Zero Day Exploits — Can We Control the Arms Race? By Sonecon Managing Partner Paul Stockton

Zero Day Exploits — Can We Control the Arms Race? By Sonecon Managing Partner Paul Stockton

April 14, 2014

Yesterday, a new stage of the “roaring debate” over cyber policy made the news, thanks to David Sanger of the New York Times. He revealed that the U.S. government is now one of the biggest purchasers of information about “zero days,” which are software coding flaws that can be used by cyber criminals to penetrate computers and (potentially) wreak havoc on the power grid, financial institutions, or other infrastructure sectors.

When the government identifies a zero day, Sanger reported, the Obama Administration will ordinarily recommend that the vulnerabilities be disclosed so software manufacturers and users can patch them. However, because cyber weapons that exploit zero days can have such devastating effects, the Administration has also decided to keep knowledge of them secret when there is “a clear national security or law enforcement need” to do so.

The United States is one of many buyers in the thriving, unregulated marketplace for zero day exploits, which Michele Goldman and I recently analyzed in Curbing the Market for Cyber Weapons. Russia, China, North Korea, and Iran also eagerly purchase the zero days that hackers sell in this market to any client with the cash, no questions asked.

On balance, allowing this free-for-all cyber weapons bazaar to flourish weakens our national security. Our government gets to purchase powerful zero days, but so do our potential adversaries, who can use them to attack our critical infrastructure and other networks. As more and more nations (and non-state actors such as Al Qaeda) gain access to cyber weapons they could never build on their own, helping the zero day market flourish by sustaining U.S. purchases in it is a dangerous strategy.

The more difficult question is what the United States can do to clamp down on this market. Unilateral disarmament makes no sense: as long as potential adversaries are in the game, stopping our own purchases would be counter-productive. Instead, the Obama Administration should explore how international agreements might be forged to limit the zero day market, and how stronger invectives can be created for software manufacturers to eliminate zero day exploits before our adversaries find them. Both opportunities for progress are examined in Curbing the Market for Cyber Weapons.



Republicans Maintain Hard Opposition to Obamacare at Their Own Political Peril

April 2, 2014

The political struggle over Obamacare has reached a critical inflection point as real events have overtaken its opponents’ basic arguments. That opposition has always drawn on doubts about the public’s real interest in a federal guarantee to health insurance and their tolerance for a mandate to enforce it. After the program’s fitful start, it is now clear that large numbers of Americans are prepared to spend considerable time and money to sign on. The Rand Corporation estimates that 9.5 million people who had no coverage a month or a year ago now do, thanks to the Affordable Care Act (ACA).

In my analysis of the data, I found that the newly-insured number at least 7.8 million and as many as 10.9 million. And if the governors and legislatures in 24 states had not inexplicably turned down the ACA’s Medicaid expansion — a decision three of those states are reconsidering — the number of newly insured today would range from 11 million to 14 million.

These numbers create a political inflection point, because the program’s demonstrated appeal renders it simply impossible to repeal. Arguing against a new federal benefit is an easy political challenge for conservatives. By contrast, withdrawing a benefit that millions already depend on is a, at best, herculean task. Just try to imagine any future Congress or President actually withdrawing practical access to medical coverage from millions of moderate-income families, millions of young adults covered by their parents’ policies, and millions of more people with preexisting medical conditions.

Moreover, this political inflection point will strengthen not only as more people enroll, but also, and even more important politically, as Obamacare generates benefits for everyone else. To begin, surveys show that several million people would like to change jobs, but stay where they are, out of concerns about losing their healthcare coverage. Now, they can do as they like — and the enhanced labor mobility should help the economy.

More important, by enrolling large numbers of previously-uninsured people, Obamacare should slow increases in everyone’s insurance premiums — or even lower premiums. As countless studies have shown, most people without coverage get their medical care in emergency rooms.  Since they usually cannot pay the bills for that care, hospitals pass along those costs through higher charges on everyone else, which in turn leads to higher insurance premiums. The ACA not only will relieve some of those direct pressures on premiums; its mandated coverage will also generate more income for insurers, further easing upward pressures on premiums.

This would be very good news for the American economy. Over the last decade, healthcare coverage has been the single, fastest-rising cost for most U.S employers. But as globalization has intensified competition, many of those employers have found themselves unable to pass along their higher healthcare costs by simply raising their prices. Their only recourse, as I have written many times, has been to cut other costs — beginning with jobs and wages. In the end, therefore, the ACA could contribute to broader gains in employment and incomes — and that could produce a political inflection point that could support political realignment.