On September 30, 2017, I am speaking at the Regent University School of Law’s Law Review Symposium on The Expansion of Technology in the 21st Century: How the Changes in Technology are Shaping the Law and the Legal Profession in America.
At the end of this post, I have provided links to additional publications I have written that are related to this issue as well as additional reading material. The following is a brief summary of my thoughts on the topic I am addressing:
How Cybersecurity is Impacting People’s Rights.
Cybersecurity and privacy are integrally intertwined. Privacy goes to the very nature of the information itself and focuses on maintaining its secrecy. Cybersecurity involves protecting systems and maintaining the confidentiality, integrity, and availability of information. There can be cybersecurity without privacy but, without cybersecurity, there can be no privacy. Both cybersecurity and privacy are distinctly legal and regulatory issues.
The daily news is filled with headlines about data breaches, hacking, and identity theft such that issues of cybersecurity and privacy have now become part of the common vernacular for most adults. Much of the reason for this is because laws and regulations demand that companies notify the public when they have had incidents that result in the compromise of individuals’ information. Currently, 48 states have “breach notification” laws, which are directed at notifying individuals when the privacy of their information has been compromised, and many of those same states have cybersecurity laws that require companies to use some baseline level of protection for the systems they use to store individuals’ information. Within the last year, we have seen two states, New York and Colorado, enhance their cybersecurity laws for certain industry sectors.
These laws are necessary for two reasons: first, data has become so valuable that it is the equivalent of a form of currency in our economy; second, on a personal level, data – information – goes to the essence of who we are as human beings and can reveal the most deeply-held and intimate things about us. Our ideas, beliefs, desires, fears, politics, and even our religion can all be revealed through data about us. In some ways, this can be beneficial, but in others, it can be a tool for manipulation or worse, for extortion and the destruction of our lives. This is the essence of what I call shame hacking.
Because of the critical role that data plays in our lives, it is important that we have and understand the laws and regulations that compel companies to protect our data. It is also important that we, as Christians, understand just how critical data can be in our lives and the lives of others, both as individual consumers but also as business leaders, making decisions on behalf of our companies. So, where does all of this lead?
One of the biggest problems with cybersecurity is authentication, that is, definitively proving that someone over the Internet is who they claim to be. Some people believe the answer to this lies in the microchip and, by installing microchips in human beings, they will now have the means of proving they are who they say they are and we will not only be benefitted by the convenience of having your form of authentication within your own body but it will then prevent others from pretending to be you. While this may sound great from a purely pragmatic, utilitarian standpoint, for many of us it is enough to send chills down our spines! Moreover, if there is one thing we all know about computers – and a microchip is nothing more than a tiny computer component – all computers are hackable. And for our privacy, would such a quest for more security destroy any
Moreover, if there is one thing we all know about computers – and a microchip is nothing more than a tiny computer component – all computers are hackable. And for our privacy, would such a quest for more security destroy any semblance of privacy left for us as individual human beings? Well, of course not, we would be told, initially. We would be assured that the chips would only be used for good and not for bad which may or may not be reassuring to some, depending upon who is in control and what their definition of good or bad may be. But even if it were reassuring, we have all learned that when it comes to fundamental rights and liberty on the one hand versus utilitarianism, pragmatism, and societally-defined reasonableness on the other, incrementalism is the rule and the former always gives way to the latter.
With that, I will leave it to the audience to answer the question, “does cybersecurity have an impact on peoples’ rights?”
Shawn Tuma’s additional publications related to these issues.
- Good Cyber Hygiene Checklist
- Data Breach Incident Response Checklist
- The #CyberAvengers Playbook
- Guide to Responding to Data Breaches and Reporting Cybersecurity Incidents to Governmental Agencies
- Guide to Using the Computer Hacking Laws in Texas: The Federal Computer Fraud and Abuse Act and Texas Computer Crimes Laws
- Cybersecurity for Your Law Firm
- Cybersecurity: A Fiduciary Duty by the #CyberAvengers, Ethical Boardroom, Summer 2017 (free registration to view)
- Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules, Ethical Boardroom, Winter 2017 (free registration to view)
- Getting to grips with New York’s cybersecurity compliance rules, Ethical Boardroom, Fall 2016
- Getting to Grips with New York’s Cybersecurity Compliance Rules, Spring 2017 Edition of Circuits, a publication of the Computer & Technology Section of the State Bar of Texas
- Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules, Ethical Boardroom (pg. 140), Winter 2017
- For a discussion of shame hacking, such as we saw with Sony, Ashley Madison, Adult Friend Finder, and many others, see these posts.
- For a discussion on the #AppleVsFBI case, see these posts.
Additional reading materials related to these issues.
- AI can detect Alzheimer’s a decade before symptoms show
- British supermarket offers ‘finger vein’ payment in worldwide first
- Face-reading AI will be able to detect your politics and IQ, professor says
- AI CAN TELL IF YOU’RE GAY: ARTIFICIAL INTELLIGENCE PREDICTS SEXUALITY FROM ONE PHOTO WITH STARTLING ACCURACY
- Microsoft Plans on Storing Its Data on DNA in The Next 3 Years
Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.