[EAS] Internet annus mirabilis?

pjk pjk at design.eng.yale.edu
Mon Jan 31 17:27:09 EST 2005

Subject:   Internet annus mirabilis?

(from NewsScan Daily, 31 January 2005)

[By Stephen Cobb and Chey Cobb, Who Present Their Annual Lament]
      As the first month of 2005 draws to a close it is time to
sound our  annual alarm over the state of Internet decay. At the
beginning of 2003 we  wrote that the Internet "exists at the whim of
those who know how to  destroy it." We also said that "Our society
is a lot more dependent on the  Internet than anyone has so far been
prepared to admit."
      Almost simultaneously, but unbeknownst to us, a certain
federal  government employee by the name of Richard Clarke, not
widely known outside  of Washington at that time, was drafting his
resignation letter as he  prepared to quit as head of cybersecurity
for the Bush administration. In  his letter Clarke said, "As long as
we have vulnerabilities in cyberspace  and as long as America has
enemies, we are at risk of the two coming  together to severely
damage our great country. We cannot assume that the  past level of
damage is in any way indicative of what could happen in the 
      A year later, we felt so strongly about this issue, and the 
continuing lack of attention it was receiving, that we reiterated
our  warnings in both this column and a press release, pointing out
that profits  and productivity gains created by the use of email and
Web sites could be  lost unless there was rapid and widespread
deployment of improved  technology to defeat these threats.
      We were particularly frustrated by "the willingness of major 
stakeholders, such as the large software, hardware, and network
service  provider companies, to sit around planning how to beat each
other in the  marketplace even as the marketplace threatens to
disappear from beneath  their feet." We concluded that "There has to
be concerted, cooperative  action, now. The alternative is, at best,
a reduction in growth rates for activities like online banking and
shopping; at worst, wholesale consumer defection will occur, along
with a damaging loss of profits and productivity gains for
companies, government, and the economy as a whole."
      Not everyone agreed. Our warning was criticized as "shrill and
overzealous." But our prediction that, driven by a rising tide of
spam and  malicious code, 2004 would be the worst year ever for
security incidents  and privacy breaches, proved sadly correct.
While 2004 brought numerous  announcements of multi-vendor
cooperation on security issues, as well as  some serious
consolidation among security companies, life for many people 
attempting to use Internet-connected computers continued to get
      We don't just base this on our own experience, the many hours
we spent in 2004 helping people to reclaim their computers from
viruses, spam,  and adware. Consider the findings of a survey
conducted in January of 2005  by Osterman Research which found that,
thanks to the proliferation of spam,  spyware, and related problems,
"44 percent of computer users have reduced  their use of e-mail and
the Internet in the last 12 months." Perennial  optimists may point
out that 56 percent of the 241 respondents said they  had not
reduced their usage of e-mail and Internet, but that is hardly 
enough to maintain the growth rates upon which so many business
models are  built these days, from banking to retailing,
manufacturing to transportation.
      January of 2005 also brought the first mainstream media
article that  dared to advance the claim, heretofore heretical in
most media  circles--interwoven as they are with so many of the
business models now at  risk--that a significant number of people
are abandoning the Internet.  Penned by Joseph Menn, the article
appeared in the LA Times on January 14  under this headline: "No
More Internet for Them: Fed up over problems  stemming from viruses
and spyware, some computer users are giving up or  curbing their use
of the Web."
      Mr. Menn had no problem finding people willing to talk to him
about  why they given up on the Net. Some of these people had been
online for many  years but 2004 was the last straw. Menn observed
that, "A small but growing  number of frustrated computer owners
are...giving up or cutting back their  use of the Internet,
especially at home, where no corporate tech support  team will ride
to their rescue. Instead of making life easier -- the  essential
promise of technologies since the steam engine -- the home PC of 
late has made some users feel stupid, endangered or just hassled
beyond  reason."
      We were certainly been made to feel stupid on more than one
occasion  in 2004, often by systems that had become so badly
infected that, after  hours of trying to reclaim them, we ended up
reformatting them. And we  heard this scenario repeated time and
again in conversations with friends  and colleagues, including the
CIO of one of the country's largest brokerage  firms who, one
fateful Friday night, agreed to help his neighbor fix the  family
computer. He started cleaning up the machine on Saturday morning, 
but by Sunday afternoon he threw in the towel. One piece of
malicious code  just couldn't be removed. So he reformatted the
machine, all the while  trying to explain to his neighbor why he, a
CIO, didn't know how to fix  this sort of thing.
      So, our prediction for 2005? The Internet defection trend will
increase and make front page news. More people will buy Apple Macs
in the  hope of avoiding the problems that beset Windows-based
machines, but Macs too will be targeted by viruses, worms, adware,
and phishing attacks. And industry leaders will talk more loudly
about the need for better user education as they attempt to prevent
any of the blame for the current state  of affairs from sticking to
their brands.
      [Chey Cobb, CISSP, wrote "Network Security for Dummies" and
has  provided computer security advice to numerous intelligence
agencies. Her  e-mail address is chey at soteira dot org. Stephen
Cobb, CISSP, wrote  "Privacy for Business" and helped launch several
successful security  companies. He can be reached as scobb at cobb
dot com.]

As someone who has used email in one form or another since the
1980s, online banking since 1987 (yes, CitiBank since 1987), and
gopher and the Web since their inceptions, I have a considerable
professional and personal stake in the health of the Internet.
Although as a Macintosh user I have been less at risk of viruses and
worms, the plague of spam has made a major dent in my use of email
as a professional medium. 

> industry leaders will talk more loudly about the need for better
> user education as they attempt to prevent any of the blame for the
> current state  of affairs from sticking to their brands.

Creating whole new industries out of the inadequacies of earlier
infrastructure, without ever really fixing any of it, is a
phenomenon worthy of the employment practices in Russia in the Cold
War era, all the more surprising on the golden shores of capitalism.
Or is it surprising? When customers can no longer make informed
choices because they no longer understand the complexities of the
goods on offer, or do not even have a choice because of monopolies,
and assuage their helplessness by large doses of fashion, then it
isn't really classical capitalism.

I share the authors' concern. --PJK


More information about the EAS-INFO mailing list