Cybersecurity is in the news: a network intrusion allegedly interfered with railroad signals in the Northwest in December; the Obama administration refused to support the Stop Online Piracy Act due to worries about interfering with DNSSEC; and the GAO concluded that the Department of Homeland Security is making things worse by oversharing. So, I’m fortunate that the Minnesota Law Review has just published the final version of Conundrum (available on SSRN), in which I argue that we should take an information-based approach to cybersecurity:
Cybersecurity is a conundrum. Despite a decade of sustained attention from scholars, legislators, military officials, popular media, and successive presidential administrations, little if any progress has been made in augmenting Internet security. Current scholarship on cybersecurity is bound to ill-fitting doctrinal models. It addresses cybersecurity based upon identification of actors and intent, arguing that inherent defects in the Internet’s architecture must be remedied to enable attribution. These proposals, if adopted, would badly damage the Internet’s generative capacity for innovation. Drawing upon scholarship in economics, animal behavior, and mathematics, this Article takes a radical new path, offering a theoretical model oriented around information, in distinction to the near-obsession with technical infrastructure demonstrated by other models. It posits a regulatory focus on access and alteration of data, and on guaranteeing its integrity. Counterintuitively, it suggests that creating inefficient storage and connectivity best protects user capabilities to access and alter information, but this necessitates difficult tradeoffs with preventing unauthorized interaction with data. The Article outlines how to implement inefficient information storage and connectivity through legislation. Lastly, it describes the stakes in cybersecurity debates: adopting current scholarly approaches jeopardizes not only the Internet’s generative architecture, but also key normative commitments to free expression on-line.
Conundrum, 96 Minn. L. Rev. 584 (2011).
Cross-posted at Info/Law.