In another teaser from the forthcoming issue of Computers & Law, Simon Deane-Johns asks some searching questions about short-term problems and long-term challenges
The retirement of Laurence Eastham as our illustrious, long-standing Editor provides a poignant opportunity to consider the likely developments in law and technology that will cause us to miss his insightful, acerbic observations. And from where I sit - gazing out over a savannah dotted with weary financial beasts migrating to their doom, plagued by eager challengers nipping at their hindmost, private equity vultures circling on the thermals and the odd, pathetic pot-shot from the regulators – there will be many.
Brexit, Distributed Finance and the Role of Irish Law
No wistful gaze into a future deserving of acerbic wit could fail to be drawn immediately to the flailing Brexit beast, scattering European HQs and 5,476 ‘outbound’ passporting financial firms from the UK into the remaining EU27 Member States.
The days of the Double Irish with a Dutch Sandwich might be numbered from a tax standpoint, but they’ll be consumed aplenty by UK lawyers and IT professionals in their travels to and from the EEA.
Political timelines are irrelevant, operationally speaking. The gross uncertainty over the UK’s trade status means we have passed the point of no return for UK businesses anxious to preserve and grow their relationships with customers in the remaining EU27 countries, as well as in non-EU markets accessed under EU trade arrangements. The time for reassuring announcements is over, and firms are already acting to keep their operations running smoothly up to and beyond 29 March 2019. New entities must be established, authorised or appointed as agents; local bank accounts opened; offices leased; management and staff relocated or employed; equipment, stock or assets, and related licenses purchased; IT and process changes developed and tested; and contracts with customers and suppliers novated.
These preparations raise numerous tax, legal and accounting issues in their own right. But the choice of law under which each new entity contracts with customers and suppliers, and which courts will govern disputes, are critical to making the transition less difficult.
Customers and suppliers who contract under English law will probably want the contractual terms to remain broadly the same, even if certain aspects might need to change, such as billing and payment details, currency and pricing and the legal basis for sharing EEA-residents' personal data with UK operations. There won't be an EU ‘adequacy decision’ on the UK's data protection standards before April 2019 and no timetable can even be agreed for reaching one unless and until the UK has actually left the EU.
In these circumstances, choosing Irish law to govern at least the commercial aspects of new contracts in the EU27 becomes a no-brainer. Irish law is substantively very similar to the law of England & Wales, and Ireland will be the only purely common-law jurisdiction in the EEA. The few differences can be either simply flagged and understood or explicitly accommodated if necessary. So, while the counterparties are well advised to run a final check of the contract with local Irish counsel, they do not face the comparatively awkward and expensive exercise in understanding the numerous substantive differences between English common law and the codified, civil law system of other EU Member States.
Ireland is also the easiest EU27 jurisdiction in which UK lawyers can re-certify, as might well be the case for the many other types of licensed professionals whose qualifications will no longer be recognised by the EU after Brexit.
Ireland should also represent a very useful partner through which to engage with EU regulatory developments.
Annual Conference in Dublin, anyone?
EMD/PSD3, MiFID III, CryptoAssets, Algorithms and the Next Financial Crisis
While we remain firmly in the grip of the last financial crisis, the next one looms large. But from which direction will it come?
Over-hyped (and over-ICO’d), distributed ledger technology does have its use-cases and the technology is gradually being adopted in ways that are both responsible and desperately mundane (think tracing supermarket supply chains and international freight). Meanwhile the prediction of mass consumer adoption, and even the adoption of DLT in wholesale financial markets appears to have suffered from overestimates in terms of timing (the ‘planning fallacy’) and potential impact. For context, the Bank of England notes that the total value of ‘crypto-assets’ at the highest peak to date (January 2018) equated to less than 1% of global GDP, while the peak valuation of US tech stocks in the dot.com bubble peaked at nearly a third of GDP and the value of credit default swaps reached 100% of GDP before the financial crisis hit home in 2008.
So, crypto-assets may have grabbed some headlines with their volatility and use by criminals and speculators, but they are not the big game in town.
No - innovators are still relying on the rapid evolution of existing technology to challenge the regulatory frameworks designed to govern the more traditional methods of paying, moving money and trading in investment assets.
