Last month I had the privilege to once again travel to New York to visit the LegalTech Conference. I attended my first LegalTech in the early 90s. In those days, it was very common to stroll through the exhibit hall and find coffee vendors and car services alongside software vendors. For the most part, that is no longer the case. In fact, this year something like 77% of the vendors in the exhibit hall were focused in a single product category: e-discovery.
For those of you that have never been, LegalTech is quite different from the ILTA annual conference. Despite its name, LegalTech is more about the lawyer than the tech. Still, despite the abundance of lawyers in the house, there are many opportunities for technical folks like us to improve our understanding of the profession and increase our skills. This year I was pleasantly surprised at the emphasis on security. No, you couldn't find any deep-dive sessions on forensics, but there were plenty of discussions on serious topics. Here are a few quick observations:
If attendees had any doubts that the Internet can be a bad place, the opening keynote by Jason Thomas (of Thomson Reuters) should have burst that bubble. Jason's discussion of TOR, Silk Road, crime-as-a-service and Bitcoin (this was before the MT Gox incident) opened many eyes to just how easy it has become to make bad things, really bad things, happen over the Internet. Traditional concepts of cyber warfare among nation states may ultimately be dwarfed by a ready supply of willing hackers for hire who can be located, hired and compensated quicker than you can finish reading this blog post.
One session on cloud security was conducted in the style of an appellate court hearing. The argument before the 'court' was the security of cloud computing. The key takeaway from this session is that there is no such thing as 'secure' - there is only acceptable risk. Those firms who think their on-premise systems are more secure than cloud-based systems need to recognize that there are still risks present in their current systems. Also, we should not under-estimate the sophistication and voracity of would-be attackers, regardless of where we house our data.
Is privacy dead? This was the topic considered by the keynote panel on the last day. The session, entitled 'Terms and Conditions May Apply' considered how little privacy we have online and how much of it we willingly give up. Why are the privacy agreements so complex? The lawyer on the panel identified existing law, in particular the Uniform Commercial Code as the culprit.
Privacy is much more complex when considered internationally. New privacy laws in Europe are more restrictive than US law. Is your international practice complying with local laws? This, and data sovereignty issues complicate international concerns. Of course, what would a discussion about privacy be if it didn't include the topic of Edward Snowden. Not surprisingly, there was a lack of consensus on whether he is a hero or villain. Regardless of individual opinions about him, his actions have sparked many debates and discussions at many levels both in and outside of government related to privacy and security.
Much of our current society is far too willing to accept whatever terms and conditions A software vendor or website may impose in exchange for the benefits of the product they present. For law firms, this is an especially challenging issue in a bring your own device world.
Speaking of BYOD, a session moderated by GWAVA highlighted the need for law firms to have affirmative policies covering the use of social media and BYOD guidelines. For both issues the consensus was - accept it, but govern it. Some firms are trying to block all social media use or prevent the use of personal devices. These firms are swimming upstream. All is not lost, though. The discussion centered around the need for policies to define what is and is not acceptable use. Firms need to protect themselves by obtaining written acknowledgement from staff that they will abide by these policies. It is not enough to simply decree from on high.
As mentioned earlier, 77% of all vendors were e-discovery vendors. Although this is not directly related to security and privacy, the ability to retrieve digital information from many new places including mobile devices, GPS units, and tablets highlights new concerns about security and privacy. Our digital footprints are growing.
Hopefully, many attorneys who attended LegalTech returned to their offices with a newfound appreciation for the work being done in the IT department at their firm. At a minimum, they should be better informed on these issues the next time IT floats a new policy or procedure that is designed to protect the firm and its clients.