The Two Speeds of Law Practice Technology

Reading Time: 9 minutes

It is funny how you can be aware of something but, until you explain it to someone else, it doesn’t really take form. So far this semester, we have been looking at law practice technology from the perspectives of efficiencies: doing things more quickly and more accurately. Now that we’ve hit some security topics, the focus is on shifting into reverse and slowing down: how do you add friction. When I read about lawyers running into trouble with practice technology, increasingly it seems as though they’ve allowed their focus on efficiency to get out of balance with their need to induce friction. A law practice without friction is on a very slippery slope.

This makes intuitive sense. Legal earnings are based on time. Even if the billing isn’t overtly a 6-minute segment, a lawyer is selling their professional skills and knowledge. To the extent that requires the lawyer’s involvement, time is a limiting factor: there are only so many hours in a day. Automation allows them to use that time more effectively; hiring additional people expands the amount of time, but also requires more revenue.

Lawyers can containerize their expertise in certain situations—improved intake forms, automated document assembly that shifts some of the burden to the client or staff, a library of precedent documents—but professional ethics doesn’t allow a complete detachment from the work. Efficiency should, theoretically, make time available without requiring a lawyer to expand the overall amount of time they expend on law practice.

Removing Friction for Efficiency (and Billable Time)

One challenge lawyers are facing with artificial intelligence is that it’s like putting nitrous into their law practice. They may go fast but their ultimate destination may be a ditch if they don’t have their hands firmly on the wheel. This is likely because they confuse automation, which is the automated repetition of a process with known results that must always be validated, with what artificial intelligence creates and, more importantly, how it creates them in a way to suggest a lawyer need not validate them.

The recent case of a Department of Justice lawyer in North Carolina is only the latest example of what seems to be a growing problem for the profession. I’m waiting for the final transcript — which hopefully will provide more information about the slide deck the Court prepared in its presentation about the lawyer’s deficiencies — but here is the flavor, based on people who attended the courtroom:

I have speculated before how we may now just be seeing consequences for what has up to now been common behavior: lawyers have not been acting ethically but no one was watching. These social media comments suggest the court had already accepted, potentially acted, on documents filed earlier in the case that also had errors in them. Courts and parties are looking for AI now and they are finding it; one wonders if this amount of manual slop existed and went unchecked because of social legal professional norms.

Lawyers are a go along-get along group because of how their work is geographically fixed. This can lead to avoidance of conflict with more senior lawyers or judges who are acting inappropriately. This manifests itself in how little the bar discipline agencies will regulate behavior of lawyers, to the detriment of the rest of the legal profession and the administration of justice.

The law firm is already known to be a toxic environment for many lawyers and so it wouldn’t be that surprising if the DOJ, like so many law firms, has cultivated a work culture where time runs out for professional ethics. If no one is watching — and, before AI, even if someone was, an error might be explained away as human — then the outputs of this time-depleted work environment are ignored. If lawyers don’t have the time to research, the time to write, whose fault is that? On paper, it’s the lawyer who signs the document. But unless they’re a solo, there’s probably more to the answer than one lawyer’s behavior.

That’s not the full story, though. A Mississippi law firm had a new associate use AI and got caught. The lawyer reviewing her briefs missed it but then the firm created an AI use policy, limiting use to the Smokeball practice management app’s internal AI (“Archie”). (They have recently supplemented their internal AI with Thomson Reuter’s) The associate then supplemented Archie with Grok, getting caught twice more, both by the same court.

It has been fascinating to see how different lawyers handle it. The lawyers in North Carolina and Mississippi apologized, which makes sense as a human being. They are often not only apologizing for failing to act ethically as lawyers initially but also for then compounding that lack of professionalism by lying to the court about their initial acts.

One does have to wonder at the lawyers who decide to burn it all down, though, as in the case of Tennessee lawyers who used AI, were caught, lied, then told the court it didn’t have authority to order them to show cause. Yikes.

The goal then is to apply speed when it makes sense, and to slow down in other situations. The law practice technology, of course, is just the vehicle. A car doesn’t go fast on its own; even if you leave it in gear on a hill, it’s gravity that is going to make it speed up.

It’s the failure to put on the parking brake that’s the problem. Lawyers need to know when to leave friction in their processes. Sometimes that’s the most professional thing to do. In fact, the professional rules are written in such a way that to comply with them requires a lawyer to remain engaged and active in the work. The more it is delegated or automated, the greater the risk to the lawyer; an AI is never going to be disbarred but a lawyer using it will be.

This inability to properly manage time is a long-standing problem in law practice. You could take away all of the technology and it would remain. Lawyers are notorious for filing at the very last minute. My first job in a law firm, as teenager, was driving pleadings to be filed in a courthouse on the day that the statute of limitations would run out. It was high stress (for the lawyers, more than me) and really pointless in hindsight. One might expect this to happen periodically when a client discovers that they have a remedy that is about to disappear. But one gets the sense that law firms operate on this basis on a regular basis (see, for example, Above The Law headlines).

