OPINION:
EXPLODING DATA: RECLAIMING OUR CYBER SECURITY IN THE DIGITAL AGE
By Michael Chertoff
Grove Atlantic, $26, 272 pages
“Exploding Data: Reclaiming Our Cyber Security in the Digital Age,” by former Secretary of Homeland Security Michael Chertoff, is an important and insightful critique of what he terms an out-of-date legal framework in the United States that governs the collection and use whether by government or private sector entities of citizens’ personal data on the Internet.
Explaining that this framework was established decades ago when telephone records, texts and photographs constituted the Internet’s metadata (defined as the set of data that makes it possible to search a data source and its related data), the author argues that the United States requires a new legal and policy structure appropriate for cyberspace.
Mr. Chertoff focuses on the technologies that currently mine personal data for law enforcement (especially those that can pinpoint the identities, locations and activities of persons engaging in illegal activities, such as terrorism), or companies (tracking an individual’s purchasing or voting tendencies in social media for marketing purposes, including credit scoring) where safeguarding law-abiding citizens’ civil liberties, especially their rights to privacy, is paramount.
Most concerning, Mr. Chertoff writes, is that not only do “those who collect and aggregate that data have an increased power to influence and even coerce our behavior — possibly through social shaming and financial incentives and penalties,” but that the “expansion of online networks that are connected to physical systems and that even control their operation, has dramatically expanded the ability of malign individuals to interfere with the physical world.” Bad actors, he adds, are also sabotaging information technology systems and engaging in vast identity breaches and thefts from bank accounts and other data sources.
To analyze the problems associated with these surveillance issues and how the “autonomy” of individuals’ personal data in cyberspace can be protected under a new legal framework, the author outlines three transformational periods in the history of surveillance and data or information collection. He terms these periods Data 1.0, Data 2.0 and Data 3.0.
Data 1.0 refers to the period when information was collected through handwritten or printed notes or drawings. These were disseminated through face-to-face interactions and reading the notes. In the next revolutionary change, Data 2.0 refers to the period inaugurated by the invention of photography and telephony in the 19th century. These technologies, the author explains, “made life much more convenient, but at the same time they opened up new methods of surveillance.”
In the most significant revolutionary change, Data 3.0 characterizes today’s “increasingly digital world,” with data, such as photographs and video recorded in “bytes of information” and “transmitted worldwide instantaneously on computers and smartphones and at will.” Data 3.0 is also characterized by the further revolutionary capability of “data analytics — using computer software to examine vast troves of data, reaching conclusions that humans could not reach on their own.”
While such data mining has provided countless benefits, it also “enables pernicious uses” and “societal consequences,” so the author cautions that it must be managed “in a way that protects individuals while enabling benefits to society as a whole.”
Looking ahead, Mr. Chertoff envisions a futuristic Data 4.0, whose beginnings are “already prefigured with modern-day robots and artificial intelligence — in which embedded software in human beings creates true cyborgs: hybrid human machines.”
With such rapid technological innovations reshaping our exponentially evolving digitally data-driven cyberspace, and with governments and various private sectors able to exploit such data to potentially “predict and regulate our behavior,” the author then turns his discussion to how, in this digital environment, new laws can be formulated to empower citizens to “control [their] data, even when hiding it or privately maintaining it becomes technologically impossible.”
Mr. Chertoff also argues that the new legal regime should address the need for Internet service providers to be responsible for policing the security of their networks, including ensuring that extremist websites and the sites that promote “fake news” are carefully monitored and controlled.
In a chapter titled “Cyber Warfare: Deterrence and Response,” Mr. Chertoff discusses the legal implications of the use of cyber weapons by rogue states, including non-state actors that operate on their behalf, and the challenges in responding to such attacks. He explains that the “boundless geography of cyberspace” makes identifying the attackers problematic because the “attackers are not visible and do not wear uniforms” so there needs “to be articulated a clear doctrine about how to effectively deter or respond to a cyberattack, even if it causes serious physical effects.”
In the book’s concluding chapter, Mr. Chertoff proposes a framework for new laws to manage the balance between security and civil liberties that would include “licensing private sectors to defend their networks” when they are attacked; implementing laws to “control the use private parties can make of individual data”; and to “incentivize private parties to collaborate with the government in protecting against shared vulnerabilities.”
“Exploding Data” is an authoritative guide to understanding the legal and security challenges posed by the rapidly evolving digitally driven cyber landscape.
• Joshua Sinai is a senior analyst at Kiernan Group Holdings (KGH) in Alexandria, Va.
Please read our comment policy before commenting.