Future of the Internet Initiative’ Opportunity Mapping

The Hill, May 1, 2014. http://thehill.com/policy/technology/205001-tech-industry-wants-surveillance-focus-after-big-data-report; Cain Miller, Claire, and Edward Wyatt. “Tech Giants Issue Call for Limits on Government Surveillance of Users.” New York Times. December 9, 2013. http://www.nytimes.com/2013/12/09/technology/tech-giants-issue-call-for-limits-on-government-surveillance-of-users.html.

72^ See, e.g., Gross, Grant. “Defense Dept. wants to rebuild trust with the tech industry.” Computer World. April 23, 2015. http://www.computerworld.com/article/2914372/cyberwarfare/defense-dept-wants-to-rebuild-trust-with-the-tech-industry.html.

73^ Gustin, Sam. “NSA Spying Scandal Could Cost U.S. Tech Giants Billions.” Time. December 10, 2013. http://business.time.com/2013/12/10/nsa-spying-scandal-could-cost-u-s-tech-giants-billions/.

74^ 18 USC § 2701 et seq; “Sharing Cyberthreat Information Under 18 USC 2702(a)(3).” US Department of Justice, 2014. http://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/03/26/guidance-for-ecpa-issue-5-9-2014.pdf.

75^ See “Cybersecurity Strategy for the European Union: An Open, Safe and Secure Cyberspace.” European Commission, February 7, 2013. http://eeas.europa.eu/policies/eu-cyber-security/cybsec_comm_en.pdf.

76^ “Cyber Security Task Force: Public-Private Information Sharing.” Bipartisan Policy Center, July 2012. http://bipartisanpolicy.org/wp-content/uploads/sites/default/files/Public-Private%20Information%20Sharing.pdf.

77^ See Johnson, Jeh.“Federal Cybersecurity Needs Improvement.” Politico. July 13, 2015. http://www.politico.com/magazine/story/2015/07/federal-cybersecurity-needs-improvement-120061.html#.VbZPxngWE2; Protecting Cyber Networks Act, H.R. 1560, 114th Cong. (2015-2016), https://www.congress.gov/bill/114th-congress/house-bill/1560.

78^ See, e.g., Rozenweig, Paul. “The Administrations Cyber Proposals – Information Sharing.” Lawfare, January 16, 2015. http://www.lawfareblog.com/administrations-cyber-proposals-information-sharing.

79^ See, e.g., Zheng, Denise, and James Lewis. “Cyber Threat Information Sharing: Recommendations for Congress and the Administration.” Center for Strategic & International Studies, March 2015. http://csis.org/files/publication/150310_cyberthreatinfosharing.pdf; Inserra, David and Paul Rosenzweig. “Cybersecurity Information Sharing: One Step Toward U.S. Security, Prosperity, and Freedom in Cyberspace.” The Heritage Foundation, April 1, 2014. http://www.heritage.org/research/reports/2014/04/cybersecurity-information-sharing-one-step-toward-us-security-prosperity-and-freedom-in-cyberspace; “Exchange Cyber Threat Intelligence: There Has to Be a Better Way.” Ponemon Institute, April 2014. http://content.internetidentity.com/acton/attachment/8504/f-001b/1/-/-/-/-/Ponemon%20Study.pdf; “Cyber Security Task Force: Public-Private Information Sharing,” Bipartisan Policy Center, July 2012. http://bipartisanpolicy.org/wp-content/uploads/sites/default/files/Public-Private%20Information%20Sharing.pdf.

80^ See, e.g., Prince, Brian. “Cyberattack Attribution Requires Mix of Data, Intelligence Sources As False Flag Operations Proliferate,” Information Week Dark Reading, October 13, 2013. http://www.darkreading.com/government/cybersecurity/cyberattack-attribution-requires-mix-of-data-intelligence-sources-as-false-flag-operations-proliferate/d/d-id/1140592.

81^ See Thursday, Kristen Eichensehr. “Cyber Attribution Problems—Not Just Who, but What.” Just Security, December 11, 2012. https://www.justsecurity.org/18334/cyber-attribution-problems-not-who/; Schneier, Bruce. “Attack Attribution and Cyber Conflict,” March 9, 2015. https://www.schneier.com/blog/archives/2015/03/attack_attribut_1.html.

