Amazon Alexa is an intelligent personal assistant that has infiltrated the homes of consumers around the world.  By using voice commands, consumers can play music, order takeaway and carry out an ever-expanding number of tasks.  Alexa is now making the jump from a consumer tool to a valuable legal tech resource, but is using the virtual assistant as easy as it seems?

Lawyers are seeking out Alexa to quickly answer queries regarding legal information, saving valuable time. Need to know which sections of the Companies Act relate to directors’ duties? There is no need to open a statute book or fire-up Westlaw – just ask Alexa.

Accurate time recording is an essential task for any lawyer, but one which is loathed and often a distraction from billable work.  Thomas Reuters has recently developed “Workplace Assistant” for Alexa, a program that records and tracks billable hours by speaking to it. Simple commands to Alexa can calculate hours spent on matters as well as answer specific questions surrounding billable hours saving hassle and headache.

With Alexa’s underlying technology now readily available to developers through the ever-increasing number of Alexa “Skills” and through Amazon’s cloud offering AWS by way of “Amazon Lex” and “Amazon Polly”, we are likely to see more and more of these technologies entering the legal market over the coming years. However, while Alexa is a remarkably intelligent and time-saving intelligent assistant, the use of this virtual intelligence in the legal sector is raising concerns surrounding privacy, confidentiality, and data protection.

Alexa is constantly listening and after hearing the “wake word” – “Alexa” or “Amazon”, it begins actively recording user input.  This voice recording is then transferred to the Amazon Cloud where Alexa Voice Services (AVS) converts the recording into commands that can be interpreted.  Once interpreted, an appropriate response is pushed back to Alexa and the command is carried out.  If the device is not muted or someone accidentally says a wake word, confidential conversations and client information may be inadvertently recorded and transferred to a data centre, potentially outside of the jurisdiction.  These recordings are generally to help train Alexa to better understand future requests. While users have the option to prevent this data retention, they risk losing out on the assistant’s usefulness in other areas due to machine learning “memory loss”.

It is understood and vital that lawyers protect client confidential information both as a matter of law and as a matter of conduct.  For lawyers that choose to use Alexa, the question is how secure are their requests?  If the commands are issued to an Alexa-enabled Internet of Things (IoT) device such as an Amazon Echo, how vulnerable is the device to a hacker?  IoT devices have often been criticised for lacking adequate in-build security which was brought to attention in late 2016 with a widespread denial of service attack on major technology brands such as Twitter, PayPal and Spotify caused by exploited IoT devices.  Lawyers will need to be assured that the intelligent assistant sitting on their desk cannot be compromised.  Tools that use AVS are reliant on the protection offered by Amazon in ensuring that commands are appropriately protected in transit and storage.  For third-party apps that use a combination of AWS public cloud resources and their own proprietary resources, points of potential compromise are increased.

Despite the best efforts of Amazon and technology companies, it is impossible to entirely eliminate security flaws and the potential for confidential information getting into the wrong hands.  Use of these IoT devices and the underlying cloud infrastructure after identifying even a minor security issue could lead a lawyer to commit an offence by breaching their professional obligations imposed by the Solicitors Regulation Authority’s Code of Conduct or by falling foul of data protection laws.  With stricter data protection laws imposed by the General Data Protection Regulation which comes into force in May 2018, using Amazon Alexa in any way that records and stores a client’s information is likely to be increasingly challenging.

Amazon Alexa’s usefulness as a virtual assistant is helping it to become an increasingly commonplace fixture in law firms.  Nevertheless, it is essential for lawyers who utilise Alexa to be aware of the potential risks of using the assistant and it must be ensured that client service and confidentiality is not sacrificed for the sake of ease.