[9/7/16] Otto Von Bismarck is thought to have said that if you want to respect law and sausage you should watch neither being made. Charlie Mitchell supports this view in his recent book Hacked: The Inside Story of America’s Struggle to Secure Cyberspace by providing an in-depth, comprehensive history of cybersecurity policy during the Obama administration. The chronological account explores interactions between the White House, bureaucracy, special interests, and Congress. Mitchell considers several points of view and gives the reader a thorough understanding of competing perspectives on issues such as privacy and regulation.
This is a historical work, not a theoretical one (Public Choice Theory is never mentioned), but it is of great value to Public Choice scholars because it explores issues at the heart of the discipline, such as how legislators, bureaucrats, and special interests respond to the incentives they face and how policy gets made (or not made) in light of these competing incentives.
The Politics of Cybersecurity Legislation
The articulation of a cybersecurity policy began in earnest towards the end of the Bush administration, with the Obama White House picking up where they left off. However, after congress failed to pass legislation dealing with the issue during his first term, President Obama issued an Executive Order in February 2013 calling for (among other things) a non-regulatory approach to cybersecurity based on collaboration between the government and technology industry.
The National Institute of Standards and Technology (NIST) was tasked with developing a framework of “voluntary standards” for cybersecurity in collaboration with the tech industry. This was done through a series of conferences where representatives from the two sides met at various college campuses across the country to hash out what such a framework might look like. During and after this process, other government agencies pursued cybersecurity within their various spheres of influence, some successfully (Federal Communications Commission), some unsuccessfully (Department of Homeland Security).
A constant theme throughout the book is Congress’s struggle to pass significant cybersecurity legislation. The issue seems to constantly be before congress during Obama’s second term, but it is frequently kicked to the curb by partisan fighting, elections, government shutdowns, congressional recesses, and other legislative concerns. Cybersecurity legislation is finally passed in the house in April 2015, and in the Senate in October of the same year.
As mentioned earlier, the story of cybersecurity policy during the Obama administration is ripe for Public Choice analysis because it is a story of incentives and self-interest on the part of the legislature, special interests, and bureaucracy.
Congress has very few incentives to…CONTINUE READING