In the wake of the San Bernardino massacre in December 2015, a federal judge issued an order requiring Apple to unlock an iPhone recovered during the investigation that was potentially used by one of the suspected shooters. Apple CEO Tim Cook has since argued against this mandate, claiming that developing software that circumvents security features could arguably lead to bigger and more serious security problems in the future.
This standoff between the government and business was one of the many topics discussed in the inaugural event of the Center for Cyber Security, a new joint research effort between Law School and the Tandon School of Engineering. The event, “Cyber Dialogues: Technology, Risk, and Governance,” brought together prominent engineers, policymakers, and corporate counsel to explore the important and complicated relationship between law and cyber security.
The first panel featuring Ted Schlein, general partner at venture capital firm Kleiner Perkins Caufield & Byers and moderated by Rajesh De, distinguished fellow at the NYU Center on Law and Security and former general counsel of the National Security Agency, brought to light the ways in which lawyers and engineers do not often speak the same language when it comes to dealing with security breaches and protocols. Schlein believes policymakers need to fully understand the situation before making legislation regarding cyber security. “Policymakers tend to react to situations,” says Schlein. “In the world of technology, we live with our answers for a very long time. It can have pretty long ramifications if we react to situations too abruptly.”
Cooperation between government and the private sector as well as within the sector is necessary to build the proper infrastructure for combatting threats, the panelists agreed. Matthew Olsen, president of IronNet Cybersecurity and former director at the National Counterterrorism Center, believes that the Cybersecurity Information Sharing Act recently passed by Congress, which encourages business-to-government and business-to-business sharing of threat information, is a good step in aggressively combatting cyber threats and breaches of cyber security. “When companies from a particular sector can get to a point where they trust each other enough to share cyber threat information, that’s when we’ll see companies enabling each other to be in the best possible position to detect some type of attack,” says Olsen.
Alex Stamos, chief security officer at Facebook, acknowledges this crucial time for the creation of the Center for Cyber Security. “Technologists need to work with policymakers and lawyers,” says Stamos. Schlein echoed the same sentiments regarding the importance of the Center in creating relationships between engineers and lawyers that will aid in combatting threats. “We’re going to have to get more preemptive. That’s going to be a mixture of innovation, but it’s also going to mean policy. That is why a center like this is going to be so important,” says Schlein.
Posted March 17, 2016