We’ve had a great response to an Above the Law op-ed here that outlined the kinds of skills lawyers will need as artificial intelligence increases its foothold in law firms.

The piece makes clear that without the right kinds of skills, many of the benefits of AI will be lost on law firms because you still need an engaged human brain to ask the computer the right questions and to analyze the results.

But too much passivity in the use of AI is not only inefficient. It also carries the risk of ethical violations. Once you deploy anything in the aid of a client, New York legal ethics guru Roy Simon says you need to ask,

“Has your firm designated a person (whether lawyer or nonlawyer) to vet, test or evaluate the AI products (and technology products generally) before using them to serve clients?”

We’ve written before about ABA Model Rule 5.3 that requires lawyers to supervise the investigators they hire (and “supervise” means more than saying “don’t break any rules” and then waiting for the results to roll in). See The Weinstein Saga: Now Featuring Lying Investigators, Duplicitous Journalists, Sloppy Lawyers.

But Rule 5.3 also pertains to supervising your IT department. It’s not enough to have some sales person convince you to buy new software (AI gets called software once we start using it). The lawyer or the firm paying for it should do more than rely on claims by the vendor.

Simon told a recent conference that you don’t have to understand the code or algorithms behind the product (just as you don’t have to know every feature of Word or Excel), but you do need to know what the limits of the product are and what can go wrong (especially how to protect confidential information).

In addition to leaking information it shouldn’t, what kinds of things are there to learn about how a program works that could have an impact on the quality of the work you do with it?

  • AI can be biased: Software works based on the assumptions of those who program it. You can never get a read in advance of what a program’s biases may do to output until you use the program. Far more advanced than the old saying “garbage in-garbage out,” but a related concept: there are thousands of decisions a computer needs to make based on definitions a person inserts either before the thing comes out of the box or during the machine-learning process where people refine results with new, corrective inputs.
  • Competing AI programs can do some things better than others. Which programs are best for Task X and which for Task Y? No salesperson will give you the complete answer. You learn by trying.
  • Control group testing can be very valuable. Ask someone at your firm to do a search for which you know the results and see how easy it is for them to come up with the results you know you should see. If the results they come up with are wrong, you may have a problem with the person, with the program, or both.

The person who should not be leading this portion the training is the sales representative of the software vendor. Someone competent at the law firm needs to do it, and if they are not a lawyer then a lawyer needs to be up on what’s happening.

[For more on our thoughts on AI, see the draft of my paper for the Savannah Law Review, Legal Jobs in the Age of Artificial Intelligence: Moving from Today’s Limited Universe of Data Toward the Great Beyond, available here: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3085263].

 

Anyone following artificial intelligence in law knows that its first great cost saving has been in the area of document discovery. Machines can sort through duplicates so that associates don’t have to read the same document seven times, and they can string together thousands of emails to put together a quick-to-read series of a dozen email chains. More sophisticated programs evolve their ability with the help of human input.

Law firms are already saving their clients millions in adopting the technology. It’s bad news for the lawyers who used to earn their livings doing extremely boring document review, but good for everyone else. As in the grocery, book, taxi and hotel businesses, the march of technology is inevitable.

Other advances in law have come with search engines such as Lexmachina, which searches through a small number of databases to predict the outcome of patent cases. Other AI products that have scanned all U.S. Supreme Court decisions do a better job than people in predicting how the court will decide a particular case, based on briefs submitted in a live matter and the judges deciding the case.

When we think about our work gathering facts, we know that most searching is done not in a closed, limited environment. We don’t look through a “mere” four million documents as in a complex discovery or the trivial (for a computer) collection of U.S. Supreme Court cases. Our work is done when the entire world is the possible location of the search.

A person who seldom leaves New York may have a Nevada company with assets in Texas, Bermuda or Russia.

Until all court records in the U.S. are scanned and subject to optical character recognition, artificial intelligence won’t be able to do our job for us in looking over litigation that pertains to a person we are examining.

That day will surely come for U.S records, and may be here in 10 years, but it is not here yet. For the rest of the world, the wait will be longer.

