CS50 Video Player
    • 🧁
      • 🍫
      • 🍉
      • 🍿
    • 0:00:000 - Introduction
    • 0:00:150 - Challenges at the Intersection of Law and Technology
    • 0:01:090 - Trust Models
    • 0:01:300 - Reflections on Trusting Trust
    • 0:07:150 - Samsung SmartTV Privacy Policy Supplement
    • 0:13:150 - Intel Management Engine
    • 0:18:040 - Open-source Software and Licensing
    • 0:18:230 - GPLv3
    • 0:21:530 - LGPLv3
    • 0:22:590 - MIT License
    • 0:24:040 - Other Licenses
    • 0:26:020 - 3D Printing
    • 0:35:420 - Virtual and Augmented Reality (VR/AR)
    • 0:44:120 - Digital Privacy; tracking
    • 0:44:480 - Digital Tracking Technologies
    • 0:49:120 - EFF: The Problem with Mobile Phones
    • 0:56:550 - AI, robotics, machine learning
    • 0:57:200 - Using AI in the Legal Profession
    • 0:59:080 - Machine Learning
    • 1:15:520 - Machine Bias
    • 1:20:360 - GDPR and the "Right To Be Forgotten"
    • 1:26:540 - Net Neutrality
    • 1:34:050 - A Net Neutrality Primer
    • 0:00:00[MUSIC PLAYING]
    • 0:00:16DAVID MALAN: So today we're going to talk
    • 0:00:17about challenges at this crucial intersection of law and technology.
    • 0:00:22And the goal at the end of today is not to have provided you with more answers,
    • 0:00:26but hopefully generated more questions about what this intersection is
    • 0:00:30and where we're going to go forward.
    • 0:00:32Because at this intersection lie a lot of really interesting and challenging
    • 0:00:36problems that are at the forefront of what we're doing.
    • 0:00:38And you, as a practitioner, may be someone
    • 0:00:40who is asked to confront and contend with and provide resolutions
    • 0:00:44for some of these problems.
    • 0:00:46This lecture's going to be divided into two parts roughly.
    • 0:00:49In the first part, we're going to discuss
    • 0:00:50trust, whether we can trust the software that we receive
    • 0:00:53and what implications that might have for software
    • 0:00:56that's transmitted over the internet.
    • 0:00:57And in the second part, we're going to talk about regulatory challenges that
    • 0:01:00might be faced.
    • 0:01:01As new emergent technologies come into play,
    • 0:01:03how is the law prepared, or is the law prepared
    • 0:01:07to contend with those challenges?
    • 0:01:09But let's start by talking about this idea of a trust model,
    • 0:01:13trust model being a computational term for basically
    • 0:01:16do we trust something that we're receiving over the internet?
    • 0:01:19Do we trust that software is what it says it is?
    • 0:01:22Do we trust that a provider is providing a service in the way they describe,
    • 0:01:26or are there doing other things behind the scenes?
    • 0:01:29Now, as part of this lecture, there's a lot of supplementary reading materials
    • 0:01:33that we've incorporated in that we're going to draw on quite a bit
    • 0:01:36throughout the course of today.
    • 0:01:37And the first of those is a paper called "Reflections on Trusting Trust."
    • 0:01:41This is arguably one of the most famous papers in computer science.
    • 0:01:45It was written in 1984 by Ken Thompson.
    • 0:01:48Ken Thompson was one of the inventors of the Unix operating
    • 0:01:51system, on which Linux was based, on which subsequently,
    • 0:01:55based on a version of Linux, Mac OS is based.
    • 0:01:57And so he's quite a well-known figure in the computer science community.
    • 0:02:00And he wrote this paper to accept an award called the Turing Award, again,
    • 0:02:04one of the most famous awards in computer science.
    • 0:02:06And in it, he's trying to highlight the problem of trust in software.
    • 0:02:10And he begins by discussing about a computer
    • 0:02:12program that can reproduce itself.
    • 0:02:14We typically refer to this as what's called a quine in computer science.
    • 0:02:17But the idea is can you write a simple program that reproduces itself?
    • 0:02:21And we won't go through that exercise here.
    • 0:02:23But Thompson shows us that, yes, it is relatively trivial actually
    • 0:02:27to write programs that do this.
    • 0:02:30But what does this then lead to?
    • 0:02:32So the next step of the process that Thompson discusses is
    • 0:02:35stage two in this paper, is how do you teach a computer
    • 0:02:39to teach itself something?
    • 0:02:41And he uses the idea of a compiler.
    • 0:02:43Recall that we use compilers in some programming languages
    • 0:02:46to turn source code, the human-like syntax
    • 0:02:50that we understand-- languages like C, for example,
    • 0:02:54will be written in source code.
    • 0:02:55And they need to be compiled, or transformed,
    • 0:02:58into zeros and ones, machine code, because computers only
    • 0:03:01understand these zeros and ones.
    • 0:03:03They don't understand the human-like syntax
    • 0:03:05that we're familiar with as programmers when we are writing our code.
    • 0:03:09And what Thompson is suggesting that we can do
    • 0:03:11is we can teach the compiler, the program that
    • 0:03:14actually takes the source code and transforms it into zeros and ones,
    • 0:03:18to compile itself.
    • 0:03:20And he starts out by doing this by introducing a new character
    • 0:03:24for the compiler to understand.
    • 0:03:26The analogy is drawn to the newline character, which we
    • 0:03:28type when we reach the end of a line.
    • 0:03:30We want to go down and back to the beginning of a new one.
    • 0:03:33We enter the newline character.
    • 0:03:34There are other characters that were not initially envisioned
    • 0:03:37as part of the C compiler.
    • 0:03:38And one of those is vertical tab, which basically
    • 0:03:41allows you to jump down several lines without necessarily resetting back
    • 0:03:44to the beginning of the line as newline would.
    • 0:03:48And so Thompson goes through the process,
    • 0:03:50that I won't expound on here because it's
    • 0:03:52covered in the paper, of how to teach the compiler what
    • 0:03:55this new character, this vertical tab means.
    • 0:03:59He shows us that we can write code in the C programming language
    • 0:04:03and then have the compiler compile that code into zeros and ones that
    • 0:04:06create something called a binary, a program
    • 0:04:08that a computer can execute and understand.
    • 0:04:11And then we can use that newly created compiler
    • 0:04:14that we've just created to compile other C programs.
    • 0:04:18Which means that once we've taught the computer how
    • 0:04:20to understand what this vertical tab character is,
    • 0:04:24it then can propagate into any other C program that we write.
    • 0:04:27The computer is learning, effectively, a new thing to interpret,
    • 0:04:31and it can then interpret that in every other program.
    • 0:04:34But then Thompson leads us into stage three,
    • 0:04:36which is, what if that's not all the computer or the compiler does?
    • 0:04:41What if instead of just adding that vertical tab character
    • 0:04:44whenever we did it, we also secretly, as part of the source code,
    • 0:04:49insert a bug into the code, such that now whenever we compile the code
    • 0:04:53and we encounter that backslash V, that vertical tab character,
    • 0:04:57we're not only putting that into the code
    • 0:04:59so that the computer can understand and pass this slash
    • 0:05:02V, the character that it never knew about before,
    • 0:05:05but we've also sort of surreptitiously hidden a bug in the code.
    • 0:05:09And again, Thompson goes into great detail
    • 0:05:11about exactly how that can be done and exactly what steps we can then
    • 0:05:14take to make it look like that was never there.
    • 0:05:17We can change the source code, modify it,
    • 0:05:19and make it look like we never had a bug in there,
    • 0:05:22even though it is now propagating into all of the source code
    • 0:05:24we ever write or we ever compile going forward.
    • 0:05:28We've created a way to surreptitiously hide bugs in our code.
    • 0:05:32And the conclusion that Thompson draws is, is it
    • 0:05:36possible to ever trust software that was written by anyone else?
    • 0:05:40In this course we've talked about some of the tools that are available
    • 0:05:43to programmers that would allow them to go back in time-- for example,
    • 0:05:46we've discussed GitHub on several occasions to go back in time--
    • 0:05:50and see prior versions of code.
    • 0:05:52In the 1980s, when this paper was written,
    • 0:05:54that wasn't necessarily possible.
    • 0:05:56It was relatively easy to hide source code changes so that the untrained eye
    • 0:06:01wouldn't know about them.
    • 0:06:02Code was not shared via the internet.
    • 0:06:04Code was shared via floppy disks or hard disk that were being
    • 0:06:08passed between people who needed them.
    • 0:06:10And so there was no easy way to verify that code that was written by somebody
    • 0:06:13else is actually trustworthy.
    • 0:06:16Now, again, this paper came out 35-plus years ago now.
    • 0:06:20And it came out around the time that the Computer Fraud and Abuse
    • 0:06:22Act, which we've also previously discussed,
    • 0:06:25was being drafted and run through Congress.
    • 0:06:29Did lawmakers heed the advice of Ken Thompson?
    • 0:06:34Do we still today trust that our programs that we receive
    • 0:06:39or that we write are free of bugs?
    • 0:06:42Is there a way for us to verify that?
    • 0:06:44What should happen if code is found to be buggy?
    • 0:06:48What if it's unintentionally buggy?
    • 0:06:50What if it's maliciously buggy?
    • 0:06:52Do we have a way to challenge things like that?
    • 0:06:56Do we have a way to prosecute those kinds of cases
    • 0:06:58if the bug creates some sort of catastrophic failure in some business?
    • 0:07:03Not exactly.
    • 0:07:04The challenge of figuring out whether or not we should trust software
    • 0:07:08is something that we have to contend with every day.
    • 0:07:10And there's no bright line answer for exactly how to do so.
    • 0:07:15Now let's turn to perhaps a more modern interpretation of this idea
    • 0:07:19and take a look at the Samsung Smart TV policy.
    • 0:07:22So this was a bit of news a few years ago,
    • 0:07:25that Samsung was recording or was capturing voice commands
    • 0:07:30so people could make use of their television without needing a remote.
    • 0:07:33You could say something like, television,
    • 0:07:35please turn the volume up, or television, change the channel.
    • 0:07:39But it turned out that when Samsung was collecting this information,
    • 0:07:42they were transmitting it to a third party, a third-party language
    • 0:07:46processor, who would ostensibly be taking the commands they hear
    • 0:07:51and feeding them into their own database to improve the quality of understanding
    • 0:07:55what these commands were.
    • 0:07:57So it would hear--
    • 0:07:58let's say thousands of people use this brand of television.
    • 0:08:03It would take the thousands of people's voices all making the same command,
    • 0:08:08feed it into its algorithm to process this command, and hopefully try
    • 0:08:12and come up with a better or more comprehensive understanding of what
    • 0:08:14that command meant to avoid the mistake of I say one thing,
    • 0:08:18and the TV does something else because it misinterprets what I do.
    • 0:08:23If you take a look at Samsung's policy, it says things like the device
    • 0:08:28will collect IP addresses, cookies, your hardware and software configuration, so
    • 0:08:32the settings that you have put onto your television, your browser information.
    • 0:08:38Some of these TVs, these smart TVs, have web browsers built into them.
    • 0:08:41And so you may be also sharing information about your history
    • 0:08:44and so on.
    • 0:08:46Is this necessarily a bad thing?
    • 0:08:50When it became a news story it was mildly scandalous in the tech world
    • 0:08:53because it was unexpected.
    • 0:08:55No one thought that that was something a television should be doing.
    • 0:08:59But is it really all that different from when you use your browser anyway?
    • 0:09:02We've seen in this course that whenever we connect to a website,
    • 0:09:06we need to provide our IP address so that the site that we're requesting,
    • 0:09:11the server, knows where to send our data back to.
    • 0:09:14And in addition.
    • 0:09:15As part of those HTTP headers, we not only send our IP address,
    • 0:09:18but we're usually sending information about what operating system or running,
    • 0:09:22what browser we're currently using, where geographically we
    • 0:09:25might be located, so ways to help the routers route
    • 0:09:29traffic in the right direction.
    • 0:09:30Are we leaking as much information when we
    • 0:09:33use the internet to make a request as we are when our television is interpreting
    • 0:09:37or understanding a command?
    • 0:09:39Why is it that this particular action, this interpretation of sound,
    • 0:09:46feels so much more of a privacy violation
    • 0:09:49than just accessing something on the internet when we're voluntarily, sort
    • 0:09:53of, revealing the same information?
    • 0:09:55Are we not voluntarily relinquishing the same information
    • 0:09:58to a company like Samsung, whose smart TVs sort of precipitated this?
    • 0:10:04Moreover, is it technologically feasible for Samsung
    • 0:10:07to not collect all of the sounds that it hears?
    • 0:10:11One of the big concerns as well that came up
    • 0:10:13with these smart TVs is that when does the recording and transmitting start?
    • 0:10:19For those of you who maybe have seen old versions of Star Trek,
    • 0:10:22you may recall that in order to activate the computers on that television show,
    • 0:10:26someone would just say computer.
    • 0:10:28And then the computer would sort of spring to life,
    • 0:10:30and then they could have a normal English language interaction with it.
    • 0:10:34There's no need to program specific commands
    • 0:10:36or click anything or have any other interaction other than voice.
    • 0:10:39How would we technologically accomplish that now?
    • 0:10:43How would a device know whether or not it
    • 0:10:46should be listening unless it's listening for a specific word?
    • 0:10:49Is there a way for the device to perhaps listen
    • 0:10:52to everything that comes in but only start sending information
    • 0:10:56when it hears a command?
