Privacy and legal tech

What is policy in a tech company?

Director, Policy.

It’s amazing how little this job title really tells you about what this role or the team do.  If the role were head of legal, or marketing, or engineering, you’d be able to take a pretty good guess.  But in the tech sector, “policy” is one of those words that people don’t really know what it means (which is fair enough, because it usually means different things to different companies).  I recently asked a colleague who works in the policy team at one of the big tech companies about what “policy” actually means in their org chart.  Funny you ask that, she said, because we were just trying to work that out the other week.  This is a Silicon Valley company with one of the biggest policy teams in the tech sector and they’re still trying to work out what “policy” means to them.  So I started asking that same question of other policy people in tech companies and realized that when we each say “policy” we can mean vastly different things.  I happen to think that policy is incredibly important in the tech sector, so in the interests of having a conversation about it, I want to first talk about what “policy” actually means.

“Policy” is a framework for deciding what to do when there is more than one valid choice available.  Unless you have policies, you are just making decisions on the fly.  To me, good policy tells you how to navigate the gray areas between legal and illegal to do what is profitable and what is right.  Good policy is that sweet spot where your legal advice, business imperatives, and company values all align. 

So, what does this mean for what a policy team might do?  Each company arranges their teams very differently but I wanted to share one way to conceptualize the three different buckets.  It’s imperfect, but it’s as good a place as any to start.  The three policy buckets are:

1.     public policy;

2.     internal policy; and

3.     policy development.

“Public policy” means the work that tech companies do to engage with public institutions and influence government policy.  This part of “policy” is often done out of DC by folks who have strong political connections.  A public policy advisor is the kind of person who helps advocate and progress a company’s position on issues such as net neutrality, encryption, or immigration reform.  They help work out whether the company should be working in coalition with other tech companies on shared issues and whom they should be calling on the Hill.

“Internal policy” is a broad, catch-all term to try to encompass all the policy decisions that a company makes internally about its product development.  This could include policies on data sharing and privacy, online harassment, content removal, and fraud management.  Depending on the company, sometimes these roles can be called policy counsel, product counsel, or simply be rolled into the work of other roles such as legal counsel or product manager.

“Policy development” is probably the least descriptive term of the three, but it’s difficult to think of a better alternative.  This bucket of work is about how to develop a principled stance on the way a company and its products interact with outside stakeholders.  A role in this area will usually specialize in one aspect of the product and its interactions.  One example is policy on the way in which a company handles requests for user data from government agencies or censorship requests.  How can a company ensure that its users can trust a platform with their private information, but also assist law enforcement in preventing criminal activity?  Should the data be encrypted and who should hold the keys?  How should the company decide which requests to respond to?  Should the laws be changed? In this way, policy development bridges the divide between public policy and internal policy.  It works out how internal policy and public policy should be shaped to meet company objectives, usually on a specific issue.

I hesitated to write this post because I felt like I should wait until I had a better way to categorize different types of tech policy.  However, after having talked with policy professionals in several of the large tech companies, this really is the best conceptualization that I’ve heard.  It feels like we are at a very early stage of our discussions about the role of policy in a tech company but it’s an important discussion to have. 

Legal tech: How do you innovate in a hyper-regulated space?

Improving the efficiency and accessibility of legal services is important not just for business but also for access to justice and the rule of law.  An ABA report last month highlighted the fact that the legal system is broken.  It recommended that lawyers should engage more with technology and be more innovative in their business practices. Innovation requires a willingness to push boundaries and experiment with bold new ideas.  However, the legal profession has long-standing and inflexible rules of conduct that favor the status quo over disruption.  At the moment, it seems as though the legal profession is struggling to innovate from within, and those who try to change it from outside are butting up against compliance issues with the ethical standards.  How should we try to innovate in such a tightly regulated industry?

One area where legal tech startups have been trying to innovate is by creating online platforms to connect people with a marketplace of attorneys.  Platforms such as LegalZoom, Rocket Lawyer, and UpCounsel each provide a marketplace for potential clients to connect with attorneys.  These models have the potential to make legal services more responsive and cost-competitive.  However, the challenges in expanding this model highlight some of the broader issues in legal tech.

Legal practice is primarily regulated by enforcing disciplinary codes of conduct against attorneys through state bar associations and state courts.  The ethical rules that are most relevant to online attorney marketplaces are:  unauthorized practice of law; restrictions on attorney referral services; and fee-splitting.  The general principle underlying these rules is that attorneys’ primary duties of loyalty and care are to their clients and the court.  In practice, this means that only attorneys should be involved in giving legal advice and no business arrangement should create a potential conflict with an attorney’s ethical duties.  

The current trend for online legal marketplaces pushes right up against all of these boundaries, and bar associations are looking closely at some of them.  Back in 2009, the Connecticut Disciplinary Counsel disciplined attorneys who were using the totalbankruptcy.com platform for participating in an unauthorized referral service.  As Carolyn Elefant pointed out at the time, this approach not only did a disservice to the public, it also put the blame solely on the participating attorneys.  If the platform really is reprehensible then the attorneys should be disciplined.  However, it seems unfair that the businesses profiting from creating the platforms are not subject to any sanction. 

Attempts to reform from within have not been terribly successful.  The American Bar Association had a very short dabble in legal tech collaboration when it partnered with Rocket Lawyer to provide an online referral service, ABA Law Connect, in California, Pennsylvania, and Illinois.  The pilot only lasted 3 months before it was unceremoniously killed on January 10, 2016 at the request of the Pennsylvania and Illinois bar associations. The Pennsylvania State Bar President, William Pugh, was quoted as saying that “It just flies in the face of what the ABA should be — promoting bread and butter mainstream lawyers across the country”.  Mark Cohen, Chief Executive Officer of Legalmosaic argues that the bottom line of Pennsylvania’s and Illinois’ position is that “it’s about lawyer protectionism, not public good”.  These bar associations are voluntary and Cohen argues that they therefore pander to their member base, rather than the greater public good in improving the accessibility of legal services.  The existing alternative to ABA Law Connect is formal attorney referral services through state bar associations.  These referral services are poorly publicized and do not have the smooth user interface offered by modern tech platforms.

So, if officially-sanctioned reforms struggle to get off the ground, and legal tech startups potentially put clients’ interests in jeopardy and attorneys at risk of disciplinary sanctions as they push the boundaries, how should we be innovating to improve access to justice?  A meaningful conversation needs to acknowledge the tension in order to be able to start developing practical steps.