[This is an excerpt from Chapter 6 of the forthcoming 2nd edition of my book, “Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom,” due out later this month. I was presenting on these issues at today’s New America Foundation “Cybersecurity for a New America” event, so I thought I would post this now. To learn more about the contrast between “permissionless innovation” and “precautionary principle” thinking, please consult the earlier edition of my book or see this blog post.]
Viruses, malware, spam, data breeches, and critical system intrusions are just some of the security-related concerns that often motivate precautionary thinking and policy proposals.[1] But as with privacy- and safety-related worries, the panicky rhetoric surrounding these issues is usually unfocused and counterproductive.
In today’s cybersecurity debates, for example, it is not uncommon to hear frequent allusions to the potential for a “digital Pearl Harbor,”
[2] a “cyber cold war,”
[3] or even a “cyber 9/11.”
[4] These analogies are made even though these historical incidents resulted in death and destruction of a sort not comparable to attacks on digital networks. Others refer to “cyber bombs” or technological “time bombs,” even though no one can be “bombed” with binary code.
[5] Michael McConnell, a former director of national intelligence, went so far as to say that this “threat is so intrusive, it’s so serious, it could literally suck the life’s blood out of this country.”
[6]
Such outrageous statements reflect the frequent use of “threat inflation” rhetoric in debates about online security.
[7] Threat inflation has been defined as “the attempt by elites to create concern for a threat that goes beyond the scope and urgency that a disinterested analysis would justify.”
[8] Unfortunately, such bombastic rhetoric often conflates minor cybersecurity risks with major ones. For example, dramatic doomsday stories about hackers pushing planes out of the sky misdirects policymakers’ attention from the more immediate, but less gripping, risks of data extraction and foreign surveillance. Well-meaning skeptics might then conclude that our real cybersecurity risks are also not a problem. In the meantime, outdated legislation and inappropriate legal norms continue to impede beneficial defensive measures that could truly improve security. Continue reading →
On the whiteboard that hangs in my office, I have a giant matrix of technology policy issues and the various policy “threat vectors” that might end up driving regulation of particular technologies or sectors. Along with my colleagues at the Mercatus Center’s Technology Policy Program, we constantly revise this list of policy priorities and simultaneously make an (obviously quite subjective) attempt to put some weights on the potential policy severity associated with each threat of intervention. The matrix looks like this: [Sorry about the small fonts. You can click on the image to make it easier to see.]
I use 5 general policy concerns when considering the likelihood of regulatory intervention in any given area. Those policy concerns are:
- privacy (reputation issues, fear of “profiling” & “discrimination,” amorphous psychological / cognitive harms);
- safety (health & physical safety or, alternatively, child safety and speech / cultural concerns);
- security (hacking, cybersecurity, law enforcement issues);
- economic disruption (automation, job dislocation, sectoral disruptions); and,
- intellectual property (copyright and patent issues).
Continue reading →
In a recent Senate Commerce Committee hearing on the Internet of Things, Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) “announced legislation that would direct the National highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure our cars and protect drivers’ privacy.” Spurred by a recent report from his office (Tracking and Hacking: Security and Privacy Gaps Put American Drivers at Risk) Markey argued that Americans “need the equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century.”
Among the many conclusions reached in the report, it says, “nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.” This comes across as a tad tautological given that everything from smartphones and computers to large-scale power grids are prone to being hacked, yet the Markey-Blumenthal proposal would enforce a separate set of government-approved, and regulated, standards for privacy and security, displayed on every vehicle in the form of a “Cyber Dashboard” decal.
