Beware the Unintended Consequences of Government Regulations around Cyber Security

This audio was created using Microsoft Azure Speech Services

Some big Internet companies made news recently with the announcement that they are urging President Obama to set limits on government surveillance. While on the face of it this may not seem like something Schneider Electric would be involved with, it’s an issue that is very much front and center for us as well as our customers.

As The New York Times reported on Dec. 9:

On Monday the companies, led by Google and Microsoft, presented a plan to regulate online spying and urged the United States to lead a worldwide effort to restrict it. They accompanied it with an open letter, in the form of full-page ads in national newspapers, including The New York Times, and a website detailing their concerns.

The story continues:

“People won’t use technology they don’t trust,” Brad Smith, Microsoft’s general counsel, said in a statement. “Governments have put this trust at risk, and governments need to help restore it.”

Apple, Yahoo, Facebook, Twitter, AOL and LinkedIn joined Google and Microsoft in saying that they believed in governments’ right to protect their citizens. But, they said, the spying revelations that began last summer with leaks of National Security Agency materials by Edward J. Snowden showed that “the balance in many countries has tipped too far in favor of the state and away from the rights of the individual.”

Now, Schneider Electric is not an Internet company per se, at least not in the same way as a Google, Microsoft or Yahoo. But our products are at the heart of much of the critical infrastructure that exists around the globe, including electrical distribution grids, SCADA networks for oil pipelines and utilities, hospital systems and much more. Naturally we embrace cyber security, for ourselves and our customers, but we are concerned that some of the rules being proposed to deal with security issues may impact these critical systems in unintended ways.

One proposal would prohibit certain departments of the U.S. government – such as NASA, the National Science Foundation and Dept. of Defense – from doing business with companies that are owned or majority controlled by the Chinese government. That could make it difficult to source parts that virtually any manufacturer may need for its products.

Other countries are proposing legislation that limits the flow of data across borders. For global companies like Schneider Electric, that could have an immediate effect on things like customer service. We maintain huge databases of customer information for things like warranties and our customer relationship management tools. If we’re forced to segregate those databases into geographic regions it makes it more difficult to effectively deliver service and information to our customers in a timely manner and to address their unique questions and business requests. The same can be said for any and all multinational organizations.

Such restrictions on the flow of data may also cause problems for the way Schneider Electric and others manage and monitor their networks. Many companies have long used “follow the sun” management policies, where staff working regular daytime hours manage faraway data centers during off-hours in those remote locations. That, of course, requires sending management data across national borders. If that practice is prohibited, it means companies will now need personnel 24×7 in each country where they have data centers.

The point is that our governments need to think long and hard about all the real and potential effects these proposed changes may have, effects that often are out of the scope of what the new regulations are intended to do.  The laws of unintended consequences have bitten more legislatures and governments throughout history that we have time to discuss.

Toward that end, Schneider Electric supports the efforts of groups such as the Information Technology Industry Council, DigitalEurope, and JEITA which have teams of experts offering sound advice on all sorts of issues, including cyber security. Check out these sites to learn more about all kinds of issues at the intersection of IT innovation and public policy.

Tags: , , , , , , ,