How Technology, Mobile Devices, and AI Are Shaping the Legal Industry in 2022
In February of 2022, Above the Law interviewed 500 attorneys on their views on technology, mobile devices, artificial intelligence (AI), and more. Of those 500, Associates made up 32%, Partners were 26%, and in-house counsel were over 12%. Above the Law and Litera have published their findings in The Modern Lawyer Report.
Mobile Device Usage
Roughly 57% of attorneys reported that they can do “many things” or “everything” on mobile devices. From our vantage point this seems high, but consider the point above, that the majority of the attorneys who responded self-report that they are ahead of the curve in using technology. From our view of law firms, the third option, “I can follow email on mobile but that’s about it,” is the the common state of the art in law firms today.
Document review and approval is certainly the greatest need which attorneys and legal professionals have on mobile devices. Our clients tell us that the ability to review, annotate, compare, sign, and email documents in order to have complete workflows is their goal.
What is delaying mobile device adoption?
The report cities, “One partner stated, “My vision is too poor to work on such small screens,” while an in-house respondent noted that “security risks preclude the ethical use of mobile for most legal tasks.”
Artificial Intelligence or AI is a somewhat amorphous term, granted. Over 60% of these advanced technology users consider AI to be valuable to business success in legal services.
One of the conclusions of The Modern Lawyer Report is that, especially with respect to mobile devices and artificial intelligence, lawyers are not taking advantage of technology’s full capabilities. There is plenty of opportunity for them to adopt these technologies further.
Update: Here is alinkto register and download the report from Litera.
If you have questions or comments, I’d like to hear from you. Write to: contact at mobilehelix dot com
Maureen Blando is the President and COO of Mobile Helix, the makers of the LINK encrypted app for lawyers. LINK provides simple workflows for Document Management and Email in a single, secure app. Note: the LINK App offers font sizes up to XXL. (See above. for relevance.)
iOS has solid encryption, there is no backdoor, hence, your firm’s data is safe under lock and key, correct? Not necessarily. Enlightening new research by cryptographers at Johns Hopkins University (1) has surfaced weaknesses in the iOS and Android encryption schemes. Ironically, in the case of iOS, part of the weakness is related to a security hierarchy which is often unused.
“Apple provides interfaces to enable encryption in both first-party and third-party software, using the iOS Data Protection API. Within this package, Apple specifies several encryption “protection classes” that application developers can select when creating new data files and objects. These classes allow developers to specify the security properties of each piece of encrypted data, including whether the keys corresponding to that data will be evicted from memory after the phone is locked (“Complete Protection” or CP) or shut down (“After First Unlock” or AFU) …
… the selection of protection class makes an enormous practical difference in the security afforded by Apple’s file encryption. Since in practice, users reboot their phones only rarely, many phones are routinely carried in a locked-but-authenticated state (AFU). This means that for protection classes other than CP, decryption keys remain available in the device’s memory. Analysis of forensic tools shows that to an attacker who obtains a phone in this state, encryption provides only a modest additional protection over the software security and authentication measures described above.” (JHU – bold is our addition)
The reality is that most of our iPhones are commonly in “After First Unlock” state because we rarely reboot our phones. To achieve maximum security, we would have to power down our iPhones and authenticate after each use. That is, scores or hundreds of times per day. Otherwise, all data in the AFU state is vulnerable to law enforcement agencies or criminals with the right forensic tools. As the Hopkins researchers noted, “Law enforcement agencies, including local departments, can unlock devices with Advanced Services for as cheap as $2,000 USD per phone, and even less in bulk, and commonly do so.”
“There’s great crypto available, but it’s not necessarily in use all the time,” says Maximilian Zinkus, Johns Hopkins University. The Hopkins researchers also extended their analysis to include the vulnerability of iCloud services and device backups:
Device owners may take actions to ensure greater security. Apple Insider cites a few user actions including: Use SOS mode; use the setting which locks iOS devices after 10 failed login attempts; and don’t use iCloud back-ups. But these user-optional mitigations are not adequate for enterprise security, and they don’t address the forensic techniques used to steal data in the AFU state. Enterprises need systematic approaches across all firm-managed devices.
Why Secure Containers Are Needed
Sophisticated attackers and government agencies have a variety of available tools at their disposable to extract sensitive data from a seized or stolen device. The preponderance of evidence shows that law enforcement is largely successful in cracking open a device and extracting sensitive information as needed. Evidence further suggests that these techniques are ported to even the latest iOS versions and devices (take a close look at https://www.grayshift.com/ – they offer the state-of-the-art in device forensics). What can you do to truly protect sensitive data? The built-in capabilities of the operating system are not sufficient.
Secure containers provide an additional layer of encryption by implementing an entirely independent encryption mechanism to protect data. To examine the protection offered by secure contain apps, we will refer to our LINK app in this discussion. LINK not only uses its own, independent encryption scheme, Link also uses its own built-in encryption technology. In other words, the LINK encryption software stands entirely independent from the operating system, regardless of whether that operating system is intact or compromised. As long as encryption keys are protected well, then secure containers can provide the kind of locked-down encryption that law firms want to protect email and documents, which encapsulate a large majority of a firm’s most sensitive data.
LINK’s data protection exceeds iOS in a few significant ways:
LINK is an app, and iOS apps are routinely removed from memory. Hence, while LINK does necessarily keep encryption keys in memory when the app is active, once the app is removed from memory its encryption keys are too. This stands in contrast to iOS’ “AFU” encryption.
LINK allows IT to identify data that is only accessible when the device is online. This makes it awfully difficult to get the encryption keys for that data, especially once the device has been identified as lost or stolen and flagged for a remote wipe.
LINK’s online encryption keys are really hard to guess. Offline keys are hard to guess too, as long as your organization uses complex A-D passwords. Online keys are not derived from a user’s passcode or even a user’s A-D password. LINK’s encryption keys are derived from randomized 32-character strings that are generated on the LINK servers using entropy available on the server. Brute-forcing the key derivation is unlikely to work, which means an attacker would have to compromise the LINK Controller that sits safely inside our customers’ networks, then break the encryption scheme protecting sensitive data stored in our Controller database. Getting LINK data is a lot more complicated than stealing or seizing a mobile device.
LINK aggressively limits the amount of data available on the device, online or offline. We do so by simply expiring away data that sits unused on the device. This is a really simple way to limit exposure without much practical impact on a user. Users can always go back to their email (via search) or to the document management system to find what they were working on. There is no practical reason to store lots of old, unused data on a device that is easy to steal and, as it turns out, compromise once stolen.
LINK’s data is useless when obtained from an iCloud backup or a local backup to a Mac device. LINK’s encryption keys are never backed up. An attacker’s best hope is to brute force both the iOS device passcode and the user’s A-D password before IT notices that the device is lost or stolen. This is incredibly difficult to accomplish given Apple’s built-in protections against brute-forcing passcode and given a reasonably complex, hard-to-guess A-D password.
The JHU research simply reminds us that Apple’s interests diverge widely from those of an individual law firm. Apple has to balance the needs of law enforcement and users to make data accessible while still providing a reasonable degree of protection. Law firms’ best interests lie in maximally protecting data against unauthorized access. In order to achieve this latter goal, Apple’s built-in technology simply won’t suffice.
Seth Hallem is the CEO, Chief Architect, and Co-Founder of Mobile Helix, makers of the LINK App. With LINK professionals can review, annotate, compare, and email files, as well as use the firm intranet, using a single secure container app. www.mobilehelix.com
Let’s face it, Email is vital to our work, but it’s also tedious and time consuming. In LINK we care about features which make Email management more efficient.
LINK’s configurable “Swipe Menus” are one of those features. Here are 3 key things to know about Swipe Menus.
I. Color-Coded: By popular demand, menus are now color-coded per the task.
– DELETE: RED
– ARCHIVE : BLUE
– FLAG: ORANGE
– REPLY/FORWARD/FILE: GREY
– VIP: RED
– READ/UNREAD: BLUE
II. More Options from Either Side
Now you can select any of these options from either Left or Right Slide: Delete, File, Flag, Unread, Forward, Reply, VIP, Archive
There are 3 swipe left options and 2 swipe right options.
From the Inbox, tap the Gear Icon, in the upper right to go to Settings. Select your options. Then Save.
Bonus: VIP Notifications
Don’t forget to use your VIP features. You can make any correspondent a VIP by swiping and tapping on VIP. Then in Settings, select a distinct sound for VIP notifications. Learn all about VIP notifications in this video.
I hope that these swipe menus make your life easier!
