Cybersecurity that protects freedom of speech
Recently, top lawmakers in Washington, including Sen. Dianne Feinstein, talked publicly about reconsidering cybersecurity legislation — legislation that has failed to become law multiple times. While President Barack Obama’s executive order is making progress in attempts to shore up some cyberweaknesses, difficult questions remain, particularly regarding personal privacy. We do not have to compromise our personal privacy for the sake of security. With a forward-thinking cyber policy, we can keep ourselves safe and sustain our individual freedoms.
Information networks, such as the Internet, provide unprecedented opportunities for individuals all over the world to meet their potential. But that interconnectedness also creates great security vulnerabilities for the United States. Our banks, power companies and telecommunications networks all are networked and have been targeted with malicious intent. The government cannot protect them alone because most of these assets are privately owned. It’s why the director of national intelligence called cybersecurity the greatest threat to America’s security.
For private companies, one way to reduce the threat of cyberattacks is to share information with government agencies. This enables security and law enforcement officials to create a fuller picture of potential threats, reduce the effect of ongoing threats, and possibly prevent some future attacks. Sharing information won’t create a threat-free environment, but it can assist government in helping businesses protect themselves.
It is important to note, however, that there is a right way to share cyberthreat information — and a wrong way.
The right way is consistent with traditional American values, respects personal privacy and ensures continued freedom of speech. The wrong way is to assume that we must cede all of our personal privacy to remain safe. We can make the Internet more secure without giving up our personally identifiable information.
In fact, our security leaders say they don’t need access to our personal information to protect cyberspace. They just want to know that there are attacks, and the nature of those attacks, so they can help others protect themselves. This can be done by limiting information shared to technical details — such as malicious codes and IP addresses — as opposed to sharing emails and other personal items.
By ensuring information shared with the federal government is anonymous, we can protect ourselves at home and lead by example — consistent with American values — broad.
If we concede that it is necessary to share the content of our communications to secure ourselves, other countries will follow our lead. Freedom of speech will be stifled as personal communications are shared with national governments. Authoritarian countries will cite our policies as they suppress democracy movements grappling to take root.
Some will argue that information should be shared with the government wholesale. But better securing cyberspace does not require knowing what we write in our emails. We can do both. We can anonymize information before it’s shared with the federal government and limit the purposes that information can be used for.
Sharing can easily be incorporated into a company’s network architecture. This will enable us to keep cyberspace as an enabler of innovation and debate, without damaging business’s bottom line. To the contrary, it is in business’s best interests to assure customers that their information is being protected.
As our elected leaders try to pass cybersecurity legislation, they should commit to doing so in a way that maintains freedom of speech. Information that helps protect against ongoing and future cyberattacks can be shared without identifying individual Americans. American security consistent with American values is one idea that Democrats and Republicans can support.