0:19
Too often, I think people lose their heads, and
they either embrace the technology wholeheartedly and say,
this is going to change the world, everything is going to be great.
Or, they're anti-utopian, and they say, this is going to be awful,
it's a nightmare, we have to clamp it down.
Both of those positions tend to start from the assumption that the thing,
the technology that is clearly new Is totally new, so new that we must
start from, first, principles in thinking about how it's going to change the world.
I tend to disagree with that,
I tend to think a better approach is to ask how is it new, in what ways is it new?
And in most instances, although we are living in a wonderful
moment in human history when there are lots of new technologies that are, indeed,
changing our lives, the core theoretical question raised by those technologies
is not fundamentally new.
So for example, you might say that cybersecurity threats are new, and
in a way, they are.
But the challenge of safeguarding one's privacy and
one's personal information is absolutely not a new question.
1:23
It's an old question that we're dealing with in a new context, and that means we
can draw from old lessons and potentially work out the analogies to how they apply.
But that's sort of my starting point for thinking about cybersecurity questions.
And so let me be clear, your previous question was about how this
applies in a medical device hacking context, which is a good one.
Let me be clear that I think that medical devices that are connected
to an Internet or some network present new and
very challenging questions, cybersecurity questions.
But at their core, I'm not sure they're entirely new, right?
So if we're talking about a pacemaker that has a wireless signal, and that
wireless signal might make it easier for someone to collect that data, potentially,
an unauthorized user collecting that data, that's a very scary possibility.
And the scale of the problem might be new because so
many people might be able to collect that data, or
attributing who's the person who's stealing that data might be tricky, right?
But at its core, what we're dealing with is a question of securing medical data,
and that is not a new problem.
That's something that hospitals, medical institutions,
universities have been dealing with for many, many, many years.
So the scale of the problem is hard, right, it's huge, and
we might need new technological solutions to this problem.
But I'm not sure we need new core ethical principles, for example, right?
The ethical principle that the institution that gives you a medical device or
collects your data has a duty to safeguard it, that duty has been around for
a long time.
The fact that we're dealing with new technologies doesn't change that duty,
the rule ought to basically be the same.
How the rule is applied in this new context might be different.
So what does it mean for a medical institution to do due diligence?
In a world in which everything is collected on paper,
that due diligence, the principle is the same as it is today, right?
You still have to do due diligence, but what it means is going to be different.
So before, it might mean having your papers safely guarded, in one room.
And now it might mean having your digital records hidden in an encrypted form,
behind a firewall, in offsite locations.
I'm not a technical expert, but these are the kinds of things that one would need to
look into to figure out how to apply the old rule in a relatively new context.
Lauren SolbergAssistant Professor
