As we sat on the 32nd floor of Broadgate Tower for the Masters Conference last week, a series of people came past the window. Was there a metaphor here, I wondered, for lawyers’ adoption of technology? These people were brave; many of them were plainly nervous; they relied entirely on technology which they neither understood nor controlled; it was a hell of a long way to the bottom; the risks of failure were high. Yet on they went. Fortune favours the brave. The main difference, I decided, was that the abseilers had volunteered – they had a choice whether to take part or not. I don’t think the lawyers do.
The Masters Conference was set up in the US by Robert Childress many years ago, and I took part in several Washington events. More recently, Robert has brought it to London with an approach which is rather different to others, and very appealing. This year, like last year, the hosts were Reed Smith, a firm with better credentials than most for their use of technology and, in particular, for their aspirations to be at the front of developments.
Although the Masters Conference is structured like most such events, with pre-chosen panel members talking on advertised topics, it has more flexibility than most, not least in its ability to co-opt people at the last minute to talk about the things they know about. I am not against the preparation which goes into most events – far from it – but I also relish the spontaneity which comes from calling in at the last minute someone who happens to be around with expertise in the subject.
I missed the morning, but arrived in time to hear David Cohen of Reed Smith give an informative talk on US politics and how it affected privacy and cross-border discovery. In our urgent focus on day-to-day practical things, it is sometimes useful to stand back and understand the context in which legislation and current affairs affect business decision-making.
Next was a panel whose subject was Social media, multimedia and other things you may have overlooked. The title was borrowed from the talk I gave last year, in which I stressed the need to understand what data was being created minute by minute which, whether or not actually needed for discovery purposes, should be considered by those creating it, by those who may be found responsible for it, and by those required to filter it in search of evidence. The panel this year broadened that topic to take in non-discovery matters, both as they affected organisations and as they might affect – and adversely affect – individuals.
The panel consisted of Bob Lewis, who has spent his life in cyber forensics, cyber assurance and monitoring, Amy Taal, with wide experience both in hands-on investigations and policy development, and Jonathan Maas who has spent more years than most in the shifting sands of eDiscovery. The moderator was Donald Macfarlane of Hanzo.
Most of us know, at a theoretical level at least, that everything we create can be tracked. This panel took the subject beyond eDiscovery and into the monitoring of employees and others, both at engagement and during an investigation, and at the range of information available to malicious outsiders. There is more to this than the theft of data or phishing – an outsider armed with readily-available tools can very quickly identify who an organisation (and its staff) interacts with, and then follow the trail beyond the first connection into others. You may know that your supplier depends on sub-contractors; they may in turn depend on others whose identity is unknown to you. Who has your data? Your clients’ data? Where do you stand as data controller? Is this information potentially damaging in the hands of a third party?
At a personal level, a combination of technology tools and old-fashioned detective work can expose the lives of anyone who engages in social media at any level – including appearances in posts published by other people without your knowledge or control.
How should companies react to what they find? Not everything involves criminal proceedings or a disciplinary action, but you may get a quiet word as to the possible career impact of the casual weekend drug use which you incautiously mentioned on Facebook – or which someone else published. Even as we were listening to this, Elon Musk was finding that it can affect your company’s share price as well as your own career.
Two points were made from the floor. Mark Williamson of Hanzo cautioned against a heavy disciplinary approach to what is by now normal life. Organisations might do better to educate and advise rather than come down with a heavy hand on those who have incautiously betrayed themselves or been betrayed by others on social media. I added the thought that heavy control and enforcement may have the paradoxical effect of driving people further away from identifiable and traceable resources – stamp on Twitter and Facebook and they will move to WhatsApp or to other less traceable conduits or, in extremis, to conversations in open spaces.
The overall lesson, whether for discovery purposes, for corporate policy control, or for individuals, is to be aware of the risks inherent in social media use and to strike a balance based on an informed understanding of both risks and advantages.
The main reason I was there was because Robert Childress had asked me to moderate a couple of panels on behalf of the Masters Conference. The first was about the rise of technology in law firms and the perceived threat to the career prospects of lawyers. It was called Increased efficiency while overcoming disruptors to your career by embracing cutting-edge technology. The future lawyer is now part automation and part expertise. The panel members were Alex Smith of Reed Smith, Tripp Hemphill of DISCO and Mark Williamson of Hanzo.
I opened by taking us back to the machine-breakers of the 18th century, and the so-called Luddite Fallacy, and took us via Professor Richard Susskind’s prophecies dating back 25 years or more about the distribution of “legal” functions, to the New York Times article of 2011 predicting the replacement of expensive lawyers by cheaper software. The purpose of this tour (on which I will expand in a separate article) was merely to show that these perceived threats to employment are not new.
That does not, however, mean that we can ignore them. All three panellists debunked the idea that lawyers should be panicking in the streets, whether in the US or the UK. Technology, and especially the newer developments in artificial intelligence, can accelerate the path through many tasks hitherto thought of as legal, but humans, and humans with an array of new skills, including legal skills, are needed both to identify the problem to be solved, to apply the technology to the task, and to interpret the results. I wrote last week about the new positions being advertised at Freshfields, and Alex Smith made it clear that Reed Smith was similarly engaged in the constant improvement of its processes to the benefit of the clients, the firm and the individual lawyers. There is little black letter law involved in delivering efficiently the services which modern businesses need.
The closing panel was called How the GDPR impacts working with litigation support service providers and vendors. The speakers were David Cohen of Reed Smith, Tripp Hemphill of DISCO and Don Macfarlane of Hanzo. All agreed that the GDPR, and the wider privacy context of which it is a major part, had affected the relationship between clients, lawyers and providers. While there were still plenty of clients who seemed unaware of the implications, and plenty of providers in a similar position, most clients now will not instruct lawyers or providers who cannot give them reassurance, specifically reassurance that their data will be looked after in compliance with the terms of the GDPR. It is therefore a subject which must be addressed in client engagement agreements at two levels – with the mechanics of handling data, and with the places where the data is posted. This is always had implications beyond privacy, not least in connection with different rules of privilege in different jurisdictions.
This was a good event, focused on practical issues. Perhaps the connection between our subjects and the abseilers is that we are getting a better-grounded approach to subjects which have caused near-panic in the last couple of years – though one or two looked as terrified as a CISO discovering a breach. The abseilers had covered 3/35s of their descent by the time they reached us, which probably matches the GDPR readiness of many organisations.
Reed Smith are good hosts, quite apart from the bonus of the stunning views from Broadgate Tower, including the Old Royal Naval College at Greenwich shown below. Come and join us next year.