In Part 1 of this post, I suggested that the Senate’s failure to pass the Lieberman-Collins Cybersecurity Act means that we have hardly begun legislating the future of security and privacy on the Web. In 1969, I pointed out, Richard Nixon made a good start on an environmental agenda with his advocacy of environmental laws, launching a decade and a half of legislation. Now, President Nixon was, of course, no tree-hugger. What spurred him into action was his perception that ordinary people—citizens and consumers, including his otherwise “silent majority”—were alarmed by damage being done to their environment.
In our own era of legislative stalemate, and in a commercial environment in which business often shortsightedly acts in neither the public interest nor its own, the process of waking up and taking preemptive action against a digital Pearl Harbor must be focused less on either government legislation or business regulation (whether compelled or voluntary) and more on educating, empowering, and protecting consumers.
As AVG CEO J. R. Smith and I argue in our new book, Wide Open Privacy: Strategies for the Digital Life (IT-Harvest Press, September 2012), consumers want to assume and, in fact, are assuming greater and more granular control over the future of their own digital security and online privacy. They are emerging as a third force in the digital realm, alongside industry and government, and it will be the collective demands of ordinary people—citizens and consumers—that will ultimately drive government legislation and industry cooperation.
I believe that what consumers will come to demand is a national debate centered on three principles:
- Creating the right governance, beginning with the Department of Homeland Security, aimed at protecting vital infrastructure. Protecting our heavily networked infrastructure is a matter of national security and public interest. Neither blanket government sanctions nor vague promises of voluntary private sector compliance are sufficient to protect it. No one suggests that airlines “voluntarily” comply with FAA safety regulations. On the contrary, everyone demands legal enforcement of these regulations. Consumers—citizens—will demand the precise definition of those network and infrastructure spaces that simply cannot be left to the yea or nay of politicians, a Chamber of Commerce, or individual businesspeople.
- Providing security without sacrificing civil liberties. This means getting the cybersecurity context and scale right, with appropriately narrow authorizations of monitoring.
- Providing, as civil and criminal law has long provided in many areas of our lives, for “exceptions” that allow government agencies to defend all the nation’s stakeholders against cyber threats while also providing protections that ensure these measures will be employed for cybersecurity purposes only.
Right now, the calendar puts us deep in the dog days. Senators and representatives have gone home, some, perhaps, to get a few more hours’ sleep in these hot summer mornings. I, for one, feel the heat, and it feels a lot like December 7 could be any day now. Any hour.