    • 0:10:57Is it impossible for it not to capture all of the information
    • 0:11:01that it's hearing and send it somewhere, encrypt it or not encrypt it, and just
    • 0:11:06transmit it somewhere else?
    • 0:11:07It's kind of an interesting question.
    • 0:11:10Samsung also allows not only voice controls, but gesture controls.
    • 0:11:14This may help people who are visually impaired
    • 0:11:17or help people who are unable to use a remote control device.
    • 0:11:22They can wave or make certain gestures.
    • 0:11:24And in so doing, they're going to capture your face perhaps
    • 0:11:28as part of this gesture.
    • 0:11:29Or they may capture certain movements that you're making
    • 0:11:32or maybe even capture, depending on the quality
    • 0:11:34of the camera built into the television, aspects of the room around you.
    • 0:11:38Is this necessarily problematic?
    • 0:11:41Is this something that we as users of this software
    • 0:11:44need to accept as something that just is part of the deal?
    • 0:11:48In order to use this feature, we have to do it?
    • 0:11:50Is there a necessary compromise?
    • 0:11:52Is there a way to ensure that Samsung is properly interacting with our data?
    • 0:11:58Should there be a way for us to verify this?
    • 0:12:01Or is that proprietary to Samsung, the way that it handles that data?
    • 0:12:05Again, these are all sorts of questions that we really
    • 0:12:07want to know the answers to.
    • 0:12:09We want to know whether or not what we are saying we're doing is secure,
    • 0:12:14is private.
    • 0:12:15And we can read the policies of these organizations that are providing
    • 0:12:18these tools for us to interact with.
    • 0:12:21But is that enough?
    • 0:12:22Do we have a way to verify?
    • 0:12:23Is there anything we can do other than just trust
    • 0:12:26that these companies are doing what they say they're doing,
    • 0:12:29or services or programmers are providing tools that
    • 0:12:31do exactly what they say that they do?
    • 0:12:33Without some really advanced knowledge and skill in tech, the answer is no.
    • 0:12:38And even if you have that advanced skill or knowledge,
    • 0:12:40it's really hard to take a look at a binary, zeros
    • 0:12:42and ones, the actual executable program that is being run on these devices,
    • 0:12:47and look at it and say, yeah, I think that that does match the source code
    • 0:12:51that they provided to me so I can really feel
    • 0:12:53reasonably confident that yeah I trust this particular piece of software.
    • 0:12:58As we've discussed in the context of security,
    • 0:13:00trust is sort of something we have to deal with.
    • 0:13:03We're constantly torn between this tension of not trusting other people,
    • 0:13:07and so we encrypt everything, but needing to trust people in order
    • 0:13:10for some things to work.
    • 0:13:11It's a very delicate balancing act that we have to contend with every day.
    • 0:13:15And again, I don't mean to pick on Samsung here.
    • 0:13:17This is just one of many different examples
    • 0:13:19that have sort of existed in popular culture.
    • 0:13:22Let's consider another one, for example.
    • 0:13:23Let's consider a piece of hardware called the Intel Management
    • 0:13:28Engine, or hardware, firmware, software, depending
    • 0:13:30on what it is, because one of the open questions
    • 0:13:33is, what exactly is the Intel Management Engine?
    • 0:13:36What we do know about it is that it is usually part of the CPU itself.
    • 0:13:42It's unclear.
    • 0:13:43It's not exactly been publicly disclosed whether it's built into the CPU
    • 0:13:47or perhaps built into the CMOS or the BIOS, different parts, low-level parts
    • 0:13:52of the motherboard itself.
    • 0:13:54But it is a chip or some software that runs on a computer, whose intended
    • 0:14:00purpose is to help network administrators in the event
    • 0:14:04that something has gone wrong with a computer.
    • 0:14:06So recall that we previously discussed this idea
    • 0:14:08that it's possible to encrypt your hard drive,
    • 0:14:11and that there are also ramifications that
    • 0:14:13can happen if you encrypt your hard drive
    • 0:14:15and forget exactly how to un-encrypt your hard drive.
    • 0:14:20What the Intel Management Engine would allow, one of its several features,
    • 0:14:25is for a network administrator, perhaps if you're
    • 0:14:27in an enterprise suite, your IT professional, your head of IT
    • 0:14:31might be able to access your computer remotely by issuing commands,
    • 0:14:35because the computer is able to listen on a specific port.
    • 0:14:38It's like 16,000 something.
    • 0:14:39I don't remember exactly the port number.
    • 0:14:41And it's discussed again, as well, in the article provided.
    • 0:14:44But it allows the computer to be listening
    • 0:14:47for a specific kind of request that should only
    • 0:14:49be coming from an administrator's computer to be able to remotely access
    • 0:14:53another computer.
    • 0:14:54But the concern is because it's listening on a specific port,
    • 0:14:58how is it possible to ensure that the request that it's
    • 0:15:03receiving on that port or via that IP address are accurate?
    • 0:15:08Because Intel has not disclosed the actual code
    • 0:15:12that comprises this module of the IME.
    • 0:15:15And then the question becomes, is that a problem?
    • 0:15:18Should they be required to reveal that code?
    • 0:15:22Some will certainly argue yes it's really important for us
    • 0:15:25as end users to understand what software is running on our devices.
    • 0:15:30We have a right to know what programs are running on our computers.
    • 0:15:36Others will say, no, we don't have a right to do that.
    • 0:15:39This is Intel's intellectual property.
    • 0:15:41It may contain trade secret information that allows its chips to work better.
    • 0:15:46We don't, for example, argue Coca-Cola should
    • 0:15:49be required to reveal its secret formula to us because it may implicate
    • 0:15:53certain allergies or Kentucky Fried Chicken needs
    • 0:15:57to disclose its secret recipe to us.
    • 0:15:59So why should Intel be required to tell us
    • 0:16:02about the lines of code that comprise this part of its hardware or software
    • 0:16:08or firmware, again depending on exactly what it is, because it's slightly
    • 0:16:12unclear as to what this tool is.
    • 0:16:15So the question again is, are they required
    • 0:16:18to provide some degree of transparency?
    • 0:16:19Do we have a right to know?
    • 0:16:21Should we just trust that this software is indeed
    • 0:16:23only being used to allow remote access only to authorized individuals?
    • 0:16:29If Intel were to provide a tool to tell us whether our computer was
    • 0:16:32vulnerable to attack from outside computers accessing
    • 0:16:37our own personal computers outside of the enterprise context,
    • 0:16:40should we trust the result of the software
    • 0:16:43that Intel provided that tells us whether or not it is vulnerable?
    • 0:16:46As it turns out, Intel does provide this software
    • 0:16:49to tell you whether or not your IME chip is activated in such a way
    • 0:16:54that yes, you are subject to potential remote access or no, you are not.
    • 0:16:59Does saying that you are or your aunt reveal potential trade
    • 0:17:03secret-related information about Intel?
    • 0:17:05Should we be concerned that Intel is the one providing us
    • 0:17:08this information versus a third party providing us this information?
    • 0:17:11Of course, Intel being the only organization
    • 0:17:13that really can tell us that we're vulnerable
    • 0:17:16or not because they're the only ones who know what is on this software.
    • 0:17:20So again, not picking on any individual company
    • 0:17:23here, just drawing from case studies that exist in popular culture
    • 0:17:26from in tech circles about the kinds of questions
    • 0:17:28that we need to start considering and wrestling with.
    • 0:17:32Are they going to be required to disclose this information?
    • 0:17:34Should Samsung be revealing information about what sorts of data
    • 0:17:38it's collecting and how it's collecting it?
    • 0:17:40Do we trust that our compilers, as Ken Thompson alluded to,
    • 0:17:44actually compile our code the way that they say that they do?
    • 0:17:47This healthy skepticism is always at the forefront of our mind
    • 0:17:50when we're considering programming- and technology-related questions.
    • 0:17:53But how do we press on these issues further in a legal context?
    • 0:17:58That's still to be determined.
    • 0:17:59And that's going to be something that we're
    • 0:18:01going to be grappling with for quite some time, I think.
    • 0:18:05Another key issue that's likely to be faced by technologists
    • 0:18:08and the lawyers who represent them, particularly
    • 0:18:10startups working in a small environment with limited numbers of programmers
    • 0:18:15that may be relying on material that's been open sourced online,
    • 0:18:19is this idea of open source software and licensing.
    • 0:18:23Because the scheme that exists out there is quite complicated.
    • 0:18:27There are many, many different licenses that
    • 0:18:29have many, many different provisions associated with them.
    • 0:18:31And each one will have different combinations
    • 0:18:34of some of these things being permitted, some of them not,
    • 0:18:36and potential ramifications of using some of these licenses.
    • 0:18:40We're going to discuss three of the most popularly used licenses, particularly
    • 0:18:43in the context of open source software, generally that is released on GitHub.
    • 0:18:47And the first of these is GPL version 3, GPL being the new Public License.
    • 0:18:54And one of the things that GPL often gets criticism for
    • 0:18:58is it is known as a copyleft license.
    • 0:19:01And copyleft is sort of designed to be the inverse of what copyright
    • 0:19:05protection's usually thought of.
    • 0:19:07Copyright protections give the owner or the person who owns the copyright, not
    • 0:19:11necessarily the creator but the person who owns the copyright, the ability
    • 0:19:14to restrict certain behaviors associated with that work or that material.
    • 0:19:19The GPL sort of does the opposite.
    • 0:19:23Instead of restricting the rights of others,
    • 0:19:27it compels others, who use code that has been licensed under the GPL,
    • 0:19:31to avoid allowing any restrictions at all,
    • 0:19:35such that others can also benefit from using and modifying
    • 0:19:38that same source code.
    • 0:19:41The catch with GPL is that any code that incorporates the GPL--
    • 0:19:47GPL license, excuse me.
    • 0:19:49Any code that includes GPL-licensed code--
    • 0:19:53so say you incorporate some module written by somebody else,
    • 0:19:56or your client incorporate something that they found on GitHub
    • 0:19:59or found on the internet and wants to include it into their own project.
    • 0:20:02If that code is licensed under the GPL, unfortunately one of the side effects
    • 0:20:06perhaps of what your client or what you have just done
    • 0:20:11is you have transformed your entire work into something that
    • 0:20:15is GPL, which means you are also then required to make the source
    • 0:20:19code available to anybody, make the binary available to anybody,
    • 0:20:22and also to allow anybody to have the same rights of modification
    • 0:20:28and redistribution that you had as well.
    • 0:20:30So think about some of the dangers that might introduce for a company that
    • 0:20:33relies extensively on GPL license code.
    • 0:20:37They may not be able to profit as much from that code
    • 0:20:39as they thought they would.
    • 0:20:40Perhaps they thought they had this amazing disruptive idea that
    • 0:20:45was going to transform the market.
    • 0:20:47And this particular piece of GPL code that they found online
    • 0:20:51allowed them-- it was the final piece of the puzzle that they needed.
    • 0:20:54When they included it in their own source code,
    • 0:20:56they transformed their entire project, according
    • 0:20:59to the terms of the GPL license, into something that was also GPL licensed.
    • 0:21:03So their profitability-- they could still sell it.
    • 0:21:06But their profitability may be diminished because the source code is
    • 0:21:09available freely to anybody to access.
    • 0:21:13Now, some people find this particularly restrictive.
    • 0:21:16In fact, pejoratively sometimes this is referred
    • 0:21:18to as the GNU virus, the General Public License virus,
    • 0:21:22because it propagates so extensively.
    • 0:21:25As soon as you touch code or use code really
    • 0:21:28that is GPL licensed, suddenly everything
    • 0:21:30that it touches is also GPL licensed.
    • 0:21:33So it's, depending on your perspective of open source licensing,
    • 0:21:36it's either a great thing because it's making more stuff available,
    • 0:21:39or it's a bad thing because it is preventing people
    • 0:21:42from using open source material to create further developments when they
    • 0:21:48don't necessarily want to license those changes or modifications that they
    • 0:21:52made.
    • 0:21:53The lesser General Public License, or the lesser GNU Public License,
    • 0:21:58is basically the same idea, but it only applies to a library code.
    • 0:22:03So if code is LGPL-ed, what this basically means
    • 0:22:07is any modifications that you make to that code also need to be LGPL-ed,
    • 0:22:15or released under the LGPL license.
    • 0:22:17But other ancillary things that you do in your program that
    • 0:22:21overall incorporates this library code does not need to be LGPL-ed.
    • 0:22:26So it would be possible to license it under other terms,
    • 0:22:29including terms that are not open source at all.
    • 0:22:32So changes that you make to the library need
    • 0:22:34to be propagated down the line so that other people can
    • 0:22:36benefit from the changes that are specific to the library that you made.
    • 0:22:40But it does not necessarily reflect back into your own code.
    • 0:22:45You don't have to necessarily make that publicly available.
    • 0:22:48So this is considered slightly lesser in terms of its ability to propagate.
    • 0:22:52And also, though, it's considered lesser in terms of its ability
    • 0:22:56to grant rights to others.
    • 0:22:59Then you have, at the other end of the extreme, the MIT license.
    • 0:23:03The MIT license is considered one of the most permissive licenses available.
    • 0:23:07It says, here's the software.
    • 0:23:09Do whatever you want with it.
    • 0:23:10You can make changes to it.
    • 0:23:11You don't have to re-license those changes to others.
    • 0:23:14You can take this code and profit from it.
    • 0:23:17You can take this code and make whatever-- re-license it
    • 0:23:21under some other scheme if you want.
