CHICAGO — The onus is on regulators and legislators to make software and the Internet something U.S. consumers want to use; in some areas, according to one academic, they are falling short.
Gene Spafford, director of Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS), told an audience of IT security managers here at the Computer Security Institute (CSI) convention Tuesday that the computing industry is maturing just like many other established businesses and going through similar growing pains.
“We’re going through changes now,” he said. “We’re going from the technological innovation and business innovation to a consumer and regulatory phase.”
The telephone industry is a good example of what happens to new technology when it becomes a mainstream necessity for Americans, Spafford pointed out. When the phone first became available to the public, it was received more for its entertainment value than as a vital service. Spafford relates those early telephone users to today’s online chat rooms, where people come together for purely social reasons.
The U.S. government in the 1920s, when first confronted with a case for personal privacy on the telephone network, treated telephone privacy much as online privacy is treated today on the Internet. The Supreme Court ruled there was no valid expectation of privacy, and only amended that years later to ensure the privacy of telephone users, saying law enforcement agencies needed to gain warrants to tap phone lines.
While it true there is legislation out there ostensibly to protect consumer information, there are many loopholes, including opt-out programs and the ability of mass e-mail marketers to search the Web for consumer e-mail addresses.
Today’s government is moving forward with regulations and guidelines to ensure the safety and security of its citizens, though Congressional authorities are listening more to lobbyists than they are to consumers, Spafford said.
The reason for concern, he said, is that software developers and content owners are more worried about protecting themselves from lawsuit or keeping a tight rein on the media they own, than providing a service consumers want. According to a National Institute of Standards and Technology (NIST) report published in May, companies in the U.S. have spent $60 billion on patches and fixes to buggy software.
Nowhere is that more evident, according to Spafford, than in two pieces of proposed legislation: the Uniform Computer Information Transaction Act (UCITA) and the Consumer Broadband and Digital Television Promotion Act (CBDTPA)
Despite opposition from 30 state attorneys general, the Association for Computing Machinery (ACM), the Institute of Electrical and Electronics Engineers (IEEE) and a host of others, two states passed the bill. Spafford said lobbyists were able to scare the states of Maryland and Virginia into passing the bill for fear of being labeled anti-e-commerce.
“Rather than read the 200-some page document and find out what it was really about, they signed off on the Act, rather than be considered as against e-commerce growth,” Spafford said.
The Act gives software makers the right to change the terms of service after a customer buys the application, the right of the software developer to remotely shut down the application if licenses aren’t paid on time, and allows for restrictions to be placed on the software after purchase. The company can also restrict customers from making public criticism of the application.
The CBDTPA, on the other hand, is a bill introduced by Sen. Ernest Hollings (D-SC), which fines digital equipment makers who don’t include hardware that prevents the use of pirated movie or music files. While it’s meant to stymie the use of pirated content on DVD players and PCs, it also conceivably extends to other electronic products, like digital clocks and microwaves.
A fundamental change in the Internet is needed before consumers will be comfortable new technologies to protect their privacy, Spafford said.
“In the next couple year’s I’ll be able to hold my credit card, medical information and private information on this,” Spafford said, holding up a PDA. “It better not give out information, (and) it better not give me a blue screen of death when I really need it.”