Generative Adversarial Networks and the Rise of Fake Faces: an Intellectual Property Perspective

The tremendous growth in the artificial intelligence (AI) sector over the last several years may be attributed in large part to the proliferation of so-called big data.  But even today, data sets of sufficient size and quality are not always available for certain applications.  That’s where a technology called generative adversarial networks (GANs) comes in.  GANs, which are neural networks comprising two separate networks (a generator and a discriminator network that face off against each another), are useful for creating new (“synthetic” or “fake”) data samples.  As a result, one of the hottest areas for AI research today involves GANs, their ever-growing use cases, and the tools to identify their fake samples in the wild.  Face image-generating GANs, in particular, have received much of the attention due to their ability to generate highly realistic faces.

One of the notable features of face image-generating GANs is their ability to generate synthetic faces having particular attributes, such as desired eye and hair color, skin tone, gender, and a certain degree of “attractiveness,” among others, that by appearance are nearly indistinguishable from reality.  These fake designer face images can be combined (using feature vectors) to produce even more highly sculpted face images having custom genetic features.  A similar process using celebrity images can be used to generate fake images well-suited to targeted online or print advertisements and other purposes.  Imagine the face of someone selling you a product or service whose persona, which is customized to match your particular likes/dislikes (after all, market researchers know all about you), and which has a vague resemblance to a favorite athlete, historical figure, or celebrity.  Even though family, friends, and celebrity endorsements are seen as the best way for companies looking for high marketing conversion rates, a highly tailored GAN-generated face may one day rival those techniques.

As previously discussed on this website, AI technologies involving any use of human face data, such as face detection, facial recognition, face swapping, deep fakes, and now synthetic face generation technologies, raise a number of legal (and ethical) issues.  Facial recognition (a type of regulated biometric information in some states), for example, has become a lightning rod for privacy-related laws and lawsuits.  Proponents of face image-generating GANs seem to recognize potential legal risk posed by their technology when they argue that generating synthetic faces avoids copyright restrictions (this at least implicitly acknowledges that data sets found online may contain copyrighted images scraped from the Internet).  But copyright issue may not be so clear-cut in the case of GANs.  And even if copyrights are avoided, a GAN developer may face other potential legal issues, such as those involving publicity and privacy rights.

Consider the following hypothetical: GAN Developer’s face image-generating model is used to create a synthetic persona with combined features from at least two well-known public figures: Celebrity and Athlete, who own their respective publicity rights, i.e., the right to control the use of their names and likenesses, which they control through their publicity, management, legal, and/or agency teams.  Advert Co. acquires the synthetic face image sample and uses it in a national print advertising campaign that appears in leading fitness, adventure, and style magazines.  All of the real celebrity, athlete, and other images used in GAN Developer’s discriminator network are the property of Image Co.  GAN Developer did not obtain permission to use Image Co.’s images, but it also did not retain the images after its model was fully developed and used to create the synthetic face image sample.

Image Co., which asserts that it owns the exclusive right to copy, reproduce, and distribute the original real images and to make derivatives thereof, sues GAN Developer and Advert Co. for copyright infringement.

As a possible defense, GAN Developer might argue that its temporary use of the original copyrighted images, which were not retained after their use, was a “fair use,” and both GAN Developer and Advert Co. might further argue that the synthetic face image is an entirely new work, it is a transformative use of the original images, and it is not a derivative of the originals.

With regard to their fair use argument, the Copyright Act provides a non-exhaustive list of factors to consider in deciding whether the use of a copyrighted work was an excusable fair use: “(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work.”  17 USC § 107.  Some of the many thoroughly-reasoned and well-cited court opinions concerning the fair use doctrine address its applicability to face images.  In just one example, a court granted summary judgment in favor of a defendant after finding that the defendant’s extracted outline features of a face from an online copyrighted photo of a mayor for use in opposition political ads was an excusable fair use.  Kienitz v. Sconnie Nation LLC, 766 F. 3d 756 (7th Cir. 2014).  Even so, no court has considered the specific fact pattern set forth in the above hypothetical involving GANs, so it remains to be seen how a court might apply the fair use doctrine in such circumstances.

As for the other defenses, a derivative work is a work based on or derived from one or more already existing works.  Copyright Office Circular 14 at 1 (2013).  A derivative work incorporates some or all of a preexisting work and adds new original copyrightable authorship to that work.  A derivative works is one that generally involves transformation of the content of the preexisting work into an altered form, such as the translation of a novel into another language, the adaptation of a novel into a movie or play, the recasting of a novel as an e-book or an audiobook, or a t-shirt version of a print image.  See Authors Guild v. Google, Inc., 804 F. 3d 202, 215 (2nd Cir. 2015).  In the present hypothetical, a court might consider whether GAN Developer’s synthetic image sample is an altered form of Image Co.’s original Celebrity and Athlete images.

With regard to the transformative use test, something is sufficiently transformative if it “adds something new, with a further purpose or different character, altering the first with new expression, meaning or message….” Campbell v. Acuff-Rose Music, Inc., 510 US 569, 579 (1994) (citing Leval, 103 Harv. L. Rev. at 1111). “[T]he more transformative the new work,” the more likely it may be viewed as a fair use of the original work. See id.  Thus, a court might consider whether GAN Developer’s synthetic image “is one that serves a new and different function from the original work and is not a substitute for it.”  Authors Guild, Inc. v. HathiTrust, 755 F. 3d 87, 96 (2nd Cir. 2014).  Depending on the “closeness” of the synthetic face to Celebrity’s and Athlete’s, whose features were used to design the synthetic face, a court might find that the new face is not a substitute for the originals, at least from a commercial perspective, and therefore it is sufficiently transformative.  Again, no court has considered the hypothetical GAN fact pattern, so it remains to be seen how a court might apply the transformative use test in such circumstances.

Even if GAN Developer and Advert Co. successfully navigate around the copyright infringement issues, they may not be entirely out of the liability woods.  Getting back to the hypothetical, they still may face one or both of the Celebrity’s and Athlete’s misappropriation of publicity rights claims.  Publicity rights often arise in connection with the use of a person’s name or likeness for advertising purposes.  New York courts, which have a long history of dealing with publicity rights issues, have found that “a name, portrait, or picture is used ‘for advertising purposes’ if it appears in a publication which, taken in its entirety, was distributed for use in, or as part of, an advertisement or solicitation for patronage of a particular product or service.” See Scott v. WorldStarHipHop, Inc., No. 10-cv-9538 (S.D.N.Y. 2012) (citing cases).

