The rapid evolution of voice cloning and deepfake technologies has introduced new risks and vulnerabilities for the legal profession. Unscrupulous individuals may seek to exploit these tools to impersonate clients or lawyers, gain unauthorized access to privileged information, or even attempt to mislead courts and legal proceedings.
To uphold the integrity of the attorney-client relationship and the legal process, prudent lawyers should proactively address these emerging threats.
The implications of voice cloning and deepfakes
Voice cloning uses machine learning to reproduce someone’s voice patterns with disturbing realism. Deepfakes utilize similar AI techniques to manipulate video by swapping faces or creating highly convincing impersonations.
These tools can allow bad actors to influence others, gain access to privileged information, or fraudulently misdirect funds by impersonating family members, neighbors, celebrities, or politicians. For example, OpenAI can imitate a voice using only a 15-second sample.
Imagine receiving a call that sounds exactly like a client requesting a large sum be wired to a particular account. Or consider being surprised by a deepfake video of you strategizing and exposing privileged information. The implications could range from financial theft to violations of attorney-client privilege.
Increasing accessibility
While still an emerging threat, AI impersonations are becoming more accessible. In early 2024, criminals created a deepfake video likeness of a Hong Kong company’s CFO and other employees. The video appeared during a conference call and convinced an employee to transfer over $25 million to the scammers.
As I have written before, law firms are the least guarded path to the most sensitive data. They all too often do not have the cybersecurity protocols in place or the training to support them. As such, lawyers are likely to be targeted in similar schemes as the technology proliferates.
Establishing code words
So how can legal professionals safeguard against such deceptions? One low-tech but highly effective solution is establishing unique code words that you can use to verify the identity of clients in communication.
When you ask a client for a code word during unsecure audio or video communication, you can better safeguard against sharing sensitive financial or confidential information with a bad actor. Likewise, code words can help clients confirm that they are speaking to their attorney or their attorney’s staff.
For example, set the code “Purple Elephant” with client X. Any time you call the client or the client calls your office, ask them for the code word before going further. If they fail to provide it, terminate the interaction. If they insist it is them or claim they forgot the code word, require them to reset it in person.
Proper protocols are key. For example, frequently update code words if your representation is lengthy, use different code words across clients and matter types, never say a code word out loud that could be overheard, and consider making code verification a mandatory firm policy for financial or strategic communication.
While I have not yet seen code word verification inputs built into legal practice management platforms (such as Clio, MyCase, or Smokeball), I am optimistic that these tools will soon allow for this two-way authentication for clients and law firms.
Building client trust
While establishing code words may be a minor inconvenience, it is well worth your time. It can also help build client trust in an era when AI technology is generating unease.
Introduce the code word process to your clients upfront and explain why they are important. Be sure your clients and staff are trained on how to use them. Most clients will appreciate your proactive commitment to protecting their sensitive information.
Tips for vetting fraudulent communication
Here are some things lawyers should be aware of when vetting communication for fraudulent activity. It is beneficial to educate your clients and staff on what to look for too.
Telltale indicators of fraudulent communication:
- Unsolicited contact from an unknown party.
- When onboarding a new client, specify who they can expect to hear from at your firm during their representation and the methods of communication they should expect to use (preferably through a client portal). Also, confirm which methods of communication they should not expect you to use (e.g., social media direct messaging).
- Urgent demands for immediate action, leaving insufficient time for contemplation.
- Requests for monetary transfers via difficult-to-trace methods such as wire transfers, gift cards, payment applications, or cryptocurrencies.
- Solicitation of personal or confidential information.
- Instructions to maintain secrecy regarding the communication.
Concerning deepfake videos specifically, lawyers should watch for abnormalities in the video including:
- Unnaturally jerky body movements, inconsistent lighting or skin tones, absence of blinking, and irregular shadowing around the eyes.
- Behavior that is atypical of the depicted individual, such as soliciting funds or personal data.
- Speech that uses unusual phrasing, stilted patterns, and disjointed sentences.
When confronted with potentially fraudulent voice or video communications, proper responses include:
- Ask questions only the purported party could answer.
- Express skepticism and terminate the communication. Then, contact the purported party through known, trusted channels to verify the request.
Suspected scams may be reported online to the Federal Trade Commission (FTC). While the FTC will not resolve your report, they will use your report to investigate and bring cases against other frauds, scams, and bad business practices.
By embracing the old-fashioned security technique of code words, you safeguard your clients and your firm against becoming an unsuspecting victim of AI’s dark side. In an era of deepfakes and digital deception, something as simple as a shared code may be your strongest shield.
Staying up to date on issues impacting the legal profession is vital to your success. Subscribe here to get the Commission’s weekly news delivered to your inbox.
The Rise of ChatGPT: Ethical Considerations for Legal Professionals