UK Firms: Why Not Simply Process EEA Residents' Personal Data In the EEA?

It's time for UK businesses to get creative in dealing with Brexit and all its uncertainties. As I've explained here, the processing of personal data relating to EEA residents is a particular problem. The UK is 13th on the list of countries that will be waiting for the European Commission to declare the UK personal data regime to be 'adequate' to transfer that data as of right (as happens now).

So, rather than bring personal data into the UK from the EEA, you could - as many already have - simply incorporate an entity within the EEA to hold the data and determine the means and purposes of processing there. That EEA entity could do the processing itself within the EEA or outsource that to an EEA-based processor with the right experience and expertise. Ireland, for example, is the top AI hub in the EU and it can be a simple matter to transfer existing English law contracts to a new entity there, particularly as Irish law is so similar.  

Only the aggregated results would need to come in to the UK.

Keeping Humans At The Heart Of Technology: Conference Wrap

This is a long overdue summary of my closing remarks at the SCL Technology Law Futures Conference on whether humans can survive the advent of super-intelligent machines. The podcasts for each session are available on the SCL site.

I am confident that we can keep humans at the heart of technology during the current era of artificial narrow intelligence.  It seems we are a long way into the process of coping with computers being better than us at certain things in some contexts. The sense was that the dawn of artificial general intelligence, where computers can do anything a human can, is 20-40 years away. It's also possible, of course, that the machines may never completely exceed human capabilities - more a matter of faith, in any event, as it would only be us who judged that to be the case. 

There are clear signs that humans are using computers to enhance the human experience, rather than replace it. E-commerce marketplaces for everything from secondhand goods, to lending and borrowing, to outsourcing household tasks and spare rooms show that humans are working together directly to remove intermediaries by relying on faciltators who add significant value to that human-to-human experience. 

This underscores the fact that computers' lack of 'common sense' will severely limit their ability to replace us – not just rationally speaking but also in terms of a shared understanding of our own five senses, and how we co-operate and use that shared understanding with each other in subtle yet important and uniquely human ways, for example, simply to summon the smell of freshly cut grass. 

Misuse of machines by humans - to constrain choice, for example - will also hold back development or lead humans to develop alternatives. We have worked around technology-based monopolies in various industries, such as music, but we also heard how the few major mobile 'app stores' are not only becoming the preferred distribution platforms for software, but also choke points to throttle competition. Such attempts at control will prove futile if those platforms do not give us what we want or are not aligned with how we behave or fail to reinforce the shared sense of community that is a feature of, say, peer-to-peer marketplaces and the new distributed ledgers.

The point was also made that we should recognise the value in our freedom to make mistakes or to simply forget or fail to do something – indeed the fact that someone else has forgotten or failed presents an opportunity for someone else. Perhaps this is the key driver of competition and innovation in the first place. [So, would machines evolve to be so efficient that change would no longer be necessary? Superintelligence could be a dull experience!]

Yet it is human fallibility, not that of machines, which is behind most online fraud. Turns out that it's simpler and cheaper to hack the human operating system with confidence tricks than it is to cut through the security systems themselves. Ironically, in this context, it seems there’s more a role for machines to help us avoid being fooled by other humans into giving out sensitive information, rather than to evolve ever more sophisticated encryption, for example.

A key issue is that the evolution of machine ability and interoperability is adding vast complexity to the rules and contracts that govern their use. Layers and layers of rules, terms and conditions must knit together to ensure effective governance of even the humble home entertainment network. Of course, the earlier the lawyers, legislators and regulators are involved in this, the easier it is for governance infrastructure to keep up.  That point is often made by lawyers, but it was also very heartening to hear the direct invitation for more lawyers to be involved directly with engineers in the step-by-step development of driverless cars, so they are aligned with how we humans want them to work on our roads. 

Yet the speed of technological development versus the speed at which the law moves make it unlikely that the law and rules alone will be effective in directly controlling the development of machines, whereas incentives such as commission, fees and fines will likely prove more useful in nudging behaviour in the right direction and keeping interests aligned. How the economic models evolve is therefore critical - and a good area for less direct legal control of machines, particularly through the apportionment of liability and theregulation of markets and competition.

Economically speaking, however, it was pointed out that we are prone to overstating the impact of technology has had in the past, and overestimating its effect in the future. In terms of GDP growth, for example, it turns out there was no industrial 'revolution' but merely a steady increase in output in parallel with various technological improvements. Tech booms and busts are also evidence of this.

We also tend to get hung up on globalisation and the need for harmonious rules across regions, yet much of the benefit of the internet, for example, has actually occurred at local level, and most of us use our phones and email to stay in touch with local people. 

Against this background, the conference keynote speech provided an entertaining overview of artificial intelligence and the community behind it, finishing nicely with a list of the top priorities for urgent human attention. The 'Internet of things' - 50 billion connected devices by 2020 - clearly covers a vast area, so it's important to bring it down to specific scenarios, such as the home, the car, the streets and how sensors, software and machines in each context inter-operate. Other critical developments and scenarios deserving our attention are driverless cars; the use of drones in the context of both civil surveillance and warfare; and applications that control or monitor our health.

More on those fronts in due course, no doubt.

Thanks again to all the speakers for such a thought provoking series of presentations.

