Author: TSA Press

Bishop
Marianne
Budd
isn’t
the
only
religious
leader
who
has
noticed
that
Trump’s
campaign
promises
are
in
conflict
with
the
Gospel.
The
separation
of
church
and
state
is
usually
invoked
to
argue
against
the
state
being
turned
into
a
religious
outpost,
but
its
reversal
should
also
hold
true
—
the
government
shouldn’t
be
able
to
target
places
of
religious
worship
to
harvest
and
imprison
or
deport
the
undocumented,
right?
That’s
the
argument,
and
a
group
of
religious
leaders
are
willing
to
go
to
court
over
their
beliefs.

Latin
Times
has
coverage:

A
group
of
over
25
religious
organizations
has
filed
a
lawsuit
against
the
Department
of
Homeland
Security
(DHS)
contesting
a
policy
change
by
the
Trump
administration
that
allows
immigration
enforcement
actions
at
schools
and
houses
of
worship.
Prior
to
this
change,
DHS
agents
were
generally
required
to
obtain
special
authorization
to
conduct
enforcement
actions
at
designated
“sensitive
locations.”

The
plaintiffs,
representing
a
broad
spectrum
of
Christian
and
Jewish
denominations,
argue
that
the
policy
infringes
upon
their
religious
freedom
and
deters
participation
in
programs
in
houses
of
worship.

Let’s
be
frank,
few
things
chill
the
impulse
to
pray
and
learn
like
knowing
that
officers
are
going
to
pepper
you
with
questions
just
for
practicing
your
faith.
Even
if
the
entire
congregation
had
their
papers,
there
is
a
non-zero
chance
that

each
interaction
with
an
officer
could
be
your
last
—
there’s
a
whole
slew
of
unarmed
people
who’ve
been
killed
by
police
during
routine
traffic
stops.
It
was
rough
enough
to
see
Sonya
Massey
getting
shot
after
saying
Jesus’s
name;
it’s
only
a
matter
of
time
before
flooding
churches
with
ICE
results
in
something
similar.
This
also
isn’t
a
huge
ask
—
Biden-era
protections
had
carve
outs
that
respected
sanctuaries.
Trump’s
current
policy
suggests
that
there’s
no
place
that
the
government
can’t
put
their
hands
in.
What
happened
to
Republicans
being
small
state
advocates?

Quakers,
Bishop
Budd,
and

Pope
Francis
have
been
vocal
about
protecting
their
flock
from
government
reach.
Given

Trump’s
recent
lamentation
about
anti-Christian
violence
and
bias,
this
would
be
a
great
time
for
him
to
tell
his
administration
to
let
the
faithful
practice
their
religion
as
the
Founders
intended:
without
the
state
eyeing
their
pews.

Religious
Organizations
Including
Jews,
Catholics,
Mennonites,
File
Lawsuit
To
Prevent
Immigration
Raids
In
Houses
Of
Worship
[Latin
Times]

Earlier:

And
If
You
Look
This
Way,
You’ll
See
The
Dead
Body
Of
The
Separation
Of
Church
And
State

---

Chris
Williams
became
a
social
media
manager
and
assistant
editor
for
Above
the
Law
in
June
2021.
Prior
to
joining
the
staff,
he
moonlighted
as
a
minor
Memelord™
in
the
Facebook
group Law
School
Memes
for
Edgy
T14s.
 He
endured
Missouri
long
enough
to
graduate
from
Washington
University
in
St.
Louis
School
of
Law.
He
is
a
former
boatbuilder
who
cannot
swim, a
published
author
on
critical
race
theory,
philosophy,
and
humor,
and
has
a
love
for
cycling
that
occasionally
annoys
his
peers.
You
can
reach
him
by
email
at [email protected] and
by
tweet
at @WritesForRent.

Medicaid
work
requirements
—
provisions
that
would
require
Medicaid
enrollees
to
work
or
volunteer
in
order
to
maintain
coverage
—
have
reemerged
in
health
policy
conversations
in
an
effort
to
reduce
federal
Medicaid
spending. 

