Defeat cyber risks, use the Force

Cyber risks are a real and present danger. They are often hidden and misunderstood so I wrote this article just for you. I’m also a Star Wars fan and couldn’t resist the Force.

When I think of the words “cyber risks”, I don’t think of anything immediately tangible nor anything immediately threatening. What those words, (especially together) mean to me is far more ethereal and a lot more entertaining…

My thoughts digress to a Jedi fighting a Sith, Ewoks and Jabba the Hutt. I think of Darth Vader – the famous “I am your father” scene. All very “other wordly” and “galactic”. Something a true Star Wars fan can fully and truly appreciate. But this is not Star Wars and I am no Princess Leia.

“Luke, I am your father”

Just like the “Luke I am your father” scene inevitably shocked Luke into a new reality, growing Cyber Risks are doing the same for businesses across the Globe. And that is actually my point – Is Cyber Risk really in a “Legality” far, far away or is it closer to home than we think?

What do I mean? Well I will give you some examples.

In the Price Waterhouse Cooper’s January 2016 Top Issues publication, the following was outlined

“The biggest challenge for insurers is that cyber isn’t like other risks. There is limited publicly available data on the scale and financial impact of attacks and threats are very rapidly changing and proliferating. Moreover, the fact that cyber security breaches can remain undetected for several months – even years – creates the possibility of accumulated and compounded future losses.”

And

“Cyber risks are increasingly frequent and severe, loss contagion is hard to contain, and risks are difficult to detect, evaluate, and price.”

On the Freshfields, Bruckhaus, Deringer website, a world-wide legal practice on their “Cyber crime can derail your company” page, they state the following:

“Whatever your industry, cyber security is a worldwide concern. As you hold more data, and your staff use their own devices, you can become more vulnerable to security breaches.

Those breaches can have significant legal and reputational effects upon companies. As shown by recent data breaches, and related litigation, this is not just an IT issue.”

There has even been a full article written on the Hedgeweek website entitled “Cyber security – a Global Persceptive” ,(the title alone has a sense of doom and seriousness about it). This article sets out the lengths the US Legislature is taking to ensure the protection of companies against cyber-crime, which includes the House of Representatives passing a new cybersecurity bill –

“the Protecting Cyber Networks Act (PCNA) – to allow file sharing between government intelligence agencies and private companies and raise the overall awareness of hacking.”

Cyber Risks – a clear and present danger

If it is not clear already, let me spell it out for you – cyber risks are here. It is a risk that is not only very real but one that can be truly devastating to a company should their systems and data be hacked thereby revealing company trade secrets. Can anyone say “huge liability claim”?

boss-fight-free-stock-images-image-photos-photo-photography-pie-cafe-coffee-milk-cream
Source: Boss Fight

Speaking of huge liability claims, Insurers and Re-insurers are discovering that there is a growing and real need to insure Companies across all industries against these potentially devastating risks and that means increased premiums for those Insurers and Re-insurers eager to tuck into a slice of the proverbial cyber pie. According to PWC –

“Cyber insurance is a potentially huge but still largely untapped opportunity for insurers and reinsurers. We estimate that annual gross written premiums will increase from around $2.5 billion today to $7.5 billion by the end of the decade.”

But thats Insurance and therefore inevitably a safety net should things go awry but where Law is concerned, prevention is often better than the cure.

Understanding leads to prevention

In order to even start combating Cyber Risk, we first need to understand what it actually entails. According to Kennedy’s “Cyber risks – an insurance perspective” article  cyber risks can be understood quite simply:

“Two of the most common forms of cyber risks are Cyber-attacks and data breaches. Cyber-attacks can take many forms:

Hacktivism – where a company’s website is hacked into and used as a platform to promote views.

Denial of service attacks (DoS) – when a site is bombarded with millions of emails from a bogus source, thereby blocking access to the site by legitimate users. This happened to the Amazon and PayPal sites recently, when they were forced to stop online trading as a result of DoS attacks by people protesting against the arrest of Julian Assange.

