File Encryption for Solo Attorneys: Protect Client Privilege Without Paid Software

If you are a solo or small-firm attorney, you have two competing realities. ABA Model Rule 1.6(c) says you must "make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." And your software budget is somewhere between zero and "small enough that another $300 a year hurts."

This guide walks through how to encrypt client documents using browser-based tools — strong enough to satisfy reasonable-efforts under Rule 1.6, simple enough to use during a workday, and free. No Citrix ShareFile subscription, no NetDocuments contract, no Microsoft 365 E5 license required.

What "Reasonable Efforts" Actually Means

The ABA does not require any specific encryption standard. ABA Formal Opinion 477R clarifies that the standard is "reasonable efforts" measured against the sensitivity of the information, the cost of additional safeguards, and the nature of the representation. A basic small claims case has a different bar than a high-stakes intellectual property dispute.

What is universally considered reasonable: encrypting files in transit (when emailing or uploading) and at rest (when stored on a laptop or USB drive). What is universally considered insufficient: emailing unencrypted PDFs of medical records, deposition transcripts, or settlement drafts to clients or opposing counsel without any protection.

AES-256 — the same standard used by federal agencies for classified information — is well above any reasonable interpretation of the rule. It is the encryption used by the free file password protector on this site, and it runs entirely in your browser, meaning client files never leave your laptop while you encrypt them.

The Three Workflows You Need

1. Email a document to a client. Open the free file password protector, drop the PDF or Word file in, set a password (use the password generator for strength), and download the .enc file. Attach the .enc to the email. Send the password by phone or text — never in the same email. The client decrypts using the same tool.

2. Send discovery to opposing counsel. Same workflow, but the password should be one you negotiate with their paralegal in advance. For large discovery productions, encrypt the master ZIP rather than each individual file.

3. Store sensitive files on a laptop or USB drive. Encrypt before saving. Even if the device is lost or stolen, the data is unreadable. This is particularly important for laptops you take to court or to client meetings.

Sell Custom Apparel — We Handle Printing & Free Shipping

Why "Cloud" Is Not Always the Answer

The standard advice is "use Dropbox Business" or "use OneDrive with encryption enabled." Those are fine options, but they share one weakness: the file lives on the provider's servers, encrypted with their keys. If their key management is compromised — or they receive a subpoena — your client's file may be decrypted without your knowledge.

Encrypting the file yourself before uploading to any cloud service eliminates that risk. The cloud provider only ever sees ciphertext. Even if their servers are subpoenaed, the file produced is unreadable without your password. This is sometimes called "client-side encryption" or "zero-knowledge" storage, and it is the gold standard for attorney-client material.

The tool on this page is client-side by definition: encryption happens in your browser using the Web Crypto API. The file is never uploaded to any server during the encryption process.

Practical Setup for a Solo Practice

Bookmark the encryption page. Pick a passphrase scheme — for example, the case name plus a fixed phrase ("smith-v-johnson-summer-rain"). Write the system down somewhere accessible only to you, not the passphrases themselves. Train your paralegal to use the same workflow.

For discovery and exhibits, consider one master password per matter rather than one per file. This reduces the cognitive load and keeps you from emailing twelve different passwords for one production. The trade-off is that if the master password is compromised, every file in that matter is exposed — but for most solo practices, the productivity gain outweighs the risk.

Combine the encryption tool with an encrypted password manager (Bitwarden is free and open-source) so that you never lose track of which password goes with which matter.

What This Workflow Replaces

Solo attorneys typically pay for one of: ShareFile (around $50/mo), NetDocuments (around $40/mo per user), Tresorit (around $30/mo), or Microsoft 365 E5 (around $57/mo per user). All offer client-side encryption as part of larger document management or secure-share suites.

If your practice is large enough to need centralized document management, those tools are worth paying for. If you are a solo or two-attorney firm sending occasional encrypted files, the browser-based workflow does the same encryption job for $0 a year. Spend the saved money on a good case management system instead.

Frequently Asked Questions

Does AES-256 satisfy ABA Rule 1.6?

AES-256 is the encryption standard used by the U.S. government for classified information. No state bar opinion has ever found AES-256 insufficient for protecting client information. It comfortably exceeds any "reasonable efforts" standard.

What about state-specific requirements?

A few states (notably New York, California, and Texas) have issued ethics opinions requiring specific safeguards for cloud storage. Encrypting files client-side before upload satisfies all of them — the cloud provider never sees plaintext.

Can opposing counsel decrypt the same way?

Yes. They go to the same URL, drop the .enc file into the Decrypt tab, enter the password you shared by phone, and download the original file. No software install required on their end either.