A Practical Guide to GenAI Tools
In the rapidly evolving landscape of novel technologies, artificial intelligence (AI) is reshaping the legal profession everywhere we look. New Zealand is no exception. AI dominates conversations in law firms across Aotearoa, from boutique practices in Wellington to major firms in Auckland. Some lawyers embrace these tools enthusiastically and invest no small amount of money in testing and deploying these solutions, while others approach them with caution. Initially, those firms that implemented outright bans, might be re-considering their approach, as AI systems are getting smarter and more reliable.
In 2024, Cisco survey revealed that over a quarter of companies globally have implemented generative AI bans among their staff. This survey, spanning 2,600 security professionals across 12 countries, showed that two-thirds of respondents have imposed limitations on data input into LLM-based systems or prohibited specific applications entirely. These findings mirror the growing debate within New Zealand’s legal community about AI adoption.
Recognizing this major challenge for practicing law, the New Zealand Law Society has released comprehensive guidance on generative AI use, emphasising key obligations for lawyers:
- maintaining competence with new technologies,
- ensuring proper supervision of AI outputs,
- protecting client confidentiality, and
- avoiding misleading conduct.
The guidance makes clear that while AI tools can enhance legal practice, they must be used within our professional and ethical framework.
To help practitioners meet these obligations, this article examines ChatGPT – one of the leading generative AI solutions – through a New Zealand legal lens. We’ll address three critical questions:
- How does ChatGPT’s technology actually work and what are its limitations?
- Where does its data come from, and what are the privacy implications under New Zealand law?
- What happens to the information we input, and how does this affect our professional obligations?
By understanding these aspects, lawyers can make informed decisions about AI adoption while maintaining professional standards.
Understanding ChatGPT’s Mechanics: A Lawyer’s Perspective
For New Zealand lawyers, understanding how ChatGPT works is not just about technical curiosity – it’s about professional competence. The tool’s underlying technology affects everything from client confidentiality to the reliability of its legal research capabilities.
At its core, ChatGPT utilises a type of artificial intelligence called GPT – Generative Pretrained Transformer.
Image from Geeks for Geeks (https://www.geeksforgeeks.org/chatgpts-architecture/)
This technology is designed to understand and respond to user inputs by analysing vast amounts of textual data, learning patterns of language usage, and context. The transformer architecture is a type of neural network that aims to simulate the human processing of language through layers of interconnected nodes. This type of underlying architecture was proposed for the first time in 2017 in a paper named ‘Attention Is All You Need’, which suggested the following model architecture, whereas the ‘Nx’ refers to the number of layers a particular transformer implements. Usually, the transformers have many layers, which carry out different tasks but apply the same method.
OpenAI’s GPT transformer operates with a unique structure. For instance, GPT-2 had 12 transformer layers, each with 12 independent attention mechanisms, or ‘attention heads,’ resulting in 144 distinct attention patterns. Think of the transformer as a multi-layered brain, with each layer containing mini-brains or sub-layers. Two key components include the self-attention layer, which identifies critical words in a sentence, and the feedforward layer, which processes information in complex ways. Together, these components help the transformer understand how words relate in a sentence.
The current GPT-4 model, which powers ChatGPT’s latest version, has significantly evolved from GPT-2. It uses a more advanced architecture with:
- Multiple layers (estimated 96+ transformer layers)
- Increased attention heads per layer (estimated 96+ heads)
- Enhanced pattern recognition capabilities
- More sophisticated self-attention mechanisms
- Improved context understanding through bidirectional processing
Each attention head captures linguistic patterns, enabling the model to focus on specific words or phrases to better interpret context. The transformer uses self-attention to weigh the importance of words in a sequence, similar to how a puzzle enthusiast assembles pieces to form a coherent picture. This enthusiast identifies edges (sentence structure) and clusters colors (topics) to fit pieces together, much like GPT learns linguistic patterns.
For example, in the sentence “Jane threw the ball,” one attention head might focus on “Jane” (the subject), another on “threw” (the action), and another on “the ball” (the object). This layered approach, akin to having 144 perspectives, helps the model interpret and predict language effectively.
The model operates probabilistically, not through understanding. This is extremely important to remember! It is a very good statistical model, which very often correctly interprets our words, but does not understand them!
AI system learns word sequences by analyzing vast text corpora during training. Initially, it generates random responses, but over time, it adjusts internal parameters (weights) to predict contextually appropriate words. For instance, when completing “instead of turning left, she turned ___,” it might guess “right” or “around” based on learned patterns.
These weights, vast numerical strings, are fine-tuned during training to reflect learned patterns, improving the model’s ability to mimic human language. While GPT performs better in English due to its training data, it also adapts to other languages by analyzing syntax differences. Over time, this iterative learning process allows GPT to generate language that aligns closely with human communication.
Where Does the Data Come From?
According to OpenAI, ChatGPT was trained using three primary data sources:
- Publicly available information on the internet.
- Data licensed from third parties.
- Data provided by OpenAI or its human trainers.
For this discussion, let’s assume these are the only data sources OpenAI uses. One key method for gathering this data is web scraping, an automated process that collects information from websites, blogs, news articles, and forums. This allows OpenAI to build a comprehensive corpus of text, reflecting diverse linguistic styles and contexts. Such variety is essential for training models capable of generating contextually relevant and stylistically appropriate text.
Before training, the data undergoes preprocessing: removing duplicates, correcting errors, standardizing formats, and tokenizing text (breaking it into smaller units like words or phrases). This ensures consistency and prepares the data for training.