    • 0:23:24So this is the other end of the extreme.
    • 0:23:27Is this license copyleft?
    • 0:23:30Well, no, it's not copyleft because it doesn't require others
    • 0:23:33to adhere to the same licensing terms.
    • 0:23:36Again, you can do with it whatever you would like.
    • 0:23:39Most of the code that is actually found on GitHub is MIT licensed.
    • 0:23:44So in that sense, using code that you find online
    • 0:23:48is not necessarily problematic to an entrepreneur or a budding developer who
    • 0:23:53wants to profit from some larger program that they write if it incorporates
    • 0:23:58MIT-licensed code, which might be an issue for those who are incorporating
    • 0:24:02GPL-licensed code.
    • 0:24:05What sorts of considerations, then, would
    • 0:24:06go into deciding which license to use?
    • 0:24:10And again, these are just three of many, many licenses that exist
    • 0:24:14that pertain to software development.
    • 0:24:16Then, of course, there are open source licenses
    • 0:24:19that are not tied to this at all.
    • 0:24:21So for example, a lot of the material that we produce for CS50,
    • 0:24:24the course on which this is based at Harvard College,
    • 0:24:26is licensed under a Creative Commons license,
    • 0:24:28which is similar in spirit to a GPL license,
    • 0:24:33in as much as it oftentimes will require people to re-license the changes that
    • 0:24:38they make to that material under GPL--
    • 0:24:40or under Creative Commons, excuse me.
    • 0:24:42It will generally require a non-commercial aspect of it.
    • 0:24:47It is not possible to profit from any changes that you make and so on.
    • 0:24:50And that's not a software license.
    • 0:24:51That's more of a general media-related license.
    • 0:24:54So these software open source licenses exist in both contexts.
    • 0:24:58But what sorts of considerations might go into choosing a license?
    • 0:25:02Well, again, it really does depend on the organization itself.
    • 0:25:05And so that's why understanding a bit about these licenses
    • 0:25:08certainly comes into play.
    • 0:25:09Do you want your changes to propagate and get out into the market
    • 0:25:13more easily?
    • 0:25:14That might be a reason to use the MIT license, which is a very permissive.
    • 0:25:18Do you just feel compelled to share code with others,
    • 0:25:22and you want to insist that others share that code as well?
    • 0:25:26Then you might want to use GPL.
    • 0:25:27Do you potentially want to use open source code
    • 0:25:32but not release your own code freely to others, the changes
    • 0:25:36that you make to interact with that code?
    • 0:25:38That might be cause for relying on LGPL for the library code
    • 0:25:42that you import and use but licensing your own changes and modifications
    • 0:25:46under some other scheme.
    • 0:25:49Again, a very complex and open field that's
    • 0:25:51going to require a lot of research for anyone who's
    • 0:25:53going to be pursuing and helping clients who
    • 0:25:56are working with software development and what they want
    • 0:26:00to do with that code going forward.
    • 0:26:04So let's turn our attention now from issues that have existed for a while
    • 0:26:07and sort of been bubbling underneath the surface,
    • 0:26:09issues of trust and issues of software licensing--
    • 0:26:11those have been around a lot longer--
    • 0:26:13and start to contend with new technologies
    • 0:26:16and how the law keeps up with them.
    • 0:26:18And so you'll also hear these terms that are
    • 0:26:19being considered emergent technologies or new technologies.
    • 0:26:22You'll sometimes see them referred to as disruptive technologies
    • 0:26:26because they are poised to materially affect the way that we interact
    • 0:26:30with technology, particularly in terms of purchasing things
    • 0:26:34through commerce, for example, as in the case of our first topic, 3D printing.
    • 0:26:39So how does 3D printing work, is a good question to ask at the outset.
    • 0:26:44Similar in spirit to a 2D printer, with a 2D printer
    • 0:26:47you have a write head that spits out ink, typically in some sort of toner.
    • 0:26:53It moves left to right across a piece of paper.
    • 0:26:56And the paper's also fed through some sort of feeder.
    • 0:26:59So the left-to-right movement of the toner or ink head
    • 0:27:03is the x-axis movement.
    • 0:27:05And the paper rolling underneath that provides y-axis movements.
    • 0:27:08Such that when we're done, we may be able to get access
    • 0:27:10to a piece of paper that has ink scattered across it, left to right,
    • 0:27:14top to bottom.
    • 0:27:153D printers work in very much the same way, except instead of their medium,
    • 0:27:19instead of being ink or toner, is typically some sort of filament that
    • 0:27:23is conventionally, at least at the time of this recording, been
    • 0:27:27generally plastic based.
    • 0:27:29And what basically happens is the plastic
    • 0:27:30is melted just to above the melting point of the plastic.
    • 0:27:35And then it is deposited onto some surface.
    • 0:27:37And that surface that is being moved over by a similar read-write head,
    • 0:27:43basically it's a nozzle or eyedropper basically of plastic.
    • 0:27:48And it can move up and down across a flat surface,
    • 0:27:51similar to what the printer would do.
    • 0:27:53But instead of just being flat, the arm can also move up and down.
    • 0:27:58On some models of 3D printers, the table can move up and down
    • 0:28:01to allow it to not only print on the xy-plane, but also on the z-axis.
    • 0:28:06So it can print in space and create three-dimensional objects, 3D printing.
    • 0:28:10Typically the material used, again, is melted plastic just
    • 0:28:13above the melting point.
    • 0:28:15So that by the time it's deposited onto the surface
    • 0:28:18or onto other existing plastic, it's already basically cooled
    • 0:28:22enough that it's hardened again.
    • 0:28:24So the idea is we want to just melt it enough so
    • 0:28:27that by the time it's put onto some other surface,
    • 0:28:29it re-hardens and becomes a rigid material once again.
    • 0:28:34Now, 3D printing is usually considered to be a disruptive technology
    • 0:28:38because it allows people to create items they may not otherwise have access to.
    • 0:28:43And of course, the controversial one that
    • 0:28:45is often spoken about in terms of we need to ban things
    • 0:28:48or we need to ban certain 3D printers or ban certain 3D printing technologies
    • 0:28:52is guns, because it's actually possible, using technology
    • 0:28:56that exists right now, to 3D print a plastic gun that
    • 0:29:01would evade any sort of metal detection that is usually used for detecting guns
    • 0:29:06and is fully functional.
    • 0:29:07It can fire bullets, plastic bullets or real metal bullets.
    • 0:29:12The article that is recommended that goes with this part of the discussion
    • 0:29:17proposes several different ways that we might be able to--
    • 0:29:20or the law may be able to keep up with 3D printing technologies.
    • 0:29:25Because, again, the law typically lags behind technology, and so
    • 0:29:28is there a way that the law can contend with this?
    • 0:29:30And there are a couple of options that it proposes
    • 0:29:32that I think are worthy of discussion.
    • 0:29:34The first is allow permission-less innovation.
    • 0:29:37Should we just allow people to do whatever
    • 0:29:40they want with it, the 3D printing technology,
    • 0:29:44and decide ex post facto this, what you just did, is not OK,
    • 0:29:49the rest of it's fine and disallow that type of thing going forward?
    • 0:29:53This approach is interesting because it allows people to be creative,
    • 0:29:57and it allows potentially for things to be
    • 0:29:59revealed about 3D printing technology that were not
    • 0:30:02possible to forecast in advance.
    • 0:30:04But is that reactive-based approach better?
    • 0:30:08Or should we be proactive in trying to prevent
    • 0:30:10the production of certain things that we don't want to be produced?
    • 0:30:14And moreover, all the plastic filament tends
    • 0:30:17to be the most popular and common way that things are 3D printed right now.
    • 0:30:213D printers are being developed that are much more advanced than this.
    • 0:30:24We are not necessarily restricted to plastic-based printing.
    • 0:30:28We may have metal-based printing.
    • 0:30:29And you may have even seen that there are 3D printers that exist
    • 0:30:32that can produce organic materials.
    • 0:30:35They use human cells, basically, to create things like organs.
    • 0:30:39Do we want people to be able to create these things?
    • 0:30:41Is this the kind of thing that should be regulated beforehand rather
    • 0:30:45than regulated after we've already printed
    • 0:30:48and exchanged copyrighted designs for what to build and construct?
    • 0:30:54Is it too late by the time we have regulated it to prevent it
    • 0:30:59from being reproduced in the future?
    • 0:31:02Another thought that this article proposes is immunizing intermediaries.
    • 0:31:07Should we allow people to do whatever they want with 3D printing?
    • 0:31:10Or maybe not allow people to do whatever they want 3D printing,
    • 0:31:13but regardless don't punish the manufacturers of 3D printers
    • 0:31:20and don't punish the designers of the CAD files,
    • 0:31:26the Computer-Aided Design files, that generally go into 3D printing?
    • 0:31:30Is this a reasonable policy approach?
    • 0:31:33It's not an unheard of policy approach.
    • 0:31:35This is the approach that we typically have used with respect
    • 0:31:38to gun manufacturers, for example.
    • 0:31:40Gun manufacturers generally are not subject to prosecution for crimes
    • 0:31:45that are committed using those guns.
    • 0:31:48Should we apply something similar to 3D printers, for example,
    • 0:31:51when the printer is used to manufacturer a gun?
    • 0:31:54Who should be punished in that case, the person who
    • 0:31:57designed the gun model, the person who actually
    • 0:31:59printed the gun, the 3D printer manufacturer itself,
    • 0:32:04any of those people?
    • 0:32:05Again, an unanswered question that the law is going
    • 0:32:08to have to contend with going forward.
    • 0:32:12Another solution potentially is to rely on existing common law.
    • 0:32:16But the problem that typically arises there
    • 0:32:18is that there is not a federal common law.
    • 0:32:21And so this would potentially result in 50 different jurisdictions handling
    • 0:32:26the same problem in different ways.
    • 0:32:28Whether this is a good thing or a bad thing, again,
    • 0:32:30sort of dependent on how quickly these things move.
    • 0:32:33Common law, as we've seen, certainly is capable of adapting
    • 0:32:38to new technologies.
    • 0:32:39Does it do it quickly enough for us?
    • 0:32:43Finally, another example that is proposed
    • 0:32:45is that we could just allow the 3D printing industry to self-regulate.
    • 0:32:50After all, we, as attorneys, self-regulate,
    • 0:32:52and that seems to work just fine.
    • 0:32:54Now, granted this may be because we are in an adversarial system,
    • 0:32:57and so there's advantages and extra incentives for adversaries
    • 0:33:01to insist that we are adhering to our ethical principles
    • 0:33:04and doing the right thing.
    • 0:33:06There's also the overhanging threat of outside regulation
    • 0:33:10if we do not self-regulate.
    • 0:33:12So in a lawyer context, adapting this model to 3D printing
    • 0:33:17may work because it seems to be working well for attorneys.
    • 0:33:21Then you consider that social media companies are also
    • 0:33:23self-regulating, with respect to data protection and data privacy.
    • 0:33:27And as we've seen, that's maybe not going so well.
    • 0:33:31So how do we handle the regulation of 3D printing?
    • 0:33:33Does it fall into the self-regulation category?
    • 0:33:35Does that succeed?
    • 0:33:36Does it fall into the self-regulation category that doesn't succeed?
    • 0:33:39Does it require preemptive regulation to deal with?
    • 0:33:42Now, 3D printing also has some other potential concerns.
    • 0:33:46Very easily, by the nature of the technology itself,
    • 0:33:50it's quite capable of violating copyrights, patents, trademarks,
    • 0:33:55potentially more just by the virtue of the fact
    • 0:33:57that you can create things that may be copywritten or patented or trademarked.
    • 0:34:01And there's also prior case law that sort of informs potential consequences
    • 0:34:06for using 3D printers, the Napster case from several years ago, the technology.
    • 0:34:10Napster would allow peer-to-peer sharing of digital music files.
    • 0:34:14Basically that service was deemed to entirely exist
    • 0:34:17for the purpose of violating copyright.
    • 0:34:20And so that shut down Napster basically.
    • 0:34:22Will 3D printers suffer the same fate?
    • 0:34:24Because you could argue that 3D printers are generally used to recreate things
    • 0:34:29that may be patented or may be subject to copyright.
    • 0:34:33Or is it going to fall more into a category like Sony, which
    • 0:34:36many years ago faced a lawsuit, or was part of a lawsuit involving VCRs
    • 0:34:40and tape-delaying copywritten material?
    • 0:34:43Is that going to be more of a precedent for 3D printing,
    • 0:34:45or is the Napster case going to be more of a precedent for 3D printing?
    • 0:34:48Again, we don't really know.
    • 0:34:50It's up to the future practitioners of technology law, who
    • 0:34:55are forced to grapple with the challenges presented by 3D printing,
    • 0:34:58to nudge us in that direction, one way or the other.
    • 0:35:03To dive a bit more deeply into this topic of 3D printing,
    • 0:35:06I do recommend you take a look at this article, "Guns Limbs and Toys--
    • 0:35:09What Future for 3D Printing?"
    • 0:35:10And if you're particularly interested in 3D printing and some
    • 0:35:12of the ramifications of it and the technological underpinnings of it,
    • 0:35:17I do encourage you to also take a look at "The Law and 3D Printing," which
    • 0:35:20is a Law Review article from 2015, which also is periodically updated online.
    • 0:35:24And it's a wonderful bibliography of all the different things
    • 0:35:28that 3D printing does.
    • 0:35:29And it will presumably continue to be updated as cases and laws come
    • 0:35:34into play that interact with 3D printing and start to define this relatively
    • 0:35:40ambiguous space.