Right of publicity laws in some states cover not only a person’s persona, but extend to the unauthorized use and exploitation of that person’s voice, sound-alike voice, signature, nicknames, first name, roles or characterizations performed by that person (i.e., celebrity roles), personal catchphrases, identity, and objects closely related to or associated with the persona (i.e., celebrities associated with particular goods).  See Midler v. Ford Motor Co., 849 F.2d 460 (9th Cir. 1989) (finding advertiser liable for using sound-alike performers to approximate the vocal sound of actor Bette Midler); Waits v. Frito-Lay, Inc., 978 F.2d 1093 (9th Cir. 1992) (similar facts); Onassis v. Christian Dior, 122 Misc. 2d 603 (NY Supreme Ct. 1984) (finding advertiser liable for impermissibly misappropriating Jacqueline Kennedy Onassis’ identity for the purposes of trade and advertising where picture used to establish that identity was that of look-alike model Barbara Reynolds); White v. Samsung Electronics Am., Inc., 971 F.2d 1395 (9th Cir. 1992) (finding liability where defendant employed a robot that looked and replicated actions of Vanna White of “Wheel of Fortune” fame); Carson v. Here’s Johnny Portable Toilets, 698 F.2d 831 (6th Cir. 1983) (finding defendant liable where its advertisement associated its products with well-known “Here’s Johnny” introduction of television personality Johnny Carson); Motschenbacher v. R.J. Reynolds Tobacco Co., 498 F.2d 921 (9th Cir. 1974) (finding defendant liable where its advertisement used a distinctive phrase and race car in advertisements, and where public could unequivocally relate the phrase and the car to the famous individuals associated with the race car).  Some court’s, however, have drawn the line in the case of fictional names, even if it is closely related to a real name.  See Duncan v. Universal Music Group et al., No. 11-cv-5654 (E.D.N.Y. 2012).

Thus, Advert Co. might argue that it did not misappropriate Celebrity’s and Athlete’s publicity rights for its own advantage because neither of their likenesses is generally apparent in the synthetic image.  Celebrity or Athlete might counter with evidence demonstrating the image contains the presence of sufficient genetic features, such as eye shape, that might make an observer think of them.  As some of the cases above suggest, a direct use of a name or likeness is not necessary for finding misappropriation of another’s persona. On the other hand, the burden of proof increases when identity is based on indirect means, such as through voice, association with objects, or in the case of a synthetic face, a mere resemblance.

A court might also hear additional arguments against misappropriation. Similar to the transformative use test under a fair use query, Advert Co. might argue that its synthetic image adds significant creative elements such that the original images were transformed into something more than a mere likeness or imitation, or that its use of other’s likenesses was merely incidental (5 J. Thomas McCarthy, McCarthy on Trademarks and Unfair Competition § 28:7.50 (4th ed. 2014) (“The mere trivial or fleeting use of a person’s name or image in an advertisement will not trigger liability when such a usage will have only a de minimis commercial implication.”)). Other arguments that might be raised include First Amendment and perhaps a novel argument that output from a GAN model cannot constitute misappropriate because, at its core, the model simply learns for itself what features of an image’s pixel values are most useful for the purpose of characterizing images of human faces and thus neither the model nor GAN Developer had awareness of a real person’s physical features when generating a fake face.  But see In Re Facebook Biometric Information Privacy Litigation, slip op. (Dkt. 302), No. 3:15-cv-03747-JD (N.D. Cal. May 14, 2018) (finding unpersuasive a “learning” by artificial intelligence argument in the context of facial recognition) (more on this case here).

This post barely touches the surface of some of the legal issues and types of evidence that might arise in a situation like the above GAN hypothetical.  One can imagine all sorts of other possible scenarios involving synthetic face images and their potential legal risks that GAN developers and others might confront.

For more information about one online image data set, visit ImageNet; for an overview of GANs, see these slides (by GANs innovator Ian Goodfellow and others), this tutorial video (at 51:00 mark), and this ICLR 2018 conference paper by NVIDIA.

Will “Leaky” Machine Learning Usher in a New Wave of Lawsuits?

A computer science professor at Cornell University has a new twist on Marc Andreessen’s 2011 pronouncement that software is “eating the world.”  According to Vitaly Shmatikov, it is “machine learning [that] is eating the world” today.  His personification is clear: machine learning and other applications of artificial intelligence are disrupting society at a rate that shows little sign of leveling off.  With increasing numbers of companies and individual developers producing customer-facing AI systems, it seems all but inevitable that some of those systems will create unintended and unforeseen consequences, including harm to individuals and society at large.  Researchers like Shmatikov and his colleagues are starting to reveal those consequences, including one–“leaky” machine learning models–that could have serious legal implications.

In this post, the causes of action that might be asserted against a developer who publishes, either directly or via a machine learning as a service (MLaaS) cloud platform, a leaky machine learning model are explored along with possible defenses, using the lessons of cybersecurity litigation as a jumping off point.

Over the last decade or more, the plaintiffs bar and the defendants bar have contributed to a body of case law now commonly referred to as cybersecurity law.  This was inevitable, given the estimated 8,000 data breaches involving 11 billion data records made public since 2005. After some well-publicized breaches, lawsuits against companies that reported data thefts began appearing more frequently on court dockets across the country.  Law firms responded by marketing “cybersecurity” practice groups whose attorneys advised clients about managing risks associated with data security and the aftermath of data exfiltrations by cybercriminals.  Today, with an estimated 70-percent of all data being generated by individuals (often related to those individuals’ activities), and with organizations globally expected to lose over 146 billion more data records between 2018 and 2023 if current cybersecurity tools are not improved (Juniper Research), the number of cybersecurity lawsuits is not expected to level off anytime soon.

While data exfiltration lawsuits may be the most prevalent type of cybersecurity lawsuit today, the plaintiffs bar has begun targeting other cyber issues, such as ransomware attacks, especially those affecting healthcare facilities (in ransomware cases, malicious software freezes an organization’s computer systems until a ransom is paid; while frozen, a business may not be able to effectively deliver critical services to customers).  The same litigators who have expanding into ransomware may soon turn their attention to a new kind of cyber-like “breach”: the so-called leaky machine learning models built on thousands of personal data records.

In their research, sponsored in part by the National Science Foundation (NSF) and Google, Shmatikov and his colleagues in early 2017 “uncovered multiple privacy and integrity problems in today’s [machine learning] pipelines” that could be exploited by adversaries to infer if a particular person’s data record was used to train machine learning models.  See R. Shokri, Membership Inference Attacks Against Machine Learning Models, Proceedings of the 38th IEEE Symposium on Security and Privacy (2017). They describe a health care machine learning model that could reveal to an adversary whether or not a certain patient’s data record was part of the model’s training data.  In another example, a different model trained on location and other data, used to categorize mobile users based on their movement patterns, was found to reveal by way of query whether a particular user’s location data was used.