Make no mistake: computers are essential to our business. Still, one set of databases including Westlaw and Lexis Nexis that we often use to begin a case are not as easy to use as Lexmachina or other closed systems, because they rely on abstracts of documents as opposed to the documents themselves.

They are frequently wrong about individual information, mix up different individuals with the same name, and often have outdated material. My profile on one of them, for instance, includes my company but a home phone number I haven’t used in eight years. My current home number is absent. Other databases get my phone number right, but not my company.

Wouldn’t it be nice to have a “Kayak” type system that could compare a person’s profile on five or six paid databases, and then sort out the gold from the garbage?

It would, but it might not happen so soon, and not just because of the open-universe problem.

Even assuming these databases could look to all documents, two other problems arise:

  1. They are on incompatible platforms. Integrating them would be a programming problem.
  2. More importantly, they are paid products, whereas Kayak searches free travel and airline sites. In addition, they require licenses to use, and the amount of data you can get is regulated by one of several permissible uses the user must enter to gain access to the data. A system integration of the sites would mean the integrator would have to vet the user for each system and process payment if it’s a pay-per-use platform.

These are hardly insurmountable problems, but they do help illustrate why, with AI marching relentlessly toward the law firm, certain areas of practice will succumb to more automation faster than others.

What will be insurmountable for AI is this: you cannot ask computers to examine what is not written down, and much of the most interesting information about people resides not on paper but in their minds and the minds of those who know them.

The next installment of this series on AI will consider how AI could still work to help us toward the right people to interview.

There is a huge branch of the “fake news” business that gets no attention at all: the fake news consumed each day by corporate America that has nothing to do with politics, but everything to do with business – the bulk of the $18 trillion U.S. economy.Fake news investigation

We’ve been sorting through this kind of thing for years — It’s often why our clients hire us. I’ve also been talking on the subject recently in a speech called Fighting Fake News (see an excerpt here).

The everyday expression for figuring out what’s fake and what isn’t is: Due diligence. Good businesses are good at it, bad ones aren’t.

Six months ago, the term “fake news” meant false political information that the originator or spreader of the “news” knew was false. It’s hardly a new phenomenon, as the Wall Street Journal helpfully pointed out this week with Vladimir Putin’s Political Meddling Revives Old KGB Tactics.

By now, the term has been expanded to mean anything that’s partly or wholly untrue in the eye of the beholder, whether or not it was intentionally misstated.

What is corporate fake news? The massive amount of company, financial and personal information reported but never checked. Plenty of what’s put out is accurate, but a lot isn’t. Ask any public relations professional you know who will give you a frank appraisal of his business. If you issue a news release that’s well written, with nice quotes from your client, what happens to it?

In many cases, it will be printed word for word as a news story. There will be a news byline over it, but the body of the release will be all but unchanged. The “story” will be on dozens of television news department websites, in local newspapers, and then reproduced again based on that “reporting.”

Do “quality journalists” do this? Not that way.

Off the Beaten Track

But consider a company that is not sexy and attractive to Wall Street bankers or a lot of investors – perhaps a mid-sized printing company in Ohio or a private auto-parts manufacturer in Indiana. If that company issues a dull news release, the New York Times or the Chicago Tribune will almost certainly devote zero hours to verifying what’s in that news release. They may not report on the company at all.

If the company is public, you may get a couple of lines with earnings, usually in the context of “beating” or “missing” what analysts had predicted the earnings would be. Good luck relying on that. You would need to ask, are those the analysts who missed the dot-com bubble, the housing crisis, last year’s plunge in oil prices?

What are you to do then, when you are considering hiring someone who worked at one of these thinly covered companies? Or if you may want to enter into a long-term contract with one of them, or perhaps acquire one? Of what use will the “news” about the company be when you start looking?

There is another dimension to the problem aside from what the company says about itself. Company valuation is always relative to the health of its competitors, and they too have not only the same interest in promoting themselves, but also in reflecting negative news on their competitors.

