Plan: The United States Federal government should

substantially curtail its domestic surveillance by amending the

Health Insurance Portability and Accountability Act to
eliminate its provisions allowing for disclosure of medical
records on the basis of essential government functions and law
enforcement purposes.

1AC Trust
Shift to EMRs creates new wave of suspicion over patient
confidentiality- poses unique threat to doctor-patient trust
Healy 09
(Bernadine, M.D., cardiologist, U.S.News & World Report's health editor and author
of the magazine's On Health column, is the former head of the National Institutes of
Health, the American Red Cross, and the College of Medicine and Public Health at
Ohio State University, U.S. News, Electronic Medical Records: Will Your Privacy Be
Safe?, 2009, http://health.usnews.com/health-news/blogs/heart-toheart/2009/02/17/electronic-medical-records-will-your-privacy-be-safe) /jdi-mm
Doctors are supposed to be nosy. It's not just that they examine your naked body inside and out and record all its imperfections.

Physicians are trained to peer into your life , past and present, and ask all sorts of
sensitive, if not uncomfortable, questions. Have you ever used marijuana or cocaine? How about steroids? How many
sexual partners? Ever had a sexually transmitted disease? An abortion? Had sex with the same sex? How much do you smoke or
drink? Have you used Botox or had plastic surgery? Have you been depressed or been treated for mental illness? And how about

But the doctor-patient

relationship was never meant to be other than confidential and privileged
and solely for the benefit of the patient. Patients expect it, or they would not
be forthcoming. And doctors take the Hippocratic oath, pledging to hold sacred their patients' secrets.
This pledge of confidentiality, however, is now challenged by a world where
computers rule and health information falls into many hands. One might well ask
whether medical privacy is just too outmoded a concept for today's information-hungry world. We had better decide. Electronic
medical records have become a national goal , a way to replace the highly
fragmented and inefficient paper system used in most medical settings today . President
Obama has made revamping the medical system a top priority, with the national
electronic medical record first up in healthcare reform. Indeed, the economic stimulus package
your marriageor marriages? You get the gist; the experience is intrusive.

assigns billions of dollars to that effort. In light of public sensitivity, this major jump-start for centralized records comes with

However much we Facebook or Twitter about personal stuff,

the public remains jittery about losing control of personal health
information. Americans treasure their zone of privacy, and polls show they fear
that government does not protect nearly well enough the medical information it
already accesses. Clearly, once sensitive information is out there, it can't be brought back. Look at Alex Rodriguez. A
provisions to further strengthen privacy laws.

breached pledge to keep confidential those urine tests for steroids taken in 2003 has left his career a shambles, and 103 other
players are waiting for their results to be leaked to the press, too. Their past transgressions notwithstanding, more than 1,000
ballplayers consented to these tests back then, with the understanding that results would be anonymous. The findings were to be
destroyed after the league assessed the magnitude of the problem. (In a similar design years ago, anonymous HIV testing studies
helped reveal the size of the AIDS epidemic.) The players' data led to what are now stringent drug testing and penalties, as there
were none at the time. It's easy to translate this situation to a violated personal medical record or, on a larger scale, a research

Imagine if researchers culled the national health record for information on

sensitive groups, whether they be HIV carriers or illegal-drug users. If one of the
subjects in the study were under government investigation, might not the other
records be sucked up in a sting? Not too far-fetched. The Institute of Medicine issued a report on
study.

privacy of medical records in early February that fuels this concern. The IOM started with the premise that protections for electronic
medical records are a must, because the benefit of health IT is so great. The records will speed up access to a patient's health

Access to the online digital record by

researchers also means massive medical databases can be searched, shared,
analyzed, and drawn upon. Epidemiological research would be carried out on
a scale never before imagined, to improve care, develop better practice guidelines, and determine costinformation, cut down on redundant care, and reduce medical errors.

Recognizing the importance of the public's confidence in the

sanctity and confidentiality of medical records, the IOM came down hard on the
current privacy protections that are supposed to ensure this. The group concluded
that government rules to protect patients' medical records are simply inadequate. At
best, they should be scrappedor overhauled, at the very least. The report also points to the many security
breaches of medical record databases, covering tens of thousands of
patients, that have occurred in the past two years, and cites this as a
growing problem. Lack of confidentiality protections for a far more
extensive national online record system would surely cause major unrest
among most Americans. Despite its shortcomings, the paper record distributed across hospitals and doctors'
offices has a limited ability for wide dissemination. A centralized, integrated, electronic record with
access to all Americans' files would not only contain more information, but its
potential distribution could be measured in the millions, not just the few who could
lay their hands on a chart. Would most of those unauthorized eyeballs be gazing for
the patient's benefit? Don't think so.
effectiveness.

