Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1227987
46 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S P R I N G 2 0 2 0 The problem with AI solutions alone Steve Lohr, a New York Times Technolo reporter, has been quoted as saying AI is "A tireless assistant, but one occasionally in need of human supervision." The problem with AI is not necessarily with the technolo itself, but how it functions on its own. To benefit from AI technolo, your firm will need to have a massive dataset for it to learn from. And, even if you have a large and complete dataset, an AI solution may still identify false positives and false negatives. AI solutions, for example, may think an email you try to send Jane in the Commercial team is okay because you email her all the time. What it doesn't realize is that the file you've attached is meant to go to Jane, your accountant, and contains the full details of your earnings. That is a false negative. Lawyers for PepsiCo may not have been protected by AI software when it emailed other lawyers and a Wall Street Journal reporter by mistake, revealing that its client was under investigation by the SEC. AI might not have picked up on the presence of a reporter as an issue if the firm had emailed them previously about a similar topic. The firm asked the reporter to delete the email, which he claimed to have done. However, he had printed the email and kept hard copies and soon published the story. A false positive – where an AI solution flags an email that is perfectly legitimate – is less damaging but could decrease the confidence users' have that the technolo is working as it is supposed to. Human error goes beyond emailing the wrong person. Often, it is an improper attempt at redaction in a shared document, and the subsequent exposure of the confidential information. Paul Manafort's lawyers experienced this kind of breach last year when a failed redaction exposed potentially incriminating information about their client, said to be the clearest evidence yet of coordination between the Trump presidential campaign and the Russians. Redaction seems to have been attempted in Word or PDF by drawing a black box over the text or highlighting it in black. But, when the document was distributed, the text layer was still there. You could read it just by copying/ pasting it into a new document. Your email data loss prevention solution should alert the sender to the presence of improperly redacted text, so it can be fixed before it has the chance to leave the firm. Sensitive information can also be shared in the form of document metadata. Track Changes, hidden columns in spreadsheets, or columns left in documents can tell the reader much more than the sender intended. Most firms are already across the risks of metadata and the types of personal information it can expose, but staff may need a reminder to clean their documents before emailing them. An alert that shows when a user hits send and asks if the metadata should be removed ensures they don't miss this vital step. Another human error risk we see more and more is sharing of documents or information with unauthorized recipients – usually without the sender realizing the recipient doesn't have permission to view it. Firms are moving toward zero-trust and pessimistic security "Human error goes beyond emailing the wrong person." F E A T U R E S