As we are just finishing a busy year committed, more than anything, to meeting the demands of the California Legislature, how do we expect the next year to shape up? What will the great gods of the internet and data analytics bring us? Here at Hey, Data Data we have provided at least 5 different sets of predictions. Here are 10 of my modest attempts.
New state law privacy requirements. We have only scraped the tip of this privacy iceberg, while the rest is waiting to tear up our ship from beneath the water. By this I mean that we don’t know exactly where they will emerge – New York, Minnesota, and Massachusetts – are likely bets. But we fully expect that one or more states will pass an omnibus privacy act next year. It (or they) will contain similar, but not identical, requirements to the CCPA and throw us all into confusion as how to comply with everything required of business in the privacy protection era that has just arrived.
Shakeout of the Data Analytics Marketing Space. The core business models for dozens of data gathering and marketing firms clearly violate the CCPA, and may violate the new privacy laws to come. The most valuable data is tied to individuals to serve up relevant ads in the moment of need, but requiring a detailed, informed opt-in will destroy the value of many data companies. After the first or second enforcement of the CCPA on this front, expect to see the industry consolidate and shrink considerably until data entrepreneurs can figure out how to continue making money and still meet the new wave of privacy laws.
Rules about special privacy issues. Aside from the omnibus data privacy act(s) coming our way, some relevant legislature or regulators will also act on concerns about some specific aspect of privacy – probably at least 2 or 3 of them. The most likely candidate is biometrics. Another Illinois-type biometric privacy law with a private cause of action may emerge, but I will wager that we are more likely to see regulation of facial recognition software. Face analyzing software is the most visible and discussed of the biometric technologies, and while voice recognition or nanny cams may be more insidious, some panicky legislature is likely to protect constituents’ faces. Some members of Congress just pushed back against HUD for using facial recognition technology in public housing. Laws/regs impacting audio/video drones or DNA are also each possible.
Growth of the Surveillance State. While lawmakers and regulators are fighting to keep information on individuals out of the hands of companies and marketers, their law enforcement arms will continue to quietly amass more and deeper biometric databases, broader networks of stationary cameras, and tools for recording our phone calls and tracking every movement. Federal tools will work their way to the state and local level. DNA family analysis will solve more cold cases. Police agencies will learn how to effectively use social media postings to gather information on suspects. Your own technology – phone, automobile, even doorbell and home personal assistants – will be law enforcement’s best friend and betray you at every turn.
Feeling the Effects of Carpenter. While a couple of the cases in the new SCOTUS term may have sideways privacy implications, like if the court decides the issue of whether IP address and search terms are legally significant personal identifiers in Frank v. Gaos, the court did not take on a seminal privacy/security/fourth amendment case this year. But, not to worry, the SCOTUS opinion from 2018, Carpenter v U.S., is crashing a path through law enforcement and lower courts. It impact should be even more significant next year. The court in Carpenter held that warrantless searches of detailed cell phone data is unconstitutional. Will this case affect the age-old third party exception to Fourth Amendment protection in all cases, forcing police to secure a warrant prior to requesting phone records, internet searches, and other digital trails held by private companies? Will this apply to the location data collected from your personal vehicle and held by the manufacturer or your insurance company? Can the border search exception withstand the Supreme Court majority’s logic in Carpenter? The picture is likely to clarify this year.
Machine Learning is Business Ready. For the last few years we have heard that artificial intelligence will change the world we live in – but not all at once. Learning models made with data training sets are working their way into regular software applications for business, and are likely to be important tools as developers learn how to use them. Right now, a developer could pick one of several machine learning tools on Github and train her own AI, then build that program into a current project. Expect much more of this, although non-technical business people may not understand the extent of acceptance for another couple of years.
A cyberforce. No, really, a uniformed cyberforce. The President announced a separate Space Force service to protect our off-planet national interests. But wait, there’s more. In the 2020 defense budget authorization bill, Congress asks the Pentagon to study whether a separate uniformed service dedicated to cybersecurity should join the Army, Navy, Air Force, Marines, Coast Guard and new Space Force. After 72 years with no new armed forces designated in this country, we may see two instituted in a 2-3-year period. Semper Cy.
More Shared Ventures for Banks and FinTechs. The more it becomes apparent that regulation of FinTech is likely to look very much like regulation of standard banks, Fintech companies have been searching for different ways of gaining credibility and scale in the marketplace. The clear answer is to use the stored-value card model of combining the flexibility and creativity of a FinTech company with the solidity, resources and regulatory acceptance of a bank. While 2019 saw a slow growth of this trend, 2020 is likely to increase the pace of sharing projects and business plans.
Year of the Deepfakes. A combination of the US election year, a highly polarized electorate, foreign technical interference, and the democratization of AI technology is likely to produce some of the first socially relevant Deepfakes this year. The Russians are working to raise their election meddling game and probably will send out “incontrovertible” video of famous people or their families saying terrible things or otherwise behaving badly. I wouldn’t put it past the US political dirty trick machines either. Don’t believe everything you see. Or that you hear. This may be the year where your company’s CEO’s voice is Deepfaked to give false payment instructions. That attack is coming; just a matter of when.
IoT Vulnerability Everywhere. We are already reading about hacked kid-cams being used to bully children, and in-room cameras capturing compromising adult pictures to use for blackmail (frequently demanding more debaucherous pictures). Your home is wired, and therefore vulnerable. Your car includes more than a million lines of code and links to the internet through its entertainment system, and therefor vulnerable. Your phone contains camera, microphone and GPS reader, and is painfully vulnerable. Not to mention your smartwatch or other wearables. These exposures will capture the attention of more hackers this year, for corporate espionage, blackmail, extortion and information gathering to support fraud. Both the bad guys and the people chasing them will learn new and creative ways of using direct connections into our lives.