In this session, Professor Peter Swire will present two current research topics in cybersecurity. The first addresses the non-code aspects of cybersecurity. Computer scientists are familiar with the seven layers of the OSI model, from physical to application layer. Swire is developing a 10-layer model for cybersecurity, adding the “natural language” layers. Layer 8 applies to private-sector organizations, and is dominated by firm management decisions and contracts. Layer 9 is the government, which sets laws. Layer 10 is international, where diplomacy operates. Significant vulnerabilities exist at each of these layers, and can undermine cybersecurity efforts at the traditional seven layers if organizations, governments, and international relations are not handled effectively.
The second topic is the globalization of criminal evidence. Today, a typical crime in France, for instance, often generates evidence from webmail and social networks, with the latter often stored in the United States. Even routine criminal investigations thus take on a new, international dimension. The Georgia Tech Research Project on Cross-Border Requests for Data has been a global leader in analyzing these emerging problems and proposing solutions. If these requests are not handled effectively by law, then governments will have stronger incentives to weaken encryption, develop lawful hacking, and require localization of data in the country, with negative results for the open and secure Internet.
Peter Swire is the associate director of policy for the Institute for Information Security & Privacy; the Elizabeth & Tommy Holder Chair and professor at the Scheller College of Business, and senior counsel at Alston & Bird LLP in Atlanta.