ILTACON 2016: Re-Imagining Legal Technology for the 21st Century

By Joseph Raczynski

“The story of disruption was just the first act of 21st century business, now begins the tale of total transformation.”

— Mike Walsh

NATIONAL HARBOR, Md. — So reverberated the words of Mike Walsh a Futurist/CEO of Tomorrow, across an audience of more than 3,000 legal professionals at ILTACON 2016, a four-day conference that centers on the intersection of technology and the legal industry.

Walsh gave the keynote on the opening day of the annual conference, and the lens he cast enlightened the onlookers to a futuristic view of our current world. He then bridged that technological vision to the 21st Century Legal realm and focused on several thought provoking questions.

Can you think like an 8-year-old?

The key to transformation is to be ahead of it. Through the optics of an eight-year-old we can view the direction that technology is shifting. They embrace mobile — why? Because parents have pacified their kids for years with iPads and mobile phones. Their learnings began on those platforms which became almost intuitive to them and will now dictate our future.

When will we be a truly data-driven world?

Now! The biggest social shifts are shaped by the data-driven world. Disney World offers the most advanced of data collection and use. Their MagicBands are linked to a credit card and function as a park entry pass as well as a room key. They know who you are, where you are, and increasingly know what you want — predictively. Food can be delivered to you without you ever specifying a location. All of this is using data and machine learning to better understand consumer, and thus human behavior.

disney

WeChat, an app primarily used in China, was also offered as a good example of where we are going. With this app, people in China can play games, pay for things and buy insurance — the whole time interacting with a bot that is constantly gathering data and learning. This is what we will begin to see in all businesses in the near future.

In preparation for his transition into a discussion around legal, Walsh offered another thought. The children of today will be the first generation to be raised partly by artificial intelligence (AI). If you think about the platforms that are prevalent now, kids are interacting with them increasingly — Alexa, Google and Siri. Law firms have to start thinking about how these eventual employees will work and interact with each other both inside and outside of the firm.

How will a 21st century law firm differ from a 20th century firm?

The world is now global. The largest corporations and law firms have back office and operations support overseas. As an example, Walsh talked about something he saw in India which illustrated where we are headed. An AI machine (physical computer) is situated alongside other staff in a cubical at an office center in India. It is fully embraced and accepted as a highly efficient employee — and continues to improve rapidly with its own productivity.

Speaking of actual human employees, recruiting people will transform, Walsh noted. The next generation of hiring future lawyers, and collaborating with clients should focus on rethinking how we hire. Offer a prospect a clean sheet of paper and ask them to come up with a solution to a problem. Another idea, after a month on the job, ask what processes the newbie might change based on what they are seeing.

int-about-mike

What kind of mental software are you new hires running?

Going forward, the operating system of a 21st century lawyer is as much about the culture as it is about the code. All firms will have to be agile, and firms will have to hire people that think that way. Everything around our traditional culture and space is changing. People will increasingly be working from other locations, so this concept has to be reimagined. Walsh’s suggestion was to think about the person you are hiring — are they energized by solving problems? Additionally, environments have to be reconsidered. How do you design an office for people that do not need one?

Lastly, are you leveraging all of your data?

Law firms are rife with all sorts of data. One question that Walsh suggested was worth posing is how are firms using that data? Increased productivity can be gained by applying analytics to the whole.

In closing, Walsh pleaded for the legal space to adjust their mindsets, how we see and use data, which people are hired, and what technological processes are in place. We need to think like an eight-year-old to see how the world will change and adapt now, he explained.

The data inside law firms has to be better leveraged and analyzed with new tools. When hiring, do so by unearthing agile people and creating more social workspaces. One of the best ways to do that is by rethinking your communities, picking some high-profile projects and challenging those new teams to experiment.

In conclusion, Walsh noted: “When preparing for this new future, embrace that the future means challenging everything we know to be true.”

ILTACON 2016: Looking into the Future & Building the Exponential Law Firm

By Joseph Raczynski

“In the not too distant future, exponential technology could upend the $650-billion-dollar legal industry — or, there will be a $78 to $120 trillion-dollar opportunity for agile players who are prepared.”

— Rohit Talwar

NATIONAL HARBOR, Md. — At ILTACON 2016, Rohit Talwar, CEO of Fast Future, spoke about the disruption in the legal industry occurring around us and more precisely which technologies will have the largest impact on law firms in the near future.