Just
last
week,
Senators
John
Kennedy
(R-Louisiana)
and
Eric
Schmitt
(R-Missouri)

introduced
a
bill
that
would
require
“able-bodied
adults”
without
dependents
to
work
or
volunteer
for
at
least
20
hours
per
week
to
receive
Medicaid
benefits,
according
to
the
announcement.
The
bill,
called
the
Jobs
and
Opportunities
for
Medicaid
Act,
could
save
taxpayers
more
than
$100
billion
over
10
years,
the
senators
claimed.

“Medicaid
doesn’t
work
the
way
it
should,”
Kennedy
said
in
a
statement.
“Able-bodied
adults
without
dependents
are
better
off
with
jobs
than
with
hand-outs,
and
so
are
their
communities
and
American
taxpayers.
My
Jobs
and
Opportunities
for
Medicaid
Act
would
help
pave
a
path
out
of
poverty
for
millions
of
Americans.”

Schmitt
argued
that
work
requirements
would
allow
Medicaid
to
“serve
as
a
bridge
to
self-sufficiency,
fostering
pathways
to
employment,
job
training,
and
community
engagement.”
He
added
that
the
bill
would
help
Medicaid
beneficiaries
gain
“financial
independence”
and
would
save
resources
for
the
most
vulnerable
populations,
such
as
children,
the
elderly
and
people
with
disabilities.

The
announcement
also
stated
that
there
has
been
a

decrease
in
the
labor
force
participation
rate
since
2000,
but
the
number
of
able-bodied
adults
enrolled
in
Medicaid
has

risen. 

However,
if
Medicaid
work
requirements
were
in
place,
an
estimated
36
million
Medicaid
enrollees
could
be
at
risk
of
losing
coverage,
according
to
an
analysis
from
the

Center
on
Budget
and
Policy
Priorities
(CBPP).
The
organization
argued
that
work
requirements
don’t
increase
employment
and
would
just
add
administrative
barriers
for
Medicaid
beneficiaries
and
lead
to
coverage
losses
for
those
between
jobs.

“Policymakers
should
reject
work
requirements,”
CBPP
said.
“Instead
of
needlessly
putting
tens
of
millions
of
people
at
risk
of
losing
health
coverage
by
saddling
them
with
red
tape
and
one-size-fits-all
requirements
that
can
make
it
harder
for
people
to
work,
lawmakers
should
make
it
easier
and
less
costly
for
people
to
access
health
coverage.”

A
recent

report
by
KFF
shows
that
the
majority
of
Medicaid
adults
under
the
age
of
65
were
working
in
2023.
About
44%
were
working
full-time
and
20%
were
working
part-time.
The
remainder
were
not
working
due
to
caregiving,
attending
school,
a
disability,
retirement
or
inability
to
find
work.

KFF
also
found
that
those
in
better
health
and
with
more
education
were
more
likely
to
be
working.

Several
states
have
tried
to
implement
Medicaid
work
requirements
through
Section
1115
waivers,
according
to
KFF.
The
first
Trump
administration
approved
waivers
in
13
states,
but
many
of
these
were
struck
down
in
courts.
Georgia
is
currently
the
only
state
with
a
work
requirement
waiver
in
place.

Photo:
designer491,
Getty
Images

*

Chevron
began
as
a
justification
for
the
Reagan
administration
to
ignore
environmental
laws.
Now
that
Trump’s
in
charge,

Loper
Bright
might
be
the
environmentalists’
revenge.
[National
Law
Journal]

*
Elon
begins
process
of
threatening
law
firms.
[Reuters]

*
Neal
Katyal
joins
Milbank.
[American
Lawyer]

*
FBI
wants
law
office
in
“DWI
Eneterpise”
case.
[ABA
Journal]

*
Lawyer
allegedly
blew
friend’s
$215K
at
casino.
Has
she
considered
starting
a
Supreme
Court
blog?
[Yahoo]

*
Lawyer
to
guests:
do
not
cut
the
buffet
line!
Or
else.
[NY
Post]

