March 11, 1876. December 18, 1903. July 21st, 1969.
These are the dates that John Weigelt — the National Technology Officer for Microsoft Canada — used to provide scale in his recent IP Osgoode Speaks Series presentation: Adjusting to the Changed Frame of Reference of our Technology Enabled World.
Specifically, these dates represent “the day after”. Weigelt asked attendees to imagine waking up on the day after Bell first telephoned Watson, after the Wright Brothers flew over Kitty Hawk, and after Neil Armstrong took one small step on the moon’s surface. Would we have known that the world was a different place than it had been the day before or that our collective frame of reference had fundamentally shifted? Hindsight lets us recognize key moments in the development of groundbreaking technologies, but would we have realized them at the time they occurred?
Weigelt offered up a list of technologies currently being developed, improved and used that could have the same scale of impact, including: social computing, the Internet of things, white space wifi, cloud computing, machine learning, robotics, 3D printing, and virtual currencies. He took pains to ground his list beyond hype by outlining the existing practical uses for these technologies including some decidedly unsexy applications like that of machine using handwriting recognition to sort plain old snail mail or the use of robotics in manufacturing. Weigelt also imagined a world in which our household plumbing includes taps for 3D printing goop alongside the hot and cold running water or one where backhoes have giant bionic ant jaws instead of metal buckets.
Technology does not change the world without facing challenges. Weigelt discussed the security and privacy issues that have already resulted from the shift in technology. The rise of cyber crime was a significant focus for the talk, with Weigelt using the timeline of a vulnerability report in order to illustrate certain security issues.
A public release concerning a vulnerability may occur almost simultaneously with the release of a solution for the problem. However, users take weeks to update their systems, which means there remains a window of weeks for hackers to develop and deploy exploits which target unpatched systems. Once a system has been targeted and malicious software installed, patching the original exploit may be an insufficient fix. During the Q&A, Weigelt elaborated on how technology companies are approaching these problems. There is now a shift away from models that rely on users to practice good security hygiene to models like biometrics which are inherently more secure and often paired with ongoing efforts to improve screening and filtering to ensure that users aren’t arriving at malicious websites or receiving malicious email. Weigelt discussed how an open source vulnerability handling model is not necessarily sustainable, citing SSL vulnerabilities which had gone undetected for years, and how open-source models do not appropriately balance the need to secure IP with the need to secure systems.
Weigelt also talked about the difference between how the public perceives hacking — sophisticated programmers deploying clever bits of code that defeat even the best designed network security — and the reality of most actual hacks, which involve low-tech, easy attacks like finding computers or networks using a default password and then simply logging in. Surprisingly, simple digital hygiene practices like changing default passwords and regular security updates could stop 97% of system breaches.
The talk also raised a series of ethical and legal issues that inform the discussion around big data, ubiquitous computing and other new technologies. Evidence that might have once been located on a hard drive in a desktop computer may now be painted across multiple servers belonging to a third party and located in a shipping container. How do you seize that data as part of a criminal investigation? With masses of data constantly being collected by everything from police body cameras to always listening virtual assistants, there is an increasing focus on the legal and ethical boundaries on using that information. Who owns it? Who is allowed to use it? How long can they keep it and what can they use it for?
While Weigelt did describe some scenarios where technology companies are working with governments to solve some of these problems, he was also clear that we can’t wait on statutory solutions. Government policies are often behind the times. He then ended the talk by encouraging law students interested in practicing in the technology sector to understand risk management so they can help their clients make legally appropriate choices when faced with questions of trust and security that currently have no clear answers.
Jacquilynne Schlesier is an IPilogue Editor and JD Candidate at Osgoode Hall.