Big software pushes hard for national Gestapo

[InfoSec News <isn () c4i org>]

Forwarded from: bob <bob () globaldevelopment org>

The guys at the Register are always so much more fun to read.

Bob Adams
http://www.globaldisaster.org
http://globalangst.blogspot.com


http://www.theregister.co.uk/content/55/26378.html

Big software pushes hard for national Gestapo
By Thomas C Greene in Washington
Posted: 25/07/2002 at 15:49 GMT

I was puzzled last month when industry lobby the Business Software
Alliance (BSA) released a cyberterror FUD bomb. Or, rather, a FUD dud
-- a laughably meaningless survey of the opinions of so-called "IT
pros" all laboring under the delusion that a deadly national
catastrophe by electronic means is just around the corner.

Was that a one-off lapse in judgment, I wondered. A quick and dirty
publicity stunt? Why would the BSA suddenly become concerned with
cyberterror? Are they developing some software-based national-defense
panacea? I found it puzzling enough to solicit readers for insight and
theory. I thank everyone who contributed their ideas, but I must say
that even with their help I couldn't quite add it all up.

But now the BSA is at it again, repeating its bizarre performance, and
it's all suddenly making sense.

Consider that the Bush Junior Administration and Congress are moving
to entrust considerable cyber-defense powers to the new Department of
Homeland Security, a proposed national Gestapo with a budget of $37
billion and exemptions from the Freedom of Information Act (FOIA) and
other privileges.

And of course that spells pork -- big, juicy, fat gobbets of pork. No
wonder the BSA is at it again, saying essentially the same thing while
using nothing better than hearsay for its standard of evidence.
They're tossing out empty soundbites for Congresspersons to mimic in
their little speeches on the floor, as they pretend to agonize over
the safety of innocent Americans at the hands of demonic IP warriors.

"The sobering results of these surveys underscore the need for
Congress and the Administration to ensure that the security of our
nation's information networks is a top priority in homeland security
legislation now being debated on Capitol Hill," BSA President Robert
Holleyman whines.

"While Y2K was a one-time event, cyber attacks represent persistent
threats that need to be treated with the same concerted urgency that
successfully averted Y2K disasters," he goes on. "We think it is
important that the government take a strong lead like it did for Y2K
and set a tone that business will follow."

All right, when you get an industry lobby pretending to solicit
government 'leadership', you know something stinks. Big Software likes
this legislation, ergo the man in the street is going to hate it. And
they've got a frightened lapdog, House Energy and Commerce Chairman
Billy Tauzin (Republican, Louisiana), to serve as their pitch man.

"Ninety percent of the nation's most important critical
infrastructures are privately owned and operated; that's why it is
crucial that we make sure the public and private sectors are working
together to protect the information networks that increasingly impact
nearly every aspect of our daily lives," the BSA quotes Tauzin as
saying.

'Working together' indeed. That means government contracts – billions
in public funds, vast hunks of corporate welfare, just so some script
kiddie has a slightly harder time defacing Uncle Sam's Web sites. It
also means 'upgrading' to the latest and greatest database and office
software, and of course the very finest in operating systems.

And on the return trip, it means blessed secrecy for software giants
and other major IT companies, all of whom desperately want FOIA
exemption on the hollow pretext that they could then share information
about cyber-attacks and in this way selflessly contribute to the
national anti-terror brain trust and the public's safety. Of course
the truth there is a good deal simpler: companies want secrecy
regarding cyberattacks because they're embarrassing, and because the
public would probably stop dealing with hundreds of them if they found
out how poorly-defended their data really is. An FOIA exemption of
that sort would be the Mother of all security-through-obscurity
programs, but it has not been forthcoming on the Hill, and probably
won't materialize as part of the Gestapo legislation.

Perhaps the new Homeland Defense Office will be able to extend the
umbrella of its own freedom from information act (FFIA) as a partial
shield. And that may well pass; recent proposed amendments would limit
public access to corporate records only if they're submitted to
Gestapo Headquarters, and then only the bits dealing with security
would be exempt. Of course there's a lot of wiggle room there. Pretty
much anything can be said to have security implications, as Kafka
often noted.

This happy alliance will also likely mean closer government
cooperation in fighting the evils of software piracy. Clearly the
BSA's patrons regard the FBI as their own personal 'piracy 911'. No
doubt enhanced access via the new department is anticipated, and high
hopes of further influencing national law-enforcement priorities
entertained.

So what we have is a bid for Homeland Security pork using hearsay and
FUD, cleverly disguised as something serious. But what else would you
expect from an organization that routinely lies about piracy, slickly
including open source products in their 'loss' statistics? 

BSA members include Adobe, Apple Computer, Autodesk, Bentley Systems,
Borland, CNC Software/Mastercam, Dell, EDS, Entrust, HP, IBM, Intel,
Intuit, Macromedia, Microsoft, Network Associates, Novell, Sybase, and
Symantec. [Wow, some of the world's biggest defense contractors. We're
impressed. --ed]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.