*
Judge
Pauline
Newman
continues
to
push
back
against
the
Federal
Circuit’s
unconstitutional
pocket
impeachment.
[Bloomberg
Law
News]

This
Biglaw
Firm
Is
On
The
Defense:
Vinson
&
Elkins
is
ready
to
fight!
Tom
Goldstein
Is
In
Jail:
He
may
not
pass
go
or
collect
$200.
Interesting
Use
Of
Pardon
Power:
Rod
Blagojevich
and
Eric
Adams
get
to
walk.
Biglaw
Firm
Goes
Dark:
Venable
moves
to
a
black
box
compensation
scale.
It’s
Only
Cool
When
I
Do
It!:
President
Musk
rails
against
judge
shopping.

Ed.
Note:
Welcome
to
our
daily
feature

Trivia
Question
of
the
Day!

According
to
Mergerlinks’
annual
ranking
of
the
top
10
mergers
&
acquisitions
deal
leads
based
on
total
deal
value,
which
two
Biglaw
firms
had
two
attorneys
on
the
list?

Hint:
2024
was
a
great
year
for
M&A
—
deals
increased
by
10%
year-over-year
to
$3.2
trillion.

See
the
answer
on
the
next
page.

How
speed
and
accuracy
benchmarks
misrepresent
the
real
value
of
legal
AI

Welcome
to
the
era
of
the
AI
superlative.
While
the
first
two
years
of
generative
artificial
intelligence 
(GenAI)
development
were
an
all-out
sprint
to
create
new
models,
establish
proof-of-concept solutions,
and
define
optimal
use
cases,
the
next
phase
to
deliver
increased
efficiency
and
better work
product
to
clients
in
the
AI
lifecycle
will
be
dominated
by
marketing
as
well.  

Product
claims
of
the
fastest,
most
accurate
large
language
model
(LLM)
or
“hallucination-free” 
results
have
entered
the
marketplace.
As
more
companies
develop
AI
solutions
and
start-ups
seek capital
investment
in
an
increasingly
crowded
field,
customers
will
seek
benchmarks
to
evaluate the
efficacy
of
these
tools.
For
benchmarks
to
be
valuable,
they
must
test
real-world
problems
that legal
professionals
face
and
measure
what
customers
care
about. 

The
challenge
is
one-dimensional
metrics
do
not
offer
a
reliable
representation
of
the
real
value
of 
GenAI
in
the
legal
research
process.
No
LLM-based
legal
research
products
in
the
market
today
provide
answers
with
100%
accuracy,
so
users
must
engage
in
a
two-step
process
of
1)
getting
the
answer
and
2)
checking
the
answer
for
accuracy.  

It’s
the
end
result
of
this
two-step
process
that
matters.
Benchmarking
just
part
of
this
process
does
not
provide
useful
information
—
unless
there
is
a
part
of
the
process
that
is
completely
broken. 

In
drag
racing,
cars
need
to
accelerate
as
fast
as
they
can
and
then
brake
quickly.
For
braking,
they
typically
deploy
a
parachute
behind
the
car
to
increase
drag
and
traditional
braking
methods.
What
drag
racers
care
about
is
how
quickly
and
safely
the
car
brakes.
If
we
wanted
to
benchmark
different
braking
systems,
we’d
test
them
from
the
time
of
deployment
to
the
time
the
car
stopped
and
measure
time
and
distance.
Instead,
imagine
benchmarking
braking
systems
by
measuring
how
fast
the
parachutes
deployed. 

Similarly,
with
a
research
product
where
all
answers
must
be
checked,
what
matters
most
is
how
quickly
and
accurately
researchers
can
get
to
the
end
of
that
process.
For
instance,
which
legal
research
system
would
you
prefer?
One
where: 

a)
LLM-generated
answers
are
accurate
95%
of
the
time,
and
researchers,
on
average,
can
verify
accuracy
within
25
minutes
and
get
to
an
accurate
answer
97%
of
the
time,
or 

b)
LLM-generated
answers
are
accurate
85%
of
the
time,
and
researchers,
on
average,
can
verify
accuracy
within
15
minutes
and
get
to
an
accurate
answer
100%
of
the
time. 

