Race to Regulate: The Challenges of Keeping Legislation up to Date with Technology

Ben Wright

26 May 2018

As Facebook reels from recent scandals concerning user data and privacy, the global public has once again been exposed to the dangers of unregulated technology. It is continually clear that the legislative process is failing to keep pace with rapid technological development. Lawmaking is slow and tedious, and even when efforts are made to regulate current technology it is frequently obsolete by the time any meaningful progress is made.

At present, several budding fields of innovation are challenging policy makers worldwide. Drone technology provides militaries with the power to kill without direct human action. Data harvesting, by both governments and corporations, threatens to infringe upon people’s rights and privacy. Technological intervention, both foreign and domestic, disrupts the democratic process around the world. The law is fighting a stacked battle and it is losing.

A telling case study in the race between law making and technology is the USA PATRIOT Act of 2001. Passed during the immediate aftermath of 9/11, it brought sweeping changes to the surveillance privileges of law enforcement with the goal of combating terrorism. It was hailed by many as an example of a law which successfully identified and considered the emerging technology of the time, placing emphasis on online surveillance through email and browsing records.

Upon further investigation, however, the Patriot Act is no trailblazer. It was widely criticized as being rushed through the House and Senate, taking advantage of the post September 11th panic to avoid opposition. This quick passing was what allowed the Act to appear inclusive of current technology. The lack of amendments and challenges to the Act that allowed for this quick passing, however, also allowed for large oversights.

Before the Act was passed, pen register orders could be obtained by law enforcement in order to access the numbers dialed and received by a specific phone. Under Section 216 of the Patriot Act this scope was changed to include ‘dialing, routing, and signalling’ information. Routing information is a specific reference to internet use, where the law previously covered only telephones.

The Patriot Act also states expressly that no content of communications can be obtained. With telecommunication this is straightforward, because in accessing a phone number one need not access the conversation that is carried out with that number. Over the internet, however, routing and content are completely inseparable. The web address or search result that one is being routed to represents the exact contents of that webpage. Consequently, a law enforcement agency executing a pen register order and receiving the routing information for an individual’s browsing history also obtains the content the individual accessed, far exceeding the powers intended for the use of a pen register order.  

Under this rushed piece of legislation, law enforcement were suddenly given the power to obtain vast amounts of private information without having to prove the probable cause required to obtain a warrant for search and seizure.  This bypassed the Fourth Amendment and left citizens vulnerable to an abuse of privacy by law enforcement.

It seems that it is impossible to strike a balance between swiftly passing legislation to keep up with technological trends and understanding those trends well enough to pass sound laws. Presently, governments globally are struggling to strike this balance as they combat foreign interference in elections through technological means. This issue has recently been brought to the public eye by cyber-interference campaigns originating in Russia during the elections of Ukraine in 2014 and the United States in 2016, as well as suspected interference in the Brexit referendum of 2016 in the United Kingdom.

Despite this clear threat to the democratic process, governments have not yet put in place laws to combat interference. In the United States, the 2018 midterm elections are rapidly approaching, and interference seems all but guaranteed. Yet two pieces of elections security legislation with the power to combat cyber-interference sit nearly stagnant: the PAPER Act in the House of Representatives and the Secure Elections Act in the Senate. Both have been referred to appropriate committees but neither has received a hearing. The legislature will not be fast enough in this case to pass either piece of legislation in time for the midterm elections, and technology will continue to win the race as foreign actors wreak havoc on the democratic process.

It is clear that the traditional legislative process is too slow to continually keep pace with ever evolving technologies. As the future continues to develop, therefore, governments will need to find measures to regulate technology in a timely manner. One such strategy is being used by the United Kingdom’s Financial Conduct Authority (FCA), which has implemented a financial technology “regulatory sandbox”. It supports financial firms’ innovation by allowing them to test new advancements with real customers in the real market under controlled and monitored conditions. This simultaneously allows the FCA to learn about the technology and how to regulate it while letting firms test it before it is unleashed on the full market.

This provides a potential model for other fields of technology, to create a scenario where regulators are exposed to technology before it is fully released in order to learn about the dangers and potential need for laws governing it. Until innovative strategies like this are implemented by law makers around the world in order to keep up with the torrid pace of technological development, technology will continue to outpace the law. In this scenario, technologies on the horizon such as genetic editing and capable artificial intelligence will enter the world ripe for abuse in an unregulated market.