Otter.ai Lawsuit: Why Law Firms Are Switching to Local Transcription
The Otter.ai class action lawsuit wasn't just a news story — it was a wake-up call for every attorney using cloud transcription tools. When client conversations travel through third-party servers, privilege doesn't follow. Here's what happened, what it means for your practice, and what law firms are doing instead.
What the Otter.ai Lawsuit Was About
In 2023, Otter.ai faced a class action lawsuit alleging that the company secretly recorded and stored conversations without proper user consent. Plaintiffs claimed the service continued to capture audio and transcription data beyond what users understood or authorized — and that this data was retained on Otter's servers in ways the terms of service obscured.
The lawsuit touched on violations of the California Invasion of Privacy Act (CIPA) and wiretapping statutes. At its core, the claim was simple: users believed their conversations were private, but they weren't.
When a cloud transcription tool processes your client calls, depositions, or internal case strategy meetings, a third party now holds copies of that content. That's not a hypothetical risk — it's the architecture of every cloud-based transcription service.
The Attorney-Client Privilege Problem
Attorney-client privilege protects communications between lawyers and their clients from disclosure. But this protection has limits — and one of the clearest limits involves third-party involvement.
Under the common-interest exception and voluntary disclosure doctrine, sharing privileged communications with a third party can waive privilege entirely. Courts have increasingly asked whether uploading attorney-client communications to a cloud service constitutes voluntary disclosure to that third party.
The answer is murky, and that murkiness is a liability. Some courts have found that privilege survives when cloud storage is used as a secure communications tool. Others haven't been so generous. The safer path is to never create the question in the first place.
The ABA Has Weighed In
ABA Formal Opinion 477R (2017) and Formal Opinion 483 (2018) both address attorney obligations around data security and cloud services. The guidance is clear: lawyers must take reasonable precautions to prevent unauthorized access to client information. Using a cloud transcription service that stores your client recordings on servers you don't control is a precaution failure, not a precaution.
Several state bars — including New York, California, and Illinois — have issued similar guidance emphasizing that competence under Rule 1.1 now includes understanding the security implications of the technology you use.
What "Cloud Transcription" Actually Means for Your Data
When you upload an audio file to Otter.ai, Rev, or similar services, here's what typically happens:
- Your file is transmitted over the internet to the provider's servers
- The file is processed by their transcription engine (often using third-party ML infrastructure)
- The transcript and the original audio are stored on their servers, sometimes indefinitely
- The data may be used to train or improve their AI models
- The data may be accessible to the provider's employees for quality assurance
- The data may be subject to government subpoenas or law enforcement requests
None of this is hidden — it's in the terms of service. The problem is that most attorneys using these tools for client work never read those terms carefully, or assume that "encrypted" means "private." Encryption in transit doesn't prevent the provider from reading your files once they arrive.
End-to-end encryption means only you hold the keys. TLS encryption (the standard for web traffic) just protects data in transit — the destination server can fully read your files. Most cloud transcription services offer TLS, not E2E encryption.
How Local Transcription Eliminates the Problem
Local transcription — where audio is processed entirely on your device and never sent to a remote server — eliminates the third-party disclosure question entirely. There's no upload. No server copy. No data retention policy to scrutinize.
This is the approach SecureScribe takes. Audio files are processed locally using on-device transcription. Nothing leaves your computer. The transcript is generated and stays with you. When you close the session, the audio is automatically deleted per your configured retention policy — leaving a cryptographic audit log that proves deletion occurred.
What Local-First Means in Practice
- No upload: Files never leave your machine for transcription
- No retention: Audio is deleted automatically after transcription
- No subpoena surface: There's no server holding your client recordings
- No vendor breach: You can't breach data that was never stored remotely
- Full audit trail: Every delete action is logged for compliance documentation
The Business Case Beyond Privilege
Beyond the privilege question, there's a competitive and reputational dimension. Clients — especially sophisticated ones in regulated industries — are increasingly asking their outside counsel about data handling practices. A firm that can say "our transcription never leaves our systems" has a clear differentiator from one that can't.
Malpractice insurers are starting to ask similar questions. As cyber liability becomes a line item in legal malpractice policies, the tools you use for case work will come under review.
The firms that move now get ahead of the requirement. Those that wait until a client asks — or until a bar complaint is filed — are managing a crisis, not a transition.
Does your transcription service: (1) upload files to remote servers? (2) retain audio after transcription? (3) use your data for model training? (4) have employees who can access your recordings? If you answered yes to any of these, you have an exposure you should address.
What Law Firms Are Doing Instead
The migration away from cloud transcription in legal is accelerating. Some common patterns we're seeing:
- Boutique litigation firms with sensitive matters (white-collar, IP, M&A) are the earliest adopters — the stakes are too high to tolerate ambiguity
- In-house legal teams are moving as GCs become more technically sophisticated about data governance
- BigLaw IT departments are blocking cloud transcription tools at the firewall and requiring vetted alternatives
- Solo and small-firm practitioners are switching after seeing the coverage of the Otter.ai and similar lawsuits
The common thread: once you understand what cloud transcription actually does with your data, the cost of switching feels much lower than the cost of staying.
The Bottom Line
The Otter.ai lawsuit was a reminder that "free" and "convenient" tools in the legal space carry real risk. Privilege is hard to restore once it's waived. Client trust is harder. The Otter.ai case won't be the last — cloud transcription services will face ongoing legal and regulatory scrutiny as courts and regulators catch up to how these tools actually work.
The answer for law firms isn't to avoid transcription — it's to use transcription that keeps client data where it belongs: with you.
For more on protecting client data in healthcare settings, see our guide to HIPAA-compliant transcription. For a deeper look at attorney-client privilege and cloud tools, read Secure Legal Transcription: Protecting Attorney-Client Privilege.
Transcription that never leaves your machine.
SecureScribe processes audio locally — no uploads, no cloud storage, no third-party exposure. Built for attorneys who take privilege seriously.
Start Your Free 14-Day Trial →No credit card required. Cancel anytime.