Have you ever noticed that artificial intelligence always seems much more frightening when people write about what it will become, but then how it can seem like imperfect, bumbling software when writing about AI in the present tense?

You get one of each in this morning’s Wall Street Journal. The paper paints a horrific picture of what the ruthless secret police of the world’s dictatorships will be able to do with AI in The Autocrat’s New Tool Kit, including facial recognition to track behavior more efficiently and to target specific groups with propaganda.

But then see Social-media companies have struggled to block violent content about this week’s terrorist attack on two mosques in New Zealand. With all of their computing power and some of the world’s smartest programmers and mathematicians, Facebook and YouTube allowed the killings to be streamed live on the internet. It took an old-fashioned phone call from the New Zealand police to tell them to take the live evildoing down. Just as the New York Times or CNBC would never put such a thing on their websites, neither should Facebook or YouTube.

Wouldn’t you think that technology that could precisely target where to send the most effective propaganda could distinguish between an extremely violent film and extremely violent reality? I would. After all, it’s like nothing for these sites to have indexed the code of all the movie clips already uploaded onto their systems. If facial recognition works on a billion Chinese people, why not on the thousands of known film actors floating up there on the YouTube cloud? If it’s not a film you already know and there are lots of gunshots, the video should be flagged for review.

Why is this so hard? For one thing, the computing power the companies need doesn’t exist yet. “The sheer volume of material posted by [YouTube’s] billions of users, along with the difficulty in evaluating which videos cross the line, has created a minefield for the companies,” the Journal said.

It’s that minefield that disturbs me. A minefield dotted with difficulties about whether or not to show mass murder in real time? What would be the harm of having a person look at any video that features mass killing before it’s cleared to air? If the computers can’t figure out what to do with such material, let a person look at it.

What is so frightening about AI is not the computing power and the uses the world can find for it, but the abdication of self-control and ethical considerations of the people using the AI.

I want the police in my country to have guns and to use them on criminals who are about to kill innocent people. I don’t want police states shooting peaceful demonstrators. I’m happy to have police in the U.S. use facial recognition if it will help stop a person from blowing up the stadium where the Super Bowl is being held. I would not want cameras on every intersection automatically tracking my every movement.

Guns are neither smart nor stupid. They are artificial power that increases the harm an unarmed person can affect. Guns are essential in maintaining freedom but can suppress freedom too.

Same for AI. There are lots of wonderful applications for it. Every bit of software in use today was called AI before it began to be used, when we then called it software.

What sets off the good AI from the bad is the way people use it. Streaming on YouTube can be a wonderful thing. But just as we need political accountability to make sure the guns our armies and police have aren’t abused, we need the people at YouTube to control their technology in a responsible way.

The AI at Facebook and YouTube isn’t dumb: Dumb are the people who trusted too readily that the tool could decide for itself what the right call would be when the horrors from Christchurch began to be uploaded.

Anyone following artificial intelligence in law knows that its first great cost saving has been in the area of document discovery. Machines can sort through duplicates so that associates don’t have to read the same document seven times, and they can string together thousands of emails to put together a quick-to-read series of a dozen email chains. More sophisticated programs evolve their ability with the help of human input.

Law firms are already saving their clients millions in adopting the technology. It’s bad news for the lawyers who used to earn their livings doing extremely boring document review, but good for everyone else. As in the grocery, book, taxi and hotel businesses, the march of technology is inevitable.

Other advances in law have come with search engines such as Lexmachina, which searches through a small number of databases to predict the outcome of patent cases. Other AI products that have scanned all U.S. Supreme Court decisions do a better job than people in predicting how the court will decide a particular case, based on briefs submitted in a live matter and the judges deciding the case.

When we think about our work gathering facts, we know that most searching is done not in a closed, limited environment. We don’t look through a “mere” four million documents as in a complex discovery or the trivial (for a computer) collection of U.S. Supreme Court cases. Our work is done when the entire world is the possible location of the search.

A person who seldom leaves New York may have a Nevada company with assets in Texas, Bermuda or Russia.

Until all court records in the U.S. are scanned and subject to optical character recognition, artificial intelligence won’t be able to do our job for us in looking over litigation that pertains to a person we are examining.

That day will surely come for U.S records, and may be here in 10 years, but it is not here yet. For the rest of the world, the wait will be longer.

Make no mistake: computers are essential to our business. Still, one set of databases including Westlaw and Lexis Nexis that we often use to begin a case are not as easy to use as Lexmachina or other closed systems, because they rely on abstracts of documents as opposed to the documents themselves.