    • 0:35:42Another particularly innovative space that
    • 0:35:44really pushes the boundaries of what the law is capable of handling
    • 0:35:47is the idea of augmented reality and virtual reality.
    • 0:35:51And we'll consider them in that order.
    • 0:35:53Let's define what augmented reality is.
    • 0:35:55And the most common example of this that you may be familiar with
    • 0:35:58is a phenomenon from several years ago called Pokemon Go.
    • 0:36:00It was a game that you played on your mobile phone.
    • 0:36:03And you would hold up your phone, and you
    • 0:36:06would see through the camera's lens, as if you
    • 0:36:08were taking a picture, the real world through the lens of the camera.
    • 0:36:14But superimposed onto that would be digital avatars
    • 0:36:18of Pokemon, which is part of this game of collectible creatures
    • 0:36:21that you're trying to walk around and find and capture, basically.
    • 0:36:25So you would try and throw some fake ball at them to capture them.
    • 0:36:30So augmented reality is some sort of technical graphical overlay
    • 0:36:35over the real world.
    • 0:36:36Contrast this with virtual reality, in which one typically
    • 0:36:40wears a headset of some sort.
    • 0:36:42It's usually proprietary.
    • 0:36:45It's not generally available as an app, for example,
    • 0:36:47like the augmented-reality game Pokemon Go was.
    • 0:36:50It's usually tied to a specific brand of headset,
    • 0:36:53like Oculus being one type of headset, for example.
    • 0:36:56And it is an immersive alternate reality basically.
    • 0:37:00When you put the headset on, you don't see the lens of the world around you.
    • 0:37:04You are transformed into another space.
    • 0:37:06And to make the experience even more immersive
    • 0:37:09is the potential to wear headphones, for example,
    • 0:37:13so that you are not only immersed in a visual space,
    • 0:37:16but also immersed in a soundscape.
    • 0:37:20Now, something that's particularly strange about these environments
    • 0:37:24is that they are still interactive.
    • 0:37:26It is still possible for multiple people, scattered
    • 0:37:28in different parts of the world, to be involved in the same virtual reality
    • 0:37:34experience, or the same augmented-reality experience.
    • 0:37:36Let's now consider virtual reality experiences, where
    • 0:37:38you are taken away from the real world.
    • 0:37:42What should happen if someone were to commit a crime in a virtual reality
    • 0:37:47space?
    • 0:37:48Studies have shown that people who are immersed in a virtual reality
    • 0:37:53experience can have serious ramifications.
    • 0:37:57They can have real feelings that last for a long time
    • 0:38:00based on their experiences in them.
    • 0:38:02For example, there's been a study out where people put on a virtual reality
    • 0:38:06headset, and they were then immersed in this space where
    • 0:38:09they were standing on a plank.
    • 0:38:12And they were asked to step off the plank.
    • 0:38:15Now, in the real world, this would be just like this room.
    • 0:38:18I can see that everything around me is a carpet.
    • 0:38:20There's no giant pit for me to fall into.
    • 0:38:23But when I have this headset on, I'm completely taken away from reality
    • 0:38:28as we see it here.
    • 0:38:30The experience is so pervasive for some people
    • 0:38:33that they walk to the edge of the plank, and they freeze in fear.
    • 0:38:37They can't move.
    • 0:38:38There's a real physical manifestation in the real world
    • 0:38:41of what they feel in this reality.
    • 0:38:43And for those brave people who are able to take the step off the edge,
    • 0:38:46many of them lean forward and try and fall into the space.
    • 0:38:50And some of them may even get the experience
    • 0:38:52like when you're on a roller coaster, and you feel that tingle in your spine
    • 0:38:54as you're falling.
    • 0:38:56The sense that that actually is happening to you
    • 0:38:58is so real in the virtual reality space that you can feel it.
    • 0:39:05So what would be the case, then, if you are in a virtual reality space,
    • 0:39:09and someone were to pull a virtual gun on you?
    • 0:39:13Is that assault?
    • 0:39:15Assault is a crime where your perception of harm is a material element.
    • 0:39:20It's not actual harm.
    • 0:39:21It's your perception of it.
    • 0:39:23You can perceive in the real world when somebody points a gun at you,
    • 0:39:26this fear of imminent bodily harm.
    • 0:39:28Can you feel that same imminent bodily harm in a virtual world?
    • 0:39:33That's not a question that's really been answered Moreover,
    • 0:39:36who has jurisdiction over a crime that is committed in virtual reality?
    • 0:39:40It's possible that I, here in the United States,
    • 0:39:42might be interacting with someone in France,
    • 0:39:45who is maybe the perpetrator of this virtual assault that I'm describing.
    • 0:39:50Is the crime committed in the United States?
    • 0:39:53Is the crime committed in France?
    • 0:39:54Do we have jurisdiction over the potential perpetrator,
    • 0:39:57even though all I'm experiencing or seeing
    • 0:39:59is that person's avatar as opposed to their real persona?
    • 0:40:03Does anyone have jurisdiction over it?
    • 0:40:04Does the jurisdiction only exist in the virtual world?
    • 0:40:08Virtual reality introduces a lot of really interesting questions
    • 0:40:12that are poised to redefine the way we think about jurisdiction
    • 0:40:16in defining crimes and the prosecutability of crimes
    • 0:40:21in a virtual space.
    • 0:40:24Some other terms just to bring up as well that sort of tangentially
    • 0:40:27relate to virtual and augmented reality so that you're
    • 0:40:30familiar with them are the real-world crimes that are very technologically
    • 0:40:34driven of doxing and swatting.
    • 0:40:37Doxing, if unfamiliar, is a crime involving
    • 0:40:40revealing or exposing the personal information of someone
    • 0:40:43on the internet with the intent to harass or embarrass or do
    • 0:40:48some harm to them by having that exposed, so, for example,
    • 0:40:51revealing somebody's phone number such that it can
    • 0:40:53be called incessantly by other people.
    • 0:40:56As well as swatting, which is a, well, pretty horrible crime, whereby
    • 0:41:03an individual calls the police and says, John Smith
    • 0:41:07is committing a crime at this address, is holding me
    • 0:41:09hostage, or something like that, with the intention
    • 0:41:12that the police would then go to that location
    • 0:41:15and a SWAT team would go, hence the term swatting,
    • 0:41:19and potentially cause serious injury or harm to the ostensibly innocent John
    • 0:41:24Smith, who's just sitting at home doing nothing.
    • 0:41:26These two crimes are generally interrelated.
    • 0:41:28But they oftentimes come up in the technological context,
    • 0:41:32usually as part of the same conversation, when we're
    • 0:41:34thinking about virtual reality crimes.
    • 0:41:38One of the potential upsides, though, if you
    • 0:41:40want to think about it like that, of crimes that are committed
    • 0:41:44in virtual or augmented reality are--
    • 0:41:46well, there's actually a few.
    • 0:41:48First, because it is happening in a virtual space,
    • 0:41:51and because generally in the virtual space all of our movements are tracked,
    • 0:41:55and the identities of everybody who's entering and leaving
    • 0:41:57that space are tracked by way of IP addresses,
    • 0:42:00it may be easier for investigators to figure out who
    • 0:42:05the perpetrators of those crimes are.
    • 0:42:07You know exactly the IP address of the person who apparently initiated
    • 0:42:11this threat against you in the virtual space, which may perhaps make it easier
    • 0:42:15to go and find that person in reality and question them
    • 0:42:18about their involvement in this alleged crime.
    • 0:42:22The other thing that's fortunately a good thing about these crimes,
    • 0:42:25and this is not to mitigate the effect that these crimes can have,
    • 0:42:27is that usually you can kind of mute them from happening.
    • 0:42:31If somebody is in a virtual space, and they're just screaming constantly,
    • 0:42:34such that you might consider that to be disturbing the peace when you're
    • 0:42:37in a virtual space trying to have some sort of pleasant experience ordinarily,
    • 0:42:41you usually have the capability of muting them.
    • 0:42:43This is not a benefit that we have in real life.
    • 0:42:45We generally can't stop crimes by just pretending they're not happening.
    • 0:42:48But in a virtual space, we do have that luxury.
    • 0:42:50That's, again, not to mitigate some of the very unpleasant and unfortunate
    • 0:42:54things that can happen in virtual reality that are just inappropriate.
    • 0:42:58But being in that space does allow people
    • 0:43:02the option to get away from the crime in a way that the confines of reality
    • 0:43:08may not allow.
    • 0:43:08But again, this is a very challenging area
    • 0:43:11because the law is not really equipped right now
    • 0:43:15to handle what happens in an alternate reality, which effectively
    • 0:43:19virtual reality is.
    • 0:43:20And so, again, if you're considering trying to figure out the best
    • 0:43:24way to prosecute these issues or deal with these issues,
    • 0:43:27you may be at the forefront of trying to define how crimes
    • 0:43:30are dealt with in a virtual space.
    • 0:43:32Or how potentially, if working with augmented reality,
    • 0:43:36if malicious code is put up in front of you
    • 0:43:40to simulate something that might be happening in the real world,
    • 0:43:43how do you prosecute those kinds of crimes, where you may be, for example,
    • 0:43:46using a GPS program that is designed to navigate you
    • 0:43:49in one direction versus the other based on the set of glasses
    • 0:43:51that you're wearing so you don't have to keep looking at your phone to make sure
    • 0:43:54that you're going the right way.
    • 0:43:55What if somebody maliciously programs that augmented-reality program to route
    • 0:44:00you off a cliff somewhere, right?
    • 0:44:03How do we deal with that?
    • 0:44:04Right now, again, augmented-reality virtual reality,
    • 0:44:07it's a relatively untested space for lawyers in the law.
    • 0:44:12In the second part of today's lecture, we're
    • 0:44:14going to take a look at some potential regulatory challenges going forward,
    • 0:44:17some issues at the forefront of law and technology generally related to privacy
    • 0:44:21and how the law is ill equipped or hopefully
    • 0:44:24soon to be equipped to handle the challenge that these issues present.
    • 0:44:27And the first of these is your digital privacy,
    • 0:44:30in particular, the abilities of organizations, companies,
    • 0:44:34and mobile device manufacturers to track your whereabouts, whether that's
    • 0:44:38your digital whereabouts, where you go on the internet,
    • 0:44:42or your physical whereabouts.
    • 0:44:44We'll start with the former, your digital whereabouts.
    • 0:44:48So there's an article we provided on digital tracking technologies.
    • 0:44:51This is designed to be a primer for the different types of things
    • 0:44:54that companies, in particular their marketing teams,
    • 0:44:56may do to track individuals online with, again,
    • 0:45:00relatively little recourse for the individuals
    • 0:45:02to know what sorts of information is being gathered
    • 0:45:06about them, at least in the US.
    • 0:45:08Now, of course, we're familiar with this idea
    • 0:45:10of a cookie from our discussion of interacting with websites.
    • 0:45:15It's our shorthand way to bypass the logging credentials
    • 0:45:18and show sort of a virtual hand stamp saying, yes, I am who I say I am.
    • 0:45:23I've already previously logged into your service.
    • 0:45:25Cookies are certainly one way that a site
    • 0:45:28can track a recurrent user from coming to the site over and over and over.
    • 0:45:33Now, this article posits that most consumers have just
    • 0:45:36come to accept that they're being tracked,
    • 0:45:38like that's just part of the deal with the internet.
    • 0:45:42Do you think that using cookies and being tracked
    • 0:45:47is an essential requirement of what it means to use the internet today?
    • 0:45:51And if you do think that, is that the way it should be?
    • 0:45:53And if you don't think that, is that also the way it should be?
    • 0:45:57Or should we be considering the fact that tracking is happening?
    • 0:46:02Is that an essential part of what it means to use the internet?
    • 0:46:08We also need to be concerned about the types of data
    • 0:46:10that companies are using or collecting about us.
    • 0:46:13Certainly cookies are one way to identify who we are.
    • 0:46:17But also it's possible for a cookie to be identified with what types of data
    • 0:46:23an individual accesses while visiting a particular site.
    • 0:46:27So for example, if I am on Facebook, and I'm using my cookie,
    • 0:46:30and I'm looking up lots of pictures on Facebook--
    • 0:46:32I'm just I'm searching for all my friends
    • 0:46:33profiles and clicking on all the ones that have cats in them--
    • 0:46:37that might then give Facebook, or the administrator of that site,
    • 0:46:41the ability to pair that cookie with a particular trend of things
    • 0:46:47that that cookie likes.
    • 0:46:49So in this case, it might want to then-- it knows, OK, maybe the person who
    • 0:46:52owns this cookie likes cats.
    • 0:46:54And as such, it may then start to serve up
    • 0:46:56advertisements related to cats to me.
    • 0:47:01And then when I log into a site, it's going
    • 0:47:06to get information about my IP address.
    • 0:47:07And if I use that cookie, it has now mapped my IP address to the fact
    • 0:47:12that I like cats.
    • 0:47:15And then it could sell the information about me, this particular IP address--
    • 0:47:21I guess it's not necessarily me because one IP address usually covers a house
    • 0:47:25but gets you pretty close--
    • 0:47:27maps this particular IP address to somebody who likes cats.
    • 0:47:32So they may sell that to some other service.
    • 0:47:34Now, it turns out that IP addresses are generally
    • 0:47:36allocated in geographic blocks, which means that, again, just by virtue
    • 0:47:40of the fact that I log into a particular site,
    • 0:47:42I'm able to access and access similar data when visiting that site.
