Re: afain, the market fails

In article <1246558907.315119@xxxxxxxxxxxx>,
awouk@xxxxxxxxxxxxxxxxx (arthur wouk) wrote:

July 2, 2009


Defend America, One Laptop at a Time

By JACK GOLDSMITH

Cambridge, Mass.

OUR economy, energy supply, means of transportation and military defenses
are dependent on vast, interconnected computer and telecommunications
networks. These networks are poorly defended and vulnerable to theft,
disruption or destruction by foreign states, criminal organizations,
individual hackers and, potentially, terrorists. In the last few months
it
has been reported that Chinese network operations have found their way
into
American electricity grids, and computer spies have broken into the
Pentagon's Joint Strike Fighter project.

Acknowledging such threats, President Obama recently declared that
digital infrastructure is a "strategic national asset," the protection of
which is a national security priority.

One of many hurdles to meeting this goal is that the private sector owns
and
controls most of the networks the government must protect. In addition to
banks, energy suppliers and telecommunication companies, military and
intelligence agencies use these private networks. This is a dangerous
state
of affairs, because the firms that build and run computer and
communications
networks focus on increasing profits, not protecting national security.
They
invest in levels of safety that satisfy their own purposes, and tend not
to
worry when they contribute to insecure networks that jeopardize national
security.

This is a classic market failure that only government leadership can
correct. The tricky task is for the government to fix the problem in ways
that do not stifle innovation or unduly hamper civil liberties.

Our digital security problems start with ordinary computer users who do
not
take security seriously. Their computers can be infiltrated and used as
vehicles for attacks on military or corporate systems. They are also
often
the first place that adversaries go to steal credentials or identify
targets
as a prelude to larger attacks.

President Obama has recognized the need to educate the public about
computer
security. The government should jump-start this education by mandating
minimum computer security standards and by requiring Internet service
providers to deny or delay Internet access to computers that fall below
these standards, or that are sending spam or suspicious multiple computer
probes into the network.

The government should also use legal liability or tax breaks to motivate
manufacturers -- especially makers of operating systems -- to improve
vulnerability-filled software that infects the entire network. It should
mandate disclosure of data theft and other digital attacks -- to trusted
private parties, if not to the public or the government -- so that firms
can
share information about common weapons and best defenses, and so the
public
can better assess which firms' computer systems are secure. Increased
information production and sharing will also help create insurance
markets
that can elevate best security practices.

But the private sector cannot protect these networks by itself any more
than
it can protect the land, air or water channels through which foreign
adversaries or criminal organizations might attack us. The government
must
be prepared to monitor and, if necessary, intervene to secure channels of
cyberattack as well.

The Obama administration recently announced that it would set up a
Pentagon cybercommand to defend military networks. Some in the
administration want to use Cybercom to help the Department of Homeland
Security protect the domestic components of private networks that are
under
attack or being used for attacks. Along similar lines, a Senate bill
introduced in April would give the executive branch broad emergency
authority to limit or halt private Internet traffic related to "critical
infrastructure information systems."

President Obama has tried to soothe civil liberties groups'
understandable
worries about these proposals. In the speech that outlined the national
security implications of our weak digital defenses, the president said
the
government would not monitor private sector networks or Internet traffic,
and pledged to "preserve and protect the personal privacy and civil
liberties we cherish as Americans."

But the president is less than candid about the tradeoffs the nation
faces.
The government must be given wider latitude than in the past to monitor
private networks and respond to the most serious computer threats.

These new powers should be strictly defined and regularly vetted to
ensure
legal compliance and effectiveness. Last year's amendments to the
nation's
secret wiretapping regime are a useful model. They expanded the
president's
secret wiretapping powers, but also required quasi-independent inspectors
general in the Department of Justice and the intelligence community to
review effectiveness and legal compliance and report to Congress
regularly.

Many will balk at this proposal because of the excesses and mistakes
associated with the secret wiretapping regime in the Bush administration.
These legitimate concerns can be addressed with improved systems of
review.

But they should not prevent us from empowering the government to meet the
cyber threats that jeopardize our national defense and economic security.
If
they do, then privacy could suffer much more when the government reacts
to a
catastrophic computer attack that it failed to prevent.

Jack Goldsmith, a professor at Harvard Law School who was an assistant
attorney general from 2003 to 2004, is writing a book on cyberwar.


Copyright 2009 The New York Times Company

The answer is simple. Good behavior on the net should be rewarded and the bad
punished, like when the net manager pulled the plug on Scandinavia in 1993.
We must be go netizens.

--
Angel http://www.csmonitor.com/2009/0622/p06s04-wome.html http://allforgood.org
Heatlth car action http://my.barackobama.com/page/content/hcserviceattend/
http://shelby.senate.gov http://sessions.senate.gov http://griffith.house.gov/
.