by Robert Kim | Jan 11, 2022 | Commentary
Introduction Our national infrastructure is undergoing a major digital migration. Physical infrastructure assets are merging with the digital world via the Fourth Industrial Revolution (4IR) technologies. 4IR technologies have the potential to make our infrastructure more sustainable, efficient, and connected while enabling once-futuristic ideas such as “Smart Cities” and autonomous transportations. However, such technological developments pose a grave threat to our national security. When the physical world and the digital world are integrated, repercussions from a cyberattack can materialize in the real world. This means a hacker can take control of a nation’s critical infrastructure digitally and extend his or her control to the physical world. A cyberattack debilitating an entire nation by digitally attacking its critical infrastructure is not entirely hypothetical anymore. Despite the national interest in bolstering our cybersecurity, deficiencies in our national cybersecurity continue to grow. An expansion of public-private partnerships (P3s) can be an efficient way to narrow the gaps in our national cybersecurity despite concerns raised by cyber legal scholars. The Fourth Industrial Revolution The rapid convergence of the physical world and the digital world is driving the world economy into another major industrial revolution. The World Economic Forum has coined this significant shift the “Fourth Industrial Revolution.” 4IR technologies have the potential to create more connected, efficient, and sustainable infrastructure by allowing physical infrastructure assets to integrate with the digital world. With the emergence of technologies such as autonomous vehicles and the Internet of Things (IoT), the speed of the digitalization of such assets is likely to only increase. The European Union Agency for Cyber Security identified recent trends of deploying IoT in...
by Abigail Ulcej | Nov 23, 2021 | Commentary
The Dodd Frank Act was enacted in 2010 in response to the 2008 financial crisis. Among the protections that it sought to create was Section 1033, which provides consumers increased access to – and control of – the personal data held by financial institutions.[1] Specifically, 1033 requires that financial institutions provide consumers with copies of their data upon request. The Consumer Financial Protection Bureau (CFPB) started gathering stakeholder opinions on Section 1033 several years after its passage and, in November of 2020, issued an Advanced Notice of Proposed Rulemaking (ANPR). FinTech companies and industry groups wrote comments in response to the ANPR in support of promulgating rules for Section 1033. They are eager for consumers to have the opportunity to pipe personal financial data from banks to their platforms. There are benefits to this system: with enhanced data portability, smaller companies have a greater chance of accessing the data they need to build innovative products that improve competition and are useful to the public. New toolscould aid in overdraft fee protection, credit score improvement, financial inclusivity, small business loans, fraud mitigation, and much more. However, there are potentially negative privacy implications if the CFPB implements Section 1033 without thoughtful consumer protection. CapitalOne’s comment on the Section 1033 ANPR voices concerns about “lightly regulated non-bank companies, particularly Data Aggregators and Data Users” gaining access to data that would otherwise be subject to the banking industry’s heightened data-handling rules. CapitalOne recommends that, for example, third parties who gain access to consumer data under Section 1033 become subject to the Gramm-Leach Bliley Act, which governs the management of individuals’ data by financial...
by Irene Sun | Nov 21, 2021 | Commentary
Introduction to NFTs Throughout 2021, non-fungible token (NFT) artwork has sold for record breaking prices and is rapidly increasing in popularity. In the second quarter of 2021, NFT sales surged to $2.5 billion, which is a tremendous increase from the $13.7 million in sales during the first half of 2020. In March 2021, the artist Beeple sold his NFT through Christie’s for $69.3 million. In June 2021, one of 10,000 CryptoPunks NFTs created by the artist duo Larva Labs resold for $11.8 million through Sotheby’s. An NFT is a digital asset or unit of data that stores information on blockchains. Blockchains are digital ledgers that record information chronologically in “blocks”, which are then chained together to form an irreversible timeline of data. Whereas databases store data in tables, blockchains store data in chains of blocks. Blockchains function similarly to a bank ledger in that they reveal the entire transaction history of digital assets, allowing for easy verification of asset ownership and authenticity. Most NFTs are part of the Ethereum blockchain, which is a decentralized, open-source blockchain where no single group or person has control over the blockchain. Rather, all users retain control over this blockchain. As a result, the data entered into the blockchain is irreversible and permanent—it cannot be modified, deleted, or pirated as all transactions are permanently recorded and viewable by the public. Digital assets created on blockchains can be transferred between parties. These transferable assets are called tokens. An NFT is a non-fungible token, which means it is a one-of-a-kind asset. This is unlike Bitcoin, which is fungible and replicable. One Bitcoin can be traded for...
