Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Yeah the whole team. The whole league discovery team.
Richard Legg
Partner, Mishcon Discover
It’s gone down now, five.
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Hi everyone, we’re just waiting for a few people to, to join and then we’ll get started. Thanks for joining us today.
You can see the numbers going up a little bit so we are just going to wait for a few people to join. We’re not even at the hour yet so everyone’s nice and early.
Give people just a couple of minutes to get started.
Thanks for joining everybody, we’re just waiting for a few people to join and then we’ll get started.
Just give everyone a couple more minutes to join.
And we’ll get started in a minute or so.
Okay I think we’ll get started, I can see the numbers still going up a little bit but just to say thank you very much for joining us. Today’s session is the latest in our Diligence 2030 series. The sessions look at investigations techniques in the sort of sphere of private investigations in the context of you know, legal firms. So this time we are focussing on the role that technology plays in investigations because that’s very much part of our world. I am joined by some expert panel members today and I’ll get them to introduce themselves shortly. If you want to get in contact with any of the speakers directly, please do click on the resources tab down below and you’ll be taken to their bio’s and contact details and there will be recording for the session for everyone that signed up which is great and if anyone’s missing it and we will be taking questions at the end. Please do feel free to use the Q&A function at the bottom to submit these, not the chat function if you please. Right so technology, it has always formed a major part of investigations and you know, from the birth of finger print analysis in the early 20th century, mobile phone analysis in the late 20th century, social media analysis; these have all been sort of milestones in the use of technology and now, nowadays we are looking at things like the use of drones and AI but as with all forms of evidence in intelligence technology has to be employed with due regard to legality and an understanding of how it works and critically its limitations because I think there’s a common misconception that technology can solve all your problems. It can’t and you can’t get from A to B without knowing how to drive so equally if you don’t have a foundational understanding of block chain technology you can’t conduct a crypto currency tracing exercise. It’s my view that over reliance on technology can lead to imperfect assessments, erroneous judgments, intelligence failures and of course in the worst case, miscarriage of justice. In this session we are going to explore just a few aspects of the use of tech in modern investigations, hearing from E-discovery and our reputation teams as was who use technology and also come up against technology in their investigations so thanks for joining us and I am looking forward to an engaging and informative session. So my name is Mark Tibbs, I’m a partner in the cyber risk and complex investigations practice within Mishcon de Reya. I am joined by Richard and Hazel. Richard.
Richard Legg
Partner, Mishcon Discover
Good afternoon, my name is Richard Legg so I run the firm’s standalone E-discovery business called MDR Discover and I am also a partner in Mishcon de Reya. Thank you very much.
Hazel Brayden
Managing Associate, Reputation, Protection and Crisis Management Team
Lawyer, Mishcon de Reya
Hi there, I am Hazel Braydon, I am a managing associate in the reputation, protection and crisis management team at Mishcon and I am a lawyer.
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Oh yes I should say I am not a lawyer and neither is Richard. We are not lawyers. Just in case.
Richard Legg
Partner, Mishcon Discover
No.
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Yes okay thanks very much guys. Hazel do you want to lead us in with the first topic?
Hazel Brayden
Managing Associate, Reputation, Protection and Crisis Management Team
Lawyer, Mishcon de Reya
Yeah of course. So the first topic that we wanted to talk about is new technology and investigations so as Mark touched upon, technology really is revolutionising investigations so we’ve got the growth of social media and the rise of open source intelligence and this all means that a significant amount of data and information can be found online and more recently AI tools have introduced new and more creative ways of discovering and analysing evidence. So my questions for you Mark and Richard are – in your opinions, what technologies have most impacted investigations over the past few years and how can new technology compliment the more traditional investigative methods that we’ve used?
