TLS0070 Introduction to Legal Technology

Lecture 8 Regulatory issues University of Turku Law School 2015-02-24 Anna Ronkainen @ronkaine anna.ronkainen@onomatics.com

But first... Final paper -  2500–4000 words (10–16 pages), more does

not necessarily imply better! -  to be returned on Moodle by Fri Apr 10, use

pdf as file format - will do my best to grade the papers within 2

weeks after the deadline -  normal academic style, use references (in-

text, footnotes, endnotes – whatever you are used to but just be consistent) to document the sources you have used in your work

Topic and form -  must be approved by the lecturer in advance (before/after

lectures or via e-mail) by end of March at the latest -  possible topics (non-exhaustive list):

-  some specific technology and its application to law (in general or to a specific field)

-  some specific field of law or type/stage of legal practice and the current/potential application of technology in it (in general or specific)

-  a specific legal/regulatory issue related to the use of technology by lawyers or for things normally done by lawyers

-  thorough analysis of 1–2 existing legal startup(s) -  business plan for your own future legal startup

Specifically for the startup-type topics -  include at least the following

-  basic facts about the organization: age, legal structure, geography, founders, funding etc.

-  what legal problem they are trying to solve -  competition (including less techy alternatives) -  business model (NB: non-profits are okay too!) -  description of the technologies used

-  this is not business school so I don’t expect you to be an expert in that – look at it from a lawyer’s perspective

-  commercial viability is a part of the grading criteria if you write about your own imaginary startup

-  startup people generally love talking about their work so feel free to try to contact them (but only one paper allowed per startup (and none about TrademarkNow))

Cloud computing – friend or foe?

What is cloud computing? -  remote servers and networks allowing for

centralized data storage and online access to services

-  SaaS: software as a service -  PaaS: platform as a service -  IaaS: infrastructure as a service -  it’s not exactly new: pre-PC mainframes

(including Westlaw/LexisNexis) were also “in the cloud”

What’s wrong with it -  it’s new and different -  trust issues wrt cloud service provider -  data protection complications with non-EU

cloud providers as data processors -  requires good net connectivity -  risk of eavesdropping

On the other side -  cheaper/easier to manage (economies of scale) -  same data and services available across different

platforms -  many types of modern technology only

available on the cloud -  usually you can get an EU provider if that’s

important from a data protection perspective -  usually the weakest link in terms of security is

somewhere between the keyboard and the chair

Data protection, big data, and automated decisions

An example: behavioural biometrics What are biometrics? - the measurement of anatomical, physiological,

chemical or behavioural characteristics of an individual

- according to the traditional definition only used for the purposes of recognition, verification or identification of a given individual human being (probably mostly because that’s all what the technology could be used for earlier)

- e.g fingerprints, iris scans, face recognition, voice patterns, gait patterns, keystroke timing...

Biometrics in law - a well-established feature of data

protection law for several decades already - special because based on (mostly)

immutable characteristics of a given individual: you can’t swap your irises the way you’d change a password

-  but that’s just the beginning...

Dynamic behavioural biometrics (or biomarkers) (for lack of a better term) - behavioural biometrics: based on acquired

individual traits rather than innate features - dynamic: gathered over a longer time

interval (usually at least minutes and in a specific context)

- can be used for much more than just identification with modern technology

- the measurements are not (only) used to compute an identification key but contain other types of (even sensitive) personal data as well

State of the art? A simple example: heart rate monitoring from to...

State of the art

On to mind-reading - considerable interest in the use of neuroscience as

legal evidence - including functional neuroimaging: a behavioural

biometric - the use of fMRI lie detection not yet allowed in

the US (attempts at least in Tennessee, New York, Maryland), EEG-based ”lie detection” allowed in Sharma case in Pune, India in 2008 (despite massive criticism by neuroscientists)

http://www.nytimes.com/2008/09/15/world/asia/15iht-15brainscan.16148673.html

fMRI mind-reading: not very subtle

Oldskool lie detection: the polygraph

EEG: a more discreet (and crackable) example

(emotiv.com)

But what about this?

AVATAR: Automated Virtual Agent for Truth Assessment in Real-Time •  developed by the National Center for Border

Security and Immigration at the University of Arizona •  one machine in use in a pilot trial on the US/

Mexico border in Nogales since August 2012 •  uses (at least) voice analysis and body

monitoring •  not lie-detection proper (yet)

Towards lie-detection using face recognition: a possible roadmap - the Facial Action Control System: a system for

analyzing facial expressions (and through them e.g. emotions) on the hardware level

- 46 Action Units, each representing an individual facial muscle as seen on the surface

- can also be used to analyze microexpressions, automatic very short (10...100 ms) expressions reflecting one’s true mental state before a conscious concealing expression is displayed, hence lie detection

- very slow when done manually (100x and up)

Best known from...

Lie to Me: The lead character Cal Lightman is sort of modelled after Paul Ekman

People are *not* good at this

... seriously.

