In comments filed yesterday, CDT asked the Department of Commerce to take a careful, nuanced approach to cybersecurity, to favor market-based approaches over government mandates, and to ensure that its efforts are not so heavy-handed as to stifle innovation or slow the development of necessary cybersecurity measures. CDT also urged the Department to take a leading role in implementing the National Strategy for Trusted Identities in Cyberspace, now being developed by the White House. We alerted the Commerce Department to our concern about NSTIC’s current focus on the use of government credentials for private transactions: A pervasive government-run online authentication scheme is incompatible with fundamental American values, CDT’s comments said.
CDT asked the Department to distinguish between various private systems and elements of the Internet as it formulates its cybersecurity policy. We pointed out that policy toward private systems should have a light touch and should seek to preserve the characteristics of the Internet that make it such a success – its open, decentralized and user-controlled nature. Policy toward government systems can be more prescriptive, the comments said. We also cautioned that cybersecurity measures should not compromise President Obama’s promise that the government’s pursuit of cybersecurity will not include government monitoring of private sector networks or Internet traffic. The comments urge the Department to resist calls to create a cybersecurity information sharing regime that would involve sharing of Internet communications traffic that would compromise the promise of privacy that underlies the laws governing electronic surveillance.
CDT issued the comments in response to a July 28, 2010 Notice of Inquiry the Department issued seeking comment on measures to improve cybersecurity while sustaining innovation. The NOI is one of a series of inquiries from the Department’s Internet Policy Task Force. It will use the comments it collects in connection with a report the Task Force issues to help shape the Obama Administration’s cybersecurity policy.