Gentry Lane
Gentry Lane is the CEO & founder of ANOVA Intelligence, a cyber national security software company. She is also a Fellow at the Potomac Institute for Policy Studies and a Visiting Fellow at the National Security Institute at George Mason University’s Antonin Law School.
If the right to reasonable privacy is a nonnegotiable, weight-bearing pillar of democracy and omniscient surveillance is the hallmark of authoritarianism....is there an in between?
Gentry Lane is the CEO & founder of ANOVA Intelligence, a cyber national security software company. Ms. Lane is also a Fellow at the Potomac Institute for Policy Studies, and a Visiting Fellow at the National Security Institute at George Mason University’s Antonin Law School. She is a recognized subject matter expert on cyberconflict strategy, and advises members of Congress, NATO and U.S. defense and intelligence agencies.
PRIVATE SECTOR PERSPECTIVE — Legislators are calling for mandatory disclosure of cybersecurity events in previously unregulated industries. On the surface, this seems like a reasonable way for defense and intelligence agencies to acquire more data on adversary activity in the civilian sector. With more data on hand, more actionable intelligence can be generated. But this is true only under certain conditions. In reality, this type of data acquisition and synthesis is quite complicated as the input data must be uniform and pristine or the resulting intelligence will not be accurate. Legislators who expect under-resourced security teams with disparate discovery and verification protocols to produce timely, untainted, unified data show a naïve understanding of what it takes to turn raw data into viable intelligence. Pristine data obtained via required-disclosure regulation is an unreasonable expectation which will yield unviable intelligence.
The alternative is surveillance, or automated, first-party collection of raw data for synthesis into actionable intelligence. When authorities acquire data directly via first-party collection methods, data integrity and signal fidelity are more likely to be intact, resulting in more viable, accurate, actionable intelligence. But Americans have a hypocritical relationship with surveillance. While it’s highly objectionable for heavily-regulated government authorities to conduct domestic surveillance for the prosocial purpose of national security, there is little objection to the largely unregulated private sector conducting granular, persistent digital surveillance for the purpose of promulgating consumerism.
In America, surveillance is situationally acceptable. Privacy is most valued when there is a perceived risk of discovery of illicit behavior and/or if culpability is present. Privacy is not valued when potential culpability is not a factor, and any measure of law compliance or risk of arrest are absent.
Surveillance, in some form, is fundamentally essential for cyber national security. Defense and intelligence agencies require timely insight into advanced persistent threat (APT) activity within the inviolable homeland to uphold their security missions. But even with express consent, omniscient surveillance is impossible at national scale, and even more untenable given the exponentially expanding cyber domain attack surface and automation of APT aggression. There are simply too few eyes for the scope, scale and frequency of security events.
The Cipher Brief Threat Conference Oct 24-26 is the only event of its kind that hosts expert-level conversations on public-private cooperation on national security-related issues. Join the conversation by applying for a seat at the table today.
