Abstract: Microsoft President Brad Smith recently analogized Microsoft to a “Digital Switzerland.” This moniker captures the role that U.S. technology companies have increasingly taken on with respect to cybersecurity and privacy: they are acting like states and running their own foreign policies, and they are setting themselves as neutrals with respect to existing national authorities, including the United States. U.S. tech companies are not the first super-empowered private companies, but they have numerous features that set them apart from prior private powers like the Dutch East India Company or more recent examples like ExxonMobil. This article first provides an account of how the relationship between U.S. tech companies and governments has evolved over time. By breaking down the “Digital Switzerland” idea, the article then explores the extent to which and how the companies differ from the powerful private interests of earlier eras, and it concludes by analyzing the implications of the companies’ role for governance and for individuals going forward.

About the Speaker: Kristen Eichensehr is an Assistant Professor of Law at UCLA School of Law. She writes and teaches about foreign relations, separation of powers, cybersecurity, and national security law. Before joining the UCLA faculty, Eichensehr clerked for Chief Judge Merrick B. Garland of the U.S. Court of Appeals for the D.C. Circuit and for Justices Sandra Day O’Connor and Sonia Sotomayor of the Supreme Court of the United States. Eichensehr also served as Special Assistant to the Legal Adviser of the U.S. Department of State and practiced at Covington & Burling LLP. Eichensehr received her J.D. from Yale Law School, where she served as executive editor of the Yale Law Journal. Eichensehr is a term member of the Council on Foreign Relations, a former visiting fellow at the Hoover Institution, and an affiliate scholar at the Center for Internet and Society at Stanford Law School. She is a frequent contributor to and member of the editorial board of the national security blog, Just Security.

Abstract: Recently, Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud, and The New York Times were knocked out by a botnet driven by the Mirai malware. Mirai is a contemporary case of a more general phenomenon: the illegitimate appropriation of online resources for prestige, economic, and/or political gain. Historically participants in the anti-abuse regime have used reputation indicators to characterize subsets of this illegitimate activity as abuse: any traffic---spam, malware communications, DDOS traffic---that is not explicitly consensual, is abusive. Participants in this regime use decentralized, transnational monitoring to aggregate and vet credible reputation indicators, then redistribute these indicators to participants enforcing anti-abuse norms. This work explains how these reputation indicators have functioned over the course of their evolution within this regime, from products of supposedly “vigilante blacklists” into credible mechanisms based on graduated sanction as a remediative signaling mechanism rather than a punitive sanction. Returning to Mirai, this work concludes by evaluating the potential for this regime to tackle contemporary IoT security challenges. In particular, can the anti-abuse regime discipline a market projected to grow from $900M in 2015 to $3.7B in 2020, or will it need help from conventional authorities?

About the Speaker: Jesse is the 2016-2017 Cybersecurity Fellow at the Center for International Security and Cooperation and holds a PhD in Technology, Management, and Policy from MIT.  Jesse focuses on understanding the institutions and political economy of Internet operations vis a vis conventional modes of domestic and inter-state governance mechanisms. This work includes studies on infrastructure resource management and policy, infrastructure security, credible knowledge assessment, and operational epistemic communities’ role informing public policy. Jesse’s dissertation evaluates the common resource management institutions that sustain the integrity and security of the Internet’s numbers and routing system. The dissertation documents how the roles of these institutions, comprising diverse transnational operator communities, managing the complex of physical and information resources supporting the integrity of global Internet connectivity. Concluding analyses narrow the focus from operational authority to the character of political authority in these communities, rooted in the family of consensus processes used to adapt resource policy and institutions apace with Internet growth and development.  Jesse is currently working on a number of papers from his dissertation: reputation and security in the numbers and routing system, contrasting consensus as a decision-making process with conventional mechanisms for credible knowledge assessment, and the challenges in comity between substantive-purposive authority in operational institutions with governments’ conventional, formal-legalistic modes of authority. Ongoing work is developing a theory of epistemic constructivism and case work on developing joint capabilities between operational security regimes and law enforcement/national security actors.

Drell Lecture Recording: https://youtu.be/K8qLqJwi4Qc

Drell Lecture Transcript: NA

Speaker's Biography: Admiral Inman graduated from the University of Texas at Austin in 1950, and from the National War College in 1972.  He became an adjunct professor at the University of Texas at Austin in 1987.  He was appointed as a tenured professor holding the Lyndon B. Johnson Centennial Chair in National Policy in August 2001.  He served as Interim Dean of the LBJ School of Public Affairs from 1 January to 31 December 2005 and again from January 2009 to March 2010.

Admiral Inman served in the U.S. Navy from November 1951 to July 1982, when he retired with the permanent rank of Admiral.  While on active duty he served as Director of the National Security Agency and Deputy Director of Central Intelligence.  After retirement from the Navy, he was Chairman and Chief Executive Officer of the Microelectronics and Computer Technology Corporation (MCC) in Austin, Texas for four years and Chairman, President and Chief Executive Officer of Westmark Systems, Inc., a privately owned electronics industry holding company for three years.  Admiral Inman also served as Chairman of the Federal Reserve Bank of Dallas from 1987 through 1990.

Admiral Inman’s primary business activity since 1990 has been investing in start-up technology companies, where he is a Managing Director of Gefinor Ventures and of Limestone Capital Advisors.  He serves as a Trustee of the American Assembly and the California Institute of Technology.  He is an elected Fellow of the National Academy of Public Administration.

Abstract: Critical infrastructure systems including manufacturing facilities, ports, transportation systems, communications networks, and energy and water distribution systems often consist of many interacting components linked in complex ways. This can lead to unforeseen interactions among components that may not be expected or intended by the designers and operators of the system. These interactions constitute linkages within a system of which designers are generally unaware, and that therefore constitute a security vulnerability. In this talk, I will present and discuss a formal approach for identifying and analyzing the existence and severity of security vulnerabilities resulting from these previously unknown linkages (so-called implicit interactions) in critical infrastructure systems. The presence of these implicit interactions in a system can indicate unforeseen flaws that, if not mitigated, could be exploited by an attacker. This can have severe consequences in terms of the safety, security, and reliability of the system. Therefore, this notion of implicit interactions must be carefully managed in order to have systems that operate as intended, and that are resistant to cyber-attacks and failures.