Since
all
researchers
need
to
engage
in
this
two-step
process
100%
of
the
time,
it’s
clear
that
Option
B
would
be
better.
So
why
would
we
just
benchmark
the
first
part
of
the
process? 

Technology
companies
care
deeply
about
benchmarking.
However,
benchmarks
must
measure
products
the
way
they’re
designed
to
be
used
and
should
focus
on
results
customers
care
about.

It
makes
sense
that
the
legal
field
would
become
an
early
test
bed
for
this
type
of
analysis.
From
the
earliest
days
of
mainstream
GenAI
development
when
ChatGPT
aced
the
LSAT,
legal
use
cases have
been
prime
examples
of
both
the
power
and
the
risks
associated
with
AI.
The
legal
field
is
no
stranger
to
AI;
leading
companies
have
been
using
it
for
decades
in
our
legal
research
platform,
and
likewise,
lawyers
have
been
benefitting
from
it. 

Measuring
the
Full
Scope 

Working
with
our
customers
to
continually
improve
legal
research,
we
understand
it
is
a
multiphase
process
with
many
inputs
and
factors
—
with
GenAI
capabilities
being
just
one
part
of
it.
The
entire
legal
research
process
is
detailed
and
complex,
and
lawyers
must
check
sources
and
validate
material
—
in
essence,
follow
holistic
sound
research
practices
to
ensure
their
research
is comprehensive
and
accurate.
Benchmarking
one
part
of
this
process
cannot
measure
the
full 
scope
or
true
value
of
legal
research.  

“There
is
a
widespread
misperception
around
how
law
firms
are
using
AI
and
how
we
conduct
legal
research.
We
are
not
bringing
in
AI
and
saying:
‘Go
do
all
the
research
and
write
a
brief,’
and
then
replacing
all
of
our
junior
associates
with
automated
results,”
said
Meredith
Williams-Range,
chief
legal
operations
officer,
Gibson,
Dunn
&
Crutcher
LLP.
“We’re
using
AI-enabled
tools
that
are
integrated
directly
into
the
research
and
drafting
tools
we
were
using
already,
and,
as
a
result,
we’re
getting
deeper,
more
nuanced,
and
more
comprehensive
insights
faster.
We
have
highly
trained
professionals
doing
sophisticated
information
analysis
and
reporting,
augmented
by
technology.” 

Looking
Beyond
the
Basics
of
AI
Evaluation 

To
state
the
obvious,
benchmark
testing
should
evaluate
solutions
in
accordance
with
their intended
use.
In
legal
research,
GenAI
has
demonstrated
significant
benefits;
however,
it
is
meant
to
be
integrated
into
a
comprehensive
workflow
that
includes
reviewing
primary
law,
verifying
citations,
and
utilizing
statute
annotations
to
ensure
a
thorough
understanding
of
the
law.  

“At
Husch
Blackwell,
we
have
focused
on
end-to-end
project
efficiency
in
building
and
deploying our
in-house
AI
tools,”
said
Blake
Rooney,
the
firm’s
chief
information
officer.
“While
performance
metrics
that
focus
on
task
efficiency
can
be
helpful,
project-level
performance
metrics
for
efforts
such
as
contract
drafting
or
discovery
in
litigation
do
a
much
better
job
at
underscoring
the
efficiencies
that
resonate
with
both
our
lawyers
and
our
clients
because
they
provide
a
clearer
picture
of
overall
value
and
time
savings.
Time
is
a
finite
resource
that
we
always
wish
we
could
have
more
of,
and
our
lawyers
understand
that
—
when
used
properly
and 
responsibly
—
AI
tools
enable
them
to
finish
projects
faster
(and
oftentimes
better)
than
they
could
without
AI,
thereby
delivering
true
value
to
our
clients
and
ultimately
enabling
our
lawyers
to
do
more
work
(or
spend
more
time
with
family)
with
the
time
that
they
have.” 

