Irene Chan
Ever since I was allowed to touch my mother’s computer (at the tender age of 7), I have been sucked into the world of security. Back when the WWW was still developing and applications were not as sophisticated as they are now, the level of information security was equally poor. Nowadays, many users take for granted encryption algorithms like AES, triple DES, RSA, etc. All of which, practically speaking, don’t allow potential intruders without prior knowledge of the keys to read the encrypted data, provided that the algorithm is properly implemented. Ask yourself these questions: do you use the same password over and over again? Have you ever used really easy passcodes like ‘1111’ or ‘1234’? Do you have a passcode for your electronics?
Cryptography and information security has evolved so much that users don’t think about breaches until after an attack. On the other hand, because security has gotten so evolved, it’s now a hassle to remember long passwords, two/three-steps verifications, and all the other features that are meant to protect our information. How do you balance accessibility and data security?
So here’s the thing. Law has always been resistant to change. As we have seen with past jurisprudence, changes only come when specific circumstances are fulfilled and society’s mindset and values have changed. It takes years, sometimes decades, to effect change in the law. Why change something that works, right? This is the complete opposite of technology. Every day, technology is trying to change, for the better or worse, it’s ever changing. If you want an example, look at the Apple iPhone. Every year a new model comes out. How about laptops? CPU chips are getting smaller and more powerful every day.
Due to COVID-19, the legal system scrambled to implement technology into its daily functions to try and keep the institution running. Even for institutions that have already integrated a sufficient level of technology for remote learning/working, we’ve see how that went down earlier this year. Our law school completely shut down on the first few days of the Fall semester despite having 5-6 months to prepare. Now that we’ve marginally solved the problem of accessibility, the next question is security. For example, it’s easy to have security when you’re locked in a windowless room with your client (let’s ignore the fact that listening devices exist for a brief moment, because then we’re getting into ‘spy stuff’). How are you supposed to ensure your video-conferencing call is secure? What happens if an intruder hacks into your private video call with a client? What of the solicitor-client privilege? What happens if someone from another jurisdiction perpetrates these attacks?
It’s true that in our Criminal Code that we have various provisions for cyber crimes, but is it really enough? One thing we know from the last 8 months is that the more reliant we become on technology, the more demand there is for legal protections to prevent harm to society and its institutions. Cyber crimes can have such devastating consequences and can be performed anywhere in the world. Perpetrators come up with new ways to perform cyber criminal activities everyday. How can the law respond to the fact that our lives are now more intertwined with technology than ever? How will the law respond to that? Is it even possible for the law, as it is now, to protect the society and individual interests?