No security through obscurity: changing circumvention law to protect our democracy against cyberattacks

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Cybersecurity is increasingly vital in a climate of unprecedented digital assaults against liberal democracy. Russian hackers have launched destabilizing cyberattacks targeting the United States’ energy grid, voting machines, and political campaigns. America's existing inadequate cyber defenses operate according to a simple assumption: hide the computer code that powers critical infrastructure so that America's enemies cannot exploit undiscovered weaknesses. Indeed, the intellectual property regime relies entirely on this belief, protecting those who own the rights in computer code by punishing those who might access and copy that code. This “security through obscurity” approach has failed. Rightsholders, on their own, cannot develop effective countermeasures to hacking because there are simply too many possibilities to preempt. The most promising solution, therefore, is to open the project of cybersecurity to as many talented and ethical minds as possible. Openness, not civil remedies and secrecy, is a greater means of ensuring safety. This Article proposes that we adopt a “defense in depth” approach to security that will increase transparency by modifying anticircumvention laws and by facilitating communication between the security community and product vendors.
Original languageEnglish
Pages (from-to)1279-1344
Number of pages66
JournalBrooklyn Law Review
Volume83
Issue number4
Publication statusPublished - 2018

Keywords

  • Cyberattack
  • DMCA
  • copyright protection

Cite this