Before we all moved to working from home, were your attorneys and paralegals approving pre-bills by marking up paper? And now? Are you scanning reams of paper? Printing and FedEx-ing?
In late 2018 we were contacted by the head of Knowledge Management of an AmLaw 100 law firm. They had a specific goal: to make approval of pre-bills paperless and easy to do on an iPad. They have a practice which has high monthly transactions. Some partners were approving several thousand pre-bills per month on paper. This was difficult enough when a partner was in the office. It was untenable if the partner had to travel. This firm had heard about our LINK app’s built-in annotation and integration with DMS. They wanted to know if we could help.
Marking up pre-bills is easy to do with LINK. Here is a common workflow:
Accounting uploads the pre-bills to a folder in DMS.
Attorney goes to that folder in DMS from the LINK app.
Attorney annotates the pre-bills using LINK’s in-app annotation.
Attorney saves the marked-up pre-bill to DMS from the LINK app.
Accounting retrieves the marked-up pre-bills.
That’s all there is to it. In LINK you can mark-up a pre-bill with a pencil or a finger. Add a stamp or note. You can even capture your signature then place it on documents.
This law firm started approving pre-bills with LINK in 2019. Their partners are very pleased with the improved process. There is no going back to paper for them.
There are variations to the workflow. Instead of DMS the firm may upload the pre-bills to network file shares or OneDrive. Or, the pre-bills may be emailed to the attorney, marked up in LINK, and then emailed back. LINK can be used on a phone instead of a tablet.
You may watch a video showing two workflows, one using DMS and one using email, below.
in legal we are seeing that this pandemic presents an opportunity for certain productivity improvements. Not only in the case of Zoom, but usage of DocuSign has rocketed. “Never let a crisis go to waste.”
We would be happy to discuss your pre-bill workflow and how LINK could apply to it.
No profession is immune from disruption. A business with a value of $400 billion per year is a attractive target for newcomers, ranging from financial institutions to startups. Can legal ward off its challengers? Not without changing.
“The Innovator’s Dilemma” refers to Clayton Christensen’s theory that successful companies are too focused on customers’ current needs and that they fail to adopt technologies that will fulfill customers’ future or unspoken needs. When the goose is laying the golden eggs, it can be challenging to focus on what happens after the goose is gone. Think of Blockbuster’s collapse to Netflix or Amazon’s decision to develop the Kindle. The question for the mammoth book retailer was whether they should dig in their heels and fight ebooks which threatened to cannibalize their hard copy book sales. Jeff Bezos was savvy to the Innovator’s Dilemma and chose to lead in ebooks. Today Amazon controls 67% of the ebook market.
But the Innovator’s Dilemma pertains to technology. The legal profession is not about technology…or is it?
For context, let’s look at the thoughtful internet debate over the past few weeks. The catalyst was the post, “The Profession is Doomed,” by Toby Brown, published in 3 Geeks and a Law Blog. Toby had participated in a National Conference of Bar Presidents panel on the future of the profession.
One of the panel members described a change coming in Washington State where the first licenses to Limited Licensure Legal Technicians (LLLT) will be granted this spring. An LLLT is a new non-lawyer legal professional who may advise and assist clients. An LLLT must meet certain criteria but can qualify with an associate level degree. Approval of LLLT was opposed by the Board of Governors of the Washington Bar Association but was approved by the Washington Supreme Court. Brown writes that the focus of the conference presidents and executives was on finding ways to kill the LLLT.
Brown left the conference that day convinced that the profession is doomed because those in power in the profession won’t drive change, leaving it open to disruption from without.
Dolin points out that the stagnant growth in 75% of the AM100 contrasted with the rapid growth in lower margin legal services startups such as LegalZoom and Rocket Lawyer is evidence that change in Big Law is needed.
Dolin references Prof. William Henderson of Indiana University Law School who commends the innovation of Bryan Cave, Seyfarth Shaw, and Littler Mendelson, yet estimates that “only 10-15% of large law firms have embarked on strategic initiatives that take into account the ‘New Normal.’” Henderson has warned of a train wreck along the lines of the Innovator’s Dilemma coming in Big Law in the next 5 to 10 years.
So why are Big Law firms moving slowly? Per Dolin, Big Law grapples with various paralyzing questions: Is change really needed? Would it best to see if a few firms fail before action is taken? How significant will the costs be? It’s easy to see that PCs make sense, but how does one know how far to take new technology? And, will the benefits of these new potentially expensive changes be realized after current partners retire? Dolin points to the partner system as deterrent to innovation in Big Law.