Trust on the brink due to wave of security breaches, no

safeguards
Cleave 15
(Kris, CBS News, As more medical records go online, government scrutiny lags,
2015, http://www.cbsnews.com/news/government-appears-lax-in-enforcing-securityof-patient-data/) /jdi-mm
In the wake of the massive security breach at health-insurance provider Anthem ,
there's concern the health care sector is increasingly vulnerable to hacks
because the industry has been transitioning from paper to digital records.
"Digitized health records are jet fuel for medical identity theft," said Pam Dixon, a
researcher of medical data breaches for the World Privacy Forum . She's concerned the
federal government's $26 billion investment in electronic health records, is not
secure. "The healthcare system built a digital record system without building the
corresponding privacy-security safeguards," said Dixon. Federal law requires medical
providers to protect patient data, but the Department of Health and Human Services
admits -- to date -- it has audited only 115 healthcare providers out of an
estimated 700,000. That comes as a recent survey of health care professionals
found 45 percent fear their organizations have not properly implemented security
measures. And healthcare data breaches continue to rise from 86 in 2011 to 333 last year,
prompting the FBI to issue two warnings to the healthcare industry.

Keeping medical records private is the lynchpin of the doctorpatient trust relationship- breaches in privacy eviscerates the
relationship, causes patients to avoid the healthcare industry
and kills medical research- guaranteed right to privacy key
Pritts 08
(Joy, JD, National Academy of Sciences, The Importance and Value of Protecting the
Privacy of Health Information: The Roles of the HIPAA Privacy Rule and the Common

Rule in Health Research, 2008, http://www.iom.edu/~/media/Files/Activity

%20Files/Research/HIPAAandResearch/PrittsPrivacyFinalDraftweb.ashx) //jdi-mm
If privacy is essentially having or being in a relatively personal space , it is difficult
to think of an area more private than an individuals health or medical
information. Medical records can include some of the most intimate details about
a persons life. They document a patients physical and mental health , and can include
information on social behaviors, personal relationships and financial status.36 It is hardly
surprising that when surveyed, people consistently report that they are concerned
about protecting the privacy and confidentiality of such personal
information. In one recent survey, 67% of respondents said they were concerned
about the privacy of their medical records, with ethnic and racial minorities showing
the greatest concern.37 When presented the possibility that there would be a
nationwide system of electronic medical records, 70% of respondents were
concerned that sensitive personal medical-record information might be
leaked because of weak data security, 69% expressed concern that there
could be more sharing of medical information without the patient's
knowledge and 69% were concerned that strong enough data security will
not be installed in the new computer system.38 People have identified being in control of who
could get information about them; being able to share confidential matters with someone they trust; and controlling what
information is collected about them as three of the facets of privacy that were most important to them.39 Half of the respondents in
a recent survey believed that [P]atients have lost all control today over how their medical records are obtained and used by
organizations outside the direct patient health care such as life insurers, employers, and government health agencies.40 These

public opinions about the privacy of health information reflect in a very real way
the practical importance of privacy to members of the public . They desire
control over and security and confidentiality of their health information. They want
to know who is using their information and why . A significant portion of Americans are concerned enough
about the privacy of their health information that they take matters into their own hands. In response to a recent California

respondents reported that they had engaged in a

behavior intended to protect his or her privacy, including taking such actions as
avoiding their regular doctor, asking their doctor not to record their health
information or to fudge a diagnosis, paying out of pocket so as not to
file an insurance claim and even avoiding care altogether.41 In very
functional terms, adequately protecting the privacy of health information
can help remedy these concerns and, hopefully, reduce this behavior. Ensuring privacy can
promote more effective communication between physician and patient ,
which is essential for quality of care, enhanced autonomy, and preventing economic
harm, embarrassment and discrimination.42 A number of studies suggest that the relative
strength of confidentiality protections can play an important role in
peoples decisions whether to seek or forgo treatment , particularly with respect to mental
health and substance abuse.43 The willingness of a person to make self-disclosures necessary
to such mental health and substance abuse treatment may decrease as the
perceived negative consequences of a breach of confidentiality increase .44 Privacy
or confidentiality is particularly important to adolescents who seek health
care. When adolescents perceive that health services are not confidential, they
report that they are less likely to seek care , particularly for reproductive health matters or substance
HealthCare Foundation survey, one out of eight

abuse.45 These studies show that protecting the privacy of health information is essential to ensuring that individuals will obtain
quality care. Protecting privacy is also seen by some as enhancing data quality for research and quality improvement initiatives.

When individuals avoid health care or engage in other privacy protective

behaviors, such as withholding information or doctor shopping, inaccurate

and incomplete data is entered into the health care system. This data,
which is subsequently used for research, public health reporting, and
outcomes analysis carries with it the same vulnerabilities. Ensuring
individuals that the privacy and confidentiality of health information will be
protected should reduce these behaviors and result in more complete and accurate
data for these research, public health and quality purposes .

