The Other Problem With CISPA: The US Can’t Handle the Data

What's to come?
May 1 2012 11:24 AM

Why the Government Can’t Remain the Cybersecurity Czar

CISPA doesn’t just violate digital privacy. It will flood the U.S. government with more data than it can handle.

(Continued from Page 1)

There are plenty of specific domains in which the amount of data has remained more manageable—think the power grid, the financial system, the government’s internal networks, and the plumbing that underpins mobile phone systems. The government has a legitimate and vital role to play in securing critical infrastructure. This was recognized by the sponsors of the recently introduced Cybersecurity Act of 2012, a Senate alternative to CISPA that aims specifically to “enhance the security and resiliency of the cyber and communications infrastructure of the United States.”

But when it comes to personal and corporate emails, social network postings, online purchases, Internet browsing, and other features of the broader American digital ecosystem, the government’s role must be less central. To put companies in a better position to identify and respond to cyberattacks, the proper direction for most information to flow is away from the government, not toward it. The government can furnish valuable guidance to companies regarding cybersecurity threats. And, to be fair, CISPA does indeed provide a framework for this to occur.

The concerns with CISPA relate to how it handles the flow of “cyber threat information” in the other direction, from companies to the government. The legislation contains a blanket exemption from liability as long as company decisions regarding what to share with the government are made in “good faith.” This will encourage companies to adopt an overly broad interpretation of “cyber threat” and inundate the government with more data than it can likely handle—and much of the information will have little or no cybersecurity value.

Advertisement

It doesn’t have to be this way. Instead, we can safeguard privacy while creating a much more manageable way to assess potential threats. Companies should certainly be able to share properly anonymized data with the government about the types of attacks they are experiencing. The government, in turn, can help to distribute information about those attacks to companies across the American cybersecurity ecosystem, some of which will be able to quickly and cost-effectively identify appropriate defenses. And, in the rare instances when there is a genuine need for the government to access private data in the interest of maintaining the nation’s cybersecurity, appropriately transparent judicial oversight mechanisms should be used.

However, asking Americans to become part of a centralized, paternalistic, “trust us with your personal data” approach, as CISPA would do, makes little technological sense given the complexity and growth trends of today’s digital networks, systems, and services.

The days when the government could effectively be the cybersecurity czar for all of digital America are gone. And, legislation or not, those days aren’t coming back. The proper cybersecurity strategy is one that is both agile and distributed—just like many of the threats it will need to counter.

This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.

TODAY IN SLATE

Foreigners

The World’s Politest Protesters

The Occupy Central demonstrators are courteous. That’s actually what makes them so dangerous.

The Religious Right Is Not Happy With Republicans  

The XX Factor
Oct. 1 2014 4:58 PM The Religious Right Is Not Happy With Republicans  

How Did the Royals Win Despite Bunting So Many Times? Bunting Is a Terrible Strategy.

Catacombs Where You Can Stroll Down Hallways Lined With Corpses

Homeland Is Good Again! For Now.

Crime

Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.

Music

How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

The One Fact About Ebola That Should Calm You: It Spreads Slowly

Piper Kerman on Why She Dressed Like a Hitchcock Heroine for Her Prison Sentencing

Trending News Channel
Oct. 1 2014 1:25 PM Japanese Cheerleader Robots Balance and Roll Around on Balls
  News & Politics
Foreigners
Oct. 1 2014 6:41 PM The World’s Politest Protesters The Occupy Central demonstrators are courteous. That’s actually what makes them so dangerous.
  Business
Moneybox
Oct. 1 2014 2:16 PM Wall Street Tackles Chat Services, Shies Away From Diversity Issues 
  Life
Outward
Oct. 1 2014 6:02 PM Facebook Relaxes Its “Real Name” Policy; Drag Queens Celebrate
  Double X
The XX Factor
Oct. 1 2014 5:11 PM Celebrity Feminist Identification Has Reached Peak Meaninglessness
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
  Arts
Brow Beat
Oct. 1 2014 6:39 PM Spoiler Special: Transparent
  Technology
Future Tense
Oct. 1 2014 6:59 PM EU’s Next Digital Commissioner Thinks Keeping Nude Celeb Photos in the Cloud Is “Stupid”
  Health & Science
Science
Oct. 1 2014 4:03 PM Does the Earth Really Have a “Hum”? Yes, but probably not the one you’re thinking.
  Sports
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?