They are frequently wrong about individual information, mix up different individuals with the same name, and often have outdated material. My profile on one of them, for instance, includes my company but a home phone number I haven’t used in eight years. My current home number is absent. Other databases get my phone number right, but not my company.

Wouldn’t it be nice to have a “Kayak” type system that could compare a person’s profile on five or six paid databases, and then sort out the gold from the garbage?

It would, but it might not happen so soon, and not just because of the open-universe problem.

Even assuming these databases could look to all documents, two other problems arise:

  1. They are on incompatible platforms. Integrating them would be a programming problem.
  2. More importantly, they are paid products, whereas Kayak searches free travel and airline sites. In addition, they require licenses to use, and the amount of data you can get is regulated by one of several permissible uses the user must enter to gain access to the data. A system integration of the sites would mean the integrator would have to vet the user for each system and process payment if it’s a pay-per-use platform.

These are hardly insurmountable problems, but they do help illustrate why, with AI marching relentlessly toward the law firm, certain areas of practice will succumb to more automation faster than others.

What will be insurmountable for AI is this: you cannot ask computers to examine what is not written down, and much of the most interesting information about people resides not on paper but in their minds and the minds of those who know them.

The next installment of this series on AI will consider how AI could still work to help us toward the right people to interview.

Lawyers need to find witnesses. They look for assets to see if it’s worth suing or if they can collect after they win. They want to profile opponents for weaknesses based on past litigation or business dealings.

Every legal matter turns on facts. Most cases don’t go to trial, fewer still go to appeal, but all need good facts. Without decent facts, they face dismissal or don’t even get to the complaint stage.Better innovation in law firms

Do law schools teach any of these skills? Ninety-nine percent do not.  Good fact-finding requires something not taught at a lot of law schools: innovation and creativity. Of course, good judges can maneuver the law through creative decisions, and good lawyers are rightly praised for creative ways to interpret a regulation or to structure a deal.

But when it comes to fact gathering, the idea for most lawyers seems to be that you can assign uncreative, non-innovative people to plug data into Google, Westlaw or Lexis, and out will come the data you need.

This is incorrect, as anyone with a complex matter who has tried just Googling and Westlaw research will tell you.

The innovative, creative fact finder follows these three rules:

  1. Free Yourself from Database Dependency. If there were a secret trove of legally obtained information, you would be able to buy it because this is America, where good products get packaged and sold if there is sufficient demand for them. And Google won’t do it all. Most documents in the U.S. are not on line, so Google won’t help you. For any given person, there could be documents sitting in one of the more than 3,000 counties in this country, in paper form.
  • If you use a database, do you know how to verify the output? Is your John C. Wong the same John C. Wong who got sued in Los Angeles? How will you tell the difference? You need a battle plan. Can your researcher arrange to have someone go into a courthouse 2,000 miles away from your office?
  • How will you cope with conflicting results when one source says John C. Wong set up three Delaware LLC’s last year, and another says he set up two in Delaware and two in New York?
  1. Fight Confirmation Bias. Ask, “What am I not seeing?” Computers are terrible at the kind of thought that comes naturally to people. No risk management program said about Bernard Madoff, “His auditor can’t be up to the task because his office is in a strip mall in the suburbs.”
  • For your researchers, find people who can put themselves in the shoes of those they are investigating. Not everyone can say, “This report must be wrong. If I were in the high-end jewelry business, I wouldn’t run it out of a tiny ranch house in Idaho. Either this is a small business or Idaho’s not the real HQ.” If someone doesn’t notice a discrepancy as glaring as this, they are the wrong person to be doing an investigation that requires open-mindedness.
  1. Don’t paint by numbers. Begin an investigation on a clean sheet of paper. Don’t base your investigation on what someone’s resume says he did. Verify the whole thing.
  • Look not just at what’s on the resume, but look for what was left off Jobs that didn’t go well, and people who don’t like the person.
  • Despite that your client tells you, they don’t know everything (if they did they wouldn’t hire you). If your client thinks you will never find a subject’s assets outside of Texas, look outside of Texas anyway. You owe it to your client.

Want to know more?

  • Visit charlesgriffinllc.com and see our two blogs, The Ethical Investigator and the Divorce Asset Hunter;
  • Look at my book, The Art of Fact Investigation (available in free preview for Kindle at Amazon);
  • Watch me speak about Helping Lawyers with Fact Finding, here.

