Lieberman-Collins-Carper Bill Threatens Nation’s Cybersecurity (((super-interesting to see this thing get denounced from the right)))
Statement by Wayne Crews
Vice President for Policy and Director of Technology Studies
Competitive Enterprise Institute (((best known for its global-warming denialism, but hey, why not your computer)))
http://www.sourcewatch.org/index.php?title=Competitive_Enterprise_Institute
Washington, D.C., June 24, 2010 – This afternoon, the U.S. Senate Homeland Security Committee begins markup of the Lieberman-Collins-Carper cybersecurity bill, which contains controversial provisions to allow the president to assume control of critical private network assets in event of a "cyber-emergency."
Tomorrow, the White House will reportedly unveil its security and privacy strategy, called the National Strategy for Trusted Identities in Cyberspace, which will address firms’ use of personal information, liability standards, and regulatory approaches to digital privacy.
(((Nobody much uses the term "cyberspace" any more – except for spies, feds and the military. The spies don't like it because "cyberspace" has become a code term for saying that the NSA should butt out pronto and leave it to the Air Force. But the CEI guy writing this article is firmly on the side of the Blackwater-style private-enterprise cyberwar spooks, so he thinks that the safety of your computer is all about the profits of the corporate backers of his thinktank. Did you ever wonder why American cybersecurity is such an awful mess that Cassandras like Richard Clarke are the only guys telling the truth about an abject, perilous situation? This little ideological symptom is one reason among about a zillion.)))
Policymakers should reject such proposals to centralize cybersecurity risk management. ((("Governments should abandon cyberwar and leave it to private mercenaries." "Cyber-feudal protection rackets are far more efficient than federal law." This may, in fact, be true. Too bad you have to find out by risking your hard disk, your credit rating, your economy and your critical infrastructure on the say-so of neocon astroturf geeks.)))
The Internet that will evolve if government can resort to a “kill switch” will be vastly different from, and inferior to, the safer one that will emerge otherwise. The unmistakable tenor of the cybersecurity discussion today is that of government steering while the market rows. (((Unlike modern finance, where the government rows and the market steers.)))
To be sure, law enforcement has a crucial role in punishing intrusions on private networks and infrastructure. But government must coexist with, rather than crowd out, private sector security technologies. ((("Hey government: you do the punishment, we'll make the money.")))
Security is a competitive feature, one best advanced by non-political solutions. (((So, who should compete to "protect" you best – the Crips, or the Bloods?))) Firms face unrelenting competitive pressures from upstream and downstream business partners and the capital markets to advance security. (((No they don't. This is a lie.))) Cybersecurity technologies—from biometric identifiers to firewalls to encrypted databases—and cybersecurity services—from consulting to liability insurance to network monitoring—thrive on competition. (((Now you know who his commercial sponsors are.)))
Washington should recognize that tomorrow’s information society will not resemble today’s, (((that's for sure)) especially as biometric authentication and holographic computing emerge. (((There have just gotta be Russian botnet hackers cracking up right now over that total smoke-ghost of "holographic computing." You might as well invoke "Intelligent Design."))) Government brings little to the table on these high-tech frontiers, besides an appetite for regulation. (((Not like the feds invented the Internet, or anything.))) Ill-conceived public policy could do grave damage. ((("To the guys who pay my salary.")))
Six Federal Steps to Strengthening Cybersecurity
Emphasize securing government networks: Government is a lead offender in network vulnerabilities, and its own disdain for the sanctity of personal information is appalling. Washington should focus on protecting the government’s own networks and setting security standards for its own agencies and arresting actual computer criminals. (((Wait till you see this guy's hysterical reaction if the government starts building its own secure, non-commercial, open-source networks.)))
Don’t define what security is: The White House's “authentication strategy” is overly presumptive in that it fails to acknowledge the legitimacy of anonymity strategies. In a free society, individuals should be able to present different faces to the world in different contexts. Inadequate authentication technologies and the inability to exclude bad actors are at the core of of today’s cybersecurity problems. (((Nice oxymoron there.)))
Stop interfering with the ability to make cybersecurity guarantees: Too often, firms want to make ironclad privacy guarantees but cannot do so on account of government. (((Because they'd get sued for blatantly lying to the public, but never mind.)))
Policymakers should reform outdated privacy laws that provide insufficient protections against governmental access to sensitive data. In the same vein, they should avoid coercive data retention mandates, national identification schemes and warrantless Internet surveillance. (((Thrashing around trying to build a do-nothing coalition here. Modern Washington excels at do-nothing coalitions.)))
Deregulate critical infrastructure networks such as telecommunications and electricity: Businesses in the high-tech sector increasingly demand better service and security. (((Deregulated electricity would be a pretty good trick: backyard nuclear reactors, here we come.)))
Properly fulfilling these demands will necessitate total liberalization of critical infrastructure assets like telecom and electricity networks, (((drill, baby, drill))) including the relaxation of antitrust constraints (((goodbye, Justice Department))) that prevent firms, intra-industry, from coordinating information security strategies and enhancing reliability of overlapping critical infrastructure. ((("Microsoft/Exxon Acquires USA")))
Reject privacy regulation: While government thwarts firms' ability to make privacy guarantees, it regulates information collection and use in destructive and short-sighted ways. The House Energy & Commerce Committee, for instance, is now considering draft legislation that would govern how private companies can use data. ((("You're a dirty spy, we're a competitive intelligence analyst")))
Reject compulsory net neutrality: Compulsory net neutrality is incompatible with cybersecurity and should be explicitly ruled out by an act of Congress. (((Be sure to step on the necks of the little guys, no matter what.))) Congress should hold hearings on the abysmal, primitive understanding that the administration and agencies seem to have of network property rights and the creation of secure infrastructure wealth and content. (((Intellectual Property all the way, we love you RIAA!!)))
See the following by Wayne Crews for further detail:
• Preventing Identity Theft and Data Security Breaches: The Problem with Regulation.
• Cybersecurity Finger-pointing: Regulation vs. Markets for Software Liability, Information Security, and Insurance.
• Cybersecurity and Authentication: The Marketplace Role in Rethinking Anonymity–Before Regulators Intervene,
• Giving Chase in Cyberspace Does Vigilantism Against Hackers and File-sharers Make Sense? (((Did you have to ask?)))
###
CEI is a non-profit, non-partisan public interest group focused on overregulation.