by Elizabeth McElvein | Sep 3, 2021 | Commentary
On May 14, President Biden issued an executive order (EO 14029) on Section 230, the once obscure provision of the Communications Decency Act that is now at the heart of political fights over regulating speech on online platforms, and more broadly, the power of big technology companies. If you missed the roll-out of EO 14029, you can certainly be forgiven. There was no public signing ceremony, no accompanying presidential remarks — not even a press briefing. With a yawn inducing title — “Executive Order on the Revocation of Certain Presidential Actions and Amendments” — it almost seems that the order was supposed to fly under the radar. EO 14029 was not even the biggest executive order on technology policy signed that week: just two days prior, the President rolled out a much-anticipated “Executive Order on Improving the Nation’s Cybersecurity.” So, what does the order do? As a policy matter, the most straightforward answer is: not a whole lot. It simply revokes a slew of Trump-era orders, including EO 13925 or “Preventing Online Censorship,” which was probably of minimal legal effect anyway. In another sense, however, President Biden’s action moves Section 230 policy debate away from the executive branch, signaling that the responsibility for reform lies squarely with Congress. To fully appreciate the implications of President Biden’s action, it’s useful to take a few steps back. What is Section 230, anyway? Section 230 of the Communications Decency Act, codified at 47 U.S.C §230, was passed in 1996 in order to protect innovation on the internet, then a fledgling industry. The gist of the statute is...
by Sophie LaCava | Apr 21, 2021 | Commentary
In 1991, Congress took action against the onslaught of undesired robocalls faced by households and individuals. The Telephone Consumer Protection Act (TCPA) established a variety of safeguards aimed at reducing the amount of uninvited calls consumers receive. One of the most important provisions of the TCPA prohibits the use of “any automatic telephone dialing system” (autodialer) to place unsolicited calls. The statute defines an autodialer as “equipment which has the capacity– (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” Precisely what falls within the scope of an autodialer has already been subject to much debate. In 2003, the Federal Communications Commission, the agency with authority to administer the TCPA, determined that the use of an autodialer encompassed sending text messages. Much more recently in 2018, the U.S. Court of Appeals for the District of Columbia rejected the FCC’s interpretation of “capacity” which included potential functionalities or future possibilities, as opposed to merely present capacity, as impermissibly broad. The Facebook v. Duguid Decision On April 1, 2021, the Supreme Court issued a decision that renders another important interpretive judgment as to what falls under the scope of an autodialer. The recent case, Facebook v. Duguid, determined whether automated text messages sent by Facebook violate the TCPA. The Ninth Circuit had held that the autodialer prohibition applies to notification systems like Facebook’s that automatically dial stored numbers. Upon Facebook’s appeal, however, the Supreme Court unanimously disagreed. The Supreme Court’s ruling hinged on the statute’s specification that an autodialer must use a “random or sequential number generator.”...
by Saika Suzuki | Apr 21, 2021 | Commentary
Contact tracing has been a key measure in an attempt to slow the spread of COVID-19. Many countries, including the United States, have used contact tracing to track and control the spread of the disease. The measure has been touted as a success in the states and countries that managed to implement a well-functioning system with adequate preparation, testing and tracking, welfare support, and effective leadership. However not all contact tracing efforts were successful. The United Kingdom’s contact tracing efforts have been noted to be a failure, with the country’s government scientific advisory group reporting that the program had a “marginal impact on transmission.” The United States has similarly experienced failures in several states. Some of the reasons that programs fail include lack of local support, sheer number of cases, and delays in testing and identification. Even strong advocates for robust contact tracing programs have conceded that “it is impossible to do meaningful or substantial contact tracing with huge numbers of cases.” Shortage in personnel performing contact tracing also likely contributes to the difficulty. One key tool that could have mitigated some of the problems with contact tracing is the use of digital contact tracing. In fact, several countries, notably South Korea and Singapore, have successfully implemented digital contact tracing programs. Apple and Google partnered to create a COVID-19 contact tracing technology which utilizes Bluetooth technology. Claims have been made that implementing AI mechanisms in such technology would further increase the effectiveness of Bluetooth contact tracing by boosting the ability of the phones to detect nearby phones, which remains shaky with just the use of Bluetooth technology. Pairing Bluetooth...
