Like most State of the Union addresses, we expect few surprises on Tuesday night as President Obama stands before a joint assembly of Congress.
Cybersecurity is one of the only topics on which this very divided government should be able to find common ground, and we can all expect it will be an important topic in Tuesday’s address.
After a year of attacks, hacks, and leaks, Federal authorities are going to be given greater authority to go after botnets and stop denial of service attacks. It is widely expected that the Administration will propose new laws governing the use of consumer, energy, and student data and creating new requirements for companies to disclose data breaches.
We haven’t been asked yet, but in case we are, we have prepared a few thoughts on what Mr. Obama should communicate on Tuesday night:
“Everyone listening to this State of the Union should understand that none of the regulations I’ve just proposed are sufficient by themselves to solve our most fundamental cybersecurity problems. In this age of global cyber threats, hacks, and leaks, we all have a role to play in our security. True security can only be obtained collectively, through the conscious choices made by individuals, businesses, and governments.
As lives become more intertwined online and our homes and automobiles become more connected, we must understand that our collective security online is a function of our individual security.
Today, I am asking that each and every American, take the time to become more cyber-aware and to take the modest steps necessary to improve our national cybersecurity. I will use the authority of my office to help educate citizens on the best ways to secure the sensitive medical, educational, and financial information they share online.
- I have directed the Consumer Financial Protection Bureau under the Federal Trade Commission to start a comprehensive campaign to educate all consumers on fundamental skills such as email encryption and personal data protection.
- I have directed the Federal Trade Commission to require all private companies handling sensitive data to notify users of hacks and data breaches no more than 15 days after such a breach has been identified. Several states have already taken strong action, and my administration will ensure that any federal standards proposed avoid undermining stronger state standards.
However, the fundamental cybersecurity challenge of our time is not simply how to protect ourselves from the growing threats posed by nation states and hackers. Rather, it is how to make ourselves safe without compromising our most fundamental rights to free speech and privacy.
When the Founding Fathers assembled in Philadelphia, they did so at great risk to establish a free society and they outlined ten Amendments that we have come to cherish during our brief history as a Nation. Let us not sacrifice our inalienable rights to speech and privacy in the face of increasing threats online. Let us use this challenge as an opportunity to rededicate our nation to the idea that individual privacy matters.
As the attacks on Sony proved to us all, we can no longer afford to be sitting ducks for hackers or countries trying to manipulate our actions. Greater investment in data security, encryption, and protection of personal data will make us more secure in the face of evolving threats while allowing us to maintain our rights to freedom and privacy.
My Administration will cease all efforts to build “backdoors” into the tools we use to communicate online. The bulk collection of data from online messaging services, social media services, and mobile devices is ineffective, it doesn’t led to greater security, and it weakens our security and privacy. When the government has the ability to read everyone’s private communications this is an anathema to free society – a fundamental challenge to the freedoms that generations have fought and died to defend.
- I have issued several executive orders today to increase transparency in our dealings with the FISA court, and,
- I have instructed the Justice Department and all intelligence agencies to submit a report to me no later than 30-days for now on concrete steps they are taking to preserve the privacy of our citizens. These reports will be made public.”
We can dream a little here, but this is when Obama would point over the House visitors gallery, and he’d say this:
“I’ve asked two distinguished experts, Bruce Schneier and Jonathan Zittrain, to work with my administration as advisors to develop new standards to ensure that this and future administrations factor personal privacy into all decisions related to security and technology. Both of these distinguished gentlemen are Board members of the Electronic Frontier Foundation, an organization dedicated to defending individual rights on the internet.”
Ok, maybe that’s too much? We can dream. The President needs to impress upon the public that cybersecurity is a collective responsibility, and he needs to rededicate our government to the defense of individual liberty. It’s about every single one of us taking action to secure our personal data online.
Note: Neither Schneier or Zittrain are associated with Virtru in any way and their inclusion in this post isn’t meant to imply an endorsement. Virtru, on the other hand, would endorse an administration that opted to include them in any privacy initiative.