Well, another day, another email hacking story. This one involves the Bush clan, with reports that a hacker who goes by the name Guccifer accessed private emails and photographs, telephone numbers and addresses sent between members of the Bush family, including both former presidents. Among the data released are catty emails about Bill Clinton, photographs of the ailing senior Bush in the hospital, and a security code to one of the Bush homes. The Secret Service is investigating the matter.

We know that despite stories such as these, many of our clients and colleagues are unwilling to take more sophisticated measures to ensure secure email communications, some of which are detailed in our article on the General Petraeus scandal, “Lessons Learned.” For example, they are still unwilling to encrypt their messages (see our entry “Why You Should Encrypt Your Data Now” for a primer on encryption). And they fear that a service like 10 Minute Mail, which sets a self-destruct timer for messages and email addresses 10 minutes after a message is opened, is too extreme and potentially impractical.  Some even refuse to get off of Gmail, even though Google admits that it scans email content for marketing purposes. A point Microsoft is happy to exploit in a new campaign to get people to switch over to Outlook.

Short of deleting your Gmail account, what is the bare minimum you can do to make your Gmail communications more secure? A few simple adjustments would provide some peace of mind:

  • Google offers the option of two-step verification to sign in, which is a lot more secure than just using a password.  First you enter your password, which hopefully is hard to hack, and then you receive a code either via text, voice call or Google mobile app that needs to be entered as well. Google offers the option to have this two-step process every time you log in, which we think is best, or at least whenever you use a different computer. That way if someone is trying to access your email from another computer, you’ll receive a request for a code that will notify you that someone is attempting to infiltrate your account.  You can activate this feature via Accounts and then Security.
  • Google provides a list of your Last Account Activity to track where and when your account was most recently accessed. The list details what IP addresses most recently tried to log into your account. Click here and here for lessons on how to determine your IP address. And remember that your smartphone may also access your account, so you need to determine what its IP address is too. You can access the link to this data below your list of messages.

GettyImages_95615657.jpgUnbeknownst to most cell phone users, just turning your cell phone on reveals your location. That’s because once turned on, your cell phone constantly “pings” (bounces a signal off of) nearby cell phone network towers. This data is collected by the cell phone company and can be traced to reveal your location.

Short of turning your cell phone off and maybe even pulling out its battery, there’s nothing you can do about this: This is just basic cell phone technology at work. Technology that can determine your physical whereabouts for as long as your cell phone is turned on, which for most of us means 24 hours a day.

So you were late to work this morning because you were at a job interview with your company’s competitor? This data can prove that. You went to visit your doctor about that nasty infection you’ve been fighting? It can confirm that. You stopped by your girlfriend’s house before picking your wife up for dinner? That too

Investigators know that your cell phone location records are a treasure trove of personal information.  That’s why many of them promise clients that they can ping cell phones, or offer to install spyware on a phone that can track its location, or remotely access a cell phone via Bluetooth technology. Having this information may undoubtedly help confirm that a spouse is being unfaithful, or that a once loyal employee is violating confidentiality agreements and sharing proprietary information with a competitor.

But that doesn’t mean it’s legal.

Investigators offering location based services often fail to mention that cell phone tracking by anyone other than the cell phone owner and law enforcement is illegal. As a general rule, unless the cell phone is registered in your name, pinging it yourself, asking the cell phone company to do it, or hiring a third-party service to do it on your behalf may violate privacy laws

Even within law enforcement, cell phone tracking is under the microscope: To date, the U.S. Courts of Appeals for the Third, Fifth and Sixth Circuits have considered whether warrantless cell phone location tracking by the government violates the Fourth Amendment, with varied results.  The Third Circuit ruled in 2010 that judges can demand a showing of probable cause when the government seeks cell phone tracking location data. The Sixth Circuit decided this summer that warrantless cell phone tracking by law enforcement does not constitute a search, therefore no warrant is necessary.  The oral arguments for the Fifth Circuit decision were held in October. Meanwhile, Congress is also weighing in on the matter.

If the cops aren’t allowed to track cell phone locations without a warrant, odds are the investigator who promises he can is crossing a line.

Some investigators also offer to obtain this data by using pretexting to trick a phone user into sharing their address or location. This is also a no-no. For instance, some investigators will contact cell phone users via text message or voice call, telling them that they are the winner of a contest, and asking that they text or call back or share their address or location in order to claim their prize.  This information is then used to determine the cell phone’s location data. But remember, attorneys and their agents are bound by several ethics rules that frown upon pretexting, so this little trick could also cause a pretty big mess.

