Laws on Online protection are behind the times

Implications: 1. It is difficult for law to keep up with quick changing business and technology. 2. People take advantage of the lag is consumer protection.

Analysis: Security problems in 2008 are looking a lot like security problems in 1988.  In 1988, you could post an ad in a newspaper selling fake copies of a copyright document that you had photocopied.  Or you could receive a fake chain letter and be tricked into giving away money.  In 2008, the same methods of fake emails, using copyrighted material to trick you into some action.

I sure do miss throwing away scams I received in the mail.  They were annoying just like the article mentions about those early misspelled emails. 

The problem today is the speed at which the law can be broken.  It is also harder to trace the fraud back to the originator.  And lastly, the fraud today is a global business.

The internet has made getting to things a whole lot more efficient.  And that goes for crime.  Crime can be very efficient.  I now get emails from friends one or twice a month warning me about some new cyber crime.  It is like the neighborhood watch, except the neighborhood is the internet.

The technology to trace information back to the source is much more difficult.  It was hard, but usually you could trace all paper mail back to the source mailbox or at least a post office.  With Cyber crime, this is difficult at best and sometimes impossible.  Even when you find the source, it could be someone's compromised computer that had nothing to do with the crime.  It would be unlikely that I would send money in an envelop to China, but a mouse click going to China (or anywhere) looks the same as anywhere else.  And tracking cyber-crime is not automated leaving investigators overwhelmed.

So what can you do as a CIO?  I know some companies have started to block access to sites such as facebook and my space.  Whether you decide to do so or not, I think it is important for CIO's to educate the user community.  Find ways to protect your data and block traffic being sent to unknown sites.  We often send out emails to warn out users of threats we hear about.  We view this as our duty in IT.  There are also some new companies that are starting up that use fake emails to test your user community to become aware of this type of fraud.

I remember learning the laws of how to stop post office fraud when I was in college.  The challenge today is that the laws are much more complex because of the new nature of the fraud.  So making laws is more complex.  This is not the first time this has happened.  During the beginning of the banking system, there was much crime that took people's money before the laws were written.  And labor laws were not written until well after the industrial revolution was underway.

So, as much as I would like to think the laws and protection should be solved in short order, I do not think this will happen.  The information revolution has created another period of time where the laws will be forced to catch up with the crimes that have occurred.  In 1988, they used to say, "let the buyer beware".  In 2008, the word is "let the surfer beware".  A CIO's job in 2008 is to remind the business user of this fact.