CDT appreciates this opportunity to comment on the Department of Commerce’s draft Report on enhance resilience against botnets and other automated, distributed threats. We have previously provided comments to the NTIA in July on botnets, as well as in response to the Department’s “Internet of Things” (IoT) green paper. We additionally participated in the NTIA summer convening and briefed the National Security Telecommunications Advisory Committee.
Generally, we commend the agencies for endorsing a botnet mitigation regime that assigns responsibility to those who have the access and ability to make systemic changes — device manufacturers and service providers. We also appreciate that the report still calls for educating and empowering end users so that they may make informed decisions. Because there is an explicit tension between allowing companies to take voluntary but automated action against devices and accounts, and permitting consumers to control their digital footprint, we propose that the National Institute of Standards and Technology (NIST) convene a dedicated process for discussing the implications for privacy and freedom of expression. Ideally and with your convening function, industry and civil society representatives could more fully flesh out best practices for more systematically evaluating privacy and free speech effects of botnet responses.