ABA Techshow 2019: Part 2
Mark I. Unger, Former Chair of the Computer & Technology Section
William D. Smith, Council Member of the Computer & Technology Section
From the Attendee’s Perspective
William: Thursday, February 27, 2019
I was very excited to attend my first ABA Techshow- enough to brave Chicago in February!
For a lawyer or IT professional with any responsibility for security and data privacy in their organization, these conferences are always a tremendous source of learning, in terms of best practices, new tools, and assuaging that am-I-the-crazy-one? feeling by learning that many others deal with the same challenges you do. However, there’s also an element of masochism as you learn of new threats and vulnerabilities which you hadn’t known you needed to be worried about. (I’m reminded of my high school biology teacher, who subscribed to Infectious Diseases Quarterly, a perpetual source of existential terror for him. That’s probably why he chose to live in the country outside of Weatherford and commute to work, notwithstanding the threat of squirrels and other wild animals.)
Privacy concerns presented themselves immediately upon my arrival at the ABA Techshow- literally! At the registration table I was greeted by a box full of these friendly little guys:
In case you’re as puzzled as me and the woman next to me in the registration line were, those are laptop camera covers. A useful reminder that sometimes the most effective security measures are the simplest, low-tech ones. (Though there’s a certain irony to having eyes on the thing.)
Of course, the inverse is also true- simple human laziness or ignorance can defeat the most sophisticated infrastructure. This theme was repeated throughout the information security related sessions I attended today. Remember the Hawaii nuclear attack false alarm? Turns out that the vulnerability arose when an employee of the emergency notifications center posted a picture of himself online that included his password on a Post-it note attached to his monitor in the background.
Craig Bayer (Optiable) and Stanley Louissaint (Fluid Designs) shared how Mobile Device Management (MDM) software can at least put some guardrails around what mistakes users are able to make. Many organizations face the challenge of enforcing appropriate security configurations in a Bring Your Own Device environment. Mobile Application Management software can be a really helpful tool here- it enables you to create a secure container within an employee’s smartphone that it controlled by the organization. This not only helps to secure firm or company information, but also addresses employee concerns about granting total access to everything on their personal device.
Sherri Davidoff (LMG Security) and David Ries (Clark Hill) delivered a session, “Security Practices That Won’t Bust Your Budget” that focused on the importance of the less technical side of cybersecurity- being aware of what data you have, where you’re keeping it, and when you’re getting rid of it, and having and following security processes- as well as some important technical tools like multi-factor authentication and password managers. Sherri said that she likes to think of data like hazardous waste- the more of it you keep around, the more likely it is that something harmful (a breach) will happen. David and Sherri also illustrated just how vibrant the dark web market for stolen data is now. “Fullz”, or full personal details including SSN, DoB, and account info, can be had for anywhere from $1-$60 per individual- and group discounts are available!
Mark tells me vendors are always a big part of the Techshow, and not just because they underwrite the happy hours. The vendor Expo hall certainly has several interesting booths this year. One company, Omega Secure, originally came out of the retail industry where they developed a device to ringfence systems processing payment card information from the rest of the IT environment (pictured below).
hey’ve now adapted this device to allow users to put any kind ofsensitive system behind it. OmegaSecure also offers network monitoring andother organizational security services. Their representative Ash Swamy made the interesting point that law isactually the least regulated industry they have worked in, relative to retailpayment processing, healthcare, and others. Of course, even though securitybest practices are not prescribed for lawyers in terms of what specific stepsto take, the consequences of failing to do it properly can be just as severe.
Lawclerk is another very interesting vendor, though not specifically related to security or privacy issues. They offer a platform where attorneys (and only attorneys) can find and engage freelance lawyers. This can be done for specific tasks, via a project post, or users can build a team of freelance lawyers with particular skillsets who are ready to utilize when the needs arise. For solo practitioners, this could be a great way of handling an overload of work, by getting assistance with drafting a particular document or doing a piece of research. Mike Graner with Lawclerk told me that they have a number of customers who are “the lawyer” in a small town, and Lawclerk enables them to handle a broader range of matters and accept more business. For in-house lawyers like me, Lawclerk could be a handy way to get subject matter expertise on a niche topic or jurisdiction where the business has some needs but engaging a specialist or local firm isn’t yet justified.
