Investing in cyber – and economic – security: Let’s get to it

With respect to the newly proposed SECURE IT Act, it's awesome we have the opportunity to continue to drive the dialogue on how we advance our protection in cyberspace for America in a global context. Over the past few weeks, the Senate has been preparing to take up cybersecurity legislation aimed at the protection of our nation’s critical infrastructure, including energy grids, financial markets and other institutions central to the lives and livelihoods of Americans. This is important work and an opportunity to address the growing and maturing cyber threats we face as a country.  Though there are differences of opinion on how we arrive, we all agree we need to get there.
Several elements of the previously-proposed Senate bill as well as the SECURE IT Act advance the goals of the sharing of threat information and the best practices between government and private industry, including: 1) conducting sector risk assessments to identify gaps, 2) updating the Federal Information Security Management Act (FISMA), 3) improving cyber workforce development, 4) addressing criminal penalties, and 5) investing in cyber R&D.


LightSquared will make for a better connection

As a progressive state legislator, it’s not every day that I find myself championing a conservative infrastructure investment model like the LightSquared project. However, my hometown was the last in the nation to use the crank phone (no...not the rotary dial). I may still get carded at the store, but I remember using the system. More than most, I recognize the economic consequences of being on the wrong side of the digital tracks.

While the federal government has been wasting trillions of dollars building nations abroad, our own infrastructure here at home has taken a hit, not the least of which is our broadband investment. It’s great that urban parts of the country have broadband Internet and reliable cell phone service; the rest of us do not and that hurts the entire American economy. Regardless of whether the investment is public or private, it needs to be made. LightSquared is investing billions in private money to deploy the most robust, reliable 4G mobile broadband system in the country.

The question is where have the Conservatives been up until now?


Google privacy policy remains a cause for concern

The line between providing a dynamic service and violating customers’ privacy can be a thin one in the 21st century. As technology giants strive for one-touch solutions across multiple platforms to create a more convenient experience for their customers, they must avoid misusing these customers’ personal information. The case-in-point for this struggle appears to be Google’s new privacy policy, which three dozen state attorneys general – myself included – and consumer protection officials asked the company to reconsider last week.

Google justifies its new privacy policy—which was implemented today—by arguing it needs to consolidate roughly 60 product-specific privacy policies into one comprehensive policy in order to improve the user experience and make its privacy policies and practices more understandable. Google claims that the unified privacy policy will not change or expand the information it collects about its users. Rather, Google argues that it will merely combine data collected by one Google service with information about that same user that was collected by other Google services—effectively treating the customer as a single user across all services.


Cyber Security Act of 2012 requires a liability protection bug fix

The Lieberman-Collins-Rockefeller-Feinstein Cyber Security Act of 2012 seeks to protect high-risk critical infrastructure of the United States from cyber attack, and to create a place for private sector entities to share cyber information without fear of reprisal—while receiving the “secret sauce” only the government can provide: intelligence and law enforcement information. These dual goals are important, and it is past time Congress acted in this area.  But the Act is—to use a tech term—buggy.  It doesn’t sufficiently tamp down potential legal liability for private entities, and in some cases increases it, creating an insurmountable disincentive for companies to voluntarily share cyber information. It leaves owners of critical infrastructure subject to civil litigation and outsized damages if an attack happens, even when they fully comply with the Act’s mandates. Before the Act comes out of beta, Congress should debug its liability protection provisions.  Here’s how:


Social media monitoring is critical for government operations

As Congress goes about grilling Homeland Security over the department’s monitoring of social media—as it did in a hearing last week—a more fulsome understanding of the benefits of social media monitoring and analysis is needed. The value of social media monitoring extends far beyond the important but niche domain of monitoring terrorist chatter online. Rather than asking why the federal government should monitor social media, Congress should be asking why aren’t more agencies monitoring social media?

Monitoring and analyzing terrorist conversations to gain actionable intelligence is simply the low hanging fruit that agencies can pick to aid their missions. There are at least three additional ways social media monitoring can be useful—even critical—for government agencies, and a variety of other, smaller benefits as well.


