‘Cybercrime Act does not Create an Enforcement Agency’

0

The world has indeed become a global village and with it has come challenges, new processes and information systems. But the need for legal and regulatory frameworks to protect individuals, institutions and the global community at large has also become imperative. Nigeria’s large online presence and growing internet culture would ordinarily suggest the presence of an equally robust cybercrime legal framework. However it took the country more than a decade to enact the first of such laws the Cybercrimes Act in 2015. Basil Udotai Esq., ICT legal expert and Cyberlaw specialist told May Agbamuche-Mbu, Jude Igbanoi and Tobi Soniyi what Nigerian lawyers need to do to ensure they seize the opportunities of the modern global ICT law regime. He also spoke on wide range of emerging ICT law issues.

You are a renowned specialist in Information and Communication Technology Law, which is a very unique and new area of the law. Could you enlighten us on this novel area of the law? What do Technology Lawyers do?

First of all, I would like to thank THISDAY LAWYER for visiting our offices today and giving us a chance to have a discussion on law and our increasingly evolving digital economy in Nigeria. It is always a great pleasure for us as a firm to interact with colleagues on these issues, especially as we haven’t had as much time as we used to have in the past to participate in conferences and seminars. Yes, ICT is a new and interesting area of practice and one that captures the attention of many lawyers. It is however not a walk in the park, not that any area of law is, but ICT is uniquely intricate in the sense that one is not only focusing on the legal frameworks and principles of law, but also requires a good measure of familiarity or understanding of the underlying technologies involved. Sadly, lawyers tend to be technology averse, so the field of ICT law is not as crowded in Nigeria as one would have expected given the tremendous growth in the sector during the past decade. This may be a good thing from a competition standpoint, as the few specialist lawyers do not have too many firms to compete with. We are not yet aware of any firm that is exclusively focused on this area besides our practice. The other advantage we have is that we get to pick and choose the projects we want to get involved in. Luckily for us, there are many growth areas in ICT, so finding signature projects is never a challenge. A major difficulty here is finding specialist lawyers to hire. Besides the techphobia syndrome, which I already mentioned, the fact that ICT is regulated under three distinct legal regimes in the country, adds to the difficulties. So while technologies have largely converged around Telecommunications, Broadcasting and Information Technology to enable what is called triple play (voice, video and data); it is practically impossible to find a Nigerian lawyer today who is versed in all three areas of ICT combined. You are likely to find good telecoms lawyers who know very little or nothing about broadcasting; or good broadcasting lawyers who are not very familiar with information technology law or telecoms for that matter. Many jurisdictions regulate technology services under a single legal framework, not just because of the convergence of technologies, but also to accelerate growth by eliminating needless turf battles between regulators as well as reduce transactional cost. Also to enhance operational efficiencies for businesses. It is very important, in fact inescapable, that Nigeria considers merging the three legal frameworks namely; Nigerian Communications Act; National Information Technology Development Agency Act; and the National Broadcasting Commission Act, into one “converged” legal and regulatory regime for ICT.

On what technology lawyers do specifically, I usually like to express the expertise of technology lawyers as attorneys who operate at that intersection between law and technology. Thus, we offer regulatory and compliance services both to industry regulators and operators. We also handle legal risk management by helping clients negotiate, draft and manage technology related contracts (hardware, software, related network infrastructures etc.); as well as advise clients on how to guard against liabilities, and protect their sensitive digital and legal assets as they utilise technology and related resources for everyday business operations. Our great area of strength is in legal development, where we work with clients to draft and review appropriate languages into proposed legislation or regulatory instruments to enforce legal mandates of clients or bridge gaps in our legal system in relation to various subject matters. We have served on a number of committees both in the House of Representatives and the Senate in this area, and worked with a host of international organisations as well.

The Legal Profession, by its historic roots, has always been a conservative one. Decorum, conventions and the preservation of the dignity of the legal profession has remained the preserve of the men and women of the bar for centuries so how do you believe the conservative nature of the profession will be influenced by the more modern and prevalent forms of social media presence and the contemporary ‘art of selling’ a brand on the internet?