Cyber-extortion – where attackers threaten to carry out a DoS attack or to implant viruses in a company’s website or network.

Data breaches can occur as a result of human error – for instance, unencrypted data is lost or sent to the incorrect recipient – or by hackers, employees or others stealing or otherwise gaining access to sensitive data.”

A call to arms

black-and-white-sport-fight-boxer
Source: Pexels

What is abundantly clear is that this is not just an IT issue, something you can “dial a nerd” for and consider your job done. What this is, is a global risk. Something as legal practitioners we need to get ahead of. It is all well and good to have the insurers and reinsurers making their mark in this currently untapped risk market but we need to prevent the risk from happening in the first place. A seemingly daunting and almost impossible task to be sure. However with everything, you can tackle this “one bite at a time”.

With that in mind, how do we fight Cyber Risks?

  1. Identify the specific risks to the business and what needs the most protection. For example, in a company like Coke, intellectual property might be the most important asset which is vulnerable to cyber attack. For Bid or Buy, the stability of online platforms and the security of customers’ personal data may be paramount.
  2. Assess the potential consequences of the various types of possible attack. Essentially, what would the impact to the company’s reputation be, to its share price, to its goodwill? What is the litigation risk? What would be the impact on the business be if its activities were disrupted for a short or for a sustained period of time? How much risk can the business accept? This is a really important balancing act and from a legal perspective will need some risk management. For example, ensure senior management in all areas of the business are fully aware of the IT security and all the risks that potentially exist.
  3. Devise a strategy to address the identified cyber risks. This is likely to involve preparation of both a cyber risk management plan and an incident response plan. A cybersecurity review is vital.
  4. Ensure that the systems and security measures are properly and regularly tested (here you can most certainly get a hold of “dial a nerd”),
  5. Implement appropriate staff training and education. Many attempts to compromise information involve what is known as “social engineering”, which is effectively the skilful manipulation of people and human nature to trick information out of a company. Online social media platforms need to be properly monitored and staff trained here according to what they can say and what they can’t say with regards to the company online. A social media policy will most definitely be needed. Proper training can help reduce or prevent completely this type of risk.

Clearly, cyber-security is more than just tightly worded policies and endless procedures. It is a legal risk management exercise which undoubtedly entails keeping your eyes wide open, ears to the ground and your paper trail well and truly up to date -if there is any significant attack, the legal team needs to be properly armed with their trail of governance to ensure real combative steps are taken.

“May the force be with you” indeed does come to mind.

Featured image credit: Paul Jacobson, licensed CC BY NC SA 2.0

MTN’s misleading uncapped data bundle fine print

MTN’s uncapped data bundles are not what consumers think they are. They are complicated packages with rules that limit them dramatically.

EWN published a surprising story titled “The terms of MTN’s uncapped data explained”, in which MTN’s Chief Customer Experience Officer, Eddie Moyce, explains MTN’s activation requirement for its time based uncapped data bundle. Here is the radio segment:

The surprise is that this uncapped data offer doesn’t work the way you may expect. Consumers should pay careful attention to the fine print avoid being caught out, potentially at a substantial cost. Essentially, even though you have paid for the bundle, you still need to activate it by dialling a short-code which you receive by a SMS. If you don’t activate the bundle, you will use data at normal data rates and could wind up with a larger bill than you expected.

Two aspects of this story are problematic:

1. Why offer this sort of “uncapped” bundle that the customer still needs to activate in order to use it, even after paying for it?

This is really misleading. Most data bundles activate automatically when you have paid for them and the changes propagate across the network, don’t they?

The mechanism suggests that MTN intentionally created this activation mechanism knowing that many customers won’t actually realise they need to do it and will wind up paying far more. I checked the terms and conditions that apply to this package (I think – the MTN site is not exactly designed to find information easily) and it says the following:

  1. Activation of the MTN 1 Day Uncapped Internet Bundles

5.1 Customers may purchase an MTN 1 Day Uncapped Internet Bundle by dialing *141*2#.

5.2 Customers must activate the MTN 1 Day Uncapped Internet Bundle after purchase, by dialing *141*5#. The MTN 1 Day Uncapped Internet Bundle does not automatically activate .

