Getty Images / Westend61

Ideas

Proposed Tech-Industry Legislation Would Hurt National Security

Provisions could force tech companies to break apart integrated security tools currently embedded in device and platform operating systems to screen for spyware and malware.

James R. Clapper

|
former DNI

One of the major lessons I learned serving as the Director of National Intelligence for over six years was that cybersecurity must be a team effort. Whether it’s protecting intellectual property, personal data, critical infrastructure, trade secrets, or any other valuable cyber-dependent activity, the government and private sector must share, collaborate, and coordinate. 

The Russian invasion of Ukraine shows how and why. American technology companies have helped the Ukrainian government thwart cyber assaults, efforts that President Volodymyr Zelenskyy himself has commended. They have also enabled Russian citizens to obtain uncensored facts about the war. Indeed, this war has seen cyber offense and defense take their places alongside the more “traditional” kinetic weapons, like Javelins, Stingers, and long-range artillery. 

What we’re witnessing in this war should be prompting us to deepen even further the public-private partnership between technology companies and the government. Regrettably, some policy-makers, in a well-intentioned effort to regulate the influence technology companies have in our society and political discourse, may inadvertently undermine the ability of these companies to be critical components of our cyber security.

Several former national security officials and I recently signed an open letter to express our profound concerns about the unintended implications of pending legislation in both houses of Congress mandating non-discriminatory access for “all business users”—potentially, of course, including foreign rivals—on U.S. technology platforms. Recently the Senate revised its bill; the new version acknowledges—but fails to address—any of the national security concerns raised in our open letter, or reservations expressed by bi-partisan members of the Senate Judiciary Committee during the lone public hearing on this legislation last January. This legislation has at least three serious flaws.

First, the bill still fails to address the major issue we wrote about in our letter: giving “unfettered” access to the hardware and software of American technology companies which could result in major cyber threats, misinformation, access to data of U.S. persons, and intellectual property theft.

Related articles

Biden Pledged to ‘Prohibit’ US Tech Companies From Helping China. It Won’t Be Easy

When Does a ‘Cyber Attack’ Demand Retaliation? NATO Broadens Its View

Second, certain provisions of this proposed legislation could force tech companies to break apart integrated security tools currently embedded in device and platform operating systems to screen for spyware and malware. From spam filters to authentication services, we’ve all come to rely on these fraud protections to keep us safe and protect our data; these provisions could expose consumers to bad actors seeking to exploit the weak links in the cybersecurity chain.

Third, the amended Senate bill requires tech companies to allow every application—including those from abroad—to interoperate with their own platforms, except where doing so would cause a “significant cybersecurity risk.” The bill, however, doesn’t define what the threshold is for such a risk. This could conceivably inhibit a tech company from taking aggressive action against a known threat, out of concern that the threat didn’t reach the “significant” threshold. If the companies have to look constantly over their corporate shoulder in the face of always agile threats, Americans could be exposed to the insidious and subtle changes that exploit previously unidentified vulnerabilities. 

The urge to reduce the power and influence of the technology companies is understandable and well-intentioned. But, there is danger in plunging head-long in achieving this goal, without due regard for the unintended consequences which could impair our national security. What is needed is a time-out while the legislation is subjected to a national security “stress test.” By this, I mean referring this proposed legislation to a select task force of experts drawn from the relevant national security components; their mission would be to look at the legislation through a national security lens, objectively critique it, and make recommendations back to the Congress that would protect national security equities. And, in the interests of public transparency, the Congress should hold an open hearing so the public will know the results of this examination. 

Policy changes that affect the security architecture and practices of these companies must be weighed against potential risk to our cyber safety and security. To do otherwise is dangerous and irresponsible. 

James R. Clapper, a retired Air Force lieutenant general, served as director of national intelligence in the Obama administration. He is a consultant to the Computer and Communications Industry Association

The views expressed here are the author’s own, and do not reflect policies of the Office of Director of National Intelligence or the broader Intelligence Community

NEXT STORY: Quantum Sensors—Unlike Quantum Computers—Are Already Here

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.