Sure, so it seems critical to me. So my starting point with most technology questions is to try to figure out how much is really new. It seems critical to me to be clear-eyed and assess the pros and the cons of any potential new technology, and potentially, a regulation of that technology. Too often, I think people lose their heads, and they either embrace the technology wholeheartedly and say, this is going to change the world, everything is going to be great. Or, they're anti-utopian, and they say, this is going to be awful, it's a nightmare, we have to clamp it down. Both of those positions tend to start from the assumption that the thing, the technology that is clearly new Is totally new, so new that we must start from, first, principles in thinking about how it's going to change the world. I tend to disagree with that, I tend to think a better approach is to ask how is it new, in what ways is it new? And in most instances, although we are living in a wonderful moment in human history when there are lots of new technologies that are, indeed, changing our lives, the core theoretical question raised by those technologies is not fundamentally new. So for example, you might say that cybersecurity threats are new, and in a way, they are. But the challenge of safeguarding one's privacy and one's personal information is absolutely not a new question. It's an old question that we're dealing with in a new context, and that means we can draw from old lessons and potentially work out the analogies to how they apply. But that's sort of my starting point for thinking about cybersecurity questions. And so let me be clear, your previous question was about how this applies in a medical device hacking context, which is a good one. Let me be clear that I think that medical devices that are connected to an Internet or some network present new and very challenging questions, cybersecurity questions. But at their core, I'm not sure they're entirely new, right? So if we're talking about a pacemaker that has a wireless signal, and that wireless signal might make it easier for someone to collect that data, potentially, an unauthorized user collecting that data, that's a very scary possibility. And the scale of the problem might be new because so many people might be able to collect that data, or attributing who's the person who's stealing that data might be tricky, right? But at its core, what we're dealing with is a question of securing medical data, and that is not a new problem. That's something that hospitals, medical institutions, universities have been dealing with for many, many, many years. So the scale of the problem is hard, right, it's huge, and we might need new technological solutions to this problem. But I'm not sure we need new core ethical principles, for example, right? The ethical principle that the institution that gives you a medical device or collects your data has a duty to safeguard it, that duty has been around for a long time. The fact that we're dealing with new technologies doesn't change that duty, the rule ought to basically be the same. How the rule is applied in this new context might be different. So what does it mean for a medical institution to do due diligence? In a world in which everything is collected on paper, that due diligence, the principle is the same as it is today, right? You still have to do due diligence, but what it means is going to be different. So before, it might mean having your papers safely guarded, in one room. And now it might mean having your digital records hidden in an encrypted form, behind a firewall, in offsite locations. I'm not a technical expert, but these are the kinds of things that one would need to look into to figure out how to apply the old rule in a relatively new context.