Are you referring to Rule 33 of the Rules of Professional Conduct in the Legal Profession? Well, we had a discussion concerning this rule recently and I had to actually check to see that the rule still exists. And to my surprise it is still part of the rules governing the conduct of our legal business today. It is either we are deliberately pretentious or we just have not had the chance to revise our rules yet. Any law firm with online presence in the country has either violated Rule 33 or risks such violation. How about Rule 34, have you taken a look at it? This interview we are having now may traverse that rule, one way or the other. I know we have a profession with rich conservative history to maintain, but just like the Supreme Court once indicated that law cannot shy away from technology in the context of digital evidence (I am paraphrasing here, of course), if law must continue to operate as the instrument for social engineering, then irrespective of the sophisticated nature of the prevailing technology at any given time, the law must be made to play its role in society. In that regard, I think it is obligatory for us lawyers – to not only progress with society, but also we have to understand that both society and our clients expect us to play our part in articulating legal remedies and managing legal risks even in complex technology environments. So, how can we do this in respect of social media, for instance, if we are not there ourselves, and cannot create profiles for our lawyers and firms? How would today’s “always connected” clients find us? Most youths nowadays are practically “digital natives” and companies are targeting this demographic for products and services. Governments are “sacked” and “installed” on the power of social media. Our entire lifestyles as a generation have migrated “online.” Anything that is left is being readied for seamless interconnection as we speak. In view of these current realities, why should we retain rules in our profession that deliberately set us back? Maybe we can challenge some of the candidates running to be elected as the next President of the NBA to take up the challenge of reviewing and modernising our rules of practice to make them more contemporary and effective. Should that happen, I will gladly volunteer – to the extent that my services are needed, to work with other colleagues to reform the rules and make them consistent with today’s business practices and the online environment. I doubt very seriously that Rule 33 would survive such a review.

The use of e-commerce and e-payment channels have brought to the fore a variety of legal issues relating to liability for fraud on banks’ or 3rd party websites. In your view how is liability determined for fraud in e-transactions on a third party’s website?

Irrespective of the platform in question, whether that of a bank or 3rd party, online fraud committed in the course of e-transaction in Nigeria is criminal today by virtue of the Cybercrime Act 2015. So it is no longer an open question as to where responsibility lies in terms of criminal law. However, as a regulatory matter, all card-issuing banks are bound by guidelines and other regulatory instruments enacted by the Central Bank of Nigeria (CBN) in this regard. There are two important guidelines I can think of here – the Guidelines on eBanking and Card Issuance and Usage Guidelines. It appears that by virtue of these guidelines, banks are responsible for the security of the payment cards they issue; and are liable to reverse electronic transactions reported by cardholders to have been executed fraudulently, and chargeback (or refund) the amount involved back into the cardholder’s account. This is consistent with global best practice and enshrined in Card Associations Operating Regulations, which the CBN has imported into its regulatory regime through those guidelines. In certain circumstances however, the merchant (or so called third party) may be liable to the bank, especially post chargeback, if the fraud results from a breach of an obligations owed to the bank by the merchant. Even though the legal status of online fraud appears a lot clearer in Nigeria now, realising customer remedies remains a huge struggle. Consumer education is key here. The practical benefits of criminal law as the only legal solution is extremely limited, in the fast paced transactional environment, involving thousands or millions of payment processes occurring simultaneously and repeatedly on a 24/7 basis. So emphasis should be placed on resolutions of cases in expeditious manner consistent with the fast paced nature of the online world. The enactment of Electronic Transaction Law will also go a long way in reducing incidents of fraud by ensuring that technological and legal measures are adopted to achieve the validation, authentication and enforcement of electronic transactions.

There has been a lot of outcry recently over a Bill in the National Assembly seeking to impose 9% tax on communication services in the country. Some have warned that this Communication Service Tax (CST), as it is called, will retard Internet penetration in the country and slow progress in eCommerce etc. Do you think there is a place for CST in Nigeria?

I was very surprised to learn of the introduction of the Communication Tax Bill at the National Assembly. My surprise stemmed from the fact that there is already in our legal system a communication service tax of sort; and so the Honourable member who introduced this Bill and the entire House of Representatives who chose to take this on somehow missed that fact. S.44 of the Cybercrime Act provides for the levying of a tax corresponding to 0.005% of the value of all electronic transactions. I understand that there are serious difficulties already in trying to enforce the tax provisions of the Cybercrime Act. Typically, operators have a knack for passing taxes, especially service-based taxes imposed on them, to consumers one way or the other. To the extent that CST may raise rates, it may have negative impact on growth. However, I doubt that the Bill will sail through. I am sure that as soon as members become aware that there is already a service related tax in the industry, they may stand down the Bill so as not to unduly overburden consumers of communication services.