Trust key to solve bioterror- research, response and treatment

Jacobs, 5 MD; Boston University professor of medicine
[Alice, director of Cardiac Catheterization Laboratory and Interventional Cardiology,
"Rebuilding an Enduring Trust in Medicine," Circulation, 2005,
circ.ahajournals.org/content/111/25/3494.full#xref-ref-3-1, accessed 8-18-14]
there is an internal disease of
that confronts us as scientists, as physicians, and as healthcare professionals. It is a threat to us allinsidious
and pervasiveand one that we unknowingly may spread. This threat is one of the most critical issues facing our
profession today. How we address this problem will shape the future of medical care. This issue is the erosion of trust. Lack of
trust is a barrier between our intellectual renewal and our ability to deliver this new knowledge
to our research labs, to our offices, to the bedside of our patients, and to the public. Trust is a vital, unseen, and
essential element in diagnosis, treatment, and healing. So it is fundamental that we understand what it is, why its important in medicine,
To be sure, we will learn about the emerging science and clinical practice of cardiovascular disease over the next four days. But
the heart

its recent decline, and what we can all do to rebuild trust in our profession. Trust is intrinsic to the relationship between citizens around the world and the institutions that serve their
needs: government, education, business, religion, and, most certainly, medicine. Albert Einstein recognized the importance of trust when he said, Every kind of peaceful cooperation
among men is primarily based on mutual trust.1 In our time, trust has been broken, abused, misplaced, and violated. The media have been replete with commentaries, citing stories of
negligence, corruption, and betrayal by individuals and groups in the public and private sectors, from governments to corporations, from educational institutions to the Olympic
Organizing Committee. These all are front-page news. Perhaps the most extreme example is terrorism, in which strangers use acts of violence to shatter trust and splinter society in an
ongoing assault on our shared reverence for human life. Unfortunately, we are not immune in our own sphere of cardiovascular medicine. The physician-investigator conflicts of interest
concerning enrollment of patients in clinical trials, the focus on medical and nursing errors, the high-profile medical malpractice cases, the mandate to control the cost of health care in
ways that may not be aligned with the best interest of the patientall of these undermine trust in our profession. At this time, when more and more public and private institutions have
fallen in public esteem, restoring trust in the healthcare professions will require that we understand the importance of trust and the implications of its absence. Trust is intuitive
confidence and a sense of comfort that comes from the belief that we can rely on an individual or organization to perform competently, responsibly, and in a manner considerate of our
interests.2 It is dynamic, it is fragile, and it is vulnerable. Trust can be damaged, but it can be repaired and restored. It is praised where it is evident and acknowledged in every
profession. Yet it is very difficult to define and quantify. Trust is easier to understand than to measure. For us, trust may be particularly difficult to embrace because it is not a science.

trust is inherent to our profession, precisely

turn to us in their most vulnerable moments, for knowledge about their health and
disease. We know trust when we experience it: when we advise patients in need of highly technical
procedures that are associated with increased risk or when we return from being away to learn that our patient who became ill waited for us
to make a decision and to discuss their concerns, despite being surrounded by competent colleagues acting on our behalf. Many thought leaders in the medical
field understand the importance of trust.3 When asked whether the public health system
could be overrun by public panic over SARS and bioterrorism, C enters for D isease C ontrol and Prevention Director Julie
Gerberding replied, You can manage people if they trust you. Weve put a great deal of
effort into improving state and local communications and scaled up our own public affairs capacitywere building credibility, competence
and trust.4 Former H ealth and H uman S ervices Secretary Donna Shalala also recognized the importance of trust
when she said, If we are to keep testing new med icine s and new approaches to curing
disease, we cannot compromise the trust and willingness of patients to participate in
clinical trials .5 These seemingly intuitive concepts of the importance of trust in 21st century medicine actually have little foundation in our medical heritage. In fact, a
Few instruments have been designed to allow us to evaluate it with any scientific rigor. Yet,
because patients

review of the early history of medicine is astonishingly devoid of medical ethics. Even the Codes and Principles of Ethics of the American Medical Association, founded in 1847, required
patients to place total trust in their physicians judgment, to obey promptly, and to entertain a just and enduring sense of value of the services rendered.6 Such a bold assertion of the
authority of the physician and the gratitude of the patient seems unimaginable today. It was not until the early 1920s that role models such as Bostons Richard Cabot linked patientcentered medical ethics with the best that scientific medicine had to offer,6 and Frances Weld Peabody, the first Director of the Thorndike Memorial Laboratory at the Boston City
Hospital, crystallized the ethical obligation of the physician to his patient in his essay The Care of the Patient.7 In one particularly insightful passage, Peabody captures the essence of
the two elements of the physicians ethical obligation: He must know his professional business and he must trouble to know the patient well enough to draw conclusions, jointly with the

The care of the patient

must be completely personal. The significance of the intimate personal relationship between physician and
patient cannot be too strongly emphasized, for in an extraordinarily large number of cases
both diagnosis and treatment are directly dependent on it. Truly, as Peabody said, The secret to the care of the patient
is in caring for the patient.7 This concept that links the quality of the physician-patient relationship to
health outcomes has indeed stood the test of time. Trust has been shown to be important in its own
right. It is essential to patients, in their willingness to seek car e, their willingness to reveal
sensitive information, their willingness to submit to treatment, and their willingness to follow
recommendations. They must be willing for us to be able.
patient, as to what actions are indeed in the patients best interest. He states: The treatment of a disease may be entirely impersonal:

Extinction- engineered pathogens

Sandberg, 8 -- Oxford University Future of Humanity Institute research fellow
[Anders, PhD in computation neuroscience, and Milan Cirkovic, senior research associate at
the Astronomical Observatory of Belgrade, "How can we reduce the risk of human
extinction?" Bulletin of the Atomic Scientists, 9-9-2008, thebulletin.org/how-can-we-reducerisk-human-extinction, accessed 8-13-14]

The risks from anthropogenic hazards appear at present larger than those from natural ones. Although great progress has been made in reducing the
number of nuclear weapons in the world, humanity is still threatened by the possibility of a global thermonuclear war and a resulting nuclear winter. We
may face even greater risks from emerging technologies.