If there is good news about fake news in politics today, it’s that people have heard a lot about made-up “news” sites, and reputable news outlets have devoted resources to reporting on them. Whatever your political viewpoint, there are plenty of places to go that will scrutinize the other side’s speeches and writings.

But where do you go if you need to scrutinize a thinly-traded or private company in refrigerated freight? Printing? A company that imports socks from Italy or manganese from Africa?

If you care enough, if the issue is valuable to you, you do your own research. Just as in the political realm, you read widely from a variety of sources and make your own decision.

Gray Matter

The problem with any kind of fake news detection comes when what is said is partially true. Neither black nor white, but gray. Evaluating gray takes the kind of gray matter a computer does not offer.

In politics, we see this all the time. President Obama’s promise “If you like your doctor, you can keep your doctor” has been given evolving degrees of truthfulness ratings since the time he said it. Many people have been able to keep their doctors; many have not (absent paying several times what they used to pay).

In business, things are almost always a shade of gray. During due diligence, an interview with a person who has posted an enthusiastic recommendation of a person on LinkedIn can reveal notes of hesitancy or qualification. You can ask questions that relate to matters not covered in the recommendation.

If a company has posted wonderful earnings, in depth analysis of the figures can show you that “wonderful” can mean “better than expected, but not sustainable because the company keeps selling assets to make its numbers.” Interviews can tell you it’s a lousy place to work, which could mean something if it’s a service business and may reflect poorly on the CEO and board.

As we tell our clients all the time, if you are about to hand the keys to a $30 million business to someone, doesn’t it make sense to make a few calls about that person to people not listed as references, and to see if there are jobs not listed on the person’s resume you’re holding?

In the world of due diligence, the most damaging fake news can come from omission — the information that is never written. Our challenge is to find it.

 

Want to know more?

  • Visit charlesgriffinllc.com and see our two blogs, The Ethical Investigator and the Divorce Asset Hunter;
  • Look at my book, The Art of Fact Investigation (available in free preview for Kindle at Amazon);
  • Watch me speak about Helping Lawyers with Fact Finding, here.

A story in the Wall Street Journal Google Uses Its Search Engine to Hawk Its Products serves as a useful reminder for something we tell clients all the time: Google is there to make money, and if your ideal search result won’t make them money, you may get a less-than-useful result.

Dollar sign filled with an electronic circuit. Blue background.

Google is an indispensable tool when searching for facts, but Google is not a disinterested party, like a good reference librarian. Google is in business to make money.

The story reports that Google buys some of its own ads, so when you search for a particular thing that Google’s parent company Alphabet sells, guess what? Alphabet’s products have a way of turning out on the top of the list.

One of the first things ever written on this blog more than five years ago was an entry called Google is Not a Substitute for Thinking, and it was one of the most read entries we’ve ever posted.

Among the arguments advanced there as to why a Google search is hardly ever going to suffice in any factual inquiry, we argued that Google’s search results are stacked in favor of the ones that are paid for or that Google judges to be commercially advantageous. A Google entry about a dry cleaner in Joplin, Missouri that has no website would not be very profitable for Google, but if that dry cleaner owes you $50,000, you would want him at the top of page one.

The best way to think about Google is to treat it as a meta-search engine. Imagine not that Google will be able to give you the final answer, but a clue as to where to find the final answer.

If your dry cleaner has no website, Google may point you to a site such as Yelp that rates a different dry cleaner in Joplin. Yelp may then have the dry cleaner you want, but that Yelp listing won’t necessarily come up on Google. Or, you may notice via Google that Joplin or the state of Missouri may require a permit to operate a dry cleaner. Google can help you find where to look up such a permit.

Remember, any dolt at the public library can use Google. It takes a person with the capacity to think creatively to use Google to its greatest potential.

Want to know more?

  • Visit charlesgriffinllc.com and see our two blogs, The Ethical Investigator and the Divorce Asset Hunter;
  • Look at my book, The Art of Fact Investigation (available in free preview for Kindle at Amazon);
  • Watch me speak about Helping Lawyers with Fact Finding, here.

