Wed 17 Dec 2008 05:46:35 PM PST
Doesn't anybody talk to anybody?
Steven M. Bellovin writes that "Securing Cyberspace for the 44th Presidency," a report from the Center for Strategic and International Studies, is required reading for anyone interested in cybersecurity and public policy.
From the report: "Our investigations and interviews for this report made it clear we are in a long-term struggle with criminals, foreign intelligence agencies, militaries, and others with whom we are intimately and unavoidably connected through a global digital network; and this struggle does more real damage every day to the economic health and national security of the United States than any other threat."
What's missing? Hint: they're a set of criminals who do big business online, and they fund security attacks. Another hint: they begin with P.
That's right, the pirate problem.
As Pirate Czar, I will work with the security scene, not against it. The first thing that we need is a private right of action against email spammers. I'm looking at email spam right now that's offering me an "OEM" version of a proprietary software package. If a mail server administrator had a few hundred copies of this, and a private right of action, that would be money, not in the bank, but pretty close. File a John Doe case the spammer, subpoena some member PCs of the botnet (sorry, Bruce Schneier's mother, but if you don't care enough about the machine to keep it bot-free, you won't mind if spammees's lawyers borrow it), and, of course, follow the money.
If we're going to get serious about pirates we have to close the legal protections for spammers. Spam, piracy, and malware are too closely linked to give spam a free pass, and there are enough spam-haters with time on their hands to give the pirates some grief.