Advances in synthetic biology might make it possible to

engineer pathogens capable of extinction-level pandemics. The knowledge, equipment,

and materials needed to engineer pathogens are more accessible than those needed to
build nuclear weapons. And unlike other weapons, pathogens are self-replicating, allowing a
small arsenal to become exponentially destructive. Pathogens have been implicated in the
extinctions of many wild species. Although most pandemics "fade out" by reducing the
density of susceptible populations, pathogens with wide host ranges in multiple species
can reach even isolated individuals. The intentional or unintentional release of engineered pathogens with
high transmissibility, latency, and lethality might be capable of causing human extinction.
While such an event seems unlikely today, the likelihood may increase as biotechnologies continue to improve at a rate rivaling Moore's Law.

1AC Privacy
Medical record surveillance causing spikes in privacy concernsexacerbated by EMR shiftMcCann 14
(Erin McCann, Editor at Healthcare It News who covers health privacy issues along with healthcare and ambulatory
problems, Trust Issues Over Health Privacy Persist, Healthcare It News,
http://www.healthcareitnews.com/news/trust-issues-over-health-privacy-persist, 11/5/14)/LGE
Healthcare industry, listen up: You've got a consumer distrust issue on your hands.

The majority of American

consumers continue to have serious doubts over the privacy and security of their
medical records so much so that a sizable number of them actually withheld
information from care providers over those concerns. This according to a new Office of the National
Coordinator for Health IT survey, which took a pulse of consumer perceptions toward healthcare privacy and security. The numbers

After surveying more than 2,000 consumers, ONC officials found that about
three-quarters of them were either very or somewhat concerned over the privacy
and security of their medical records . What's more, 10 percent of respondents
withheld information from their healthcare provider who used an electronic health
record. (This compared to the 6 percent who withheld data from providers who used paper medical records.) The differences
are telling.

between the two were not statistically different, ONC pointed out. The lion's share of Americans are also not keen on their medical
records being sent electronically or through fax, with about 60 percent of consumers indicating concern over unauthorized access of
their medical records when they're sent in these two forms.

These numbers appear to align with a similar

study conducted by Harvard researchers just last year. The study, which assessed
the privacy perceptions of U.S. adults, found similarly that more than 12 percent of
the 1,500 respondents withheld information from care providers over medical
security concerns. Findings supported "the need for enhanced and sustained measures to ensure the confidentiality,
integrity and availability of PHI," Harvard School of Public Health researchers wrote in the study.

Biosurveillance creates a self-serving governmental system

that destroys privacy and results in endless governmental
interference
Hollingsworth 14
(Barbara, Senior Editor, CNS News, Federal Biosurveillance Plan Seeking Direct
Access to Americans Private Medical Records, May 20, 2014,
http://cnsnews.com/news/article/barbara-hollingsworth/federal-biosurveillance-planseeking-direct-access-americans) /jdi-mm
The federal government is piecing together a sweeping national biosurveillance
system that will give bureaucrats near real-time access to Americans private
medical information in the name of national security , according to Twila Brase, a public health nurse
and co-founder of the Citizens Council for Health Freedom. The Department of Health and Human Services (HHS) Office of the
Assistant Secretary for Preparedness and Response is currently seeking public comment on a 52-page draft of the proposed
National Health Security Strategy 2015-2018 (NHSS). The deadline for comment is 5 pm EST on May 21st. (See Draft National
Health Security Strategy 2015-2018.pdf) Health situational awareness includes biosurveillance and other health and non-health
inputs (e.g., lab/diagnostics, health service utilization, active intelligence, and supply chain information), as well as systems and
processes for effective communication among responders and critical health resource monitoring and allocation, the draft states.

the NHSS proposal would allow the federal government to monitor an

individuals behavior before, during and after any government-defined health
incident which could be anything from a local outbreak of the flu to a terrorist
anthrax attack. Its very broad. It doesnt seem to have any limits, except they say something about, you
But Brase warns that

if the government gets access to this kind of

data, [and] is allowed to do research with the data then our privacy has already been
compromised. The government has already said that our data is their data for their purposes of national health security,
Brase told CNSNews.com. Its very clear to us that really the government is moving toward real-time
access, toward close collaboration of government and doctors for ready access to
the electronic medical record and then to conduct research and analysis . I dont think
they ever mentioned the word merging, but this is a very close connection they want between public health,
which is the government, and clinical health, which is your doctors office and the hospital, for whatever diseases they
choose to have reported, she added. Brase noted that the information collected by the government will be allencompassing and include what our health status is, whether we exercise, how
often we get a cold, or what kind of medications were taking . Theyre also looking at the climate,
know, properly protecting the data. But from our perspective,

and the economic condition of the country, as all being a party of this National Health Security Strategy. In other words,

anything and everything could become a health threat by the

governments standards, she said. According to the draft proposal, NHSS will create health situational
awareness by collecting, aggregating and processing data from both traditional and nontraditional sources (such as social media)
and from various governmental and nongovernmental stakeholders.Decision-makers will have the capability to visualize and
manipulate data from many sources to create an operational picture suited to the specific situation and the decisions before them.
But Brase warns that the governments biosurveillance plan is much more intrusive than the data
collection currently being done by the Centers for Disease Control and Prevention (CDC). Were of the mind that the Fourth
Amendment actually means something, so you cant access everybodys patients medical record just because you say there is a
security threat or just because you say its good for the American public, she told CNSNews.com. But the fact of the matter is that