82^ Some of this played out publicly in the media. See, e.g., Schneier, Bruce. “Did North Korea Really Attack Sony? It’s too early to take the government at its word.” The Atlantic. December 22, 2014.http://www.theatlantic.com/international/archive/2014/12/did-north-korea-really-attack-sony/383973/; “Was FBI wrong on North Korea?,” CBS News. December 23, 2014. http://www.cbsnews.com/news/did-the-fbi-get-it-wrong-on-north-korea/; Altman, Alex and Zeke Miller, “State Department Insists North Korea Behind Sony Hack.” Time. December 31, 2014. http://time.com/3651171/sony-hack-north-korea-fbi/; Sanger, David and Martin Fackler, “NSA Breached North Korean Networks Before Sony Attack, Officials Say.” New York Times. January 18, 2015. http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?smid=tw-bna.

83^ Robertson, Jordan and Michael Riley. “Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar.” Bloomberg Business. December 10, 2014. http://www.bloomberg.com/news/articles/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar.

84^ Sanger, David. “Obama Order Sped Up Wave of Cyberattacks Against Iran.” New York Times. June 1, 2012. http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=1.

85^ See, e.g., “Cyber Security Strategy,” Australian Government, 2011. https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/AGCyberSecurityStrategyforwebsite.pdf; “France’s Strategy: Information systems defence and security,” Agence Nationale de la Sécurité des Systémés d’Information, 2011 https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/France_Cyber_Security_Strategy.pdf. See also “Cybersecurity Policy Making at a Turning Point: Analysing a new generation of national cybersecurity strategies for the Internet economy,” OECD, 2012. http://www.oecd.org/sti/ieconomy/cybersecurity%20policy%20making.pdf.

86^ Nakashima, Ellen. “White House declassifies outline of cybersecurity program.” Washington Post. March 3, 2010. http://www.washingtonpost.com/wp-dyn/content/article/2010/03/02/AR2010030202113.html.

87^ “A Better Defined and Implemented National Strategy Is Needed to Address Persistent Challenges: Testimony Before the Committee on Commerce, Science, and Transportation and the Committee on Homeland Security and Governmental Affairs, U.S. Senate.” United States Government Accountability Office, March 7, 2013. http://www.gao.gov/assets/660/652817.pdf.

88^ “Presidential Memorandum – Establishment of the Cyber Threat Intelligence Integration Center.” The White House, February 25, 2015. https://www.whitehouse.gov/the-press-office/2015/02/25/presidential-memorandum-establishment-cyber-threat-intelligence-integrat.

89^ “Cybersecurity Policy Making at a Turning Point: Analysing a new generation of national cybersecurity strategies for the Internet economy,” OECD, 2012. http://www.oecd.org/sti/ieconomy/cybersecurity%20policy%20making.pdf.

90^ Ibid., 47. Additionally, in some cases consultation with civil society may also be beneficial. For example, there has been significant civil society backlash in France to its recent intelligence reorganization, which creates a new National Commission for Control of Intelligence Techniques (CNCTR) to coordinate data sharing among agencies and oversee the collection of significant amounts of Internet metadata. See “French Parliament Approves New Surveillance Rules.” BBC. May 6, 2015. http://www.bbc.com/news/world-europe-32587377.

91^ See, e.g., Bejtlich, Richard. “What are the prospects for the Cyber Threat Intelligence Integration Center?.” Brookings Institution, February 19, 2015, http://www.brookings.edu/blogs/techtank/posts/2015/02/19-cyber-security-center-bejlich.

92^ Sanger, David and Brian Chen. “Signaling Post-Snowden Era, New iPhone Locks Out NSA.” New York Times. September 24, 2014. http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html; Kuchler, Hannah. “Tech companies step up encryption in wake of Snowden.” Financial Times. November 4, 2014. www.ft.com/cms/s/0/3c1553a6-6429-11e4-bac8-00144feabdc0.html. Google has appeared to back down from its initial promise to offer end-to-end encryption on Android devices. Compare Timberg, Craig. “Newest Androids will join iPhones in offering default encryption.” Washington Post. September 18, 2014, http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/18/newest-androids-will-join-iphones-in-offering-default-encryption-blocking-police/ with Andrew Cunningham. “Google Quietly Backs Away From Encrypting New Lollipop Devices By Default.” Ars Technica. Mar. 2, 2015. http://arstechnica.com/gadgets/2015/03/google-quietly-backs-away-from-encrypting-new-lollipop-devices-by-default/.

93^ “Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public safety problem. We call it “Going Dark,” and what it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority. We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so. . . . There is a misconception that building a lawful intercept solution into a system requires a so-called ‘back door,’ one that foreign adversaries and hackers may try to exploit. But that isn’t true. We aren’t seeking a back door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by the law.” Comey, James B. “Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course? Speech, Brookings Institution, Federal Bureau of Investigation, October 16, 2014. http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course.