In his discussion “Building the Exponential Law Firm,” Talwar began with the baseline of Moore’s Law — the theory that processing speeds of computers double roughly every 12 to 18 months. Building on that, he added what he considers to be the core of this exponential growth: machine learning. These are machines with the ability to create visual perception, reasoning, planning, intuition and decision-making all starting from a simple ruleset.


The Faster Pace of AI

In his fascinating discussion, Talwar pointed to a recent development with Google, using DeepMind, its artificial intelligence (AI) computer, and playing Go — one of the most complicated games known to man. In this scenario, Google did not program the computer, only gave it rules of the game.

Rohit-Talwar-pic-300x216

In short order, the world Go champion lost 4-to-1 to DeepMind in dominate fashion. While this happened in early 2016, this was not expected to be possible until 2026 — a full decade in the future.

What Talwar was illustrating through the AlphaGo example and countless others is that AI is here and is being used all around us. It is becoming pervasive, embedded, augmented, immersive, and connected to a multi-sensory network.

There were a host of various legal sector applications he cited as occurring now, such as those in areas such as:

  • Automation of Legal tasks and Processes — Firms have developed a computer program that can sift through government regulatory registers to check client names for banks, processing thousands of names overnight. Others have created an automated personal injury claim case assessment program.
  • Decision Support and Outcome Prediction — This includes advancement in document review in M&A, that extracts and analyzes key contract provisions and provides rapid summary and analysis; or analyzes entire briefs to find potential missing points of law, or alternative arguments not cited; and premonition programs can predict which lawyers win with which case types and which judges.
  • Creation of New Product and Service Offerings — This includes development of online document generation for startup formation; online education impact analysis; and online chatbots that can advise on privacy law and generating client-specific compliance policy in real-time.
  • Process Design and Matter Management — Firms have developed automated generation of process flows and project plans; real-time impact assessment of process changes on timeframes, resources and costs; and come up with suggested narratives based on how clients react to and prefer to receive information
  • Practice Management — This involves benchmarking across practice areas for comparable tasks from document production through to completion of key stages in a matter; identifying potential human resource challenges using social media sentiment analysis of comments; and providing dynamic modelling of alternative billing approaches and matter-team formation based on personal characteristics.
  • In-house Legal Applications — Some firms have developed a lawyer advisory app that can, for example, create an ordering of corporate contract negotiations; other tech entities have created apps or programs that can streamline and standardize regulated superannuation funds’ breach assessment processes, and that can help financial institutions meet requirements, determine applicable regulations in terms of situations concerning money laundering, liquidity risk and financial crimes.

The Coming Blockchain Revolution

Over the next several years Talwar said that he believes blockchain technology will have a monumental impact on law firms, providing firms with the ability to store information in a secure distributed ledger. In fact, Goldman Sachs estimates a cost saving of $4 billion annually on its legal bill by moving real estate titles to distributed ledgers that use blockchain technology.


Talwar pointed out that law firms have a huge potential upside with all of the technology that is emerging. However, he warned, if a firm does not adapt and become agile it will be very difficult for it to keep up with the pace of change that will be occurring, and ultimately its intransigence will make it difficult for the firm to win business.


In the second phase, being tested right now, the Decentralized Autonomous Organizations (DAOs) will execute contracts free of human intervention; and in the future, we’ll reach Algocracy, a full automation of the law.

In this scenario, we would have a complete rewriting of the law that would be embedded in software. This would allow for automatic fines, standardized open source legal documents and automated judgments. For example, if someone stole a candy bar from a convenience store, their own body camera would catch them and automatically impose a fine on that person. A payment would be removed directly from their bank account, and would be executed without human intervention.

Not surprisingly, Talwar pointed out that law firms have a huge potential upside with all of the technology that is emerging. However, he warned, if a firm does not adapt and become agile it will be very difficult for it to keep up with the pace of change that will be occurring, and ultimately its intransigence will make it difficult for the firm to win business.

The wonderful aspect about this change is that it is all new. Most of these technologies are not governed by law, which creates an incredible opportunity for legal advice because clients have to understand how to handle these new technologies.

Law Firm and Corporate Cybersecruity Presentation – UMB

By Joseph Raczynski

Recorded at the University of Maryland, Baltimore during the “Cybersecruity and You” morning session. Discussed is the current landscape of cybersecurity at law firms and corporations, the primary issues these organizations are finding and general awareness of what is happening.

