3:35 PM -- Here on Election Eve, I'm all for the party system. Love 'em or hate 'em, both Democrats and Republicans have carved out some pretty stark contrasts between themselves over the last few weeks, and that's a good thing. I'm pretty clear now about their differences on the issues -- though I'm still a little hazy on which is the party of the lecherous, insensitive, cheating racists. But that's a topic for another blog.
I think it's great that groups have differences -- that's how we learn about our choices and which path we want to take. What really bothers me, though, is when everyone agrees on the general direction, and there's still so much confusion and disjointed activity that nothing gets done. And when it comes to computer security, that sort of confusion seems to happen a lot.
The U.S. Congress, for example, agrees that identity theft is bad and that consumer privacy is good. Yet, representatives on both sides of the aisle have introduced more than a dozen pieces of legislation related to computer fraud and privacy in the last year, and not one of them has made it out of committee. How hard is it to agree on a single bill that would crack down on data theft and the protection of sensitive end user information? Apparently, a lot harder than you think.
And the problem isn't limited to the U.S. Last week, six major regional anti-spam initiatives joined to announce the initiation of the StopSpamAlliance, a global coalition designed to help harmonize the various regional efforts against spam. (See Anti-Spam's United Nations) But the group seems unclear on exactly how it will work together, and at least one major U.S. anti-spam initiative, the Anti-Spam Technical Alliance, was left out. Again, the goal is clear, but the efforts are confused and disjointed.
Think we'd be better off if we just left government out of these security efforts? Well, that's what has largely happened in the phishing space, and the results aren't much better. The Anti-Phishing Working Group defines "crimeware" on one day, while PhishTank offers its own data on another day, and the Phishing Incident Report Squad launches a new project on a third day -- all within two weeks of each other. (See 'Crimeware' Defined and A First Look Into the PhishTank.) Sound familiar? Same general goal, being pursued simultaneously by three organizations that don't appear to be talking to each other.
While all of these efforts are going on, computer criminals are winning the war. Phishing, spam, and identity theft are at all-time highs. There are more than enough gaps in our defenses to be exploited, and there are enough loopholes in the laws to make these vulnerabilities attractive lines of business for both casual hackers and organized crime.
As you go to the polls tomorrow, then, ask not just how the parties will work out their differences on issues where they don't agree, but how they will get something done on the issues where they actually do agree. If anything positive is going to be done about computer security, they'll need to answer that second question first.
Now you'll have to excuse me. I've still got to figure out which candidate in my area is the heartless pervert and which one is the immoral dunderhead.
Tim Wilson, Site Editor, Dark Reading