Re: "Clickbait policy-making"

[Mara Tam <marasawr () gmail com>]

Dave’s not wrong about this. Cyber policy suffers horribly from the fact that it is disproportionately informed by 
popular press (i.e. clickbait).

The American Academy of Arts and Sciences recently published a collection titled ‘Governance of Dual-Use Technologies : 
Theory and Practice’.[1] This collection covers nuclear technologies, biological technologies, and IT / ‘cyber 
weapons'. If you read all three sections, it becomes very clear that one of these things is not like the other.

*Number of citations from popular press in each section*
Nuclear : 2/143
Bio : 3/125 
Cyber : 27/110

You are not imagining things; we really are getting top-tier policy analysis of the cyber domain in which a plurality 
of sources are clickbait. N.B. I did not count blogs (researcher, vendor, or other) as ‘popular press’; doing so would 
have pushed the proportion from 25% closer to 40%. There is a further quality distinction among nuclear and bio vs 
cyber. You will not find the Daily Mail cited in a policy paper about dual-use biological or nuclear technologies, but 
cyber? Absolutely. That happens.

This is why we can’t have good policies, or often even good policy discussions. Popular press – including tech press – 
reporting on the cyber domain is frequently riddled with errors and rife with speculation. This is equally true of 
nuclear and biological technologies, but we’re not crafting civil nuclear agreements based on information from that 
Wired article you read last year. We don’t do this elsewhere, and should not tolerate it in cyber. 

-Mara
__________
[1] The Academy has been around since 1780, and is generally considered to be pretty legit. 
https://www.amacad.org/multimedia/pdfs/publications/researchpapersmonographs/GNF_Dual-Use-Technology.pdf 
<https://www.amacad.org/multimedia/pdfs/publications/researchpapersmonographs/GNF_Dual-Use-Technology.pdf>

> On 28 Jul 2016, at 16:01, dave aitel <dave () immunityinc com> wrote:
>
> https://na-production.s3.amazonaws.com/documents/Bugs-in-the-System-Final.pdf 
> <https://na-production.s3.amazonaws.com/documents/Bugs-in-the-System-Final.pdf>
> Look, I'm sure these (Andi Wilson, Ross Schulman, Kevin Bankston, Trey Herr) are all good people:<authors.PNG>
>
> But I want to point out that you cannot make good policy recommendations based on clickbait news articles you've 
> happened to have read over the years on a subject that is under a ton of covert protection, especially when none of 
> you have any personal experience in the field (and even if you DID!). If you want to, even a little bit, claim that 
> the vulnerability market poses the kind of danger this paper claims, then you have to say exactly what percentage of 
> this so called "stockpile" gets used in the wild by our adversaries. And you have to say why you think that 
> percentage is too high. Without that data, you have "unsupported opinions", or as Joe Biden would say, "malarkey". 
> I'm not even going to go into how "theoretical" their musings on market behavior in this space are, because this 
> whole policy paper is trash without any data to back it up.
> -dave
>
>
> <notdata.PNG>
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave