How scary was the White House’s cyber simulation for senators?

by on March 9, 2012 · 0 comments

On Wednesday, administration and military officials [simulated a cyber attack](http://thehill.com/blogs/hillicon-valley/technology/214951-white-house-simulates-cyber-attack-for-senators-as-part-of-push-for-legislation) for a group of senators in an attempt to show a dire need for cybersecurity legislation. All 100 senators were invited to the simulation, which “demonstrated how the federal government would respond to an attack on the New York City electrical grid during a summer heat wave, according to Senate aides.” Around 30 Senators attended. Some [post-game reactions](http://www.politico.com/morningtech/0312/morningtech421.html):

>After the briefing, [Sen. Jay] Rockefeller spokesman Vincent Morris said: “We hope that seeing the catastrophic outcome of a power grid takedown by cyberterrorists encourages more senators to set aside Chamber of Commerce talking points and get on this bill.” [Sen. Mary] Landrieu said the simulation “just enhanced the view that I have about how important” cybersecurity is. She added: “The big takeaway is it’s urgent that we get this done now.”

So how catastrophic did the simulation get? How many casualties? What was the extent of the simulated damage? Did thousands die a la 9/11? A “cyber 9/11” if you will? We’ll likely never know because such a simulation will be classified.

Yet as policymakers consider the cost-benefit of cybersecurity legislation, I hope they’ll remember that we’ve already had many a blackout in New York City in real life and, well, they didn’t lead to catastrophic loss of life, panic or terror. As Sean lawson [has explained](http://mercatus.org/publication/beyond-cyber-doom):

Continue reading →

SHARE: 0 comments

Rebecca MacKinnon on Internet freedom

by on March 6, 2012

On the podcast this week, Rebecca MacKinnon, a former CNN correspondent and now Senior Fellow at the New America Foundation, discusses her new book, “Consent of the Networked: The Worldwide Struggle for Internet Freedom.” MacKinnon begins by discussing “Net Freedom,” which she describes as a structure that respects rights, freedoms, and accountability. She discusses how some governments, like China, use coercion to make private companies act a as subcontractors for censorship and manipulation. She goes on to discuss a project she launched called Global Network Initiative, where she urges companies like Google and Facebook to be more socially responsible. MacKinnon believes technology needs to be compatible with political freedoms, and she issues a call to action for Internet users to demand policies that are compatible with Internet freedoms.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

SHARE:

Courts, not FCC, Should Protect Free Speech against Mobile Service Shut-offs

by on March 2, 2012 · 2 comments

Today, the FCC issued a Notice of Inquiry, responding to an emergency petition filed last August regarding temporary shutdown of mobile services by officers of the San Francisco Bay Area Rapid Transit (BART) district. The petition asked the FCC to issue a declaratory ruling that the shutdown violated the Communications Act. The following statement can be attributed to Larry Downes, Senior Adjunct Fellow at TechFreedom, and Berin Szoka, President of TechFreedom:

What BART did clearly violated the First Amendment, and needlessly put passengers at risk by cutting off emergency services just when they were needed most. But we need a court to say so, not the FCC.

The FCC has no authority here. The state did not order the shutdown of the network, nor does the state run the network. BART police simply turned off equipment it doesn’t own—a likely violation of its contractual obligations to the carriers. But BART did nothing that violated FCC rules governing network operators. To declare the local government an “agent” of the carriers would set an extremely dangerous precedent for an agency with a long track-record of regulatory creep.

There are other compelling reasons to use the courts and not regulators to enforce free speech rights. Regulatory agencies move far too slowly. Here, it took the FCC six months just to open an inquiry! Worse, today’s Notice of Inquiry will lead, if anything, to more muddled rulings and regulations. These may unintentionally give cover to local authorities trying to parse them for exceptions and exclusions, or at least the pretense of operating within FCC guidelines.

It would have been far better to make clear to BART, either through negotiations or the courts, that their actions were unconstitutional and dangerous. Long before today’s action, BART adopted new policies that better respect First Amendment rights and common sense. But now the regulatory wheels have creaked into motion. Who knows where they’ll take us, or when?