HIPPA already allows the federal government

and the state government and the local government and anyone who is a public
health agency to have access to our medical records - identifiable medical records without our consent. Its in the HIPPA Privacy Rule, which has the full force and effect of law. But that wasnt actually put
[the Health Insurance Portability and Accountability Act]

in by Congress. It was put in by the Department of Health and Human Services. (See
HIPAAPrivacyRegs_EconomicStimulusChanges.pdf) One of the dangers, Brase pointed out, is that this vast amount of medical data

it could be the
entire electronic medical record, it could be that they just have ready access to the
electronic medical records because its on a state health information exchange, for
instance, and if they are one of the partners in the state health information
exchange, they can start this data draw. One of the things we look at is how
research can be done in a way to push policies that we disagree with. They come up
with findings that nobody else can validate because nobody else has access to all
that data the way the government has, and nobody can ever counter it , Brase told
warehoused in a giant electronic database will only be available to government-approved researchers. Now,

CNSNews.com.

Medical records lynchpin to privacy

AHIMA 99
(AHIMA, Confidentiality of Medical Records A Situation Analysis and AHIMA's
Position, 1999,
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok2_000623.hcsp?
dDocName=bok2_000623) /jdi-mm
Every American, from the beginning of life to its end, enjoys a fundamental, but not
absolute, right to privacy that is deeply rooted in both tradition and law. In no area
is this right more cherished, or more unsettled, than in protecting the confidentiality of
identifiable personal health information, as lawmakers, judges, and healthcare

professionals struggle to balance individual privacy interests against other strong societal
interests.

1AC Impact Cybersecurity

NSA surveillance programs undermine privacy and kills
cybersecurity
Nicks 14
[Denver, Staff Writer for the Time, NSA Spying Hurts Cybersecurity for All of Us Say
Privacy Advocates, 7/8/14, TIME, http://time.com/2966463/nsa-spyingsurveillance-cybersecurity-privacy-advocates-schneier// JDI-DJR]
The surveillance debate has focused on the legality of spying on Americans but some
say the biggest danger is in the methods the NSA uses. Privacy advocates Monday
slammed the National Security Agency for conducting surveillance in a way they say
undermines cybersecurity for everyone and harms U.S. tech companies. We have
examples of the NSA going in and deliberately weakening security of things that we use
so they can eavesdrop on particular targets, said Bruce Schneier, a prominent cryptography writer
and technologist. Schneier referenced a Reuters report that the NSA paid the computer
security firm RSA $10 million to use a deliberately flawed encryption standard to
facilitate easier eavesdropping, a charge RSA has denied. This very act of undermining not only
undermines our security. It undermines our fundamental trust in the things we use to achieve security. Its very
toxic, Schneier said. In the year since former NSA contractor Edward Snowdens first leaks ,

attention has
focused on the Agencys surveillance itself, fueling debates over whether it is legal
and ethical to spy on American citizens or to eavesdrop on the leaders of allied countries . NSA
policies that intentionally undermine cybersecurity too often get left out of the
debate, said panelists Monday at a New American Foundation event titled National Insecurity Agency: How the
NSAs Surveillance Programs Undermine Internet Security. If the Chinese government had proposed to put in a
backdoor into our computers and then paid a company $10 million to make that the standard we would be furious,
said Joe Hall, chief technologist at the Center for Democracy and Technology. Thats exactly what the NSA has
become: the best hacker in the entire world. In a statement to TIME, the NSA denied it had made the Internet less
secure. While we cannot comment on specific, alleged intelligence-gathering activities, NSAs interest in any given
technology is driven by the use of that technology by foreign intelligence targets. The United States pursues its
intelligence mission with care to ensure that innocent users of those same technologies are not affected,
spokesperson Vanee Vines said. Our participation in standards development has strengthened the core encryption
technology that underpins the Internet. NSA cannot crack much of the encryption that guards global commerce
and we dont want to. The tension arises due to the two competing missions of the National Security Agency:
electronic surveillance and protecting U.S. systems from cyberattacks. Nearly all of our online communications are
encrypted in some way against cyberattack, to protect our bank accounts from thieves and our intimate lives from
nosy neighbors. This poses a challenge for the NSA as the agency, since September 11, 2001, has focused less on
agents of foreign governments and more on ferreting out terrorist threats. Inevitably the data of innocent people
gets caught its dragnet. A Washington Post report Sunday estimated that 90 percent of those caught in the
agencys data surveillance netincluding intimate communications like family photographs and emails between

