KM, Artificial Intelligence and Information Security #ArkKM

Title: Data Security is Required. KM is Demanded. AI is Here: Armageddon or Utopia?

Speaker: Peter Kaomea, Chief Information Officer, Sullivan & Cromwell LLP

[These are my notes from the 2016 Ark Group Conference: Knowledge Management in the Legal Profession.  Since I’m publishing them as soon as possible after the end of a session, they may contain the occasional typographical or grammatical error.  Please excuse those. To the extent I’ve made any editorial comments, I’ve shown those in brackets.]


  • “When powerful forces collide, you can get either great devastation or great beauty.”  Here are the big forces that are coalescing now:
    • Knowledge Management
    • Artificial Intelligence
    • Information Security — this one is top of the agenda now because of cybersecurity concerns.
  • The PERFECT song to describe the degree to which our lives are surveilled or disclosed is “Every Breath You Take” by the Police.  (See video below)
    • Peter Kaomea then did a fantastic “dramatic reading” of the lyrics of the song to show how all the behaviors described in the songs are now being done by technology. We ARE being watched and analyzed with every breath we take.
  • Security Challenges:
    • Hackers are more sophisticated. There is a group that monitors mergers & acquisitions transactions and then “injects” itself into the email traffic.
    • Hackers inject themselves into transactions in order to redirect payment into their own accounts.
    • Ransomware — now even on smartphones (which contain a great deal of sensitive personal information)
  • Pressures: Clients want additional protections on their information
    • Client external law firm guidelines contain a huge number of restrictions on the way data about them can be stored and used.
    • Law firms have to change their behavior to comply with these guidelines.
  • Perfect Storm Approaching
    • The hardware, software and data handling tools are reaching the point where enormous and dangerous security breaches will be regular events.
      • By 2025, you will be able to buy the computing power of a human brain for approximately $1000.
      • By 2045, you will be able to buy the computing power of all human brains for approximately $1000.
  • How can KM help Security?
    • Help information services people manage the client data security contracts they are required to sign.
    • Focus on how to protect information even as we are trying to share it.
    • Purging information once you have finished using it.
      • The less you have, the less you have to protect
    • Put super-sensitive information in an “Enclave” — offline repository that requires the user to go a physical place to retrieve it in person (an updated version of using microfiche)
  • Thinking about using Security to improve precision AND recall.
    • There is a mathematical way to calculate how to achieve precision and recall. For example, removing unnecessary data makes it easier to find the useful data
    • This is a nice way of switching perspective: don’t see information security concerns as a handicap for KM, see them as enablers/opportunities.
  • How can KM and AI work together?
    • Profiling content
    • Profiling users — e.g., what’s the ratio of send to receive? Has that behavior changed? What could that change indicate?
    • Automating taxonomy creation
    • Automating knowledge workflows
  • How do Information Security and AI work together?
    • Anomaly detection programs watch the traffic over the system. Is there a spike in traffic that correlates to the work day in Russia or China? Could it indicate possible infiltration?
  • “Too big to know”
    • What happens when you join data sets that have never before been joined? This can turn up valuable insights. It can also expose information that was considered hidden/secure.
  • How should you converge KM, AI and Info Security?
    • Entity extraction can be helpful to understand your content. Can you also automatically delete those entities to achieve quick document sanitation?
    • Can you use auto-classification so that fewer people need to handle sensitive materials?
    • Can you use auto-purging processes to strengthen security?
    • If you are watching activity anyway, can you create behavioral analytics and then use those insights?
    • Can you use these three areas of expertise to improve access to justice?