“The Internet’s pioneers hardly envisioned the dramatic growth and transformation that characterize today’s Internet. A relative lack of regulation accelerated early digital innovation,” wrote Jamil N. Jaffer and Megan Stifel for the Lawfare Blog.

“[The Regulatory Transparency Project’s Cyber & Privacy Working Group’s paper titled Regulators in Cyberiahighlights five examples that illustrate the hazards that can result when regulations predating the Internet revolution make first contact with the economic and social opportunities unleashed by interconnected technologies. Among other things, they demonstrate that the impact of Moore’s Law—the doubling of computer processing power every 18-24 months—makes regulation a particularly weak tool to achieve policy objectives, including privacy and security, arguing instead that in a rapidly changing technological environment, these goals can often be most effectively met through the use of market incentives. In recent years, the specter of regulation has threatened the viability of the sharing economy and the broad availability and export of cybersecurity products and could hamper the rapid innovation that currently characterizes the evolution of the so-called ‘Internet of Things.'”

Jaffer holds a number of positions, including Adjunct Professor of Law and Director of the Homeland and National Security Law Program at the George Mason University School of Law. He is VP Strategy & Business Development with IronNet Cybersecurity. Stifel is a Nonresident Senior Fellow with the Cyber Statecraft Initiative at the Brent Scowcroft Center on International Security and Founder of Silicon Harbor Consultants. Both contributed to the Regulators in Cyberia white paper, along with five other experts.

The paper itself says it illustrates the “negative and sometimes unintended consequences that regulations can have” America’s technology sector. “In many situations, there is no regulatory option that satisfies Goldilocks’ preference of being ‘just right’ because the newness of the service or product makes it impossible to know what ‘just right’ is.”

“Like the Hippocratic Oath, regulators first instinct should be to do no harm. The technology sector has generated and will continue to generate new solutions, new innovations, jobs, wealth, and a better quality of life for all if it is handled with care. The industry grew rapidly because it operated in a space with few rules or restrictions. We are all beneficiaries of that. While regulations provide certain social goods, outside of lobbying shops and law firms, they generally do not create jobs and unleash innovation. This means that regulators need to steal a page from the cyber innovators’ playbook – start small, be transparent, and adjust as needed.”


Jaffer will give the kick-off address — The Public-Private Partnership: How it Works … or Should! — at our upcoming Cyber Sector Risk Forum on Critical Infrastructure on April 25, 2018, in New York. Learn more. 

Tom Hagy