Part One · The Case · Chapter 4
The Sensitivity Ladder
The last chapter gave you a map: three places your data can be, at rest, in motion, or home. A map is useful, but it does not tell you where to go. This chapter gives you the rule that does. For anything you are about to hand to AI, the rule answers one question: which of those three places does this data belong in?
The rule is a short ladder with three levels, and it is the single most useful thing in this book to carry in your head. Once you have it, the vague worry of "am I doing something I shouldn't" becomes a check that takes about two seconds. You stop guessing about safety. You start checking a level.
The three levels
Level one: public and harmless. Information that would do no damage if a stranger read it. Public statutes and cases. A general explainer you are drafting. An argument worked out in the abstract. Language you are polishing that holds no client facts at all. For anything here, an outside AI in the cloud is fine, and you should use it freely and fast. There is nothing to protect, so do not slow yourself protecting it.
Level two: anything that touches a client. The moment a real client, a real matter, or a real confidence enters the picture, you are at level two. An intake to summarize. The facts of a case to organize. A letter with real names and real dates. This work does not go to an outside model at all. It runs on a model you host yourself, on your own machine, inside your own walls. In this approach, the everyday business of practicing law, all of it, lives on a model you own.
Level three: the crown jewels. The most sensitive material you hold. Live strategy on an active matter. The confidences that would end a case or a client relationship if they got out. Whole privileged files. This also stays on your own model, never the cloud, but it earns an extra layer of care: handled on a machine only a few people can reach, kept off the open network when it matters, and always with the plain option of using no AI at all.
Where it goes, at a glance
| The work | The level | Where it runs |
|---|---|---|
| Public, no client facts | One | Outside cloud AI is fine |
| Anything touching a client | Two | Your own model, at home |
| Privileged strategy, crown jewels | Three | Your own model, locked down |
Notice where the line falls
Look again and notice the thing that makes this subject simpler than it is usually made to sound. Only the first level ever leaves your walls. The instant a task touches a client, at level two or level three, it stays home. There is no delicate middle ground where you send client data to a stranger's computer and pray the contract protects you. One clear line: public and harmless can go out, and anything client stays in.
That line is one of the most freeing ideas in this book, because it ends the second-guessing. You are no longer weighing how much client detail is acceptable to paste into a cloud tool. The answer is none. Sensitive work runs on hardware you control, which is exactly what the second half of this book teaches you to set up.
The two-second test
You will not weigh all of this consciously each time. You need one question you can ask in a breath. Here it is.
If the answer is "nothing, it is public or harmless," that is level one, and the cloud can have it. If the answer is "that involves a client," you are at level two, and it stays on your own model, full stop. If the answer is "that can never get out, and even inside the firm only a few people should see it," that is level three: your own model, locked down, or done by hand. When a task sits on the line between two levels, treat it as the higher one. When in doubt, climb.
A word of respect before we go on. Your own judgment and the rules of your jurisdiction are always the final authority here. The ladder is a tool for thinking clearly, not a substitute for either one.
The habit that holds the line
Almost all of your safety comes down to holding that one line, so make it a reflex rather than a decision. Before anything goes to an outside AI, you ask the two-second question, and if any client lives in that text, it does not go. That is the habit. One sentence, and once it is automatic you have closed the gap that catches nearly everyone else.
Two supports make it easier to keep. First, keep one clean public account for level-one work and nothing else, so no stray client fact ever lands in a cloud tool's history. Second, build the reflex of stripping identifiers out of anything before you run it, even on your own model. Names become "the client." A date of birth becomes a label. On your own machine this is belt and suspenders rather than strict necessity, but good hygiene compounds, and it means that on the rare day you reach for the cloud at level one, the sensitive specifics are already gone.
A second set of rules, for a different danger
Everything so far has been about secrecy: where your data goes. There is a second danger that has nothing to do with privacy, and you should meet it now, even though we will not drill it until Part Two.
The model can be confidently, fluently wrong. It will hand you a wrong date without a flicker of doubt. It will invent a case that does not exist and dress it in a citation that looks perfect. Lawyers have been sanctioned for filing exactly that. So there is a second short list of rules, about trust rather than secrecy:
- Never let AI do, on its own, the things that must be exactly right: dates, deadlines, arithmetic, citations. Those belong in plain code or under your own eye.
- Always make the model show its work, so you can check a claim against its source in seconds rather than on faith.
- Never send or file anything a model produced without reading every word of it yourself.
You will not memorize these. You will live them, because each build in the second half is shaped so that one of them becomes second nature. For now it is enough to know there are two families of rules: where your data goes, and how far to trust what comes back.
Pin it to the wall
That is the whole framework, and it is smaller than it looked. Three levels that sort into one simple line: public work can go to the cloud, and anything touching a client stays on a model you own. One question you can ask in a breath. One habit that holds the line. And a promise that the trust rules get built into your hands later instead of memorized now.
From here on you are not feeling around in the dark. You are placing a task above or below a line. The last chapter of Part One answers the question all of this has been circling: if the safe path is to own the machine your sensitive work runs on, what does that really cost, and why does owning beat renting? That is where we go next.