The Accountability Problem Behind AI Adoption 

Intro 0:00

Welcome to the She Said Privacy/He Said Security Podcast, like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st Century.

Jodi Daniels 0:21

Hi. Jodi Daniels, here, I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

Justin Daniels 0:35

Hi, I am Justin Daniels, I am a shareholder and corporate M and A and tech transaction lawyer at the law firm, Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cyber security risk. And when needed, I lead the legal cyber data breach

Jodi Daniels 1:00

response brigade, and this episode is brought to you by no one can hear the hair lift. Red Clover Advisors, we help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology e commerce, professional services and digital media. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers to learn more and to check out our best selling book, Data Reimagined: Building Trust One Byte at a Time. Visit redcloveradvisors.com.

Justin Daniels 1:40

Hello, hello. What’s up? It’s spring. How many cups of coffee did you have today?

Jodi Daniels 1:45

I just had my normal cup of coffee.

Justin Daniels 1:47

Yes, but you have that space age coffee maker now?

Jodi Daniels 1:51

It’s just modern. Space Age curious. I have a square coffee maker that skews modern, but I like it. It’s It’s sleek.

Justin Daniels 2:02

Wow, impressive. All right, well, let’s introduce our guests today, which we’re excited to have. So today we have Kristin Calve, the editor and publisher of Law Business Media. So she is the editor and publisher of Corporate Counsel Business Journal, and co founder of Law Business Media. She leads editorial strategy focused on AI governance, legal operations and board level risk, and convenes forward leaning legal leaders through interviews, events and industry analysis. Hi Kristin,

Kristin Calve 2:38

hi everyone. Thank you for having me today?

Jodi Daniels 2:41

Well, we’re glad you’re here, and we always start with helping understand your career journey to what you’re doing today. Sure.

Kristin Calve 2:50

Thank you. So I’m not new to legal media. I started out in this area working for American Lawyer Media. While I was there, I worked on the daily deal. I helped them build their verdict and settlement reporting and research business through a buy build strategy. And here I am continuing in this area of Information Services, really, with Corporate Counsel Business Journal, we also publish pin Hawk newsletters. And in that context, we produce a tremendous amount of content for legal executives, but we don’t report on case law and business like that. We really look at the marketplace in terms of legal executives and the resources that they need to do their jobs best, and a lot of that is around technology. What we experience in talking to folks is that it’s a big world of tech out there, and we try to help them understand the difference between the many players.

Jodi Daniels 4:00

That makes sense. I think it’s always fascinating how there’s an entire industry of legal media, and you could probably find similar things across industries. I just always find that fascinating. Why are you laughing at me?

Justin Daniels 4:11

Because so many people mistake you for being a lawyer.

Jodi Daniels 4:15

They just need to disagree this great combination, because I always wanted to do media and communication. So see, I’ve blended, blended things together.

Justin Daniels 4:26

So Kristin, you spend a lot of time speaking with GCS, legal, ops, leaders and founders. What are they most concerned about right now when it comes to AI and governance?

Kristin Calve 4:37

Well, there’s, there’s a lot to unpack in that. But I think for a lot of the folks that I talk with, it’s this. The dialog kind of goes like this. The CEO says, Hey, honey, go out and pick up some AI on the way home and feed it to the kids, because somebody said it’s really important for them to have. It, and they’ll do better in life with a lot of AI and and it’s this arm’s length approach to AI from many executives that it’s something that we have to have. They don’t, but it’s not for them. It’s for others. In the context of legal, I think that we’re seeing a lot of organizations deploying legal in, excuse me, AI, sort of in a polarized way, either it is a side job for people where they are exploring AI, not with an intention around it. And then you have others who are prescribing AI, how that looks in terms of governance is really skewed by how an organization is regulated. So for law firms, we’re seeing organizations gravitate toward what are now known brands like Harvey less, legora, I’m hearing, but that’s a different type of product, and it’s it’s very tricky. I have some ideas that I can share around the approach so, but I think the number one issue facing law firms and corporations is the controlled deployment of AI, and that’s who’s going to have it, and how are they going to be allowed to use it?