SHARE: 2 comments

No NSA monitoring in McCain cyber bill, seems better on privacy than Lieberman-Collins (UPDATED)

by on March 1, 2012 · 1 comment

After the NSA’s aggressive pursuit of a greater role in civilian cybersecurity, and last week’s statement by Sen. John McCain criticizing the Lieberman-Collins bill for not including a role for the agency, [some feared](http://www.techdirt.com/articles/20120229/17512717918/nsa-makes-its-power-play-to-spy-key-private-networks-pretending-that-only-it-can-protect-everyone-attack.shtml) that the new G.O.P. cybersecurity bill would allow the military agency to gather information about U.S. citizens on U.S. soil. So, it’s refreshing to see that the bill introduced today–the SECURE IT Act of 2012–does not include NSA monitoring of Internet traffic, which would have been very troubling from a civil liberties perspective.

In fact, this new alternative goes further on privacy than the Liberman-Collins bill. It limits the type of information ISPs and other critical infrastructure providers can share with law enforcement. Without such limits, “information sharing” could become a back door for government surveillance. With these limits in place, information sharing is certainly preferable to the more regulatory route taken by the Liberman-Collins bill.

It seems to me that despite Sen. McCain’s stated preference for an NSA role, the G.O.P. alternative is looking to address the over-breadth of the Lieberman-Collins bill without introducing any new complications. The SECURE IT bill is also more in line with the approach taken by the House, so it would make reaching consensus easier.

I’ll be posting more here as I learn about the bill.

**UPDATE 12:06 PM:** A copy of the bill is now available. Find it after the break.

**UPDATE 2:55 PM:** Having now had an opportunity to take a look at the bill and not just the summary, it does appear it includes a hole through which the NSA may be able to drive a freight train. While NSA monitoring of civilian networks is not mandated, information that is shared by private entities with federal cybersecurity centers “may be disclosed to and used by”

>any Federal agency or department, component, officer, employee, or agent of the Federal government for a cybersecurity purpose, **a national security purpose,** or in order to prevent, investigate, or prosecute any of the offenses listed in section 2516 of title 18, United States Code …

That last bit limits law enforcement’s use of shared cyber threat information to serious crimes, but the highlighted bit potentially allows sharing with the NSA or any other agency, civilian or military, for a any “national security” reasons. That is troublingly broad and a blemish on this otherwise non-regulatory bill.

Information sharing with the NSA might be fine as long as it is not mandatory and the shared information is used *only* for cyber security purposes.

**[Cross posted from JerryBrito.com](http://jerrybrito.com/2012/03/01/no-nsa-monitoring-in-mccain-cyber-bill-seems-better-on-privacy/)**

Continue reading →

SHARE: 1 comment

Keeping the NSA out of civilian cybersecurity: there’s a reason

by on February 29, 2012 · 0 comments

Tomorrow Sen. John McCain, along with five other Republican senators, [plans to unveil a cybersecurity bill](http://techdailydose.nationaljournal.com/2012/02/gop-senators-to-unveil-rival-c.php) to rival the Lieberman-Collins bill that Majority Leader Harry Reid has said he plans to bring to the Senate floor without an official markup by committee.

At a hearing earlier this month, Sen. McCain criticized the Lieberman-Collins bill for not giving the NSA authority over civilian networks. And as we’ve heard this week, the NSA has been aggressively seeking this authority–so aggressively in fact that the White House [publicly rebuked Gen. Keith Alexander](http://jerrybrito.com/2012/02/27/the-white-house-strikes-back/) in the pages of the *Washington Post*. But as CDT’s Jim Dempsey explains in a [blog post today](https://www.cdt.org/blogs/jim-dempsey/2902will-nsa-power-grab-imperil-cybersec-consensus),

>The NSA’s claims are premised on the dual assumptions that the private sector is not actively defending its systems and that only the NSA has the skills and the technology to do effective cybersecurity. The first is demonstrably wrong. The Internet and telecommunications companies are already doing active defense (not to be confused with offensive measures). The Tier 1 providers have been doing active defense for years – stopping the threats before they do damage – and the companies have been steadily increasing the scope and intensity of their efforts.

>The second assumption (that only the NSA has the necessary skills and insight) is very hard for an outsider to assess. But given the centrality of the Internet to commerce, democratic participation, health care, education and multiple other activities, it does not seem that we should continue to invest a disproportionate percentage of our cybersecurity resources in a military agency. Instead, we should be seeking to improve the civilian government and private sector capabilities.

The military, and especially the NSA, has great experience and useful intelligence that should leveraged to protect civilian networks. But that assistance should be provided at arms-length and without allowing the military to conduct surveillance on the private Internet. Military involvement in civilian security is as inappropriate in cyberspace as it is in the physical world.

