This is the latest in a series of articles, initially published in The Global Legal Post, on various technical themes in language which can be understood by those who prefer to use technology rather than immerse themselves in it.
3Kites' Paul Longhurst and Kemp IT Law's Richard Kemp discuss the potential for AI in the legal profession and how the technology is likely to impact law firms.
Paul Longhurst writes...
Following on from article 17 in this 3Kites' Navigating Legaltech series, I
wanted to look at the impact of AI on legal work and the potential
challenges that it introduces for law firms. Let me start by saying
that, at this point in time, AI (or artificial intelligence) is
still no substitute for experienced lawyering when trying to find
the best outcome for your client in a complex matter. When a lawyer
processes a matter, years of experience are engaged (often without
conscious control) to help provide balanced judgements that feed
into the advice given. The advice can be highly nuanced and is
rarely binary – in extremely complex situations, it may be
right in all the key areas but is probably not 100% correct all of
the time.
Where AI tools can help, and quickly, is with reviewing large
swathes of information to establish patterns, find connections or
themes, identify which content relates to what and so on... but
none of this is innate. AI tools may be specific to a certain task
(such as cameras in your car tuned to read lighting conditions) or
require 'training' (via feeding it documents that exemplify
a worktype, such as employment contracts), or both. Like humans,
the tools are not 100% correct all of the time, especially when
dealing with complex themes – ChatGPT warns users that it
"sometimes writes plausible-sounding but incorrect or
nonsensical answers".
It would be a tough sell to offer clients advice that seems
plausible but which may be incorrect. It is worth noting here that
ChatGPT (and some other AI tools) won't give any indication of
the provenance for content it generates, making it difficult to
check for accuracy without going back and doing much of the work
yourself. However, where it could be useful is in creating a
summary of a situation or concept where lawyers know the correct
answer – and can therefore confirm the accuracy of what is
produced – but haven't got the time to produce a neat
summary.
To dispel AI out of hand is therefore to ignore the benefits that
advances in technology can bring. The trick is knowing when to use
tools and when to apply our brains. Due diligence is the lengthy
process of scanning documents to find commitments made, contracts
that roll-over and much more besides. AI tools (or, more properly
in this context, machine learning tools) are getting to be very
good at this type of thing – once correctly set-up, they can
be quick, cost effective and unerringly consistent with applying
any rules that have been programmed in and able to flag any
exceptions that don't fit these rules. But contrast this with
listening to the client, interpreting their requirements, probing
to understand something that doesn't quite stack up... that
takes years of experience rather than systematic programming.
Combining the benefits of both must be the way forward, right, so
why aren't we all doing it? Firstly, much of the technology is
still in its infancy. Some of the larger firms are already
investing time and money to understand what can be achieved with
leading-edge tools like Generative AI (where the tool generates new
content) alongside identifying the pitfalls to avoid.
However, this is not something that many law firms will have the
funds or the ambition to tackle while we are still in the
pioneering phase. LEO (Lyons Electronic Office) was the world's
first commercially available computer built in 1951 to run payroll
and inventory for Lyons Corner Shops and gave rise to the British
computer industry that saw its zenith with ICL before Fujitsu
hoovered that up in 1990. This was about 12 years longer than Lyons
lasted. Pioneers don't always enjoy the fruits of their
labours, so it may be useful to watch from the sidelines while they
push ahead without the luxury of learning from others.
That said, I think it is a valid strategy for smaller firms to take
advantage of proven technology where the path has already been
established. Tools providing functionality such as document
interrogation, automated time capture, case management decisions
based on volume-data analysis and due diligence (as noted above)
are steadily gaining ground. If your firm has a vision which these
tools can help to deliver, then add it to the project list and
accept that innovation is rarely perfect the first time but that
you will undoubtedly learn something and be better with phase
two.
Some of the learning here may be expensive or have other
repercussions if firms move ahead without fully understanding the
regulatory risks lurking round the corner... and here is where
Richard Kemp can pick up the story.
Richard Kemp writes...
Lots to think about here. Generative AI has grabbed the headlines
in the legal world this year in a way that no other lawtech really
has. The top question for firms' management is: 'How will
these AI tools benefit the business and how do we manage the
risks?'
As with other lawtech, use of AI in legal services is evolutionary
not revolutionary. For firms it is a question of focusing on the
practical and what really matters. The key areas are regulatory,
contractual and IP. GDPR in the AI space is likely to be the most
vexing AI question for UK law firms. Here, key risks include:
- establishing a lawful basis for training the underlying model;
- data subject expectations and fairness, particularly around privacy notice requirements, developing mechanisms to deal with data subject requests, and 'human in the loop' Article 22 issues (individual decision-making and profiling);
- inferences and 'hallucinations' (the AI getting it wildly wrong) as personal data;
- data breach and security risks; and the real world point that AI providers are likely to entertain little or no change to their standard or enterprise terms of service (ToS), which may not have been prepared with GDPR front of mind.
From a regulatory perspective, aside from GDPR, the SRA's
firm code of conduct is relatively benign on firms' use of
technology and this is the case with AI also, certainly at the
moment. Where the firm is working with a client in a heavily
regulated sector like financial services or healthcare, the firm
itself won't be directly regulated in that sector but will need
to comply with relevant engagement commitments where the client has
flowed down a wide range of IT-hygiene related policies and terms
to all its law firms. We are starting to see banks and other large
clients seeking to impose specific terms around AI, to add to the
set of IT and security terms that have grown very rapidly in recent
years.
Contractually, AI providers' ToS that we're seeing at the
moment are developing at pace, but remain one-sided, typically (for
example) with broad uncapped indemnities in favour of the provider.
If the firm can move off the provider's standard ToS to an
enterprise agreement there may be a bit more room for negotiation,
but it is likely to remain a question of 'you want our service,
you sign our terms'. The firm should back off these risks as
much as it can in its client-facing engagement terms.
Looking at the firm's client agreements, can the firm
effectively back off to its clients the most onerous terms of the
AI provider? Does this need a change to current client terms? Will
any AI-related services the firm is providing need a change or an
addendum to its engagement terms – perhaps a specific
statement of work or KPIs for a particular project? With banks,
insurers and other enterprise clients, is a firm's use of AI
consistent with all aspects of the firm's commitments in its
agreements with those clients?
IP-wise, in the wake of ChatGPT and similar Generative AI, we are
starting to see a wave of disputes around claimed misuse of IP on
input and output content – Getty Images suing Stability AI
for copyright infringement and AWS (Amazon Web Services)
prohibiting its people from sending AWS code to Generative AIs, are
cases in point. Firms should consider protecting their own
AI-related IP through express terms in their engagement
arrangements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.