Sunday, October 30, 2005

Web Threats Do Keep Users Away

According to Matt Hines, reporting a study by Consumer Reports WebWatch in eWeek on October 26, "U.S. Internet users are cutting back on the hours they spend online, shunning e-commerce and refusing to give out personal information as a result of the rising tide of Web-based crimes related to identity theft...As a result of those concerns, at least 30 percent of the 1,500 people interviewed for the survey said they have reduced the amount of time they access the Internet." See Web Threats Keep Users Away

And we are not surprised. We have predicted this for several years, and will go on predicting it until there is a major improvement in standards of conduct on the Internet. Of course, that is unlikely to happen unless there is an improvement in standards of conduct in society in general, which is unlikely to happen while so many public figures continue to act in such a shameless way (think Martha Stewart, Richard Scrushy, Bernie Ebbers, the Rigas, Dennis Kozlowski and Mark Swartz, sixteen Enron executives and counting). It's not just the crimes these people have committed, it's the way so many of them have tried to shrug off their misdeeds, or deflect punishment by professions of faith, or cheerfully gone on with their lives, with no apology to the millions of people whose lives they damaged.

Anyone who thinks this behaviour has no effect on the moral standards of today's children, who are the Internet miscreants of tomorrow, probably hasn't tried raising kids recently.


Monday, October 24, 2005

An "Activist Judge" Gets Security Right

I don't know if U.S. District Judge Royce Lamberth fits the current definition of "activist judge" but he recently acted in what I consider to be an admirable way by pro-actively preventing computer security problems. On October 20 he ordered the U.S. Interior Department "to disconnect from the Internet all computer equipment holding data related to trust accounts it manages for American Indians, a decision that could cripple large sections of the agency's computer network."

While this is only the latest in a long saga of actions and responses between Judge Lamberth and the Interior Department, it is a timely reminder of what life would be like if networks were not allowed to be connected to the Internet unless they could prove, to the satisfaction of independent experts, that there were secure. In the latest security review "investigators testified they would give the department's computer security an 'F' grade or "one notch lower than an 'F' ... a 'G.'"

But that is not the most alarming fact in this story. The failing grade came after the department had spent $100 million on security improvements.

And for those who think government agencies are, by their nature, wasteful and incompetent, I am willing to bet there are Fortune 500 companies out there that would fail the same test.


Friday, October 07, 2005

Dataflation Column Published

Okay, I took two months off (that's why I called it a non-blog).

Finally, Information Security Magazine published my column on dataflation (in the Perspectives column in the October 2005 issue). An expanded version is also available online here.

Hopefully it will spark some debate about how we cope with the steady unravelling of our secrets and the security they provide.