We have explored the nature and capabilities of augmented and virtual reality (“AR/VR”) technologies in previous articles. We have discussed how these technologies can collect, store, and share personal or confidential information with third parties. The user information that’s collected may be stored and shared for financial gain in most situations. The third-party service providers (e.g., Google, Microsoft, Facebook, Instagram, Twitter) that have access to these technologies may conduct data analysis to learn more about their users through behavioral marketing. The AR/VR technology manufacturers may implement some type of user surveillance for profit. However, it should be noted that these practices should be conducted with the user’s knowledge and authorization.

Now, with that being said, the users should be protected by the state, federal, and international legislators and policymakers. The legislators and policymakers should consider implementing the proper safeguards within their laws that would protect the consumers. We have mentioned the main issues in previous articles which, include, but may not be limited to, data privacy and cybersecurity. Data privacy is a key component to any kind software and hardware technology. There have been multiple cases where the manufacturer failed to implement user protection safeguards. The Federal Trade Commission (“FTC”) has prosecuted legal actions against manufacturers and other commercial organizations. For example, In the Matter of Zoom Video Communications, Inc., Zoom was required to implement a robust information security program to settle allegations that it had engaged in a series of deceptive and unfair practices that undermined user security. In addition, in another case, LifeLock was forced to pay $100 million to settle contempt charges that it violated the terms of a federal court order that required it to secure consumers’ personal information and prohibited it from deceptive advertising. The FTC has been charged with the task of prosecuting consumer fraud. Please refer to https://www.ftc.gov/enforcement/cases-proceedings/terms/249 for more information.

Regulatory uncertainty plays an important role in the future of AR/VR technology since many of the existing laws do not address each and every issue. Although the existing laws provide certain guidance to the device and application manufacturers, however, there are certain and cognizable loopholes that should be addressed by state, federal, and international legislators. So, for example, there should be clarity on the scope of tracking software that has been implemented in the technology. Also, on a side note, there should be a way to fully disclose the technology’s capabilities and to obtain user consent – i.e., the device and application manufacturers should provide an opt-out option to avoid unfair, deceptive, or misleading advertising. It’s important to note that the FTC Act (codified under 15 U.S.C. §§ 41-48), under Section 5, grants the federal agency the right to file legal actions. The term “unfair or deceptive acts or practices” includes such acts or practices involving foreign commerce that: (i) cause or are likely to cause reasonably foreseeable injury within the United States; or (ii) involve material conduct occurring within the United States. So, in essence, the federal agency promotes transparency and disclosure in order to properly inform and protect consumers.

The technology that we are using on a daily basis provides certain and cognizable advantages and disadvantages. The advantages are great and have allowed the public to have access to a wide range of options. The disadvantages, include, but are not limited to, security and privacy discrepancies. Technology operates to enhance a business model, idea, or operation. This is usually done by collecting and selling information for profit. These types of data collection and marketing activities have been heavily regulated by state and federal agencies in recent years. However, with every new technology, there will be new challenges.

Augmented and virtual reality technologies are no different from other types of technologies in that they are fully capable of being abused when they fall into the wrong hands. Augmented and virtual reality software or hardware applications are designed to enhance user experiences by storing and sharing information across the network. This information may include personal or confidential information that would not otherwise be accessible by third parties. Nonetheless, the designers or manufacturers of these applications make it much easier to gain access and share information with third parties – e.g., marketing or advertising agencies – which pay an incentive for gaining access to them.

The state and federal legislators should pay close attention to these technologies and their operation mechanisms so they can update existing laws and implement new laws that would properly address consumer-related issues. Now, if the AR/VR technologies are collecting health or medical information, the Health Information Portability and Accountability Act (“HIPAA”) comes into play. Also, if the AR/VR technologies are collecting a minor’s information, then the Children’s Online Privacy Protection Act (“COPPA”) would be applicable.

Augmented and virtual realities are cutting-edge technologies that are changing the world. Now, with that comes a significant amount of legal issues such as cybersecurity, privacy and regulations at the state, federal, and international levels.

Augmented reality (“AR”) technology is currently being used by several companies such as Nintendo, IKEA, Instagram and Snapchat. Virtual reality (“VR”) technology has been used by companies such as Oculus Rift, PlayStation, and HTC Vive.

The courts have been grappling with online or offline violations for many years. Now, with the advent with these technologies, they will be facing new issues related to online or e-commerce transactions. The question is how will the courts deal with street crimes in the virtual world? What if a known or unknown individual engages in “indecent exposure” or “virtual groping” against another person? What if the culprit commits a tort (e.g., negligence, invasion of privacy, intentional infliction of emotional distress) against the victim in the AR/VR world? What if the victim’s privacy is invaded by spreading his or her intimate pictures or videos towards unauthorized parties?