Richard Legg
Partner, Mishcon Discover
Sure thanks Hazel, I think within my, within the E-discovery world I think over the last 10-15 years actually we’ve seen like some pretty significant changes. It started around 10 years ago when they started to introduce tech to analytics or some of you may know it as predictive coding into the document review platforms and the main advantage with that technology obviously was that it, the main thrust was to reduce the amount of irrelevant material that needs to be sifted through by lawyers, paralegals and obviously that’s all done at a massive cost to the client and the other problem with that solution was it’s still a bag of words solution in the sense that it’s only able to compare documents based on their textual contents and it would basically therefore suggest documents which are most likely to be relevant based on prior coding decisions and I think it’s clear now that in the E-discovery space especially as we are on the precipice of another massive change in the way that we identify and review documents because we are starting to see the introduction of Gen AI capabilities into the review platforms and obviously you may think why has it taken so long for these technologies to be introduced when obviously the advantage is so apparent. The initial problem was around the security and the client data in the public domain etcetera and a lot of those concerns have now been addressed in the sense that you know the client data will stay within your secure perimeter and then the other problem was obviously we deal with vast volumes of documents in the E-discovery space so we need to be able to analyse all of those documents in a sensible realistic sense to kind of get the investigator to review the relevant documents. So with the introduction of Gen AI into these platforms we are now going to go into a new age where we are going to have lawyers crafting prompts etcetera and those prompts will obviously help the lawyers to identify the key documents in a much more swift fashion and it’s really going to I think change the way in which we do these reviews but I think it is also important at this point to know, I think it’s not, this is not some kind of magic wand that we are going to wave over the documents and it’s going to complete our view, it’s basically the way we see it here is basically going to act as an assistant in the reviews and it is basically going to help the investigators or reviewers to locate that relevant information as quickly as possible.
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Yep and I think, I mean what Richard’s talking about sort of I guess reviewing internal documents and, and looking at you know, a data set that might be private. A lot of our work is around looking outside, looking externally to find information so I think AI is certainly a game changer and we’ll talk about that in the next topic as well but I’d argue that in many ways it’s an extension of a tech trend that’s been changing investigations for several years so it’s the use of automation, it’s the internet, it’s the digitisation of information both public and what used to be private which is probably the biggest impact in the last 20 years on investigations that I’ve seen as well because it used to be the case that if you wanted to know something about someone’s background you know, some of your sources would be restricted to very manual methods, you know, human sources, news media, you might have to go to a public archive stored on a microfiche, you know local library you know, now thankfully a lot of that information is, is digitised and available to search but you know you can find, I would argue you can find information around most, maybe most internet users just based on you know, information they’ve published about themselves on social media or that’s been published about them by other sources or that’s been leaked about them from hacking attacks you know, or news websites or blogs you know, all of this is made for a much more interesting and much more available set of, of information for investigators so yeah, and much of this detection of the information is aided by automation so the use of things like data mining tools that exploit information stored on data bases etcetera. So that’s, to me that’s the kind of, that’s the key change in the last 20 years, it’s that digitisation and obviously the birth of the internet but that’s not to say that traditional sources are not still extremely useful so I think you should be careful not to throw the baby out with the bath water and not focus entirely on internet sources of information or digital sources of information because we all know that a well-placed human sources like a former employee or a business associate will obviously know more information about an entity which is not obvious from public sources so you know, it’s the seeds of that kind of information combined with powerful search tools in the classic intelligence cycle that will lead to the best results in my view.
Hazel Brayden
Managing Associate, Reputation, Protection and Crisis Management Team
Lawyer, Mishcon de Reya
Great thank you and then topic two, so we wanted to talk about AI and investigations so the development of AI is often surrounded by quite a lot of fear and misconceptions you know, certainly us as lawyers are worried about it but it does hold significant potential for enhancing investigative work. So my question to you are what are the practical applications of AI in private investigations and how can we seek to de-mystify common misconceptions about its use.
Richard Legg
Partner, Mishcon Discover
Thanks Hazel, I think for the, the large language model LLM’s you will no doubt be more familiar with their more common names of Chat GPT X or open AI etcetera, I think one of the biggest concerns especially we’ve had internally or like client’s have is that you know, will, where will this data eventually reside, will it be used to improve you know, the large language models’ functionality but I think most of these kind of security issues have been addressed now and we are obviously able to keep the data within our secure perimeter and then there’s this also this widely known misconception, well not a misconception, these things do have the ability to do that but it is around hallucination and you know, providing false answers when you’re crafting your prompts and the answers that it gives you, you know the integration of these tools into my, into the E-discovery space is to try address those problems as best as possible and it’s trying to eliminate the hallucinations etcetera as well and it is like I said before, I don’t think this isn’t some kind of silver bullet that we’re just going to let the LLM do all the work in terms of carrying out our review, we’re still needing lawyers and investigators sat working alongside the platform to sit there and verify the results and make sure it is doing exactly as you intend it to do.