Recently, the Central Bank Governor Godwin Emefiele suspended a deputy governor of the Central Bank and four deputy directors resulting from the hacking scandal at the CBN which saw hackers extract $441,000 from the apex bank. Attacks like this put a spot light on the effective policing of cybercrime and cyberattacks. Do you believe the cybercrimes Act 2015 adequately provides protection for unsuspecting internet users, especially considering the complexity of third-party platforms and internet liability?

On the CBN fraud itself, I doubt very much that it was a case of hacking. Based on publicly available information, it appeared that scammers emailed a fund transfer request to the CBN at a time when the Governor and other key officials were already airborne on a trip to China. The scammer carefully timed the request to occur at that particular time to prevent the request from being authenticated. The fact that officers of the CBN were fired following the incident indicates that the apex bank might have suspected insider complicity. It was a very simple case of email fraud, which sadly led to the loss of a lot of money at the CBN, but it certainly was not hacking. The incident that concerned me a bit more was the one reported in the Vanguard Newspaper of February 9, 2016 in which the Department of State Services (DSS) was said to have foiled attempts to hack and steal N4.5 billion from The Single treasury Account (TSA) maintained at the CBN. Though there was a lot less information on this, the mere idea that the TSA was targeted and the word “hacking” was used, should be a serious cause for concern to all of us. Now that the government has consolidated the entire revenue of the country into a single account, chances that a successful hack could wreak imponderable havoc on our economy appears high. And yes, the Cybercrime Act has addressed many online frauds in its provisions, including hacking. But just having the law in place does not confer protection. Even countries with long standing history of superb cybercrime enforcement still suffer network attacks and breaches of their most secure communication infrastructures. I am sure that the security systems around TSA are cutting edge, and the structure of the account itself may not be as “single” as it is made to sound, such that a successful attack would not result in zero TSA account balance. The President recently stated that the sum of N2.2 trillion was realised in the TSA account in three months. This is exactly the sort of detail that serious hackers are interested in having. Besides the very high amount, just being able to successfully hack the central account of Nigeria, is something that holds a lot of bragging value for world-class hackers.

Notwithstanding the fact that cloud computing has been one of the most significant technological advances in recent years it has also raised new legal and ethical issues for lawyers and corporations including confidentiality of client’s information. Given the prevalent nature of such new technologies, how should law firms be preparing to benefit from their advantages while protecting clients from the threats presented by their shortcomings?

Most people today are already using cloud services without knowing it. If you have one of those free emails, or even enterprise emails that are paid for but provided by Google or any of the global mailing and collaboration organisations, you are already in the cloud, trust me! Again, this is the future. It is futile to try to resist it. All that we can do is ensure that our cloud services agreements, including the service obligations contained in the SLA’s are specifically drafted for the services acquired. Cloud operators have standard service agreements prepared by lawyers in their head offices in whatever country they are based. Sadly, I have seen many organisations sign these agreements “as is” without negotiating any elements to reflect their particular circumstances. This is wrong and totally ill-advised. A law firm is a repository for very sensitive client related information. So service obligations reflecting our businesses must be crafted into the cloud services agreement. We should also keep in mind that cloud computing implies, not in all cases though, that data may be held outside jurisdiction. This means that data access laws in Nigeria which ought to be enforced may be inapplicable, if found to be inconsistent with equivalent laws in the country where the cloud servers are located. This is where many countries enact the so called Data Sovereignty Policy, which seeks to limit the location of data held in cloud services to being domesticated within jurisdiction. I am not aware that we have such a policy yet in Nigeria.

Part of the ethical consideration arising from the Panama Papers leak include data protection and client confidentiality. In your opinion what key components should a law firm consider in designing a data protection system for the records it keeps for clients?