As Gene Healy [has explained](http://www.thefreemanonline.org/featured/blurring-the-civilian-military-line/), civilian law enforcement and security agencies “are trained to operate in an environment where constitutional rights apply and to use force only as a last resort”, while the military’s objectives are to defeat adversaries. The NSA’s warrantless wiretapping scandal speaks to this difference. “Accordingly, Americans going back at least to the Boston Massacre of 1770 have understood the importance of keeping the military out of domestic law enforcement.” The Senate Republicans would do well to leave NSA involvement in civilian networks out of a new cybersecurity bill.

And FYI: I will be presenting at a Cato Institute Capitol Hill briefing on cybersecurity on March 23rd along with Jim Harper and Ryan Radia. [Full details and RSVP are here](http://www.cato.org/event.php?eventid=9060).

**[Cross posted from JerryBrito.com](http://jerrybrito.com/2012/02/29/keeping-the-nsa-out-of-civilian-cybersecurity-theres-a-reason/)**

SHARE: 0 comments

Sen. Levin’s IPO Tax Would Hurt Small Start-ups, Discourage Investment, Slow Growth

by on February 29, 2012 · 0 comments

Sen. Carl Levin wants Facebook to pay an extra $3 billion in taxes on its Initial Public Offering (IPO). The Senator claims the Facebook IPO illustrates why we need to close what he calls the “stock-option loophole.” (He explains that “Stock options grants are the only kind of compensation where the tax code allows companies to claim a higher expense for tax purposes than is shown on their books.”) He wants Facebook to pay its “fair share” and insists that “American taxpayers will have to make up for what Facebook’s tax deduction costs the Treasury.”

One could object, on principle, to Levin’s premise that tax deductions “cost” the Treasury money—as if the “national income” were all money that belonged to the government by default. One could also point out that Mark Zuckerberg, will pay something like $2 billion in personal income taxes on money he’ll earn from this stock sale—and that California is counting on the $2.5 billion in tax revenue the IPO is supposed to bring to the state over five years.

But the broader point here is that Sen. Levin wants to increase taxes on IPOs—and any economist will tell you that taxing something will produce less of it. IPOs are the big pay-off that fuels early-stage investment in risky start-ups—you know, those little companies that drive innovation across the economy, but especially in Silicon Valley? So, while Sen. Levin singles out Facebook as an obvious success story, his IPO tax would really hurt countless small start-ups who struggle to attract investors as well as employees with the promise of large pay-offs in the future.

It’s especially ironic that Sen. Levin proposed his IPO tax just a day after GOP Majority Leader Eric Cantor introduced the “JOBS Act,” a compilation of assorted bi-partisan proposals designed to promote job creation by helping small companies attract capital. That’s exactly where we should be heading: doing everything we can to encourage job creation by rewarding entrepreneurship. Sen. Levin would, in the name of fairness do just the opposite—and, in the long-run, almost certainly produce less revenue by slowing economic growth.

And just to underscore the drop-off in tech IPOs since the heydey of the dot-com “bubble” in the late 90s, check out the following BusinessInsider Chart: Continue reading →

SHARE: 0 comments

“Open Government,” or “Open Government Data”?

by on February 29, 2012 · 2 comments

Paying close attention to language can reveal what’s going on in the world around you.

Note the simple but important differences between the phrases “open government” and “open government data.” In the former, the adjective “open” modifies the noun “government.” Hearing the phrase, one would rightly expect a government that’s more open. In the latter, “open” and “government” modify the noun “data.” One would expect the data to be open, but the question whether the government is open is left unanswered. The data might reveal something about government, making government open, or it may not.

David Robinson and Harlan Yu document an important parallel shift in policy focus through their paper: “The New Ambiguity of ‘Open Government.'”

Recent public policies have stretched the label “open government” to reach any public sector use of [open] technologies. Thus, “open government data” might refer to data that makes the government as a whole more open (that is, more transparent), but might equally well refer to politically neutral public sector disclosures that are easy to reuse, but that may have nothing to do with public accountability.

It’s a worthwhile formal articulation and reminder of a trend I’ve noted in passing once or twice.

There’s nothing wrong with open government data, but the heart of the government transparency effort is getting information about the functioning of government. I think in terms of a subject-matter trio—deliberations, management, and results—data about which makes for a more open, more transparent government. Everything else, while entirely welcome, is just open government data.

