The Web: Dealing with cyber-crime

CHICAGO, Feb. 16 (UPI) -- Leading technology executives are pressing the White House to create a commission on cyber-crime, hoping the panel can develop solutions to vexing computer problems, such as spam and identity theft, but skeptics told UPI's The Web if developers would build better and more secure products, the problems of cyber-security would become less severe.

Executives from Adobe Systems, Dell, Hewlett-Packard, IBM and Microsoft, among others, last week met with White House science adviser John Marburger, as well as with officials from the Office of Management and Budget and the U.S. Department of Commerce to discuss the subject.

"We believe that a new commission is the proper venue to address these threats," Robert Holleyman, president and chief executive officer of the Business Software Alliance, an industry group, said in a statement. "Consumers who rely on the conveniences and benefits of online technologies are increasingly faced with a number of problems, including spam and identity theft. These crimes are no longer the province of mischievous, attention-seeking amateurs, but increasingly of organized professional criminals, motivated by profit."

Skeptics agree computer security is an increasing problem, but note better security should start with the software and hardware developers themselves.

"We don't let car companies build exploding cars anymore," said Tom Rowley, CEO of Preventsys Inc., a maker of enterprise security solutions in Carlsbad, Calif. "Sooner or later, we should not let companies build unsafe software."

Rowley, who formerly was with the National Security Agency, the federal government's electronic spy organization, told The Web he thinks the real problem with software security is "software is not secure. Companies have to look at themselves, truthfully, and say, 'I am the problem here.'"

Others agreed that trying to regulate computer criminals may not be the solution to the rise in IT security problems caused by the Internet.

"The U.S. government can't even defend its own networks from attack," said Josh Daymont, vice president of research at SecureWorks Inc., an Internet security company in Atlanta. "Corporate America is barking up the wrong tree."

Another vocal critic, Brian Olson, director of marketing communications at Video Professor Inc. in Lakewood, Colo., said his company favors better enforcement of existing laws, not the creation of a new government body.

"Another commission is like taking aspirin for open heart surgery," Olson told The Web.

A recent survey showed that cyber-security is an increasing concern for corporate management. The study, prepared by the Business Software Alliance and the Information Systems Security Association, indicated 76 percent of companies recognize improved security could provide a competitive advantage.

Moreover, the study, based on 850 interviews and released Feb. 14, showed that during the last year, 44 percent of companies have made security a concern for senior management, an increase of 12 percent from a year ago.

"Awareness and action are replacing fear," Holleyman said.

A recent report by the Federal Trade Commission indicates ID theft is a growing problem. Another report, by Deloitte & Touche, a consulting company in New York City, predicts digital crime will "rapidly increase" in 2005, driven by the huge growth in networking and connectivity of devices, from PCS to mobile phones and digital music players, which creates an environment where viruses have more opportunity to spread.

Advocates of the cyber-crime commission last week held a news briefing in Washington, D.C., and indicated the proposed commission, far from being ineffective -- as feared by the skeptics -- could serve a real purpose. The backers of the idea claim the commission could raise the profile of cyber-security as a national issue and lead to the introduction of international treaties and national legislation.

One data-encryption-software vendor told The Web the proposed commission could be worthwhile.

"I do believe that such a commission would be valuable so that technology laws and standards have a governing body as a central, empowered, knowledgeable, educated and legislatively responsible entity," said Walter Loiselle, vice president of U.S. operations and technology at Utimaco US in Foxboro, Mass. "Much of what is being bantered about in the press and government comes from subjective -- not necessarily objective -- sources and many of our politicians that make the laws grew up in a time when correction ribbons for typewriters weren't even thought of. If we are to properly set out an approach for dealing with such technical and modern challenges, then let's do it properly."

A study released last month by Javelin Strategy & Research and the Better Business Bureau indicated the risks of ID theft may be exaggerated, because most ID theft is perpetrated by someone who already knows his or her victim. The researchers called their findings "somewhat unexpected."

Rowley said he thought the solution to Internet security was to make the companies that produce hardware and software subject to strict product-liability laws, so if they build products susceptible to viruses or hackers, they would be held liable.

"Let's deal with the root causes," said Rowley, who admitted his proposal will not make him very popular in Silicon Valley. "We should go to the software companies, go to the ISPs (Internet Service Providers) and require some government oversight there. I'm not in favor of the government driving the economy, but this is like health and safety -- if you build something, you must make it safe."

--

Gene Koprowski is a 2004 Winner of a Lilly Foundation Award for journalism for this column for United Press International. He covers telecommunications technologies for UPI Science News. E-mail: sciencemail@upi.com