Practising law in the ‘new normal’

Tom WickerWednesday 10 June 2020

Covid-19 has radically changed the working landscape, with law firms and their clients forced to vacate office spaces. Global Insight assesses a new era of remote working and the challenges of adapting to a digital reality.

For many, the current crisis has accelerated a prevailing trend towards flexible working. ‘Over the past several years, we had converted our lawyers from desktop computers to laptops,’ says Stephen Bowman, Co-Chair of the IBA Law Firm Management Committee and Vice Chair and Managing Partner, People and Talent, at Bennett Jones in Canada. ‘The laptops all had virtual private network (VPN) software. Our lawyers could just pick them up and go home.’

For many larger law firms and businesses, working remotely was already necessary to meet the demands of operating in multiple time zones.

Nonetheless, ‘many businesses and law firms were not prepared to have their business running digitally and their employees working from home,’ says Marlene Schreiber, Chair of the IBA Cybersecurity and Surveillance Subcommittee and an IT law partner at Härting, Berlin.

However, companies who prioritised long hours in the office as a performance marker have been caught out. ‘Especially “old-fashioned” companies or businesses in conservative professions – which, unfortunately, also includes many law firms – have missed the chance to prepare either their business model or their employee-working equipment,’ says Schreiber.

Even if you’re a business with systems in place, large-scale homeworking is often only as good as your employees’ broadband, which can vary between countries,’ notes Sajai Singh, Co-Chair of the IBA’s Technology Law Committee and a transactional partner at JSA Law. ‘Most homes in India have internet connections which have low bandwidth and, due to increased usage, have been experiencing lower speed,’ he says. ‘The telecom industry is struggling to keep up.’

Risks and vulnerabilities

Remote working has also turned a spotlight on the vulnerabilities and security risks of the technology that companies have scrambled to deploy.

Videoconferencing software has proven indispensable for translating team and client meetings into a virtual environment. The Zoom platform, for example, jumped from 10 million daily meeting participants to 300 million by April. However, these platforms were arguably never intended to be used this intensively. From calls being ‘hijacked’ by bad actors, to encryption concerns, Zoom has been forced to respond swiftly to unexpected challenges.

Zoom has released security updates on a continual basis in the face of criticism of its security and, in late March, updated its privacy policy to clarify the platform’s use of data. In a statement issued in April, the company’s CEO, Eric Yuan, explained how ‘new, mostly consumer cases have helped us uncover unforeseen issues on our platform.’ He continued: ‘We are looking into each and every one of them and addressing them as expeditiously as we can. We are committed to learning from them.’ Facebook, meanwhile, has unveiled ‘Rooms’, its own videoconferencing challenger to Zoom.

Joe Hancock is a partner and the Head of Cyber at Mishcon de Reya. The requests for advice the firm has received from businesses are all related to videoconferencing products and their security, alongside price as a factor, he says. For one client, his team reviewed video platform options ‘and helped to put in place a strategy for deployment – balancing the cost of the platform versus the security that comes with it.’

As Hancock points out, any piece of software is only as effective as how it’s used. He is advising businesses on how to roll out antivirus and security packages to their staff for use on their own devices, ‘because these are now holding confidential information.’

Mischon de Reya has observed an overall decrease in cyberattacks during the pandemic so far. ‘We think some of that has to do with the effect of the lockdown on working patterns,’ says Hancock. For criminals, just as for companies, this hasn’t been an easy time for business, as their usual ‘workplaces’, like internet cafes, have closed. ‘But what we have seen is a massive increase in Covid-19-related activity.’

This ranges from the use of fake internet domain names to obtain private information, to phishing emails that purport to be from the World Health Organization. ‘Criminals will never let a good opportunity go to waste,’ says Hancock. The United States, for instance, has seen scams related to its government’s Covid-19 emergency aid stimulus cheques. ‘We’re also seeing ransomware targeting healthcare staff. And if there’s any change surrounding antibody tests, everyone will pivot to that too.’

Schreiber says remote working comes with ‘a higher risk for a decrease in IT security and data protection, as the same IT security precautions and data protection standards must be maintained, as with an existing office infrastructure.’ She says that ‘hurriedly set up’ home workplaces often don’t meet these standards. And if employees are not trained or ‘sufficiently sensitised,’ data theft and manipulation can occur.

‘During a pandemic, rolling out mandatory training to your staff is a difficult message, especially if the economics have become more difficult as people are put on to reduced hours,’ says Hancock. He highlights the challenge if companies have to say to employees ‘we’re going to put you on furlough, but here’s some mandatory data protection training.’