These scenarios certainly raise alarms from a privacy perspective, and one can imagine other possible instances of machine learning models revealing the kind of personal information to an attacker that might cause harm to individuals.  While actual user data may not be revealed in these attacks, the mere inference that a person’s data record was included in a data set used to train a model, what Shmatikov and previous researchers refer to as “membership inference,” could cause that person (and the thousands of others whose data records were used) embarrassment and other consequences.

Assuming for the sake of argument that a membership inference disclosure of the kind described above becomes legally actionable, it is instructive to consider what businesses facing membership inference lawsuits might expect in terms of statutory and common law causes of action so they can take steps to mitigate problems and avoid contributing more cyber lawsuits to already busy court dockets (and of course avoid leaking confidential and private information).  These causes of actions could include invasion of privacy, consumer protection laws, unfair trade practices, negligence, negligent misrepresentation, innocent misrepresentation, negligent omission, breach of warranty, and emotional distress, among others.  See, e.g., Sony Gaming Networks & Cust. Data Sec. Breach Lit., 996 F.Supp. 2d 942 (S.D. Cal 2014) (evaluating data exfiltration causes of action).

Negligence might be alleged, as it often is in cybersecurity cases, if plaintiff (or class action members) can establish evidence of the following four elements: the existence of a legal duty; breach of that duty; causation; and cognizable injury.  Liability might arise where defendant failed to properly safeguard and protect private personal information from unauthorized access, use, and disclosure, where such use and disclosure caused actual money or property loss or the loss of a legally-protected interest in the confidentiality and privacy of plaintiff’s/members’ personal information.

Misrepresentation might be alleged if plaintiff/members can establish evidence of a misrepresentation upon which they relied and a pecuniary loss resulting from the reliance of the actionable misrepresentation. Liability under such a claim could arise if, for example, plaintiff’s data record has monetary value and a company makes representations about its use of security and data security measures in user agreements, terms of service, and/or privacy policies that turn out to be in error (for example, the company’s measures lack robustness and do not prevent an attack on a model that is found to be leaky).  In some cases, actual reliance on statements or omissions may need to be alleged.

State consumer protection laws might also be alleged if plaintiff/members can establish (depending on which state law applies) deceptive misrepresentations or omissions regarding the standard, quality, or grade of a particular good or service that causes harm, such as those that mislead plaintiff/members into believing that their personal private information would be safe upon transmission to defendant when defendant knew of vulnerabilities in its data security systems. Liability could arise where defendant was deceptive in omitting notice that its machine learning model could reveal to an attacker the fact that plaintiff’s/members’ data record was used to train the model. In certain situations, plaintiff/members might have to allege with particularity the specific time, place, and content of the misrepresentation or omission if the allegations are based in fraud.

For their part, defendants in membership inference cases might challenge plaintiff’s/members’ lawsuit on a number of fronts.  As an initial tactic, defendants might challenge plaintiff’s/members’ standing on the basis of failing to establish an actual injury caused by the disclosure (inference) of data record used to train a machine learning model.  See In re Science App. Intern. Corp. Backup Tape Data, 45 F. Supp. 3d 14 (D.D.C. 2014) (considering “when, exactly, the loss or theft of something as abstract as data becomes a concrete injury”).

Defendants might also challenge plaintiff’s/members’ assertions that an injury is imminent or certainly impending.  In data breach cases, defendants might rely on state court decisions that denied standing where injury from a mere potential risk of future identity theft resulting from the loss of personal information was not recognized, which might also apply in a membership inference case.

Defendants might also question whether permission and/or consent was given by a plaintiffs/members for the collection, storage, and use of personal data records.  This query would likely involve plaintiff’s/members’ awareness and acceptance of membership risks when they allowed their data to be used to train a machine learning model.  Defendants would likely examine whether the permission/consent given extended to and was commensurate in scope with the uses of the data records by defendant or others.

Defendants might also consider applicable agreements related to a user’s data records that limited plaintiff’s/members’ choice of forum and which state laws apply, which could affect pleading and proof burdens.  Defendants might rely on language in terms of service and other agreements that provide notice of the possibility of external attacks and the risks of leaks and membership inference.  Many other challenges to a plaintiff’s/members’ allegations could also be explored.

Apart from challenging causes of action on the merits, companies should also consider taking other measures like those used by companies in traditional data exfiltration cases.  These might include proactively testing their systems (in the case of machine learning models, testing for leakage) and implementing procedures to provide notice of a leaky model.  As Shmatikov and his colleagues suggest, machine learning model developers and MLaaS providers should take into account the risk that their models will leak information about their training data, warn customers about this risk, and “provide more visibility into the model and the methods that can be used to reduce this leakage.”  Machine learning companies should account for foreseeable risks and associated consequences and assess whether they are acceptable compared to the benefits received from their models.

If data exfiltration, ransomware, and related cybersecurity litigation are any indication, the plaintiffs bar may one day turn its attention to the leaky machine learning problem.  If machine learning model developers and MLaaS providers want to avoid such attention and the possibility of litigation, they should not delay taking reasonable steps to mitigate the leaky machine learning model problem.

Trump Signs John S. McCain National Defense Authorization Act, Provides Funds for Artificial Intelligence Technologies

By signing into law the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (H.R.5515; Public Law No: 115-232; Aug. 13, 2018), the Trump Administration has established a strategy for major new national defense and national security-related initiatives involving artificial intelligence (AI) technologies.  Some of the law’s $717 billion spending authorization for fiscal year 2019 includes proposed funding to assess the current state of AI and deploy AI across the Department of Defense (DOD).  The law also recognizes that fundamental AI research is still needed within the tech-heavy military services.  The law encourages coordination between DOD activities and private industry at a time when some Silicon Valley companies are being pressured by their employees to stop engaging with DOD and other government agencies in AI.

In Section 238 of the law, the Secretary of Defense is to lead “Joint Artificial Intelligence Research, Development, and Transition Activities” to include developing a set of activities within the DOD involving efforts to develop, mature, and transition AI technologies into operational use.  In Section 1051 of the law, an independent “National Security Commission on Artificial Intelligence” is to be established within the Executive Branch to review advances in AI and associated technologies, with a focus on machine learning (ML).

The Commission’s mandate is to review methods and means necessary to advance the development of AI and associated technologies by the US to comprehensively address US national security and defense needs.  The Commission is to review the competitiveness of the US in AI/ML and associated technologies.

“Artificial Intelligence” is defined broadly in Sec. 238 to include the following: (1) any artificial system that performs tasks under varying and unpredictable circumstances without significant human oversight, or that can learn from experience and improve performance when exposed to data sets; (2) an artificial system developed in computer software, physical hardware, or other context that solves tasks requiring human-like perception, cognition, planning, learning, communication, or physical action; (3) an artificial system designed to think or act like a human, including cognitive architectures and neural networks; (4) a set of techniques, including machine learning, that is designed to approximate a cognitive task; and (5) an artificial system designed to act rationally, including an intelligent software agent or embodied robot that achieves goals using perception, planning, reasoning, learning, communicating, decision making, and acting.  Section 1051 has a similar definition.