Jodi Daniels 6:34

Oh, Justin, you had a question, not sure. Oh, okay, I thought you had a follow up. No, not at all. So, Kristin, one of the things you talk about is where power and responsibility live inside an AI driven system. How do you think organizations should be thinking about allocating accountability when decisions are increasingly embedded in this technology,

Kristin Calve 7:03

I think that’s going to go back to the regulatory landscape in a lot of respects. Most, the most organizations know their regulators. They know what’s permissible, and they are going to reverse engineer their tech and their approach towards what’s permissible in other areas of the regulatory landscape, like gaming and gambling, you’ll hear the conversation be that We’re building the plane while we’re flying it, and that’s what we’re seeing here, but it’s like boiling the ocean because AI is already it’s infrastructure. It is a part of everything we are doing already. So the horse is out of the barn there, and we’re just trying to control the way people are using it, and knowing the way people are using it, which is probably the greater question.

Jodi Daniels 8:07

I’m curious. Do you see any teams so in your work, in conversations with companies, are there any teams more than another that might have that accountability, that maybe they’re the ones responsible more than other teams

Kristin Calve 8:24

in corporations. We’re seeing it much. Much of that responsibility is falling on the legal operations function. Those are the operators of the technology. So they’re managing if it’s in within litigation, they’re managing deadlines. If it’s in contract management, they’re also managing deadlines. You’re these are the teams that manage tariffs, right? They report sales tax and all of that, and they are at the center of operations with finance, HR, sales, business side functions more so than the attorneys or general counsel themselves, because they keep the trains running on time, and they do so much of the reporting of I was on a panel at legal week with folks who were on the audit committee, so they’re right there, and they are the People who, before AI, prescribed all of the workarounds. They took data from A to B platform. They engineered a lot of the vibe coding the last year or two that were connecting different platforms so they know not just the how things happen, but why, and that’s unique.

Jodi Daniels 9:44

I appreciate you sharing. Thank you,

Justin Daniels 9:47

I guess, kind of related from your vantage point. You know, how does AI fundamentally change the role of what legal judgment is inside companies and the people that you’re talking. Talking to I

Kristin Calve 10:00

think that while AI is bringing speed to organizations and a higher capacity, the institutional knowledge is where the judgment is coming in, and that that still goes back to the legal operations executives knowing why they wrote a prompt a certain way, why something is scheduled a certain way, and that is really a lot of the decision making in terms of interpreting The Law, which some of the platforms are are hoping or aspiring to achieve. I’m not sure we’re there yet, but when I talk to people about reasoning, that’s an entirely different conversation, and I think that’s where knowing your your intention of using AI, if it’s for speed or capacity, ediscovery has been using machine learning forever, and that’s probably, you know, tar technology assisted review, those are as close as we’ve seen to using judgment along with the ability to have high capacity and high speed framing of content,

Justin Daniels 11:24

kind of as a follow up, I’d love to get your perspective on you know, AI, I use it every single day in my practice, I’ve drank the Kool Aid. I feel I have to, or else I can be at a competitive disadvantage. But what do you do? Like, when I go and teach a class at a law school with younger folks, or you have people who are maybe coming into their first in house role, or some of the younger Attorneys at Law firms. I know we’ve talked a lot about this, but what are your thoughts around how this changes the professions for the people who are getting into it who maybe don’t have the 27 years of experience that I do doing what I do to evaluate AI and how they get trained differently, because some of the tasks were I had to do that were pure drudgery, like doing due diligence memos, the AI is going to do it.

Kristin Calve 12:16

I think that that is I just don’t, I sincerely don’t think that that’s changed very much, that you have to know things. I mean, you have to have institutional knowledge. You have to have you have to have this knowledge. So when I talk to my kids about it, I’ll say to them, so if you get in the car and you program the GPS to go somewhere, if you don’t know where that place is, it could, you can still go the wrong way. You have to have some sense of of the location you’re trying to get to. So when I talk to librarians, for example, folks at double A, Double L, you know, they’ll say to me, Oh, this is like when we got the internet, and being able to recognize things that are true or not, is a skill. I think that’s the same with the people coming up. They’re going to have to have experiences, they’re going to have to read they’re going to have to sit in courtrooms, they’re going to have to listen to depositions. They’re going to have to do all of that. It’s just going to look different the way they consume information and verify it.

Jodi Daniels 13:25

You had mentioned earlier about the institutional knowledge and documenting prompts. For example, where are you finding people are putting that type of information? You know, imagine you have someone they wrote x, y, z prompt. This process happens. They go off and find something new. How are teams capturing that type of information?

Kristin Calve 13:49

I’m not seeing consistency there with the prompt. A lot of that conversation has really been around what’s discoverable and intent. So for example, when I was at Georgetown law’s advanced e discovery back in November, there was a conversation, really off the cuff, around one group had over 110,000 internal meeting recordings.

