On a bitter cold January day, the President of the United States appeared before a joint session of Congress to fulfill his Constitutional obligation to “from time to time give to Congress information of the State of the Union and recommend to their Consideration such measures as he shall judge necessary and expedient.”
The President recommended comprehensive immigration reform, the importation and development of new scientific technologies (including new communications technologies), an increased effort on new science and technology, increased funding for the State department’s diplomatic and peace-keeping efforts, increased funding for the military, the necessity of preventing any future default in the U.S. government’s debt obligations, and called on Congress to enact legislation to further his agenda.
The date was January 8, 1790 at Federal Hall in New York, and the President was George Washington. Not surprisingly, there was no attention paid to cyber security or privacy in the address. Indeed, it was not until the Presidency of Barak Obama that cyber security, privacy or the importance of computer technology was really addressed in the State of the Union Address.
In his address before Congress on January 28, 2014, President Obama fleetingly addressed the growing “scandal” (and I use the term in quotes, as there are those who feel that there is nothing scandalous about the program) involving the massive data collection by the NSA and other U.S. intelligence agencies.
His brief remarks were more of a reinforcement of his speech regarding the importance of the NSA surveillance programs, and the need to strike an appropriate balance between security and privacy. He said, “America must move off a permanent war footing… that’s why I will reform our surveillance programs – because the vital work of our intelligence community depends upon public confidence, here and abroad, that the privacy of ordinary people is not being violated.”
However, in his more specific remarks two weeks ago, he rejected and preempted calls (even those by his own Privacy and Civil Liberties Oversight Board) to substantially and substantively reform the NSA surveillance programs, or to address the fact that, by penetrating hardware, software, networks, cryptography, telecommunications, and even angry birds, the actions of the intelligence communities have undermined public confidence in the very technology that will ultimately lead the economy.
President Obama missed the opportunity to call for increased funding for cyber security research, and increased cooperation between the private sector and the public sector on cyber security, noting only that we must, in some unspecified way, “address the threat” posed by “cyber attacks.”
But addressing these threats together may be something that may be difficult to achieve when there is a public perception that entities like Google, Apple, Microsoft, Facebook, Comcast, AT&T, Verizon and even Rovio Entertainment, were merely acting as stooges for the U.S. intelligence communities.
Public confidence has been eroded – not only in the intelligence community, but in those who not only support it, but those who are protected in the long and short term by it. In this climate, when people are calling for the boycott of the RSA security conference amid revelations of allegations that RSA was paid millions of dollars to promote an insecure cytological standard, it may be difficult for U.S. civilian companies to be seen in close cooperation with the U.S. government.
There is a perception (not entirely accurate) that standards set by NIST should be viewed with circumspection, as they may simply constitute an attempt to permit the intelligence community to obtain “back door” access to information.
To call for information sharing in this environment puts the cart before the horse. There must be a greater degree of trust and accountability within government before the President can call for greater cooperation within government. Much of this is about perception rather than reality, but perception matters when you are asking for trust.
Also absent from the State of the Union address was any meaningful discussion of privacy. While the President did say there was a “need to strike an appropriate balance between security and privacy,” in relation to the NSA program, he failed to address the fact that this nation still faces a patchwork of privacy, data breach, and security laws and regulations.
All of which depend upon the jurisdiction in which one operates, the nature of the information collected, and indeed, whether you are a bank, a hospital, a website, or someone on the street. Unlike other countries (and continents) we fail to value privacy – and corporate and governmental threats to privacy – and fail to address them. Nothing in the State of the Union Address dealt with that issue.
To a great extent the 2014 State of the Union address was both an apology for past actions, and a promise to continue those actions, with some mild reforms. It was hardly a call to action for a potentially existential threat.
President Obama’s 2014 State of the Union address was in marked contrast to those of previous Presidents, which focused primarily on the role of technology in enhancing quality of life, and not in the manner in which it must be used to conduct surveillance.
This is not new territory for President Obama. In the 2013 State of the Union address, President Obama noted that “America must also face the rapidly growing threat from cyber-attacks” and pointed to his Executive Order on information sharing and cyber security standards.
In 2012, President Obama noted that his budget included funding for cyber security, observing that “to stay one step ahead of our adversaries, I’ve already sent this Congress legislation that will secure our country from the growing dangers of cyber-threats.”
In 2011 and before, the tone of the State of the Union was mostly about promoting computer technology, and not worrying about the threats to it. With the exception of President Clinton’s 1999 State of the Union that addressed the looming Y2k crisis and medical privacy issues in HIPAA, previous State of the Union speeches addressed mostly Internet funding and access issues — issues touched on briefly by President Obamas’s discussion of school access to broadband. Cybersecurity was a low priority, and privacy mentioned only in the context of medical records.
Overall, it is a good thing that cybersecurity and to a lesser extent privacy were mentioned in the address. Now if they could only be actually addressed…
Cyber Security and Technology Portions of State of the Union Addresses:
2013 State of the Union – Barack Obama
America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.
