First, Do No Harm

Last week, I had the chance to listen to and speak with Representative Adam Smith of Washington state about cybersecurity legislation at a reception. This year has been pivotal for passing regulations to govern cyber, and attendees of this security event wanted to know his thoughts on the variety of proposed laws. While Rep. Smith didn’t say much on any given bill, his take on the most important rule for governing the Internet really resonated with me. In cyber as with medicine, “first, do no harm.”  While trying to mitigate the risks, ungoverned spaces, and legal ambiguity inherent in technological revolution, what’s most important is that the laws and regulations we introduce to protect the Internet don’t do more harm than good and ruin what makes the Web so valuable.

This aphorism, borrowed from the Hippocratic oath, is critical right now because this is a pivotal time for the norms, laws, and standards that govern the Internet. Efforts are being made across government to set how the state relates to the new Web and all of the possibilities offered by this generation of information technology. The military is discussing rules of engagement in cyberspace, government agencies are setting policies to get the efficiency benefits of the Internet and mobile while mitigating their risk, and Congress is setting the nation’s laws regarding cybersecurity. As both the critics and proponents of these laws have pointed out, whatever Congress passes will have global ramifications because of America’s dominant role in cyberspace and the tendency of the rest of the world to adopt the norms we set for the Internet. What does or doesn’t get passed isn’t just a dry, legal matter, as  demonstrated by the protests and testimonies of Internet experts, founders, and thought leaders that eventually stopped PIPA and SOPA.

This week, the House of Representatives begins debate on 4 bills related to cybersecurity, the most prominent and controversial of which is the Cyber Intelligence Sharing and Protection Act (CISPA). CISPA is meant to facilitate information sharing between government and industry, allowing the Intelligence Community to give information to private entities and encouraging companies to share information with the government. The premise, that neither vantage point is sufficient and that each sphere has intelligence that would benefit the other, is valid, but while taking steps to reduce one set of risks from criminals and spies, CISPA increases risks to privacy and civil liberties.

While the exact language of the bill is being ammended and debated, civil liberty groups like the Electronic Frontiers Foundation and the ACLU object to the broad range of information that can be shared and conditions under which it can be exchanged. Initially, intellectual property theft and piracy were included under cybersecurity threats, though those specific terms have since been removed. Still, the information shared does not have to be strictly limited to cybersecurity like vulnerabilities and exploits. In the language of the bill, any business could “use cybersecurity systems to identify and obtain cyber threat information to protect [its] rights and property.” CISPA also explicitly allows information sharing to bypass existing privacy and wiretapping laws, and the information used this way is not subject to the Freedom of Information Act, creating a tremendous potential for abuse. Sponsors of the bill have supported amendments to address some of these issues, such as limiting eligible firms to U.S. companies and not, for example, Huawei, narrowing what sort of information can be shared, and only allowing information sharing if a company’s networks are under attack, not  if it feels its terms of service have been violated.

Though somewhat reassuring, such measures would never have even been proposed were it not for public vigilance and outcry. Given free reign, CISPA, like SOPA and PIPA, could have been a tremendous blow to Internet freedom, which in turn would weaken the Internet as a force for freedom of speech and information as well as efficiency, the very reasons the Web is so valuable. The cure, as Hippocrates would have said, would be worse than the disease. As long as lawmakers don’t have a robust understanding of the Internet and cybersecurity and the testimonies of technical experts are marginalized in favor of special interest groups, well-meaning laws and regulations will be proposed that, in an effort to safeguard the net, do damage more serious than the crimes they aim to prevent. Therefore when legislating the future of information technology we must stay committed to “first do no harm” in cybersecurity just as in medicine, so that we maintain a healthy, secure cyberspace.

Sign up for your free CTOvision Pro trial today for unique insights, exclusive content and special reporting.

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

What The Enterprise IT Professional Needs To Know About Git and GitHub

3D Printing… At Home?

Tech Firms Seeking To Serve Federal Missions: Here is how to follow the money

Creating The New Cyber Warrior: Eight South Carolina Universities Compete

Mobile Gamers: Fun-Seeking but Fickle

Update from DIA CTO, CIO and Chief Engineer on ICITE and Enterprise Apps

Pew Report: Increasing Technology Use among Seniors

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

Intel CEO Brian Krzanich and Cloudera CSO Mike Olson on Intel and Cloudera’s Technology Collaboration

Watch For More Product Feature Enhancements for Actifio Following $100M Funding Round

Navy Information Dominance Corps: IT still searching for the right governance model

solid