Jodi Daniels 14:21

Wow, that’s a lot

Kristin Calve 14:23

of meetings. I should say that that they know that they knew of so we’re living in this like the world, the floor is lava here, right? We don’t know who’s recording when they’re recording. We don’t know where that’s going when people are doing research, whether it’s within a matter or for other reasons, all of those prompts, too are now discoverable. So there’s all of this other information coming out. You probably do this with the podcast, taking a recording and digesting it and using prompts to ask questions about it. Or other things, that’s a whole new level of of questioning how, how you got to where you were, you were going, and why you were going there, and all of it.

Jodi Daniels 15:11

It’s a good point. I do think it’s an area for anyone listening that capturing that type of information and creating some consistency would be a good, a good next step.

Justin Daniels 15:24

So you bring up a good point about the example with 1000 recordings, because I have 100,000 Okay, 100,000 recordings, because I get on calls with people who still bring on the AI note takers, and I have to tell them to shut it off, because I don’t know where the data went or is going, and it could completely undermine what I’m about to say from attorney client privilege, or if the AI Miss, you know, doesn’t transcribe it right where I said, Don’t, and it comes off as do. And so I’d love to get your insight around where maybe organizations are not fully appreciating maybe some of the organizational type of risks they are creating with deployment of AI, such as the one we just talked about. You know, are there some other examples you’re seeing in practice or blind spots that maybe organizations aren’t considering?

Kristin Calve 16:16

I I think that vibe coding is certainly one of them people are making workarounds faster and more frequently than ever. The recordings are the best example, because somewhere along the lines, we all lost track of the idea of asking permission to record people period just doesn’t happen. I go to conferences. There’s no no recording permitted, which used that used to be the norm. If you sat in on a session, they would say that you’re not allowed to record it. Th, all of those things have gone and we’ve been leaking out our privacy one little bit at a time in terms of other issues, just being able to analyze data. So whether it’s looking at phone logs, if we’re in the Discovery Zone or looking or taking contracts, are going to be a nightmare, a total nightmare. They are all everybody’s putting all kinds of contracts into AI platforms and manipulating the terms. I think another area that is at risk is just around education and people not understanding what is permissible. I keep talking about being from Connecticut or being in Connecticut, right? We used to have GE and IBM, big companies that had management training platforms were that were very strict and addressed all kinds of protocols and processes, and we seem to be skipping that step in this, because AI is here and now we’re trying to harness it and control it while it’s already been deployed. I would say this, though, for your readers, if they’re looking at risk. One thing that is not well talked about is the risk within the supply chain, and so that when your vendors that you depend on are using AI, what kind of risk does that bring to you? So we saw striker was hacked a few weeks ago, and that interrupted their their supply chain for a few hours, or they are the supplier, I should say. And I think that’s just the beginning of more manipulations in the supply chain versus our day to day operation.

Jodi Daniels 18:58

I think that makes a lot of sense. Now, you did share some tips, but we always ask everyone, what is a single best privacy or security tip? And in this case, that you might offer companies deploying AI right now,

Kristin Calve 19:14

my single tip is to know your tent pole platform and do all, manage all of your integrations, knowing what your tent pole platform is. So if you’re piecing it together ad hoc, I don’t, I don’t believe that’s the most secure way to approach AI deployments.

Jodi Daniels 19:40

Helpful tip. Thank you.

Justin Daniels 19:43

So outside of your normal work hours, what do you enjoy doing for fun?

Kristin Calve 19:50

I really enjoy going to the theater. We’re very close to New York, and I’m fortunate that I can get tickets the day of if they’re available. Sometimes on the theater app or one of the other apps, and make an evening of it very on very short

Jodi Daniels 20:06

notice. Is there a new show that maybe people here haven’t heard about yet, that you would recommend

Kristin Calve 20:18

I’m hearing great things about just in time, which is the Bobby Darin show. Personally, I really enjoyed Oedipus this year, which was a surprise. It’s not a musical, and then always, God, now I’m losing, I’m losing the name of it, Hell’s Kitchen. I have heard good is a good is a really popular for all ages and and musical and has some pizzazz to it.

Jodi Daniels 20:59

I love that. I have heard good things about that one. Well, Kristin, if people would like to connect with you and learn more, as well as the publication. Where should they go?

Kristin Calve 21:05

Oh, we’re at ccbjournal.com

Jodi Daniels 21:09

excellent. Well, thank you so much for joining us today. We really appreciate it.

Kristin Calve 21:14

Thank you both so much for having me, and I really enjoy the show, and I’ll keep listening.

Jodi Daniels 21:19

Amazing. Thank you.

Outro 21:25

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.