I was puzzled last month when industry lobby the Business Software Alliance (BSA) released a cyberterror FUD bomb. Or, rather, a FUD dud -- a laughably meaningless survey of the opinions of so-called "IT pros" all laboring under the delusion that a deadly national catastrophe by electronic means is just around the corner.
Was that a one-off lapse in judgment, I wondered. A quick and dirty publicity stunt? Why would the BSA suddenly become concerned with cyberterror? Are they developing some software-based national-defense panacea? I found it puzzling enough to solicit readers for insight and theory. I thank everyone who contributed their ideas, but I must say that even with their help I couldn't quite add it all up.
But now the BSA is at it again, repeating its bizarre performance, and it's all suddenly making sense.
Consider that the Bush Junior Administration and Congress are moving to entrust considerable cyber-defense powers to the new Department of Homeland Security, a proposed national Gestapo with a budget of $37 billion and exemptions from the Freedom of Information Act (FOIA) and other privileges.
And of course that spells pork -- big, juicy, fat gobbets of pork. No wonder the BSA is at it again, saying essentially the same thing while using nothing better than hearsay for its standard of evidence. They're tossing out empty soundbites for Congresspersons to mimic in their little speeches on the floor, as they pretend to agonize over the safety of innocent Americans at the hands of demonic IP warriors.
"The sobering results of these surveys underscore the need for Congress and the Administration to ensure that the security of our nation's information networks is a top priority in homeland security legislation now being debated on Capitol Hill," BSA President Robert Holleyman whines.
"While Y2K was a one-time event, cyber attacks represent persistent threats that need to be treated with the same concerted urgency that successfully averted Y2K disasters," he goes on. "We think it is important that the government take a strong lead like it did for Y2K and set a tone that business will follow."
All right, when you get an industry lobby pretending to solicit government 'leadership', you know something stinks. Big Software likes this legislation, ergo the man in the street is going to hate it. And they've got a frightened lapdog, House Energy and Commerce Chairman Billy Tauzin (Republican, Louisiana), to serve as their pitch man.
"Ninety percent of the nation's most important critical infrastructures are privately owned and operated; that's why it is crucial that we make sure the public and private sectors are working together to protect the information networks that increasingly impact nearly every aspect of our daily lives," the BSA quotes Tauzin as saying.
'Working together' indeed. That means government contracts -- billions in public funds, vast hunks of corporate welfare, just so some script kiddie has a slightly harder time defacing Uncle Sam's Web sites. It also means 'upgrading' to the latest and greatest database and office software, and of course the very finest in operating systems.
And on the return trip, it means blessed secrecy for software giants and other major IT companies, all of whom desperately want FOIA exemption on the hollow pretext that they could then share information about cyber-attacks and in this way selflessly contribute to the national anti-terror brain trust and the public's safety. Of course the truth there is a good deal simpler: companies want secrecy regarding cyberattacks because they're embarrassing, and because the public would probably stop dealing with hundreds of them if they found out how poorly-defended their data really is. An FOIA exemption of that sort would be the Mother of all security-through-obscurity programs, but it has not been forthcoming on the Hill, and probably won't materialize as part of the Gestapo legislation.
Perhaps the new Homeland Defense Office will be able to extend the umbrella of its own freedom from information act (FFIA) as a partial shield. And that may well pass; recent proposed amendments would limit public access to corporate records only if they're submitted to Gestapo Headquarters, and then only the bits dealing with security would be exempt. Of course there's a lot of wiggle room there. Pretty much anything can be said to have security implications, as Kafka often noted.
This happy alliance will also likely mean closer government cooperation in fighting the evils of software piracy. Clearly the BSA's patrons regard the FBI as their own personal 'piracy 911'. No doubt enhanced access via the new department is anticipated, and high hopes of further influencing national law-enforcement priorities entertained.
So what we have is a bid for Homeland Security pork using hearsay and FUD, cleverly disguised as something serious. But what else would you expect from an organization that routinely lies about piracy, slickly including open source products in their 'loss' statistics? ®
BSA members include Adobe, Apple Computer, Autodesk, Bentley Systems, Borland, CNC Software/Mastercam, Dell, EDS, Entrust, HP, IBM, Intel, Intuit, Macromedia, Microsoft, Network Associates, Novell, Sybase, and Symantec. [Wow, some of the world's biggest defense contractors. We're impressed. --ed]