First of all, let me quickly try to distinguish data protection from data security, because I think what you are referring to here is data security not data protection. From a technology law standpoint, data protection is a set of statutorily conferred rights to individuals whose data is submitted to service providers in the course of electronic services; to limit or determine the manner in which personal data is collected, stored, retrieved and shared; and includes the right to recover remedies (financial and otherwise) for abuses occasioned to such personal data. Data security on the other hand, refers to all measures – technological, legal and physical, etc. adopted to safeguard the confidentiality, integrity and availability of data in a network environment. Nigeria is yet to enact a data protection law, so law firms and businesses are unable to obtain benefits specific to data protection frameworks for the time being. Concerning data security, the Cybercrime Act has ample provisions in the event of an attack. However, as I have indicated earlier, there are also transactional considerations which firms are advised to undertake, especially in the choice of technology services providers, as well as services agreements especially with commitments specific to security. One fact that the Panama Papers leak proves, once again, is the fact that no system is impregnable. The very first casualty for cases of this nature is usually the organisation’s reputation. Clients’ exposure also means potential lawsuits. The governance rule on this is for the firm to ensure that it complied with all laws and followed best practice principles and policies in its database management and recovery system. No law requires anybody to promise the impossible, which would be the case should any firm offer that its system is not susceptible to attack.

Recently there have been controversies in the Telecoms industry concerning the BVN, SIM Registration and Multiple Identity Databases. Could you briefly clarify the legal regime and statutory guidelines on the BVN, SIM registration and Multiple Identity Databases and all such customer related data issues?

This is a very troubling subject. We are now witnessing all manners of excuses being advanced for the collection of biometric data of Nigerians. The danger with having so many databases with these unique human identifiers and credentials mean that folks can manipulate these databases and create actual individuals for any number of nefarious purposes. For instance, the BVN database contains those unique credentials upon which a legitimate Nigerian Passport can be issued. This is made extremely easy by the fact that the Nigerian Immigration Services (NIS) maintains an ePassport Database as well, and is linked to the Internet. Forget the fact that BVN also contains intelligence on the health of our individual financial accounts. So, integrating or overlaying the BVN data on the SIM database reveals all the individual’s phone numbers and addresses, and the FRSC database will get the individual’s drivers license. It seems that to the extent that we have somehow created an environment where someone can sit in Kiev Ukraine, where a lot of hacks come from these days, and issue a Nigerian Passport, drivers license and a phone number/addresses in the name, face and biometric identity of a very rich Nigerian, it appears that Nigeria has succeeded in enabling a hackers’ paradise. Of course, if a lot of these databases were built by certified professionals, based on strict standards adopted at the national level, with severe consequences for violations, while being monitored by agencies with the required mandate and technology tools, perhaps the chances for abuse might already be curtailed. But we have no such standards, either for the databases or the professionals involved, and so this is an area where financial gains remain the driving force against all else. As far as the legal analysis that you asked for is concerned, my take is that only entities that have statutory authorities to collect and retain personal data of individuals should be able to do so. All other organisations, who only need that data for their regulatory functions should be required to secure privileged access to the databases maintained in agencies with the legal right to do so. If this approach is adopted, we would immediately see that many entities jostling to collect biometric data of Nigerians would be legally incapable of doing so. One organisation with the overriding legal authority over biometric data and databases of Nigerians is the National Identity Management Commission (NIMC). Interestingly the NIMC Act also contains regulatory mandates which the Commission can utilise to spearhead a regulatory clean up of the system.

There has been a marked increase in eGovernment services at the federal and state level. Most salaries and contractors are now paid electronically, and organisations like INEC and FRSC have embraced technology with varying degrees of success. However, the recent effort by JAMB to adopt Computer based tests for candidates did not do very well. What in your assessment was the issue and how can this be corrected in the future?

You are absolutely right, the manner in which government services are being constantly migrated online is very impressive. eGovernment is the responsibility of the National Information Technology Development Agency (NITDA) under the Ministry of Communication Technology. Right after the disastrous outing by JAMB, I had occasion to discuss the issue with people at the eGovernment Department in NITDA. I was very sad to realise that they were not even consulted by JAMB on this. It goes back to the issue of standards I raised earlier. NITDA too has realised that there are many things left undone in its law and working very hard now to accomplish them. I can say this now for sure, because I am in those discussions now. But a situation where a government agency simply hires a technology service organisation to deliver on a critical national project, with tremendous impact on not just citizens but the wider economy as a whole, should be discouraged. NITDA needs to work on standards across service and product line, including professional standards for individuals in the industry and adopt regulatory instruments that compel MDA’s to insist on these standards as conditions for services. This is the only way that projects like the computer based test of JAMB, or any other eGoverment service deployment can work. Technology is not witchcraft. A lot of what we are attempting to do in Nigeria has been done in other places. If we are too shy to copy their methods, we can at least copy their standards. It is allowed!

You have been identified as one of the main architects of the Nigerian Cybercrime Act 2015. Why was this legislation so necessary? What does the legislation seek to correct from our existing body of laws?

