July 28, 2020
July 28, 2020
By the Election 2020 Academy Working Group including fellows, Costis Toregas, Jane Fountain, Nick Hart, James Hendler, Mark Reger, Priscilla Regan, and Peter Winokur.
In the digital age, the American people knowingly and unknowingly produce huge amounts of data on a daily basis, and governments at all levels increasingly rely on digital systems to manage their internal operations and deliver public services. Through widespread e-commerce, ubiquitous GPS maps, and regular social media interactions, the public transmits their sensitive financial, health, and other personal information through online platforms.
Americans need assurance that all sectors will keep their personal data private and safeguarded from abuse, but our data security infrastructure in both the public and the private sectors is vulnerable to exploitations, hacks, and breaches. With malevolent foreign intelligence entities, the hacking of public agencies, the infiltration of hostile agents in private organizations, and other dangers, the threat of data insecurity and exposure to breaches is real and immediate for governments, companies, and individuals.
Nonstate cyber actors and nation-states have developed sophisticated mechanisms for exploiting the vulnerabilities of government systems. Not only do they steal information and money; they increasingly disrupt, destroy, or threaten the delivery of essential public services. For example, hackers have been targeting local governments for ransomware attacks, with important systems and data being blocked until a ransom payment is made. In the summer of 2019, a host of local governments—including Baltimore, MD; Albany, NY; Laredo, TX; and 22 small Texas towns—had their operations disrupted by such attacks. The City of Baltimore experienced a hack that prevented the locality from issuing health alerts and delayed water bill delivery. Similarly, the City of Atlanta’s systems for police reports and employment applications were down for days due to a March 2018 cyberattack. State and county governments, school districts, hospitals, and court systems have also become common targets of ransomware attacks.
The emerging threats to data privacy and security from the increasing use of digital technology are widely recognized but have gone largely unaddressed as the pace of technological change has surpassed government’s modernization efforts. Advances in information technologies have created situations where U.S. citizens are largely unaware of the extent and scope to which their personal data is collected, how it is being used, and who is applying that data to influence their, or others’, actions. Over the next decade, technology will continue to evolve, and data privacy and security programs in both the public and the private sectors will inevitably face new vulnerabilities for which they will be unprepared.
From a somewhat different perspective, the coronavirus pandemic has brought privacy and security issues into sharp focus for most Americans. Not only are more Americans reliant on digital platforms to conduct their professional and personal lives and thus more aware of privacy and security risks, but an effective, longer-term response to the pandemic appears to necessitate tracing the spread of the virus. All citizens will be forced to decide about the necessary tradeoffs between privacy and security in attempts to reduce the spread of the coronavirus. Will Americans tolerate tracking the movement of individuals for the greater public good? Are Americans willing to sacrifice privacy for security to mitigate the coronavirus and/or terrorist threats?