5.3 Customers may only activate the MTN 1 Day Uncapped Internet Bundle if they have sufficient airtime in their airtime account or using their usage limit (for My MTNChoice customers). This excludes MTN Loyalty 1–4–1 Loyalty Points and any promotional airtime.

Data bundle details

These data bundles are typically “valid for a period of 24 (twenty four) hours”, although only “after [they are] activated”. I also wonder how many people are aware of when the data bundle kicks in? How many people assume (and reasonably so) that the package kicks in automatically and they start using the data right away?

The seemingly reasonable SMS from MTN with activation instructions is challenging. Many people ignore SMS messages they receive for various reasons and may not notice the significance of an activation message until long after their bill has hit triple digits.

This activation mechanism looks a lot like the dodgy tactics mobile content providers used to use before they were banned: automatically subscribing consumers to expensive content (think R5 or R7 per day until cancelled) subscription services without clear double opt-in mechanisms and pricing information. You wouldn’t expect major network operators to use misleading tactics such as these.

2. Why impose a “fair use value” cap of 150MB on an “uncapped” data bundle? That is tiny.

Then, to add to this, the notion that a bundle with a “fair use value” cap of 150MB is somehow an “uncapped” data bundle is ridiculous. That is a tiny amount of data when you consider that, as Eddie Moyce put it, people tend to buy these packages for specific reasons. One of those reasons would be that the customer needs to use a lot more data than his or her usual bundle allows (at least, cost effectively) in a short time period.

Here is an extract from the terms and conditions dealing with the “Fair Use Policy”:

9.1.4 Customers with an active MTN 1 Day Uncapped Internet Bundle shall be able to generate uncapped data usage, however, a fair use value/threshold as detailed in the table in clause 4 above will apply for the duration of the Validity Period.

9.1.5 Should the Customer exhaust the fair use value, as detailed in the table in clause 4 above, before the end of the Validity Period, the Customer’s data speeds will be reduced to 128kbps for the remainder of the Validity Period and the Fair Use Policy shall detailed in this clause 9 shall apply.

9.1.6 MTN further reserves the right to implement other measures and controls to ensure that the integrity of its systems is maintained, including but not limited to measures such as DPI (Deep Packet Inspection). DPI:

9.1.6.1 allows MTN to monitor aspects including, but not limited to, non-compliance with its Fair Use Policy and restricted protocols, prevent attacks from computer viruses/worms and identify SPAM. Such usage may be blocked or re-routed;

9.1.6.2 also allows MTN to throttle certain usage, such as peer to peer traffic;

9.1.6.3 shall also allow MTN to prioritize/filter certain activities, such as VoIP traffic, over other activities which are burdensome on the MTN network (such as video streaming);

9.1.6.4 in essence, this allows MTN to alleviate network congestion and improve service to all MTN customers.

9.1.7 This Fair Use Policy may be amended by MTN, whether by clarifying, modifying, adding to or deleting certain terms and conditions. This is subject to the Modification of Terms and Conditions, including notice being provided to you, as detailed in clause 16 below.

Not only does the available data speed slow to 128kbps when you hit that measly 150MB but MTN also imposes a series of restrictions on how you can use the data and when. The end result is that your “uncapped” data bundle is more like a “you can’t do much with this ISDN-like connection but thanks for paying anyway” bundle.

But wait, there’s more:

  • MTN hides all these restrictions and qualifications in terms and conditions which few consumers will ever read, and
  • these restrictions are couched in fairly dense language and presented in pale text on a white background that no-one over 45 can read without squinting says a lot too.

