When trying to bring government services into the digital age, we are always trying to build the right thing and build the thing right. But when time is of the essence and budgets are constrained, security can sometimes fall to the second tier of priorities as a nice-to-have, but not essential, element. How do we make security a priority while delivering on services that people urgently need? At Code for America Summit we turned to Bruce Schneier: public interest technologist, Special Advisor to IBM Security, fellow and lecturer at Harvard’s Kennedy School, and one of our foremost experts on cybersecurity in government.
“You can't skimp on whether there are fire extinguishers, and smoke detectors, and a sprinkler system in a government building… [Security] is viewed as something that can be ignored, or at least made a second-tier priority. ‘We'll do it later,’ and then later never comes.”
Bruce took the mainstage for a conversation with Summit co-chair Dan Hon about all things privacy and cybersecurity. Their talk covered topics from ransomware and data theft, to federal stimulus of technology, to the internet of things, and more.
“The car you buy in California is not the same car you buy in Mexico. The manufacturers can tune the engines to local laws. But the Facebook you get in California is the exact same Facebook you get in Mexico, because it is hard to tune it by nation.”
A key theme was the idea of bridging the gap between public policy and technology, in the cybersecurity world and beyond. Bruce emphasized that cybersecurity is not going to become a top-tier priority in government tech until policy makes it so. He believes that the fundamental question for our society in the 21st century is “How much of our lives should be governed by technology, and under what rules?” Creating the right policies to regulate technology while empowering public interest technologists will bridge that gap—and make for a more secure democracy.
To hear their conversation in full, watch the video below.