    • 0:47:47They may not be able to geographically isolate down to--
    • 0:47:49again, depending on how populated the area you are currently living in
    • 0:47:52is, possibly narrow it down to a city block, that someone in this city block
    • 0:47:58really likes cats.
    • 0:47:59And then this company may be involved in targeted actual physical mail
    • 0:48:04advertising, snail mail advertising, where
    • 0:48:07some company that sells cat products, like a pet store or something,
    • 0:48:11might target that particular block with advertising, in the hopes that because
    • 0:48:15of this data that has been collected about this particular cookie, who then
    • 0:48:19logged in with a particular IP address, which
    • 0:48:21we've zeroed in to a particular geographic location--
    • 0:48:25it's kind of feeling a little unsettling, right?
    • 0:48:27Suddenly something that we do online is having a manifestation, again,
    • 0:48:31in the real world, where we're getting targeted advertising not just
    • 0:48:35on sites that we visit, but also in our mailbox at home.
    • 0:48:40It's a little bit discomfiting.
    • 0:48:43Should IP addresses be allocated in this way?
    • 0:48:45Is this the kind of thing that technologically can be changed?
    • 0:48:49The latter answer is yes, it is possible to allocate
    • 0:48:51IP addresses in a different way than we typically do.
    • 0:48:54Should we allocate IP addresses in a different way than we typically do?
    • 0:48:58Is the potential threat of receiving real-life advertisements
    • 0:49:04related to your online activities enough to justify that?
    • 0:49:07What would be enough to justify that kind of change?
    • 0:49:12Then, of course, there's the question of tracking not in the digital world,
    • 0:49:16but in the real world.
    • 0:49:17This is usually done through mobile phone tracking.
    • 0:49:20And so we provide an article from the Electronic Frontier Foundation.
    • 0:49:23And full disclosure, some of the articles we've presented here
    • 0:49:26do have a certain bias in them.
    • 0:49:27The Electronic Frontier Foundation is well-known as a rights advocacy
    • 0:49:31group for privacy.
    • 0:49:33And so they're going to naturally be disinclined to things that
    • 0:49:36involve tracking of data and so on.
    • 0:49:38So just bear that in mind, some additional context
    • 0:49:40when you're considering this article.
    • 0:49:42But it does contain a lot of factual information and not
    • 0:49:44necessarily just purely opinion about things that should be changed.
    • 0:49:47Although it does advocate for certain policy changes.
    • 0:49:50Now, why is it that tracking on a mobile device
    • 0:49:52is oftentimes perceived as much worse than tracking on a laptop or desktop?
    • 0:49:57Well, again, first of all, it's your mobile device
    • 0:49:59is generally with you at all times.
    • 0:50:02We've reached the point where our phones are generally carried in our pockets
    • 0:50:05and with us wherever we go, which means that it's very easy to use data
    • 0:50:11that's collected from mobile phone--
    • 0:50:14information that's given out by the mobile phone,
    • 0:50:16whether that's the cell phone towers or GPS data and so on,
    • 0:50:19to pinpoint that to us.
    • 0:50:22The other concern is that mobile phones are very, very quick
    • 0:50:26to become obsolete.
    • 0:50:28Oftentimes one or two versions of a new version
    • 0:50:31of a phone, whether it's a new Android phone release or software
    • 0:50:34release or a new iPhone or so on, the version that came out two years ago
    • 0:50:39is generally obsolete, which means it is no longer subject to firmware patches
    • 0:50:43provided by the manufacturer or the software
    • 0:50:47developers of the operating systems that are
    • 0:50:50run on those phones, which could also mean that they are much more
    • 0:50:54susceptible to people figuring out how to break into those phones
    • 0:50:58and use that tracking information against you.
    • 0:51:00So laptops and desktops generally don't move that much.
    • 0:51:03You may carry your laptop to and from but generally
    • 0:51:05to just a couple locations.
    • 0:51:07It's usually set at a desk somewhere in between.
    • 0:51:09Your desktop, of course, doesn't move at all.
    • 0:51:11So the tracking potential there is pretty minimal.
    • 0:51:14And also those devices tend to last quite a long time,
    • 0:51:17and the lifecycle support for service and keeping those operating systems
    • 0:51:23up to date is quite a bit longer versus the mobile phone,
    • 0:51:26where that window is much, much shorter.
    • 0:51:29Now, phones, contrary to most people's opinions of this,
    • 0:51:33phones do not actually track your information based on GPS data.
    • 0:51:38The way GPS works is your phone just fires off a signal,
    • 0:51:41and it gets a response back that is trying to triangulate
    • 0:51:44where exactly you are in space.
    • 0:51:47But there's no information about what device requested that data or so on.
    • 0:51:50And generally that data's not stored on the phone or in the GPS satellite
    • 0:51:54in any way.
    • 0:51:55It's just sort of ask-and-answer type inquiry.
    • 0:51:58The real threat vector for phone tracking, if this is the kind of thing
    • 0:52:04that you're concerned about, is actually through cell phone towers
    • 0:52:06because cell phone towers do track this information.
    • 0:52:09Different companies own different towers.
    • 0:52:11They would like to know who is using each tower,
    • 0:52:14whether or not this may involve also charging the--
    • 0:52:18say I'm using a Verizon phone, and I happen
    • 0:52:20to be connected to an AT&T tower.
    • 0:52:22AT&T may wish to know that this is mostly being used by Verizon customers.
    • 0:52:28And the only way they really know that is
    • 0:52:30by mapping the individual device to the phone number,
    • 0:52:33then checking that against Verizon's records.
    • 0:52:35And so they are collecting all this information
    • 0:52:38about every phone that connects their tower so they could potentially
    • 0:52:41bill Verizon for the portion of their customers
    • 0:52:43who were using their infrastructure.
    • 0:52:47So these towers do track information.
    • 0:52:48And towers also can be used to triangulate your location.
    • 0:52:52If I'm standing in the middle of an open field, for example,
    • 0:52:56and there's a tower over there and a tower maybe just beside me,
    • 0:53:00generally the signal that I'm sending-- my phone
    • 0:53:03is emitting a signal constantly.
    • 0:53:04If I'm emitting one signal in that direction,
    • 0:53:06and it's received by a tower fairly weakly, and if I'm emitting another--
    • 0:53:10my phone is, again, radially sort of emitting the signal.
    • 0:53:13If right next to me is another tower that's
    • 0:53:15picking it up very strongly, in space I can
    • 0:53:17use the information, sort of extrapolating from these two points,
    • 0:53:20I'm most likely here.
    • 0:53:22So even without having GPS turned on, just by trying to make a phone call
    • 0:53:26or use a 2G, 3G, 4G network, it's pretty easy
    • 0:53:31to figure out where you are in space.
    • 0:53:34And this is potentially a concern.
    • 0:53:36This concern comes up sometimes in the context
    • 0:53:37of are these companies who provide operating systems for phones
    • 0:53:43or firmware for phones, are they at the behest of government agencies, who
    • 0:53:48may request back doors into the devices so that they can then
    • 0:53:52spy on individuals?
    • 0:53:54And certainly this might be something that
    • 0:53:56comes up in a FISA court or the like, where
    • 0:53:58they're trying to get phone records.
    • 0:53:59And there's always this sort of unknown.
    • 0:54:03Is it happening to all of our devices all the time?
    • 0:54:06Is it is it happening right now the phone in my pocket?
    • 0:54:10Or is the sound being captured in such a way
    • 0:54:13that it can be transmitted just because?
    • 0:54:15Because there happens to be a backdoor in the operating
    • 0:54:17system or a backdoor in the firmware that
    • 0:54:19allows anybody to listen to it, even if they're not
    • 0:54:22supposed to be listening to it.
    • 0:54:25It's really hard to pretend to be somebody that you're not with a phone.
    • 0:54:30As you saw, it's pretty easy to pretend to be somebody
    • 0:54:33that you're not with a computer you can use a service like a VPN, which
    • 0:54:37pretends to be a different IP address.
    • 0:54:40You connect to the VPN.
    • 0:54:41And as long as you trust VPN, the VPN ostensibly protects your identity.
    • 0:54:46With mobile phones, every device has a unique ID.
    • 0:54:50And it's really hard to change that ID.
    • 0:54:53So one way around this is to use what are
    • 0:54:55called burner phones, devices that are used once, twice,
    • 0:55:00and then they're thrown away.
    • 0:55:01Now, this again comes down to how concerned are you about your privacy?
    • 0:55:06How concerned should you be about your privacy?
    • 0:55:08Are you concerned enough that you're willing to purchase these devices that
    • 0:55:11are one-time, two-time use devices, which you then
    • 0:55:15throw away and constantly do that?
    • 0:55:18And moreover, it's actually kind of interesting to know
    • 0:55:21that burner phones don't actually do--
    • 0:55:22they're not shown to do anything to protect one's identity or privacy
    • 0:55:27because it tends to be the case that we call the same people,
    • 0:55:30even if we're using different phones.
    • 0:55:32And so by virtue of the fact that this number seems
    • 0:55:36to be calling this number and this number all the time,
    • 0:55:38like maybe it's my work line and my family, my home number.
    • 0:55:43If I'm always calling those two numbers, even if the phone number
    • 0:55:46changes, a pattern can still be established with the device IDs of all
    • 0:55:50of the other phones, maybe my regular phone plus all the burners that I've
    • 0:55:54had, where you can still craft a picture of who I am,
    • 0:56:00even though I'm using different devices, based on the call patterns
    • 0:56:02that I'm making.
    • 0:56:03As usual, humans are the vulnerability here.
    • 0:56:05Humans are going to use the same-- they're going to call the same people
    • 0:56:08and talk to the same people on their phones all the time.
    • 0:56:11And so it's relatively easy for mobile devices to track our locations.
    • 0:56:18Again, every device has a unique ID.
    • 0:56:21You can't hide that ID.
    • 0:56:22That ID is part of something that gets transmitted to cell towers.
    • 0:56:26And potentially the threat exists that if somebody
    • 0:56:29is able to break into that phone, whether that's
    • 0:56:31because of old, outdated firmware that's not been updated
    • 0:56:34or because of the potential that there is some sort of backdoor that
    • 0:56:37would allow an agent, authorized or not, to access it, again,
    • 0:56:43this vulnerability exists.
    • 0:56:44How does the law deal with do you own the information that is being tracked?
    • 0:56:49Do you want that information to be available to other people?
    • 0:56:53It's an open question.
    • 0:56:56Another issue at the forefront of where we're going,
    • 0:56:58especially when it comes to legal technology and law firms itself
    • 0:57:01availing itself of technology, is artificial intelligence and machine
    • 0:57:06learning.
    • 0:57:06Both of these techniques are incredibly useful potentially
    • 0:57:10to law firms that are trying to process large amounts of data
    • 0:57:13relatively quickly, the type of work that's
    • 0:57:15generally been outsourced to contract attorneys or first-year associates
    • 0:57:19or the like.
    • 0:57:20First of all, we need to define what it means when
    • 0:57:23we talk about artificial intelligence.
    • 0:57:25Generally when we think about that, it means
    • 0:57:27something like pattern recognition.
    • 0:57:29Can we teach a computer to recognize specific patterns?
    • 0:57:31In the case of a law firm, for example, that might be can
    • 0:57:34it realize that something looks like a clause in a contract, a valid clause
    • 0:57:39that we might want to see or a clause that we're
    • 0:57:41hoping not to see in our contracts.
    • 0:57:42We might want to flag that for further human review.
    • 0:57:45Can the machine make a decision about something?
    • 0:57:48Should it, in fact, flag that for review?
    • 0:57:50Or is it just highlighting things that might be alarming or not?
    • 0:57:54Can it mimic the operations of the human mind?
    • 0:57:57If we can teach a computer to do those things--
    • 0:58:00we've already seen that we can teach a computer
    • 0:58:02to teach itself how to reproduce bugs.
    • 0:58:04We saw that in Ken Thompson's compiler example.
    • 0:58:06If we can teach a computer to mimic the types of things
    • 0:58:09that we would do as humans, that's when we've
    • 0:58:11created an artificial intelligence.
    • 0:58:14There's a lot of potential uses for artificial intelligences
    • 0:58:18in the legal profession, like I said, document review being
    • 0:58:22one potential avenue for that.
    • 0:58:24And there are a few different types of ways that artificial intelligences can
    • 0:58:28learn.
    • 0:58:29There are actually two kind of prevailing major ways.
    • 0:58:33The first is for humans to supply some sort of data
    • 0:58:36and also supply the rules that map the data to some outcome.
    • 0:58:41That's one way.
    • 0:58:42The other way is something called neuroevolution,
    • 0:58:46which is generally best exemplified by way of a genetic algorithm.
    • 0:58:49In a moment, we'll take a look at a genetic algorithm literally written
    • 0:58:52in Python, where a machine learns over time to try and generate
    • 0:58:55the right result.
    • 0:58:56In this model, we give the computer a target, something
    • 0:59:00that it should try and achieve, and request
    • 0:59:02that it generates data until it can match
    • 0:59:05that target that we are looking for.
    • 0:59:09So by way of example, let's see if we can
    • 0:59:11teach a computer to write Shakespeare.
    • 0:59:13After all, it's a theory that given an infinite amount of time,
    • 0:59:17enough monkeys could write Shakespeare.
    • 0:59:18Can we teach a computer to do the same?
    • 0:59:21Let's have a look.
    • 0:59:23So it might be a big ask to get a computer to write all of Shakespeare.