MTN terms

One more thing – no business use for you

Oh, by the way, this package isn’t available for “commercial use” so don’t think you are allowed to use this package to give your small business a little boost either:

9.2 The MTN 1 Day Uncapped Internet Bundles are intended for consumer use only. This means that the MTN 1 Day Uncapped Internet Bundles may not be used for commercial use (which includes, but is not limited to the intention of promoting, enabling, subscribing to, selling (directly or indirectly) the goods, services or image of any person pursuing a commercial, industrial, craft, religious, charitable or political activity or exercising a regulated profession).

9.3 The MTN 1 Day Uncapped Internet Bundles exclude use of the following services:

9.3.1 Least Call Routing (LCR);

9.3.2 Routing devices; and/or

9.3.3 Commercial use.

9.4 Use of the above services shall be deemed abuse and/or fraudulent use of the MTN 1 Day Uncapped Internet Bundles and shall entitle MTN to immediately suspend and/or deactivate the Customer’s access to the MTN 1 Day Uncapped Internet Bundles.

So if you are a small business owner and you happened to buy this bundle and use it as part of your business (you could have sent a data message to a client telling them about your services, for example), you would be committing a fraud in addition to breaching the terms and conditions of the bundle. Talk about hostile to small business!

K.I.S.S MTN!

When I think about what is available outside South Africa, MTN’s approach to mobile services and pricing just doesn’t make sense to me. My current mobile service includes 5 000 minutes of calls, 5 000 SMS messages, 10GB of data a month and 500 minutes of calls to my family in SA (landlines in SA) for the equivalent of about R200 per month. It wasn’t always like this but regulatory changes and increased competition improved the situation for Israelis.

Instead of obfuscating an overly complex service, why not offer a simpler option that just let’s people pay their R40 for either a fixed amount of data or a realistic “fair use value” cap? Drop this silly activation mechanism and the ridiculous fine print. In other words, give people what they think they are getting or, if that is more than you want to offer, offer them something you are comfortable with and that makes sense to consumers.

Image credit: Pixabay

No, you can’t unilaterally opt out of Facebook’s terms and keep using it

Facebook has updated its terms of service and data use policy recently and the changes have upset many people. I’ve started seeing more declarations of users’ intention to opt-out of provisions of Facebook’s terms and conditions. These sorts of declarations seem to be legally binding with their fairly legalistic language but they don’t work except to help you feel better.

The only way to limit what Facebook can do with your content and your personal information is to stop using Facebook and to delete your profile. Unilateral declarations of your intention to opt-out of provisions you don’t agree with don’t make those provisions less binding on you.

If you use Facebook, you do so on Facebook’s terms. If you don’t want to be bound by those terms and conditions, stop using Facebook.

Rewritten WASPA Code better regulates mobile services in SA

The new WASPA Code of Conduct is a complete rewrite of the Wireless Applications Service Providers’ Association’s rules which regulate the mobile content and services industry in South Africa. One of the biggest changes to the Code is a consolidation of the old Advertising Rules and the Code of Conduct itself along with a dramatically scaled down body of rules governing advertising copy. The changes go further than restructuring the old framework. As WASPA’s advisory note presenting an overview of the new version of the Code points out –

The revised Code of Conduct incorporates the most important portions of the Advertising Rules, but without many of the unnecessarily restrictive details in those Rules. The new Code is organized more clearly and logically than previous versions, aims to be less open to interpretation, and intends to function as an effective set of principles for the WASP industry, as it exists a decade after WASPA’s formation.

Of course this version of the Code doesn’t exist in a vacuum. WASPA’s adjudicators and appeals panelists (which includes me) have documented their interpretations of various provisions of older versions of the Code in a substantial library of rulings over the years and one of the challenges in the near term will be harmonising those rulings with the new Code and preserving guidance on a range of topics including subscription service marketing, service “bundling” and spam and applying that guidance to the new Code’s clauses.

