Cybersecurity and National Security

November 20, 2019 posted by

– We have laws protecting
sensitive technologies from foreign access. So these laws would prevent an AI company or robotics company from exporting
technological information to another country. And there might be the need
to have an export license. Also, there are new
regulations that are coming that will look at the transfer of those types of high technology areas and the technology associated with them. Not only to people in foreign countries but also to individuals who
are within the United States who are foreign citizens. You may need a license to
make those kinds of transfers. That may mean that if you
hire a foreign resident to do some specific work
for you as an employee or as a consultant, then you
may need to have a license in order to work together with that person even if all of that work takes place within the borders of the United States. Hauwei raises a particular concern because the government has felt that there might be
compromises in security by purchasing products from Hauwei or doing business deals with Hauwei where there’s information or technology being transferred to it. And as a result, any
company that’s thinking about those kinds of
deals should understand, from a compliance perspective, what deals it’s thinking about doing, what restrictions are placed on it based on the executive order
that President Trump signed, as well as other laws that might apply to those types of transfers. And then make sure that none
of those limits are surpassed in the business deal being contemplated. It’s hard for me to judge what happened with Facebook and Cambridge Analytica from an outsider perspective. But from my understanding,
based on what I’m seeing in the media, it does
seem that the company had certain protections that
it wanted to put into place that were more of a
contractual requirement. But there was really no due dilligence of the potential recipients
of the personal data. There was no audit or
assessment being done to check up on their use
of it, and as a result, there was misuse by Cambridge Analytica and it was outside of Facebook’s control once Cambridge Analytica had that data. And then Facebook was
ultimately responsible by not having those
controls put into place. Well, a company like FaceApp, but located only within the United States,
still has an obligation to tell its customer
base what kind of data are being collected, how
it’s being collected, is it being combined with something else, where is it being stored, how
long is it going to be kept, how can a customer ask
easily for it to be deleted. All those protections
still need to be in place regardless of whether
the data are stored here, regardless of whether the company is an American company
or a foreign company. I could see a company like FaceApp facing class action lawsuits
where they would have to spend very large amounts of
money defending themselves against claims that somehow,
the lack of disclosure meant that the company was doing something that constituted an unfair
or deceptive trade practice. And you can image the hundreds
of thousands of dollars that the company would have
to spend to defend itself against a claim like that. They can help to prevent
that kind of problem by putting policies and
procedures into place, reviewing their privacy policies, and making sure that they are
assessing what they’re doing to comply with the policies
that they put into place, and are complying with
the security requirements for personal data protection
that apply under law. (upbeat soft music)

No Comments
Tags: , ,

Leave a Comment

Your email address will not be published. Required fields are marked *