UBIC is perhaps best known as a provider of software and services specifically aimed at electronic discovery and with a particular specialist skill in managing Asian languages. It is more broadly based than that, however, and extends into information governance and the management of risk and cost, and into wider areas of search and analysis.
UBIC is running a series of what it calls Signature Seminars, at which speakers from relevant disciplines address issues which affect companies and their lawyers. I took part in one of these, in Washington on 6 December.
UBIC invited me to moderate a panel called Information Governance and Data Privacy Challenges under US Regulatory Investigations. If I had had any doubts about accepting this invitation (it is a long way to go for a 60 minute panel), they were dispelled by the company I would be keeping. The opening speaker was to be Jason Baron, information governance and eDiscovery counsel at Drinker Biddle & Reath; the closing speaker was US Magistrate Judge John Facciola. My panel would be sandwiched between these eminent speakers. Who could resist?
UBIC’s own page about the event is here. It includes links to a video of Jason Baron’s full presentation, and to interviews with Jason Baron, with Christina Ayiotis and with me (I talked mainly about privacy and about metrics and budgets), together with a set of my photographs (you can see those also in a more easily-skimmed wallpaper layout here.
Inormation governance, eDiscovery, technology-assisted review and privacy all featured, as did a barnstorming performance from Judge Facciola about the changing requirements of the lawyers of the future. By “future” he meant now; if part of what he said was critical of lawyer unreadiness, part (as with Jason Baron’s talk) saw a bright future for those who “get it”.
Jason Baron: Applying TAR to Information Governance
One of Jason Baron’s themes was that the practice of law becomes more rather than less exciting as technology keeps pace with the information. The machines give ever-better filtering and classification, but human involvement is needed for more subtle conclusions which are more easily derived once the data has been processed. Humans stand a better chance of doing this if the extremely difficult task of devising and implementing taxonomies and classifications can be reduced to reliable auto-categorisation requiring few keystrokes.
Corporations, Jason said, are like castles – he showed us a photograph of the castle in Prague, home of Kafka the “patron saint of the state”. Castles have lots of rooms, including secret rooms, and very few people know all parts of them; corporations create and use information in similar silos. The astute use of technology can make sense of it all, identify areas of likely risk, and expose sources of potential benefit.
Lawyers need to cast off from the fear of the technology, Jason said, if only because it was impossible to manage without it. When we fly, we have no interest in the engine of the plane, and how it works; experience tells us that we are more likely than not to arrive at our destination. We need to develop a “certain degree of confidence in algorithms”.
Panel session: Benchmarking Big Data Analytics
The big data analytics panel which followed consisted of William Butterfield of Hausfeld, Wendy Butler Curtis of Orrick Herrington & Sutcliffe, Ayumi Nishino of NEC, Jeane Thomas of Crowell & Moring and Elle Pyle of McDermott Will & Emery. The moderator was UBIC’s Paul Starrett.
A few quotations serve to draw out its main points:
- Legal, IT, and business units have different interests which are sometimes competing interests
- It is not just fear of sanctions which drive over-preservation; when a regulator might say “I want to know what your policies are and how you follow them”, it may seem easiest to keep everything.
- As tools and communication channels develop, it is unduly restrictive, if not impossible, to be over-prescriptive as to how it is captured. “You grab it when you have it” on paper, on your tablet or whatever. You may not be within reach of Wi-Fi. The data is “not usually wrapped up in neat packages”.
- You need to talk to custodians – mere data without the human context is not enough.
- Much of the data about LIBOR (as an example) lay in text messages – which many might have overlooked as a source of relevant information.
- We now have science to show that our old manaul methods were inaccurate
- “I employ a full-time statistician”
- It is no good expecting so much of clients that they cannot pay your fees.
I pick these quotations because they illustrate the stage in the evolution of data management in the hands of the people who get their hands dirty every day with the practical aspects of managing client data in the context of external demands for litigation or for a regulator. What we heard from these speakers was the reverse of the norm – the lawyers who say “There is a lot of data. We must collect it all”, whilst actually overlooking many potential sources; those who apply the procedures of paper days to enormous volumes of electronic data; the ones who feel (or say that they feel) the need to read everything, and who mutter about “black boxes” when technology is mentioned; those who bring their Olympian, law school trained, minds to bear on problems without considering the practical implications; all these should be made to sit and listen to panels like this.
It was not a coincidence, I think, that these ideas were echoed in the closing speech by the eminently practical US Magistrate Judge John Facciola.
Panel session: IG and Data privacy Challenges for Global Corporations under US Regulatory Investigations
The subject of my panel was subtly different subject from the usual cross-border panels, in that it involves US domestic privacy and not merely the intransigence of foreigners kicking back against US discovery demands.
