Get Smart about Business Spending
As the executive director of the Cyber Security Industry Alliance, a consortium of CEOs pressing for more-effective cybersecurity legislation, Kurtz is hoping to make sure any new regulations carry real weight. And since the 41-year-old Kurtz's resume includes a stint on the White House's National Security Council, as well as a period as senior director for national security at the Office of Cyberspace Security, it's a good bet that he'll find an audience willing to hear him out.
Kurtz helped develop the international component of the National Strategy to Secure Cyberspace, as a member of the President's
Unlike industry efforts that have criticized the government for doing too little, or policy groups that have called for action and failed to consider the implications of technology-oriented legislation, Kurtz is looking for middle ground. The security expert believes that by helping the government see the big picture, tech-wise, and aiding politicians in writing laws that have real teeth against cybercriminals, true progress against the tide of online threats can be made.
Earlier this month, CNET News.com caught up with Kurtz com to hear his ideas on where CSIA's battle for better cybercrime legislation currently stands.
Q: Why do you think the CSIA will have an audible voice among the many parties pushing for cybercrime law reform?
Kurtz: Before our group was formed, there really wasn't any organization that was focused on (cybersecurity) policy issues full time. People were following worms and viruses, and talking about best practices, but nobody was really following the legislative agenda on Capitol Hill or developments within the executive branch on a regular basis.
And we're looking in the states as well. We're CEO-driven, which makes us unique as well. We have top-level involvement from our corporate members, not just a passing interest.
The CSIA seems to be looking at spyware legislation quite a bit. Why is that work so important right now?
Kurtz: There is a real concern on the part of the industry to combat spyware. There are so many sites with different forms of adware that download malicious software and tools to people's computers and that are hard to uninstall. The interesting piece is that the adware people are beginning to get concerned and threatening to sue people who try to uninstall spyware, which they claim end-users have agreed to license and load.
Has any progress been made in creating a more comprehensive definition?
Kurtz: It's hard to say. One person's definition tends to differ from someone else's. Some people find a cookie very intrusive, while some people don't find it problematic. But we're talking about the truly malicious stuff--keystroke loggers, software that can't be uninstalled, or programs that take down your system when you try to take them off.
It's really important to make sure that our case is heard in regard to spyware, what our firms are dealing with and how they're trying to protect consumers. Our job is engaging Congress as it is contemplating legislation and making sure that they're working with industry all the way.
We've seen some companies known as spyware sources trying to be more open about their business practices. How do you balance protecting these companies' rights with your efforts to protect consumers?
Kurtz: There are a variety of ways to approach this problem. We're working with the Center for Democracy and Technology, which has pulled together a working group to examine this issue. And this effort includes not only the anti-spyware vendors, but also folks like ISPs and search engines, as well as consumer protection advocates. I think there is a need to look at this stuff in a comprehensive context.
So there is room for legal spyware, if you could call it that?
It has to be made clear to companies that if your software does certain things, then it is going to get blocked. It won't necessarily be easy to do this, but we need to make it clear to the adware people what sort of behavior won't be tolerated.
Clearly, there are some adware companies out there that are trying to do this the right way. The effort isn't about demonizing the entire
See more CNET content tagged:
legislation, government, law, spyware, adware
I refer to Paul Kurtz's comments below:
***********************************************
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia--where a lot of this stuff is coming from--to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
*************************************************
I'm from Singapore and I strongly disagree that Singapore is "where a lot of this stuff is coming from". Please see the difference between Malaysia, Indonesia, Philippines AND Singapore.
Singapore is an island state with a strong and fair legal framework. We have a certain level of technological capability too.
BUT it is most unreasonable to label Singapore as a source where spyware writers/host are from. In fact Singapore takes a very serious stance on cybercrime. How many spyware, virus, worm were ever traced to Singapore? I believe none so far.
Asia may be a region where spyware writers come from, but pls do differentiate the difference between each country. I would welcome you visit Singapore one day and experience for yourself the uniqueness of Singapore and the culture we have. I'm sure you will not find cyber rogue as part of our society.
Cheers
Soo Koon
I refer to Paul Kurtz's comments below:
***********************************************
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia--where a lot of this stuff is coming from--to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
*************************************************
I'm from Singapore and I strongly disagree that Singapore is "where a lot of this stuff is coming from". Please see the difference between Malaysia, Indonesia, Philippines AND Singapore.
Singapore is an island state with a strong and fair legal framework. We have a certain level of technological capability too.
BUT it is most unreasonable to label Singapore as a source where spyware writers/host are from. In fact Singapore takes a very serious stance on cybercrime. How many spyware, virus, worm were ever traced to Singapore? I believe none so far.
Asia may be a region where spyware writers come from, but pls do differentiate the difference between each country. I would welcome you visit Singapore one day and experience for yourself the uniqueness of Singapore and the culture we have. I'm sure you will not find cyber rogue as part of our society.
Cheers
Soo Koon
- One time, re-usable passwords
- by s0ndra May 16, 2005 6:08 AM PDT
- Retool the password for one-time reuseable passwords and secure access to any computer, ATM, cell phone forever. SJS:)
- Reply to this comment
-
(4 Comments)