Our law firm’s attorneys have been able to manage unexpected data breaches since they take place on a regular basis. Our legal team and group of technology experts have implemented specific protocols to mitigate the damages. One of the most important factors is assessing your company’s security weaknesses which may include proper training of all personnel including full/part-time employees and independent contractors. Training is a key factor and should be conducted in a methodical manner. The information technology department should implement the procedures for setting up personnel training sessions.

The first step is to setup a framework for proper incident responses. Then, incident notification procedures should be published for all personnel and should be part of the hiring process. The company should be able to validate the data breach by examining the information. All sensitive and confidential documents (e.g., trade secrets) should be protected and preserved on a regular basis. The incident response team should immediately investigate and monitor the breach. The company should mitigate the damages by securing electronic devices and the stored information. Also, the company should ensure the existing encryption software is functional, and if not, it should be replaced with another type of encryption software. The data owners should be formally notified since their information has been affected by the data breach. In most cases, law enforcement officials should be notified about the data breach. Finally, the company should assess and improve its data breach and incident response plans to avoid similar problems in the future.

Any organization that collects, stores, or manages sensitive or confidential information is susceptible to cyberattacks. Therefore, it must setup and manage a proper incident response plan. It must be able to engage in preventive and reactive measures such as proper data retention policies. The chain of custody in preserving information is a key factor. So, the data must be located, identified, and protected to avoid unnecessary complications. Data protection and preservation are key components from a legal perspective. The organization should have access to legal counsel to prepare for potential legal actions. The legal team should work closely with the Incident Response Team (“IRT”) to protect confidential client information such as medical or financial records. This way, the attorney-client privilege can be properly established by them.

Data breach incidents require a quick response from the information technology team and their experts. They are responsible for investigating the incident, notifying the affected parties, and contacting law enforcement agencies. The business operations should not be interrupted by these data breach incidents which is a difficult task. In other words, business continuity is one of the main complications that the targets face in these situations.

The hackers use various methods to infiltrate and extract valuable information such as trade secrets and private or confidential information. This information should be protected by using suitable methods. The private and confidential information should be stored on internal and external storage devices. They should be backed up on a regular basis and protected by using encryption technologies. We recommend using strong encryption algorithms which meet the minimal technical requirements that can be implemented by a qualified technology expert. This is important since the confidential information that can be stolen may include sensitive corporate, medical, and financial records. So, obviously, there are mandatory notification protocols in every jurisdiction.

California Civil Code Sections 1798.29(a) and 1798.82(a) require a business or state agency to notify any California resident whose unencrypted personal information was acquired or reasonably believed to have been acquired by an unauthorized person.

Data breach and incident response protocols are important when there is a breach within an organization’s computer systems. Our law firm has assisted clients with data breaches which can occur as a result of insider threats, hacking intrusions, credit card payment breaches, and medical record breaches.

Data privacy and cybersecurity are key components that could be implemented at the network level of each organization as preventive measures. The information technology department should properly review the computer systems and implement the proper software and hardware applications. The information technology staff should install a firewall system that can monitor network traffic. It can also implement an Intrusion Detection System (“IDS”) that monitors network traffic and prevent unauthorized transactions.

These incidents have a national and international component to them since they can take place from anywhere. The hackers can be anywhere in the world when they target victims. They usually utilize sophisticated tools and resources to initiate the attacks. For example, they use social engineering and phishing to obtain personal information by impersonating a trusted source. They can use malware injecting devices, missing security patches, password cracking, and Distributed Denial-of-Service (“DDos”) attacks. The hackers steal secrets by using sophisticated tools and methods. There have been multiple incidents where the hackers infiltrated small and large companies to extract personal and confidential information such as trade secrets (e.g., patents, trademarks, copyrights), social security numbers, credit card numbers, medical records, and bank account records. The hackers can use a “back door” which is a secret pathway they use to enter the computer system. They can use a “buffer overflow” which is when malicious commands are delivered to the computer system by overrunning the application buffer. The denial-of-service attack is another method that is used to shut down the computer system. The hackers have been known to use “email worms” which includes a virus script that is transferred to the victim via an email message. Now, the hackers can gain computer “root access” which grants them complete control. The “root kit” is a group of tools that can be used to expand and disguise the hacker’s control over the computer system. The other tools that can be used by hackers include script kiddies, session hijacking, and trojan horses.

Ransomware is used to infiltrate and lock the victim’s computer system in exchange of money. This type of malicious software (a/k/a “malware”) can cause substantial disruptions in an individual’s and a company’s business operations. It is usually caused when the unsuspecting victim clicks on a link to open an attachment or clicks on an advertisement or uniform resource locator to visit a third-party’s website that is embedded with the malware. The culprits usually request some form of ransom in order to decrypt the files. They will, and usually do, threaten the victim to either sell or leak the sensitive or confidential information if the ransom is not paid in time. There have been demands of up to or more than one-million dollars in recent years so the impact can be significant.