Our view is far brighter. Today’s solutions can enable traditional legal to become more nimble and cost-effective. As a matter of disclosure, our company, Mobile Helix, provides a mobile app designed specifically for lawyers which allows lawyers to work with DMS, files, SharePoint and email from anywhere. In essence, we enable lawyers to be more responsive to clients and to get greater value from their time.
Mobility is a huge gift to lawyers. Every day we support firms which are earnestly working to provide more productivity to their lawyers. As one legal IT director stated, the ROI on any ten or fifteen minutes which a lawyer can recoup on the go is high and the personal satisfaction is great.
Mobility reduces costs because time is used more productively. Lightweight mobile solutions are a very effective way for law firms to drive efficiencies. There are technologies, including ours, which can be adopted today without massive investment. The ROI begins on the first day, not years from now.
Toby Brown did legal a service by raising the flag on this subject. Legal need not be doomed. But innovation and action is required…and the clock is ticking.
The theory goes something like this. Mobile apps are the unregulated Wild West. Users are unable to make informed choices about which apps are “safe” and “appropriate” for work and therefore cannot be trusted. IT must assume the worst and create a “blacklist”1 of risky applications that that cannot be downloaded to any personal mobile device “approved” for work. This ensures the enterprise remains safe and free from infection while allowing employees to work using personal mobile devices. IT can sleep easier at night, employees are happy. Well, not really…
The App store had 1.3 million applications available for download in September 20142. This number is growing rapidly, from 1 million in October 2013. Then there is the Google Play store, the Windows store and others. How in practice can the IT team of any average company stay current on this vast app offering, blessing the good and weeding out the bad apples? Well they cannot. As fast as IT blacklists, enticing new apps appear. IT has no choice but to blacklist indiscriminately – preventing employees from using many powerful and completely benign mobile apps to do their jobs. An exercise in futility indeed. So, is app blacklisting worth the considerable effort required to implement and enforce?
Not only is app blacklisting an exercise in futility, it is also directly contrary to the compelling reasons to embrace enterprise mobility in the first place. Recent research from Citrix3 shows that two of the five most commonly blacklisted mobile apps are Dropbox (for file access and sharing) and personal email. Does blacklisting Dropbox and personal email access help or hinder the enterprise?
Employees need access to their enterprise files to work. Accessing personal email on a personal mobile device is a critical need. Why are users downloading Dropbox and personal email to their personal mobile devices? Is it so they can maliciously infect enterprise networks and threaten sensitive corporate data or is it so they can work more and be more productive in their personal time while outside the office? The answer is pretty obvious.
The majority of employees are motivated by good. They want to work as productively and effectively as possible. They want to use their down-time efficiently and get work done. This is why they are willing to use personal mobile devices that they purchase and pay for themselves to do so.
Blacklisting is a brute force approach that provides a false sense of security for IT. Blacklisting penalizes the most committed and valuable workers, punishing them for wanting to be more productive using their own personal mobile device. Something is very wrong here.
We have written previously about the “Legal Mobility Disconnect”. App blacklisting contributes to this significant productivity gap. The answer is for IT to lead and provide users with the mobile tools they need to do their job and get work done. This starts with file access and email. These IT provided solutions must be intuitive and easy to use. They must be secure and they must be readily available without imposing unreasonable restrictions on personal mobile device use outside of work.
If this post resonates, please explore Link by Mobile Helix and see if it offers you an alternative and more practical path to sustained, secure enterprise productivity. For those who remain unconvinced and plan to continue blacklisting, then you may want to read about Sisyphus4, who was engaged in a similar exercise in futility thousands of years ago – in his case for eternity.
We would love to hear what you think so please let us know.
Hoping to get away without sharing your location with your law firm IT department? Using a health-related app on your personal smartphone? Device management by employers is getting some backlash. Tom Kaneshige, @kaneshige, writing in CIO.com, explores these concerns with BYOD. Disclosure: our Mobile Helix Link mobile app does not track employee movements or capture information regarding personal apps.
A sobering narrative of Erica Joy’s career moving from “a young black lady to a black woman in the predominantly white male tech industry.” From Alaska to the San Francisco Bay area and points in-between.