Legal action against companies will have a ransomware-like quality pretty soon as bad actors leverage artificial intelligence to make the filing of complaints quick and cheap, the founders of a risk management technology company say.
Bad actors will use AI tech to create what might be called litigation-as-a-service platforms that enable people to flood companies with complaints, much like hackers today try to shut down a company’s operations with denial-of-service attacks.
“As the flood of legal threats ticks up, it will be increasingly hard to determine who is looking for a payout and who is looking to put the target company through painful and embarrassing discovery phases at little cost to the attacker,” say Stephen Heitkamp and Sean West, co-founders of Hence Technologies, in a Harvard Business Review article.
Unlike hackers, who have to weigh whether the payout to them is worth the legal risks, consumers who leverage AI tools to file a complaint don’t face that choice, they said.
“An offensive legal strategy is very much legal to pursue,” they said. “In fact, it’s not hard to convince oneself that going on offense is simply a more efficient way to get justice.”
At least against consumers, companies generally have a resource advantage, they said. It’s expensive and time-consuming to sue a company. Confronted with the cost of taking legal action, consumers tend to seek redress through the easier, but more business friendly, complaint process that the companies themselves create.
“They follow your customer-service process because the cost of legal action is prohibitive,” they said.
But the dynamic changes if consumers can use a service that makes suing easier.
“They could use a platform to click a few buttons to file a complaint that would lead to a higher payout for them and cost you more in legal fees to defend than it would to settle,” they said.
Litigation from competitors would be cheaper and easier, too.
“Let’s say you’ve expanded into a new market where a competitor feels threatened and decides to go on the legal offense,” they said. “They use an AI tool to comb public information about your company and file hundreds of copyright infringement, IP, and trade secret theft cases. The scale means you can’t just ignore it or settle for a nominal amount.”
In this future, the traditional approach companies take to manage litigation risk won’t work, they said.
“In the boardroom … legal actions and cases make it to the enterprise risk radar only when they meet a threshold of materiality,” they said. “That is not the correct filtering mechanism for legal risk in the future.”
The way companies manage cyber risks provides a model, they said.
Ideally, in a manner similar to what CIOs do, company legal chiefs would share with one another data on the types of legal actions they’re facing and what they know about the technology behind the attacks. The goal would be to create something like what CIOs have: their Common Vulnerabilities and Exposures system and their National Vulnerability Database. These are risk clearinghouses created by companies, governments, academics and others to arm everyone with defense intelligence.
But that’s not likely to happen in a legal context because of concerns over confidentiality and privilege. There would also be antitrust concerns if regulators see sharing that kind of information as a kind of collusion, they said.
Separate from that, in-house counsel can take a page from the way companies manage cyber risk by creating a response process similar to what CIOs have done. That process would start with an assessment of their company’s lawsuit vulnerability followed by an analysis of how those vulnerabilities could be exploited. Then they would devise a workflow for the company’s response.
“You might decide to invest in technology,” they said. “Bulking up on in-house counsel or outsourcing to a law firm could also work, at least for a while.”
Connecting the response process to the company’s strategy is another step. This could mean the company pulls out of areas of business that are prone to legal attack.
“Are there places that are worth leaving in order to protect those where the company will keep a foothold?” they said. “Where are there fierce competitors who will do anything for market share? What legal systems is the company exposed to, and how will they perform under higher-volume, AI-generated legal attacks?”
Bottom line: AI will change the legal risk landscape in a way that will make it similar to what cybersecurity risk looks like, so it can make sense to create a cyber risk-like response plan.