The law does not overlook the need for governance of AI development activities, and requires regular meetings of appropriate DOD officials to integrate the functional activities of organizations and elements with respect to AI; ensure there are efficient and effective AI capabilities throughout the DOD; and develop and continuously improve research, innovation, policy, joint processes, and procedures to facilitate the development, acquisition, integration, advancement, oversight, and sustainment of AI throughout the DOD.  The DOD is also tasked with studying AI to make recommendations for legislative action relating to the technology, including recommendations to more effectively fund and organize the DOD in areas of AI.

For further details, please see this earlier post.

Advanced Driver Monitoring Systems and the Law: Artificial Intelligence for the Road

Artificial intelligence technologies are expected to usher in a future where fully autonomous vehicles take people to their destinations without direct driver interaction.  During the transition from driver to driverless cars, roads will be filled with highly autonomous vehicles (HAVs) in which drivers behind the wheel are required to take control of vehicle operations at a moment’s notice. This is where AI-based advanced driver monitoring systems (DMS) play a role: ensuring HAV drivers are paying attention.  As big automakers incorporate advanced DMS into more passenger cars, policymakers will seek to ensure that these systems meet acceptable performance and safety standards as well as address issues such as privacy and cybersecurity related to use cases for the technology.  In this post, the technology behind advanced DMS is summarized followed by a brief summary of current governance efforts aimed at the technology.

The term “driver monitoring system,” also sometimes called “driver attention monitor” or “driver vigilance monitoring,” refers to a holistic system for analyzing driver behavior.  The principal goal of advanced DMS (as is the case for “older” DMS) is to return a warning or stimulation to alert and refocus the driver’s attention on the driving task.  In HAVs, advanced DMS is used to prepare the driver to re-take control of the vehicle under specified conditions or circumstances.

In operation, the technology detects behavior patterns indicative of the driver’s level of attention, fatigue, micro-sleep, cognitive load, and other physiological states. But the same technology can also be used for driving/driver experience personalization, such as customizing digital assistant interactions, music selection, route selection, and in-cabin environment settings.

Older DMS was adopted around 2006 with the introduction of electronic stability control, blind spot detection, forward collision warning, and lane departure warning technologies, among others, which indirectly monitor a driver by monitoring a driver’s vehicle performance relative to its environment.  Some of these systems were packaged with names like “drowsy driver monitoring,” “attention assist,” and others.

Advanced DMS technology began appearing in US commercial passenger vehicles starting in 2017.  Advanced DMS is expected to be used in SAE Levels 2 through Level 4 HAVs.  DMS in any form may not be needed for safety purposes once fully autonomous Level 5 is achieved, but the technology will likely continue to be used for personalization purposes even in Level 5 vehicles (which are reportedly not expected to be seen on US roadways until 2025 or later).

Advanced DMS generally tracks a driver’s head and hand positions, as well as the driver’s gaze (i.e., where the driver is looking), but it could also assess feet positions and posture relative to the driver’s seatback.  Cameras and touch sensors provide the necessary interface.  Advanced DMS may also utilize a driver’s voice using far-field speaker array technology and may assess emotion and mood (from facial expressions) and possibly other physiological states using various proximate and remote sensors.  Data from these sensors may be combined with signals from steering angle sensors, lane assist cameras, RADAR, LIDAR, and other sensor signals already available.

Once sensor signal data are collected, machine learning and deep neural networks may process the data.  Computer vision models (deep neural nets), for example, may be used for face/object detection within the vehicle.  Machine learning natural language processing models may be used to assess a driver’s spoken words.  Digital conversational assistant technology may be used to perform speech to text.  Knowledge bases may provide information to allow advanced DMS to take appropriate actions.  In short, much of the same AI tech used in existing human-machine interface (HMI) applications today can be employed inside passenger vehicles as part of advanced DMS.

From a regulatory perspective, in 2016, 20 states had introduced some sort of autonomous vehicle legislation.  In 2017, that number had jumped to 33 states.  No state laws, however, currently mandate the use of advanced DMS.

At the US federal government level, the US National Transportation Safety Board (NTSB), an independent agency that investigates transportation-related accidents, reported that overreliance on the semi-autonomous (Level 2) features of an all-electric vehicle and prolonged driver disengagement from the driving task contributed to a fatal crash in Florida in 2016.  In its report, the NTSB suggested the adoption of more effective monitoring of driver inattention commensurate with the capability level of the automated driving system.  Although the NTSB’s report does not rise to the level of a regulatory mandate for advanced DMS (the National Highway Transportation Safety Administration (NHTSA) sets transportation regulations), and applicable statutory language prohibits the admission into evidence or use of any part of an NTSB report related to an accident in a civil action for damages resulting from a matter mentioned in the report, the Board’s conclusions regarding probable cause and recommendations regarding preventing future accidents likely play a role in decisions by carmakers about deploying advanced DMS.

As for the NHTSA itself, while it has not yet promulgated advanced DMS regulations, it did publish an Automated Driving Systems, Vision 2.0: A Vision for Safety, report in September 2017.  While the document is clear that its intent is to provide only voluntary guidance, it calls for the incorporation of HMI systems for driver engagement monitoring, considerations of ways to communicate driving-related information as part of HMI, and encourages applying voluntary guidance from other “relevant organizations” to HAVs.

At the federal legislative level, H.R. 3388, the Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act (SELF DRIVE Act) of 2017, contains provisions that would require the Department of Transportation (DOT) to produce a Safety Priority Plan that identifies elements of autonomous vehicles that may require standards.  More specifically, the bill would require NHTSA to identify elements that may require performance standards including HMI, sensors, and actuators, and consider process and procedure standards for software and cybersecurity as necessary.

In Europe, the European New Car Assessment Programme (Euro NCAP), Europe’s vehicle safety ratings and testing body, published its Roadmap 2025: Pursuit of Vision Zero, in September 2017.  In it, the safety testing organization addressed how its voluntary vehicle safety rating system is to be applied to HAVs in Europe.  In particular, the Euro NCAP identifies DMS as a “primary safety feature” standard beginning in 2020 and stated that the technology would need to be included in any new on-road vehicle if the manufacturer wanted to achieve a 5-star safety rating.  Manufacturers are already incorporating advanced DMS in passenger vehicles in response to the Euro NCAP’s position.

Aside from safety standards, advanced DMS may also be subject to federal and state statutory and common laws in the areas of product liability, contract, and privacy laws.  Privacy laws, in particular, will likely need to be considered by those employing advanced DMS in passenger vehicles due to the collection and use of driver and passenger biometric information by DMS.