The WASPA Code has been better aligned with legislation such as the Consumer Protection Act, the Protection of Personal Information Act and the Electronic Communications and Transactions Act which should translate into improved consistency between the law and the Code, as a self-regulatory framework. The new Code also reinforces WASPA’s importance as a regulatory body in the South African mobile content and services industry. This comes at a good time as the trend towards mobile services is only going to strengthen going forward.

Your future digital government

I had to apply for unabridged birth certificates for our children the other day so I sat down in front of my laptop, browsed to the Department of Home Affairs’ website and logged into the secure Civic Services portal to start the process. I used my new ID card with its embedded personal digital certificate and a one-time code from my smartphone to authenticate myself.

As you can imagine, Home Affairs has all my details and who our kids are so all I really had to do was select the option for the unabridged birth certificates and place the order. The system informed me that because this was the first time I had requested these particular birth certificates there wouldn’t be a charge. I received a confirmation of my request along with digitally signed and locked digital versions of our kids unabridged birth certificates about five minutes after I concluded my request.

The birth certificates were in PDF and I quickly verified that they were signed by Home Affairs using the Department’s current public key (they were) and then forwarded them on to the service provider that requested them from us.

At this point you are probably wondering how I managed to do all of this? You probably had to drive out to your local Home Affairs office, fill out the forms on paper and wait in line to hand the forms over to the person behind the counter and be told you’d have to wait six to eight weeks for the birth certificates to be printed out in Pretoria and delivered to that office. You would then have to return to the office with your receipt so you could collect the pages.

My story is completely hypothetical. That process is not currently possible at the moment. This isn’t because the technology doesn’t exist, it does, or because the law doesn’t currently cater for it, it does. Implementing processes like this requires a different approach to digital government services. In this particular case, the starting point is likely a combination of a number of factors:

  • A secure, complete and accurate citizens’ and residents’ database;
  • A secure portal through which citizens and residents can access government services using a unique digital identity which is linked to the data the government has about them;
  • Digital certificates issued to each citizen and resident along with each person’s national identity;
  • A convenient means of both securing and using a digital identity to authenticate each citizen and resident that has a cross-platform mobile as well as conventional desktop interface.

The Electronic Communications and Transactions Act provides a broad framework for much of what would be required, including digital signatures, digital documents and data retention and evidence. The benefits could be to radically streamline government services and empower citizens to transact more securely and effectively with each other. These benefits are not reserved for government services, they extend to private services too. In fact, a single secure and digital identity for South Africa’s inhabitants could serve as a platform for a variety of providers to develop engagement models that could transform how the country functions.

So why isn’t such a system being developed (or in place already – much of the technology required has probably existed for some time now). The Verge has an interesting post on this topic titled “Our future government will work more like Amazon” which has a few relevant observations, including this one:

The problem is logistics. Sure, the Postal Service would probably love to have some fresh resources to boost up these facilities. But consolidating many offices into one is never easy. And reappropriating human resources would definitely be controversial. But with good digital systems to reduce paperwork, remember previous encounters with citizens, and greatly reduce the need for people to visit brick and mortar offices in the first place, it’s certainly feasible.

From a legal perspective there are very few barriers to this sort of future. Aside from logistics, the challenge is that our culture is still heavily invested in paper and paper paradigms and the change to digital workflows seems to be prohibitively complicated. That said, there are many benefits to going digital including cost savings, better security and improved redundancy (if you work with paper files, how much redundancy is built into your filing system?).

Simply adopting the necessary technologies isn’t going to solve the problem either. Effective implementation is essential and failing to do this has led to controversies such as the SANRAL consumer data exploits we read about recently. I came across another example of poor implementation when I began writing this post this morning, somewhat ironically from the South African Post Office’s Trust Centre which is charged with delivering trusted digital identity solutions:

SAPO_Trust_Centre_screenshot_-_authentication_problem

Leaving aside what must be an oversight, the Trust Centre delivers a key component in this future digital economy. An advanced electronic signature, for example, opens the door to a range of digital transactions otherwise reserved for paper-based transactions. One of the things I would like to do, as an attorney, is commission affidavits digitally. That is only legally possible if both I, as the attorney, and the person who wants to have an affidavit commissioned have advanced electronic signatures. At the moment this has to be done in person but when both parties have advanced electronic signatures (and have been authenticated by the Trust Centre), this could probably take place remotely. That, alone, represents a cost and time saving. Other transactions which become possible include digital contracts to sell land and even truly digital wills.