    • 0:59:26Let's see if we can get this computer to eventually realize
    • 0:59:29the following line, the target, so to speak, "a rose by any other name."
    • 0:59:33So we're going to try and teach a computer.
    • 0:59:35We want a computer to eventually on its own
    • 0:59:37arrive at this phrase using some sort of algorithm.
    • 0:59:39The algorithm we're going to use to do it is called the genetic algorithm.
    • 0:59:43Now, the genetic algorithm is called this based on the theory of genetics,
    • 0:59:47that best traits or good traits will propagate down and become
    • 0:59:51part of the defined set of traits we usually encounter.
    • 0:59:55And bad traits, things that we don't necessarily want,
    • 0:59:58will be weeded out of the population.
    • 1:00:00And over successive generations, hopefully only the good traits
    • 1:00:05will prevail.
    • 1:00:06Now, just like any other genetic variation,
    • 1:00:08we need to account for a mutation.
    • 1:00:10We need to allow things to change.
    • 1:00:12Otherwise we may end up in a situation where all we
    • 1:00:14have is the potential for bad traits.
    • 1:00:17We randomly might need something to happen to eliminate that bad trait.
    • 1:00:21We have no other way to do it.
    • 1:00:22So we do have to mutate some of our strings from time to time.
    • 1:00:26How are we going to teach the computer to do this?
    • 1:00:28We're not providing it with any data set to start with.
    • 1:00:31The computer's going to generate its own data set, trying to get at this target.
    • 1:00:37The way we're going to do this is to create a bunch of DNA objects.
    • 1:00:41DNA objects, in this example, we're just going to refer to as different strings.
    • 1:00:44And the strings are just a random--
    • 1:00:46as exemplified here in this code, a random set of characters.
    • 1:00:51We're going to have it randomly pick.
    • 1:00:53I believe that the string's about 23 characters long
    • 1:00:56that we're trying to have it match.
    • 1:00:58So it's going to randomly pick 23 characters,
    • 1:01:01uppercase letters, lowercase letters, numbers, punctuation marks,
    • 1:01:05doesn't matter, any legitimate Ascii character,
    • 1:01:08and just add itself to the list of potential candidates
    • 1:01:13for the correct phrase.
    • 1:01:14So randomly slam on your keyboard and hit 23 keys.
    • 1:01:18The computer has about 1,000 of those to get started.
    • 1:01:21Every one of those strings, every one of those DNA items,
    • 1:01:25also has the ability to determine how fit it is.
    • 1:01:29Fitness being is it more likely to go on to the next generation?
    • 1:01:32Does it have characteristics that we might want to propagate down the line?
    • 1:01:37So for example, the way we're going to, in a rudimentary way,
    • 1:01:41assess the fitness of a string, how close it is basically to the target,
    • 1:01:45is to go over every single character of it and compare,
    • 1:01:49does this match what we expect in this spot?
    • 1:01:51So if it starts with a T--
    • 1:01:53or excuse me, starts with an A, "a rose by any other name,"
    • 1:01:56if it starts with an A, then that's one point of fitness.
    • 1:02:00If the next character is a space, then that's one point of fitness.
    • 1:02:04So a perfect string will have all of the characters in the correct space.
    • 1:02:08But as long as it has even just one character in the correct space,
    • 1:02:11then it is considered fit.
    • 1:02:12And so we iterate over all of the characters in the string
    • 1:02:15to see if it is fit.
    • 1:02:17Now, much like multiple generations, we need the ability to create new strings
    • 1:02:21from the population that we had before.
    • 1:02:23And so this is the idea of crossover.
    • 1:02:26We take two strings.
    • 1:02:27And again, we're just going to arbitrarily decide
    • 1:02:30how to take two strings and mash them together.
    • 1:02:32We're going to say the first half comes from the mother string,
    • 1:02:36and the second half comes from the father string.
    • 1:02:39And that will produce a child, which may have some positive characteristics
    • 1:02:43from the mother and some positive characteristics
    • 1:02:45from the father, which may then make us a little bit closer towards this idea
    • 1:02:50of having the perfect string.
    • 1:02:51Again, the idea here is for the computer to evolve itself
    • 1:02:56into the correct string rather than us just giving it a set of data
    • 1:02:59and saying, do this.
    • 1:03:00We want to let it figure it out on its own.
    • 1:03:03That's the idea of the genetic algorithm.
    • 1:03:05So we're going to arbitrarily split the string in half.
    • 1:03:08Half the characters, or genes of the string, come from the mother.
    • 1:03:13The other half come from the father.
    • 1:03:14They get slammed together.
    • 1:03:16That is a new DNA sequence of the child.
    • 1:03:19And then again, to account for mutation, we
    • 1:03:22need some random percent of the time, in this case, we're saying less than 1%
    • 1:03:26the time, we would like one of those characters to randomly change.
    • 1:03:30So it doesn't come from the mother or the father string.
    • 1:03:33It just randomly changes into something else, in the hopes
    • 1:03:36that maybe that mutation will be beneficial somewhere down the line.
    • 1:03:40Now, in this other Python file, script.py,
    • 1:03:43we're actually taking those strings that we are just randomly creating--
    • 1:03:47those are the DNA objects from the previous file--
    • 1:03:50and starting to actually evolve them over time.
    • 1:03:53So we're going to start out with 1,000 of these random strings.
    • 1:03:56And the best score so far, the closest score we have,
    • 1:03:58the best match to "a rose by any other name" is currently zero.
    • 1:04:02No string is currently there.
    • 1:04:04We may randomly get it on the first generation.
    • 1:04:06That would be a wonderful success.
    • 1:04:08It's pretty unlikely.
    • 1:04:09Population here is just an array.
    • 1:04:11It's going to allow us to store all of these 1,000 strings.
    • 1:04:15And then as long as we have not yet found the perfect string.
    • 1:04:19The one that has 100% fitness or a score of exactly 1,
    • 1:04:23we would like to do the following, calculate the fitness score
    • 1:04:26for every one of those random 1,000 strings that we generated.
    • 1:04:30Then, if what we just found is better than anything we've seen before--
    • 1:04:35and at the beginning, we start with zero,
    • 1:04:37so everything is better than what we've seen before, as long as it
    • 1:04:40matches at least one character--
    • 1:04:42then print out that string.
    • 1:04:44So this is a sense of progression.
    • 1:04:46Over time we're going to see the strings get better and better and better.
    • 1:04:50Then we're going to create what's called a mating pool.
    • 1:04:52Again, this is this idea of two strings sort of crossing over.
    • 1:04:56They're sort of breeding to try and create a better subsequent string.
    • 1:05:01Depending on how good that string is, we may
    • 1:05:04want that child to be in the next population more times.
    • 1:05:07If a string is a 20% match, that's pretty good, especially
    • 1:05:13if it's an early generation.
    • 1:05:15So we may want that string to appear in the mating pool, the next generation,
    • 1:05:1920% of the time.
    • 1:05:21It has a better likelihood than a string that matches 5% of the characters
    • 1:05:25to be closer to the right answer.
    • 1:05:28So a string that barely matches anything,
    • 1:05:29sure, it should be in the pool.
    • 1:05:31Maybe it has the one character that we're looking for.
    • 1:05:33But we only want it in the pool 5% of the time
    • 1:05:35versus the string that matches 50% of the characters.
    • 1:05:38We probably want that in the pool 50% of the time.
    • 1:05:41The idea is, again, taking the best representatives of the next generation
    • 1:05:45and trying to have the computer learn and understand that those are good
    • 1:05:50and see if they can build better and better strings from those better
    • 1:05:54and better representatives of the population that
    • 1:05:57are more close to the target string that we're looking
    • 1:06:00for, "a rose by any other name."
    • 1:06:03Then in here all we're doing is picking two random items
    • 1:06:07from that pool we've just created of the best possible candidates
    • 1:06:10and mating those two together and continuing
    • 1:06:12this process of hopefully getting better and better approximations
    • 1:06:17of this string that we're looking for.
    • 1:06:19And what's going to happen there is they're going to create a crossover.
    • 1:06:22That crossover child DNA string will mutate into some other new string.
    • 1:06:26And we'll add that to the population to be considered for the next round.
    • 1:06:29So we're just going keep going over and over and over,
    • 1:06:32generating hopefully better and better strings.
    • 1:06:34So that's how these two files interact.
    • 1:06:36The first file that we took a look at defines the properties of a string
    • 1:06:40and how it can score itself basically.
    • 1:06:42And this process here in script.py--
    • 1:06:45and this these two files are based on a Medium post, which
    • 1:06:48we've described in the course materials, as well as an exam question that we've
    • 1:06:52previously asked in the college version of CS50,
    • 1:06:56for students to implement and solve on their own.
    • 1:06:59Hopefully these two files taken together, the script file,
    • 1:07:02will actually go through the process of creating this generation over and over.
    • 1:07:07So let's see this in action.
    • 1:07:08Let's see how in each successive generation
    • 1:07:11we see strings get closer and closer and closer to the target string.
    • 1:07:16Again, we never told the computer-- we never
    • 1:07:18gave the computer a set of starting data to work with, only an end goal.
    • 1:07:23The computer needs to learn how to get closer
    • 1:07:25and closer to finding the right string.
    • 1:07:27And that's what we do here.
    • 1:07:30So let's run our program and see if we've actually taught the computer how
    • 1:07:34to genetically evolve itself to figure out this target string
    • 1:07:36that we're looking for.
    • 1:07:37So we're going to run script.py, which is the Python file where
    • 1:07:41we described the process happening.
    • 1:07:43And let's just see how the generations evolve over time.
    • 1:07:46So we get started, and we have some pretty quick results.
    • 1:07:49This first string here has a matching score of 0.042, so 4%, which I believe
    • 1:07:54is one character.
    • 1:07:55So if we scroll through, we try and find "a rose by any other name,"
    • 1:07:58I don't know exactly which character it is here.
    • 1:08:00But this is basically saying one.
    • 1:08:01One of these characters matches.
    • 1:08:04It's 4.2% what we're hoping for.
    • 1:08:07That means that in the next pool, the next iteration,
    • 1:08:11this string will be included 4.2% of the time.
    • 1:08:14And there may also be other strings that also match.
    • 1:08:16Remember, we're only printing out when we have a better string.
    • 1:08:20So this only going to get included 4.2% of the time.
    • 1:08:23But there are going to be plenty of other things
    • 1:08:25that are also 4.2% matches that are probably matching-- each one of them
    • 1:08:28matches one different character.
    • 1:08:30So those will comprise part of the pool.
    • 1:08:32Then we're going to cross pollinate.
    • 1:08:33We're going to take each of those strings
    • 1:08:35that each had a one character match and mash them together.
    • 1:08:40Now, if the first string that we're considering
    • 1:08:42has the character match in the first half,
    • 1:08:46and the second string has a character match in the second half,
    • 1:08:49now we've created a new string that has two matches, right?
    • 1:08:52We know one of them was in the first half.
    • 1:08:54That came from the mother string.
    • 1:08:55We have one of them in the second half that came from the father's string.
    • 1:08:59And so the combined string together, unless that character
    • 1:09:02happens to get mutated out, which is a possibility--
    • 1:09:04we might actually take a good thing and turn it into a bad character.
    • 1:09:07Then the next one should be twice as good.
    • 1:09:08It should be 8.3% or 8.4% likely.
    • 1:09:11And that's exactly what it is.
    • 1:09:12So this next string has two matches.
    • 1:09:14And the next one has three and four.
    • 1:09:17And as we kind of scroll down, we see some patterns like this,
    • 1:09:20A question mark Q Y. That's obviously not part of the correct answer.
    • 1:09:27But it suggests that there's a parent in here that has this string that
    • 1:09:30tends to have really good fitness.
    • 1:09:32Like this string probably has many other characters outside of this box here
    • 1:09:37that match.
    • 1:09:38And so that parent propagates down the line for a while
    • 1:09:41until eventually those characteristics, in about the ninth generation or so,
    • 1:09:45get kind of wiped out.
    • 1:09:47And as we can see over time, what starts out
    • 1:09:48as a jumbled mess gets closer and closer to something
    • 1:09:51that is starting to look even at 58% like we're getting pretty close to
    • 1:09:56"a rose by any other name."
    • 1:09:57And as we go on and on, again, the likelihood gets better and better.
    • 1:10:00So that by the time we're here, at this line here,
    • 1:10:03this string is going to appear in 87 and 1/2%
    • 1:10:08of the next generation's population.
    • 1:10:10So a lot of these characteristics of this string that's close but not
    • 1:10:13exactly right will keep, appearing which makes it more and more likely
    • 1:10:16that it will eventually pair up with another string that
    • 1:10:21is a little bit better.
    • 1:10:22And as you probably saw, towards the end, this process got slower, right?
    • 1:10:26If all the strings are so good, it might just
    • 1:10:30take a while to find one where the match is better than the parents.
    • 1:10:35It might be the case that we are creating
    • 1:10:37combinations that are worse again.
    • 1:10:38We want to filter those back out.
    • 1:10:40And so it takes a while to find exactly what we're looking for.
    • 1:10:42But again, from this random string at the very beginning, over time,
    • 1:10:46the computer learns what parts are good.
    • 1:10:48So here's "rose," right, as part of the string.
    • 1:10:51This was eventually correct.
    • 1:10:52This got rooted out in the next generation.
    • 1:10:54It got mutated out by accident.
    • 1:10:56But mathematically, what it found was a little bit better.
