Newsmaker: Putting teeth into U.S. cybercrime policy

Story Tools

TalkBackE-mailPrint del.icio.us Digg this

It wasn't so long ago that interest in the topic of online crime was limited to a small circle of technologists. Nowadays, senior government officials talk about it as a potential national security threat. That's where Paul Kurtz comes in.

As the executive director of the Cyber Security Industry Alliance, a consortium of CEOs pressing for more-effective cybersecurity legislation, Kurtz is hoping to make sure any new regulations carry real weight. And since the 41-year-old Kurtz's resume includes a stint on the White House's National Security Council, as well as a period as senior director for national security at the Office of Cyberspace Security, it's a good bet that he'll find an audience willing to hear him out.

Kurtz helped develop the international component of the National Strategy to Secure Cyberspace, as a member of the President's

Unlike industry efforts that have criticized the government for doing too little, or policy groups that have called for action and failed to consider the implications of technology-oriented legislation, Kurtz is looking for middle ground. The security expert believes that by helping the government see the big picture, tech-wise, and aiding politicians in writing laws that have real teeth against cybercriminals, true progress against the tide of online threats can be made.

Earlier this month, CNET News.com caught up with Kurtz com to hear his ideas on where CSIA's battle for better cybercrime legislation currently stands.

Q: Why do you think the CSIA will have an audible voice among the many parties pushing for cybercrime law reform?
Kurtz: Before our group was formed, there really wasn't any organization that was focused on (cybersecurity) policy issues full time. People were following worms and viruses, and talking about best practices, but nobody was really following the legislative agenda on Capitol Hill or developments within the executive branch on a regular basis.

And we're looking in the states as well. We're CEO-driven, which makes us unique as well. We have top-level involvement from our corporate members, not just a passing interest.

The CSIA seems to be looking at spyware legislation quite a bit. Why is that work so important right now?
Kurtz: There is a real concern on the part of the industry to combat spyware. There are so many sites with different forms of adware that download malicious software and tools to people's computers and that are hard to uninstall. The interesting piece is that the adware people are beginning to get concerned and threatening to sue people who try to uninstall spyware, which they claim end-users have agreed to license and load.

Has any progress been made in creating a more comprehensive definition?
Kurtz: It's hard to say. One person's definition tends to differ from someone else's. Some people find a cookie very intrusive, while some people don't find it problematic. But we're talking about the truly malicious stuff--keystroke loggers, software that can't be uninstalled, or programs that take down your system when you try to take them off.

It's really important to make sure that our case is heard in regard to spyware, what our firms are dealing with and how they're trying to protect consumers. Our job is engaging Congress as it is contemplating legislation and making sure that they're working with industry all the way.

We've seen some companies known as spyware sources trying to be more open about their business practices. How do you balance protecting these companies' rights with your efforts to protect consumers?
Kurtz: There are a variety of ways to approach this problem. We're working with the Center for Democracy and Technology, which has pulled together a working group to examine this issue. And this effort includes not only the anti-spyware vendors, but also folks like ISPs and search engines, as well as consumer protection advocates. I think there is a need to look at this stuff in a comprehensive context.

So there is room for legal spyware, if you could call it that?
It has to be made clear to companies that if your software does certain things, then it is going to get blocked. It won't necessarily be easy to do this, but we need to make it clear to the adware people what sort of behavior won't be tolerated.

Clearly, there are some adware companies out there that are trying to do this the right way. The effort isn't about demonizing the entire

TalkBack

Images: Adobe Photoshop Express finally arrives

New Web-based application for editing, organizing, and sharing images is free, and an account includes 2GB of storage.
View this gallery.