Of #Smart Contracts, Blockchains And Other Distributed Ledgers

Seems I caught Smart Contract Fever at last week's meeting of the Bitcoin & Blockchain Leadership Forum. So rather than continuing to fire random emails at colleagues, I've tried to calm myself down with a post on the topic.

For context it's important to understand that 'smart contracts' rely on the use of a cryptographic technology or protocol which generates a 'ledger' that is accessible to any computer using the same protocol. One type of 'distributed ledger' is known as a 'blockchain', since every transaction which is accepted is then 'hashed' (shortened into a string of letters and numbers) and included with other transactions into a single 'block', which is itself hashed and added to a series or chain of such blocks. The leading distributed ledger is 'Bitcoin', the blockchain-based virtual currency. But virtual currencies (commodities?) are just one use-case for a distributed ledger - indeed the Bitcoin blockchain is being used for all sorts of non-currency applications, as explained in the very informative book, Cryptocurrency: How Bitcoin and Digital Money are Challenging the Global Economic Order. As Jay Cassano also explains, another example is Ripple, which is designed to be interoperable with other ledgers to support the wider payments ecosystem; while Ethereum is even more broadly ambitious in its attempt to use smart contracts as the basis for all kinds of ledger-based applications.

Generally speaking, the process of forming a 'smart contract' would be started by each party publishing a coded bid/offer or offer/acceptance to the same ledger or 'blockchain', using the same cryptographic protocol. These would be like two (or more) mini-apps specifying the terms on which the parties were seeking to agree. When matched, these apps would form a single application encoding the terms of the concluded contract, and this would also be recorded in the distributed ledger accessible to all computers running the same protocol. Further records could be 'published' in the ledger each time a party performed or failed to perform a contractual obligation. So the ledger would act as its own trust mechanism to verify the existence and performance of the contract. Various applications running off the ledger would be interacting with the contract and related performance data, including payment applications, authentication processes and messaging clients of the various people and machines involved as 'customers' or 'suppliers' in the related business processes. In the event of a dispute, a pre-agreed dispute resolution process could be triggered, including enforcement action via a third party's systems that could rely on the performance data posted to the ledger as 'evidence' on which to initiate a specific remedy. 

Some commentators have suggested this will kill-off various types of intermediaries, lawyers and courts etc. But I think the better view is that existing roles and processes in the affected contractual scenarios will adapt to the new contractual methodology. Some roles might be replaced by the ledger itself, or become fully automated, but it's likely that the people or entities occupying today's roles would be somehow part of that evolution (if they aren't too sleepy). The need for a lot of human-readable messages would also disappear, signalling the demise of applications like email, SMS and maybe even the humble Internet browser. Most data could flow among machines, and they could alert humans in ways that don't involve buttons and keyboards.

So what are the benefits?

Well, it might take significant investment to set up such a process, but it should produce great savings in time, cost, record-keeping and so on throughout the lifetime of a contract. And, hey, no more price comparison sites or banner ads! Crypto-tech distributed ledgers would enable you to access and use a 'semantic web' of linked-data, open data, midata, wearables, smart meters, robots, drones and driverless cars - the Internet of Things - to control your day-to-day existence.

The downside?

This also might also play into the hands of the Big Data crowd (if they find a way to snoop on your encrypted contracts), or even the machines themselves. So it's critical that we figure out the right control mechanisms to 'keep humans at the heart of technology - the topic of the SCL's Tech Law Futures Conference in June, for example.

Meanwhile, I'm reviewing my first smart contract, which is proving rather like being involved in the negotiation of a software development agreement - which it is, of course. I'll post on that in due course, confidentiality permitting...

Artificial Intelligence, Computer Misuse and Human Welfare

The big question of 2015 is how humans can reap the benefit of artificial intelligence without being wiped out. Believers in 'The Singularity' reckon machines will develop their own superintelligence and eventually out-compete humans to the point of extinction. Needless to say, we humans aren't taking this lying down, and the Society for Computers and Law is doing its bit by hosting a conference in June on the challenges and opportunities that artificial intelligence presents. However, it's also timely that the Serious Crime Act 2015 has just introduced an offence under the UK's Computer Misuse Act for unauthorised acts causing or creating the risk of serious damage to "human welfare", not to mention the environment and the economy. Specifically, section 3ZA now provides that: 

(1) A person is guilty of an offence if—
(a) the person does any unauthorised act in relation to a computer;
(b) at the time of doing the act the person knows that it is unauthorised;
(c) the act causes, or creates a sign ificant risk of, serious damage of a material kind; and
(d) the person intends by doing the act to cause serious damage of a material kind or is reckless as to whether such damage is caused.

(2) Damage is of a “material kind” for th e purposes of this section if it is—
(a) damage to human welfare in any country;
(b) damage to the environment in any country;
(c) damage to the economy of any country; or
(d) damage to the national security of any country.

(3) For the purposes of subsection (2)(a) an act causes damage to human welfare only if it causes—
(a) loss to human life;
(b) human illness or injury;
(c) disruption of a supply of money, food, water, energy or fuel;
(d) disruption of a system of communication;
(e) disruption of facilities for transport; or
(f) disruption of services relating to health.

I wonder how this has gone down in Silicon Valley...