Is it time to designate social media as ‘critical infrastructure’?

Our nation runs on “critical infrastructure.”

For those not familiar with the term, there are 16 sectors — including communications, health, banking, energy, and transportation — deemed so vital to the security and effective operations of our nation that they bear the official critical infrastructure designation.

We believe social media has reached the stage where it should now be designated as critical infrastructure.

Why? Just consider some of the most recent news. The Twitter hacks of July 15, 2020, targeting accounts of well-known national figures including Joe Biden, Elon Musk, and leaders at Twitter, Uber, Apple, and other companies are simply part of a long history of security breaches and scandals targeting social media platforms.

While the bitcoin scam had relatively little real-world impact, national security experts were alarmed — a more coordinated attack could have caused significant disruption to financial institutions, election integrity, or national security.

For better or worse, social media platforms that were originally developed for sharing vacation photos, restaurant hot spots, and celebrity gossip are increasingly being used at the very highest levels of our government to disseminate vital information and even diplomatic communications in real time.

And social media is also where more than half of adults in the United States get their news, according to a 2019 study by Pew Research Center. All of this begs the question: Are social media platforms — and the integrity of the data therein — a strategic national asset?

If they are, we should treat them with much more gravity.

We can begin by designating them as critical infrastructure.

After the 2016 elections were attacked, we created a new critical infrastructure subsector: elections. There’s no reason we can’t do it again, naming social media platforms as a subsector of the communications sector, or potentially establishing a new internet services sector.

Why would this matter?

It would create a structure for a proactive, ongoing dialogue between social media platforms and the federal government and help avoid reactive, precipitous regulation.

The 1996 Communications Decency Act incorporated important freedom-of-speech terms for Internet Service Providers (ISPs), with section 230 stipulating that “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

It made sense in 1996 to think about ISPs as mere computer connections. But are social media platforms the same thing as computer connections, or more like publishers? Going further, perhaps they are something new entirely? Social media influencers can disseminate information with speed and scale never fathomed by the electronic bulletin boards hosted by the dial-up ISPs of 1996.

Internet access itself is a necessity — in essence, a utility — irrespective of the content transmitted through it. Social media moves beyond technical connectivity into the realm of substantive impact on people’s opinions, lives, and public engagement.

If we acknowledge that free speech intersects on social media with criminal hackers and foreign influence operators intent on manipulating it, then we should also take a hard look at the Department of Homeland Security’s definition of critical infrastructure and decide if it should be applied to the most widely used social platforms. In short: “assets… considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.”

If social media is designated as critical infrastructure, social media companies would need to develop and adopt a common set of cybersecurity norms, including more systematic protections against insider threats. These platforms already use a wide range of techniques to manage the spread of content that violates their terms of service. But with a common framework, they could do so with greater transparency and accountability. There will undoubtedly be thorny First Amendment implications that many people will find extremely controversial — but let’s air that controversy and decide as a nation what we expect from our virtual town squares.

As with so many of the outdated rules governing our digital world, the pace of technological innovation often outstrips consideration of the legal and policy ramifications. Both the normative and the regulatory environment surrounding social media warrant close scrutiny. Let’s dive in and have those hard conversations before someone — or someone pretending to be someone else — declares war in 280 characters.

Dr. Charles Clancy is senior vice president, general manager, MITRE Labs, and chief futurist.

Emily Frye is a cyber law expert at MITRE and senior fellow with the Auburn University McCrary Institute.