A secure new economy requires increased information sharing and reduced government regulation, according to a global director of strategic development for EDS Corp.
Speaking as part of an EDS roundtable on Internet security and privacy Tuesday, Bill Poulos stressed the importance of opening communication lines, both those that connect business to government and those that link businesses to each other.
“In order to reduce the threat of (cyber) crime, we have to share information (from) business to business,” Poulos said. “We also want to share that information with governments.”
Poulos said three barriers exist to information sharing that need to be addressed. The first is liability. Poulos said businesses are tentative about reporting attacks they suffer, as this information could later be used against them in court.
The panel, which also included Dave Woelfle, chief infrastructure architect for EDS Canada, and EDS Canada senior information assurance consultants, Neil Rerup and David Langen, said this suggests the reported US$17 billion in business losses to viruses in 1999 did not account for the cost of all cyber crime that year.
Poulos also said businesses should be able to exchange more information on security without running afoul of competition or anti-trust laws. He pointed to the Information Technology Information and Analysis Center (IT-ISAC), whose members include Cisco Systems, IBM and EDS, as an organization that needs to be freely able to share data.
The third obstacle to information sharing, Poulos said, is strict access to information law in the democratic world. He suggested businesses should be able to share sensitive information with governments and have it protected for a limited period of time.
EDS is asking governments around the world to address the issues, but not to the extent that it would adversely affect consumers or the economy.
“What we don’t want to do is create a haven for bad actors,” Poulos said.
But David Jones of consumer advocacy group Electronic Frontier Canada said the kind of covert information exchange EDS is espousing bodes ill for the general public.
“This is big business saying they want they want to keep secrets about how bad their security and privacy protection is,” Jones said. “This is not in the interest of the consumer.”
As for the desire for unfettered exchange between businesses, Jones said businesses are not as interested in tightening security as in loosening regulation.
“Companies are being opportunistic,” Jones said. “They don’t like governments telling them what they can and can’t do.”
Speaking at the roundtable, Poulos said regulation was only one factor in the security equation. Businesses, he said, need to make security more of a priority.
“I’m not satisfied with the performance of corporate Canada and corporate America with respect to security,” he said, adding that security will not become a boardroom issue until Wall Street and analysts start asking companies about their security. “Security is a very complex issue. It’s not just putting in a firewall.”
Rerup compared a good security strategy with middle-castles surrounded by multiple forms of protection — motes, gates, armies.
“A layered approach works best,” he said.
Because EDS is a provider of security and privacy solutions, the panel admitted it had an incentive to push their importance. But Poulos said he was only echoing a commonly-held belief that businesses and consumers will engage in e-commerce if they believe it to be safe.
“Trust is the showstopper of the digital economy,” he said. “For the digital economy to succeed, businesses have to build security and privacy into their services.”
Poulos said privacy is in part determined by culture — Canadians and Europeans tend to be more weary of corporations while Americans are more skeptical of government — but that in general everyone wants their information to be protected.
He said companies have to at least comply with privacy law, and probably go further to meet the expectations of the consumer. That means simplifying privacy policies, which Jones said often bury clauses that permit information trafficking in a large amount of type.
The panel hinted at growing importance of privacy with coming advancements in genomics and wireless technology. Woelfle said the cell phone raises privacy considerations because it becomes a broadcasting device that tracks not only what a user is saying but where, geographically, that user is.