Tag: science

Some Thinking on “Cyber”

Last week, I had the opportunity to testify before the House Science Committee’s Subcommittee on Technology and Innovation on the topic of “cybersecurity.” I have been reluctant to opine on it because of its complexity, but I did issue a short piece a few months ago arguing against government-run cybersecurity. That piece was cited prominently in the White House’s “Cyberspace Policy Review” and – blamo! – I’m a cybersecurity expert.

Not really – but I have been forming some opinions at a high level of generality that are worth making available. They can be found in my testimony, but I’ll summarize them briefly here.

First, “cybersecurity” is a term so broad as to be meaningless. Yes, we are constructing a new “space” analogous to physical space using computers, networks, sensors, and data, but we can no more secure “cyberspace” in its entirety than we can secure planet Earth and the galaxy. Instead, we secure the discrete things that are important to us – houses, cars, buildings, power lines, roads, private information, money, and so on. And we secure these things in thousands of different ways. We should secure “cyberspace” the same way – thousands of different ways.

By “we,” of course, I don’t mean the collective. I mean that each owner or controller of a prized thing should look out for its security. It’s the responsibility of designers, builders, and owners of houses, for exmple, to ensure that they properly secure the goods kept inside. It’s the responsibility of individuals to secure the information they wish to keep private and the money they wish to keep. It is the responsibility of network operators to secure their networks, data holders to secure their data, and so on.

Second, “cyber” threats are being over-hyped by a variety of players in the public policy area. Invoking “cyberterrorism” or “cyberwar” is near-boilerplate in white papers addressing government cybersecurity policy, but there is very limited strategic logic to “cyberwarfare” (aside from attacking networks during actual war-time), and “cyberterrorism” is a near-impossibility. You’re not going to panic people – and that’s rather integral to terrorism – by knocking out the ATM network or some part of the power grid for a period of time.

(We weren’t short of careless discussions about defending against “cyber attack,” but L. Gordon Crovitz provided yet another example in yesterday’s Wall Street Journal. As Ben Friedman pointed out, Evgeny Morozov has the better of it in the most recent Boston Review.)

This is not to deny the importance of securing digital infrastructure; it’s to say that it’s serious, not scary. Precipitous government cybersecurity policies – especially to address threats that don’t even have a strategic logic – would waste our wealth, confound innovation, and threaten civil liberties and privacy.

In the cacophony over cybersecurity, an important policy seems to be getting lost: keeping true critical infrastructure offline. I noted Senator Jay Rockefeller’s (D-WV) awesomely silly comments about cybersecurity a few months ago. They were animated by the premise that all the good things in our society should be connected to the Internet or managed via the Internet. This is not true. Removing true critical infrastructure from the Internet takes care of the lion’s share of the cybersecurity problem.

Since 9/11, the country has suffered significant “critical-infrastructure inflation” as companies gravitate to the special treatments and emoluments government gives owners of “critical” stuff. If “criticality” is to be a dividing line for how assets are treated, it should be tightly construed: If the loss of an asset would immediately and proximately threaten life or health, that makes it critical. If danger would materialize over time, that’s not critical infrastructure – the owners need to get good at promptly repairing their stuff. And proximity is an important limitation, too: The loss of electric power could kill people in hospitals, for example, but ensuring backup power at hospitals can intervene and relieve us of treating the entire power grid as “critical infrastructure,” with all the expense and governmental bloat that would entail.

So how do we improve the state of cybersecurity? It’s widely believed that we are behind on it. Rather than figuring out how to do cybersecurity – which is impossible – I urged the committee to consider what policies or legal mechanisms might get these problems figured out.

I talked about a hierarchy of sorts. First, contract and contract liability. The government is a substantial purchaser of technology products and services – and highly knowledgeable thanks to entities like the National Institutes of Standards and Technology. Yes, I would like it to be a smaller purchaser of just about everything, but while it is a large market actor, it can drive standards and practices (like secure settings by default) into the marketplace that redound to the benefit of the cybersecurity ecology. The government could also form contracts that rely on contract liability – when products or services fail to serve the purposes for which they’re intended, including security – sellers would lose money. That would focus them as well.