Blockchain White Paper

By Joseph Raczynski

Abstract: This white paper discusses the history, inner workings and applications of blockchain, an online public ledgering system, and how it will soon significantly impact many aspects of the legal industry. The first part of this paper will show the marvels and the pitfalls of Bitcoin and its underlining blockchain technology. The second part will describe what full global adoption of a cryptocurrency and blockchain technology would entail. And the third will explain the potential legal implications of blockchain technology.

LegalSEC: Email Security is Priority One for Law Firms

By Joseph Raczynski

BALTIMORE, Md. — “Three strikes and you are out of the firm.” This is the mantra of one law firm when dealing with employees who click on spear-phishing emails, according to Mounil Patel, Strategic Technology Consultant at Mimecast, an email and cloud security firm.

Patel’s comments came at the recent gathering of legal tech and cybersecurity officials, the LegalSEC Summit, presented last week by the International Legal Technology Association (ILTA) in Baltimore.

Simply stated, email is currently the largest hole in law firm and corporate security. Most other aspects of the firm have been shored up over the last several years, including firewall and antivirus protection, malware defenses, and monitoring of networks. However, as Patel pointed out, a law firm can have every monitoring and protection application in place, but email’s reliance on the human decision factor creates major headaches for the firm’s IT staff.

emailTo illustrate, Patel described one incident where he received an email from someone with whom he had worked years ago at a previous company. The email was directed to him and clearly appeared to be from his old colleague’s email address. The cordial note brought up some of their old connections at the previous company and then asked if he would kindly review the attached resume to see if there might be a fit for him at his new company. Patel naturally opened the PDF and the virus payload was released. The point is, with today’s more sophisticated email attacks, there is almost no way for people to know what are genuine correspondences from friends or colleagues and what is a “virus bomb”.

Patel’s advice:

  • Be suspicious of everything that comes into your inbox especially from the outside;
  • .EXEs and .ZIPs files should always be blocked or deleted;
  • PDFs can be difficult — be sure to run the latest patches from Adobe (creator of PDFs);
  • Be aware of where links and URLs are taking you;
  • Law firm or company IT departments should send weekly notes to remind people to be cautious; and
  • For finance, use internal non-email based systems for wire transfers and notifications.

 

It is interesting to note that many law firms and corporations are internally testing their own employees with such targeted spear-phishing attacks similar to the one Patel received. A client of Patel’s ran one such email security campaign and when an attorney was caught opening the attached files or following the links, that person immediately received a pre-recorded message via voicemail from the entire executive partnership that such behavior was unacceptable.

The message went on to state if they were caught twice more they would be terminated — three strikes and they were out.

One best practice noted by one chief information officer at the Summit was that before you start your phishing campaign, let the firm know you are conducting this. She found that attorneys began sending IT suspicious emails proactively. In addition, reaffirm those who do not click the phishing emails, by not noting that they are doing good work.

Email will continue to dog corporations and law firms for the foreseeable future. Ultimately it comes down to humans making decision on what to open and click on. At this point in time, a well-crafted targeted email attack appeals to most people, unfortunately. (In fact, the likelihood of an executive clicking on one of these attacks is at a stunning 96%, according to McAfee.)

So, heeding some of Patel’s advice could save your organization the pains of another attack launched via email.

LegalSEC: Shedding Light on the Dark Net 

By Joseph Raczynski

The importance of law firms understanding the dark web

Your very sensitive private client data could be available for all to see on the Internet right now.  Technically this data would be on the Dark Net or Dark Web.  It is the portion of the World Wide Web that is hidden or inaccessible from normal browsers.  As corporations and law firms grapple with larger and more profound attacks, I think it is important to be aware of how individuals access it and what occurs there to better safeguard your firm from what is happening now.  At the cybersecurity LegalSEC Summit last week in Baltimore, Kevin Lancaster CEO of Winvale, Todd Nielson, President at ‎Secuvant Cyber Security, and Will Nuland, Sr. Security Researcher at Dell SecureWorks, spoke about the nuances around the Dark Net.

The Dark Web, born from a United States government program had positive intent from the onset.  It created a cyberspace where people in disaffected regions could anonymously visit and share ideas freely.  North Koreans and Iranians use this to congregate and postulate new ways to live.  They could then visit this space in the ether and share ideas freely without the fear that they would be persecuted for espousing ideas incongruous with their government point of view.

How to get there:

The following is not advised, but is here as an awareness of how people access the Dark Web.