Marianne Granhøj is Co-Chair of the IBA Employment and Industrial Relations Law Committee and heads the employment practice at Kromann Reumert. She believes the urgency for effective training ‘comes in two blocks security-wise.’ ‘This is super generalising, but in the younger generation there can be a tendency to not pay enough attention,’ she says. ‘The elder workforce can have difficulties adapting and are making mistakes because of insecurity and lack of knowledge.’

Remote working has highlighted the importance of training in data security and compliance with regulations, like the European Union’s General Data Protection Regulation (GDPR). But it’s also entering uncharted waters, Hancock points out. ‘How do you deal with acceptable-use policies being breached because, after five weeks at home, people are going to be quite happy to stick their kids in front of the work laptop with YouTube on it, just to get an hour’s peace?’

Adapting workplace ecosystems

This blurring of personal and professional spaces as the new normal isn’t just about novel internal security policy issues. How companies are using technology to adapt their workplace ‘ecosystems’ is also important for maintaining employee productivity. ‘Remote working is not just about having the tools, a PC at home and a good VPN,’ says Teresa Paz-Ares, Chair of the IBA Data Protection Governance and Privacy Subcommittee and a partner at Uría Menéndez, specialising in electronic communications. ‘It’s about ensuring that everyone knows how to work remotely. Internal communication needs to be effective, so that everyone is informed and feels supported.’

For Granhøj, this depends on good leadership. ‘Our skills at being good managers are being tested’ she says. ‘Because, to make this work, we need to stay close while also being remote and apart.’ Granhøj is seeing a need to create ‘more layers of team management, so that everyone feels a commitment to delivering as before.’ She is also encouraging her lawyers to substitute emailing with picking up the phone.

At Bennett Jones, Stephen Bowman says that the need to counteract what he calls the ‘centrifugal force’ of staff being isolated outside the workplace has resulted in a greater number of weekly video meetings being scheduled, as well as increased video social activities like ‘coffee mornings.’ ‘There’s more direct effort being put into keeping in touch,’ he says, ‘by communities within the firm, whether that’s lawyers or support staff.’

Digital law and justice

Of course, it’s not just about adapting internally to the new challenges of remote working. As an inherently client-facing profession, lawyers are having to explore new ways to use technology to fulfil their jobs, sometimes with government assistance.

‘Laws are changing to allow the legal system to function,’ says Bowman. He uses the signing of wills as an example. Law in Ontario, Canada, had previously required two witnesses to be present for a signed will to be valid – clearly a difficulty in the current circumstances. ‘So, the government has issued an emergency order that has overwritten those laws,’ Bowman explains. ‘It’s now valid to execute a will virtually, with a video witness.’

Elsewhere, in the context of private commercial contracts, many companies have comfortably been closing deals with e-signatures for some time. ‘I no longer see meeting rooms with rows of documents that someone has to come in and sign,’ says Bowman. ‘That has disappeared. The commercial world had already adapted to a largely remote working model.’

The use of videoconferencing for certain sensitive matters in courtrooms has been standard practice in many countries for years. After Canada shut down in mid-March due to the pandemic, courts established protocols for emergency matters, ‘enabling a small amount of courtroom activity to continue,’ says Bowman. Since then, ‘courts are opening up more and more through the use of video technology’ for hearings, he says. The discovery process, he adds, is largely virtual now.

By contrast, Germany is struggling to ‘open the justice system to digitalisation,’ says Schreiber. ‘Publicity, immediacy and orality are the main principles of many trials. As those cannot be satisfied in many cases, court hearings are suspended nationwide and only urgently necessary appointments are made.’ This has compounded an existing case backlog.

There has also been no common approach, says Schreiber, as a result of Germany’s federal principle of judicial independence. ‘The legislature seems to have understood the urgency of the situation and is trying to adjust process regulations,’ says Schreiber. This includes potentially introducing online negotiations for labour disputes. But given the lack of digital equipment in many German courts, she’s not sure how adjustments can be implemented with such short notice, particularly in Germany’s ‘already overloaded’ justice system.

Deploying existing technological options in a far more widespread way is enabling many legal functions to continue remotely. However, it’s clear that this is a complex process, varying between places. In India, for example, the Supreme Court has issued guidelines for the court to function via videoconferencing during lockdown. Criminal proceedings, such as bail applications, have subsequently been heard this way in high courts.

‘Judges and advocates have been enthusiastic and earnest so far in adopting videoconferencing for the conduct of proceedings,’ says Singh. He explains that the Delhi High Court has issued its own guidelines, prescribing the minimum requisites for videoconferencing. Audio-visual material is recorded in court, where an encrypted master copy is retained. Another copy is stored in a secure location as a backup. Logistical difficulties are handled on a case-by-case basis.

