Feeds

Big software pushes hard for national Gestapo

BSA drooling over Homeland Security pork

  • alert
  • submit to reddit

3 Big data security analytics techniques

I was puzzled last month when industry lobby the Business Software Alliance (BSA) released a cyberterror FUD bomb. Or, rather, a FUD dud -- a laughably meaningless survey of the opinions of so-called "IT pros" all laboring under the delusion that a deadly national catastrophe by electronic means is just around the corner.

Was that a one-off lapse in judgment, I wondered. A quick and dirty publicity stunt? Why would the BSA suddenly become concerned with cyberterror? Are they developing some software-based national-defense panacea? I found it puzzling enough to solicit readers for insight and theory. I thank everyone who contributed their ideas, but I must say that even with their help I couldn't quite add it all up.

But now the BSA is at it again, repeating its bizarre performance, and it's all suddenly making sense.

Consider that the Bush Junior Administration and Congress are moving to entrust considerable cyber-defense powers to the new Department of Homeland Security, a proposed national Gestapo with a budget of $37 billion and exemptions from the Freedom of Information Act (FOIA) and other privileges.

And of course that spells pork -- big, juicy, fat gobbets of pork. No wonder the BSA is at it again, saying essentially the same thing while using nothing better than hearsay for its standard of evidence. They're tossing out empty soundbites for Congresspersons to mimic in their little speeches on the floor, as they pretend to agonize over the safety of innocent Americans at the hands of demonic IP warriors.

"The sobering results of these surveys underscore the need for Congress and the Administration to ensure that the security of our nation's information networks is a top priority in homeland security legislation now being debated on Capitol Hill," BSA President Robert Holleyman whines.

"While Y2K was a one-time event, cyber attacks represent persistent threats that need to be treated with the same concerted urgency that successfully averted Y2K disasters," he goes on. "We think it is important that the government take a strong lead like it did for Y2K and set a tone that business will follow."

All right, when you get an industry lobby pretending to solicit government 'leadership', you know something stinks. Big Software likes this legislation, ergo the man in the street is going to hate it. And they've got a frightened lapdog, House Energy and Commerce Chairman Billy Tauzin (Republican, Louisiana), to serve as their pitch man.

"Ninety percent of the nation's most important critical infrastructures are privately owned and operated; that's why it is crucial that we make sure the public and private sectors are working together to protect the information networks that increasingly impact nearly every aspect of our daily lives," the BSA quotes Tauzin as saying.

'Working together' indeed. That means government contracts -- billions in public funds, vast hunks of corporate welfare, just so some script kiddie has a slightly harder time defacing Uncle Sam's Web sites. It also means 'upgrading' to the latest and greatest database and office software, and of course the very finest in operating systems.

And on the return trip, it means blessed secrecy for software giants and other major IT companies, all of whom desperately want FOIA exemption on the hollow pretext that they could then share information about cyber-attacks and in this way selflessly contribute to the national anti-terror brain trust and the public's safety. Of course the truth there is a good deal simpler: companies want secrecy regarding cyberattacks because they're embarrassing, and because the public would probably stop dealing with hundreds of them if they found out how poorly-defended their data really is. An FOIA exemption of that sort would be the Mother of all security-through-obscurity programs, but it has not been forthcoming on the Hill, and probably won't materialize as part of the Gestapo legislation.

Perhaps the new Homeland Defense Office will be able to extend the umbrella of its own freedom from information act (FFIA) as a partial shield. And that may well pass; recent proposed amendments would limit public access to corporate records only if they're submitted to Gestapo Headquarters, and then only the bits dealing with security would be exempt. Of course there's a lot of wiggle room there. Pretty much anything can be said to have security implications, as Kafka often noted.

This happy alliance will also likely mean closer government cooperation in fighting the evils of software piracy. Clearly the BSA's patrons regard the FBI as their own personal 'piracy 911'. No doubt enhanced access via the new department is anticipated, and high hopes of further influencing national law-enforcement priorities entertained.

So what we have is a bid for Homeland Security pork using hearsay and FUD, cleverly disguised as something serious. But what else would you expect from an organization that routinely lies about piracy, slickly including open source products in their 'loss' statistics? ®

BSA members include Adobe, Apple Computer, Autodesk, Bentley Systems, Borland, CNC Software/Mastercam, Dell, EDS, Entrust, HP, IBM, Intel, Intuit, Macromedia, Microsoft, Network Associates, Novell, Sybase, and Symantec. [Wow, some of the world's biggest defense contractors. We're impressed. --ed]

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.