Happy New Year! Believe it or not, we have entered a new decade — if the past is any bellwether of the present (or future), that means that technology advances will continue to accelerate. Think about it — just in the past decade, we have witnessed a vast expansion in mobile computing platforms, vast improvements in computer memory (i.e., smaller physical footprints and lower costs), as well as rapidly increasing communication speeds. Cloud computing has evolved to the point where most software is now provided as a service instead of installed directly on a computer. Need to take your software mobile? There is probably an app that can do that on your mobile device. The problem is that technology continues to outpace the laws that can affect it, and there is little doubt this next decade will be an exception.
The slow pace of the law is not surprising — the very nature of the common law system in the United States is premised upon the rendering of decisions over time, and deference to precedent (referred to as stare decisis). Needless to say, that is not a structure that is designed to move nimbly, but rather, quite deliberately. Unfortunately, technology waits for no one, and by extension, no laws. In an effort to play “catch up,” the ability to enact legislation at both the state and federal level as technology advances does exist; however, these mechanisms are far from perfect, and in the case of state legislation, a potential patchwork of legislation that can vary depending upon jurisdiction (such as data breach notification laws) looms large.
Looking at 2020 (and beyond) through this backdrop, it’s not hard to find a number of areas of interest that are worth looking at more closely. This is not to say that these are the only areas of concern, but in the context of law and technology (with a healthy dose of intellectual property), there are three specific areas that I believe will prove to be hot topics for the coming year (and beyond):
- Cybersecurity & AI. If the past decade is any indication, the rise of online security threats to both computer networks and endpoint computers has been remarkable. Starting with the Yahoo security breach in 2013 (exposing over 3 billion accounts and leading the list as the largest data security breach to date), the 10 largest data security breaches of all time occurred in the past 7 years. In fact, Cybersecurity Ventures (a leading cybersecurity research group and publisher of Cybersecurity Magazine) predicts cybercrime damages will amount to $6 trillion annually by 2021, or “exponentially more than the damage inflicted from natural disasters in a year, and more profitable than the global trade of all major illegal drugs combined.” Why? You guessed it — technology. Cybersecurity Ventures has research that estimates around 111 billion lines of new software code are being developed every single year — such vast amounts of code means a vast likelihood of vulnerabilities that can be exploited. This number will not be decreasing anytime soon. As a result, the capability of humans to uncover exploits or otherwise detect and intervene in data security incidents is being rapidly outpaced by the pace of software development. The need for real-time detection and intervention of advanced persistent threats is pushing the use of artificial intelligence (AI) and machine learning (ML) to help close the gap. That said, detection and intervention by a constantly learning platform is one thing, but what about threats that are being initiated by AI? Needless to say, existing laws (such as the Computer Fraud and Abuse Act, or “CFAA”) are woefully inadequate in dealing with the development of AI in this area. Think about it — the CFAA was enacted in 1986, a time when the personal computer was still finding its footing in the marketplace, computer viruses were mostly confined to university research labs, and the internet as we know it today was still a part of the Department of Defense. Although CFAA has been amended many times between 1989 and 2008, it remains far behind the technology development curve. For that reason, I think we will be seeing more data security in the context of AI/ML, and a reaction by the law to address the ever-expanding online data security dilemma.
- Data Privacy, State Laws, and the Advent of Federal Legislation (Maybe). A corollary to the data security dilemma is the privacy of data accessible online. The General Data Protection Regulation enacted in the EU in 2016 and effective in May 2018 has been instrumental in advancing a more consumer-centric approach to the privacy of personal data. In fact, I would argue that it has been instrumental in “resetting” the approach to privacy in the U.S. — just this month, the California Consumer Privacy Act became effective in California, representing a fundamental shift in the handling of personal information by following many of the tenets embraced by the EU in the GDPR. Sounds good to privacy advocates, but the problem here is readily apparent. It is a California law, not a federal one. This is leading to some interesting discussions with clients regarding compliance — assuming a legal entity that is domiciled outside of California but otherwise meets the threshold requirements for compliance and collects data from California residents will likely need to comply because the CCPA focuses on the residency of the consumer. Given the size of California’s economy, there is almost a de facto application to out-of-state companies transacting business with California residents. Other states (such as Hawaii, Massachusetts, New York and Mexico, to name a few) are also following suit with the introduction of “copycat” bills. Given this likely patchwork of state legislation, there is a better chance than ever that Congress may take up a bill (or two) designed to harmonize these state laws. That may seem like a tall order under the present political climate, but stranger things have happened.
- AI & IP Creation/Ownership. The growth of AI is creating some novel issues in the world of intellectual property, not the least of which is self-created works and inventions. If an AI creates an original work, who is the author? You may be aware of the case involving Naruto (a macaque) and the authorship of a selfie he took with a camera provided by photographer David J. Slater (FYI – Slater won), but there is no guarantee the courts would apply the same logic for AI. I haven’t even touched upon novel concepts created by AI that may be patent eligible, but you get the point.
I don’t know about you, but I am looking forward to how these topics will develop in the coming year (and beyond). I can’t predict how they will play out, but I can guarantee that they will play out (if not in 2020, then in the coming decade) and that I look forward to writing about them. Now that’s a good resolution for 2020 and beyond.
Tom Kulik is an Intellectual Property & Information Technology Partner at the Dallas-based law firm of Scheef & Stone, LLP. In private practice for over 20 years, Tom is a sought-after technology lawyer who uses his industry experience as a former computer systems engineer to creatively counsel and help his clients navigate the complexities of law and technology in their business. News outlets reach out to Tom for his insight, and he has been quoted by national media organizations. Get in touch with Tom on Twitter (@LegalIntangibls) or Facebook (www.facebook.com/technologylawyer), or contact him directly at tom.kulik@solidcounsel.com.