For
legal
research,
accuracy,
consistency,
and
speed
do
matter
—
but
none
of
them
offers
a
single
indicator
of
success.
When
it
comes
to
evaluating
the
performance
of
professional-grade
solutions
in
specialized
fields
like
law,
it
is
critical
not
to
let
isolated
snapshots
of
a
single
performance
metric
distort
our
perspective. 

The
value
of
legal
AI
—
of
any
technological
innovation
for
that
matter
—
is
in
how
it
gets
used
in
the
real
world
and
how
well
all
the
different
components
come
together
to
help
lawyers
do
their
jobs more
effectively.  

About
the
author 

Raghu
Ramanathan
is
president
of
Legal
Professionals
at
Thomson
Reuters.

Ed.
note:
Welcome
to
our
daily
feature,

Quote
of
the
Day.

What
I
just
want
you
to
know
is
she’s
so
special.

[She
was]
super,
super
smart.
She
was
so,
so
selfless.
…
For
10
years
[after
getting
married],
she
didn’t
go
on
a
honeymoon
because
all
she
did
was
work,
work,
work,
work.
She
wanted
to
change
the
world
and
she
could
have.
She
really
could
have.

—
 Jessica
Haynes,
in
comments
given
to

People,
on
her
younger
sister,

Sarah
Lee
Best,
33,
who

died
in
the
D.C.
plane
crash
last
month.
Best
was
a
litigation
associate
at
boutique
firm
Wilkinson
Stekloff.
Haynes
said
that
through
her
work,
Best
“wanted
to
speak
for
those
who
had
no
voice,
especially
in
education
and
immigration.” 

---

Staci
Zaretsky is
a
senior
editor
at
Above
the
Law,
where
she’s
worked
since
2011.
She’d
love
to
hear
from
you,
so
please
feel
free
to

email
her
with
any
tips,
questions,
comments,
or
critiques.
You
can
follow
her
on Bluesky, X/Twitter,
and Threads, or
connect
with
her
on LinkedIn.

There’s
often
plenty
in
Biglaw
to
complain
about.
But
one
beacon
of
positivity
is
the
industry
compensation
standard,
which
is
lockstep
based
on
experience.
The
salary
scale
is
widely
available,
and,
provided
you
stay
in
good
standing
at
the
firm,
you
can
expect
yearly
raises
along
with
your
cohort.
But
one
Biglaw
firm
has
decided
to
shelve
that
system
in
favor
of
a
“black
box.”

Black
box
compensation
is
a
lot
more
secretive
and
opaque
by
design.
Associates
are
informed
of
individualized
compensation
decisions
on
a
year-by-year
basis,
and
while
there
may
be
publicly
discussed
“factors”
that
play
into
an
associate’s
salary,
it
is
ultimately
entirely
up
to
the
firm’s
discretion.

Venable
recently
informed
associates
that
they
are
moving
away
from
the
transparency
of
lockstep
compensation.
The
firm
most
recently
reported
$812,100,000
in
gross
revenue,
making
them
64th
on
the
2024
Am
Law
100
ranking,
but
even
with
that
kind
of
money,
insiders
Above
the
Law
spoke
with
say
there’s
a
pattern
of
“nickel
and
diming”
associates.
Despite
the

raises
across
Biglaw
in
recent
years,
Venable
hasn’t
raised

associate
salaries
since
2021,
putting
it
behind
their
peer
firms.

The
new
compensation
model
is
range-based.
The
firm
has
not
shared
with
associates
precisely
what
the
bottom
of
the
range
for
each
level
is
(firm
leadership
estimated
the
bottom
at
a
15%
reduction
off
the
top
number
but
said
the
bottom

could
be
lower),
but
even
the
top
of
the
range
puts
the
firm
below
the

Biglaw
market
standard.