However, Singh also strikes an important note of caution. ‘Some courts have faced difficulties in conducting proceedings online on account of a lack of, or inadequate, infrastructure available to attorneys or the litigants.’ In particular, he says, many litigants before India’s district courts tend to come from low-income groups and so-called ‘tier-2’ cities, where internet infrastructure is minimal. They can’t attend virtual hearings.

Magnifying the faultlines

This enforced period of technology-driven remote working is ‘definitely bringing out social inequalities in terms of broadband infrastructure,’ says Singh. ‘It’s a challenge for India. We’re a population of 1.3 billion. As a first step, the government is going to be giving broadband access to industrial and urban areas, where businesses need it, rather than to rural areas – because, in terms of resources, we are a developing nation.’

The pandemic is demonstrating how far the legal sector has advanced in terms of its ability to switch from the analogue realm to a digital way of working. However, simultaneously, it’s also magnifying existing faultlines, from staff experience levels to economic inequality and the limits of government, business resources and investment when it comes to technology.

Hancock also believes that problems could emerge the longer the lockdown lasts. ‘From a security perspective, if you’re relying on suppliers to monitor your systems and they get ill it’s not something you can just go turn on yourself,’ he says. Just as the pandemic’s impact on the economy is straining the payment chain linking law firms and clients, it could disrupt their technology supply networks.

Hancock also says that, as lockdowns last, there’s a greater chance that security-vulnerable ‘stopgap’ software products, initially adopted for short-term use, could become permanent fixtures by default. Similarly, he points to companies that have temporarily agreed to staff accessing their systems from their personal laptops. ‘That might be fine for a month,’ he says, ‘but it’s a problem if it ends up being six months.’

One of the longer-term consequences of the pandemic is likely to be the need for greater vigilance. And as companies gradually leave their makeshift home workplaces and return to their offices, it may be that some security-related ‘bad habits’ acquired during remote working will need to be ironed out.

The aftermath

Ultimately, there may be other lessons to be drawn from the pandemic era. Will this ultimate stress-test of technological resources change the way the legal and business sectors operate?

Paz-Ares says that the pandemic should be a wake-up call for those organisations that hadn’t ‘reviewed and continually improved’ their digital resources before. ‘If you are not actively pursuing and evaluating new technology developments and keeping up to date, your firm might be obsolete before you even realise,’ she warns.

She doesn’t think that law firms will move entirely to remote working, ‘because we would be losing part of the very essence of what we do. We absolutely need to interact with our teams and other colleagues.’ ‘But the approach to flexible schemes will definitely present change,’ adds Paz-Ares. ‘This crisis will further prove that performance-based work evaluation makes a lot of sense and increases efficiency.’

‘At the end of the day, I don’t know how many hours my colleagues have been working on a matter, or from where,’ she says. ‘All that counts is that, before a deadline, there is a superb paper ready to be sent to a client.’

Hancock also thinks we will see a ‘different set of working patterns’ post-pandemic. ‘Working from home, in the United Kingdom in particular, is now more acceptable,’ he says. ‘People are realising that staff are productive. I don’t think everyone will go back to the office full-time.’

Granhøj anticipates that flexible working will require firms and other businesses to ‘find tools that can replace the value of physical interactions, while providing the same engagement, loyalty and motivation.’ From a management perspective, she continues, there will be a need for ‘more frequent, disciplined and structured follow up, to make sure you stay close to your people and the delivery of your organisation.’

This won’t be easy. And it’s going to happen in commercially fraught circumstances for most industries around the world. In the short term, as the dust settles, law firms and companies will be counting the cost of the pandemic’s financial impact. This is likely to be accompanied by redundancies and related lawsuits.

The lockdown is revealing the incredible technological potential for a different way of working. But it has exposed the pressure points as well as the positives. At a time when global markets are already teetering on the edge of recession, significant investment in IT infrastructure will be needed in many places. The digitisation of services, like regulatory filings, is likely to increase reliance on the use of third-party providers. New supply chains may create new security problems. And while state regulators are taking a more ‘relaxed’ approach, they’re unlikely to do so indefinitely. Nevertheless, the pandemic has forced companies and service providers to adapt and evolve quickly.

In these lean times, accelerated technological development is likely to be fundamentally linked to the survival of the fittest in the business and legal worlds. Whatever else happens, thinks Singh, the post-Covid-19 future will ‘definitely see some interesting and aggressive changes.’

Tom Wicker is a freelance journalist and can be contacted at tomw@tomwicker.org