First of all, I would quickly run away from being identified as the main architect of this particular Cybercrime Act. Yes, I was involved for about 6 years in the early days of the drafting of some versions of the cybercrime bill. But when this law was proposed, I had left ONSA and was already in private practice. I was consulted every now and then, but my influence was very limited. This is why, if you have noticed, I am not a very big fan of this law because a lot of provisions extraneous to both criminal law a very strict area of law, and cybercrime law as a technology field; found their ways into the law. I have also advanced a number of ways to circumvent those challenges and still deliver on respectable cybercrime enforcement on the basis of this law. Since my position is shared by many in the industry I am sure at the right time some of those considerations would be reviewed by the powers that be and appropriate actions taken accordingly. As for the necessity of a cybercrime legislation, it could not be gainsaid. Having exposed Nigeria to ICT and causing us to migrate practically all personal, business and now official government processes online, the least the government could do is enact and enforce a law to secure those processes and interactions. Besides, the only way to assure the utilisation of technology as the true engine for economic growth is to secure the computer systems and networks through which ICT services run. The government owed the duty to enact the law and though it took more than ten years to accomplish it, the fact that it is here now should nevertheless be acknowledged.

Regarding the Cybercrimes Act specifically, to ensure proper compliance with the Act, there has to be a robust enforcement regime. How would you assess the enforcement of the Act since it was passed?

As soon as the Cybercrime Act was enacted on May 15, 2015, I raised the alarm that I foresaw weak if not zero enforcement. And the reason I said that was because the law, unlike other criminal statutes in Nigeria, mandated “all relevant law enforcement agencies” to enforce it. As you would notice, the tradition in our justice administration system is to enact a law, which prohibits certain actions as crime and create an institution to enforce those specific laws. This is why you have NAFDAC enforcing pharmaceutical related law and NDLEA responsible for the narcotic related. The EFCC is responsible for economic crimes and the Copyright Commission is only conferred with the authority to enforce copyright laws. So, this tradition was not only broken with the Cybercrime Act, but the law then ended up creating too many “cooks” in the law enforcement agencies resulting in no one actually enforcing the cybercrime law. The unspoken rule in the law enforcement community, which this law did not bear in mind, is the fact that authorisation to carry out any function by a law enforcement agency must comply with the enabling law of that agency. The side effect of this lacuna is that Nigeria now does not seem to have anyone take up the leadership of enforcing the Cybercrime Act, because nobody truly sees it as their responsibility. That is why from the enactment of the law, it took nearly a year for any action to be taken at all under the law. This occurred a couple of weeks ago or so, when the National Security Adviser inaugurated the Cybercrime Advisory Council, which is only a policy making body under the Act, and does absolutely nothing in the area of advancing the enforcement of the Act. Our recommendation was for the law to create an agency, just like others, to be conferred with the authority to enforce cybercrime and assure cybersecurity in the country. If that recommendation was adopted, not only would we have seen some action on this matter we would have someone to blame for this current lapse in enforcement.

What is Lawful Interception? To what extent can anti-crime security agencies legally invade our privacy in crime investigation?

Interception of communication is illegal under Nigerian law. S. 12(1) of the Cybercrime Act provides for 2 years imprisonment and a fine of N5 million or both for its violation. Thus, interception is only legal if conducted upon securing prior judicial authorisation by way of an order of court and based on the strict requirements established under S.39 of the Cybercrime Act. So law enforcement and security agencies can validly intercept our communication, whether voice or data as well as location related information, for the purpose criminal investigation if approved by a Judge upon application. This law is complemented by the Nigerian Communication Act which in S.146 and S.147 mandates operators to cooperate with law enforcement in the investigation of crime, on the one hand, and also to make their networks intercept capable, on the other hand. Lawful interception is tricky under Nigerian Law, because a major deficiency in illegally obtained evidence in other jurisdiction is that such evidence would be thrown out in court. Our jurisprudence on this matter tends to indicate that the courts would look and consider evidence, even if obtained illegally, if such evidence is relevant to the case and dispositive of the matter at hand. The only safeguard now with the coming into force of the Cybercrime Act is the fact that law enforcement officials involved may be indicted under S.12 of the Cybercrime Act. Whether this is capable of deterring abuses in the area of interception in Nigeria remains to be seen.