In particular, the use of algorithms in the financial markets has evolved steadily since the initial ‘computerization’ of order flows in the 1970s, program trading in the 1980s, the sudden deregulation of financial markets, or ‘Big Bang’ in 1986 which ended various restrictive practices of the London Stock Exchange brought electronic trading; electronic communication networks that enabled trading in fractions of stock to improve liquidity; and ‘dark pools’ in private trading systems. Now we have icebergs, sharks, pinging and low-latency to facilitate high frequency trading at speeds blockchainers can only dream about. The devastating ‘runs’ of the 2008 financial crisis were on money market funds and broker dealers - not bank deposits. And if you think loose processing of personal data had nothing to do with that, consider that US lenders were foreclosing on mortgages they no longer even owned! The scale of financial intermediation that still occurs outside depository banks, or ‘shadow banking’ (a term only coined in 2007 as concerns about its growth began to be expressed in central banks), is said to be ‘stable’ at about 25% of all financial assets and 120% of global GDP or $45 trillion in 2016 money. And following the sovereign debt crisis earlier this decade, many of the ‘quantum easing’ measures implemented to protect the global financial system remain in place. So, the global financial system remains hooked on cheap money that is feverishly seeking high returns while shuffling risk like a pack of cards.
Meanwhile, the deployment of algorithms has become cheaper they’ve bled into retail credit, marketing and politics. The gullible have become besieged by online lenders, fake news, phishermen and populist politicians all at once - and at a time when UK household finances are worse than at any time on record.
While many of the major events that shape our history are ‘Black Swans’ – surprises that we attempt to rationalize by hindsight - it’s no great stretch to suggest that the catalyst for the next financial meltdown could prove to have been the ‘successful’ deployment of algorithms and behavioural targeting in support of the nefarious ‘Leave’ campaign. That result, and the ensuing political paralysis, has already up-ended the UK’s global trading relationships, regardless of what happens on March 2019. Just as manufacturers who depend on EU country of origin are moving their processes and supplier relationships, the promised end to financial services ‘passporting’ means UK firms and their customers are already relocating their interconnection with the world’s largest trade bloc at a time when we are still in the grip of the previous financial crisis.
Against this background, financial regulation has moved at a snail’s pace. Not only are regulatory frameworks anchored to the past, they are also desperately slow to adapt to the type of seismic shifts that have put the adoption of cryptocurrencies to shame.
The solvency of Europe’s insurance companies was first addressed in 1973 with the Solvency Directive. The Basel Committee was only established in 1974 to enhance financial stability by improving the quality of banking supervision worldwide. International co-operation on investment activity, in Europe at least, only really took off with the Investment Services Directive in 1993 (and the UK didn’t consolidate its financial sector regulators until 2000). The first attempt to carve-out payment services from the European banking monopoly occurred in the form of the first E-money Directive in 2000, but had little impact. Cue a seemingly endless process of rule-and-law-making that has utterly failed to keep pace with market developments. The directive on markets in financial instruments (MiFID) arrived in 2004-2006 just in time for critical weaknesses to be exposed during 2007-2008. The next attempt to liberate payments from the cold, dead hands of European banks only came with the first Payment Services Directive in 2007-2009. Solvency II was passed in 2009 to shore-up insurers but was not implemented for another seven years. MiFID II evolved during 2010-2014 but implementation was delayed until 2018. PSD2 was passed in 2015 but only implemented in 2018. A decade after costly bank bailouts, the UK is yet to implement all its promised changes.
And it has taken 25 years for legislators to even begin to properly address successive revolutions in the processing of personal data, and even those efforts failed to prevent the Cambridge Analytica scandal.
At any rate, it’s hard to see why pure financial regulation will be any defence to an algorithmically driven financial crisis.
But perhaps there’s another way to approach that type of risk…
GDPR2, Adtech and Ethics in Artificial Intelligence
To understand the rationale for the deployment of retail algorithms involves a descent into the opaque world of ‘adtech’
The erosion of privacy and dissemination of fake news and scams amongst the gullible are among the worse externalities of the social media/networking services and their ad-based revenue model.
For me, one of the key promises of the ‘semantic web’ where machines talk to machines has been the gradual decline of advertising altogether.
I see no technological reason why our powerful consumer devices cannot host personalized applications that search suppliers’ systems for what we need or want, and buy automatically with minimal human intervention. In that scenario, products would be designed and optimized according to actual customer demand, rather than suppliers’ fantasy humans.
The requirements for privacy by default and by design in GDPR are also consistent with such a human-driven model, as are concerns that long-term, loyal but disengaged customers pay more for goods and services (what Citizens Advice calls ‘the loyalty penalty’ in its wide-ranging super-complaint to the Competition and Markets Authority). The Department for Business, Energy and Industrial Strategy has also launched a Smart Data Review to accelerate the development and use of data-driven technologies to make it easier for consumers to get good deals on essentials and put an end to unjustifiable loyalty premiums.