A prominent report by a working group at the Center for Strategic and International Studies – co-chaired by one of my fellow panelists before the Science Committee last week, Scott Charney of Microsoft – argued strenuously for cybersecurity regulation.

But that begs the question of what regulation would say. Regulation is poorly suited to the process of discovering how to solve new problems amid changing technology and business practices.

There is some market failure in the cybersecurity area. Insecure technology can harm networks and users of networks, and these costs don’t accrue to the people selling or buying technology products. To get them to internalize these costs, I suggested tort liability rather than regulation. While courts discover the legal doctrines that unpack the myriad complex problems with litigating about technology products and services, they will force technology sellers and buyers to figure out how to prevent cyber-harms.

Government has a role in preventing people from harming each other, of course, and the common law could develop to meet “cyber” harms if it is left to its own devices. Tort litigation has been abused, and the established corporate sector prefers regulation because it is a stable environment for them, it helps them exclude competition, and they can use it to avoid liability for causing harm, making it easier to lag on security. Litigation isn’t preferable, and we don’t want lots of it – we just want the incentive structure tort liability creates.

As the distended policy issue it is, “cybersecurity” is ripe for shenanigans. Aggressive government agencies are looking to get regulatory authority over the Internet, computers, and software. Some of them wouldn’t mind getting to watch our Internet traffic, of course. Meanwhile, the corporate sector would like to use government to avoid the hot press of market competition, while shielding itself from liability for harms it may cause.

The government must secure its own assets and resources – that’s a given. Beyond that, not much good can come from government cybersecurity policy, except the occassional good, long blog post.

You Don’t Have to Be a Nuclear Engineer to…

…support market solutions in education, but apparently it helps.

Keith Yost, a grad student in MIT’s Department of Nuclear Science and Engineering and the Engineering Systems Division, has a great piece in his school’s newspaper. He explains that public schools have enjoyed a dramatic increase in per-pupil resources over the past 40 years, but ultimately failed to improve student achievement. He also explains why: resources are misallocated because of a lack of systemic incentives for their proper allocation — incentives that are inherent in the free enterprise system.

Unfortunately, Yost’s rationalist, systems approach is very different from that of most policymakers — perhaps because so few policymakers were trained as engineers. So maybe one way to accelerate the process of effective reform of American schools is to encourage more of our engineers to go into state politics. Think about it, Keith.

Alternatively, as Mothers’ Day is around the corner, perhaps the trick is for moms to encourage their kids to pursue science and engineering rather than go into that one career field that produces so many of our politicians (apologies to Waylon Jennings):

Mamas, don’t let your babies grow up to be lawyers.
Don’t let ‘em pick gavels or watch 12 Angry Men.
Buy ‘em some Lego and a protector for pens…

Comments on Criticism of Cato Ad

Our friends at www.realclimate.org and www.ryanavent.com have been taking shots at the statements in our ad, so I’d like to offer a little commentary.

We make three factual assertions.

First, we say that “surface temperature changes over the past century have been episodic and modest”. We cite Brohan et al., Journal of Geophysical Research (2006 and updates) and Swanson and Tsonis, Geophysical Research Letters, 2009. The first is the latest update of the East Anglia temperature history, which long has been the IPCC staple. It is the one most cited over the years by the IPCC because it was the first long history that contained much more than simply World Weather Records data updated with local records at the end of a month. At any rate, both it and other global histories indeed show modest warming, about 0.8degC from 1900-2000, and indeed it is episodic. Everyone (well probably almost everyone…there are some real people who don’t believe it is right) pretty much agrees that there are two periods of warming, 1910-45 and 1977-98, with a slight cooling in between and no trend after. If that’s not “episodic”, I don’t know what is. The Swanson paper in fact specifically quantifies these episodes. The paragaph near the end of it that says this may mean that warming will be faster than we thought was pure speculation. It could just have easily been argued (as I do) that the lack of recent warming more likely indicates that 21st century warming will be lower than forecast by oceanic feedback because lack of warming simply delays any water vapor amplification. Pure and simple.

