Four years ago, computer hackers mounted an attack that briefly crippled the busiest U.S. websites -- including yahoo.com and cnn.com. That virus first alerted U.S. law-enforcement officials to the vulnerability of the Internet. But the Internet remains wide open to attack, and some observers say it is only a matter of time before laws are passed that force computer users to protect themselves and, by extension, other users.
Washington, 15 January 2004 (RFE/RL) -- Like a jungle, the Internet is wild and free -- and occasionally dangerous.
Casual visitors to the World Wide Web often are flooded with unwanted pornography and e-mail advertisements. Worse, those who buy goods at store websites may unknowingly share their credit-card numbers with thieves. Many find their computers infected with Internet-borne viruses.
And some may even have computers that are being used without their knowledge to mount massive "denial of service" attacks -- the use of hundreds of thousands of computers to barrage targeted websites with data, causing them to collapse under the load. If a bank were subjected to such an attack, its customers might not have access to their savings. If a police department were the target, its communications gear might be rendered useless.
These scenarios would be unacceptable to society, according to Lance Ulanoff, the executive editor of pcmag.com, the website of the technology publication "PC Magazine." He told RFE/RL that he expects governments eventually to require everyone to protect his or her computer from viruses and other Internet attacks to keep the rest of the web stable. "Protecting your PC is becoming a national security issue, and at some point in the not-too-distant future I think that there are going to be laws revolving around the usage of antivirus and security [software] because, since everybody's interconnected now, a breach in the infrastructure, a breach in security, at one PC can adversely affect infrastructure at the highest levels," he said.
Ulanoff says it would probably be easy to ensure that all computers were protected. For example, he says, most new PCs now come with some form of antivirus software that could be updated regularly.
Ulanoff says requiring computer users to protect themselves -- and, by extension, everyone else -- is probably necessary. "There's going to be some trusted computing environment that is controlled -- probably unfortunately -- at the highest levels because that's the only way to ensure that we have a safe environment for people not only to compute in but to live in their everyday lives. Think about every place that computers touch," he said.
Steve Lilienthal is leery of regulation. He is the director of the Center for Privacy and Technology at the Free Congress Foundation, an advocacy group that works to limit regulation of U.S. technology. Lilienthal says that when government gets involved in setting standards, it tends to interfere with the creative process. "Are [government officials] actually going to determine standards for antiviral mechanisms now?" he asks. "And if they do that, does that actually inhibit some innovation?"
When it comes to security software, he believes it is best to let private companies or individuals develop different products and let consumers decide. In fact, Lilienthal says, U.S. consumers -- and even businesses -- prefer that the government keep a good distance from the web. "There's a lot of resistance in our own country just to taxing Internet transactions," he said. "That [proposal] draws a lot of heat in itself. But the idea of requiring antiviral mechanisms [to be installed in] computers -- to me, [this] sounds like it's an open door for law enforcement to come into your home and then see what's on your computer."
Peter Swire feels that something must be done to keep the Internet secure, but he stresses that legislation or other government intervention should be a last resort. Swire served in the administration of President Bill Clinton during the 1990s, helping develop policy on Internet privacy, among other projects. He is now writing a book on Internet security.
Swire told RFE/RL that the government and the private technology community are now working to educate users about the importance of safe Internet use. There is no current push for legislation, he says, because, by their nature, Internet-based attacks can -- and do -- change rapidly, far more rapidly than Congress could enact new laws on required software.
An alternative, Swire says, would be to create a kind of government regulatory agency to enforce rules that could be quickly updated. But he says even that has its drawbacks, such as putting more emphasis on security than on the positive aspects of the Internet. He said it might help overall computer security, "but it also might put security first when it comes to all the ways we use our computers and we use the Internet.... [And] there's electronic commerce and a lot of other good things we're trying to do with the Internet."
Erran Carmel, an associate professor of management and global information technology at American University in Washington, says governments should not wait too long to begin requiring computer security. "When the action of one person affects those around him, then each one of us has a responsibility to society. It's not just us. If we practice an irresponsible form of computing that negatively impacts the rest of society and the rest of the world, then, yes, we do have a special responsibility," Carmel said.
Carmel observes that requiring such security will add costs to owning a computer. For example, a reliable antivirus program can cost as much as $50, and subscribing to a service that keeps the software current to fight new viruses can cost an additional $30 a year.