Yet the ‘adtech’ industry is still persuading retail CFOs to channel vast fortunes into formulating merely probabilistic, supplier-driven customer profiles; and ad campaigns that that are then necessary to attempt to find people who appear to fit, or can be persuaded to aspire to, those profiles. Indeed, I’ve often wondered how well these CFOs understand the distinction between data that is normally distributed (human physiology) and data that is not (human behaviour). No matter that untold amounts leak out of this process through click-fraud, ghost sites, stacking and click farms; or that no one seems to actually click on ads anyway. Ironically, the dominant search engine for consumers - which is perfectly placed to enable consumer machines to interrogate supplier machines - is actually among the largest advertising platforms and other intermediaries which feed on the fees paid by suppliers to serve ads at prices determined by auctions in which bids are based on competing analysis of the value to each advertiser of a given user data and profile. And rather than reverse the model to put consumers in control, the industry doubles-down on ever more intrusive processing of consumers’ personal data, with the result that the consumer’s device will eventually become open to suppliers’ machines and those of the their advertising intermediaries, many layers away from humans in suppliers’ marketing departments.
You might scoff at the importance of these distinctions in a discussion about washing powder ads. But you feel less comfortable as the conversation turns to who determines the price of everything you buy or who runs your country and how it trades with the world.
This represents the triumph of the ‘institutional narrative’ over the human narrative.
Regulation has not helped at all. Perhaps our awareness has been heightened by the long-anticipated arrival of GDPR, but the interference with the EU referendum process and the ensuing destruction of the UK’s favourable trade arrangements has shown that the ethical issues go far beyond privacy concerns.
Yet the current UK government, for example, does not accept that the Leave campaign or Cambridge Analytica did anything 'wrong' with people's data by using adtech to deliver ‘fake news’, false promises, outright lies and distorted messages to the gullible (no doubt wasting a large proportion of illegal donations in the process, but that is slim consolation). Senior Brexiteers say the illegality resulting in fines by the Electoral Commission and ongoing investigation by the ICO and the police are merely politically motivated 'allegations' by do-good ‘Remoaners’. Ministers have dismissed their own false ‘promises’ as merely ‘a series of possibilities’. Anyone who challenges that result is ‘ignoring the will of the people’ and ‘undermining democracy’ as if both were somehow locked in a vault forever by a single advisory referendum in 2016.
This is not to say that the current adtech model or the breakout of anti-rationalism and populism from its usual constraints will last terribly long. But getting these genies back in their bottles is no trivial exercise, and society will need to remain on guard in future.
But which brand of ethics should govern the use of algorithms and AI? What types of decisions should be made ‘artificially’ or automatically?
The answer partly depends on your preferred flavour of ethics – utilitarianism, Kantian ethics, natural law and so on – and probably your politics. And what should be decided automatically is hard to determine when you can’t ‘see’ the content that the algorithms are posting to each person’s Facebook feed.
Efforts to instil ethics in artificial intelligence have snowballed to the point where not only is there a House of Lords Select Committee on Artificial Intelligence, but it has surveilled the landscape in detail and already reported this year.
The SCL began its own focus on ‘keeping humans at the heart of technology’ in 2016 and Lord Clement-Jones hosted a panel on the Lords’ Select Committee report at this year’s Annual Conference.
Some talk of responsible innovation and proactive governance with all stakeholders’ needs represented from the outset, while society can choose which ethical principles apply. And this should work so long as the vast majority regard the mechanism for choosing (eg referenda or elections) as fair.
Yet we also need to take very practical steps to ensure transparency for those who are ultimately affected by the deployment of artificial intelligence, which tends to occur a long way ‘upstream’ in the adtech or credit scoring processes, for example. We need functional specifications of what AI will and will not do; and these have to be presented to end-users and consumers in a way that is consumable.
Other commentators optimistically point to the fact that we have evolved already successfully prospective ethical governance programmes for genetics and certain types of armaments. These programmes are backed by regulation and sanctions that reflect those principles and can be used against bad actors (subject to UN vetoes).
We can balance more targeted sanctions for failing to honour ethical requirements related to adtech and consumer finance, for example - and foster innovation and competition - by making it a defence (as it is in payments regulation) for the accused to show that they took all reasonable precautions and exercised all due diligence to avoid committing the offence.
But these efforts will only work if we embed ethical principles in the development of artificial intelligence in the first place.
Simon Deane-Johns is a consultant solicitor with Keystone Law and Chair of the SCL Advisory Board.
 Cited on p 6 of the House of Commons Treasury Select Committee report on Crypto-assets, 12 September 2018.
 According to the Bank of England’s Financial Stability Board: http://www.fsb.org/wp-content/uploads/r_141030.pdf
 ‘AI in the UK: ready, willing and able? https://publications.parliament.uk/pa/ld201719/ldselect/ldai/100/100.pdf
 Professor Marina Jirotka at the SCL Annual Conference 2018
 Duncan Card at the SCL Annual Conference 2018