Legislators, Stockholders, Civil Right Groups, and a CEO Seek Limits on AI Face Recognition Technology

Following the tragic killings of journalists and staff inside the Capital Gazette offices in Annapolis, Maryland, in late June, local police acknowledged that the alleged shooter’s identity was determined using a facial recognition technology widely deployed by Maryland law enforcement personnel.  According to DataWorks Plus, the company contracted to support the Maryland Image Repository System (MIRS) used by Anne Arundel County Police in its investigation, its technology uses face templates derived from facial landmark points extracted from image face data to digitally compare faces to a large database of known faces.  More recent technology, relying on artificial intelligence models, have led to even better and faster image and video analysis used by federal and state law enforcement for facial recognition purposes.  AI-based models can process images and video captured by personal smartphones, laptops, home or business surveillance cameras, drones, and government surveillance cameras, including body-worn cameras used by law enforcement personnel, making it much easier to remotely identify and track objects and people in near-real time.

Recently, facial recognition use cases have led to privacy and civil liberties groups to speak out about potential abuses, with a growing vocal backlash aimed at body-worn cameras and facial recognition technology used in law enforcement surveillance.  Much of the concern centers around the lack of transparency in the use of the technology, potential issues of bias, and the effectiveness of the technology itself.  This has spurred state legislators in several states to seek to impose oversight, transparency, accountability, and other limitations on the tech’s uses.  Some within the tech industry itself have even gone so far as to place self-imposed limits on uses of their software for face data collection and surveillance activities.

Maryland and California are examples of two states whose legislators have targeted law enforcement’s use of facial recognition in surveillance.  In California, state legislators took a recent step toward regulating the technology when SB-1186 was passed by its Senate on May 25, 2018.  In remarks accompanying the bill, legislators concluded that “decisions about whether to use ‘surveillance technology’ for data collection and how to use and store the information collected should not be made by the agencies that would operate the technology, but by the elected bodies that are directly accountable to the residents in their communities who should also have opportunities to review the decision of whether or not to use surveillance technologies.”

If enacted, the California law would require, beginning July 1, 2019, law enforcement to submit a proposed Surveillance Use Policy to an elected governing body, made available to the public, to obtain approval for the use of specific surveillance technologies and the information collected by those technologies.  “Surveillance technology” is defined in the bill to include any electronic device or system with the capacity to monitor and collect audio, visual, locational, thermal, or similar information on any individual or group. This includes, drones with cameras or monitoring capabilities, automated license plate recognition systems, closed-circuit cameras/televisions, International Mobile Subscriber Identity (IMSI) trackers, global positioning system (GPS) technology, software designed to monitor social media services or forecast criminal activity or criminality, radio frequency identification (RFID) technology, body-worn cameras, biometric identification hardware or software, and facial recognition hardware or software.

The bill would prohibit a law enforcement agency from selling, sharing, or transferring information gathered by surveillance technology, except to another law enforcement agency. The bill would provide that any person could bring an action for injunctive relief to prevent a violation of the law and, if successful, could recover reasonable attorney’s fees and costs.  The bill would also establish procedures to ensure that the collection, use, maintenance, sharing, and dissemination of information or data collected with surveillance technology is consistent with respect for individual privacy and civil liberties, and that any approved policy be publicly available on the approved agency’s Internet web site.

With the relatively slow pace of legislative action, at least compared to the speed at which face recognition technology is advancing, some within the tech community have taken matters into their own hands.  Brian Brakeen, for example, CEO of Miami-based facial recognition software company Kairos, recently decided that his company’s AI software will not be made available to any government, “be it America or another nation’s.”  In a TechCrunch opinion published June 24, 2018, Brakeen said, “Whether or not you believe government surveillance is okay using commercial facial recognition in law enforcement is irresponsible and dangerous” because it “opens the door for gross misconduct by the morally corrupt.”  His position is rooted in the knowledge of how advanced AI models like his are created: “[Facial recognition] software is only as smart as the information it’s fed; if that’s predominantly images of, for example, African Americans that are ‘suspect,’ it could quickly learn to simply classify the black man as a categorized threat.”

Kairos is not alone in calling for limits.  A coalition of organizations against facial recognition surveillance published a letter on May 22, 2018, to Amazon’s CEO, Jeff Bezos, in which the signatories demanded that “Amazon stop powering a government surveillance infrastructure that poses a grave threat to customers and communities across the country. Amazon should not be in the business of providing surveillance systems like Rekognition to the government.”  The organizations–civil liberties, academic, religious, and others–alleged that “Amazon Rekognition is primed for abuse in the hands of governments. This product poses a grave threat to communities,” they wrote, “including people of color and immigrants….”

Amazon’s Rekognition system, first announced in late 2016., is a cloud-based platform for performing image and video analysis without the user needing a background in machine learning, a type of AI.  Among its many uses today, Rekognition reportedly allows a user to conduct near real-time automated face recognition, analysis, and face comparisons (assessing the likelihood that faces in different images are the same person), using machine learning models.

A few weeks after the coalition letter dropped, another group, this one a collection of individual and organizational Amazon shareholders, issued a similar letter to Bezos.  In it, the shareholders alleged that “[w]hile Rekognition may be intended to enhance some law enforcement activities, we are deeply concerned it may ultimately violate civil and human rights.”  Several Microsoft employees took a similar stand against Microsoft’s role in its software used by government agencies.

As long as questions surrounding transparency, accountability, and fairness in the use of face recognition technology in law enforcement continue to be raised, tech companies, legislators, and stakeholders will likely continue to react in ways that address immediate concerns.  This may prove effective in the short-term, but no one today can say what AI-based facial detection and recognition technologies will look like in the future or to what extent the technology will be used by law enforcement personnel.

Senate-Passed Defense Authorization Bill Funds Artificial Intelligence Programs

The Senate-passed national defense appropriations bill (H.R.5515, as amended), to be known as the John S. McCain National Defense Authorization Act for Fiscal Year 2019, includes spending provisions for several artificial intelligence technology programs.

Passed by a vote of 85-10 on June 18, 2018, the bill would include appropriations for the Department of Defense “to coordinate the efforts of the Department to develop, mature, and transition artificial intelligence technologies into operational use.” A designated Coordinator will serve to oversee joint activities of the services in the development of a Strategic Plan for AI-related research and development.  The Coordinator will also facilitate the acceleration of development and fielding of AI technologies across the services.  Notably, the Coordinator is to develop appropriate ethical, legal, and other policies governing the development and use of AI-enabled systems in operational situations. Within one year of enactment, the Coordinator is to complete a study on the future of AI in the context of DOD missions, including recommendations for integrating “the strengths and reliability of artificial intelligence and machine learning with the inductive reasoning power of a human.”