It’s cloud illusions I recall

I really don’t know clouds at all

–Joni Mitchell

Today’s decision by the Second Circuit that Microsoft did not have to hand over data stored on its server in Ireland should remind us all that information isn’t just “out there.” As with printed information so it is sometimes with electronic data: physical location matters.

The court imposed a major limitation on the scope of a warrant issued under the Stored Communications Act. It reversed the Southern District of New York’s Chief Judge in quashing a warrant issued to Microsoft to turn over emails stored outside the United States. The full opinion is here.

This blog doesn’t usually get into the weeds when it comes to the Stored Communications Act, but we are intensely interested in how to find things and how to get them to the clients who need them.

The case reminds us that even though a lot more information than ever before is stored electronically, it still matters greatly where it is stored.  Crucially, electronic storage is not the same as accessibility via the internet.

Even in the U.S, most counties do not put all of their records on line. Those that purport to do so can have less than complete recordkeeping compared to the data that is searchable on site at the local courthouse.

Just the other day we read in the newspaper about an old case in Bergen County, New Jersey that would help our client. The case was nowhere to be found on line at the New Jersey courts website. When our retriever travelled to Bergen County, he was told that the case had been destroyed.

Were we out of luck? No. The same parties had gone at it in another New Jersey county, and had attached a copy of the Bergen County suit to the one in the other county. That other suit (also not on line but visible on the computers on site) had not been destroyed. We were then able to see what the Bergen suit was all about.

None of this was accomplished on the internet, which is just a series of boxes that sit in different rooms in different jurisdictions.

Which jurisdictions the boxes are in can make all the difference.

 

Want to know more?

  • Visit charlesgriffinllc.com and see our two blogs, The Ethical Investigator and the Divorce Asset Hunter;
  • Look at my book, The Art of Fact Investigation (available in free preview for Kindle at Amazon);
  • Watch me speak about Helping Lawyers with Fact Finding, here.

 

If you haven’t already, add digital assets to the list of things to look for in asset searches. In a world in which even modestly-trafficked internet domain names can change hands for tens of thousands of dollars, Delaware has become the first state to ensure families’ rights to access the digital assets of loved ones during incapacitation or after death.digital assets.jpg

The writeup is here.

We have long valued digital assets not only as stores of value, but as ways of finding out about people we investigate. These assets have value and people therefore have an interest in recording accurate information to make sure they retain ownership. Two of the most useful ways to track a person down via a digital record are:

1)      Domain name registration

2)      Email header information

Domain names in many cases can be tracked using a variety of registry databases, the most popular of which is Network Solutions’ Whois database, which you can see here. This doesn’t cover many domains with country suffixes outside the U.S., nor U.S. domains that end in .org, for instance. Still, it’s very useful.

One limitation is that domain-name holders can mask their ownership using proxies. But if they haven’t, owners often list home addresses, cell phone numbers and other internet addresses when they register a domain.

Email headers can be an accurate measure of where someone sent an email from. We recently figured out where a mysterious counterparty in a deal we were helping to negotiate was working, based on where his Yahoo! email account had sent a message from (his employer’s server). 

The key mistake many people make about an email header is that you have to look at the original email. If A sends an email to B and B forwards that email to investigator C, then C will not be able to look at the information surrounding the A to B transmission. Instead, B needs to copy the header information and send that copy to C in the body of an email.

Figuring out how to read email headers is not rocket science, but there’s often a way to take a shortcut. Header analyzers such as this one can work wonders.

A sophisticated friend of our firm was in the market for a luxury car and found one for sale via the Internet. His concern was aroused when the seller said she was handling the sale through a company called Escrow Atlantic, an international payments company.

GettyImages_130877362.jpg

Our friend asked us to look at this company, and the results make for a nice case study in the detection of possible fraud.

We started with the Escrow Atlantic website. It looks professional enough, but we always like to know who has registered an internet domain since that can provide a good clue as to who is behind the operation. Sometimes this is hidden information, but in this case it isn’t. It turns out that by going to Network Solutions’ Who Is registry here, we found that Escrow Atlantic’s site is registered to a man in Florida who has an Italian telephone number. His email address is a hotmail account with the name of a different individual.