Leaving aside the irony of legislators attempting to dictate privacy standards, especially in the post-Snowden world, it would behoove legislators like Markey and Blumenthal to take a closer look at just what it is they are proposing and ask whether such a law is indeed necessary to protect consumers. Continue reading →
Christopher Wolf, director of the law firm Hogan Lovells’ Privacy and Information Management group, addresses his new book with co-author Abraham Foxman, Viral Hate: Containing Its Spread on the Internet. To what extent do hateful or mean-spirited Internet users hide behind anonymity? How do we balance the protection of the First Amendment online while addressing the spread of hate speech? Wolf discusses how to define hate speech on the Internet; whether online hate speech leads to real-world violence; how news sites like the Huffington Post and New York Times have dealt with anonymity; lessons we should impart on the next generation of Internet users to discourage hate speech; and cases where anonymity has proved particularly beneficial or valuable.
Download
Related Links
Thomas Rid, author of the new book Cyber War Will Not Take Place discusses whether so-called “cyber war” is a legitimate threat or not. Since the early 1990s, talk of cyber war has caused undue panic and worry and, despite major differences, the military treats the protection of cyberspace much in the same way as protection of land or sea. Rid also covers whether a cyber attack should be considered an act of war; whether it’s correct to classify a cyber attack as “war” considering no violence takes place; how sabotage, espionage and subversion come into play; and offers a positive way to view cyber attacks — have such attacks actually saved millions of lives?
Download
Related Links
Ronald J. Deibert is the director of The Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the author of an important new book, Black Code: Inside the Battle for Cyberspace, an in-depth look at the growing insecurity of the Internet. Specifically, Deibert’s book is a meticulous examination of the “malicious threats that are growing from the inside out” and which “threaten to destroy the fragile ecosystem we have come to take for granted.” (p. 14) It is also a remarkably timely book in light of the recent revelations about NSA surveillance and how it is being facilitated with the assistance of various tech and telecom giants.
The clear and colloquial tone that Deibert employs in the text helps make arcane Internet security issues interesting and accessible. Indeed, some chapters of the book almost feel like they were pulled from the pages of techno-thriller, complete with villainous characters, unexpected plot twists, and shocking conclusions. “Cyber crime has become one of the world’s largest growth businesses,” Deibert notes (p. 144) and his chapters focus on many prominent recent examples, including cyber-crime syndicates like Koobface, government cyber-spying schemes like GhostNet, state-sanctioned sabotage like Stuxnet, and the vexing issue of zero-day exploit sales.
Deibert is uniquely qualified to narrate this tale not just because he is a gifted story-teller but also because he has had a front row seat in the unfolding play that we might refer to as “How Cyberspace Grew Less Secure.” Continue reading →
Washington Post columnist Robert J. Samuelson published an astonishing essay today entitled, “Beware the Internet and the Danger of Cyberattacks.” In the print edition of today’s Post, the essay actually carries a different title: “Is the Internet Worth It?” Samuelson’s answer is clear: It isn’t. He begins his breathless attack on the Internet by proclaiming:
If I could, I would repeal the Internet. It is the technological marvel of the age, but it is not — as most people imagine — a symbol of progress. Just the opposite. We would be better off without it. I grant its astonishing capabilities: the instant access to vast amounts of information, the pleasures of YouTube and iTunes, the convenience of GPS and much more. But the Internet’s benefits are relatively modest compared with previous transformative technologies, and it brings with it a terrifying danger: cyberwar.
And then, after walking through a couple of worst-case hypothetical scenarios, he concludes the piece by saying:
the Internet’s social impact is shallow. Imagine life without it. Would the loss of e-mail, Facebook or Wikipedia inflict fundamental change? Now imagine life without some earlier breakthroughs: electricity, cars, antibiotics. Life would be radically different. The Internet’s virtues are overstated, its vices understated. It’s a mixed blessing — and the mix may be moving against us.
What I found most troubling about this is that Samuelson has serious intellectual chops and usually sweats the details in his analysis of other issues. He understands economic and social trade-offs and usually does a nice job weighing the facts on the ground instead of engaging in the sort of shallow navel-gazing and anecdotal reasoning that many other weekly newspaper columnist engage in on a regular basis.