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Yep so it’s yeah, private LLM’s you know which don’t share training data are quite clearly a fantastic tool. When they’re used with the correct prompts and you know the results scrutinised I’d argue, agree with Richard, it’s not going to replace the human mind but I think it is certainly going to speed it up and it is certainly going to mean that investigators can be more effective in a shorter amount of time so you know, we use AI to summarise you know, complex legal documents, to structure unstructured data so what it’s done is it’s allowed a user that isn’t necessarily particularly technical to perform technical tasks that previously would have required coding knowledge for example you know and what I said about sort of structuring unstructured data or even actually coding you know, writing code to, to be able to perform some sort of investigative task. That is the sort of thing that you know, that’s the power that comes with an LLM which is, which is you know, obviously very, very beneficial and I think the point about hallucinations well it’s not a different, it’s not a different challenge in many ways to miss information which we’ll talk about later or you know, you know, information false positives or anything like that where it requires a sort of very complex set of scrutiny, scrutinisation of the results you know, we wouldn’t take intelligence that we’d found on line at face value, we’d seek to cooberate it, we’d seek to understand the source you know, all those things still, still hold up for using any tool I would argue and that includes large, yeah LLM’s and yeah so in particular I guess my main message is like I wouldn’t, I wouldn’t over rely on these kind of technologies and I would consider them and we do consider them a useful tool but they are not a replacement for a human and they are not a replacement for human analysis. And then the other, I suppose the other sort of big kind of application of, of AI in our world is the use of facial recognition technology so there are for example websites that will allow you identify people’s faces from images you know and obviously there is an awful lot of data protection kind of concerns around the use of these but they are certainly going to be used in investigations particularly where’s there a lawful purpose to use them and you know, we’ve had examples where we’re looking to understand who someone is from an online photograph they’d posted of themselves and these kind of tools are very useful for identifying sort of blogs, we had the identity of a fraudster uncovered through the use of facial recognition technology so I think my key message with all these things is, make sure you do your DD before accepting you know, investigations or investigators that will use these tools to ensure you understand how they approach it, how they approach the technology, how they approach the data protection issues and get comfortable that there’s you know, sufficient human oversight so I would be asking a few questions basically is what I am saying.
Richard Legg
Partner, Mishcon Discover
Right thanks Mark. So our third topic is hacking and a crypto currency investigations and as we all know, bank heist, you know, they are so 1990’s, all of the biggest frauds and robberies that are achieved now, they are being done through cybercrime. Ransomware and digital theft cause millions of pounds of losses worldwide. Sometimes, you know they cause irreparable damage to operations and reputation. So the question for Mark and Hazel, so can you tell us about your experience with crypto and hacking cases and the use of tech in these?
