Who can do a better job of protecting us from cyberthreats: private companies like Google, or Uncle Sam?
This was the question discussed at a recent event hosted by the Center for National Policy in Washington. It was one of those seminars that should have been attended by everyone who conducts business online. The views of the two experts on hand – Doug Raymond of Google and Rob Knake of the Council on Foreign Relations – echo the debate in Washington over regulating banks and Wall Street. And the stakes of a cybersecurity crisis are just as high as a financial crisis, if not higher.
America’s cybersecurity is undermined by our rigid insistence that the government stay out of the business of Internet firms. But this noninvolvement badly stings American businesses. It forfeits America’s technological edge and cripples new innovation as cyberattacks from other countries siphon off our intellectual properties and profits.
The Internet industry has been telling the government to mind its own business for years. That effort got a boost last month when a federal court ruled that the Federal Communications Commission can’t enforce “Net neutrality,” the idea that broadband providers not be allowed to restrict access to any content providers.
The ruling sidelined the FCC as a watchdog of broadband services, leaving it with almost no regulatory jurisdiction in that area. If this decision stands, said Mr. Knake, the Internet “will fundamentally be an unregulated and unregulatable industry unless Congress intervenes.”
Google’s Mr. Raymond said the federal government just can’t move fast enough to meet the challenges Internet providers face from foreign cyberattacks. “The best people to stay ahead of the curve and come up with solutions are those who are on the ground managing those products day to day.” Basically, that means: Leave industry free to manage its own products.
The FCC ruling is a short-term victory for some industry players, but it may hurt all of us in the long term by limiting Washington’s ability to regulate the Web and keep it safe. It’s also made mush of the constitutional power of Congress to “provide for the common Defence.”
Instead of fighting the idea of government involvement, said Knake, the private sector needs to start to shape it. He noted that the chemical industry in recent years went to Congress and asked to be regulated. What evolved was just such a constructive partnership.
Raymond acknowledged that some collaboration between the Internet industry and government may be in order, although he insisted that private industry is quicker to identify the threat. The problem, he says, is that the cyberattacks now occur with such frequency that laws cannot be codified quickly enough for the federal government to weigh in.
Frequency indeed. Witness the inability of Google and other companies to protect their crown jewels from Chinese piracy a few months ago.
The Clinton administration suggested a public/private partnership to tend the Internet. The Bush administration reaffirmed that, as has the Obama administration. But President Obama has said he won’t impose security standards on private companies. Meanwhile, cyberthreats are growing worse.
Part of the problem is that Internet firms behave as if they invented the Net – a myth, says Knake. “The Internet was created in a wonderful partnership between the US government, the US academic community, and the US private sector.” Then the floodgates opened, and now with considerable chutzpah, some firms seem to believe the Net has become their domain, a claim reinforced by April’s federal court ruling.
The range of targets for cyberattacks is much bigger now – probably too large for Google and its competitors to fight. And it’s no longer just your PC but an array of devices that store your personal data and connect to the Web.
Social-media sites like Facebook leave the unsuspecting terribly vulnerable. One major threat is called “Facebook phishing” where someone claiming to be your friend cons you into sharing your password. More than 50 percent of these Facebook users employ the same password for their bank accounts, leaving them wide-open to theft.
Clearly, there are legitimate rights and privacy concerns if the government partners with Internet providers. And it’s fair to ask how long it would be before we end up with government surveillance and monitoring of all American Web traffic. But foreign governments in league with foreign hackers already are exploiting that vulnerability. Russia, China, and even some European governments are bigger players on the Net than Washington.
Our current cyberinsecurity, left only to private Internet firms, is rendering American businesses victims of vast industrial espionage unlike anything we have previously experienced.