The Associated Press reported this morning on a study to be released by The Constitution Project that concludes Americans should be concerned about the federal government's public-private partnership efforts to share information. Specifically, the AP states that the report raises concerns about "sensitive personal information of people who work for or communicate with [private sector companies sharing information] could be improperly or inadvertently disclosed." In addition, the Constitution Project has found that the government "runs the risk of establishing a program akin to wiretapping all network users' communications."
Ensuring that we protect privacy is important, but, at the same time, if there truly is going to be a public-private partnership to further our efforts on cybersecurity we must be careful to not overly restrict efforts to share information to evaluate the threats and vulnerabilities that are leaving our nation more vulnerable each day. Safeguards are certainly needed but we need to ensure that we do not make them overly onerous so as to make any effective information sharing impossible.
Without an effective information sharing regime, Congress, the administration and the private sector will continue to struggle in formulating a comprehensive mechanism for making sure we know who, what, and why so many websites, whether they're selling shoes, military weapons or a president's fitness challenge, are being attacked and ransacked of data. Also, privacy cannot be addressed in a vacuum -- the government should be careful not to overly restrict its public-private partnerships by holding them to a standard that is antiquated in today's social media driven society where information is freely shared and available
Quite simply, information sharing for cybersecurity must be a golden mean between privacy, functionality, and effectiveness.