None of this is tantamount of a scam, of course, but it’s a little unusual. Why not a company email address? Why an Italian phone number when, according to the company website, the company has no office in Italy?

We pressed on and tried to call Escrow Atlantic, but the toll-free number went to the voicemail of “Escrow Atlantic” (and not a particular person). The numbers for the Florida and Missouri offices went instantly to voicemail, and we were unable to connect with the London number.

A search for a business registration record at the Secretaries of State in Florida and Missouri turned up no record of a company called Escrow Atlantic. Nor was it registered under that name at Companies House in the United Kingdom, where you can do a free search here.

Finally, we emailed the Missouri office of Escrow Atlantic, and here we got quick responses, up to a point. Where is the company registered? We were referred to the website’s contact page with the office addresses and phone numbers. We asked again and were told that Escrow Atlantic is “Registered in the United Kingdom with offices in America and Australia.”

Unfortunately, when we responded that we could find no registration in the UK, the company went quiet on us. Of course, Escrow Atlantic could be a “DBA,” or doing business as – a business name different from the official company name – but it would be easy enough for the company to tell us that.

While we can’t say that Escrow Atlantic is not a reputable company, if it is it could do two things to boost our confidence:

  1. Get someone –  anyone – to answer the phone;
  2. Provide that most basic of information: the place of incorporation and the name of the company that was incorporated.

 

The news is out and it’s not good. In fact, it’s downright troubling.  It seems that every day, usually several times a day, there is more and more information available about the dangers of the Internet.  It’s enough to make a Luddite out of even the most devoted technophile.  Here’s a sampling of some of the latest updates on the lack of privacy on the Internet, and threats to personal and financial information:

  • Online Tracking is Worse Than We Thought: UC Berkeley Law School recently released its first ever Web Privacy Census, which was aimed at measuring how companies track visitors to their websites. The report confirmed that all the top 100 web sites use cookies to track users and visitors. If that’s not worrisome enough, the study also determined that the use of tracking software on users’ computers has doubled in the past year. This is about more than tracking users anonymously to provide targeted advertising—like when you scroll a website for a grill and then you check your email and suddenly see ads for some of the same grills you clicked on from the sites you just visited.  Apparently, companies are just as likely to collect and use personal information in ways that may subject consumers to price discrimination, lowered credit scores and limits, and even identity theft.
  • Social Networking Can Be Dangerous: The FBI recently issued a new warning on social networking.  The FBI pointed out that hackers are not only threatening governments—they are also targeting individual users via social networks, exposing the users and their workplaces, if they are online in the office, to great harm.  Hackers either exploit personal connections through social networks or write and manipulate computer code to gain access and/or install unwanted software on personal or company computers or phones. 
  • Tweets and Facebook Posts May be Used Against You: The courts continue to weigh in on whether social networking may be used against users who post information on their personal sites.  While the judiciary’s responses vary on a case-by-case basis, so far the trend seems to be that posts on Facebook or tweets may be used as grounds for dismissals from jobs, or even against defendants in criminal or civil cases.

Politicians are paying attention.  Senators and Representatives have introduced a plethora of competing bills and held or plan to hold a number of hearings to discuss how best to protect Internet users.  A good summary of the most recent efforts can be found on the Data Privacy Monitor blog run by the law firm Baker Hostetler.  Issues being addressed include protections to safeguard users’ privacy, requiring greater transparency from companies about how they troll for information from users and what they use that data for, and clearer terms of use that allow consumers to easily opt out of having their time online tracked.  In addition, the National Telecommunications & Information Administration (NTIA) has announced its first meeting to develop a code of conduct in order to uncover how companies that provide apps for mobile devices deal with personal information.

Keeping up with all the changes is daunting, but as we’ve said before, in our entries “The Myth of Online Privacy” and “Fight Hackers With Encryption,” there are simple steps you can take to protect yourself.  This article, “How to Keep Your Facebook Profile Private Yet Usable,” written by Dave Copeland details the best ways to protect yourself on Facebook, short of not signing up in the first place. Numerous software programs exist to block tracking data from being stored on your computers.  Creating a clear Internet use policy for your company and making sure your employees understand what is expected of them is also a good plan.