Mozilla Firefox has a plugin (Tor Project), a simple free application run by a nonprofit organization which turns your normal browser into a Tor Onion enabled browser.  What that means is that the plugin creates a tunneled Internet to a minimum of 100 other locations around the world.  You are essentially establishing a proxy connection to other computers who are running the same Tor software.  This establishes a very strong sense of anonymity and security that no one knows who you are or where you live (IP address).   If I live in Washington, DC after running the plugin I may show up as living in Prague, but first being routed through 99 other cities.

darkweb

Once the application is launched you would need to find an index page, like the Hidden Wiki, which gives users a general launching off point for perusing the Dark Web websites.  It is not a pure search and find environment like Google, though some sites are indexed.  Sites are not set up with URL structure like we have on the Open Web, http://www.thomsonreuters.com.  In fact they appear to be hashed with letters and numbers in a random pattern.  They also end in an .onion compared to the normal .com that we tend to see.  So an example address might be: ijfije856ya5lo.onion.

Once there:

Unfortunately, once a user passes into this realm, there is a minefield awaiting.  The Wiki page starts with the benign and dives headlong into the frightening and disturbing.  You can buy $10,000 of fake US dollars for the equivalent of $5,000 in Bitcoin, the currency of choice.  The cryptocurrency Bitcoin is also generally considered anonymous.   Other possibilities include, hiring a hacker, buying prescription drugs, and buying illegal drugs, and acquiring arms or if you so desired, get involved in unregulated medical trials.  On the darker side, you can even hire a hit man.

Law Firm Perspective on Dark Web:

The key important piece to this post is that law firms are now being brought into the dark side.  Criminals are stealing IP information, M&A information and dropping off onto the Dark Web.  Other groups are grabbing proprietary information or sensitive client information from law firm networks and saving it onto the Dark Net to either expose the firm, or to hold at ransom.  Hackers for hire have been used to target corporations and law firms.

One of the subjects that was asked of the panel, how should firms handle the Dark Web?   In my time consulting around this subject, I was curious about the response.  The group was split.  Some thought that companies should not use their own networks to access the environment, others stated that in a controlled access situation, they could monitor what is going on the Dark Web to protect their brand.  In fact, it was stated that nearly two million people a day visit, but most are monitoring what is happening.  Law firms and corporations should be looking for client names, login and passwords, email address of their respective company.

With the increase in cyber-attacks, all entities have to be aware of how the hackers operate.  Understanding the Dark Web in the context of this is part of the due diligence for any corporation or law firm today.  Fortunately a new wave of companies are surfacing which can monitor the Dark Net on behalf of your organization.

LegalSEC: Cybersecurity, Rooted in 500 Years of History

By Joseph Raczynski

Learning from colonial piracy about the war on cybersecurity 

“It is a small world.  It’s a fragile world.  No one is safe until everyone is safe.”  These are the cautionary words of Rod Beckstrom of The Rod Beckstrom Group, the keynote speaker at the cybersecurity LegalSEC Summit last week in Baltimore.  With over 350 legal technology professionals leaning into his every word, he set the stage for where cybersecurity is headed with an advisory tale from history now repeating itself on the Internet.  His intent, to arm the guardians overseeing 80-90% of the country’s IP information all sitting in the same room at that moment in time.

History of Pirates

In 1491, the “Erdapfel” of Martin Beheim was created.  It is the oldest surviving terrestrial globe – excluding the Americas.  This sphere was cutting edge technology of the day.  Like any technology its uses can be for the betterment of humanity or its decline.  Not surprisingly, around the release of the globe, piracy began to flourish.  Seafaring scoundrels viewed the world anew with this technology and seized upon its bounty.

These salty scofflaws took four unique forms in their day.  One group of pirates were sponsored by the Dutch, Spanish, and British empires respectively.  Another group realized they could band together using their private ships to attack on the high seas for gems and precious metals.  The third formed a coalition around pirating for a cause.  The last group were one-off ships that would attack others for jewels or money.  These four pirating entities have a present day adaptation.  They translate to State Actors (e.g. China, Iran, North Korea), Organized Crime (e.g. in Russia or Estonia), Hacktivist (e.g. Anonymous) and Lone Hackers (e.g. anyone and everyone).  One new addition, in the Cyber Age there is also the internal threat to organizations known as “Insider Joe” attacks which are very prevalent.

keynote

Present and Future

As Beckstrom described in this presentation, the wars over the years require time for forces to align.  During the Nuclear era, once the major powers acquired these arms, everyone realized it was in the best interest of each country not to use them, i.e. mutually assured destruction.  This is ongoing right now with Cyberwar.  He said that China or Russia could hobble the infrastructure of the United States tomorrow, but they realize that if they did that, the US would do the same to them, therefore no one conducts this sort of cyber-attack.