So what about the law? - Article 15 of the EU Data Protection

Directive prohibits automated decisions... - except when authorized by statute or

contract - adequate safeguards required - Article 20 of the proposed Data Protection

Regulation approximately similar - Article 1 of the Regulation defines biometrics

as unique identifiers only

Could AVATAR be used in, say, Finland? - yes, authorized by the same statutory

provisions as the current self-service passport inspection kiosks at certain Schengen outer borders

- Border Guard Act (578/2005): 29 § on automatical identification and 31 § on technical monitoring

Not just Big Government - widespread use expected in the private

sector as well, e.g. - advertising - ...

Regulation of automated decisions still based on a 1960s mindset - modern algorithms and technologies beyond

human comprehension (as a whole, at once) - human supervision and possibility to override

not sufficient alone (general tendency to rely on machines uncritically)

- such systems should always be required to be able to output grounds for the decision in a human-compatible format (at least on demand)

DIY countermeasures Anti-face-recognition styling ....and Botox®

Regulation of the legal profession and legal tech

Law as a regulated profession -  certain aspects of legal counsel restricted to

persons with a law degree and/or additional qualifications (bar exam or similar)

-  ownership and management of law firms restricted to such persons (no outside investment)

-  restrictions on offering services other than legal from the same company

-  restrictions on advertising etc. -  (of course details vary a lot across jurisdictions)

Alternative business structures (ABS) -  first introduced in England and Wales in 2007

(into effect in 2011), now also at least in Australia and Canada

-  a firm where a non-lawyer (or a company of which at least 10% controlled by non-lawyers): -  is a manager of the firm, or -  has an ownership-type interest in the firm

-  authorization of ABSs in England and Wales by the Solicitors Regulation Authority

Meanwhile in Finland... (against the tide as usual) -  traditionally very liberal rules regarding

representation in court -  since 2011: must be either a member of the

bar, a certified representative (oikeuden-käyntiavustaja) with a law degree, or a close relative

-  the Finnish bar association’s brand-new strategy sets representation exclusively by members of the bar as a goal

-  and maybe after that we get to...

Unauthorized practice of law cases from the US -  LegalZoom is probably the company that has

fought this in court the most -  LegalZoom has outside investors so it can’t be

considered a law firm -  offering document templates etc. not considered

legal counsel -  for individualized legal advice LegalZoom can only

operate as a referral service (intermediary between clients and lawyers)

-  whether an intelligent legal tech system could offer legal counsel (and hence be prohibited) is still an open question

Licensed legal technicians -  introduced in the state of Washington in 2012,

under consideration in NY and CA -  nothing very techy about it, just a way to allow

paralegals to practice law within a defined practice area (e.g. family law)

-  regulated by the WA state bar -  could be a solution for companies like

LegalZoom -  and maybe offer a roadmap for regulating legal

tech where needed

Intellectual property issues wrt artificial intelligence

IP issues raised by AI -  rights to works created by computers -  use of third-party works (and rights thereto)

in works created by computers -  (and all the usual software patent nonsense)

Computers as authors -  check your local listings (e.g. UK yes, Finland

no) -  compare to animals as authors

Example on third-party works: Machine translation -  a wonderfully complex example for showing

that what comes out of the computer has actually been produced by humans as authors and translators

-  and how those people may or may not be copyright holders

-  boils down to very fundamental questions: -  who can be an author -  what constitutes a copyright-protected work

(what ways can you use a work so that original copyrights are exhausted, cf. INFOPAQ)

Machine translation: The first generation (rule-based) -  based on an explicit model of the languages

translated to/from -  first successful experiment in 1954 using a 250-

word vocabulary -  different methods: direct, syntax-tree analysis,

first-order predicate calculus, interlinguas -  everything affecting translation really has to be

coded manually in the system one way or the other ⇒ knowledge-acquisition bottleneck

-  also limited by computer performance (1950s experiments slower than human translators)

Machine translation: The first generation (rule-based) -  first used succesfully for specific domains of

language with limited vocabulary and highly standardized syntax (eg. weather reports)

-  some high-quality rule-based systems currently still in use and under further development, eg. MOT Translation by Kielikone (en/fi) and GramTrans by GrammarSoft, Kaldera Språkteknologi and SDU (da/en/eo/no/kl/pt/es/sv)

Machine translation: The second generation (statistical) -  statistical methods first used for speech-to-text in the

1980s, the idea finds its way to the MT community towards the end of the 1990s

-  enabled by faster computers, cheaper storage, and the availability of documents in digital formats

-  no longer based on models explicitly specifying every aspect of the translation

-  instead based on massive collections of multilingual documents with all the language elements (sentences, phrases, words, morphemes...) aligned across each language pair (mostly automatically)

Machine translation: The second generation (statistical) -  nowadays the dominant method, used by

eg. Google Translate, Yahoo! BabelFish, Bing Translator

-  also specialized users, eg. on-line patent translations at the EPO

-  still far from perfect but usually good enough for understanding foreign texts

-  works better when combined with rule-based methods

Why is this an Intellectual Property issue? -  the first-generation systems did not use 3rd-party

IP (except maybe for a dictionary or two) -  the second-generation systems make massive use

of 3rd-party IP through documents available in both the source and target languages (aligned)

-  machine translation parallel corpora often based on documents free from copyright (eg. acquis communautaire)

-  translation memories for computer-aided translation also used as a commodity shared between translators and translation agencies

Flow of authorship in machine translation

Flow of authorship in Computer-Aided Translation

Questions?