In Silicon Valley startup culture, there is a phenomenon known as “cookie licking.” This refers to a person who claims ownership over a project without actually being able to execute it immediately. They want to save the opportunity for themselves, even though they are not ready to take action on it. Unfortunately, a similar behavior can be observed in the regulatory landscape of emerging tech areas like cryptocurrency, artificial intelligence, and cybersecurity. This article explores the challenges and consequences of this approach, highlighting the need for a more collaborative and well-defined regulatory framework.
Drawing on the author’s experience as a former federal cybercrime prosecutor, appointed Obama administration cyber commissioner, and corporate information security executive, it becomes evident that the internet poses unique challenges for law enforcement. Unlike other domains where the government can easily protect people, the internet is predominantly operated and managed by the private sector. Ensuring safety on the internet requires a partnership between the government and private entities, as well as clear expectations and guidelines. However, the existing legal frameworks, devised before the internet’s prominence, are inadequate for addressing the complexities of cybersecurity.
Decades have passed, and Congress has made little progress in establishing comprehensive cybersecurity regulations or defining the rightful authorities responsible for addressing cyber threats. As a result, the executive branch has resorted to regulation by enforcement as a means to set expectations for the private sector. While this may seem necessary, it falls short in providing clear guidance to corporate actors and empowers regulators to intervene in any area they deem important. This approach lacks the necessary expertise, resources, and well-established expectations, creating a sense of uncertainty for businesses. Furthermore, it hampers collaboration between the private sector and government agencies in ensuring public safety.
Another factor exacerbating this adversarial relationship between the private sector and regulators is the rampant cybercrime originating from outside the United States. Many malicious actors who target Americans operate beyond the reach of U.S. law enforcement, making it difficult to bring them to justice. Faced with this challenge, enforcement authorities have seemingly redirected their attention towards the private sector as a means to demonstrate their commitment to protecting the public. However, this shift in focus perpetuates an environment of fear and apprehension among businesses, hindering their willingness to cooperate with the government in addressing cyber threats.
The current state of affairs is far from ideal. For effective cybersecurity regulation, there is a need for proactive engagement between the public and private sectors, rather than relying solely on compliance through enforcement. By establishing robust public-private partnerships, the government can leverage the expertise and resources of the private sector while providing them with clear guidelines and expectations. This collaborative approach would foster a greater sense of trust and cooperation, ultimately leading to a more secure digital ecosystem.
In conclusion, “cookie licking” in Silicon Valley startup culture serves as a metaphor for the regulatory challenges faced in emerging technology areas such as cryptocurrency, artificial intelligence, and cybersecurity. The lack of well-defined regulations and enforcement authorities has resulted in a regulatory approach that falls short of providing clarity and fostering collaboration. To address this, there is a need for Congress to establish comprehensive cybersecurity regulations and define the rightful authorities, enabling a more collaborative and effective approach to cybersecurity. Only through proactive engagement and clear guidance can the public and private sectors work together to ensure the safety of individuals in the digital landscape.