The agency
has sought to install backdoors, hardware and software systems with deliberately
weakened security, into some of the most commonly used tech products, as it did in
the program codenamed PRISM. American tech companies say this hurts their
business in the international marketplace, where users arent keen to use software
that comes bugged by an American intelligence agency . Major tech firms, including Google,
loversare everyday Internet users not suspected of wrongdoing, many of them American citizens.

supported an amendment to the defense budget in May to prohibit the NSA from using funds for this kind of
backdoor surveillance. Maybe a year ago this sort of language might have seemed unnecessary, Google Privacy
Policy Counsel David Lieber said, but now its actually really important to restore trust that these sorts of things are
not being requested and/or required of companies. Critics, like panelist Amie Stepanovich, senior policy counsel for

the web freedom group Access, say NSA has also worked to crack and undermine encryption
standards set by the National Institute of Standards and Technology (the body that

establishes the security standards that help protect our email accounts, banking
websites, etc.), and hoarded indexes of computer bugs the agency uses to hack into
machines rather than reveal the vulnerabilities so they can be fixed . In the wake of
apparently unfounded accusations that the NSA knew about the Heartbleed bug and didnt help fix it, the
administration announced this spring it has re-invigorated existing policy on how it decides whether or not to

disclose or exploit security vulnerabilities it finds. Building up a huge stockpile of undisclosed

vulnerabilities while leaving the Internet vulnerable and the American people
unprotected would not be in our national security interest. But that is not the same as arguing that we
should completely forgo this tool as a way to conduct intelligence collection, White House Cybersecurity
Coordinator Michael Daniel wrote in April. At its core the question comes down to a cost benefit analysis .

The
fundamental issue, Schneier said, is should we compromise the security of everybody
in order to access the data of the few.

This is vital to secure critical infrastructure --- impact is hege,

the economy, food prices, energy shocks, and chemical
industry
Sebastian 09 (Rohan,- research for the office of Virginia Senator Mark Warner
CS Computer Science from UVA, 6-24 The Federal Governments Role in Preserving
Cybersecurity for Critical Infrastructure)
The intersection of critical infrastructure and cyberspace has presented many challenges to policymakers.

Critical infrastructure includes areas like the water and food supply,
telecommunications, nuclear power, transportation, banking, and energy ---areas
crucial to the functioning of society. Eighty percent of this critical infrastructure is owned by the
private sector. The continual delegation of control of critical infrastructure to cyberspace without regard to security
has posed many vulnerabilities that malicious actors could exploit. To address these vulnerabilities, policymakers
can utilize three options: strengthening partnerships between the public and private sectors, installing a White
House official to deal solely with cyber security issues, and encouraging collaboration between critical
infrastructure operators for coordinating best practices and crisis management. In conclusion, this analysis
recommends that the federal government follow a course incorporating all three options because the effects could
be mutually reinforcing. A long term solution to cybersecurity must take note of the private sectors insight to be
successful; a national dialogue on the importance of cyber security needs to take its cue from the White House; in
the meanwhile, proprietors of critical infrastructure should ensure that they can reduce the damage caused by
disasters or attacks by establishing clear lines of communication.

[End of Abstact Start of Intro]

Critical Infrastructure Government and the private sector have reaped digital networkings benefits by using

access to
critical infrastructure from cyberspace has placed these systems at risk of
destruction by other countries, malicious actors, or terrorists. This analysis proposes three
computer networks to control vital parts of critical infrastructure from cyberspace. However, remote

options that the federal government can implement: strengthening partnerships between the public and private
sectors, integrating resources under a White House official, and increasing collaboration between levels of critical
infrastructure. After scrutinizing these options under the criteria of political feasibility, industry acceptance, and
efficacy, this analysis recommends that the federal government pursue a combination of all three policy options.

Critical infrastructure includes areas such as transportation, water supplies, public

health, telecommunications, energy, banking and finance, emergency and
information services, nuclear facilities, food supplies, and defense and chemical
industries (Moteff & Parfomak, 2004). According to the Department of Homeland Securitys National Strategy
for Homeland Security, critical infrastructure consists of assets, systems, and networks, whether physical or
virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on
security, national economic security, public health or safety, or any combination thereof (Homeland Security

Council, 2007). Figure 1 illustrates the myriad of infrastructures and their interdependencies with one another.

critical infrastructures comprise the foundation for the modern economy

and national security, so the federal government shares responsibility for protecting them. However, the
government rests in a precarious position because the private sector owns about eighty percent of
Simply put,

critical infrastructure (Forest, 2006, p. 78). Furthermore, about eighty percent of all American commerce occurs on
privately owned telecommunications networks, primarily the Internet (Theohary, 2009, p. 20 ).