In other provisions, the Director of the Defense Intelligence Agency (DIA; based in Ft. Meade, MD) is tasked with submitting a report to Congress within 90 days of enactment that directly compares the capabilities of the US in emerging technologies (including AI) and the capabilities of US adversaries in those technologies.

The bill would require the Under Secretary for R&D to pilot the use of machine-vision technologies to automate certain human weapons systems manufacturing tasks. Specifically, tests would be conducted to assess whether computer vision technology is effective and at a level of readiness to perform the function of determining the authenticity of microelectronic parts at the time of creation through final insertion into weapon systems.

The Senate version of the 2019 appropriations bill replaces an earlier House version (passed 351-66 on May 24, 2018).

At the Intersection of AI, Face Swapping, Deep Fakes, Right of Publicity, and Litigation

Websites like GitHub, Reddit and others offer developers and hobbyists dozens of repositories containing artificial intelligence deep learning models, instructions for their use, and forums for learning how to “face swap,” a technique used to automatically replace a face of a person in a video with that of a different person. Older versions of face swapping, primarily used on images, have been around for years in the form of entertaining apps that offered results with unremarkable quality (think cut and paste at its lowest, and photoshop editing at a higher level). With the latest AI models, however, including deep neural networks, a video with a face-swapped actor–so-called “deep fake” videos–may appear so seamless and uncanny as to fool even the closest of inspections, and the quality is apparently getting better.

With only subtle clues to suggest an actor in one of these videos is fake, the developers behind them have become the target of criticism, though much of the criticism has also been leveled generally at the AI tech industry, for creating new AI tools with few restrictions on potential uses beyond their original intent.  These concerns have now reached the halls of New York’s state legislative body.

New York lawmakers are responding to the deep fake controversy, albeit in a narrow way, by proposing to make it illegal to use “digital replicas” of individuals without permission, a move that would indirectly regulate AI deep learning models. New York Assembly Bill No. A08155 (introduced in 2017, amended Jun. 5, 2018) is aimed at modernizing New York’s right of publicity law (N.Y. Civ. Rights Law §§ 50 and 50-1)–one of the nation’s oldest publicity rights laws that does not provide post-mortem publicity rights–though it may do little to curb the broader proliferation of face swapped and deep fake videos. In fact, only a relatively small slice of primarily famous New York actors, artists, athletes, and their heirs and estates would benefit from the proposed law’s digital replicas provision.

If enacted, New York’s right of publicity law would be amended to address computer-generated or electronic reproductions of a living or deceased individual’s likeness or voice that “realistically depicts” the likeness or voice of the individual being portrayed (“realistic” is undefined). Use of a digital replica would be a violation of the law if done without the consent of the individual, if the use is in a scripted audiovisual or audio work (e.g., movie or sound recording), or in a live performance of a dramatic work, that is intended to and creates the clear impression that the individual represented by the digital replica is performing the activity for which he or she is known, in the role of a fictional character.

It would also be a violation of the law to use a digital replica of a person in a performance of a musical work that is intended to and creates the clear impression that the individual represented by the digital replica is performing the activity for which he or she is known, in such musical work.

Moreover, it would be a violation to use a digital replica of a person in an audiovisual work that is intended to and creates the clear impression that an athlete represented by the digital replica is engaging in an athletic activity for which he or she is known.

The bill would exclude, based on First Amendment principles, a person’s right to control their persona in cases of parody, satire, commentary, and criticism; political, public interest, or newsworthy situations, including a documentary, regardless of the degree of fictionalization in the work; or in the case of de minimis or incidental uses.

In the case of deep fake digital replicas, the bill would make it a violation to use a digital replica in a pornographic work if done without the consent of the individual if the use is in an audiovisual pornographic work in a manner that is intended to and creates the impression that the individual represented by the digital replica is performing.

Similar to the safe harbor provisions in other statutes, the New York law would provide limited immunity to any medium used for advertising including, but not limited to, newspapers, magazines, radio and television networks and stations, cable television systems, billboards, and transit advertising, that make unauthorized use of an individual’s persona for the purpose of advertising or trade, unless it is established that the owner or employee had knowledge of the unauthorized use, through presence or inclusion, of the individual’s persona in such advertisement or publication.

Moreover, the law would provide a private right of action for an injured party to sue for an injunction and to seek damages. Statutory damages in the amount of $750 would be available, or compensatory damages, which could be significantly higher.  The finder of fact (judge or jury) could also award significant “exemplary damages,” which could be substantial, to send a message to others not to violate the law.

So far, AI tech developers have largely avoided direct legislative or regulatory action targeting their AI technologies, in part because some have taken steps to self-regulate, which may be necessary to avoid the confines of command and control-style state or federal regulatory schemes that would impose standards, restrictions, requirements, and the right to sue to collect damages and collect attorneys’ fees. Tech companies efforts at self-regulating, however, have been limited to expressing carefully-crafted AI policies for themselves and their employees, as well as taking a public stance on issues of bias, ethics, and civil rights impacts from AI machine learning. Despite those efforts, more laws like New York’s may be introduced at the state level if AI technologies are used in ways that have questionable utility or social benefits.

For more about the intersection of right of publicity laws and regulating AI technology, please see an earlier post on this website, available here.

Obama, Trump, and the Regulation of Artificial Intelligence

Near the end of his second term, President Obama announced a series of workshops and government working groups tasked with “Preparing for the Future of Artificial Intelligence.” Then, just weeks before the 2016 presidential general election, the Obama administration published two reports including one titled “The National Artificial Intelligence Research and Development Plan.” In it, Obama laid out seven strategies for AI-related R&D, including making long-term investments in AI research to enable the United States to remain a world leader in AI, developing effective methods for human-AI interaction, and ensuring the safety, security, and trustworthiness of AI systems. The Obama AI plan also included strategies for developing shared and high-quality public datasets and environments for AI training and testing, creating standards and benchmarks for evaluating AI technologies, and understanding the national AI research workforce needs. His plan also recognized the need for collaboration among researchers to address the ethical, legal, and societal implications of AI, topics that still resonate today.

Two years after Obama’s AI announcement, the Trump administration in May 2018 convened an Artificial Intelligence Summit at the White House and then published an “Artificial Intelligence for the American People” fact sheet highlighting President Trump’s AI priorities. The fact sheet highlights the President’s goal of funding fundamental AI R&D, including in the areas of computing infrastructure, machine learning, and autonomous systems. Trump’s AI priorities also include a focus on developing workforce training in AI, seeking a strategic military advantage in AI, and leveraging AI technology to improve efficiency in delivering government services. The Trump fact sheet makes no mention of Obama’s AI plan.

