(continued from previous page)
handle on that. We have to know what that nexus is. One of the individuals implicated in the Bali terrorist bombings released a book, and the last chapter talked about using cyberfraud as a means to fund
Can I draw a direct line between all that right now? I can't. But we need to put two and two together and begin to figure out ways to make sure this isn't going to happen.
So the threat is real, and people should worry about it?
Kurtz: Right now, I think it's mainly a threat to consumers. It's a threat to e-commerce in how much money is being lost because of cyberfraud. And then there's the idea that it could be a threat to national security. But I don't want to cast cyberfraud specifically in terms of a homeland security issue. If you do that, you make the mistake of thinking that this is all Uncle Sam's problem.
There is some good news, in terms of ISPs doing a better job of protecting consumers. There are a lot of things that private industry can do as well as consumers. But the government does have a lot on its plate to consider.
Microsoft recently filed 117 suits against phishers, and one of the main reasons they did so was to find out who the people running these sites were. Should others follow suit?
If you look at the ability of federal law enforcement to respond to these issues or handle complaints, frankly what happens at the Federal Trade Commission is that all these complaints go into a central database, and that is searched to find patterns in behavior. The cases or individuals that prove to be most problematic get passed on to law enforcement to pursue. That leaves the average consumer with not much that they can do, and not a lot of recourse. As a result, I think that Microsoft's move is not a bad idea.
The recent consumer data losses at ChoicePoint and elsewhere are getting a lot of coverage, and generating legislation. What is CSIA doing to that end?
Kurtz: We're looking at the various legislation that's already been proposed, and we're trying to lay out some of the technical issues and how companies can be smarter about securing such large volumes of data. We're also going to come out with a list of recommendations for Congress to consider. For example, looking at the existing requirements out there, in pieces of legislation such as HIPAA (the Health Insurance Portability and Accountability Act), and how those are working, before new requirements are created.
At the end of the day, we are going to see legislation addressing data warehousing issues and protection of personably identifiable information. In this context, as Congress pulls together a framework, we want to talk about the technical solutions that are available.
Technical solutions are available to secure and protect data. Again, it's not a panacea, but as Congress considers new laws, it's important that they're given all the right information to consider.
See more CNET content tagged:
legislation, government, law, spyware, adware
I refer to Paul Kurtz's comments below:
***********************************************
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia--where a lot of this stuff is coming from--to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
*************************************************
I'm from Singapore and I strongly disagree that Singapore is "where a lot of this stuff is coming from". Please see the difference between Malaysia, Indonesia, Philippines AND Singapore.
Singapore is an island state with a strong and fair legal framework. We have a certain level of technological capability too.
BUT it is most unreasonable to label Singapore as a source where spyware writers/host are from. In fact Singapore takes a very serious stance on cybercrime. How many spyware, virus, worm were ever traced to Singapore? I believe none so far.
Asia may be a region where spyware writers come from, but pls do differentiate the difference between each country. I would welcome you visit Singapore one day and experience for yourself the uniqueness of Singapore and the culture we have. I'm sure you will not find cyber rogue as part of our society.
Cheers
Soo Koon
I refer to Paul Kurtz's comments below:
***********************************************
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia--where a lot of this stuff is coming from--to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
*************************************************
I'm from Singapore and I strongly disagree that Singapore is "where a lot of this stuff is coming from". Please see the difference between Malaysia, Indonesia, Philippines AND Singapore.
Singapore is an island state with a strong and fair legal framework. We have a certain level of technological capability too.
BUT it is most unreasonable to label Singapore as a source where spyware writers/host are from. In fact Singapore takes a very serious stance on cybercrime. How many spyware, virus, worm were ever traced to Singapore? I believe none so far.
Asia may be a region where spyware writers come from, but pls do differentiate the difference between each country. I would welcome you visit Singapore one day and experience for yourself the uniqueness of Singapore and the culture we have. I'm sure you will not find cyber rogue as part of our society.
Cheers
Soo Koon
- One time, re-usable passwords
- by s0ndra May 16, 2005 6:08 AM PDT
- Retool the password for one-time reuseable passwords and secure access to any computer, ATM, cell phone forever. SJS:)
- Like this Reply to this comment
-
(4 Comments)