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Sure, so I mean another part of my, my role is within investigating cyber incidents and, and by their very nature hacking cases they are achieved at least partly through the use of new technology typically or technology for example so it is very often new technology which has had some sort of hole or vulnerability that’s been exploited which is you know, the initial access point, the initial kind of like point of attack in one of these cases. So these kind of crimes are only possible because of the new technology and the new software that they exploit so in the world of cybercrime top crime groups they benefit from this sort of virtual arms race where you’ve got researchers that are constantly looking for vulnerabilities and then you’ve got attackers who are looking to use them and then, and then you’ve also got people trying to defend against them so there’s a whole underground market; you can purchase code to do this etcetera, it’s very interesting, I find it very interesting but in my team as well sort of keeping up to date with these new vulnerabilities and exploits helps us to protect our clients from cyber-attacks. It also helps us understand how intrusions and tests happen so yeah, very much part of my, my role is kind of understanding new technology and understanding how it is exploited and then in terms of crypto currency which is favoured by cyber criminals, I’m not saying it’s the only use of crypto currency as we know, crypto currency has got way more legitimate uses but it is a favoured tool for cyber criminals because of its kind of semi anonymous features I guess and it’s the discovery of bitcoin and its successes which kind of oil the wheels of cybercrime and allowed for quick and easy theft, laundering of proceeds of crime so in our team yeah, we frequently assist our fraud disputes with tracing of crypto currencies across the block chain to understand likely exit points and working with lawyers like Hazel to get legal orders to disclose information for example but we had one case I’ll share with you which was an international hacking case where a suspect had stolen some digital data from their victim using and exploit, this is a piece of code that’s designed to take advantage of a vulnerability and they were identified as an individual in the UK and we were able to also identify about $1 million dollars’ worth of assets in crypto currency from their use of a vanity domain so and this eventually has had some police action against it now so, so you know these kind of crimes were not even conceivable perhaps 15 years ago, 10 years ago but now they are actually conceivable and they are solvable through the use of, well we use crypto currency tracing software to help us with those investigations and open sources, in this case as well.
Hazel Brayden
Managing Associate, Reputation, Protection and Crisis Management Team
Lawyer, Mishcon de Reya
Yeah and in the reputation team so we’ve worked for prominent individuals whose personal data including their photos or their financial information might have been accessed or hacked so there was obviously the big iCloud hack that happened a few years ago and it could have been shared online or with third parties and the nature of our instruction is we usually work with Mark’s team to investigate the source of the hack and then it might be a case of sending take down requests to sites and third parties, it could be privacy notices or copyright notices and we’ll work with third parties including the authorities where required. And then in terms of companies, we’ve acted for companies who have been the victim of breaches or hacks and also extortion attempts so that includes ransomware demands and the first step in any investigation is to secure the data so that’s when we’ll work with Mark’s team and then also to ensure that there is a ring of confidentiality and privilege and a safe way to communicate whilst the investigation is ongoing. It is also essential to ensure that the cyber incident response protocol is actually being followed, all actions are being logged because timing is really crucial during the first few hours and days of an attack and then also depending on the severity of the data accessed, you know, what’s been taken and other factors including you know, jurisdiction it can involve reporting to regulators, customers or clients and working with comms teams to prepare public statements you know, this is something that’s going to be picked up in the press but it is really crucial that individuals and companies are prepared for the worst, that there’s ongoing training in place, that there’s also regular cyber incident simulations and that’s something that we work with companies and also individuals and to review their protocols and also prepare them for these types of attacks.
Richard Legg
Partner, Mishcon Discover
Thank you very much. So our last topic is around misinformation and disinformation. I think we all know it’s a sad fact the spread of misinformation then disinformation campaigns is increasing online, worldwide. Harmful actors able to spread falsities quickly and cheaply primarily obviously on social media. So question for Mark and Hazel, can you talk us through some experience you have of supporting victims of these kinds of campaigns and the role that technology plays in these?
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Sure. Yeah I think, so this is an example of where technology has been used against us really so, or against our clients and you know we see, we see the intentional publishing of data which is malicious you know, online smear campaigns or sort of malicious PR campaigns, they might be called and there are common issues, we see them cropping up again and again and typically they are sort of facilitated by kind of organised groups as well I would argue so we’re looking at networks that have been established and infrastructure, this is sort of internet infrastructure that’s been established in order to publish false stories in order to you know, besmirch the reputation of individuals. It can be strategic, it can be part of a you know, a PR campaign to support litigation against someone, it can be, it can just be sort of revenge we’ve seen as well, all sorts of things like that and we’re in the business of helping Hazel and her team and I think Hazel will talk a little bit more about how they help their clients through these kind of incidents. But yeah so it’s the, it’s the amplification, it’s the search engine optimisation and sort of unpicking these which requires a specific set of skills and knowledge I’d argue including sort of digital forensics, legal expertise, deep understanding of how things operate, a deep understanding of how people will try and remain anonymous online and sort of unmasking these kind of trolls. There are tools that are available to understand if you know, these networks are false persona’s you know, there are characteristics of social media that sometimes make it extremely obvious, things like the inorganic growth in followers to understand you know, what you are dealing with but, but again it’s about a level of experience within your investigations team to be able to unpick and understand that. And also I’d say you know, with these cases the sort of use of technology to help with them, it’s not just about I’ve mentioned data mining tools and we use those as well but there’s also sort of monitoring tools that will help flag any changes so for example, new domains or new IP addresses or, or new social media accounts or new tweets, whatever it might be because it’s a dynamic and often very fast moving and changing environment and so, whereas an individual kind of investigation will provide a snapshot, sometimes our clients require us to understand the changing picture as well around these kind of cases so that we can react really quickly, so we are proactively able to kind of address the issues and try and get infrastructure taken down for example.