The second assertion is that, “after controlling for population growth and property values, there has been no increase in damages from severe weather events”. The citation is short – a note in the Bulletin of the American Meteorological Society, by Pielke Jr. et al, 2005. The et al. numbers over ten other large-name scientists/analysts, and the reference list is the important part. There are a large number of citations on climate-related damages for various places and/or periods. We couldn’t list them all in this format, so we chose a single citation that could be consulted and an interested reader would find all the subsidiary supporting material.

Finally we state that “the computer models forecasting rapid temperature change abjectly fail to explain recent climate behavior”, citing Douglas et al., International Journal of Climatology, 2007, which showed the major disparity between forecasts of the upper tropospheric tropical “warm spot”, a hallmark of greenhouse projections, and observations in the radiosonde record. Yes it is true that Santer et al. have published a lengthy rebuttal, but it is extremely dense and marks just another go-round-and-round over this issue. Douglas et al. have a response but it hasn’t been published yet. The debate will go on and on. Further, it is quite apparent from comparing midrange multimodel estimates from the IPCC to observed temperatures, and those indeed projected for coming years, that there is a signficant disconnect developing between the models and surface temperature. They simply don’t anticipate multidecadal periods without warming. Oh yes, since this has happened, all of the sudden models can be forced to “explain” it, but that’s not prospective. Instead, it is retrospective adjustment. Such work wouldn’t be performed if there weren’t something wrong.

That’s more than enough to negate President-elect Obama’s statement that “The science is beyond dispute and the facts are clear”!

Week in Review: Bailout Bonuses, Marijuana and Eminent Domain Abuse

House Approves 90 Percent ‘Bonus Tax’

Sparked by outrage over the bonus checks paid out to AIG executives, the House approved a measure Thursday that would impose a 90 percent tax on employee bonuses for companies that receive more than $5 billion in federal bailout funds.

Chris Edwards, Cato’s director of tax policy studies, says the outrage over AIG is misplaced:

While Congress has been busy with this particular inquisition, the Federal Reserve is moving ahead with a new plan to shower the economy with a massive $1.2 trillion cash infusion — an amount 7,200 times greater than the $165 million of AIG retention bonuses.

So members of Congress should be grabbing their pitchforks and heading down to the Fed building, not lynching AIG financial managers, most of whom were not the ones behind the company’s failures.

Cato executive vice president David Boaz says this type of selective taxation is a form of tyranny:

The rule of law requires that like people be treated alike and that people know what the law is so that they can plan their lives in accord with the law. In this case, a law is being passed to impose taxes on a particular, politically unpopular group. That is a tyrannical abuse of Congress’s powers.

On a related note,  Cato senior fellow Richard W. Rahn defended the use of tax havens in a recent Wall Street Journal op-ed, saying the practice will only become more prevalent as taxes increase in the United States:

U.S. companies are being forced to move elsewhere to remain internationally competitive because we have one of the world’s highest corporate tax rates. And many economists, including Nobel Laureate Robert Lucas, have argued that the single best thing we can do to improve economic performance and job creation is to eliminate multiple taxes on capital gains, interest and dividends. Income is already taxed once, before it is invested, whether here or abroad; taxing it a second time as a capital gain only discourages investment and growth.

Obama to Stop Raids on State Marijuana Distributors

Attorney General Eric Holder announced this week that the president would end federal raids on medical marijuana dispensaries that were common under the Bush administration.

It’s about time, says Tim Lynch, director of Cato’s Project on Criminal Justice:

The Bush administration’s scorched-earth approach to the enforcement of federal marijuana laws was a grotesque misallocation of law enforcement resources. The U.S. government has a limited number of law enforcement personnel, and when a unit is assigned to conduct surveillance on a California hospice, that unit is necessarily neglecting leads in other cases that possibly involve more violent criminal elements.

The Cato Institute hosted a forum Tuesday in which panelists debated the politics and science of medical marijuana. In a Cato daily podcast, Dr. Donald Abrams explains the promise of marijuana as medicine.

Cato Links

• A new video tells the troubling story of Susette Kelo, whose legal battle with the city of New London, Conn., brought about one of the most controversial Supreme Court rulings in many years. The court ruled that Kelo’s home and the homes of her neighbors could be taken by the government and given over to a private developer based on the mere prospect that the new use for her property could generate more tax revenue or jobs. As it happens, the space where Kelo’s house and others once stood is still an empty dustbowl generating zero economic impact for the town.