The panel consisted of David Shonka of the U.S. Federal Trade Commission, Conor Crowley of the Crowley Law Office, Patrick Burke of Reed Smith and Gilbert Keteltas of Baker Hostetler.
I have two objectives when I do privacy panels in the US. One is to try and explain why non-US jurisdictions dislike US eDiscovery so much – it is not just that European history and culture attach more significance to privacy than to openness, nor that many data transfers are in fact illegal, but that US discovery is just too damn broad, imposing expense which is wholly disproportionate to any objective sought by US court or regulator. My other objective is to suggest that a cool head, the early assimilation of information about the difficulties, and a willingness to be open with both opponents and with court or regulator can go a long way towards resolving the conflict between US demands and other jurisdictions restricts.
Those same principles are equally helpful in dealing with purely domestic US demands were primary subject. I put it to David Shonka that regulators were thought of as particularly intransigent – where civil proceedings required parties to “meet and confer” the regulators are seen to be saying “shut up and listen”.
David Shonka fought back, as I expected him to (we have done these panels together before). He emphasised the duty to US consumers and businesses – as well as the government – to flush out harmful practices. In a telling comment, he observed that companies somehow manage to avoid raising privacy issues when they are seeking consent to a merger or acquisition. David Shonka also emphasised the point made above about openness – even regulators, he suggested, are open to approaches which were frank about the difficulties and about the burdens, and offered constructive suggestions for compromise between regulators’ demands and the restrictions of privacy.
I have done enough panels with Patrick Burke and Conor Crowley to know what to expect – concise explanations as to what the problem was, with practical suggestions for mitigating the effect. Gil Keteltas brought in points about possession, custody and control and about the cloud. As you can see from the photograph to the right, I was sceptical verging on disapproving of some the US aspirations to rummage through our electronic drawers – but that is the role expected of me at these US privacy panels. It is interesting, seven years after Patrick Burke and I first started talking about this subject to US audiences, to find US citizens hoist with their own petard as their own security services rummage through their drawers.
Judicial Keynote: US Magistrate Judge John Facciola
US Magistrate Judge John Facciola covered a wide range of topics with his usual mixture of gravitas and good humour in a way which defies narrative description. The main theme running through his talk was of skills – of lawyers having the ability to work in the world as it really is and as it will become. The best way to do it justice is to set out some of the individual points which Judge Facciola mentioned, without aspiring to the thematic coherence which he brought to it all as he spoke.
- Judge Facciola talked of watching his grandchildren playing computer games without a manual – “an intuitive relationship between child and machine”. Lawyers need to move from fear of the machine to that kind of relationship.
- Work traditionally done by lawyers is now being done by others. General counsel now often call the eDiscovery providers first. How does that align with the ethical duties of lawyers?
- Many lawyers get debarred for failure to supervise others. A lawyer must certify that to the best of his knowledge, and after suitable investigation, discovery is complete. Judge Facciola had recently seen software which asked lay users for information and then reached a conclusion as to their entitlements; if a machine is drawing conclusions, then is it engaged in the unauthorised practice of law?
- But in 2014, what is the practice of law? The vast majority of lawyers do not need the traditional skills of lawyers. Numerous cases are mediated or arbitrated in a way which does not depend on those traditional skills. Yet law schools give the same training as they did 45 years ago.
- We need courses for people who don’t want to be lawyers but who need to know some law – law and engineering, law and business, law and information governance, law and information security – and pure bar credentials will become less relevant.
- In particular, a lawyer must be familiar with technology and with generally accepted standards. He or she must know enough about security, especially in the light of the NSA revelations.
- The new lawyer will have to be able to say whether the systems are good enough for the purpose. We may need a new standard for malpractice. Lawyers cannot say that they are complying with the rules if they are not aware of cheaper ways of doing the work.
- If we hold to the highest standards, then who can comply with them? It is not given to all of us to be Jason Baron or Maura Grossman.
- There are still a lot of people to whom “this stuff” [the technology] is a mystery. The fact that they keep going at all is “a sign that the market is not working”.
- No one has the money and time to find everything. Can we find enough? Talking specifically of regulators, some agencies seem unable to accept the proposition that it is not getting getting everything it requests. But why would an agency spend time acquiring stuff for which it has no need in order in order to do its job? Is it legitimate for an opponent to say “We responsibly used some good technology and we have suitable experts”
This was an extremely good event, not least because of the ratio between quality input and time – cramming all that into a single morning was an very efficient use of time.
All credit to UBIC, and in particular to Sasha Hefler, for putting this event together. I look forward to the next one.