And, as always, doing the bare minimum is crucial: encrypting emails, only using secure Wi-Fi connections and avoiding some of the most common tricks used to activate malware that can log keystrokes or record phone calls.

None of these measures will provide complete protection, but they are good places to start to ensure that you and your company are being proactive about guarding against some of the dangers that lurk online. 

GettyImages_125109629.jpgCardozo Law School recently hosted a multi-disciplinary conference on privacy and the Internet, “Anonymity and Identity in the Information Age.”  Lawyers, computer scientists and public health advocates wrestled with the challenges of protecting personal information at a time when so much data is easily obtainable online.  There were various tips and suggestions beyond merely mastering privacy settings on social media sites and avoiding public Wi-Fi hot spots when doing any online banking—although these are easy and important first steps.       

Recently there have also been a number of good articles inspired by the public acknowledgement that major Internet companies like Google have been less than forthright about their use and abuse of private information, as confirmed by the FCC’s decision to fine Google for its collection of private data during its Street View program.  The best ones, like “How to Muddy Your Tracks on the Internet” by Kate Murphy in the New York Times, are easy how-to guides for savvy Internet users interested in gaining control over their information.  Devoid of jargon, Murphy clearly details easy steps to take in the defense against online snooping. 

But however empowering it may feel to think we’ve finally mastered the privacy settings of the technologies we use every day, the truth of the matter is that despite all our best efforts, information can and will be leaked.  As computer science Professor Steven Bellovin of Columbia University explained at the Cardozo conference, you can protect your email correspondence from being cross-referenced with your browsing history if you avoid Google or Yahoo email accounts and instead set up your own mail server.  But your messages are still fair game to Google if you email someone with a Gmail account.  Or you can activate your browser’s privacy mode to help wipe clean your browsing history.  But this change will stop short of concealing your computer’s I.P. address, the unique identifier that distinguishes it from all other computers.  And as Murphy points out, deciding to take that extra step and mask your I.P. address means incurring additional costs and possibly severely compromising your Internet speed.

Or you may assume that because you’ve never posted your address or physical whereabouts on Facebook or Twitter that you’ve managed to conceal where you actually live.  But the minute you post a picture, the image’s metadata may pinpoint the coordinates of where you took the shot.  So if you snapped that picture of your new puppy at home, you might be giving out your exact location when you upload it to Facebook. 

And then of course there’s the likelihood that information will be leaked by plain old human error, yours or someone else’s. There are always cautionary tales about someone inadvertently sending an email “Reply All” when it clearly shouldn’t have been.  At the Cardozo conference one computer privacy expert sheepishly admitted to making this rookie mistake himself—a confession that inspired chuckles of recognition from far less computer-literate audience members. 

And the actions of others, even if they were acting innocently, may expose your personal information as well.  For instance, one of our clients asked us to track down the settlor of a trust whose whereabouts had long since been a mystery.  But his family was all over Facebook, constantly updating their information with details about their home life and travels.  Eventually, we were able to locate him through them. 

Or take for example the recent news story of the Italian mobster finally arrested after being on the run for nine years.  He didn’t make a mistake, but his girlfriend did.  Police had been monitoring the mobster’s pregnant girlfriend’s social media sites for information about his whereabouts.  They hit the jackpot when the girlfriend decided to use Facebook to share photographs of her growing belly with friends and family.  In one of the photographs she posed in front of a sign for a beach in the Costa del Sol town of Marbella.  Then she uploaded another shot of her outside a well-known Italian restaurant in Marbella.  Soon after she sent the mobster an email predicting that she was going to go into labor sometime soon—an email that, unbeknownst to her, the police were monitoring.  Sure enough, the police apprehended the mobster when he arrived in Marbella shortly thereafter. 

So, despite the feelings of invincibility and invisibility that the Internet seems to inspire, the truth of the matter is that complete privacy or anonymity online are impossible.