Paul Rosenzweig on Cybersecurity

Note: This piece, “Trusted Hardware and Software: An Annotated Bibliography,” was originally published in Lawfare, and was co-written by Checks & Balances member Paul Rosenzweig and Claire Vishik.

In a world of growing dependence on technology, consumers of information and communications technology (ICT) goods face an increasingly important question of provenance: How, if at all, can users be confident that the systems on which they rely will function as they are supposed to? How can they be sure that products and systems have not been altered in the supply chain?

The issue is complex. These questions vary across many dimensions, but broadly speaking the issues can be broken down into three categories.

First, to some degree, they implicate questions of technical capacity and security: How are we to know that the manufacturers of a hardware or software system have designed and built that system in a way that is secure against error, mistake, natural disruption or deliberate external misconduct? In other words, has the manufacturer performed competently?

Continue reading at Lawfare.