The Sony Hack -Cultural Lag

As we have discussed earlier, money is not in a vault anymore. Instead, they are codes and information going in and out of servers somewhere. And when the data leaves a jurisdiction, it’s not physically leaving. The server may be hosting data in the Philippines for someone in Hong Kong, and the information could be travelling via lines through the U.S. system. What do you think is the responsibility from a regulatory standpoint for a consolidation? How can we, as a society, have standards for them when we have this spaghetti bowl-like mixup of regulations globally? 

The reality is, I don’t think anyone has a great answer to it.  

Currently, the way the U.S. tries to extend their regulatory reach through a number of financial regulation laws that basically say, that all transactions using US dollars fall into U.S. jurisdiction. That means almost every bank in every country, and every large company in the world has to in some way, follow these US regulations.  

But what if the criminal activities are not even using currency? If we think about cybersecurity as well as cyber regulation, by their very nature, regulations are reactive. They will always be reacting to what has happened. So it’s very difficult to put bright-line ABCD rules. As a result, we think as users and consumers, and people who will be impacted by these advances in technology, we have a responsibility to think within an ecosystem of the values and principles that we might want to abide by. Continually, what we’re going to find is that we can’t rely on law, and we can’t rely on governments per se, to be at the forefront of leading how we want to govern this aspect of the problem. 

But this is the challenge. In a typical negotiation scenario where you are going to buy something from someone, you get the chance to discuss the prices or the details of the services. But right now, every single day, we click on potentially hundreds of websites where we are agreeing to their privacy policies. Sometimes you have to formally agree. But a lot of times, it’s hidden behind the scenes. You’re not even paying attention to it.  

On the one hand, that diminishes the value of these agreements. Essentially service providers are pushing the burden on us consumers to say, “Do you agree to this or not?” But the challenge is, that it’s not like anyone is taking the time to read and understand those terms. And even if you did, it’s still not like you have the opportunity to negotiate. Imagine you read through Facebook’s privacy policy and say, “Okay, clause three, line number two, I don’t think this is appropriate, so let’s work that out”. The negotiation here is: if you don’t agree to our terms, then don’t use our service. 

That is the same with the banking system and much of the financial system. Either you’re in or you’re out. So even if consumers wanted to have a choice, it’s either you opt-in, or you are going to eliminate yourself from this entire system. 

How do we move forward with this situation? For now, we can look at some analogies. In the financial services space, particularly in the world of derivatives, we have organisations of market participants who got together to set a set of ground rules for how they want to transact with one another. This is because they didn’t want to have a lack of clarity or grey area, or they didn’t want to wait for the government or law to come in and formally regulate.  

From the consumer perspective, we don’t have a lot of influence at the individual level, but collectively, we have some influence. So we think what we want to try to invite companies to do is to have these discussions amongst themselves as industry and market participants. How do we want to create a fairer, more secure ecosystem for the product to be? Because ultimately, this is a very long-term game. But if they don’t have that discussion now, in the long run, it will just become more problematic.