Tipsters
at
the
firm
report
the
following
top
salaries
available:

Top
of
the
Salary
Ranges:

• 
  Level
  1: $215,000
• 
  Level
  2: $225,000
• 
  Level
  3: $245,000
• 
  Level
  4: $275,000
• 
  Level
  5: $300,000
• 
  Level
  6: $320,000
• 
  Level
  7: $340,000
• 
  Level
  8: $355,000

But
what,
exactly,
goes
into
determining
how
much
money
an
associate
makes
within
the
range?
(Also,
calling
it
a
“range”
without
clearly
disclosing
the
floor
feels
more
than
a
little
disingenuous,
since
that
makes
it
more
like
a
“cap”
on
salaries,
not
a
range,
but
I
digress.)
Well,
the
firm
hasn’t
been
particularly
forthcoming.
According
to
a
tipster:

Under
the
new
model,
where
an
associate
falls
within
the
range
will
be
determined
at
the
firm’s
discretion.
According
to
Firm
Chairman
Stu
Ingis,
compensation
will
be
based
“primarily
on
hours.”
Additional
details
were
communicated
during
in-person-only
office
meetings,
with
no
formal
memo
or
written
communication
provided.
Associates
unable
to
attend
in
person
were
advised
to
obtain
highlights
from
colleagues,
reinforcing
the
perception
that
the
firm
aimed
to
keep
the
changes
from
being
widely
publicized.

Thumbing
your
nose
at
transparency
is
never
a
good
look.

Above
the
Law
reached
out
to
Venable
for
comment,
but
the
firm
did
not
immediately
provide
one.

Associates
at
the
firm
are
also
—
rightly
—
worried
this
system
could
result
in
pay
cuts
for
some
folks.
Insiders
say
that
possibility
was
not
ruled
out
by
the
firm.
And
with
black
box
compensation,
there’s
no
way
to
know
how
many
associates
are
getting
well
and
truly
screwed
by
the
new
system.
No
wonder
Above
the
Law
is
hearing
stories
of
fearful,
frustrated,
and
disappointed
associates
—
not
to
mention
those
looking
for
new
jobs.
But
that
seems
to
be
a

feature,
not
a
bug,
of
black
box
compensation.

---

Kathryn
Rubino
is
a
Senior
Editor
at
Above
the
Law,
host
of

The
Jabot
podcast,
and
co-host
of

Thinking
Like
A
Lawyer.
AtL
tipsters
are
the
best,
so
please
connect
with
her.
Feel
free
to
email

her
with
any
tips,
questions,
or
comments
and
follow
her
on
Twitter

@Kathryn1 or
Mastodon

@[email protected].

Well,
that
didn’t
take
long.

Tom
Goldstein,
revered
Supreme
Court
litigator
turned
cautionary
tale,
has
officially
traded
his
D.C.
home
—
the
one
prosecutors
say
he
secured
by
lying
to
mortgage
lenders
—
for
a
spot
in
the
Chesapeake
Detention
Facility
in
Baltimore.
The
move
comes
after
authorities

arrested
the
SCOTUSBlog
co-founder
claiming
he
posed
a
“significant
flight
risk,”
which
tends
to
happen
when
you

fail
to
disclose
millions
in
cryptocurrency
transactions
while
simultaneously
crying
poor
in
court.

Honestly,
the
only
thing
shocking
about
this
case
is
that
Goldstein
didn’t
try
to
settle
the
whole
matter
double-or-nothing
heads
up
Hold
‘Em.

The
charges
against
Goldstein
—
tax
evasion,
mortgage
fraud,
and
the
general
financial
shenanigans
—
allegedly
stem
from
a
lifestyle
that
makes

The
Wolf
of
Wall
Street
look
like
an
HR
compliance
video

fueled
by
high-stakes
poker
and,
(they
say)
multiple
mistresses.
Winning
and
ultimately
losing
millions
all
while
routinely
arguing
before
the
Supreme
Court.

Folks,
I
give
you
peak
performance
personified.

After
initially

lawyering
up
with
some
of
Trump’s
legal
team
—
arguably
one
of
his
better
decisions
(we’re
grading
on
a
heavy
curve)
—
Goldstein
abruptly
decided
to
represent
himself.
They
say
the
lawyer
representing
themselves
has
a
fool
for
a
client,
but
if
the
coverage
of
Goldstein’s
decision
is
anything
to
go
by,
the
strategy
might’ve
been
to
play
up
his
financial
woes
while
arguing
that
it
violated
his
Sixth
Amendment
rights
if
he
couldn’t
access
his
home
to
pay
for
legal
counsel.