    • 1:10:58There are more characters in this string that are correct than this one,
    • 1:11:01even if there are some recognizable patterns in the former.
    • 1:11:04But the computer has learned, evolved over time what it
    • 1:11:07means to match that particular string.
    • 1:11:10This is the idea of neuroevolution, teaching a computer
    • 1:11:13to recognize patterns without necessarily telling it
    • 1:11:17what those patterns are, just what the target should be.
    • 1:11:22So that genetic algorithm is kind of a fun programming activity.
    • 1:11:26But the principles that underpin it still apply to a legal context.
    • 1:11:30If you teach a computer to recognize certain patterns in a contract,
    • 1:11:36you can teach a computer to write contracts
    • 1:11:38potentially that match those patterns.
    • 1:11:40You can teach a computer to recognize those patterns
    • 1:11:42and make decisions based on them.
    • 1:11:44So we were using neuroevolution to build or construct something.
    • 1:11:48But you can also use neuroevolution to isolate correct sets of words
    • 1:11:52or correct sets of phrases that you're hoping to see in a contract
    • 1:11:55or that you might want to require for additional use.
    • 1:11:58So again, the types of legal work that this can be used to help automate
    • 1:12:02are things like collation, analysis, doing large document review,
    • 1:12:06predicting the potential outcome of litigation
    • 1:12:09based on having it review case precedents and outcomes
    • 1:12:13and seeing if there are any trends that appear in cases X, Y, and Z all
    • 1:12:19had this outcome.
    • 1:12:20Is there some other common thread in cases
    • 1:12:22X, Y, and Z that might also apply to the case that we're about to try?
    • 1:12:26Or potentially we need to settle because we see that the outcome is
    • 1:12:29going to be unfavorable to us.
    • 1:12:33But does this digital lawyering potentially make you uncomfortable?
    • 1:12:38Is it OK for legal decisions to be made by a computer?
    • 1:12:42Is it more OK if those decisions are made because we've trained them
    • 1:12:46with our own human instincts?
    • 1:12:48There are services out there.
    • 1:12:49There's a famous example of a parking ticket clearing service called Do Not
    • 1:12:56Pay from several years ago, where a 19- or 20-year-old computer
    • 1:13:00programmer basically taught a computer how
    • 1:13:04to argue parking tickets on people's behalf
    • 1:13:05so that they wouldn't have to hire attorneys to do so.
    • 1:13:08He wasn't a trained attorney himself.
    • 1:13:09He just recognized some of the things that are--
    • 1:13:12he talked to people and recognized some of the things that
    • 1:13:14are common threads for people who successfully challenged
    • 1:13:17parking tickets versus don't successfully challenge parking tickets,
    • 1:13:20taught a computer to mimic those patterns,
    • 1:13:23and have the computer send out notices and the like to defend parking
    • 1:13:29ticket holders.
    • 1:13:29And he was able to--
    • 1:13:30I think it was several hundred thousand dollars in potential legal fees saved
    • 1:13:34and several hundred thousand parking tickets that
    • 1:13:37were challenged successfully.
    • 1:13:38And the case was dropped, and there was no payment required.
    • 1:13:41So is it OK for computers to be making these decisions if humans teach them?
    • 1:13:46Is it only OK for computers to make those decisions
    • 1:13:48if the humans teaching them have legal training at the outset in order
    • 1:13:53to make these decisions?
    • 1:13:54Or can we trust programmers to write these kinds of programs for us as well?
    • 1:13:59Does lawyering rely on a gut instinct?
    • 1:14:02I'm sure sometimes in cases you've experienced
    • 1:14:04in your own practice the decision that you
    • 1:14:07make might be contrary to what you think might be the right thing
    • 1:14:12to do because you just feel like if I do this other thing
    • 1:14:16it's going to work better in this case.
    • 1:14:17And I'm sure that for many of you, this has paid off successfully.
    • 1:14:21Doing something that is in contravention of the accepted norm
    • 1:14:26is something that a computer may not be-- you
    • 1:14:28may not be able to train a computer to do that.
    • 1:14:30You may not be able to train gut instinct to challenge the rules,
    • 1:14:34when all this whole idea of neuroevolution and machine
    • 1:14:37learning and AI is designed to have computers learn and enforce rules.
    • 1:14:43Will the use of AI affect the attorneys' bottom line?
    • 1:14:47Hypothetically it should make legal work cheaper.
    • 1:14:50But this would then potentially reduce firm profits
    • 1:14:54by not having attorneys, humans, reviewing this material.
    • 1:14:58This is, in some ways, a good thing.
    • 1:15:01It makes things more affordable for our clients.
    • 1:15:03This is in some ways a bad thing.
    • 1:15:04We have entrenched expenses that we need to pay that are based on certain monies
    • 1:15:11coming in because of the hourly rates of our associates and our partners.
    • 1:15:14Does this change that up?
    • 1:15:16Does the fact of this changes it up, is it problematic?
    • 1:15:19Is it better for us to provide the most competent representation that we can,
    • 1:15:22even if that competent representation is actually from a computer?
    • 1:15:26Remember that as attorneys, we have an ethical obligation to stay on top of
    • 1:15:30and understand technology.
    • 1:15:32Sometimes that may become a situation where using that technology
    • 1:15:36and working with that technology really forces
    • 1:15:39us to do something we might not want to do
    • 1:15:41because it doesn't feel like the right thing
    • 1:15:43to do from a business perspective.
    • 1:15:45Nevertheless our ethical obligations compel us to potentially do that thing.
    • 1:15:52So we've seen some of the good things that machine learning can do.
    • 1:15:55But certainly there are also some bad things that machine learning can do.
    • 1:15:59There's an article that we provided about machine bias and a computer
    • 1:16:02program that is ostensibly supposed to be used by prosecutors and judges
    • 1:16:07when they are considering releasing somebody on bail
    • 1:16:11or setting the conditions for parole, whether or not
    • 1:16:14they're more likely to commit future crimes.
    • 1:16:16Like, what is their likely recidivism rate?
    • 1:16:18What kind of additional support might they need upon their release?
    • 1:16:23But it turns out that the data that we're feeding into these algorithms
    • 1:16:26is provided by humans.
    • 1:16:27And unfortunately these programs that are
    • 1:16:30supposed to help judges make better decisions have a racial bias in them.
    • 1:16:34The questions that get asked as part of figuring out
    • 1:16:38whether this person is more likely or not to commit a future crime,
    • 1:16:41they're never outright asking the question, what is your race
    • 1:16:45and basing a score on that.
    • 1:16:47But they're asking other questions that sort of are hints or indicators of what
    • 1:16:52someone's race might be.
    • 1:16:53For example, they're asking questions about socioeconomic status
    • 1:16:56and languages spoken and whether or not parents have ever
    • 1:17:01been imprisoned and so on.
    • 1:17:02And these programs sort of stereotype people in ways that are not OK,
    • 1:17:09or we might not deem to be OK in any way, to make decisions.
    • 1:17:13And these stereotypes are created by humans.
    • 1:17:17And so we're actually teaching the computer bias in this way.
    • 1:17:22We're supplying data.
    • 1:17:24We, as humans, are providing it.
    • 1:17:25We're imparting our bias into the program.
    • 1:17:28And the program is really just implementing
    • 1:17:30exactly what we're telling it to do.
    • 1:17:32Computers, yes, they are intelligent.
    • 1:17:34We can teach them to learn things about themselves.
    • 1:17:37But at the end of the day, that knowledge comes from us.
    • 1:17:40We are either telling them to hit some target or providing data to them
    • 1:17:45and telling them these are the rules to match.
    • 1:17:47So computers can are only as intelligent as the humans who create and program
    • 1:17:52them.
    • 1:17:52And unfortunately that means they're also as affected by bias
    • 1:17:56as the humans who create and program them.
    • 1:17:58These programs have been found that they are only 20%
    • 1:18:01of the time accurate in producing and predicting future violent crimes.
    • 1:18:06They are only 60% of the time accurate in predicting
    • 1:18:09any sort of future crime, so misdemeanors and so on,
    • 1:18:12so a little bit better than a 50/50 shot at getting it right
    • 1:18:16based on these predictive questions that they're asking people when
    • 1:18:19during intake process.
    • 1:18:22Proponents of these scoring metrics say that they provide useful data.
    • 1:18:26Opponents say that the data is being misused.
    • 1:18:29It's being used as part of sentencing determinations
    • 1:18:31rather than what its ostensible purposes, which
    • 1:18:33is to set conditions for bail and set conditions
    • 1:18:36for release, any sort of parole conditions that might come into play.
    • 1:18:41These calculations are also done by companies
    • 1:18:43that generally are for-profit entities.
    • 1:18:45They sell these programs to states and localities for a fixed rate per year
    • 1:18:51typically.
    • 1:18:52Does that mean that there's a financial incentive to make certain decisions?
    • 1:18:56Would you feel differently about these programs
    • 1:18:58if they were not free versus paid programs?
    • 1:19:01Should computers be involved in making these decisions that humans
    • 1:19:05would otherwise make anyway?
    • 1:19:07Like, given a questionnaire, would a human being
    • 1:19:12potentially reach the same conclusion?
    • 1:19:13Ideally that is what it should do.
    • 1:19:15It should be mimicking the human decision-making process.
    • 1:19:19Is it somehow less slimy feeling, for lack of a better phrase,
    • 1:19:24if a human being, a judge or a court clerk,
    • 1:19:28is making these determinations rather than a computer?
    • 1:19:31Now, granted the judge is still making the final call.
    • 1:19:33But the computer is printing out likely recidivism scores
    • 1:19:37and printing out all this data about somebody
    • 1:19:40that surely is going to influence the judge's decision
    • 1:19:42and in some localities, perhaps over influencing the judge's decision,
    • 1:19:46taking the human element out of it entirely.
    • 1:19:49Does it feel better if the computer is out of that equation entirely?
    • 1:19:53Or is it better to have a computer make these decisions
    • 1:19:55and potentially prevent mistakes from happening prevent or draw attention
    • 1:20:02to things that might otherwise be missed or minimize things that might otherwise
    • 1:20:06have too much attention drawn to them?
    • 1:20:08Again, a difficult question to answer, how much do we
    • 1:20:11want technology to be involved in the legal decision-making process?
    • 1:20:15But as we go forward, it's certainly undoubtedly true
    • 1:20:18that more and more decisions in a legal context
    • 1:20:21are going to be made by computers at the outset,
    • 1:20:24with humans sort of falling into the verification category rather
    • 1:20:28than active decision maker category.
    • 1:20:31Is this good?
    • 1:20:32Is this bad?
    • 1:20:33It's the future.
    • 1:20:36For entities based in the United States or who
    • 1:20:39solely have customers in the United States,
    • 1:20:42this next area may not be a concern now but it's very likely
    • 1:20:45to potentially become one in the future.
    • 1:20:47And that is what to do with GDPR, the General Data Protection
    • 1:20:51Regulation, or General Data Privacy regulation
    • 1:20:54that was promulgated by the European Union
    • 1:20:56and came into effect in May of 2018.
    • 1:21:00This basically defines the right for people to know what kind of data
    • 1:21:04is being collected about them.
    • 1:21:05This is not a right that currently exists in the United States.
    • 1:21:08And it'll be really interesting to see whether the EU
    • 1:21:11experiment about revealing this kind of data, which has never
    • 1:21:15been available to individuals before, will become something
    • 1:21:18that exists in the United States and is going to be something
    • 1:21:21that we have to deal with.
    • 1:21:22If you're based in the United States, and you do have customers in Europe,
    • 1:21:26you may be subject to the GDPR.
    • 1:21:29For example, us at CS50, we have students
    • 1:21:32who take the class through at edX, or HarvardX, the online MOOC platform.
    • 1:21:38And when GDPR took effect in May of 2018, we spoke to Harvard
    • 1:21:43and figured out ways that we needed to potentially interact
    • 1:21:47with European users of our platform, despite the fact that we're
    • 1:21:49based in the United States, and what sort of data implications
    • 1:21:53that might have.
    • 1:21:54And that it could be because of it's out of an abundance of caution to make sure
    • 1:21:57we're on the right side of it, even if we're not
    • 1:21:59necessarily subject to the GDPR, but it is certainly
    • 1:22:01an area of evolving concern for international companies.
    • 1:22:05The GDPR allows individuals to get their personal data.
    • 1:22:12That means data that either could identify an individual, something
    • 1:22:15like what we discussed earlier in terms of cookies and tracking
    • 1:22:18and the kinds of things that you search being tied to your IP address, which
    • 1:22:22then might be tied to your actual address and so on,
    • 1:22:24or data that even could identify an individual
    • 1:22:27but doesn't necessarily identify somebody just yet.
    • 1:22:32The requirement itself imposes requirements.
    • 1:22:36The regulation itself imposes requirements
    • 1:22:38on the controller, so the person who is providing a service
    • 1:22:41or is holding all of that data, and basically
    • 1:22:44says that what the controllers responsibilities are
    • 1:22:47for processing that data and what they have to reveal to users who request it.
    • 1:22:52So for example, on request, by a user of a service,
    • 1:22:56when that user and the controller are subjects the GDPR,
    • 1:23:00the controller must identify themselves, who they are,
    • 1:23:03what the best way is to contact them, tell the user what data they have
    • 1:23:08about them, how that data is being processed,
    • 1:23:11why they are processing that data, so what sorts of things
    • 1:23:14are they trying to do with it.
    • 1:23:15Are they trying to make longitudinal connections between different people?