When I see a lawyer in trouble for having rushed something or missed a deadline by minutes, I wonder why they weren’t planning better? I’m not a perfect time manager; in fact, if anything, I’m a terminal procrastinator. But that doesn’t mean “wait to the last minute”. In a real emergency, lawyers can approach the court with a request for an extension of time. This is discretionary but, for the lawyer who is otherwise already managing their time well, one would think it’s a reasonable step when the unexpected happens. But if lawyers are not managing their time, I do wonder how adding an accelerant like artificial intelligence will worsen their ability to complete professional work.

Speed Without Thought

The question that is begged by productivity tools in law practice is what one does with that efficiency? Where does it manifest itself: do lawyers have longer to file a document, to do the research properly? Or does it just absorb bad processes, allowing the lawyer to continue to work in a high-risk way? If more income is the goal of the lawyer, less friction in order to generate more billings may be the only way, regardless of the risk.

We touched on Microsoft Word (and other Office 365) macros in class. This is a decades old automation tool that remains a niche in law practice. None of the students had looked at one, recorded one, or otherwise interacted with one. I explained that they were on the automation spectrum:

• Using a hot key combination (like CTRL-P to print) rather than reaching for a mouse and clicking
• Using a hot key combination to do a repetitive function (CTRL-H to find/replace throughout a document)
• Recording a macro to join together multiple hot key combinations
• Using a third-party add-in or app to stitch together both macro-like functions and new functionality

Macros were a product, back in the day. You could buy collections written by other lawyers to drop into your own version of WordPerfect. Lawyers would share their macros online. A non-generative AI could be adapted to macro-like work within documents: managing a complicated document’s form fields, for example, or enriching metadata before sending a document to a document management system.

It’s a type of automation that lawyers are unlikely to use because of its complexity. It requires testing. Even when it is working, it requires the lawyer to validate the result to ensure the results are correct. There is a productivity balance between that automation and validation.

Now? I expect lawyers that rush towards AI will be unlikely to have considered the automation they are leaping over to reach it. Automation that, while involving more friction than AI, can have known, repeatable results in a way that generative-AI does not. The results delivered by AI are couched in terms that seem to encourage lawyers to skip the validation step automation, or any delegation, requires.

Slow Security

This need for speed, for eliminating friction, that is so common in other aspects of law practice is a risk when it comes to security. Students were amazed at how many unique passwords I have even as they discussed how they used passwords themselves. There is an awareness that they need strong, unique passwords. They do not realize how many of them they will need.

A not uncommon approach is to use one strong password for important things (finances, etc.) and a throwaway password for unimportant things (media subscriptions, etc.). So, two passwords. But that’s not nearly enough. There were some laughs when I mentioned HaveIBeenPwned.com, a site that was new to them. But they all found themselves on it. I mean, really, these days, who has not had an account exposed and reported to HaveIBeenPwned? There are just over 8 billion people on earth and 17 billion accounts captured within HaveIBeenPwned.

So much of password management has fallen away to efficiency and eliminating friction. Web browsers that save passwords in them, synchronizing them across devices. Web browsers and extensions that take a secure password and fill out a form automatically. These automation steps may benefit the password owner but it shifts the balance away from security towards convenience.

Friction need not be extensive and there remains bad advice that recommends password practices that create too much friction — funnily enough from lawyers in this bananas Northern District of Georgia DOJ page suggests changing passwords every 90 days, contradicting professional advice from another part of the US government — that complicates and distracts from advice that balances friction with effectiveness. Like this CISA checklist that encourages a password manager, multi-factor authentication, and strong unique passwords. Not a password and security regimen that requires a ton of maintenance, but rather one that is set-and-forget on the assumption that you have taken the time to do it properly.

I talked through a number of scenarios with my students and they were right there on the best way to approach an issue that carried risk. Out of the blue request to transfer money? Call someone. Walk down the hall. Email or text with a link to follow up? Open a browser and log in to the account directly. I am hoping they will take that sense of awareness with them. But sometimes time constrains our ability to do what makes sense.

I wonder if the recent hack of the FBI Director’s personal GMail account had more to do with time than anything. It didn’t help that his email account was known from other breaches. So a phishing attempt would just have required enough context to encourage someone, who may not have been very careful with their account management, to make another mistake. I would suspect that Mr. Patel did not have multi-factor authentication on; he may also not have been using Google’s Advanced Protection Program.

Of course, friction is particularly helpful when the other side is using … artificial intelligence.

Lawyers may need more friction, not less, to be able to combat what seem to be much-improved attempts at phishing and delivery of ransomware. AI is helping to smooth out the rough edges of poor grammar or cultural mistakes in usage. It goes without saying that accounts that contain client information should all have unique, strong passwords. But to the extent any accounts are integrated — say, using a Google Workspace or Microsoft 365 account for single-sign-on (SSO) — there is a risk to having that sort of integration. Access to a single password can open up a whole mess of doors. I used to not worry about having multi-factor authentication on less critical accounts, because of friction, but I don’t think that’s a choice any longer. It’s not the account that matters; it’s the ability for someone to get from that account information that allows them to get a more important account. Heck, I’ve even put MFA on my PACER account.

Unfortunately, I think the battle for maintaining friction is a constant one. Early career lawyers may feel like they do not have the time to enable friction. It requires more senior lawyers to encourage their new colleagues to slow down, for the benefit of the clients and firm if not for themselves individually, even at the expense of billable time or appearing to be speedy. If anything, understanding when to apply friction and when to remove it should be a talent every lawyer wants to cultivate.