Despite some general overlap and commonality between Obama’s and Trump’s AI goals and strategies, such as funding for AI, workforce training, and maintaining the United States’ global leadership in AI, one difference stands out in stark contrast: regulating AI technology. While Obama’s AI strategy did not expressly call for regulating AI, it nonetheless recognized a need for setting regulatory policy for AI-enabled products. To that end, Obama recommended drawing on appropriate technical expertise at the senior level of government and recruiting the necessary AI technical talent as necessary to ensure that there are sufficient technical seats at the table in regulatory policy discussions.

Trump, on the other hand, has rolled back regulations across the board in a number of different governmental areas and, in the case of AI, has stated that he would seek to “remove regulatory barriers” to AI innovation to foster new American industries and deployment of AI-powered technologies. With the Trump administration’s express concerns about China’s plan to dominate high tech, including AI, by 2025, as well as Congressional efforts at targeted AI legislation slowed in various committees, any substantive federal action toward regulating AI appears to be a long way off. That should be good news to many in the US tech industry who have long resisted efforts to regulate AI technologies and the AI industry.

California Jury to Decide if Facebook’s Deep Learning Facial Recognition Creates Regulated Biometric Information

Following a recent decision issued by Judge James Donato of the U.S. District Court for the Northern District of California, a jury to be convened in San Francisco in July will decide whether a Facebook artificial intelligence technology creates regulated “biometric information” under Illinois’ Biometric Information Privacy Act (BIPA).  In some respects, the jury’s decision could reflect general sentiment toward AI during a time when vocal opponents of AI have been widely covered in the media.  The outcome could also affect how US companies, already impacted by Europe’s General Data Protection Regulation (GDPR), view their use of AI technologies to collect and process user-supplied data. For lawyers, the case could highlight effective litigation tactics in highly complex AI cases where black box algorithms are often unexplainable and lack transparency, even to their own developers.

What’s At Stake? What Does BIPA Cover?

Uniquely personal biometric identifiers, such as a person’s face and fingerprints, are often seen as needing heightened protection from hackers due to the fact that, unlike a stolen password that one can reset, a person cannot change their face or fingerprints if someone makes off with digital versions and uses them to steal the person’s identity or gain access to the person’s biometrically-protected accounts, devices, and secure locations. The now 10-year old BIPA (740 ILCS 14/1 (2008)) was enacted to ensure users are made aware of instances when their biometric information is being collected, stored, and used, and to give users the option to opt out. The law imposes requirements on companies and penalties for non-compliance, including liquidated and actual damages. At issue here, the law addresses “a scan” of a person’s “face geometry,” though it falls short of explicitly defining those terms.

Facebook users voluntarily upload to their Facebook accounts digital images depicting them, their friends, and/or family members. Some of those images are automatically processed by an AI technology to identify the people in the images. Plaintiffs–here, putative class action individuals–argue that Facebook’s facial recognition feature involves a “scan” of a person’s “face geometry” such that it collects and stores biometric data in violation of BIPA.

Summary of the Court’s Recent Decision

In denying the parties’ cross-motions for summary judgment and allowing the case to go to trial, Judge Donato found that the Plaintiffs and Facebook “offer[ed] strongly conflicting interpretations of how the [Facebook] software processes human faces.” See In Re Facebook Biometric Information Privacy Litigation, slip op. (Dkt. 302), No. 3:15-cv-03747-JD (N.D. Cal. May 14, 2018). The Plaintiffs, he wrote, argued that “the technology necessarily collects scans of face geometry because it uses human facial regions to process, characterize, and ultimately recognize face images.” On the other hand, “Facebook…says the technology has no express dependency on human facial features at all.”

Addressing Facebook’s interpretation of BIPA, Judge Donato considered the threshold question of what BIPA’s drafters meant by a “scan” in “scan of face geometry.” He rejected Facebook’s suggestion that BIPA relates to an express measurement of human facial features such as “a measurement of the distance between a person’s eyes, nose, and ears.” In doing so, he relied on extrinsic evidence in the form of dictionary definitions, specifically Merriam-Webster’s 11th, for an ordinary meaning of “to scan” (i.e., to “examine” by “observation or checking,” or “systematically . . . in order to obtain data especially for display or storage”) and “geometry” (in everyday use, means simply a “configuration,” which in turn denotes a “relative arrangement of parts or elements”).  “[N]one of these definitions,” the Judge concluded, “demands actual or express measurements of spatial quantities like distance, depth, or angles.”

The Jury Could Face a Complex AI Issue

Digital images contain a numerical representation of what is shown in the image, specifically the color (or grayscale), transparency, and other information associated with each pixel of the image. An application running on a computer can render the image on a display device by reading the file data to identify what color or grayscale level each pixel should display. When one scans a physical image or takes a digital photo with a smartphone, they are systematically generating this pixel-level data. Digital image data may be saved to a file having a particular format designated by a file extension (e.g., .GIF, .JPG, .PNG, etc.).

A deep convolutional neural network–a type of AI–can be used to further process a digital image file’s data to extract features from the data. In a way, the network replicates a human cognitive process of manually examining a photograph. For instance, when we examine a face in a photo, we take note of features and attributes, like a nose and lip shape and their contours as well as eye color and hair. Those and other features may help us recall from memory whose face we are looking at even if we have never seen the image before.

A deep neural network, once it is fully trained using many different face images, essentially works in a similar manner. After processing image file data to extract and “recognize” features, the network uses the features to classify the image by associating it with an identity, assuming it has “seen” the face before (in which case it may compare the extracted features to a template image of the face, preferably several images of the face). Thus, a digital image file may contain a numerical representation of what is shown in the image, and a deep neural network creates a numerical representation of features shown in the digital image to perform classification.  A question for the jury, then, may involve deciding if the processing of uploaded digital images using a deep convolutional neural network involves “a scan” of “a person’s face geometry.” This question will challenge the parties and their lawyers to assist the jury to understand digital image files and the nuances of AI technology.

For Litigators, How to Tackle AI and Potential AI Bias?

The particulars of advanced AI have not been central to a major federal jury case to date.  Thus, the Facebook case offers an opportunity to evaluate a jury’s reaction to a particular AI technology.

In its summary judgment brief, Facebook submitted expert testimony that its AI “learned for itself what features of an image’s pixel values are most useful for the purposes of characterizing and distinguishing images of human faces” and it “combines and weights different combinations of different aspects of the entire face image’s pixel value.” This description did not persuade Judge Donato to conclude that an AI with “learning” capabilities escapes BIPA’s reach, at least not as a matter of law.  Whether it will be persuasive to a jury is an open question.

