On the national policy front, or "Big 'P' Policy, both privacy and security issues are rising to the fore. Do not track mechanisms are, to quote a New York Times recent article on this subject, "features on browsers — like Mozilla’s Firefox — that give consumers the option of sending out digital signals asking companies to stop collecting information about their online activities for purposes of targeted advertising." The market sector is not happy. Microsoft is releasing version 10 of its web browser, Internet Explorer, with a default do not track setting; to allow cookies or other tracking requires the user to change the setting. Business interests have reacted angrily, with the Association of National Advertisers sending Microsoft's CEO, Steve Ballmer, an open letter objecting to that decision. A slew of blue ribbon companies chimed in, including I.B.M., Verizon and Walmart. (Interesting bedfellows ...) According to this same article, nine Congressmen (lobbied by guess what interests?) sent a letter of concern to the F.T.C. skeptically inquiring about the Agency's association with the well-respected, independent Internet technology group W3C, World Wide Web Consortium, over privacy issues. My heavens, don't the Congressmen know this is a free country? This article is worth a full read.
About security, the Obama Administration is unhappy with Congress for buckling to those same, mainstream corporate interests who fought robust cybersecurity legislation. If one ever wanted evidence that corporations ultimately don't give a fig about our country, this one is a good example. Defense Secretary Leon Panetta subsequently has taken his message on the road, most recently to the New York City Intrepid Sea, Air and Space Museum. Comparing the potential for a cyber attack to the military one on Pearl Harbor in 1941, Panetta educates on two fronts. First is the technical lesson. For those who do not understand or appreciate how wired is our functional infrastructure, he is connecting the dots between, for example, how utilities work on networked connections. Multiply that lesson into all the areas of everyday life: medicine, banking, and transportation, again just to take some examples, and one gets the picture of how quickly our everyday experience could grind to a catastrophic halt as the result of a successful cyberattack on our networked systems. Second is the civics lesson. For those who do not understand where the opposition comes from and why, he is painting a clear picture: the business community. Why do they take that position? Purely for financial reasons. Businesses, thinking only of their fiduciary responsibilities and not their civic ones -- notwithstanding their legal standing as "individuals," a legal fiction if there ever was one -- do not want to spend the money to bring their systems into compliance with protective technical security measures. It is in moments such as this one that I seriously question the wisdom of representative government heavily influenced by unrestrained lobbying. President Bush sent the country on the path of spending close to a trillion dollars and many thousands of U.S. lives lost in wars half-way around the globe, but business bullies legislators to keep us from being safer at home? That logic only makes sense if you recognize the corporate stranglehold on Congress through unrestrained advertising and lobbying. And Defense Secretary Panetta might have a third mission: to prepare us all for an executive order to make this vital change happen. It is the final tool in Obama's toolbox, and for one, I hope he uses it.
On the institutional policy front, what I call "Little 'P' Policy," these political developments demonstrate the difference between what is "privacy" and what is "security." For too long now in higher education, institutions have collapsed the two categories. Perhaps a decade ago when we were all scrambling to ramp up technical security operations, the confusion was understandable because it was suppressed under the rush to make network changes. The long-term result has been that most people assumed that the two categories were interchangeable, or that privacy was something -- whatever it was -- subsumed by technical security. Actually, the opposite is true. Privacy practices include administrative, logical and physical security as one of a standard four measures (notice, transparency and relevancy are the other three). Technical security on a national policy basis remains nonetheless a critical issue, as this debate over cybersecurity illustrates. But the two concepts differ in important ways. Therefore, to continue down a path that sows confusion about these distinctions would be to wrongly repeat a mistake whose time to correct is upon us for the sake of risk management. Keeping abreast of "Big 'P' Policy" not only helps us be better citizens but may help us do our jobs better in colleges and universities.