TLS0070 Introduction to Legal Technology
Lecture 8 Regulatory issues University of Turku Law School 2015-02-24 Anna Ronkainen @ronkaine [email protected]
But first... Final paper - 2500–4000 words (10–16 pages), more does
not necessarily imply better! - to be returned on Moodle by Fri Apr 10, use
pdf as file format - will do my best to grade the papers within 2
weeks after the deadline - normal academic style, use references (in-
text, footnotes, endnotes – whatever you are used to but just be consistent) to document the sources you have used in your work
Topic and form - must be approved by the lecturer in advance (before/after
lectures or via e-mail) by end of March at the latest - possible topics (non-exhaustive list):
- some specific technology and its application to law (in general or to a specific field)
- some specific field of law or type/stage of legal practice and the current/potential application of technology in it (in general or specific)
- a specific legal/regulatory issue related to the use of technology by lawyers or for things normally done by lawyers
- thorough analysis of 1–2 existing legal startup(s) - business plan for your own future legal startup
Specifically for the startup-type topics - include at least the following
- basic facts about the organization: age, legal structure, geography, founders, funding etc.
- what legal problem they are trying to solve - competition (including less techy alternatives) - business model (NB: non-profits are okay too!) - description of the technologies used
- this is not business school so I don’t expect you to be an expert in that – look at it from a lawyer’s perspective
- commercial viability is a part of the grading criteria if you write about your own imaginary startup
- startup people generally love talking about their work so feel free to try to contact them (but only one paper allowed per startup (and none about TrademarkNow))
What is cloud computing? - remote servers and networks allowing for
centralized data storage and online access to services
- SaaS: software as a service - PaaS: platform as a service - IaaS: infrastructure as a service - it’s not exactly new: pre-PC mainframes
(including Westlaw/LexisNexis) were also “in the cloud”
What’s wrong with it - it’s new and different - trust issues wrt cloud service provider - data protection complications with non-EU
cloud providers as data processors - requires good net connectivity - risk of eavesdropping
On the other side - cheaper/easier to manage (economies of scale) - same data and services available across different
platforms - many types of modern technology only
available on the cloud - usually you can get an EU provider if that’s
important from a data protection perspective - usually the weakest link in terms of security is
somewhere between the keyboard and the chair
An example: behavioural biometrics What are biometrics? - the measurement of anatomical, physiological,
chemical or behavioural characteristics of an individual
- according to the traditional definition only used for the purposes of recognition, verification or identification of a given individual human being (probably mostly because that’s all what the technology could be used for earlier)
- e.g fingerprints, iris scans, face recognition, voice patterns, gait patterns, keystroke timing...
Biometrics in law - a well-established feature of data
protection law for several decades already - special because based on (mostly)
immutable characteristics of a given individual: you can’t swap your irises the way you’d change a password
- but that’s just the beginning...
Dynamic behavioural biometrics (or biomarkers) (for lack of a better term) - behavioural biometrics: based on acquired
individual traits rather than innate features - dynamic: gathered over a longer time
interval (usually at least minutes and in a specific context)
- can be used for much more than just identification with modern technology
- the measurements are not (only) used to compute an identification key but contain other types of (even sensitive) personal data as well
On to mind-reading - considerable interest in the use of neuroscience as
legal evidence - including functional neuroimaging: a behavioural
biometric - the use of fMRI lie detection not yet allowed in
the US (attempts at least in Tennessee, New York, Maryland), EEG-based ”lie detection” allowed in Sharma case in Pune, India in 2008 (despite massive criticism by neuroscientists)
http://www.nytimes.com/2008/09/15/world/asia/15iht-15brainscan.16148673.html
AVATAR: Automated Virtual Agent for Truth Assessment in Real-Time • developed by the National Center for Border
Security and Immigration at the University of Arizona • one machine in use in a pilot trial on the US/
Mexico border in Nogales since August 2012 • uses (at least) voice analysis and body
monitoring • not lie-detection proper (yet)
Towards lie-detection using face recognition: a possible roadmap - the Facial Action Control System: a system for
analyzing facial expressions (and through them e.g. emotions) on the hardware level
- 46 Action Units, each representing an individual facial muscle as seen on the surface
- can also be used to analyze microexpressions, automatic very short (10...100 ms) expressions reflecting one’s true mental state before a conscious concealing expression is displayed, hence lie detection
- very slow when done manually (100x and up)
So what about the law? - Article 15 of the EU Data Protection
Directive prohibits automated decisions... - except when authorized by statute or
contract - adequate safeguards required - Article 20 of the proposed Data Protection
Regulation approximately similar - Article 1 of the Regulation defines biometrics
as unique identifiers only
Could AVATAR be used in, say, Finland? - yes, authorized by the same statutory
provisions as the current self-service passport inspection kiosks at certain Schengen outer borders
- Border Guard Act (578/2005): 29 § on automatical identification and 31 § on technical monitoring
Not just Big Government - widespread use expected in the private
sector as well, e.g. - advertising - ...
