Continuing on in my series about cybersecurity and whether or not government should manage it centrally, I thought I would look at some obstacles towards setting up such an office.
- The first obstacle - the Constitution
In the United States, there is a little rule book that all of us have to play by, it's called the Constitution. What about the Constitution limits the scope and power of the creation of an office of cybersecurity? It's the 10th amendment:
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
Depending on your interpretation, the federal government is limited to the powers explicitly outlined within the Constitution. What about overseeing cyberhealth is spelled out within the powers delegated to the federal government? Removing botnets? Cleaning up users infected systems? Enforcing standards for RFCs?
There are a couple of responses to this. One is that cybersecurity is a matter of national security; bots could engage in military or economic sabotage (just look at what happened to the 12 colonies in Battlestar Galactica). National security does fall into the realm of the federal government and therefore, cybersecurity does fall under the umbrella of a central office at the national level.
Another response (and here comes the cynic in me) is since when has the 10th amendment been an actual, as opposed to theoretical, constraint on the powers of the federal government? There are many programs too numerous to name - the federal home mortgage program, the department of education, agriculture, wildlife services, environmental protection agency... Some of these programs have good intentions, of course. There is no denying that. But they are clearly programs that are not delegated to the United States by the Constitution and, the way I read the 10th amendment, are reserved to the States or to the people. But they are not, they are under the auspices of the federal government. So, why not simply add one more?
On the other hand, I am not a lawyer who specializes in Constitutional law. So what do I know?
The second obstacle - Government Precedent
Historically, government does not have the greatest track record when it comes to making things efficient. I once read (from a small government type) that in order for the government to create $1 worth of public value, it takes them $2 of taxpayer money. In other words, government is very inefficient and the private sector could do it much better for a much smaller cost.
At this point in time, much in the cyberworld has not been decided, but technology does have a way of eventually settling on standards. VHS beat Beta, Blu-ray defeated HD-DVD. Microsoft Windows is the de facto standard for business computers (please, no arguments here, it's a fact that most office workers run Windows and Office for their daily tasks), UTF-8 is gaining more popularity as a character set encoding. In Europe, the continent converged on the GSM standard whereas previous incarnations were a ragtag bunch of FDMA access technologies, none of which were interoperable. The Bluetooth project was an initiative designed to allow any electronic doodad to talk to anything else. It's taking some time but it's catching on. And speaking of communications devices, the SIM card in most cell phones today are interoperable with other cell phone companies' handsets.
The point is that yes, sometimes it takes a while to get technology to agree on common standards. But it does happen. What do we need government for to make these decisions? They can't possibly have access to all the data that consumers want or need whereas private enterprise can react more quickly and update their standards accordingly.
The come back to this is that we cannot afford to wait while private business decides how they want to handle this. Whereas in the previous cases the biggest detriment to consumers was inconvenience, in this case, the biggest detriment to consumers is fraud, fake pharmaceuticals, and the ruining of the Internet. How much time can we afford to wait?
Are there other obstacles that I haven't named?
More in a future post.