryption and access controls, but the cloud provider holds the encryption keys.
  • Convenience: High — most people already use these services.
  • Verdict: Better than email, but not zero-knowledge. Google, Microsoft, or Dropbox can access your files. They comply with government data requests. For truly sensitive documents, this isn't enough.

5. Zero-Knowledge Encrypted Storage — Best

  • Security: Files encrypted on your device before upload. No one — not the service provider, not hackers, not government agencies — can read your data without your encryption key.
  • Convenience: Moderate — requires using a specialized platform.
  • Verdict: The only method where the storage provider is mathematically unable to access your documents. This is the gold standard for sensitive legal documents.

What Makes Zero-Knowledge Encryption Different

With traditional cloud storage:

You → Upload document → Cloud server stores it (encrypted with THEIR key) → They can decrypt it

With zero-knowledge encryption:

You → Encrypt document in YOUR browser → Upload encrypted blob → Server stores encrypted blob → No one can decrypt it without YOUR key

The critical difference: the server never sees your unencrypted document. Even if the storage company is hacked, subpoenaed, or compromised by an insider, your documents remain encrypted.

This is the same principle used by:

  • Signal for messaging
  • ProtonMail for email
  • 1Password and Bitwarden for password storage
  • Killswitch for document storage and estate planning

Best Practices for Sharing Legal Documents

For Routine Legal Communications

  • Use your attorney's secure client portal if available
  • Use encrypted email if both parties support it
  • At minimum, password-protect PDFs and share the password through a separate channel (text, phone call)

For Highly Sensitive Documents

These include: wills, trust documents, financial disclosures, tax returns, medical records, business sale documents, divorce proceedings, and anything involving privileged information.

Recommended approach:

  1. Encrypt the documents using zero-knowledge encryption before they leave your device
  2. Store them in a secure vault that only you and your authorized recipients can access
  3. Share access through the platform's secure sharing mechanism — not by emailing the files
  4. Use separate channels for any access credentials

Using Killswitch for Attorney-Client Documents

Killswitch is designed for exactly this scenario:

  1. Upload your documents — they're encrypted in your browser using AES-256-GCM before they ever leave your device
  2. Zero-knowledge architecture — Killswitch cannot read your files, even with a court order
  3. Beneficiary delivery — designate your attorney as a beneficiary to receive specific documents
  4. Deadman switch — in estate planning, your documents automatically deliver to your attorney if you stop checking in

For estate planning specifically, the combination of zero-knowledge encryption and automatic deadman switch delivery solves the two biggest problems:

  • Security: Your estate documents are protected by the same encryption standard used by the U.S. government (AES-256)
  • Accessibility: Your attorney receives the documents automatically when they're needed — no hunting through email archives or filing cabinets

What to Ask Your Attorney

Not all law firms have caught up with modern security practices. Here are questions to ask:

  1. "How do you handle sensitive documents I send you?" — You want to hear about encrypted storage, not "we keep it in our email."
  2. "Do you have a secure client portal?" — Many firms do, but not all clients know to use them.
  3. "What happens to my documents after our engagement ends?" — Retention policies matter. Ask when files are deleted and how.
  4. "Have you had a security breach?" — Firms aren't always forthcoming, but asking signals that you take security seriously.
  5. "Can I share documents through an encrypted platform instead of email?" — If you use Killswitch, you can designate your attorney as a beneficiary for specific documents.

The ABA's Position on Cybersecurity

The American Bar Association has made it increasingly clear that attorneys have an ethical obligation to protect client data:

  • ABA Model Rule 1.6(c): "A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."
  • ABA Formal Opinion 477R (2017): Attorneys must take "special security precautions" for highly sensitive information transmitted electronically.
  • ABA 2023 TechReport: Only 44% of firms encrypt files at rest, and only 40% use encrypted email.

In other words: the ABA says attorneys should protect your data, but more than half of them aren't using encryption at rest.

Action Steps

  1. Stop emailing sensitive legal documents as unencrypted attachments. Today.
  2. Ask your attorney about their security practices and available alternatives.
  3. For estate planning documents, use zero-knowledge encrypted storage with automatic delivery.
  4. Use Killswitch to store your legal documents encrypted and set up automatic delivery to your attorney or family members.
  5. Keep a backup — store encrypted copies in your vault AND inform your executor that the documents exist.

Your legal documents deserve the same protection your attorney promises. Killswitch provides zero-knowledge encryption and automatic delivery to ensure your most sensitive files stay private — and get to the right people when needed. Secure your documents →