Whenever I read a story like the one I saw on CNN.com entitled “Bush pressed for more Net security“, I immediately start putting the words crony and capitalist together and start leaving laissez-faire alone. For once we get into the details-that is, the first paragraphs-we see what this group wants:
Computer-security experts, including former government officials, urged the Bush administration on Tuesday to devote more effort to strengthening defenses against viruses, hackers and other online threats.
The Bush administration should spend more on computer-security research, share threat information with private-sector security vendors, and set up an emergency computer network that would remain functional during Internet blackouts, a computer-security trade group said.
It’s a trade group, which represents companies that take money to do computer security services such as researching computer-security, sharing threat information with private sector security vendors (each other), and setting up emergency computer networks to remain functional during Internet blackouts. That is, the trade group wants the government to devote money to pay to the trade group’s members. The call is as relevant as any group of potato farmers or mohair ranchers shrieking that the people of the United States need their product to survive.
I am alarmed, however, with the amount of play and seriousness given to the idea that the government should do something to ensure the security of computer networks. As companies have sacrificed security in developing their infrastructures and network capabilities in favor of cost savings, expediency, and convenience, they should not expect a government bailout now. The government undoubtedly should expend public funds to ensure that its capabilities remain intact during an emergency, but it shouldn’t retrofit, expensively and bureauwastefully, security for any factory or utility that placed its flow controls online on the Internet for convenience and a chance to lay off people who would have to check those controls in person. I don’t want to spend tax money to ensure that my bank is secure nor that my credit card companies can weather an attack, nor to ensure that my power company can continue delivering amperage down my pipes; that’s a cost of business, which the businesses often pass on to me through service fees and surcharges so that those costs don’t come out of the profit margin and the shareholder’s take.
However, since these lobbyists want the best of all worlds: surcharges to charge consumers for the cost of business and the government, and by that I mean us taxpayers, actually paying for the costs of business. Since the customer or taxpayer backlash hasn’t arisen, Willie, it’s go time.
As a taxpayer and a customer, I don’t look forward to the expanding synergy between government security administration and private industry. Let’s take an example from recent history: airports. Airlines, leaky boats which the government frequently bails out with buckets of taxpayer cash, and airport authorities, government bureaucracies in their own right in many cases and not very good at for-profit in others, abdicated their obligation to secure their places of business. First, they took government funds to pay for their own surly security employees, and when that wasn’t enough, the government stepped in and provided its own employees, surly and unaccountable to the private sector, to grope grandma.
So call it a slippery slope if you will, but private/public partnerships do resemble a water park. If a group of lobbyists paid highly by companies, whether profitable or failing, calls for government aid, they often get more than we customers or taxpayers want or deserve. Imagine a decade hence, when companies have pissed away the government funding on efforts to secure further government funding–which is where most government funding goes, even in the government. The private-public partnership has failed, and some legislator who wants to get on television midwifes the Computer Security Administration (CSA). This new authority dictates that computer owners must install the government flavor of McAfee anti-virus and must allow the government to schedule scans twice a week. Anyone who does not let the government perform its security function, loosely defined by Congress and arbitrarily envisioned by a mid-level Homeland Security manager looking forward to a better appointed position, faces a fine or felony charges just like impudent fliers do now. Our leadership class explains that responsible Internet travellers must accept this sacrifice, and the media will find some AOL user to explain that it’s a good idea and doesn’t impair his experience at all (it wouldn’t). The government gets to scan your hard drive every night for the good of the nation, and if you don’t like it, in four years you can vote for a different legislator too timid to agitate for its reversal.
Once the government takes over the security, all customer ill will regarding the inconvenience and the intrusiveness of the practices goes to the government and its employees, and the companies and their trade groups can only shrug their collectivist shoulders and say to their customers, sorry, it’s the government running its fingers over your shapely posterior, not us. All responsibility for irresponsibility successfully shirked, the trade groups can turn their attention to the next government handout–and hand over.
Sound crazy? Imagine what you would have thought about current TSA practices in 1994. Or 1987.
To make a short story long, Internet and corporate network security are not the government’s business. They’re the exclusive burden of companies who choose to participate in networks and of the consortia and standards bodies and organizations, well, organized by private industry. If our “capitalist” industries cede that obligation to the government, they’re putting their short term cost savings ahead of the ultimate best interests of their customers and the interests of the citizens of the Republic.