A few links that have caught our eye this past week:
Paul Rosenzweig has posted a nice piece on Lawfare on the reasons to be skeptical of the need for cybersecurity regulation. He breaks cybersecurity down into its constituent parts (as we have urged) of cybercrime, cyber espionage, and truly catastrophic “digital Pearl Harbor” attacks. He suggests that the first two do not justify regulation, and (like us) is skeptical about the degree of risk of the third. In explaining that skepticism, he provides an elegant analysis of the electric grid, the taking down of which is a frequent cyber-attack scenario, and makes the point that the pro-regulation viewpoint “mistakes vulnerability for risk”—in other words, there can be a vulnerability in a system, but still a low risk that anyone will actually be able to or try to exploit it.
We don’t actually have any problem with government regulation of utilities and similar critical infrastructure to ensure good basic cyber-hygiene—though of course we see grave civil liberties problems in other aspects of recent cybersecurity proposals.
Not only do we not want the government invading our privacy, we don’t want companies doing so either. But online behavioral tracking has increased 400% since November 2010, according to a new study. Meanwhile, as all this furious energy goes toward discovering what we are up to, the government last year spent more than $11 billion to keep us from finding out what it was up to, according to another report, this one from the government’s Information Security Oversight Office.
Among the things the government doesn’t want us to find out is whether and to what extent it is reading e-mails without a warrant. My colleague Catherine Crump’s great work trying to find out is rightly highlighted by Bob Sullivan in this MSNBC piece. Meanwhile my colleague Kade Crockford at the ACLU of Massachusetts has posted a piece on mobile “IMSI catchers” and how they can be used by the authorities to collect identity (and other) data, partly pointing to the work of our soon-to-be colleague Chris Soghoian on the issue.
Finally on the ACLU front, our New Jersey affiliate has released a smartphone application that helps people to record and store interactions with the police. That follows release of an app by the NYCLU to help New Yorkers monitor the problem of unlawful police “stop and frisk” encounters. Both are much-needed reminders that technology can be used to enhance liberty, not just control it. We hope to see a lot more of that in coming years.