Cybersecurity

Rethinking Government Use of Commercial Exploit Tools After WhatsApp Spying
The recent WhatsApp lawsuit shows the significant risk to individuals, as well as public trust, that comes from allowing commercial systems to remain exploitable.
Read More >>

For a menu of actionable ideas for policymakers related to cybersecurity, see ITIF’s “Tech Policy To-Do List.”

Cybersecurity
Check a box to narrow search for individual content items that cover numerous issues.
December 4, 2019
Weakening Encryption Would Put Vulnerable Populations at Risk
While law enforcement needs tools to protect the public, requiring companies to provide access to encrypted consumer data would have the unintended consequence of putting vulnerable populations at risk without solving law enforcement’s most significant challenges in using digital evidence.
November 8, 2019
Rethinking Government Use of Commercial Exploit Tools After WhatsApp Spying
The recent WhatsApp lawsuit shows the significant risk to individuals, as well as public trust, that comes from allowing commercial systems to remain exploitable.
August 16, 2019
Americans Need Alternatives to ‘Free Credit Monitoring’ After Data Breach
In an op-ed for InsideSources, Daniel Castro writes that companies responsible for data breaches should be required to offer consumers their choice of a menu of security-enhancing products and services.
April 10, 2019
Breaking Up Big Tech Would Not Make Consumer Data More Secure
Taking the bludgeon of anti-trust to tech companies will make cyber security worse, not better.
March 27, 2019
Allowing Companies to Hack Back: Good Security or Vigilante Justice?
From data breaches to denial of service attacks, the private sector routinely faces a barrage of threats from those seeking to wreak havoc on their digital systems. When faced with an attack, companies can take steps to secure their own systems, but they are not authorized to retaliate against any system that they do not own. What are the domestic and international implications of authorizing private entities to engage in offensive cybersecurity operations?
December 19, 2018
Australia’s Embarrassing Crackdown on Its Own Information Security
The United States and likeminded countries should not repeat Australia’s mistakes and should instead embrace strong encryption—not try to cripple it.
September 1, 2018
Boosting State Website Security
In a column for Government Technology, Daniel Castro explains how states can improve the security of their government websites by implementing DNSSEC all state government domains.
June 28, 2018
Protecting the Freedom to Encrypt
ITIF and the Fourth Amendment Advisory Committee hosted an expert panel discussion on how policymakers can protect consumer and business access to encryption and put in place policies that both encourage advances in cryptography and protect the rule of law.
June 1, 2018
States Should Revisit Their Data Breach Laws
In a column for Government Technology, Daniel Castro outlines options states should consider to update their data misuse notification laws.
April 27, 2018
Time to Toss Social Security Numbers
As part of the Washington Post’s annual “Spring Cleaning” feature, ITIF’s Daniel Castro says it’s time to get rid of Social Security numbers.

Pages