GettyImages_sb10065861d-001.jpgAttorneys know that one of their primary obligations to their clients is to protect client confidences.  Therefore, great pains are taken to make sure that clients’ highly personal information stays in safe hands. But what happens when attorneys are the ones passing along their personal information? Well, unfortunately lawyers are far less careful with their own confidential information than they are with their clients’.

For example, we recently attended a legal conference where a legal recruiter summarized how scrupulously she protects her attorney client’s information. She explained that in some instances she collects highly private financial data from attorneys she’s trying to place, including tax returns. What amazes her, and us, is that these attorneys rarely ask for any assurances that their information will remain confidential.

For instance, these attorneys don’t know that although the legal recruiter takes pains to protect their personal information by encrypting her computer, she eventually turns that data over to law firms and corporations without any assurances they will be as mindful.

There are scores of instances where it’s necessary to turn over personal information to receive a service. But to do so without any effort to learn how that data will be used and protected is to relinquish responsibility for it. In this day and age that’s akin to just crossing your fingers and hoping for the best.

In other words, it’s just unacceptable.

Before you hand over personal information to a service provider, ask:

  • Access: Who will have access to that information?
  • Security: How will that information be protected?
  • Storage: Where will that information be stored?
  • Sharing: Will that information be shared with anyone?
  • Transit: How is that information transferred—Via mail? Email? A shared lockbox? Cloud computing?
  • Reasonable Efforts: What efforts are taken to protect the data in storage? And in transit?
  • Breach: What is the notification procedure in the case of a security breach?
  • Disposal: How is the information destroyed once it is no longer needed?

And for the professionals who are the recipients of this information, they may need to consider how to protect themselves from liability for the misuse or loss of data. This can be done via contractual changes in agreements between both clients and collaborators.   For instance, the legal recruiter described above could require the following:

  • Consent: That clients consent to her sending their personal information to other parties.
  • No Liability: That clients agree to not hold her responsible if the other party with whom she is collaborating fails to take adequate measures to protect the data as well.
  • Reasonable Efforts: That her collaborators take reasonable efforts to protect the data.

When it comes to your personal information, don’t assume that because you’re a trained professional who mindfully protects your clients’ data, that others will do the same with yours. Ask questions, demand answers, and don’t turn over anything until you’re satisfied that you’re in safe hands.

GettyImages_lzm005.jpgInvestigators are often asked to track people down—for instance, we are sometimes asked to find former employees of a company who might be witnesses in litigation.  In some cases, we don’t know who we’re looking for exactly, but we know where they worked, or we have an old address.  These assignments can be time-consuming, but clients are often sympathetic because they realize the challenges involved in tracking down a person whose name remains unknown. 

But even having a person’s name does not guarantee smooth sailing.  For instance, tracking down a man with a common name like Bob Smith is far from easy. Sure, it helps if we know more information—like that Mr. Smith lived in Atlanta between 2005-2007, and that he worked as an auto mechanic. But that still requires a bit of effort to find just the right person and not someone else who, coincidentally, has the same name and the same personal details. The world is really far smaller than we often realize.

A good investigation begins with the information the client has provided, but it certainly does not end there. In cases where an investigation fails to yield any viable results, among the first steps is to challenge the information given.  After all, as we said in our article for InsideCounsel, “5 Tips When Searching for Assets,” you don’t know what you don’t know. 

For a person search, this might mean questioning the name provided.  There are enough variations in names to allow for numerous other search terms that might be more fruitful. Sure, Mr. Smith may be known as Bob to his friends, but what if he appears as Robert M. Smith in database records? What if his last name is actually spelled Smyth? What if Bob is short for his middle name, and his legal name is actually Thomas Roberto Smith?

Below are a few suggestions for alternative search terms when investigating an individual by name:

  •  First name:
    • Is it a nickname? What is the formal name?
    • Is the first name spelled properly? Are there alternative spellings? Is it a name that is frequently misspelled or mistaken for another?
    • Could the name used as a first name actually be a middle name?
  • Middle name:
    • Is there one? Is it used as a first name?
    • Was the full name searched with and without middle initial?
  • Last name:
    • Is it spelled properly? Search variations of the spelling, including phonetic spellings.
    • Sometimes database entries inverse names, especially if the last name is also sometimes used as a first name (so Thomas Connor could be entered as Connor Thomas). This is especially true for Asian names. In those cases, search with the first name last and the last name first.  
    • For married men and women, search using their maiden name and their spouse’s last name as well, whether it was legally changed after marriage or not. Don’t assume this is only relevant for women—we recently had a client with a federal lien against him but he hadn’t been properly notified because the documents were under his estranged wife’s maiden name and he was erroneously believed to have the same last name as her.
    • If the last name is hyphenated or if there are two last names, run searches with each name separately, and with both names together.  Also, searches with the names inverted and with and without hyphens. 