Even the most

valuable national defense systems rely on privately owned telecommunications
networks (National Security Agency, 2009). As digital networking proliferates through society, builders will delegate
control of more and more parts of critical infrastructure to the realm of cyberspace. In fact, every piece of software
added to a system expands the attack surface accessible to external actors (Welander, 2009, p. 42). Therefore,
cybersecurity is necessary to safeguard this infrastructure. The Need for Cybersecurity Proprietors often control
critical infrastructure from cyberspace. According to the National Security Presidential Directive 54 and Homeland
Security Presidential Directive 23 issued by the George W. Bush Administration, cyberspace consists of the
interdependent network of information technology infrastructures, and includes the Internet, telecommunications
networks, computer systems, and embedded processors and controllers in critical industries (as cited in National
Cyber Security Center, 2009, p. 11). The intersection of critical infrastructure and cyberspace means that
policymakers should strive to establish security while retaining a relatively open cyberspace. Several government

the catastrophic effects of compromised cybersecurity . Paul Kurtz,

a cataclysm in which
government agencies would fail to coordinate after a cyber attack and would
subsequently collapse (Epstein, 2009). Mike McConnell, a former director of both the National Security
officials have emphasized

an advisor on President Obamas transition team, warned of a cyber Katrina,

Agency and National Intelligence, declared that if the September 11th, 2001, hijackers had launched a focused
attack on an American bank, the economic ramifications would have been of an order of magnitude greater than
the destruction of the World Trade Center (Harris, 2008). Former cyber security advisor Richard Clarke, who served
in the Clinton and Bush Administrations, asserted that the primary target for a terrorists cyber attack would be
the economy whereas casualties and chaos would be secondary (as cited in Rollins & Wilson, 2007, p. 3). In fact,

cyber attacks against financial sectors and

physical infrastructure could severely impact the national economy and disturb
energy sources like oil and electricity for an indefinite period (Annual Threat Assessment, 2009).
Director of National Intelligence Dennis Blair stated that

Beyond threatening the private sector, intruders have been specifically targeting the federal governments
information technology infrastructure. A report by the International Business Machines Corporation revealed that of
the 237 million security attacks carried out in the first half of 2005, more than twenty-two percent, the highest
percentage against any given group, aimed for government agencies (Fitzgerald, 2006, p. 57). Between 2008 and
March 2009, the number of attacks against federal computer networks swelled about forty percent (Smith, 2009).
The Department of Defense dubbed the militarys electronic information infrastructure

the American militarys

Achilles heel (Defense Science Board, 2008).

Though these assorted officials would concur on the gravity of

cybersecurity, they might dissent on the correct policy solution. As the White Houses Cyberspace Policy Review
pointed out, cyberspace policy envelops the following: security of and operations in cyberspace,,the full range of
threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and
recovery policies and activities, including computer network operations, information assurance, law enforcement,
diplomacy, military, and intelligence missions as they relate to the security and stability of the global information
and communications infrastructure (National Cyber Security Center, 2009, p. 5). This analysis will lay out three
policy options to address these issues. Strengthening Partnerships between the Public and Private Sectors Any

the private sector

eighty percent of the nations critical infrastructure . Legislators cannot
kind of long term solution to cybersecurity threats must consider

since it

owns about

expect a law ignoring the

private sectors input to succeed because businesss efforts will ultimately determine effective cybersecurity
policies. Thus, the government can continue encouraging the deepening of relationships with the private sector.
Advocating a redefinition of governments relationship to the software business, General James Cartwright stated
that government should treat cyber security as a weapon system (Rutherford, 2008). A paradigm shift to Gen.
Cartwrights mindset would be favorable for government and business because the public sector widely uses
private sector products. The Department of Defense, in particular, uses Commercial-Off-the-Shelf products since
these packages are cheaper and more innovative than a government established standard. Communication
between government and the private sector would be helpful for alleviating situations involving systemic software
threats. For example, the Microsoft Windows operating system runs on ninety-five percent of personal computers
worldwide, so hackers often exploit its vulnerabilities. In 2003, the Blaster worm infected some 400,000 host
PCs in a single day. Microsoft responded by permitting several governments across the world to take a peek at
the precious Windows source code for input and disclosure (Taylor, 2003). Thus, government benefitted by
receiving insight into the potential problems the Blaster worm posed; business benefitted by receiving the

governments assistance with this problem. A number of forums already exist to serve as models for more formal
mechanisms of public-private communication. Microsoft created a Security Response Center that works with the
Department of Defense to secure its products (Information Technology in the 21st Century Battlespace, 2003).
Learning from Carnegie Mellon Universitys public-private alliance model, the Department of Homeland Security in
2003 founded the United States-Computer Emergency Readiness Team, a group of government and industry
experts compiling software vulnerabilities (Barnes, 2004, p. 327). Similarly, the Protected Critical Infrastructure
Information Program in the Department of Homeland Security represents the federal governments first ever
mechanism to collect and analyze data from private companies without fear of releasing that data to the public by
the Freedom of Information Act (Grubesic & Murray, 2006, p. 65). In response to the governments creation of
federal agencies like the Critical Infrastructure Assurance Office and National Infrastructure Protection Center in
1998, industry responded with the creation of the Partnership for Critical Infrastructure Security as well as the
generation of Information Sharing Analysis Centers (Michel-Kerjan, 2003, p. 136). Industry agents staff these
Centers, which specialize in areas like telecommunications, electricity, and finance (Michel-Kerjan, 2003, p. 136).