94^ Sanger, David and Brian Chen, “Signaling Post-Snowden Era, New iPhone Locks Out NSA.” New York Times. September 24, 2014. http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html; “iOS Security Whitepaper.” Apple, n.d. https://www.apple.com/business/docs/iOS_Security_Guide.pdf.

95^ Timberg, Craig. “Newest Androids will join iPhones in offering default encryption, blocking police.” Washington Post. September 18, 2014. https://www.washingtonpost.com/blogs/the-switch/wp/2014/09/18/newest-androids-will-join-iphones-in-offering-default-encryption-blocking-police/.

96^ Greenberg, Andy. “Whatsapp Just Switched On End-to-End Encryption for Hundreds of Millions of User.” Wired. November 18, 2014. http://www.wired.com/2014/11/whatsapp-encrypted-messaging/.

97^ Comey, James B. “Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course? Speech, Brookings Institution, Federal Bureau of Investigation, October 16, 2014. http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course.

98^ Mason, Rowena. “U.K. spy agencies need more powers, says Cameron.” The Guardian. January 12, 2015. http://www.theguardian.com/uk-news/2015/jan/12/uk-spy-agencies-need-more-powers-says-cameron-paris-attacks; Temperton, James. “No U-Turn: David Cameron Still Wants to Break Encryption.” Wired. July 15, 2015, http://www.wired.co.uk/news/archive/2015-07/15/cameron-ban-encryption-u-turn (“The UK government still wants to fundamentally undermine encryption in the name of national security . . . .”).

99^ “China adopts new law on national security.” Xinhua News. July 1, 2015. http://news.xinhuanet.com/english/2015-07/01/c_134372966.htm.

100^ See: UN Human Rights Council. “Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye”. Twenty-ninth session, A/HRC/29/32. http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Documents/A.HRC.29.32_AEV.doc

101^ Comey, James B. “Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course? Speech, Brookings Institution, Federal Bureau of Investigation, October 16, 2014. http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course.

102^ Ibid.

103^ Mason, Rowena. “U.K. spy agencies need more powers, says Cameron.” The Guardian. January 12, 2015. http://www.theguardian.com/uk-news/2015/jan/12/uk-spy-agencies-need-more-powers-says-cameron-paris-attacks; Comey, James B. “Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course? Speech, Brookings Institution, Federal Bureau of Investigation, October 16, 2014. http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course.

104^ See e.g., Ashkan Soltani. “Why Apple’s Claim That It Can’t Intercept iMessages Is Largely Semantics.” Ashkan Soltani, October 21, 2013. http://ashkansoltani.org/2013/10/21/why-apples-claim-that-it-cant-intercept-imessages-is-largely-semantics/.

105^ “Letter to President Obama from Civil Society Organizations, Companies & Trade Associations, and Security & Policy Experts,” May 19, 2015. https://static.newamerica.org/attachments/3138--113/Encryption_Letter_to_Obama_final_051915.pdf.

106^ “Letter to President Obama from Civil Society Organizations, Companies & Trade Associations, and Security & Policy Experts,” May 19, 2015. https://static.newamerica.org/attachments/3138--113/Encryption_Letter_to_Obama_final_051915.pdf.

107^ Coviello, Arthur. “Open Letter from Arthur Coviello, Executive Chairman, RSA, Security Division of EMC, to RSA customers,” March, 2011.

108^ Poulsen, Kevin. “Second Defense Contractor L-3 ‘Actively Targeted’ With RSA SecurID Hacks.” Wired. May 31, 2011. http://www.wired.com/2011/05/l-3/.

109^ Lynn, William. “Defending a New Domain.” Foreign Affairs, no. September/October 2010 (n.d.). https://www.foreignaffairs.com/articles/united-states/2010-09-01/defending-new-domain.

110^ Dam, Kenneth, and Herbert Lin. Cryptography’s Role in Securing the Information Society. Washington, D.C: National Academies Press, 1996.

111^ Abelson, Harold, Ross Anderson, and Steven Bellovin. “Keys Under Doormats: Mandating Insecurity By Requiring Government Access to All Data and Communications.” MIT CSAIL Technical Report, July 6, 2015. http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=8.

112^ Abelson, Harold, Ross Anderson, and Steven Bellovin. “Keys Under Doormats: Mandating Insecurity By Requiring Government Access to All Data and Communications.” MIT CSAIL Technical Report, July 6, 2015. http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=8.

Work in Progress