19 Pages Posted: 17 Jul 2015 Last revised: 29 Jul 2015
Date Written: July 15, 2015
Current cybersecurity policy emphasizes increasing the sharing of threat and vulnerability information. Legal reform is seen as crucial to enabling this exchange, both within the public and private sectors and between them. Information sharing is due for some skepticism, though, and this Essay (part of a symposium on Privacy in a Data Collection Society) attempts to provide it. Not only are there few real legal barriers to data exchange, but greater sharing will generate little benefit and will create significant privacy risks. This Essay creates a typography of vertical and horizontal information sharing, and argues that while top-down communication could be useful, it faces important practical impediments. The present focus on sharing increases the scope of the surveillance state unnecessarily and displaces more effective cybersecurity policy measures.
Keywords: cybersecurity, information sharing, privacy, surveillance, bug, threat, vulnerability, information security, Internet, cyberlaw, zero day, ISAC
Suggested Citation: Suggested Citation