SHARE: 2 comments

Time Warner Cable & Usage-Based Pricing, Take Two

by on February 28, 2012 · 0 comments

Time Warner Cable (TWC) has announced it will once again attempt an experiment with usage-based pricing (UBP) for its broadband services. (News coverage here, here, and here.) The company gave UBP a shot a few years ago and some consumers, regulatory advocates, and lawmakers howled in protest. The radical activist group Free Press called for immediate policy action and former Rep. Eric Massa’s (D-NY) was happy to oblige with his proposed “Broadband Internet Fairness Act,” which would have let the FCC decide whether such pricing plans were permissible.

For their latest UBP experiment, TWC goes out of its way to avoid controversy, primarily by making it clear the plan is entirely optional. Here’s what their consumers are offered as part of what is being labelled it’s “Value Edition” plan:

  • Up to 5GB/month of data transmission for a $5/month discount from one’s current monthly bill. All Standard, Basic and Lite broadband customers will be eligible. Turbo, Extreme and Wideband customers will continue as always, with access to unlimited broadband and no optional tiered plan or discounts.
  • The ability to opt-in and opt-out of a tiered package at any time.
  • A “meter” that tracks usage on a daily, monthly, weekly or even hourly basis, enabling customers to accurately gauge usage. Below is an example of the hourly meter:
  • A 60 day/2 billing-cycle grace period to allow customers to adjust usage patterns. During this time we will notify customers of overages but won’t charge for them.
  • Overages will cost $1 per GB, not to exceed a maximum of $25/month.

It’s hard to see how anyone could be against this and I was pleased to see that Harold Feld of Public Knowledge didn’t automatically dismiss it and, in fact, had some rather favorable things to say about it. Continue reading →

SHARE: 0 comments

Clay Johnson on information consumption

by on February 28, 2012

On the podcast this week, Clay Johnson, co-founder of Blue State Digital and former director of Sunlight Labs at the Sunlight Foundation, discusses his new book, The Information Diet. According to Johnson, America’s diet of mass-produced unhealthy food has resulted in an obesity epidemic and we may be seeing the same thing when it comes to our media diet. He believes the problem is not too much information, rather it is the quality of information that people choose to consume. Johnson encourages more responsibility in choosing information intake, similar to what is required to make healthy food choices. He ends by outlining a plan of action and offers tips on consuming “healthy” information.

Related Links

To keep the conversation around this episode in one place, we’d like to ask you to comment at the webpage for this episode on Surprisingly Free. Also, why not subscribe to the podcast on iTunes?

SHARE:

new paper: Technopanics, Threat Inflation & an Info-Tech Precautionary Principle

by on February 28, 2012 · 3 comments

[UPDATE: 2/14/2013: As noted here, this paper was published by the Minnesota Journal of Law, Science & Technology in their Winter 2013 edition. Please refer to that post for more details and cite this final version of the paper going forward.]

I’m pleased to report that the Mercatus Center at George Mason University has just released my huge new white paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle.” I’ve been working on this paper for a long time and look forward to finding it a home in a law journal some time soon.  Here’s the summary of this 80-page paper:

Fear is an extremely powerful motivating force, especially in public policy debates where it is used in an attempt to sway opinion or bolster the case for action. Often, this action involves preemptive regulation based on false assumptions and evidence. Such fears are frequently on display in the Internet policy arena and take the form of full-blown “technopanic,” or real-world manifestations of this illogical fear. While it’s true that cyberspace has its fair share of troublemakers, there is no evidence that the Internet is leading to greater problems for society.

This paper considers the structure of fear appeal arguments in technology policy debates and then outlines how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments are offered with a particular focus on online child safety, digital privacy, and cybersecurity. The  various  factors  contributing  to  “fear  cycles”  in these policy areas are documented.

To the extent that these concerns are valid, they are best addressed by ongoing societal learning, experimentation, resiliency, and coping strategies rather than by regulation. If steps must be taken to address these concerns, education and empowerment-based solutions represent superior approaches to dealing with them compared to a precautionary principle approach, which would limit beneficial learning opportunities and retard technological progress.

The complete paper can be found on the Mercatus site here, on SSRN, or on Scribd.  I’ve also embedded it below in a Scribd reader. Continue reading →

SHARE: 3 comments

← Previous Entries

Next Entries →