Today Richard Clarke, the former “Cybersecurity Czar” spoke at Santa Clara University’s Trust Online conference. Clarke, who has served in a variety of counterterrorism and cybersecurity positions in the federal government, delivered a thought-provoking keynote speech. He made the assertion that before we can seriously tackle online crime, identity theft, spam, security breaches, and the like, we need to understand that the federal government and private enterprise will play critical roles in any trust system. He then went on to point out that the American public’s trust in government isn’t exactly at an all-time high. Pointing to the Enron debacle and other corporate malfeasance that gave rise to Sarbanes-Oxley, he reminded the audience that corporate America isn’t a terribly trusted sector either. However, he was still optimistic that the problems incurred by lack of comprehensive systems for online trust could be remedied. In particular, he outlined five components that he thought could be useful in establishing trust online. He was careful to point out that some of these ideas had already been evaluated and rejected by lawmakers and the public, but he suggested it was time to get past the constraints of outdated thinking. The five ideas:
- National ID Cards – Social security numbers and state driver’s license cards are being used in ways they were not designed to be used, and two-factor national ID cards would not end anonymity, because anonymity is already gone.
- FCC Regulation of the Internet – “Government regulation allows the economy to work” and the FCC could step in and mandate that Internet access providers adhere to the Voluntary Security Guidelines promulgated by the FCC years ago.
- Closed Off Portions of the ‘Net – Critical infrastructure functions should not be tied to the Internet, but should be operated as closed networks.
- Improve Secure Code – Corporate and government cooperation in raising the bar for programmers, so certain minimum standards for secure coding were adhered to would help to minimize weaknesses in the technical infrastructure.
- Create a Privacy/Civil Liberties Office in the US Government – According to Clarke such a position was advocated in the 9/11 Commission Report, and such an office was established, but it has absolutely no teeth.
In answering one audience question, Mr. Clarke opined: “Society depends on a Congress and the media being critical.” In that spirit, here are some links to articles about Mr. Clarke. In the absence of a functional system for online trust, which of these articles do you trust more?
- An opinion piece at Security Focus
- A profile from Wired Online
- An analysis of Clarke statements at Time Magazine
- A Wikipedia entry (of disputed neutrality)
For that matter, do you trust me? Why or why not?