94  PRIVACY IN A CYBER AGE

           One report estimates that 508,000 American jobs have been lost due to
                     4
           cyber crime.  General Keith Alexander, until recently the director of the
           National Security Administration and commander of the U.S. Cyber
           Command, has estimated that economic espionage, including the kind
           practiced by Chinese and Russian hackers, represents “the greatest transfer
           of wealth in history.” 5
              No industry is immune: cybersecurity firm Mandiant estimated in 2006
           that cyber attacks tied to China’s People’s Liberation Army (PLA) alone
           targeted twenty separate, major industries including telecommunications,
                             6
           energy, and aerospace.  Even Google—arguably one of the most sophisti-
           cated companies in the world with regard to computer networks—fell vic-
           tim to a complex hack that originated in China, during which the hackers
           “appropriated some of Google’s search engine source codes, a vital piece of
           intellectual property.” 7
              These estimates of losses do not include the legal costs of data breaches
           and those resulting from consumer confidence; moreover, companies are
           often forced to pay fines when their cybersecurity measures fail to pro-
           tect consumer information. Heartland Payment Systems, for example, was
           slapped with $150 million in fines and legal costs that stemmed from a
           2007 cybersecurity breach in which more than 100 million credit and debit
                                                   8
           card numbers were illegally obtained by hackers.  One research institute
           estimated that malicious attacks cost American firms $277 per customer or
           user whose information was put in jeopardy by a company’s cybersecurity
                 9
           failures.  Nevertheless, many corporations resist introducing many of the
           cybersecurity measures recommended by the U.S. government.


                      B. Reasons for Weak Private Sector Response

           The private sector’s reluctance to adopt strong cybersecurity measures is
           driven by a combination of principles and practical concerns. Four of the
           most frequently articulated arguments against government mandated pri-
           vate sector cybersecurity standards follow.
              First, significant segments of the private sector consider proposed
           requirements to introduce cybersecurity measures to be an additional
           form of government regulation. The Business Software Alliance opposes
                                                 10
           placing “undue regulatory burdens on industry,”  and the U.S. Chamber of
           Commerce opposes “legislation establishing regulatory-based cybersecu-
                       11
           rity standards.”  The Heritage Foundation opposed the same bill because
           it would “create a cumbersome regulatory process.” These and other cor-
           porate leaders and economically conservative commentators adhere to the
           laissez-faire and libertarian principles that private enterprise has a right