Regulation of automated decisions still based on a 1960s mindset - modern algorithms and technologies beyond
human comprehension (as a whole, at once) - human supervision and possibility to override
not sufficient alone (general tendency to rely on machines uncritically)
- such systems should always be required to be able to output grounds for the decision in a human-compatible format (at least on demand)
Law as a regulated profession - certain aspects of legal counsel restricted to
persons with a law degree and/or additional qualifications (bar exam or similar)
- ownership and management of law firms restricted to such persons (no outside investment)
- restrictions on offering services other than legal from the same company
- restrictions on advertising etc. - (of course details vary a lot across jurisdictions)
Alternative business structures (ABS) - first introduced in England and Wales in 2007
(into effect in 2011), now also at least in Australia and Canada
- a firm where a non-lawyer (or a company of which at least 10% controlled by non-lawyers): - is a manager of the firm, or - has an ownership-type interest in the firm
- authorization of ABSs in England and Wales by the Solicitors Regulation Authority
Meanwhile in Finland... (against the tide as usual) - traditionally very liberal rules regarding
representation in court - since 2011: must be either a member of the
bar, a certified representative (oikeuden-käyntiavustaja) with a law degree, or a close relative
- the Finnish bar association’s brand-new strategy sets representation exclusively by members of the bar as a goal
- and maybe after that we get to...
Unauthorized practice of law cases from the US - LegalZoom is probably the company that has
fought this in court the most - LegalZoom has outside investors so it can’t be
considered a law firm - offering document templates etc. not considered
legal counsel - for individualized legal advice LegalZoom can only
operate as a referral service (intermediary between clients and lawyers)
- whether an intelligent legal tech system could offer legal counsel (and hence be prohibited) is still an open question
Licensed legal technicians - introduced in the state of Washington in 2012,
under consideration in NY and CA - nothing very techy about it, just a way to allow
paralegals to practice law within a defined practice area (e.g. family law)
- regulated by the WA state bar - could be a solution for companies like
LegalZoom - and maybe offer a roadmap for regulating legal
tech where needed
IP issues raised by AI - rights to works created by computers - use of third-party works (and rights thereto)
in works created by computers - (and all the usual software patent nonsense)
Computers as authors - check your local listings (e.g. UK yes, Finland
no) - compare to animals as authors
Example on third-party works: Machine translation - a wonderfully complex example for showing
that what comes out of the computer has actually been produced by humans as authors and translators
- and how those people may or may not be copyright holders
- boils down to very fundamental questions: - who can be an author - what constitutes a copyright-protected work
(what ways can you use a work so that original copyrights are exhausted, cf. INFOPAQ)
Machine translation: The first generation (rule-based) - based on an explicit model of the languages
translated to/from - first successful experiment in 1954 using a 250-
word vocabulary - different methods: direct, syntax-tree analysis,
first-order predicate calculus, interlinguas - everything affecting translation really has to be
coded manually in the system one way or the other ⇒ knowledge-acquisition bottleneck
- also limited by computer performance (1950s experiments slower than human translators)
Machine translation: The first generation (rule-based) - first used succesfully for specific domains of
language with limited vocabulary and highly standardized syntax (eg. weather reports)
- some high-quality rule-based systems currently still in use and under further development, eg. MOT Translation by Kielikone (en/fi) and GramTrans by GrammarSoft, Kaldera Språkteknologi and SDU (da/en/eo/no/kl/pt/es/sv)
Machine translation: The second generation (statistical) - statistical methods first used for speech-to-text in the
1980s, the idea finds its way to the MT community towards the end of the 1990s
- enabled by faster computers, cheaper storage, and the availability of documents in digital formats
- no longer based on models explicitly specifying every aspect of the translation
- instead based on massive collections of multilingual documents with all the language elements (sentences, phrases, words, morphemes...) aligned across each language pair (mostly automatically)
Machine translation: The second generation (statistical) - nowadays the dominant method, used by
eg. Google Translate, Yahoo! BabelFish, Bing Translator
- also specialized users, eg. on-line patent translations at the EPO
- still far from perfect but usually good enough for understanding foreign texts
- works better when combined with rule-based methods
Why is this an Intellectual Property issue? - the first-generation systems did not use 3rd-party
IP (except maybe for a dictionary or two) - the second-generation systems make massive use
of 3rd-party IP through documents available in both the source and target languages (aligned)
- machine translation parallel corpora often based on documents free from copyright (eg. acquis communautaire)
- translation memories for computer-aided translation also used as a commodity shared between translators and translation agencies