chaim/israel-law-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
20897c74b58fb2f2fa0ddb807d57869773eaec25
israel-law-mcp/PRIVACY.md

183 lines
5.7 KiB
Markdown
Raw Blame History

# Privacy & Client Confidentiality
**IMPORTANT READING FOR LEGAL PROFESSIONALS**
This document addresses privacy and confidentiality considerations when using this Tool, with particular attention to professional obligations under Israeli legal professional rules.
---
## Executive Summary
**Key Risks:**
- Queries through Claude API flow via Anthropic cloud infrastructure
- Query content may reveal client matters and privileged information
- Israel Bar Association rules require strict confidentiality (חיסיון עורך דין-לקוח) and data handling controls
**Safe Use Options:**
1. **General Legal Research**: Use Tool for non-client-specific queries
2. **Local npm Package**: Install `@ansvar/israel-law-mcp` locally — database queries stay on your machine
3. **Remote Endpoint**: Vercel Streamable HTTP endpoint — queries transit Vercel infrastructure
4. **On-Premise Deployment**: Self-host with local LLM for privileged matters
---
## Data Flows and Infrastructure
### MCP (Model Context Protocol) Architecture
This Tool uses the **Model Context Protocol (MCP)** to communicate with AI clients:
```
User Query -> MCP Client (Claude Desktop/Cursor/API) -> Anthropic Cloud -> MCP Server -> Database
```
### Deployment Options
#### 1. Local npm Package (Most Private)
```bash
npx @ansvar/israel-law-mcp
```
- Database is local SQLite file on your machine
- No data transmitted to external servers (except to AI client for LLM processing)
- Full control over data at rest
#### 2. Remote Endpoint (Vercel)
```
Endpoint: https://israel-law-mcp.vercel.app/mcp
```
- Queries transit Vercel infrastructure
- Tool responses return through the same path
- Subject to Vercel's privacy policy
### What Gets Transmitted
When you use this Tool through an AI client:
- **Query Text**: Your search queries and tool parameters
- **Tool Responses**: Statute text, provision content, search results
- **Metadata**: Timestamps, request identifiers
**What Does NOT Get Transmitted:**
- Files on your computer
- Your full conversation history (depends on AI client configuration)
---
## Professional Obligations (Israel)
### Israel Bar Association and the Bar Association Law
Israeli lawyers are bound by strict confidentiality rules under the Israel Bar Association Law 5721-1961 (חוק לשכת עורכי הדין) and the Israel Bar Association ethics rules.
#### Attorney-Client Privilege (חיסיון עורך דין-לקוח)
- All attorney-client communications are privileged under the Evidence Ordinance [New Version] 5731-1971
- Client identity may be confidential in sensitive matters
- Case strategy and legal analysis are protected
- Information that could identify clients or matters must be safeguarded
### Privacy Protection Law and Client Data Processing
Under the **Privacy Protection Law 5741-1981 (חוק הגנת הפרטיות)** and the Privacy Protection Regulations:
- You are the **Database Owner** when maintaining client databases
- AI service providers (Anthropic, Vercel) may be **holders** or **managers** of data
- Database registration requirements may apply under the Privacy Protection Authority regulations
- Cross-border data transfers must comply with the Privacy Protection Regulations (Transfer of Data to Databases Outside the State's Borders)
- The **Privacy Protection Authority (הרשות להגנת הפרטיות)** oversees compliance
---
## Risk Assessment by Use Case
### LOW RISK: General Legal Research
**Safe to use through any deployment:**
```
Example: "What does the Companies Law say about shareholder rights?"
```
- No client identity involved
- No case-specific facts
- Publicly available legal information
### MEDIUM RISK: Anonymized Queries
**Use with caution:**
```
Example: "What are the penalties for securities violations under Israeli law?"
```
- Query pattern may reveal you are working on a securities matter
- Anthropic/Vercel logs may link queries to your API key
### HIGH RISK: Client-Specific Queries
**DO NOT USE through cloud AI services:**
- Remove ALL identifying details
- Use the local npm package with a self-hosted LLM
- Or use commercial legal databases with proper privacy agreements
---
## Data Collection by This Tool
### What This Tool Collects
**Nothing.** This Tool:
- Does NOT log queries
- Does NOT store user data
- Does NOT track usage
- Does NOT use analytics
- Does NOT set cookies
The database is read-only. No user data is written to disk.
### What Third Parties May Collect
- **Anthropic** (if using Claude): Subject to [Anthropic Privacy Policy](https://www.anthropic.com/legal/privacy)
- **Vercel** (if using remote endpoint): Subject to [Vercel Privacy Policy](https://vercel.com/legal/privacy-policy)
---
## Recommendations
### For Solo Practitioners / Small Firms
1. Use local npm package for maximum privacy
2. General research: Cloud AI is acceptable for non-client queries
3. Client matters: Use commercial legal databases (Nevo, Takdin, Pador)
### For Large Firms / Corporate Legal
1. Negotiate privacy agreements with AI service providers under Privacy Protection Law requirements
2. Consider on-premise deployment with self-hosted LLM
3. Train staff on safe vs. unsafe query patterns
### For Government / Public Sector
1. Use self-hosted deployment, no external APIs
2. Follow Israeli government information security requirements (INCD guidelines)
3. Air-gapped option available for classified matters
---
## Questions and Support
- **Privacy Questions**: Open issue on [GitHub](https://github.com/Ansvar-Systems/israel-law-mcp/issues)
- **Anthropic Privacy**: Contact privacy@anthropic.com
- **IBA Guidance**: Consult Israel Bar Association ethics guidance
---
**Last Updated**: 2026-02-22
**Tool Version**: 1.0.0
Reference in New Issue View Git Blame Copy Permalink