It is possible some potential jurors may have preconceived notions about AI, given the hype surrounding use cases for the technology.  Indeed, outside the courthouse, AI’s potential dark side and adverse impacts on society have been widely reported. Computer vision-enabled attack drones, military AI systems, jobs being taken over by AI-powered robots, algorithmic harm due to machine learning bias, and artificial general intelligence (AGI) taking over the world appear regularly in the media.  If bias for and against AI is not properly managed, the jury’s final decision might be viewed by some as a referendum on AI.

For litigators handling AI cases in the future, the outcome of the Facebook case could provide a roadmap for effective trial strategies involving highly complex AI systems that defy simple description.  That is not to say that the outcome will create a new paradigm for litigating tech. After all, many trials involve technical experts who try to explain complex technologies in a way that is impactful on a jury. For example, complex technology is often the central dispute in cases involving intellectual property, medical malpractice, finance, and others.  But those cases usually don’t involve technologies that “learn” for themselves.

How Will the Outcome Affect User Data Collection?

The public is becoming more aware that tech companies are enticing users to their platforms and apps as a way to generate user-supplied data. While the Facebook case itself may not usher in a wave of new laws and regulations or even self-policing by the tech industry aimed at curtailing user data collection, a sizeable damages award from the jury could have a measured chilling effect. Indeed, some companies may be more transparent about their data collection and provide improved notice and opt-out mechanisms.

10 Things I Wish Every Legal Tech Pitch Would Include

Due in large part to the emergence of advanced artificial intelligence-based legal technologies, the US legal services industry today is in the midst of a tech shakeup.  Indeed, the number of advanced legal tech startups continues to increase. And so too are the opportunities for law firms to receive product presentations from those vendors.

Over the last several months, I’ve participated in several pitches and demos from leading legal tech vendors.  Typically delivered by company founders, executives, technologists, and/or sales, these presentations have been delivered live, as audio-video conferences, audio by phone with a separate web demo, or pre-recorded audio-video demos (e.g., a slide deck video with voiceover).  Often, a vendor’s lawyer will discuss how his or her company’s software addresses various needs and issues arising in one or more law firm practice areas.  Most presentations will also include statements about advanced legal tech boosting law firm revenues, making lawyers more efficient, and improving client satisfaction (ostensibly, a reminder of what’s at stake for those who ignore this latest tech trend).

Based on these (admittedly small number of) presentations, here is my list of things I wish every legal tech presentation would provide:

1. Before a presentation, I wish vendors would provide an agenda and the bios of the company’s representatives who will be delivering their pitch. I want to know what’s being covered and who’s going to be giving the presentation.  Do they have a background in AI and the law, or are they tech generalists? This helps prepare for the meeting and frame questions during Q&A (and reduces the number of follow-up conference calls).  Ideally, presenters should know their own tech inside and out and an area of law so they can show how the software makes a difference in that area. I’ve seen pitches by business persons who are really good at selling, and programmers who are really good at talking about bag-of-words bootstrapping algorithms. It seems that best person to pitch legal tech is someone who knows both the practice of law and how tech works in a typical law firm setting.

2. Presenters should know who they are talking to at a pitch and tailor accordingly.  I’m a champion for legal tech and want to know the details so I can tell my colleagues about your product.  Others just want to understand what adopting legal tech means for daily law practice. Find out who’s who and which practice group(s) or law firm function they represent and then address their specific needs.

3. The legal tech market is filling up with single-function offerings that generally perform a narrow function, so I want to understand all the ways your application might help replace or augment law firm tasks. Mention how your tech could be utilized in different practice areas where it’s best deployed (or where it could be deployed in the future in the case of features still in the development pipeline). The more capabilities an application has, the more attractive your prices begin to appear (and the fewer vendor roll-outs and training sessions I and my colleagues will have to sit through).

4. Don’t oversell capabilities. If you claim new features will be implemented soon, they shouldn’t take months to deploy. If your software is fast and easy, it had better be both, judged from an experienced attorney’s perspective. If your machine learning text classification models are not materially different than your competitors’, avoid saying they’re special or unique. On the other hand, if your application includes a demonstrable unique feature, highlight it and show how it makes a tangible difference compared to other available products in the market. Finally, if your product shouldn’t be used for high stakes work or has other limitations, I want to understand where that line should be drawn.

5. Speaking of over-selling, if I hear about an application’s performance characteristics, especially numerical values for things like accuracy, efficiency, and time saved, I want to see the benchmarks and protocols used to measure those characteristics.  While accuracy and other metrics are useful for distinguishing one product from another, they can be misleading. For example, a claim that a natural language processing model is 95% accurate at classifying text by topic should be backed up with comparisons to a benchmark and an explanation of the measurement protocol used.  A claim that a law firm was 40-60% more efficient using your legal tech, without providing details about how those figures were derived, isn’t all that compelling.

6. I want to know if your application has been adopted by top law firms, major in-house legal departments, courts, and attorneys general, but be prepared to provide data to back up claims.  Are those organizations paying a hefty annual subscription fee but only using the service a few times a month, or are your cloud servers overwhelmed by your user base? Monthly active users, API requests per domain, etc., can place usage figures in context.

7. I wish proof-of-concept testing was easier.  It’s hard enough to get law firm lawyers and paralegals interested in new legal tech, so provide a way to facilitate testing your product. For example, if you pitch an application for use in transactional due diligence, provide a set of common due diligence documents and walk through a realistic scenario. This may need to be done for different practice groups and functions at a firm, depending on the nature of the application.

8. I want to know how a legal tech vendor has addressed confidentiality, data security, and data assurance in instances where a vendor’s legal tech is a cloud-based service. If a machine learning model runs on a platform that is not behind the firm’s firewall and intrusion detection systems, that’s a potential problem in terms of safeguarding client confidential information. While vendors need to coordinate first with a firm’s CSO about data assurance/security, I also want to know the details.

9. I wish vendors would provide better information demonstrating how their applications helped others develop business. For example, tell me if using your application helped a law firm respond to a Request for Proposal (RFP) and won, or a client gave more work to a firm that demonstrated advanced legal tech acumen.  While such information may merely be anecdotal, I can probably champion legal tech on the basis of business development even if a colleague isn’t persuaded with things like accuracy and efficiency.

10. Finally, a word about design.  I wish legal tech developers would place more emphasis on UI/UX. It seems some of the offerings of late appear ready for beta testing rather than a roll-out to prospective buyers. I’ve seen demos in which a vendor’s interface contained basic formatting errors, something any quality control process would have caught. Some UIs are bland and lack intuitiveness when they should be user-friendly and have a quality look and feel. Use a unique theme and graphics style, and adopt a brand that stands out. For legal tech to succeed in the market, technology and design both must meet expectations.

[The views and opinions expressed in this post are solely the author’s and do not necessarily represent or reflect the views or opinions of the author’s employer or colleagues.]