If you open almost any web page and right click, you’ll see an option to view the HTML source code.  Click on that option. Congratulations: by doing so, you could now be facing criminal prosecution in Missouri.

Missouri Gov. Mike Parson recently drew a wave of criticism for threatening to prosecute a journalist who responsibly and safely disclosed that some 100,000 individual social security numbers were publicly viewable on a state webpage. Parson accused the reporter of “attempting to embarrass the state” and cybersecurity Twitter had a field day at his expense.

While there’s a litany of lessons that could be derived from this situation—the need to reform federal hacking laws, the need for better data security and data privacy, the importance of not persecuting journalists in the course of their job—what we want to discuss here is the problem of technological illiteracy displayed routinely by our elected officials.

Technological illiteracy—not having a baseline knowledge of how technology works—at high levels of government makes the United States less digitally secure. It inhibits timely and effective oversight and legislation by Congress and state governments alike.

Traditionally, the solution to technological illiteracy in the government has been to insert technologists into government. Programs like the TechCongress fellowship are bringing more technologists into legislative spaces and pairing them with participating congressional offices. Additionally, industry experts are calling for the Federal Trade Commission to host more technologists, in the interest of effectively protecting consumer data privacy. At the state level, Missouri itself has passed legislation to incorporate expertise and weigh risks to state critical infrastructure by creating the Missouri Cybersecurity Commission. Initiatives like these are an opportunity for a “wide cross-section of experts” to bolster state cybersecurity posture.

But this is clearly not enough—especially when actions like the governor’s risk discouraging reporting and disclosing vulnerabilities. There is unfortunately a long history of individuals who responsibly warn about technological vulnerabilities and face employer retaliation. And it’s not like this was a sophisticated vulnerability: this type of flaw has been around for over 10 years.

So here’s our conclusion: technological illiteracy isn’t just about those who don’t understand the basics of computers, such as a member of Congress who asks a cringe-worthy technological question in a hearing or a grandparent who can’t find the Facetime button. The bigger challenge––especially in the higher levels of government––is understanding the role of cybersecurity in broader society, and finding a way to incorporate diverse cyber expertise and perspectives into decision-making.

Simply, cybersecurity is about securing our digital systems against unauthorized access. And doing so successfully requires us to respect not only the need for smart coders but also for experts on supply chains and logistics, human psychology and government policy, regulatory requirements, criminal law, sociology and more. And because no one can be an expert in everything, actually achieving digital security requires a lot of collaboration, information sharing, and, above all, humility.

In other words, the real solution to technological illiteracy may not only lie in action, but also in a new frame of mind. There will always be the technology—or person—who surprises us. Humility and collaboration will take us a lot further than mocking the current problem or worse, threatening it with criminal penalties.

Image credit: Sashkin

Featured Publications