Two ideas on collaborating to make the Internet safer
Posted on | February 3, 2009 | add a comment
What do a call for President Obama to create a federal clearinghouse of information about data breaches, and the work of a group called AMTSO have in common? Both are pushing for collaboration among sometimes contentious parties to make the Internet safer.
AMTSO – the Anti-Malware Testing Standards Organization – is further along. This group of uber competitive tech security companies, led by Bilbao, Spain-based Panda Security, among others, has been striving since May 2008 to come up with a standard for anti-malware testing, which would result in something the good guys are sorely lacking: meaningful metrics.
You can’t resolve a problem if you can’t measure it. That’s why it is vital for AMTSO to succeed. Establishing – and engraining – a reliable anti-malware testing standard could be as important as pervasively implementing the SANS/Mitre standard for addressing the Top 25 coding flaws.
From the same school of thought comes Adam Levin’s bold proposal titled, The Perfect Storm: Why the New Administration Cannot Ignore Identity Theft. Levin is, Chairman and Co-Founder of Identity Theft 911. Contributors to the Perfect Storm report include; Jay Foley, co-founder of the Identity Theft Resource Center; Pam Dixon founder of World Privacy Forum; and Chris Hoofnagle, senior staff attorney at the Berkeley Center for Law and Technology.
The report makes reference to Internet-enabled data theft and identity fraud spiraling out of control. If you haven’t been a victim yet, be patient. The bad guys aren’t about to delete any of the data they’ve gone through pains to steal. “Simply because a small percentage of consumers who are on compromised databases actually suffer a personal incident within a short period of time doesn’t mean that they don’t face continuing risk,” says Levin. Cyber thieves consider names, birth dates, Social Security numbers and account logins “real currency,” he says.
Levin suggests designating the Federal Trade Commission as the data breach regulatory authority. He wants to see passage of a national data breach notification and disclosure law “with teeth.” And he wants more funding for the FTC. The report also calls for the Obama administration to:
- Derail efforts by the Big Three credit bureaus to alter state laws that require companies to notifiy consumers when their data gets stolen and allow them to easily freeze their credit records.
- Compel federal agencies, such as the Veteran’s Affairs Administration, among many others to handle sensitive citizens’ data more securely.
- Pool law enforcement crime data “in order to provide a more timely and complete snapshot of the identity theft problem”
“There is no shortage of ideas as to how we may assert greater control over the identity theft pandemic,” the report concludes. “Now it’s up to the new president, as a great listener and mediator, to bring all voices to the table.”
–Byron Acohido