To be competetive, New Mexico must look to the stars

Special interest groups in Santa Fe have harmed New Mexico’s competitive edge as the home to commercial space flight. Up until now, New Mexico had been the leader in this burgeoning global industry. Today, we stand on the precipice of losing our future to Colorado, Texas, Virginia and Florida.  
It should surprise no one that spaceflight is still riskier than airline flight. In 2004, the Commercial Space Launch Amendments Act was signed into federal law and has worked very well in fostering the development of new companies in the United States -- especially New Mexico. This law has allowed for the creation of a new commercial business -- suborbital spaceflight for average citizens. It allows commercial space travel companies to obtain insurance by having passengers sign a consent agreement, in exchange for the thrill, the excitement and the experience of a lifetime. To date, hundreds of potential passengers have signed a federally approved consent agreement that protects these new companies in federal court.


Spectrum allocation is not a short-term budget matter

Exactly 100 years ago, Congress decided to give broadcasters exclusive licenses to use the nation’s public spectrum. It has been clear for at least 50 years that was not the most efficient way to allocate this public resource. Unfortunately, that is not stopping the debate on Payroll Tax Extenders legislation from making another 100-year mistake. By refusing to make additional high-quality spectrum available for shared use, Congress will suppress the growth of the wireless sector, slow innovation and job creation and reduce federal revenues.

By every measure of economic performance – device shipments, users, usage, efficiency, value and innovation – the unlicensed model has equaled or exceeded the exclusive licensed model in the past decade. Ironically, the FCC, which fathered this remarkable success, has never studied it in detail.  Predictably, the advocates of exclusive licenses have never come to grips with the remarkable success of shared use. Appreciating the success of shared spectrum is the key to avoid making another 100-year mistake.


Failing to consult with stakeholders on Internet gaming is an unacceptable gamble

As Congress debates whether to legalize Internet gaming, it’s important to guarantee that Native American tribes are dealt a fair and honest hand. They deserve nothing less.

Not inviting majority stakeholders to weigh in when drafting game changing legislation is as shortsighted as doubling down at a poker table before you see your cards.

Yet that’s exactly what some lawmakers are doing when they draft Internet gaming legislation and deny tribal leaders and tribal gaming regulators a seat at the policy table. We believe that’s wrong, and we’re determined to make certain the voices of Native Americans are heard. Today, there are 565 federally-recognized tribes and nearly 3 million Native Americans spread across the United States. They have a huge stake in this outcome, but you wouldn’t know it by reading the legislation which has been introduced so far.


Convergence of Internet search and social networks

For the last several years, technology gurus have predicted that Internet searches will become “more social.” They anticipated that information people shared about themselves, their interests, and their opinions through social media outlets would increasingly appear in results delivered by Internet search engines like Yahoo, Google and Microsoft’s Bing. The reason for their prediction: users want this information to help in making their own decisions about what products to buy or services to use.

The predictions are rapidly becoming reality. A simple search on all three of these large search engines already yields results that include Facebook pages, Twitter accounts, Tumblr sites and LinkedIn profiles. All three search engines have begun to merge Internet searches with social media data, and the trend is likely to accelerate.

Just as the search engines work to fold in social results, the largest social media sites are acting more like search engines. An entry in Facebook’s “search” box once returned only results on Facebook users. But today it also includes results from Microsoft’s Bing search engine along with Facebook user data. The boundaries between the search and social media sites are increasingly disappearing - yet another example of the fluidity of the Internet. In fact, Facebook, citing the highly competitive nature of its business in its recent S-1 filing, identifies both Google and Microsoft as competitors.


Cybersecurity is a 'team sport'

The federal government possesses cybersecurity threat information and technical capabilities that private enterprises simply do not have. But what is the proper role of the government in the cyber realm? Should it provide cybersecurity for the private sector, or should the government require that the private sector secure its own networks to a particular standard? These topics are currently under great debate in both the House and Senate.

The Internet is a complex system, made up of a growing number of networks and digital devices. It would be exceedingly difficult for any one body or organization to manage and ensure the integrity (viability) of the Internet and all devices that connect to it without massive resources and sweeping authorities, including the standardization of security practices. Such standardization could restrict and slow the innovation that has sparked the global technology industry; could limit the flexibility, and thereby the value, a network provides to its owner; and, in the long run, could actually make networks more vulnerable, especially in instances of state-sponsored hacking. At a time when we’re still struggling with the impact of the economic downturn, new standards and regulations would be poorly received.