Techshow is off to a great start and I’m looking forward to updating the Section on what tomorrow brings!
William: Friday, February 28, 2019
One of the most exciting things about technology is that it can enable you to save time, money, and stress by doing things differently, and hopefully better. But to do differently you have to think differently first, and so it was great to see so many lawyers engaging with Techshow sessions today oriented around taking new approaches to old problems.
Checklists aren’t the most attention-grabbing topic, but “Ready for Process Automation? Start by Developing Checklists and Maps” was one of the most well-attended modules I saw at Techshow. Mary Vandenack (Vandenack Weaver LLC) and Micah Ascano (Polsinelli) shared an approach for documenting repeatable and predictable processes in checklists that will immediately result in more efficiency and fewer mistakes, and in the longer term enable you to actually start to partially or completely automate those processes. They showed a detailed process map for patent prosecution, which includes client inputs and action steps as well as internal ones. Impressively, Mary also walked through an automated entity formation workflow. While automation is talked about a lot in general terms in legal tech circles, it was really cool to see the presenters break down the nuts and bolts of how to get there in a practical, real-world way. Much of the audience seemed to feel the same way, judging by how many questions were asked. I think we will see more and more lawyers engaging in these process mapping and eventually automation exercises, as clients demand more cost-effective services and more efficient delivery models. There’s also a natural alignment between mapping, defining and automating routine parts of work and the alternative fee arrangements that are increasingly appealing to clients.
If you’re interested in learning more about how to use process mapping and checklists to reduce the time and effort you spend doing repetitive tasks, you can check out the book “Checklists for Lawyers” by Dan Siegel, and also the software tools Vizio and Hotdocs.
Dan Lear (Right Brain Law) and Susan Letterman White’s (Mass LOMAP) “Design Thinking for Law Firms” session was explicitly about getting lawyers to use a different approach to problem solving.
“Design thinking” is a very common method of problem solving in the tech and product development world, but not one typically employed by lawyers. The basic steps are to:
- Frame thechallenge (“how might we”) in a group discussion
- Reframe the challenge and its context – get in the “field” to collect data
- Make sense of the data and prioritize. Generate possible solutions
- Experiment with a prototype
Dan used to work for Avvo, which may count as a strike against for many readers, but he made the good point that at Avvo they wanted to change the discussion about the practice of law to put the “consumer” back in the center of the discussion. Since “human centered design” is another term for design thinking, that principle of being user/customer/client centered is a key part of this approach. What’s most unique about design thinking relative to other problem solving techniques is that it is highly visual, group based, and emphasizes experimentation. The hope is that this approach will allow you to consider options that would not have occurred to you otherwise. That’s where the “framing the challenge” component is really powerful- an audience member shared the metaphor of someone presenting you with a bike that has a flat, and asking you to fix the tire. But asking some thoughtful questions would elicit the fact that the real problem is that the person needs to get to the other side of town by 6pm. Once you know that, a whole world of solutions beyond fixing the bike opens up.
“Experimentation” is easier to do in many parts of the tech world where design thinking is widely practiced, because the impact of mistakes is often minor and corrections can be easily made. To their credit, Susan and Dan acknowledged that this isn’t the case in legal practice, and emphasized that resiliency in the face of failed experiments was key, as well as a focus on learning from those failures. I asked a question to press on this a bit in the contracts and transactions context, where a mistake often has a hard dollar cost. Another member of the audience provided the really helpful suggestion of working with your leadership (or yourself) to create a “failure budget”. This enables you to be honest about the possible costs of experimentation, while also building the business case for why those short-term costs are worth the long-term benefits. If you’re interested in learning more about design thinking, you can check out “Law by Design” by Margaret Hagan or “A Whole New Mind” by Dan Pink.
Another session thattook place had a demonstration of visual notetaking along with it, which seems to me philosophically aligned with this design thinking technique. I was in a different session on security when this module was presented, but the illustration that resulted was posted in the hall for everybody to check out, and I think it’s quite cool.
William D. Smith
William is Assistant General Counsel of Business Talent Group, the leading marketplace for independent strategy and operations consulting professionals. He is on the Council of the Computer and Technology Section of the State Bar of Texas.
