The recent global ransomware attack highlights opportunities for the private sector to provide expertise to government, simultaneously advancing data security and protecting privacy, a leading cybersecurity expert suggested.
Many of the solutions the government seeks may already be in use by tech firms, said Todd Hinnen, a Perkins Coie attorney who was previously acting assistant attorney general for national security at the Justice Department.
While the private sector is famously guarded in protecting data and technical secrets, many industry leaders would be willing to share their tools and expertise in the interest of national security, said Hinnen, who counsels clients on privacy and data security issues.
“The innovation brought by the private sector, by startups in Silicon Valley, is presenting a wide variety of options for policymakers,” Hinnen said in an interview Tuesday. “That’s why it’s important that forums be established to discuss these different options and to explore the different policy approaches for these things. And if Congress doesn’t play that role, then the administration needs to do it.”
Government authorities missed a prime opportunity after the 2015 San Bernardino, Calif., terrorist attack, Hinnen added. Then-Federal Bureau of Investigation Director James Comey demanded Apple Inc. provide backdoor access to a private electronic device — and the company refused. In the aftermath, Congress didn’t even solicit comments from stakeholders to advance legislation aimed at balancing the interests of privacy and security.
That balance is on the minds of two leading lawmakers.
Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, sent a letter Monday to Homeland Security John Kelly and Office of Management and Budget Director Mick Mulvaney over delays in cybersecurity upgrades. Warner pointed to a Government Accountability Office report showing failure to comply with deadlines for updating software set by the National Institute of Standards and Technology. He requested a response from the department heads within two weeks.
And Sen. Ron Wyden wrote Monday to the Commission on Evidence-Based Policymaking, which has a report due to Congress on building databases for improving public policy.
“Any efforts to collect, store or utilize data for the laudable goal of improving government programs must also protect Americans’ personal sensitive data,” the Oregon Democrat wrote. “It is my belief that these goals need not be at odds.”
The senator highlighted advancements in the field of encryption, including multi-party computation and differential privacy.
“These technologies are being utilized by other countries and the private sector,” he asserted. “I believe it is time for the U.S. public sector to implement such practices and bring them to scale.”