Ransomware can cause a “system lock” when the malware is unleashed on the computer or network system. This, in essence, will encrypt sensitive or confidential files on local or attached hard drives or other storage units. It is difficult to determine when or how the hackers infiltrated the system but the victim usually finds out when the computer systems are locked and inaccessible.

Technology experts recommend training yourself and your employees on a regular basis. This way, they will know what to look for and how to avoid these cybersecurity incidents. It’s important to have a regular backup of sensitive and confidential files and store the backup files in a secure location. We usually recommend storing them in local and remote locations. It is recommended to restrict user privileges such as permissions to install and execute software applications. Technology experts recommend enabling strong spam filters to prohibit phishing emails. They also recommend properly configuring the firewall to block access to known malicious Internet Protocol addresses. It’s also crucial to update the operating system and software applications on a regular basis according to law enforcement agencies.

The Fourth Industrial Revolution is another name for the quantum technology movement. Quantum computers are in the process of being developed at this time and it will continue to impact the legal system and our daily lives. It will also impact data privacy and national security on various levels.

Conventional computers have obvious limitations which can be surpassed by quantum computers. First, conventional computers use binary bits (i.e., 0s and 1s) to operate which presents a significant limitation. Second, as a result of the aforesaid limitation, they cannot operate as quickly and efficiently. Therefore, the simple fact that quantum computers operate by using superposition and entanglement, allows them to yield a lot more power than conventional computers. So, in other words, their computing power has an extremely higher capability which can have a positive effect on medical research, business analyses, artificial intelligence, virtual reality, and other technologies. However, there is a potential problem with quantum computers with error correction issues which can be fixed according to the experts. So, in summary, the final objective is to build a fully error-corrected quantum computer which can manage all disruptions.

The cybersecurity infrastructures in the private and public sectors can be affected by this emerging technology. The private sector which owns, manages, or operates a vast amount of sensitive data at local and remote locations (e.g., cloud servers) can be directly impacted. The public sector will also be affected for the same reasons. There are various types of intellectual properties (e.g., patents, trademarks, copyrights) that have been stored on private and public organization’s network servers. These valuable documents, include, but may not limited to, trade secrets which should be properly protected from public access.

Quantum computers will probably take over the various technology industries in the near future. It is called the “Fourth Industrial Revolution” and it will change the way we use and experience technology. These superfast computers have an extremely powerful computing power that is unmatched by traditional computers. Its technology is based on quantum physics. It will arguably disrupt many industries and will have a direct impact on cybersecurity and privacy. Quantum computers use “quantum bits” or “qubits” which can have multiple properties (i.e., they can be both 0 and 1 simultaneously) and can store electronic information. In other words, they can be in two states at one time which is called “superposition” by the experts. However, they are susceptible to distortion and therefore proper error correction is important.

The large technology companies such as IBM, Google, Intel, and Microsoft have invested a significant amount of their resources. In fact, IBM Quantum is an organizational initiative to build universal quantum computers to solve complex problems with its supercomputers. So, once this type of technology becomes more prevalent, other manufacturers will follow a similar path.

Cybersecurity will be directly impacted by these supercomputers because it will allow their owners or operators to infiltrate the target’s defense mechanisms. It may take a traditional computer a longer time to decipher strong passwords and hack into a computer network system. As such, the owners or operators of quantum computers will have a significant advantage when it comes to these procedures. Cybersecurity and privacy will be major concerns due to the nature of these supercomputers as they can potentially disrupt multiple industries. We know that electronic information can be protected by algorithms. Now, quantum algorithm is referred to as “Shor’s algorithm” which gives quantum computers a higher capability to decrypt information.

Quantum computers will be more prevalent in the coming years as technology advances and they become more affordable. Quantum computers function differently than traditional computers. They are faster and much more efficient when compared to traditional computers. Today’s traditional computers use digital bits which represent zeros and ones – i.e., they must be either on or off for computing process. However, quantum computers operate by using qubits which can store digital information and have several properties. In essence, they can make instantaneous calculations that can take a traditional computer several years. Quantum computers can resolve industrial problems that can take traditional computers a longer time.

What are the applicable technologies and legal problems?

The advantage of having access to quantum computers can be significant. This is because, for example, a company that has access to these exponentially-advanced electronic devices can decrypt a sophisticated program within minutes and threaten the victim’s privacy rights. In other words, it could carry a potential invasive power that would be unmatched by traditional computers. Encryption technology is being used to protect sensitive information. There is “symmetric” and “asymmetric” encryption technology that is being used in the market.