To stay relevant, OpenAI’s models need regular updates to incorporate contemporary slang, emerging terminology, and recent events. However, this approach has faced challenges, with major publishers like The New York Times and The Guardian taking steps to block web scraping. Recently, The New York Times sued OpenAI and Microsoft over unauthorized use of its content for training purposes. This case may clarify copyright responsibilities for AI companies.
Where Does Your Data Go?
As lawyers, one critical question is: what happens to the data we input into ChatGPT? Whether it’s a client’s name in an email draft or confidential M&A details, even seemingly minor data points could be pieced together to reveal sensitive information. This is one reason many law firms have banned generative AI, as highlighted in a Cisco survey.
ChatGPT stores all conversations and data entered in the chat history. Even if you disable chat history, the system’s functionality diminishes, making it difficult to conduct extended sessions. This suggests that the platform’s design relies on storing data for learning and optimization.
Additionally, OpenAI collects a broad range of user data beyond conversations, including:
- Email and phone numbers.
- Geolocation and network activity.
- Transaction history and identifiers (e.g., IP address).
- Cookies and log data.
If you interact with OpenAI through social media platforms, aggregated analytics from providers like Facebook or Instagram may also reveal additional user insights. This creates potential risks if such information were combined to identify specific accounts or discussions.
Moreover, OpenAI’s privacy policy states that data can be shared with “affiliates, vendors, service providers, law enforcement, and parties involved in transactions.” This vague language raises concerns under EU data protection laws, and compliance with the NZ Privacy Act also comes into play.
NZ Privacy, Data Protection, and Cybersecurity Considerations
Under New Zealand law, inputting data into generative AI tools involves inherent privacy risks, particularly when data is transferred overseas. Lawyers must comply with Information Privacy Principle 12 (Disclosure Outside New Zealand), which governs cross-border data sharing. Both public service and court guidance strongly advise against inputting personal or client information into external AI tools due to confidentiality and privilege concerns.
Cybersecurity risks are also significant. Generative AI tools can be vulnerable to malicious actors exploiting system flaws, leading to data corruption, phishing, or other attacks. Lawyers should follow guidance from CERT NZ, which provides tailored cybersecurity advice and updates for businesses.
Generative AI raises important questions about intellectual property (IP) ownership of both input and output data. Risks include:
- Copyright infringement: Web scraping practices may involve unauthorized use of protected content.
- Ownership disputes: Some AI tools retain rights to user-generated content or outputs under their terms of service, which could breach confidentiality or privilege obligations.
Lawyers must carefully review contracts and terms of service to avoid legal or ethical breaches, particularly concerning privileged, confidential, or personal information.
Professional and Ethical Considerations of Using Generative AI
Improper, negligent, or incompetent use of Generative AI (Gen AI) can result in serious breaches of the Rules of Conduct and Client Care (RCCC), including:
- Rule 3: Competence.
- Rule 10.9: Misleading and deceptive conduct.
- Rule 13.1: Duty of fidelity to the Court.
For example, lawyers overseas have relied on Gen AI, inadvertently submitting false cases and authorities to courts, which led to serious disciplinary consequences. Such risks highlight the importance of competence and careful oversight when using these tools.
A lawyer practicing on their own account may also breach Rules 11 and 11.1 (Proper professional practice in managing a legal practice) if they fail to monitor or control how Gen AI is used. Allowing unauthorised or unmonitored use of Gen AI by staff further compounds this risk.
Breaches of Privilege and Confidentiality
Inputting client details or legally privileged material into external Gen AI tools poses significant risks to confidentiality and privilege, as outlined in Chapter 8 of the RCCC. At a minimum, lawyers should:
- Consider obtaining client consent before using their data with Gen AI tools.
- Avoid testing AI systems or generating templates using real client or personal information—fictional data should always be used instead.
Failure to uphold these obligations can result in professional and disciplinary complaints.
Transparency and Disclosure Obligations
Lawyers also have fiduciary and professional obligations to ensure transparency with clients when using Gen AI. For example:
- Rule 3.5: Client care and service information must clarify who will undertake the work and how services will be delivered.
- Rule 7.1: Lawyers must ensure clients understand the retainer’s scope and consult on steps taken to implement their instructions.
Disclosure about how Gen AI will be used, and why, is essential to maintaining trust and meeting professional obligations.
Billing Practices and Use of Gen AI
As the use of Gen AI grows, lawyers may need to reassess billing practices and the information provided to clients at the start of a retainer (see: Chapters 3 and 9 of the RCCC). Key considerations include:
- Whether tasks completed by Gen AI, such as drafting contracts or document reviews, should be billed differently from tasks completed by human lawyers.
- Aligning charges for Gen AI-related tasks with those for research tools, reflecting the time saved and ensuring fair billing practices.
Should or Should You Not Use AI?
The use of Gen AI, such as ChatGPT, has the potential to transform legal services by freeing up lawyers’ time for higher-value priorities. This can result in significant time and cost savings, benefiting both lawyers and clients. However, the risks must be carefully managed. Lawyers should focus on:
- Understanding how Gen AI works and its limitations.
- Determining when and why it will (or will not) be used.
- Complying with legal, regulatory, and professional obligations.
- Conducting a risk analysis of available tools.
- Establishing clear processes and procedures to ensure confidentiality and privacy are maintained.
By balancing these opportunities and risks, lawyers can responsibly leverage Gen AI to enhance their practice while safeguarding their professional integrity.
0 Comments