But that’s not what he does here. His essay comes across as a poorly researched, angry-old-man-shouting-at-the-sky sort of rant. There’s no serious cost-benefit analysis at work here; just the banal assertion that a new technology has created new vulnerabilities. Really, that’s the extent of the logic at work here. Samuelson could have just as well substituted the automobile, airplanes, or any other modern technology for the Internet and drawn the same conclusion: It opens the door to new vulnerabilities (especially national security vulnerabilities) and, therefore, we would be better off without it in our lives. Continue reading →
In the wake of last week’s big SOPA showdown, a lot of people are talking about the expanded presence and power of the Internet, online operators, and digital Netizens in Washington policy debates. I certainly don’t mean to diminish the importance of this particular episode. It certainly is historic, regardless of how you feel about the specifics of SOPA. What does concern me, however, is the way this episode is prompting questions about how much more “engagement” Internet companies need to consider inside the Beltway. For example, today’s Wall Street Journal features an article on “The Web’s Growing Muscle” and notes:
The Internet industry has found a rare sweet spot in Washington. With Google in the lead, the companies have begun building a strong traditional lobbying force in Washington. And, to complement that inside game, websites’ millions of users have become a powerful outside weight on Congress. What’s more, in a rare Washington double play, the concerns of Internet companies have found a sympathetic ear both in the Democratic White House and among Republican presidential candidates who otherwise can’t agree with Barack Obama on anything.
The piece concludes with a quote from an anonymous media executive saying “People are looking at what Google spent on lobbying and wondering, ‘Can we match that?’ It has to be a big spend.”
I cannot possibly think of anything more demoralizing than that. Continue reading →
The folks at Reason magazine were kind enough to invite me to submit a review of Tim Wu’s new book, The Master Switch: The Rise and Fall of Information Empires based on my 6-part series on the book that I posted here on the TLF late last year. (Parts 1, 2, 3, 4, 5, 6) My new essay, which is entitled “The Rise of Cybercollectivism,” has now been posted on the Reason website.
I realize that title will give some readers heartburn, even those who are inclined to agree with me much the time. After all, “collectivism” is a term that packs some rhetorical punch and leads to quick accusations of red-baiting. I addressed that concern in a Cato Unbound debate with Lawrence Lessig a couple of years ago after he strenuously objected to my use of that term to describe his worldview (and that of Tim Wu, Jonathan Zittrain, and their many colleagues and followers). As I noted then, however, the “collectivism” of which I speak is a more generic type, not the hard-edged Marxist brand of collectivism of modern times. For example, I do not believe that Professors Lessig, Zittrain, or Wu are out to socialize all the information means of production and send us all to digital gulags or anything silly like that. Rather, their “collectivism” is rooted in a more general desire to have–as Declan McCullagh eloquently stated in a critique of Lessig’s Code–rule by “technocratic philosopher kings.” Here’s a passage from my Reason review of Wu’s Master Switch in which I expand upon that notion:
Continue reading →
2009 was not as big of a year for Internet and information technology (“info-tech”) policy books as 2008 was, but there were still some notable titles released that offered interesting perspectives about the future of the Net and the impact the Digital Revolution is having on our lives, culture, and economy. So, like last year, I figured I would throw together my list of the 10 most important info-tech policy books of the year.
First, let me repeat a few of the same caveats and disclaimers that I set forth last year. What qualifies as an “important” info-tech policy book? Simply put, it’s a title that many people are currently discussing and that we will likely be referencing for many years to come. However, I want to be clear that merely because a book appears on my list it does not necessarily mean I agree with everything said in it. In fact, as was the case in previous years, I found much with which to disagree in my picks for the most important books of 2009 and I find that the cyber-libertarianism I subscribe to has very few fans out there.
Another caveat: Narrowly-focused titles lose a few points on my list. For example, if a book deals mostly with privacy issues, copyright law, or antitrust policy, it does not exactly qualify as the same sort of “tech policy book” as other titles found on this list since it is a narrow exploration of just one set of issues with a bearing on technology policy.
With those caveats in mind, here are my choices for the Most Important Info-Tech Policy Books of 2009. Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.