Of
course
his
plea
of
poverty
hit
a
snag
when
the
federal
government
called
his
bluff,
claiming
that
Goldstein
had
received
$8
million
in
crypto
and
transferred
$6
million
of
it.

Unsurprisingly,
Chief
U.S.
Magistrate
Judge
Timothy
J.
Sullivan
was
not
amused
by
these
allegations,
revoking
Goldstein’s
bond,
sending
him
straight
to
Baltimore’s
maximum-security
correctional
facility.

Do
Not
Pass
Go.
Do
Not
Collect
$200.

Or
4
DOGECOIN
as
the
case
may
be.

Judge
Orders
Indicted
SCOTUSblog
Co-Founder
Tom
Goldstein
Detained
Without
Bond
[National
Law
Journal]

Earlier:

SCOTUSblog
Founder
Indicted
In
Wild
Poker-Fueled
Tax
Case

Tom
Goldstein
Hires
Trump’s
Lawyers
In
First
Good
Bet
In
Years

SCOTUSblog
Founder
Interfered
With
Witness,
Poses
A
Flight
Risk,
According
To
Prosecutors

BREAKING:
Tom
Goldstein
Arrested
AGAIN.
Feds
Claim
SCOTUSblog
Founder
Made
Secret
Crypto
Transactions

Ed.
note:
This
is
the
latest
in
the
article
series,


Cybersecurity:
Tips
From
the
Trenches,
by
our
friends
at

Sensei
Enterprises,
a
boutique
provider
of
IT,
cybersecurity,
and
digital
forensics
services.

The
legal
industry
has
been
all
over
the
place
regarding
adopting
artificial
intelligence.
Some
attorneys
have
been
on
the
AI
bandwagon
since
the
early
days
of
ChatGPT,
some
have
started
to
dip
their
toes
in
the
water
with
Microsoft
Copilot,
and
the
rest
have
chosen
to
stay
far
away
from
anything
AI-related
or
marketed.

The
truth
is
that
AI
is
here
to
stay.
What
we
have
been
told
about
adopting
it
with
caution
and
security
in
mind
may
not
matter
in
the
end.

Microsoft’s
internal
testing
of
more
than
100
of
its
AI
generative
products
concluded
that
AI
can
never
be
made
secure
and
suggested
that
securing
AI
systems
will
never
be
complete.

While
this
conclusion
is
not
surprising,
it
does
throw
some
cold
water
on
the
AI
welcoming
party.
Here
are
several
lessons
to
help
with
continuing
to
secure
AI
models.

To
develop
effective
defenses,
AI
models
must
be
understood
thoroughly,
including
what
the
system
can
do
and
where
it
should
be
used.
AI
models
behave
differently
depending
on
their
design
and
application.

Defense
in
Depth
Security
Principals
Apply
Here
Too

Just
like
with
computer
systems
and
information
networks,
defense-in-depth
principles
apply
to
AI
models
too.
Layered
security
measures
help
reduce
the
inherent
risks
the
models
pose.
 The
best
security
measures
include
controlling
access
through
security
permissions,
restricting
data
the
models
have
access
to,
auditing
access,
and
requiring
input
validation.
Policies
and
procedures
are
just
as
essential
to
prevent
“Shadow
AI,”
where
users
integrate
their
own
selection
of
AI
products
at
will
into
law
firms
without
permission
or
thought. 
It
is
wise
to
have
mechanisms
in
place
to
detect
any
“Shadow
AI”
attempts.

Having
policies
and
security
controls
in
place
is
vital,
as
is
training.
Training
law
firm
staff
on
how
to
use
implemented
AI
products
is
critical
to
maintaining
the
security
of
the
application
and
law
firm
data.
It
is
also
important
to
reduce
the
risk
of
a
user
violating
the
firm’s
policies
by
implementing
their
preferred
AI
solution
or
prompting
AI
software
with
inappropriate
data,
such
as
client
confidential
data. 
End-user
training
is
always
the
foundation
of
a
good
security
program.