    • 1:23:21Are they trying to collect it to sell it to marketers and so on?
    • 1:23:26They need to tell them if that data is going to be referred to a third party,
    • 1:23:29again, whether that's selling the data or using a third-party service to help
    • 1:23:33interpret that data.
    • 1:23:34So again for example, in the case of Samsung,
    • 1:23:37that might be Samsung is collecting your voice data.
    • 1:23:40But they may be sharing all the data they
    • 1:23:41get with a third party, whose focus, whose programming focus
    • 1:23:46is about processing that data and trying to find out better voice
    • 1:23:51commands by collecting the voices of hundreds of thousands
    • 1:23:53of different people so they can get a better
    • 1:23:55synthesis of a particular thing they hear, translating that into a command.
    • 1:24:01These same restrictions will apply whether the data
    • 1:24:05is collected or provided by the user, or is just inferred about the user
    • 1:24:10as well.
    • 1:24:11So that the controller would also need to reveal information
    • 1:24:14that was gleaned about somebody without necessarily having just
    • 1:24:17been given to them directly by the person providing that personal data.
    • 1:24:23The owner can also compel the controller to change data about them once they
    • 1:24:29get this report about what data they have about them that is inaccurate,
    • 1:24:33which brings up a really interesting question of, what if something
    • 1:24:35is accurate, but you don't like it, and you are
    • 1:24:38a person who's providing personal data?
    • 1:24:40Can you challenge it as inaccurate?
    • 1:24:42This is, again, something that has not been answered yet
    • 1:24:45but is very likely to be answered at some point by somebody.
    • 1:24:48What does it mean for data to be inaccurate?
    • 1:24:50Moreover, is it a good thing to delete data about somebody?
    • 1:24:55There are exceptions that exist in the GDPR for preserving data or not
    • 1:24:59allowing it to be deleted if it serves the public interest.
    • 1:25:04And so the argument that is sometimes made in favor of GDPR
    • 1:25:07is someone who commits a minor crime, for example,
    • 1:25:11might be haunted by this one mark on their record for years and years
    • 1:25:15and years.
    • 1:25:16They can never shake it.
    • 1:25:17And it's a minor crime.
    • 1:25:20There was no recidivism.
    • 1:25:22It wasn't violence in any way.
    • 1:25:23It just has now hampered-- it's impacted their life.
    • 1:25:26They can't get the kind of job that they want, for example.
    • 1:25:29They can't get the kind of apartment that they want.
    • 1:25:31Shouldn't they be able to eliminate that data?
    • 1:25:34Some people would argue yes, that the individual's already paid the price.
    • 1:25:41Society is not harmed by this crime or this past event any longer.
    • 1:25:46And so sure, delete that data.
    • 1:25:48Others would argue no, it's a part of history.
    • 1:25:50We don't have a policy of erasing history.
    • 1:25:53That's not what we do.
    • 1:25:54And so even though it's annoying perhaps to that individual,
    • 1:25:58or it's had a non-trivial impact on their life,
    • 1:26:01we can't just get rid of data that we don't like.
    • 1:26:03So data that might be deemed inaccurate personally,
    • 1:26:07like if a company gets a lot of information about me
    • 1:26:09because I'm doing a lot of online shopping, and they say,
    • 1:26:12I'm a compulsive spender, and that's part of their processed data,
    • 1:26:16can I challenge that is inaccurate because I
    • 1:26:18don't think I'm a compulsive spender?
    • 1:26:19I feel like I earn enough money and can spend this money how I want,
    • 1:26:23and it has an impact on my life negatively.
    • 1:26:25But they think, well, you've spent $20,000 on pictures of cats.
    • 1:26:31Maybe you are kind of a compulsive spender.
    • 1:26:33And that's something that we've gleaned from this data,
    • 1:26:35and that's part of your record.
    • 1:26:37Can I challenge that?
    • 1:26:38Open question.
    • 1:26:40For those of you who may be contending with the GDPR in your future practice,
    • 1:26:44we've excerpted some parts of it that are particularly relevant,
    • 1:26:46that deal with the technological implications
    • 1:26:48of what we've just discussed as part of the recommended
    • 1:26:51reading for this module.
    • 1:26:54The last subject that we'd like to consider in this course
    • 1:26:57is what is kind of a political hot potato right now in the United States.
    • 1:27:01And that is this idea of net neutrality.
    • 1:27:03And before we get into the back and forth of it,
    • 1:27:06I think it's properly important for us to define
    • 1:27:08what exactly net neutrality is.
    • 1:27:12At its fundamental core, the idea is that all traffic on the internet
    • 1:27:16should be treated equally.
    • 1:27:17We shouldn't prioritize some packets over others.
    • 1:27:21So whether your service is Google, Facebook, Netflix,
    • 1:27:24some huge data provider, or you are some mom-and-pop shop
    • 1:27:28in Kansas somewhere that has a few customers,
    • 1:27:32but you still have a website and a web presence,
    • 1:27:36that web traffic from either that location, the small shop,
    • 1:27:40or the big data provider should be treated equally.
    • 1:27:43One should not be prioritized over the other.
    • 1:27:45That is the basic idea that underpins-- when you hear net neutrality,
    • 1:27:48it is all traffic on the web should be treated equally.
    • 1:27:52The hot potato, of course, is, is that the right thing to do?
    • 1:27:57Let's try and visualize one way of thinking
    • 1:28:01about net neutrality that kind of shows you how both sides might perceive this.
    • 1:28:05It may help to think about net neutrality in terms of a road.
    • 1:28:09Much like a road has cars flowing over it,
    • 1:28:11the internet has information flowing over it.
    • 1:28:14So we can think about this like we have a road.
    • 1:28:18And proponents of net neutrality will say, well,
    • 1:28:20wait a minute, if we built a second road that was parallel to the first road,
    • 1:28:26went to the same place, but this road was maybe better maintained,
    • 1:28:31and you had to pay a toll to use it, proponents would say, hey, wait,
    • 1:28:35this is unfair.
    • 1:28:36All this traffic needs to use this main road
    • 1:28:38that we've been using for a long time.
    • 1:28:40But people who can afford to go into this new road, where
    • 1:28:45traffic moves faster, but you have to pay the toll, well, then
    • 1:28:48their traffic's going to be prioritized.
    • 1:28:50Their packets are to get there faster.
    • 1:28:53This is not fundamentally fair.
    • 1:28:54This is not the way the internet was designed,
    • 1:28:57where free flow of information is sort of priority,
    • 1:29:00and every packet is treated equally.
    • 1:29:01So proponents of net neutrality will say this arrangement is unfair.
    • 1:29:06Opponents of net neutrality, people who feel
    • 1:29:08like you should be able to have traffic that goes faster
    • 1:29:11on some roads than others, will say, no, no, no, this
    • 1:29:15is the free market talking.
    • 1:29:16The free market is saying, hey, if I really
    • 1:29:18want to make sure that my service gets to people faster,
    • 1:29:22I should have the right to do that.
    • 1:29:24After all, that's how the market works for just about everything else.
    • 1:29:27Why should the internet be any different?
    • 1:29:31And that's really the basic idea.
    • 1:29:33Is it should everybody use the same road,
    • 1:29:36or should people who can afford to use a different road be permitted to do so?
    • 1:29:42Proponents will say no.
    • 1:29:44Opponents will say yes.
    • 1:29:45That's the way the free market works.
    • 1:29:49From a theoretical perspective or from a technical perspective,
    • 1:29:52how would we implement this?
    • 1:29:53It's relatively easy if the service that we're trying to target
    • 1:29:57has paid for premium service.
    • 1:30:00Their IP addresses associated with their business.
    • 1:30:02And so the internet service provider, the people
    • 1:30:05who own the infrastructure on which the internet operates, so they literally
    • 1:30:08own the fiber optic cables along which the data operate,
    • 1:30:11can just say, well, any data that's going to this IP address,
    • 1:30:16we'll just prioritize it over other traffic.
    • 1:30:19There might be real reasons to actually want to prioritize other traffic.
    • 1:30:22So for example, if you are sending an email to somebody
    • 1:30:26or trying to access a website, there's a lot of redundancy built in here.
    • 1:30:30We've talked about TCP, for example, the Transmission Control Protocol,
    • 1:30:35and how it has redundancy built in.
    • 1:30:37If a packet is dropped, if there's so much network
    • 1:30:39congestion because everybody's flowing along that same road,
    • 1:30:42if there's so much congestion that the packet gets dropped,
    • 1:30:45TCP will re-send that packet.
    • 1:30:48So services that are low impact, like accessing a website for some company
    • 1:30:52or sending an email to somebody, there's no real worry here.
    • 1:30:58But now imagine a service like you're trying
    • 1:31:00to make an international business video call
    • 1:31:03using Skype or using Google Hangouts, or you're
    • 1:31:06trying to stream a movie on Netflix or some other internet video streaming
    • 1:31:12provider.
    • 1:31:13Generally, those packets are not sent using TCP.
    • 1:31:16They're usually using a different protocol called
    • 1:31:18UDP, whose purpose in life is really just to get information to as quickly
    • 1:31:22as possible, but there's no redundancy.
    • 1:31:23If a package gets dropped, that packet gets dropped, so be it.
    • 1:31:27Now, imagine if you're having an international business call.
    • 1:31:30There's a lot of packets moving, especially if you're
    • 1:31:34having a call with Asia, for example.
    • 1:31:36Between the United States and Asia, that has to travel along that Pacific cable.
    • 1:31:39There's a lot of traffic that has to use that Pacific cable.
    • 1:31:42Wouldn't it be nice, advocates against net neutrality would say,
    • 1:31:47if the company that's providing that service
    • 1:31:49was able to pay to ensure that its packets had priority thus
    • 1:31:53reducing the likelihood of those packets being dropped,
    • 1:31:56thus improving the quality of the video call, thus generally providing,
    • 1:32:01theoretically again, a better service for the people who use it.
    • 1:32:06So it might be the case that some services just need prioritization.
    • 1:32:10And the internet is designed in such a way
    • 1:32:11that we can't guarantee or give them that prioritization.
    • 1:32:15Isn't that a reason in favor of repealing net neutrality,
    • 1:32:19making it so that people could pay for certain services that
    • 1:32:24don't work with redundancy and require just to get there quickly
    • 1:32:27and get there guaranteed over other traffic?
    • 1:32:31In 2015, the Obama administration, when the Federal Communications Commission
    • 1:32:37was Democratically controlled, voted in favor of net neutrality,
    • 1:32:42reclassifying the internet as a Title II communications service.
    • 1:32:47Meaning it could be much more tightly regulated by the FCC
    • 1:32:50and imposing this net neutrality requirement.
    • 1:32:52Two years later, when the Trump administration came into office,
    • 1:32:56President Trump appointed Ajit Pai, the current chairman of the FCC,
    • 1:33:00who basically said he was going to repeal the net neutrality rules that
    • 1:33:05had been set in place by the Obama administration.
    • 1:33:07And he did.
    • 1:33:08Those took effect in the summer of 2018.
    • 1:33:11So we're now back in this wild lands of net neutrality
    • 1:33:15is on the books in some places.
    • 1:33:17There are even states now who have state laws
    • 1:33:20that are designed to enforce this idea, this theory of net neutrality,
    • 1:33:25that you're now running into conflict with federal law.
    • 1:33:28So there's now this question of who wins out here?
    • 1:33:32Has Congress claimed this domain?
    • 1:33:33Can states set different rules from what Congress and what regulators
    • 1:33:39appointed by or delegated responsibility by Congress to make these decisions?
    • 1:33:44Can states do something different than that?
    • 1:33:49It is probably one of the most hot-button hot-potato issues
    • 1:33:53in technology and the law right now.
    • 1:33:56What is going to happen with respect to net neutrality?
    • 1:33:59Is it a good thing?
    • 1:34:00Is it a bad thing?
    • 1:34:01Is it the right thing to do for the internet?
    • 1:34:06To learn a bit more about net neutrality,
    • 1:34:08we've supplied as an additional reading a con take on net neutrality.
    • 1:34:11Generally you'd see pro takes about this in tech blogs.
    • 1:34:14But we've explicitly included a con take on why net neutrality should not
    • 1:34:18be the norm, which we really do encourage you to take a look at
    • 1:34:21and consider as you dive into this topic.
    • 1:34:25But those are just some of the challenges
    • 1:34:27that lie at the intersection of law and technology.
    • 1:34:29We've certainly barely skimmed the surface.
    • 1:34:31And my hope is that I've created far more questions than answers
    • 1:34:35because those are the kinds of questions that you
    • 1:34:38are going to have to answer for us.
    • 1:34:41Ultimately it is you, as practitioners, who
    • 1:34:43will go out and face these challenges and figure out
    • 1:34:46how we're going to deal with data breaches, how we're
    • 1:34:49going to deal with AI in the law, how we're
    • 1:34:51going to deal with net neutrality, how we're going to deal with issues
    • 1:34:54of software and trust.
    • 1:34:56Those are the questions for the future that lie at this intersection.
    • 1:34:59And the future is in your hands.
    • 1:35:00So help lead us in the right direction.
  • CS50.ai
Shortcuts
Before using a shortcut, click at least once on the video itself (to give it "focus") after closing this window.
Play/Pause spacebar or k
Rewind 10 seconds left arrow or j
Fast forward 10 seconds right arrow or l
Previous frame (while paused) ,
Next frame (while paused) .
Decrease playback rate <
Increase playback rate >
Toggle captions on/off c
Toggle mute m
Toggle full screen f or double-click video