Cybersecurity

Cybersecurity

Research

Anthony D. Glosson | Aug 10, 2015
This paper seeks to synthesize the available legal resources on active defense. It confronts the intertwined definitional, legal, and policy questions implicated in the active defense debate. The paper then proposes a legal framework to authorize active defenses subject to liability for third-party damages, an approach grounded in the technical and economic realities of the network security market.
Eli Dourado, Andrea Castillo | Jun 22, 2015
This paper will review the laws and standards governing federal cybersecurity policy and will highlight how overlapping responsibilities and unclear lines of authority have accompanied increasing rates of federal information security failures. The paper will then describe how these systemic cybersecurity weaknesses demonstrate the federal government to be an especially poor candidate for managing national systems, and it will explain the shortcomings of a top-down, technocratic approach.
Eli Dourado, Andrea Castillo | Jun 22, 2015
After briefly outlining the current cybersecurity information sharing proposals, we will examine the performance of the many similar programs that the federal government has operated for years. The government’s inability to properly implement previous information sharing systems even internally, along with its ongoing failures to secure its own information systems, casts doubt on the viability of proposed government-led information sharing initiatives to improve the nation’s cybersecurity. We will then examine the flawed assumptions that underlie information sharing advocacy before exploring solutions that can comprehensively address the nation’s cybersecurity vulnerabilities.
Eli Dourado, Andrea Castillo | Apr 17, 2014
This paper will describe the current dynamic provision of cybersecurity and explain how a technocratic solution like the Cybersecurity Framework could weaken this process and ultimately undermine cybersecurity.
Adam Thierer | Jan 25, 2013
This paper will consider the structure of fear appeal arguments in technology policy debates and then outline how those arguments can be deconstructed and refuted in both cultural and economic contexts. Several examples of fear appeal arguments will be offered with a particular focus on online child safety, digital privacy, and cybersecurity. The various factors contributing to “fear cycles” in these policy areas will be documented.
Sean Lawson | Dec 19, 2012
Cybersecurity proponents often rely upon cyber-doom scenarios as a key tactic for calling attention to prospective cyber-threats. This essay critically examines cyber-doom scenarios by placing them into a larger historical context, assessing how realistic they are, and drawing out the policy implications of relying upon such tales. It draws from relevant research in the history of technology, military history, and disaster sociology to examine some of the key assertions and assumptions of cyber-doom scenarios. It argues that cyber-doom scenarios are the latest manifestation of fears about “technology-out-of-control” in Western societies, that they are unrealistic, and that they encourage the adoption of counter-productive, even dangerous policies. The paper concludes by offering alternative principles for the formulation of cybersecurity policy.

Testimony & Comments

Research Summaries & Toolkits

Expert Commentary

May 10, 2016

The battle between the FBI and Apple over law enforcement access to encrypted communications may have died down a bit, but the international War on Crypto rages on.
Apr 12, 2016

The FBI may have been able to unlock San Bernardino shooter Syed Rizwan Farook’s work-related iPhone without conscripting Apple as an unwilling hacker, but that has not slowed down the government’s broader war on encrypted technologies one bit.
Mar 23, 2016

The FBI says a mysterious "outside party" has found a way to unlock San Bernardino shooter Syed Farook’s iPhone without assistance from Apple.
Mar 08, 2016

The tech-policy community is still buzzing about a recent court order compelling Apple to craft a technical tool that would allow FBI investigators to bypass security measures on the iPhone used by San Bernardino shooter Syed Rizwan Farook.
Feb 18, 2016

Too often, corporations serve as quiet collaborators for the surveillance state to avoid retribution from the government. On Tuesday, Apple CEO Tim Cook provided a rare and extraordinary exception to this unfortunate trend in the tech industry by publicly resisting a court order to compromise iPhone security .
Jan 19, 2016

Contrary to the pro-CISA crowd's claims, "insufficient sharing" of our personal data by corporations and government agencies had nothing to do with the failure at OPM—and a new joint report from the FBI and the Department of Homeland Security makes this clear.

Charts

The FBI’s recent conflict with Apple over accessing a locked iPhone in its investigation of the San Bernardino terrorist attack eventually settled out of court when an external party was able to unlock the device. Contrary to the government’s claims that this incident was about just one iPhone, this was far from the first time that law enforcement cited the All Writs Act of 1789 (AWA) to compel private companies to compromise secure devices. This week’s chart shows that law enforcement agencies have attempted to apply this law numerous times in recent years for a range of criminal offenses, particularly drug-related crimes.

Experts

Podcasts

Eli Dourado | August 04, 2015
The Cybersecurity Information Sharing Act (CISA) is up for a vote in the Senate this week. Eli Dourado talks about the implications of this cyber threat information sharing legislation on Marketplace

Recent Events

Join Adam Thierer, senior research fellow at the Mercatus Center, for a Regulation University to discuss the best course of action for dealing with network technologies, without derailing innovation.

Media Clippings

Adam Thierer | Jun 24, 2013
"High technology companies are among the fastest growing lobbying shops in Washington," said Adam Thierer.
Jerry Brito | Jul 12, 2012
Jerry Brito cited discussing current cybersecurity concerns.
Eli Dourado | Jul 06, 2012
Eli Dourado explains how the United States can combat new threats to a free and open web.
Adam Thierer | Jun 28, 2012
Adam Thierer comments on Federal Communications Commission (FCC) Commissioner Robert McDowell's recent speech.
Jerry Brito | Jun 27, 2012
Jerry Brito cited discussing the possible effects of revisions to the UN's global telecommunications treaty.
' '