We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.
2012 State of the Union – Barack Obama
But America remains the one indispensable nation in world affairs –- and as long as I’m President, I intend to keep it that way. (Applause.) That’s why, working with our military leaders, I’ve proposed a new defense strategy that ensures we maintain the finest military in the world, while saving nearly half a trillion dollars in our budget. To stay one step ahead of our adversaries, I’ve already sent this Congress legislation that will secure our country from the growing dangers of cyber-threats. (Applause.)
2011 State of the Union – Barack Obama
The first step in winning the future is encouraging American innovation. None of us can predict with certainty what the next big industry will be or where the new jobs will come from. Thirty years ago, we couldn’t know that something called the Internet would lead to an economic revolution. What we can do — what America does better than anyone else — is spark the creativity and imagination of our people.
We’re the nation that put cars in driveways and computers in offices; the nation of Edison and the Wright brothers; of Google and Facebook. In America, innovation doesn’t just change our lives. It is how we make our living. (Applause.) Our free enterprise system is what drives innovation. But because it’s not always profitable for companies to invest in basic research, throughout our history, our government has provided cutting-edge scientists and inventors with the support that they need. That’s what planted the seeds for the Internet. That’s what helped make possible things like computer chips and GPS. Just think of all the good jobs — from manufacturing to retail — that have come from these breakthroughs.
2004 State of the Union – George W. Bush
By computerizing health records, we can avoid dangerous medical mistakes, reduce costs and improve care.
2000 State of the Union – Bill Clinton
Opportunity for all requires something else today — having access to a computer and knowing how to use it. That means we must close the digital divide between those who’ve got the tools and those who don’t. (Applause.) Connecting classrooms and libraries to the Internet is crucial, but it’s just a start. My budget ensures that all new teachers are trained to teach 21st century skills, and it creates technology centers in 1,000 communities to serve adults. This spring, I’ll invite high-tech leaders to join me on another New Markets tour, to close the digital divide and open opportunity for our people.
I want to thank the high-tech companies that already are doing so much in this area. I hope the new tax incentives I have proposed will get all the rest of them to join us. This is a national crusade. We have got to do this, and do it quickly. (Applause.) … First and foremost, we have to safeguard our citizens’ privacy. Last year, we proposed to protect every citizen’s medical record. This year, we will finalize those rules. We’ve also taken the first steps to protect the privacy of bank and credit card records and other financial statements. Soon I will send legislation to you to finish that job. We must also act to prevent any genetic discrimination whatever by employers or insurers. I hope you will support that. (Applause.)
1999 State of the Union – Bill Clinton
We also must be ready for the 21st century from its very first moment by solving the so-called Y2K computer problem. We had one member of Congress stand up and applaud. And we may have about that ration out there applauding at home in front of their television sets. But remember, this is a big, big problem, and we’ve been working hard on it. Already we’ve made sure that the Social Security checks will come on time. But I want all the folks at home listening to this to know that we need every state and local government, every business large and small to work with us to make sure that this Y2K computer bug will be remembered as the last headache of the 20th century, not the first crisis of the 21st.
As more of our medical records are stored electronically, the threats to all of our privacy increase. Because Congress has given me the authority to act if it does not do so by August, one way or another, we can all say to the American people, we will protect the privacy of medical records this year.
1998 State of the Union – Bill Clinton
We should enable all the world’s people to explore the far reaches of cyberspace. Think of this: The first time I made a State of the Union speech to you, only a handful of physicists used the Worldwide Web. Literally just a handful of people. Now, in schools and libraries, homes and businesses, millions and millions of Americans surf the net everyday.
We must give parents the tools they need to help protect their children from inappropriate material on the Internet, but we also must make sure that we protect the exploding global commercial potential of the internet. We can do the kinds of things that we need to do and still protect our kids. For one thing, I ask Congress to step up support for building the next generation Internet. It’s getting kind of clogged, you know, and the next generation Internet will operate at speeds up to a thousand times faster than today.
1997 State of the Union – Bill Clinton
We must build the second generation of the Internet so that our leading universities and national laboratories can communicate in speeds 1,000 times faster than today, to develop new medical treatments, new sources of energy, new ways of working together. But we cannot stop there. As the Internet becomes our new town square, a computer in every home — a teacher of all subjects, a connection to all cultures — this will no longer be a dream, but a necessity. And over the next decade, that must be our goal. (Applause.)
1996 State of the Union – Bill Clinton
Our second challenge is to provide Americans with the educational opportunities we will all need for this new century. In our schools, every classroom in America must be connected to the information superhighway, with computers and good software, and well-trained teachers. We are working with the telecommunications industry, educators and parents to connect 20 percent of California’s classrooms by this spring, and every classroom and every library in the entire United States by the year 2000. I ask Congress to support this education technology initiative so that we can make sure this national partnership succeeds.