Some of these searches might seem redundant, but remember that databases are quirky: A slight tweak can make the difference between the hit you need or no hit at all. 

If there are still no hits, you can start combining some of these variations for the different names with each other and see if that helps.

  • For example, for Bob Smith, search for Robert Smyth, or for Bob Smyth.  If he has a middle initial M, run a search for Bob M. Smith and Bob M. Smyth, as well as Robert M. Smith, and Robert M. Smyth. Also consider searching for Robby Smith/Smyth and Roberto Smith/Smyth with and with the M. middle initial.

GettyImages_125109629.jpgCardozo Law School recently hosted a multi-disciplinary conference on privacy and the Internet, “Anonymity and Identity in the Information Age.”  Lawyers, computer scientists and public health advocates wrestled with the challenges of protecting personal information at a time when so much data is easily obtainable online.  There were various tips and suggestions beyond merely mastering privacy settings on social media sites and avoiding public Wi-Fi hot spots when doing any online banking—although these are easy and important first steps.       

Recently there have also been a number of good articles inspired by the public acknowledgement that major Internet companies like Google have been less than forthright about their use and abuse of private information, as confirmed by the FCC’s decision to fine Google for its collection of private data during its Street View program.  The best ones, like “How to Muddy Your Tracks on the Internet” by Kate Murphy in the New York Times, are easy how-to guides for savvy Internet users interested in gaining control over their information.  Devoid of jargon, Murphy clearly details easy steps to take in the defense against online snooping. 

But however empowering it may feel to think we’ve finally mastered the privacy settings of the technologies we use every day, the truth of the matter is that despite all our best efforts, information can and will be leaked.  As computer science Professor Steven Bellovin of Columbia University explained at the Cardozo conference, you can protect your email correspondence from being cross-referenced with your browsing history if you avoid Google or Yahoo email accounts and instead set up your own mail server.  But your messages are still fair game to Google if you email someone with a Gmail account.  Or you can activate your browser’s privacy mode to help wipe clean your browsing history.  But this change will stop short of concealing your computer’s I.P. address, the unique identifier that distinguishes it from all other computers.  And as Murphy points out, deciding to take that extra step and mask your I.P. address means incurring additional costs and possibly severely compromising your Internet speed.

Or you may assume that because you’ve never posted your address or physical whereabouts on Facebook or Twitter that you’ve managed to conceal where you actually live.  But the minute you post a picture, the image’s metadata may pinpoint the coordinates of where you took the shot.  So if you snapped that picture of your new puppy at home, you might be giving out your exact location when you upload it to Facebook. 

And then of course there’s the likelihood that information will be leaked by plain old human error, yours or someone else’s. There are always cautionary tales about someone inadvertently sending an email “Reply All” when it clearly shouldn’t have been.  At the Cardozo conference one computer privacy expert sheepishly admitted to making this rookie mistake himself—a confession that inspired chuckles of recognition from far less computer-literate audience members. 

And the actions of others, even if they were acting innocently, may expose your personal information as well.  For instance, one of our clients asked us to track down the settlor of a trust whose whereabouts had long since been a mystery.  But his family was all over Facebook, constantly updating their information with details about their home life and travels.  Eventually, we were able to locate him through them. 

Or take for example the recent news story of the Italian mobster finally arrested after being on the run for nine years.  He didn’t make a mistake, but his girlfriend did.  Police had been monitoring the mobster’s pregnant girlfriend’s social media sites for information about his whereabouts.  They hit the jackpot when the girlfriend decided to use Facebook to share photographs of her growing belly with friends and family.  In one of the photographs she posed in front of a sign for a beach in the Costa del Sol town of Marbella.  Then she uploaded another shot of her outside a well-known Italian restaurant in Marbella.  Soon after she sent the mobster an email predicting that she was going to go into labor sometime soon—an email that, unbeknownst to her, the police were monitoring.  Sure enough, the police apprehended the mobster when he arrived in Marbella shortly thereafter. 

So, despite the feelings of invincibility and invisibility that the Internet seems to inspire, the truth of the matter is that complete privacy or anonymity online are impossible.