It’s cybersecurity season in Las Vegas and I’m inspired to write an overdue post on why I hate the phrase “cyber civil defense”. Actually, I don’t hate the phrase, I disagree with its usage. Being the literal sort I am, I have to of course start with a long look at what the three words seem to mean.
Cyber: aka technology; though perhaps a more detailed definition would include “software driven” and “internet connected” as necessary attributes.
Civil: in this context, I think it means “citizens” or just “people”.
Defense: The catch with this term is that it’s unclear what or who is being defended and by what or whom. For instance, this innocuous three-word phrase could mean any number of things:
-
- Civilians defending “cyber” [tech] from other civilians.
-
- Civilians defending other people from civilians.
-
- Tech defending civilians from other civilians.
-
- Tech defending civilians from tech.
-
- Tech defending tech from civilians. (ew.)
I could go on but my head hurts.
Civilian defense seems to imply a kind of volunteer force to defend people from cyber threats (what kinds of threats?).
Here’s where the wheels fall off this phrase: what about when the call’s coming from inside the house? Meaning, what about when the technology—as designed and with perfect integrity—is itself harmful to people? I’m not fine with using the phrase in the context or implication of defending people from risks from commercial technology itself because doing so:
– Reinforces that it’s acceptable for commercial technology (i.e. commercial products) to be a thing that civilians need to protect themselves from,
– Gaslights people into thinking that it’s somehow their responsibility to protect themselves against commercial technology that is evolving faster than the governance around it, bolstered by staggering amounts of financial resources, and whose risks are admittedly poorly understood by the makers themselves, but with just a little more elbow grease, you, dear user, can maybe be marginally less at risk.
– Smacks a bit of a military operation. I don’t want to join an army, I just want to have reasonably safe technology products.
– Also it’s a smidge paternalistic. (I can almost hear the “little lady” in there…)
The good news is we already have a phrase to describe risks of commercial products on humans. It’s called Product Safety.
But product safety is an abject failure when it comes to commercial software and software-driven technology. In the US we have a dedicated product safety commission, but their scope hasn’t been updated since 2008, and was hamstrung by budgetary contractions in the Consolidated Appropriations Act of 2019. Other agencies pick up pieces of product safety in the style of the blind men and the elephant, using their granted powers to maximum effect. The failure, however, is with the law makers. We have not updated ideas of “products” and “product safety” to keep pace with the internet age and citizens pay the price every day.
Sadly, from my research, it usually does take around 50 years after the launch of a new commercial product for US product safety laws to emerge, so we’re depressingly on time. For example, seatbelts became mandatory on January 1, 1968, sixty years after the commercial launch of the Fort Model T.
The EU recognized this gap in 2023 with their updated product safety law. As we in the US still wait for a federal privacy law, perhaps we can leapfrog ahead to a reimagined federal product safety law. Good news: we at ISL have tons of data, know-how, and tools to support this; it doesn’t have to start from scratch. But it would take extraordinary intestinal fortitude on behalf of the lawmakers to create something that meaningfully throttles the myriad risks technology foists upon us today. It would take precise regulation and a financially backed commitment to enforcement.
I won’t be holding my breath, but we are absolutely here for that moment if and when it comes. Meanwhile, in the likely event the US government continues to ignore product safety for technology, ISL will continue to champion the safety of all tech users through our maturing safety labels and research.