Going digital can transform how we function and how businesses and government operate. It just takes vision, an understanding of the legalities and risks and sensible technology implementations.

4 suggestions for preserving your digital assets for your heirs after you die

What will happen to your online profiles and data when you die? Before you answer that your digital stuff isn’t all that important so who cares, consider what you are using the digital cloud for:

  1. Email that increasingly includes bank statements, insurance policy information and functions as a backup for when you forget your password for your online profiles;
  2. Document storage and backups for all those policy documents, scans of your ID and passport, accounting records and tax returns;
  3. Photos and videos of your family going back years, decades even (have you maintained your print photos and offline video files to the same extent?);
  4. Various social profiles which you use to keep in touch with friends and family on a daily basis.

The cloud is more than just an incidental part of your life. Unless you are a committed paper-based archivist, you probably have more and more of your life recorded in bits stored on servers around the world and you are likely the only person who can access that data. When the time comes for you to leave this life your family will need to access that data for various reasons and, short of a séance, you won’t be in a position to pass along your access credentials if you don’t plan ahead.

Here are 4 suggestions for how you can do to make sure your family can access your digital assets after you pass on:

  1. Use a password manager like LastPass or 1Password to store all your passwords and key information (I use LastPass and it enables me to store credit card information, ID and passport information and a variety of other sensitive data securely) and use a strong master password to secure your password manager profile (while you’re at it, change your passwords to unique and more secure passwords to protect your profiles better).
  2. Tell your family about your online profiles and how to access them in your will or in a document you leave with your will. If you use a password manager, share the master password with trusted family members or friends so they can unlock your digital assets when the time comes.
  3. Backup your data regularly and automatically. Don’t rely on manual backups. Automate them. Use whichever secure and reliable backup service you prefer (popular options include Dropbox, Google Drive and more) but make sure they include your important stuff and work properly. Storage is becoming cheaper all the time so you should have plenty of space for all your stuff.
  4. Organise your digital archives so they can be easily searched and key documents located by your heirs. One of the first things your family will need to do when you die is report your estate to the relevant authorities and they will need key information to do that. Check with your attorney what they will need and collate that information for them in a convenient folder or location and share that with your family ahead of time.
  5. Make sure you identify all your key online services to your family and explain to them how to access them and your data. Don’t assume that everyone knows the services you use and how to use them effectively. They may not share your passion for those services but you probably don’t want to add to their aggravation by forcing them to stumble around unfamiliar services while grieving for you.

Image credit: ‘Til Death Do Us Part by [n|ck], licensed CC BY 2.0

Facebook Messenger is not the privacy threat you should be concerned about

Many people are focused on the permissions they give Facebook when they install Facebook Messenger and are concerned that they are giving Facebook excessive access to their devices. This isn’t necessarily the case and this growing panic may be more a function of how Android permissions have to be obtained than a real privacy threat which many have read into those permissions.

Facebook _Messenger_iOS_6_RGB smallI found myself listening to a discussion on 94.7 this morning about Facebook Messenger. The breakfast team was talking about these permissions that have attracted so much attention as if installing Messenger instantly compromises users and leaves them exposed to all sorts of privacy invasions when microphones and cameras turn on at someone else’s behest.

The panic level rose a few more notches when the breakfast team received a call from an anonymous listener who told the team that part of his work involves remotely accessing people’s devices (presumably part of lawful investigations) and exploiting these sorts of permissions. It wouldn’t be unreasonable to draw the conclusion that giving Facebook these permissions to access your phone’s microphone, camera and other features somehow makes all of those features available to anyone wishing to exploit that level of access and spy on you.

