Valuing a Collaborative Approach for Bolstering Cyber-Security
The Internet is a tremendous tool for creativity, commerce and communication. Unfortunately, criminal enterprises are also using the Internet to hack into networks and computers for the purpose of stealing valuable data—whether personally identifiable information, trade secrets, or content. They are also using Internet ads, as well as pirated content and software or other “bait,” to fund their efforts and lure Internet users into revealing sensitive information, inadvertently downloading malware, or unknowingly becoming a node in a botnet. One-third of the 589 largest ad-supported content theft sites examined in 2014, for example, not only generated millions of dollars in revenue, but also included malware that could infect users’ computers, according to a recent study commissioned by the Digital Citizens Alliance. The MPAA made these points in comments it filed yesterday in a Commerce Department proceeding on cybersecurity in the digital ecosystem.
Much of the Internet’s success is attributable to its decentralized nature. Because no one entity controls it, anyone around the globe can contribute to the Internet’s content and architecture. But that also means no single entity can solve problems when they arise. Consequently, no one set of players can or should be responsible for curbing harmful conduct on the Internet. Doing so will require cooperation among all stakeholders, a sentiment both we and the Internet Association echoed in recent correspondence to the House Judiciary Committee.
The support for that sentiment from groups such as the Internet Association gives us hope that parties across the digital ecosystem—including government, content creators, Internet service providers, search engines, payment processors, advertising networks, domain name registries and registrars—can come together to promote positive online behavior, to hold accountable those who would use the Internet for ill, and to stem or at least not abet the misdeeds of others. Some parties are already taking positive steps, as we outline in our filing, but more can and should be done.
Illegal activity online—including theft of personal information and intellectual property—not only presents major risks to business operations and trust in the Internet, but it also serves as a source of funding and a mechanism for spreading malware that perpetuates further threats to cybersecurity. If pursued consistently, comprehensively, and collaboratively, we believe voluntary initiatives can benefit multi-stakeholderism generally, and cybersecurity in particular, by minimizing the harms from cyber-theft as well as reducing the likelihood of theft and breaches in the first place. To quote the Federal Register notice, these are “discrete security challenges in the digital ecosystem where collaborative voluntary action between diverse actors can substantially improve security for everyone.”