ILTACON Day 4: AI and Security Are Top Issues

Artificial Lawyer Special Correspondent, TJ Johnson, AVP, Legal Sector Strategist at Qualitestreports from Las Vegas on ILTACON Day 4, and especially on the continuing importance of security issues and how some US firms approach NLP tools at present.

It was another great day of educational content today at ILTACON. I continued with my questions to ILTACON attendees: What are your biggest challenges? What did you come to ILTACON for? Is ILTACON meeting your goals?  

Two themes emerged today: security is the biggest new/old problem on people’s plates, and AI [i.e. NLP tools] only meets its promise some of the time.

Starting with the AI question, I sat with a group of four IT leaders at lunchtime today who were discussing the biggest issues they see with AI: Christian Zust, Regional Innovation Solutions Director – Americas at Bryan Cave Leighton Paisner (BCLP); Chris Emerson, Senior Director of Legal Operations and Innovation at Quarles & Brady; Rick Krzyminski, Client Solutions Officer at Baker Donelson; and Don Knight, Director of Legal and Tax Operations at Crown Castle.  

There was general agreement that there are good implementations of AI-supported software in eDiscovery and contract management. In many other areas there are lofty expectations, but they don’t see it as quite there yet. All four have sat in ILTACON sessions and have found their concerns solidified by talking with peers. Don of Crown Castle said ‘AI is all hat and no cattle’. 

When I asked him to explain, he said: ‘Everyone says they can do it, but few really are doing it well’. Rick at Baker Donelson said there’s a lot of ‘Innovation Theatre’. Chris at BCLP followed with: ‘There’s a lot of hype, but not much understanding of what it really means, particularly among non-IT users.’ 

They explained that the leadership in organisations ‘wants AI’ but doesn’t really understand what business problem they are trying to solve, they just think ‘they need AI’. For any given implementation, products tend to be marketed as having AI, but exactly how it works, what the benefit is, and whether it needs to be trained is not transparent. 

There is little appreciation that AI doesn’t just magically work and the investment in training is huge, they said. Chris finished the conversation with this question: ‘Most legal applications tend to either be basic rule-based automation or Bayesian classifier based ML. The latter is more useful except it requires potentially significant training. We haven’t seen much beyond that…is that a failure of imagination on other use cases?’

[ AL Editorial Note: Illuminating views by the group of ILTACON attendees, and just shows that while in some parts of the legal market the whole ‘AI hype’ debate died off several years ago and many have now got down to the practical realities of using NLP technology in the law, clearly other parts of the market are still at an earlier stage in the learning curve, i.e. experiencing a peak of expectations that are then tinged with disillusionment, which of course is the natural cycle of things, and the stage that occurs before they move to really getting value from the tech because they have eventually become more familiar with its pros and cons. It may also suggest that, at least for these attendees in the US, that there is still an overselling of the capabilities of such tools in some parts of the market.]

Moving to another discussion that was had, Angela Dowd, Director of Practice Innovation at Burns & Levinson (and a member of ILTA’s Board of Directors), said she comes to ILTACON to better clarify the challenges she’s having. 

She’s not expecting answers, but rather to hear that others are struggling with the same problems. She uses that as a lens to look at her firm’s issues and see where her anxiety or vague concern about something fits with what others are experiencing. That gives her a clear picture of the gaps that can be dealt with and the things that are going to need additional research or maturation.

Security is Still the Number One Challenge for Law Firms

Kathy Kreiger, Director of IT at Hodgson Russ came to ILTACON with top of mind concerns around Security and Information Governance (IG). She wanted to find out more about SOC services and Data Loss Prevention (DLP). She needs to create an IG function for her firm. 

I asked Kathy if she had found what she came for. She said, yes. She attended two ILTACON sessions that gave her good info, had discussions with peers had really helped, and she had found both a services provider and a product she was looking for. 

It was a good reminder that this is what ILTACON is about – the education, the networking, and the right business partners, all in one place. I asked Kathy about the ‘Security Worst Practices’ session from Monday. She shared these highlights on what not to do:

  • Implement security measures beyond your staff’s ability or beyond your staffing level
  • Turn on a high level of security before educating end users or before understanding the impact for end users
  • Fail to destroy data when appropriate
  • Assume people will follow security policies
  • Hazardous network segmentation
  • Believe you can outsource your risk management and accountability
  • Believe you can make people happy AND be completely secure.

I then asked Darryl Irby, Vice President Of Business Development at SecureIT360, one of ILTACON’s security exhibitors, what he sees as the biggest security threat to law firms. He said that ransomware is the most prevalent issue, but what is surprising to him is the number of email compromises there still are. 

This is frustrating to him as most of these could be significantly mitigated by internal controls and multi-factor authentication.  But, management teams in law firms don’t want to take the ‘political hit’ and the inconvenience level of these measures.

Scott Christensen, VP at Olenick (now Qualitest), advises clients on security issues. He talked about keeping your security approach simple. ‘It’s less about the tech and more about the business and the human element,’ he said.  

Again, we come back to the reason ILTA exists and why ILTACON is so important. ILTA members, no matter their size, have security issues to deal with. It used to be that only large firms had client demands to address DLP with tools to monitor data access and preventing end users from moving key information outside the network.

Now security questionnaires from clients almost all require some level of DLP.  So no matter the size of the firm, you have to do some of these things. Talking with peers at ILTA has helped many members prepare their strategies and mature their security posture.

Thanks again to TJ at Qualitest for the great report and group photo from ILTACON.