Fortunately it isn’t as simple as that. Leaving aside the risk that Facebook, itself, grants access to your devices to 3rd parties without your knowledge or that its apps have vulnerabilities which are not patched and are exploited by unscrupulous 3rd parties, Facebook isn’t the threat. I spoke to Liron Segev, an IT Consultant and one of the first people I think about when I need some help with the technical aspects of IT security. He explained that the threats to consumers come from various sources and that poor security awareness on consumers’ part is a contributing factor.

To begin with, it is possible for a 3rd party developer to introduce apps to app stores that appear to have a particular functionality but, below the surface, these apps will scan installed apps on your device, attempt to impersonate or even supplant those apps and exploit the access permissions you gave to the legitimate app. These trojan apps would then take advantage of the sorts of permissions you grant Facebook Messenger to access your device microphone, camera and other features. Avoiding this risk largely comes down to only installing apps you trust and how well the app marketplace is regulated and protected from this sort of malware. More and more security experts recommend installing anti-virus software on your mobile devices to help protect you from these sorts of attacks.

A hidden threat few people outside the security industry are aware of comes from the mobile networks we use every day. Mobile networks have the technical ability to gather data from our devices and even remotely install applications without us being aware of this in order to use that data and access to our devices’ features for a variety of reasons ranging from network performance management to remote surveillance and law enforcement. On the one hand, there are good reasons for networks and governments to have the capability to monitor criminal threats (for example, the somewhat misunderstood capability Google has to monitor Gmail for child porn using an existing database of problematic images). We live in a world where the bad people use advanced encryption and digital tools to plan and conceal their activities. On the other hand, there is also scope for governments and companies to use these capabilities to spy on citizens, infringe their rights and exploit their personal information for profit. As I mentioned in my htxt.africa article “Much ado about Facebook Messenger privacy settings, but is it nothing?” –

Whether you use Messenger should be informed by the extent to which you trust Facebook, not by the very explicit and informative permissions Facebook seeks from you in order to use Messenger. If anything, Facebook is just proving that it has come to a long overdue realisation that there is no benefit in deceiving users.

It is possible that Facebook may turn on your phone’s camera and microphone while you are getting dressed in the morning but highly unlikely. What is more likely is that Facebook requires those permissions to enable Messenger to do what you want and expect it to do. That said, you can’t be complacent and install every app on your device that seems amusing. Take the time to satisfy yourself that the app is from a credible source and look into anti-malware software for your devices. As for mobile networks and governments, there is little you can do except reconsider your device choices if you are concerned about this. Segev pointed out that Blackberry devices are still secure options and Blackberry 10.x is a flexible option even if it isn’t popular media’s darling.

Lawyers are an endangered profession

I don’t believe the legal profession will continue to exist as it is today for much longer. The profession has changed over the decades and centuries as technology has changed, especially in the last decade, but what I can see happening is something far more radical. As cognitive systems like IBM’s Watson start to have more of an impact in our daily activities and become smarter, they will begin to do more and more of the work lawyers do far faster, more effectively and cheaper.

The challenge for lawyers is figuring out what their roles will be in the next 10 to 20 years. I suspect we will see at least two types of “lawyers” emerging:

  • Legal technicians who serve as coders, tweaking these cognitive systems, supplying them with additional inputs they don’t already receive from being plugged into the Web and all connected data systems; and
  • Legal information architects who map out the high level policy models and structures that will guide how laws develop and evolve in conjunction with these smart machines and their deep learning.

I came across two articles on the weekend which explore aspects of this which you may want to read if this topic interests you:

  1. Kenneth Grady’s “Any work left for lawyers to do by 2020?
  2. Geoff Colvin’s “In the future, will there be any work left for people to do?

I wrote an article recently which was a thought experiment of sorts about what this future could look like. It was focused on a vehicle sale in 2034 (of course a futurist chimed in on Twitter that people won’t be buying cars in the future, so there’s that reality check) and I don’t think we are that far away from this sort of reality.