Hazel Brayden
Managing Associate, Reputation, Protection and Crisis Management Team
Lawyer, Mishcon de Reya
Yeah and I’d add to that the, just taking a step back, it’s important to understand the distinction these campaigns. Whilst misinformation is false or inaccurate information that might be spread innocently without an intention to deceive, disinformation campaigns are deliberate and they cause you know, serious harm to not only the individuals and companies which are victims or targeted of these but also democracy itself and we saw this in the riots in England and also the mistruths that were spread about political candidates in the lead up to the July election and we regularly act for individuals, companies and charities in helping to combat both types of campaigns and the specific strategic approach really depends on a number of factors so what is the nature of the information being spread, who might be behind it, which platforms or publishers are hosting the information, which jurisdictions are caught and who is reading the information and what ultimately are the risks of engaging with publishers or bad actors. As Mark said, the strategy really is multifaceted and it often involves a combination of legal action, external digital providers and specialist PR experts and it might include rather than you know, going to the source and writing to someone who is publishing these mistruths who probably would relish that and would love the oxygen that a public fight could bring, it could be that you work with external providers to amplify truthful content to counter balance the proliferation of false information and in terms of social media platforms and publishers, you know some are quicker or slower than others to respond to take down requests and a key consideration is what are the legal tools that are actually available to the client and does it meet the threshold proclaim, does it breach their terms and conditions, is there a privacy complaint here and actually is there something that’s better escalated to the authorities if a criminal offence has occurred. And in the UK we have you know since last year, the introduction of the Online Safety Act but it hasn’t really you know, taken affect yet as in we are not getting the impact that we’d hoped but hopefully in time there will be greater protections against disinformation campaigns in the UK whilst also preserving freedom of expression rights that are so key in our society.
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Thanks Hazel, I think we’ve probably just got time for maybe one question, so I’ve got one question here about how has the use of drones impacted investigations and I think probably it’s me that has to answer that one isn’t it. So, so drones yeah they are used by some investigators to collect information to do surveillance. There’s, there’s a specific set of rules and legislation that cover drones, GDPR, data protection is still key so peoples sort of expectation of privacy is still key but it is the same sort of legislation that guides traditional surveillance as well. There are also some licensing requirements I think from the CAA for example so I guess, I guess again it’s my, the same message is if you are working with investigators who are using these kind of methods, using drones then just to make sure that you understand how they are approaching it, how they are approaching the legality of it, the proportionality of it and yeah, are they licensed, can they show you know, can they prove that just a little of DD is my, is my advice. So I think, I think that draws us nicely to the end of our session, thank you very much to Hazel and Richard for your insights. If you’ve got any outstanding questions we will answer them by email. There will be a recording of the session sent to everyone who signed up and our contact details so thank you very much and again if you want to get in contact with any of us directly, please click on the resources tab down below and you’ll be taken to their bio’s, everyone’s bio’s and contact details. Alright thank you very much for joining.
Richard Legg
Partner, Mishcon Discover
Thank you.
Hazel Brayden
Managing Associate, Reputation, Protection and Crisis Management Team
Lawyer, Mishcon de Reya
Thank you. Bye.
Mark Tibbs
Partner, Cyber Risk and Complex Investigations Practice
Mishcon de Reya
Thanks bye, bye.