Industry acceptance and

political obstacles could obstruct the way to success . Politically, the Freedom of Information Act,
This analysis evaluates this option under the aforementioned criteria.

which could force the disclosure of details of infrastructure weaknesses to the public, may make private companies
apprehensive about sharing their data with the government. Laws like the Critical Infrastructure Information Act of
2002 protect the private sector from such disclosures, but companies may be reluctant nonetheless (Pozen, 2005,
p. 678). Industry acceptance also affects this options efficacy. There are currently federal organizations like the
United States-Computer Emergency Readiness Team bridging the communication gap between the public and
private sectors, but only serious attention to these programs by both parties will evoke substantive results.
Companies confront a tradeoff between security and efficiency as well as transparency and customer satisfaction.
Noting this trend, Clay Wilson addressed studies revealing a low rate of cybercrime incident reporting because
companies fear consumer backlash from negative publicity (Wilson, 2009, p. 24). According to a study conducted
among Fortune 1000 companies, one of the most trenchant effects of compromised cyber security is damage to 6

This
political feasibility and industry acceptance .
reputation among consumers (Hansen, 2001, p. 1161).

options effectiveness

is directly tied to

Extinction
Adhikari 09 (Richard,- leading journalist on advanced-IP issues for several
major publications, including The Wall Street Journal Civilization's High Stakes
Cyber-Struggle: Q&A With Gen. Wesley Clark (ret.))
The conflicts in the Middle East and Afghanistan, to name the most prominent, are taking their toll on human life
and limb. However, the escalating cyberconflict among nations is far more dangerous, argues
retired general Wesley Clark, who spoke with TechNewsWorld in an exclusive interview. That cyberconflict will take
a far greater toll on the world, contends Clark, who last led the NATO forces to end the ethnic cleansing in Albania.
There is a pressing need for new institutions to cope with the ongoing conflict, in his view. Clark is a member of the
boards of several organizations. He has a degree in philosophy, politics and economics from Oxford University and a
master's degree in military science from the U.S. Army's Command and General Staff College.
Background: In
November 2008, the Center for Strategic and International Studies, a Washington-based bipartisan think tank,
presented recommendations on national security to the then-incoming Obama administration. These called for an
overhaul of the existing national cybersecurity organization. Since then, the state of national cybersecurity has
appeared chaotic. In August, White House cybersecurity adviser Melissa Hathaway resigned for reasons that echoed
the departure in 2004 of Amit Yoran, who then held essentially the same post. In an exclusive interview earlier this
year, Yoran told TechNewsWorld that national cybersecurity was still a mess. TechNewsWorld: Security experts warn
that nations are preparing for a new cyberwar. Is our government doing enough to protect our national cyberinfrastructure? Or is it in the process of protecting the cyber-infrastructure? Gen. Wesley K. Clark: I think we're in
the process of trying to get it protected, but unlike conventional security considerations, where one can easily see
an attack and take the appropriate response, the cyberstruggle is a daily, ongoing affair .

It's a matter of

thousands of probes a day, in and out, against systems that belong to obvious targets like the United
States Department of Defense; not-so-obvious targets like banks and energy companies; and
individual consumers or taxpayers. It's ongoing, it's undeclared, it's often unreported, and it's very much
an ongoing concern at all levels -- business, commerce and individual privacy. TechNewsWorld: The national
security infrastructure has repeatedly been reported to be sorely lacking. Is the government moving fast enough?
Does it need to do more? Clark: It does need to do more. It's in the process of doing more, and there's a
tremendous amount of public and private sector effort going into cybersecurity right now. Whether it's going to be

adequate or not is not the issue. There are many approaches to this problem that are mainly based on software, but
software is vulnerable. When you open up to communicate with the Web, when you bring in data and programs
from another source, when you bring in applications -- all that entails huge risks. It's dealing with those risks and
trying to gain the rewards of doing so that make it such a difficult proposition. Online banking was a novelty 20
years ago. Now, everything happens on the Internet. People pay their bills, they do business, they do their work
with customers. People don't fax documents any more if they don't have to -- they do webinars and briefings. All of
this exposes the opportunity for mischief. You don't know the source of the mischief. You don't know whether it's
individuals trying to solve a difficult technical challenge on their own or if they're connected to governments, or if
they're cells attached to governments -- and it's very difficult to pin down ... incoming probes to a source.
TechNewsWorld: While it's generally agreed that the next war may be a cyberwar, much of our infrastructure is
either hooked up to the Internet or in the process of being hooked up to the Internet. Electricity companies, for
example, are agitating for the use of smart meters. That being the case, and with hackers increasing the frequency
and sophistication of their attacks, does the increasing pace of hooking everything up to the Internet pose a real
security threat? Clark: We're going into completely digitized medical records, which could lead to a huge invasion
of privacy. It could also lead to things like blackmail and is physically dangerous because people can tamper with
records of vital signs, or can alter prescriptions. There's no telling just what could be done. Companies could lose
their supply chain management, lose their accounting records, lose their customer lists. Trying to rebuild this on

We are, as a
civilization, quite vulnerable to disruption , and this security problem doesn't just affect one nation
paper when we've all been interconnected on the Internet will cause years of economic decline.

but the whole global economic infrastructure. You can't conceive of the threats from the point of view of a
traditional war. Cyber-efforts are ongoing today; we're in a cyber-struggle today. We don't know who the adversaries
are in many cases, but we know what

global civilization.

the stakes are: continued economic vitality and , ultimately,