AI
Risks
are
Unknown

One
problem
cybersecurity
professionals
face
is
that
the
universe
of
risks
posed
by
AI
models
is
unknown.
How
AI
models
learn
is
unlike
software
vulnerabilities,
which
can
be
reproduced,
verified,
and
patched.
Yes,
restrictions
on
input
can
be
put
in
place
to
prevent
user
interface
manipulation
or
validation
of
inputs
to
prevent
hidden
or
unintended
inputs.
 Still,
the
harms
that
AI
can
cause
are
more
complex
to
quantify
and
reproduce,
especially
since
models
can
continue
learning.
Can
you
imagine
what
will
happen
to
the
volume
of
security
patches
for
consumer
products
once
AI
gets
involved
–
as
if
it
weren’t
already
bad
enough
with
Microsoft?

Microsoft
summarizes
it
well:
If
users
can
input
private,
confidential
information,
then
it
is
safe
to
assume
the
models
will
output
private,
confidential
information.

Because
AI
models
may
be
able
to
learn,
they
will
only
continue
to
amplify
existing
risks
and
introduce
new
ones.
That
certainly
provides
job
security
for
cybersecurity
professionals
moving
forward.
Still,
it
leaves
users
of
AI
products
with
difficult
decisions
about
whether
to
accept
the
risk
and
how
to
become
knowledgeable
enough
to
decide
whether
a
particular
AI
product
application
appears
safe
enough
to
use.

The
decision
becomes
even
more
critical
when
you
add
the
ethical
requirements
that
attorneys
must
adhere
to.

What
happens
when
AI
is
embedded
or
added
to
a
solution
your
firm
has
been
using
for
years,
whether
you
were
informed
or
not?
What
information
is
shared
with
the
product
vendor
and
AI
model,
which
will
allow
the
model
to
continue
to
learn
and
grow?
Microsoft
is
already
incorporating
AI
into
every
piece
of
software
that
it
can,
including
Microsoft
365.

Some
examples
include
computers
with
AI
prompts
by
default,
such
as
Copilot
for
Windows
or
Apple
Intelligence
built
into
new
iPhones,
iPads,
and
Mac
computers.
This
is
another
example
of
where
reading
the
Terms
of
Services
(TOS)
is
crucial,
as
well
as
understanding
what
settings
for
these
AI
prompts
are
turned
on
by
default
and
how
to
access
them
to
make
any
modifications.

If
we
know
users
(and
trust
us,
we
do),
most
will
click
and
accept
the
TOS
regardless
of
what
it
contains
—
that’s
human
nature.
Will
lawyers
voluntarily
accept
a
possible
ethics
violation
without
knowing?
The
likelihood
is
very
high.

---

Michael
C.
Maschke
([email protected])
is
the
President
and
Chief
Executive
Officer
of
Sensei
Enterprises,
Inc.
Mr.Maschke
is
an
EnCase
Certified
Examiner
(EnCE),
a
Certified
Computer
Examiner
(CCE
#744),
an
AccessData
Certified
Examiner
(ACE),
a
Certified
Ethical
Hacker
(CEH), and
a
Certified
Information
Systems
Security
Professional
(CISSP).
He
is
a
frequent
speaker
on
IT,
cybersecurity,
and
digital
forensics
and
he
has
co-authored
14
books
published
by
the
American
Bar
Association.

Sharon
D.
Nelson
([email protected])
is
the
co-founder
of
and
consultant
to
Sensei
Enterprises,
Inc.
She
is
a
past
president
of
the
Virginia
State
Bar,
the
Fairfax
Bar
Association,
and
the
Fairfax
Law
Foundation.
She
is
a
co-author
of
18
books
published
by
the
ABA.

John
W.
Simek
([email protected])
is
the
co-founder
of
and
consultant
to
Sensei
Enterprises,
Inc.
He
is
a
Certified
Information
Systems
Security
Professional
(CISSP),
a Certified
Ethical
Hacker
(CEH),
and
a
nationally
known
digital
forensics
expert.
He
is
a
co-author
of
18
books
published
by
the
ABA.