Seminar

Changing the Paradigm Between Cybersecurity and Law

Harvard Faculty, Fellows, Staff, and Students

Andrea Matwyshyn is an academic and author whose work focuses on technology and innovation policy, particularly information security, consumer privacy, intellectual property, and technology workforce pipeline policy. Professor Matwyshyn is a US-UK Fulbright Commission Cyber Security Scholar award recipient in 2016-2017, collaborating with the University of Oxford Global Cyber Security Capacity Centre. She is a (tenured full) professor of law / professor of computer science (by courtesy) at Northeastern University, a faculty affiliate of the Center for Internet and Society at Stanford Law School, and a visiting research collaborator at the Center for Information Technology Policy at Princeton University, where she was the Microsoft Visiting Professor of Information Technology Policy during 2014-15.

About

Andrea Matwyshyn is an academic and author whose work focuses on technology and innovation policy, particularly information security, consumer privacy, intellectual property, and technology workforce pipeline policy. Professor Matwyshyn is a US-UK Fulbright Commission Cyber Security Scholar award recipient in 2016-2017, collaborating with the University of Oxford Global Cyber Security Capacity Centre. She is a (tenured full) professor of law / professor of computer science (by courtesy) at Northeastern University, a faculty affiliate of the Center for Internet and Society at Stanford Law School, and a visiting research collaborator at the Center for Information Technology Policy at Princeton University, where she was the Microsoft Visiting Professor of Information Technology Policy during 2014-15.

 

She has worked in both the public and the private sector. In 2014, she served as the Senior Policy Advisor/ Academic in Residence at the U.S. Federal Trade Commission. As public service, she has testified in Congress on issues of information security regulation, and she maintains ongoing policy engagement. Prior to entering the academy, she was a corporate attorney in private practice, focusing her work on technology transactions. She continues to maintain collaborative technology industry relationships.

Professor Matwyshyn has previously held primary appointments in University of Pennsylvania's Wharton School, Northwestern University School of Law, and the University of Florida Levin College of Law. She has also held visiting appointments or affiliations at the University of Oxford, University of Cambridge, University of Edinburgh, Singapore Management University, Indian School of Business and University of Notre Dame.

 

In her words: "This talk challenges the basic assumptions of the emerging legal area of “cyber” or “cybersecurity.” I argue that the two dominant “cybersecurity” paradigms – information sharing and deterrence –channel law and policy in misguided directions. In their current form they will neither meaningfully thwart technology-mediated attacks on our national security nor meaningfully bolster consumer protection. Drawing insights from the work of philosopher of science Michael Polanyi, I reverse engineer the “cybersecurity” conversation. I identify four flaws that are currently pervasive in the legal academic and policy analysis of security – privacy conflation, incommensurability, internet exceptionalism, and technology unsuitability. I then offer a radically new paradigm – reciprocal security inducement. Reciprocal security inducement reframes the information security conversation around key two elements: information vigilance infrastructure and defense primacy. I conclude with a series of concrete legal and policy proposals embodying the reciprocal security inducement paradigm."