Law firms are not a sovereign territory so all aforementioned groups are threats and in turn are seeking them out.  These groups have tools which are sold on the Dark Web as out of the box solutions and can wreak havoc for firms in very little time.  In the graphic below Beckstrom outlines an ecosystem where various parties work together but in isolation to earn money or take down a company.  The scripts are created by people and sold to criminals.  While another sets of criminals have harvested millions of credentials.  In conjunction the Criminal Operator uses both to target a law firm or corporation.  Those proceeds or goods are then routed through Mules.  These are everyday people who simply accept packages and send them along to someone else which keeps the money flowing. In most of the law firm attacks, mules are not used, instead data is either released or held at random by the Criminal Operator.

rod1

The only way to combat this said Beckstrom will be a new world of robots fighting robots (computer bots), which is now occurring.  This next era defense is sifting through huge amounts of data and applying cognitive computing and artificial intelligence with a layer of deep learning on top.  In this light he underscored the importance of preparedness.  One of the world’s largest banks, JPMorgan, has decided to pledge a half billion dollars toward the fight on cybersecurity.

Beckstrom closed with the warning to each firm CIO that the time is now to invest heavily in cybersecurity.  Every one of the attacker profiles mentioned are attempting to break in and get access to law firm and corporate information.  Prepare now because time is short – we are not safe until everyone is safe – by taking the responsibility to invest.

State of the Cloud at Law Firms: The Interstitial Phase of Law Firm Cloud Philosophy

By Joseph Raczynski

The word “Cloud” can be a divisive word at law firms. Recently uttering the term during technology meetings with East Coast-based law firms with between 50 and 3,000 attorneys elicited starkly differing responses based on firm size and practice dominance.

Most of the midsized firms with whom I have met over the last year were favorable toward its use in most cases. One CIO declared it was firm negligence not to use the Cloud for data. He cited the inability for most firms to retain the expertise necessary to safeguard data inside the firm. Typically, larger law firms with clients in the financial industry explicitly forbid embracing such services outside of their network. Indeed, these clients underline this conservative firm posture by pushing for responses to 300-part questionnaires about how the law firm handles their data and outlining privacy and security practices related to the Cloud.

Despite this push from the financial industry, I would argue that we are in an interstitial period of Cloud adoption at law firms. In the not too distant future, I believe that many of the firms today which avoid or disallow its use will accept it. Law firms are risk-adverse institutions. While Cloud technology may appear laden with hazard, it might actually be the opposite. Initially when the Cloud — a rebranded name for a decades old concept — returned, early adopters encountered data breaches.

Years of security issues were thrust into the headlines, and those goaded reputable Cloud providers toward major investment around protecting their services. Now with far tighter rein of control, Cloud providers are much better positioned to court law firms of all sizes. Unless a firm has a solid technology budget and the ability to retain top-notch security experts, an argument could be made that housing data in a secure cloud would be more prudent than inside an internal firm network.

A recent New York Law Journal article by Ted Sabley on Does Adoption of Cloud Computing Shift Cyber Liability Risk? will give some readers pause for thought on greater adoption. Sabley mentions each of the largest Cloud providers have baked in new and surprising contract terms. They’ve shifted the liability in the End User License Agreements (EULA) to the customer. That is, if there is a breach of customer data hosted on the Cloud, the user bears the responsibility. This seems to be the case with Amazon Web Services (AWS), Google, Microsoft and Apple Cloud platforms.

Whether or not a customer shoulders the responsibility of a breach, the common practice for everyone dealing with Cloud providers should be the following:

  • Understand the Cloud contract. Who is responsible when a breach happens? What happens to the data if the Cloud provider company goes under or is acquired?
  • Realize which type of firm data is being placed into the Cloud. Is it loaded with Personally Identifiable Information (PII)? Is your client aware of where the data is being stored?
  • Purchase Cybersecurity Insurance. Years ago this was a fairly nebulous insurance process, however, now it seems to be much more defined. Seek out expertise with all of the various components and nuances in this arena.

Currently firms of all sizes find themselves in two camps when it comes to the Cloud. Midsized firms have generally flown into the Cloud, while big firms hover between land and air, in a bit of a fog-like state. With increasing pressures of expense and the challenges of retaining network and cybersecurity expertise, the future for law firms is undoubtedly in the clouds.