This past year was an exciting (if not troubling) one for technology and the law – from the multiple Yahoo breaches to newly-emerging DDoS botnet attacks to allegations of foreign hacking to interfere with the US election, 2016 did not disappoint. As technology continues to outpace the laws addressing it, here are 3 things to look forward to in the New Year:
1. The IoT and Your Privacy – From your interactions with your smart thermostat to Amazon’s Echo, it seems that technology will keep outpacing the law when it comes to data privacy. Recently, an Arkansas investigation into the suspicious death of a man in a residential hot tub led to the police seeking potential evidence compiled by – you guessed it – the resident-suspect’s Amazon Echo. Whether you realize it or not, such smart devices are always actively listening for voice commands (such as “Amazon” or “Alexa”), and actually save the voice commands given to it (unless later deleted). Amazon has so far refused to comply with the warrant, but time will tell – this is only the opening salvo in the demand for the vast digital archive of information being compiled by such devices.
2. Cybersecurity – This one is a no-brainer. From sophisticated phishing and “spearphishing” schemes to ransomware attacks, 2016 was no stranger to data breaches…so much so that Yahoo was forced to admit not just one, but TWO data breaches affecting over a BILLION of its users from 2013 alone and potentially undermining its acquisition by Verizon. Allegations of Russian hacking of DNC documents and Clinton campaign emails to interfere with the US election have dominated the headlines post-election, with the FBI and DHS having recently released a hacking report ostensibly outlining such interference. Moreover, more sophisticated DDoS attacks using botnets are on the rise. Without question, 2017 will be a year filled with more data breaches – the question is only a matter of how big those breaches will be and how badly users will be affected.
3. Biometrics and Your Mobile Data – I have written and commented on this topic in 2016 and anticipate that the issue of forcing the use of a user’s biometrics to access such user’s mobile device (such as forcing a suspect at a crime scene to use a fingerprint identifier to unlock the mobile device) will escalate. Current law provides 5th Amendment protection to testimony, but fingerprints are not considered “testimony” in that context:
compelling you to divulge knowledge of something that may incriminate you (such as the passcode on a mobile device) is prohibited; compelling you to provide a physical characteristic (such as presenting yourself in a lineup, being required to use your voice to provide an identifying characteristic, or being compelled to provide a fingerprint) is not.
As I have argued, use of a fingerprint to identify a suspect is quite different that use of a fingerprint to access information not otherwise available for examination…but current law does not make that distinction. Hopefully, 2017 will involve additional cases and analysis to better address this issue and provide more guidance…your data privacy and security (companies: think “BYOD Policy” here) will be the better for it.
It has been one heckuva a year for technology and the law…and something tells me 2017 will be even more exciting! Best wishes to you and yours for a blessed, prosperous and Happy New Year! I, for one, am really looking forward to it.