412 Items

A close-up of a person scrolling on their smartphone.

AP Photo, File

Analysis & Opinions - Inkstick

Reframing the Debate on Cybersecurity Regulations

| July 17, 2022

In February 2012, the first significant attempt to set mandatory cybersecurity requirements and response plans for critical infrastructure was introduced in Congress. Unfortunately, it was watered down to voluntary standards and failed in the Senate. Opponents of the bill cited fears of overburdening regulations on companies and warnings of over-simplistic box-checking and minimum compliance. Business groups championed the narrative of big government to ensure the bill’s demise — and that narrative persists to this day.

Photo of the inside of a computer is seen on Feb 23, 2019, in Jersey City, N.J.

(AP Photo/Jenny Kane, File)

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

The Geopolitics of Digital Standards

| July 2022

This brief outlines what digital standards are and how the United States, European Union, and China approach standards development. It examines the implications of China’s efforts to advance a new model of cyber sovereignty through its “New IP” proposal to illustrate that overhauls of existing infrastructure-level standards are unlikely, but foreshadow the changing nature of standards from a historically apolitical domain to one of geopolitical importance. Finally, it offers considerations for the development of a long-term strategy that focuses on technology areas of strategic interest to the U.S. at the application layer through targeted regulations that promote a free, open, and democratic internet while maintaining a clear and technically informed understanding of what is likely to change (and what is not) at the infrastructure level.

Map with various borders

Adobe Stock

Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Soberanía y localización de datos

    Author:
  • Emily Wu
| Original publication July 2021; translated 2022

Spanish translation (2022) of original English version of "Sovereignty and Data Localization" paper by Emily Wu.  

Las políticas sobre localización de datos les imponen a las empresas la obligación de almacenar y procesar los datos de manera local, en lugar de utilizar servidores ubicados fuera del país. La adopción de leyes sobre localización de datos ha venido aumentando, impulsada por el temor a que la soberanía de los países se vea amenazada debido a su incapacidad para ejercer pleno control sobre la información que almacenan fuera de sus fronteras. Este es un tema particularmente relevante para los Estados Unidos, si tenemos en cuenta su dominio en múltiples áreas del ecosistema digital, entre otras, la inteligencia artificial (IA) y la computación en la nube.

A lock on top of a keyboard and credit cards

Towfiqu Barbhuiya

Analysis & Opinions - Belfer Center for Science and International Affairs, Harvard Kennedy School

Preemption in Federal Data Security and Privacy Legislation

    Authors:
  • Tatyana Bolton
  • Brandon Pugh
  • Sofia Lesmes
  • Cory Simpson
| June 14, 2022

The Belfer Center's Cyber Project and the R Street Institute's Cybersecurity and Emerging Threats Team have been working together to identify roadblocks to a federal data security and privacy law, drawing upon research and engagement with stakeholders to identify and recommend appropriate courses of action to find compromise on federal legislation. Ongoing research also includes topics like civil rights in privacy, arbitration and covered entities and data.

Federal Trade Commission building

Ian Hutchinson

Analysis & Opinions - Belfer Center for Science and International Affairs, Harvard Kennedy School

The Role of the Federal Trade Commission in Federal Data Security and Privacy Legislation

    Authors:
  • Tatyana Bolton
  • Brandon Pugh
  • Sofia Lesmes
  • Cory Simpson
| June 14, 2022

The FTC already enforces some privacy legislation and seeks to expand on its role in data privacy. As federal data and privacy bills are considered, it is therefore critical that we understand the role the FTC might play in overseeing and enforcing such legislation as well as the important role that lawmakers will have in setting parameters for the FTC.

Hands holding a smart phone.

Freestocks

Analysis & Opinions - Belfer Center for Science and International Affairs, Harvard Kennedy School

Limiting a Private Right of Action in Federal Data Security and Privacy Legislation

    Authors:
  • Tatyana Bolton
  • Brandon Pugh
  • Sofia Lesmes
  • Cory Simpson
| June 14, 2022

Congress’s decision regarding who they choose to empower—be it individuals, state attorneys general, one or more federal agencies, or a combination thereof—will dictate the true shape of the law, once passed. If individuals are empowered with an enforcement role—that is, if a private right of action (PRA) is established—it is important to outline the structure, procedures and limits to craft a fair and functional law.

Blue lights connected against a black background

Conny Schneider

Analysis & Opinions - Belfer Center for Science and International Affairs, Harvard Kennedy School

Answers to Tough Questions: the Framework of a Federal Data Security & Privacy Law

    Authors:
  • Tatyana Bolton
  • Brandon Pugh
  • Sofia Lesmes
  • Cory Simpson
| June 14, 2022

This one-pager is an overview and precursor to a series of policy recommendations for a federal data privacy and security law, which answer and expand on the concepts of preemption, private right of action, and the role of the FTC.