There have been reports on Nigeria’s Digital Switch Over (DSO) of Broadcasting Networks and how Nigeria has been left behind by the rest of the world failing to meet international broadcasting deadlines for the switch from analogue to digital broadcasting. How can this anomaly be addressed to avoid national embarrassment? What are the consequences of failing to switch to digital broadcasting?

Digital Switch Over (DSO) was mandated by the International Telecommunications Union (ITU) for all its members in 2006. Nigeria as a member of the ITU was required to comply with this international obligation. However, only last year was the country able to find resources to enable DSO, which is being spiritedly implemented now by the National Broadcasting Commission (NBC) under the Ministry of Information and Culture. While the country has missed several deadlines already, including one last year in June, the benefits of DSO to television viewers and the broadcasting industry as well as the wider economy are so numerous that it may require another interview to go into it. Briefly, with about 30 million tv households, Nigeria has the largest free view population in the world. The immediate benefit, which everyone would notice is the digital quality of the tv broadcast and increased number of channels offered free to all tv households in the country. For content owners, it creates an opportunity for maximum commercial value for content as broadcasters would pay for content, instead of the current situation where content owners are being required to pay broadcasters to have their content aired. DSO is also the strongest antipiracy platform. Nobody who has access to watch original programmes and films free of charge in good digital quality would buy pirated movies from street vendors. Digital also means that content owners can load and sell contents or license to third parties on valuable commercial considerations to sell in the market. For the broadcasting sector, DSO is the best thing that can happen to Nigeria. It would create thousands of opportunities for employment; establish audience measurements, which will directly impact advertisement value greatly. DSO was recently launched in Jos for about 300,000 tv households. So we can no longer talk about consequences for noncompliance because it appears the country is already set to meet the new deadline of June 2017. The only thing that remains to be said is for lawyers to educate themselves about DSO as many client offerings and services would be impacted, so they can continue to offer sound legal advise to clients as needed.

What is Critical Information Infrastructure Protection? What would you recommend to the Nigerian Government and business community, including foreign investors, as a means to achieving it?

Right after September 11 2001 many countries realised that several aspects of their national affairs can be gravely impacted if certain communication infrastructures are damaged. So a different set of security requirements were then established for those kinds of infrastructures, whether physical or cyber. That is the idea behind Critical Information Infrastructure Protection (CIIP). It is defined in the Cybercrime Act as “any systems and assets, which are so vital to the country that the destruction of such systems and assets would have an impact on the security, national economic security, and national public health and safety of the country.” The strategy adopted in the Act for CIIP is two fold. First, an order issued by the President, on the advise of the National Security Adviser (NSA) shall designate infrastructures in Nigeria that constitute CII. Secondly, the Act provides a very high level of penalty for offences against CII. In view of the destruction of telecoms and communication infrastructure in the northern parts of the country by terrorists as well as saboteurs and thieves in other parts of the country, operators have waited for a very long time to see some action on CIIP in the country. It is hoped that when the law is eventually implemented this aspect would attract enforcement priority. A few clients have asked me whether the provisions of CIIP in the Cybercrime Act can be enforced against States and Local Governments who on the basis of their laws and edicts take actions against CII thereby rendering them inoperable, non-functional and in some cases damaged. I think this can be certainly explored, not for the purposes of indicting and prosecuting state officials under the Cybercrime Act, but as a measure to seek a national consensus on CIIP, similar to what Lagos State did under Governor Fashola with the Association of Licensed Telecoms Operators in Nigeria (ALTON).

Currently, technology exists which seeks to replace the roles carried out by humans with robots or artificial intelligence, proponents of this trend believe that it would save time and costs in addition to improving the quality of service delivery to clients. Do you believe that the services lawyers provide may one day be replaced by artificial intelligence?

Lawyers’ role representing clients and advocacy in court, which require direct human involvement and emotional connection with the Judges may defy technology incursion a bit longer, than the mere process related aspects of our work- whether it is legal research, discovery, case management, billing, process filing etc. It is interesting that you asked this because I recently stumbled on an article published by Bob Goodman and Josh Harder as far back as December 2014, in which they both reviewed areas in law practice that are ripe for disruption by smart start-ups. I think you should find and read the article. Quite interesting. In any event, in the list of things to worry about as lawyers, I would definitely worry a lot less about the possibility of my services being totally automated so that I am no longer needed. What may even happen before then, as health and biotechnology develops, is that I may be cloned and my clone(s) work in my firm in other locations. But I would not lose sleep about that happening either.