Tech Companies Ask U.S. to Regulate Cyber Security
qtp writes "Wired reports that a group called the National Cyber Security Partnership, which consists of 'leading software companies' including Microsoft and Computer Associates and industry organisations such as the BSA, has asked the Department of Homeland Security to regulate what they call 'Cyber Security'. Representatives from Microsoft, Computer Associates, and the BSA headed the Security Across the Software Development Cycle Task Force that submitted this report to the Bush administration today. (For all of you who dread reading 123 page reports, there is a three page summary available as well. The Washington Post, Forbes, and Other Sources are covering this story as well. I hope this is just another [late] April Fools Day joke, but I'm afraid that this looks too scary to be real."
they propose that gov't should regulate security in specific industries, like banking or telecom, and not a blanket "one-size-fits-none"
Ensure that Software Assurance and other Information Technology Centers of Excellence include an information protection component (Emphasis mine).
Is it any surprise that Microsoft's security recommendations would include Palladium?
====---====
Together, we will drive the rats from the tundra.
You've noticed how EULA is typically attached to things you pay MONEY for? (and get sued for using if you have not).
Have you also noticed how GPL'ed products are free (as in speech, but also, often, as in beer).
Notice how EULA does NOT usually cover things for which you have access to source code?
The point is simple - when you BUY software, the software VENDOR should carry responsibility.
GPL'ed software is given away - no money is charged. Thus, the GPL can say "we're just doing this for fun, use at your own risk"
In contrast, paying money and accepting the license as part of the transaction makes it a contract. The contractor should be held responsible for his work.
(I know, IANAL, playing fast/loose with the term ``contract'', etc.. But the chief distinction is MONEY)
ITAA is the lobbying arm of high tech corporations.
For insight on how ITAA sets up these "blue ribbon panels", read this article about a meeting of electronic voting manufacturers. They brought in Harris Miller, ITAA's president, to see how he could help them.
Highlights from the article:
"Similarly, when we get press calls and the press says 'Joe Academic says your industry's full of crap and doesn't know what it is doing.' What do you say Harris? The reporters always want to know what are the companies saying?.. And there can be two scenarios there: The companies may want to hide behind me, they don't want to say anything... frequently that happens in a trade association, you don't want to talk about the issues as individual companies.
How is any of that related to the topic at hand? These panels we see approaching the government are coalitions formed by a lobbying firm that is paid to protect the interests of its clients. The panels are made to look as if they are unbiased experts that are only looking out for the good of all Americans. The truth is they want to control the conversation so it seems as if they are the only ones with relevant information on the subject at hand.
Harris Miller and the ITAA have been doing this for many years, and their MO is always the same. This The National Cyber Security Partnership is nothing more than an extension of ITAA's lobbying efforts.
displacedtechies.com