CyberSide Chats

The CyberSide Chat series explores a range of issues important to business leaders, privacy and cybersecurity professionals, as well as others who wish to learn more about governance, leadership, data, cybersecurity and privacy. It features Andy Serwin, as well as a number of guests who will join and provide their perspective.

All Episodes

CyberSide Chats

The Hybrid World

February 05, 2023 • Andy Serwin

This episode starts our CyberSideChat series for 2023 and examines the Hybrid World, which is a critical concept for understanding how privacy and security impact us all.

For more information on these topics, please go to www.laresinstitute.com, and also check out the Lares Institute YouTube channel.

This podcast is intended as a general overview and discussion of the subjects dealt with, and does not create a lawyer-client relationship. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. This may qualify as “Lawyer Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome. We will accept no responsibility for any actions taken or not taken on the basis of this video.

As we reboot the cyber side chats I thought it was important to do a podcast about the future podcasts. These podcasts have always tried to focus on things in addition to law and that certainly will not change. if anything as data and connectivity become more and more core to our daily existence the focus will be less on legal and legal compliance issues and more on how companies and societies should think about data and connectivity and then govern those issues from both a public and private sector perspective.

And that really is the point--whether it is how our government creates governance structures and requirements which we might call controls in the private sector or the private sector itself creating governance structures as well as applying control frameworks whether in laws or not the issues remain the same And we need to think about them holistically. What do I mean by that? I mean that both public and private sector need to think through what we feel are appropriate and sustainable practices regarding the use of data. While the cyber side chats will not exclusively focus on these issues and explaining these concepts many of our discussions that will follow will focus on these issues.

To get a little bit ahead of ourselves and give further context, ultimately as we will see in both the public and private sector there is always a balancing whether explicit or implicit of the value of the data processing versus the potential costs or harms created by the data processing. For the private sector this doesn't seem to be a novel concept, though it is not always framed that way, but even within the regulatory landscape that concept is clear. One need only look at data use around the pandemic to see how governments permitted the use of extremely sensitive data to address a public health concern. In that case, the value created by processing the data was judged to outweigh any potential harms in processing sensitive medical information about individuals. But the issue is even more core than that on the regulatory front. In the United states, the Federal Trade Commission does not have general privacy authority and as a result relies upon it's unfair and deceptive acts and practices jurisdiction under Section 5 to enforce both privacy and security issues where it does not otherwise have jurisdiction. While deception has been a common basis of enforcement we see more and more that unfairness jurisdiction is used by the Federal Trade Commission, including in privacy cases. Inherent within the analysis of unfairness is a balancing of value, or benefit, versus harm regarding the particular practice.

As we will see in future podcasts this type of balancing, whether it is principle 9 of GDPR, examining proportionality and taking a risk based approach, as well as similar issues under GDPR, Is inherent in many legal regimes. Moreover, it is typically implicit within other laws with more explicit requirements.

The role of fairness and the balancing inherent in many of these laws and enforcement regimes will be examined, but that is not the focus of today’s podcast. Today I want to set the societal framework for why that fairness analysis matters and how we should begin to actually think about these issues.

There has been much discussion about the impact of new technologies such as VR and how they will change our society. The reality is that it has already changed, most of us just don’t fully appreciate it. We are already living in a hybrid world where the “real” world and the “cyber” world are inextricably linked and impact each other. For those old enough to remember the time before the Internet, think about how differently you retained and searched for information before Google, how many “friends” you had that you and never actually met in person, how many times you bought an item from a store without a physical presence, or better yet, how many items you bought that weren’t actually physical items, versus virtual goods such as NFTs. No, we don’t all walk around with VR headsets on, at least yet, we use a screen and a keyboard on our phones, which are really portable computers with computing power that is millions of times larger than the guidance computer for Apollo 11. The only real difference is the interface we use (VR headset versus device screen) but that is an interface issue only.

And by that I mean this—whether we all run out tomorrow and buy a mansion in the Metaverse or not, we already live in a hybrid world with “real” and virtual hopelessly enmeshed—how much time we spend in each, and what mechanism we use to interact our hybrid world, matters exactly not at all.

The reason we have entered this hybrid world is that our predominant line of communication is, for the first time, virtual, and many things in the “physical” world now depend on the virtual world. One of many such examples is a connected medical device—is that a physical device or a “virtual” device? The answer is a hybrid device. Given the dependence upon the “Internet” by businesses now, most business processes are at minimum hybrid, if not fully virtual.

What do I mean by a line of communication? To understand that, you have to put into context the history of how society moves things over great expanses. Society has always looked for ways to connect itself, which required the creation of technology to do it, and understanding the core components to that process is important, because there are certain consistencies in these methods of connecting—namely there is a medium that is used to connect—a “road,” a “platform” that travels along the road, an “engine” that propels that platform, and “propellant” or fuel to move the platform. Over time, our ability to connect in a more efficient way has only increased, and not surprisingly the state, in many cases the military, created this technology.

If one looks at the history in context, roads were used for centuries, with various carts serving as the platform, pack animals provided the engine, and food for the animals fueled the engines. Society eventually began using the ocean when ships were created that could travel long distances, and sails were the engine (before the creation of other engines for ships), and wind was the propellant. Eventually the skies became the “road,” when the plane became a way to connect quickly after the advent of the jet engine, which ran on oil.

Now we connect in cyberspace via a web of networks that are linked via our current road, the telecommunications backbone, with myriad platforms, and the engines being computing power, including AI/ML, which is propelled by information. And as with many of these prior roads, this one was funded by the military—in this case what is now known as the Defense Advanced Research Projects Agency, or DARPA. There are no natural or man-made borders, in most cases, with our current road, and the size of the engine keeps growing. And, as always, as the engine grows, so too does the need for the propellant—in this case data.

A point is worth noting on the fuel/propellant point. While I recognize that energy is needed to make the computers turn on, they are equally dependent on data to propel the computing process. And to be clear, I do not just mean personal data. Data of all types fuels, or propels, computing power in our current line of communication.

One can look at all of the examples above of how the creation of technology enhanced the connectivity of our world, and a key point becomes clear—these lines of communication can be used to do four things that are generally helpful for societies, but they also can be used to do four things that are detrimental to society.

· Diplomacy v. War

· Information Sharing v. Propaganda

· Commerce v. Crime/Piracy

· Social Connection v. Espionage

Our core challenges in “privacy” and cyber result from our inability to see two things. First, from a “privacy” perspective, much of our society depends upon a DARPA-created line of communication that is propelled by, and inherently dependent upon, an ever-increasing amount of data. Second, from a cyber and national security perspective, our current line of communication is a borderless global road that permits these four sets of activities to occur, with few checkpoints along the way to regulate conduct.

You cannot solve complex problems without first identifying what the problems actually are. It is past time to do that with “privacy” and cyber. Future articles will link these issues more directly to how companies should rethink these issues, as well as how we all should rethink “privacy” and cyber to help improve our Hybrid World. Until we do that, we will continue to provide the same answers to the same questions, and get the same results.