• Daniel J. Ikenson, associate director of Cato’s Center for Trade Policy Studies, explains why the recent news about increasing protectionism will be short-lived.

• Writing in the Huffington Post, Cato foreign plicy analyst Malou Innocent says Americans should ignore Dick Cheney’s recent attempt to burnish the Bush administration’s tarnished legacy.

• Reserve your spot at Cato University 2009: “Economic Crisis, War, and the Rise of the State.”

Wednesday Podcast: ‘The Science of Medical Marijuana’

Photo: Kelly Anne CreazzoSpeaking at a Cato forum Tuesday, Dr. Donald Abrams, director of Clinical Programs at the University of California Osher Center for Integrative Medicine, discussed the science behind medicinal marijuana, and explained why the drug should be allowed for patients who suffer from a variety of symptoms.

After the event, Abrams spoke with Caleb Brown for Wednesday’s Cato Daily Podcast, explaining the promise of marijuana as medicine:

One of the reasons I am in favor of people using the plant is because… we no longer have a health care system in the United States, we have a disease management system, and it is very expensive largely due to pharmaceuticals. If there is a plant that is a medicine that people can grow for themselves in their own backyard then I think we can really go a long way to decrease some of the costs of health care. But if we are saying that a physician is going to be able to prescribe this entity to a patient then unfortunately, or fortunately depending on how you look at it, it does need to be regulated or approved and the only way to do that is through the standard route.

Mr. President, If You’re Involved It’s Already Politicized

Yesterday, President Obama coupled his lifting of an executive order banning federal funding for embryonic stem cell research with the signing of a memorandum directing “the White House Office of Science and Technology Policy to develop a strategy for restoring scientific integrity to government decision making.” In other words, at the very moment he was directly injecting politics into science by forcing taxpayers to fund research that many find immoral – and that could be funded privately – Obama declared that he wouldn’t politicize science.

Don’t insult our intelligence. When government pays for scientific work that science is politicized. Yes, it could be argued that government not funding something is also political, but which is inherently more politicized, government forcing people to fund research, or leaving it to private individuals to voluntarily support scientific endeavors they believe of value?

You don’t have to be a scientist to grasp the obvious answer to that one.  And as I’ve laid out very clearly regarding education, this kind of compelled support ultimately leads not only to ugly politicization, but social conflict and division.

Culture wars, anyone?

The rhetoric supporting federal funding of embryonic stem cell research – and lots of other science – may sound noble, but the means-ends calculations are anything but. They are divisive incursions on liberty, and make political conflict inevitable.

Science: The Final (Budget) Frontier

There are many people who think that little or no “science” will get done – at least “basic” science that has no evident, immediate, practical applications – unless the federal government pays for it. That is a dubious proposition, but it’s not what really alarms me right now. What really troubles me is that scientists, apparently, can conceive of no end to research worthy of your hard-earned dollars, and see things in Washington looking a lot friendlier to their exploring the final, spending frontier. This quote from an article in Inside Higher Ed today says it all:

Pressed by [Rep. Alan] Mollohan and others for how much money the government ought to be spending on science research and education,  [National Academy of Sciences President Ralph J.] Cicerone was clearly reluctant to throw out figures; danger loomed that he would look either greedy or unambitious in appearing to speak for the science establishment.

But he made clear that he would welcome a way of ensuring growth for federal spending on science, perhaps, he said, through a mechanism that tied spending to “the number of highly competitive proposals” agencies receive, to ensure that there is enough money to cover all research proposals that scientific peer review processes grade above a certain level.

When Mollohan asked what was the appropriate “end point” for growth in federal science funds, Cicerone said that “we are so far away from that level that it’s hard to say.”

So science can tell us a lot, but not how far we are from adequate science funding. I, however, can put it in a little perspective: In 2006 the federal government spent more than $31 billion on research at ”educational institutions.” If the funding end point is, say, Saturn, then to at least some scientists it seems we haven’t even gotten to the moon.

Get ready for scientists to blast off with your wallets anytime now.