I received one of those reports by serious economists commissioned by serious security firms for serious money. You’ll know the sort I mean. They state that if only we adopt this technology, or stop those bad practices, or prevent these bad people, then we’ll create this huge amount of wealth: probably enough to pay off European and North American national debts in just a few years.
Well, with all due deference and respect: baloney. You cannot create wealth. You can print or mint money – but that’s not wealth. Money is nothing more than a promise that is continually broken through inflation and devaluation.
I want you to consider the nature of wealth, and where it comes from. It is represented by money, but it is not money. It comes from trade. But where does trade come from? It comes from surplus food production.
Think about this. If you couldn’t go to the shops to buy food, you’d have to spend your time farming, hunting or gathering. It’s only because our farmers produce more food than they need for themselves that the rest of us have time and capacity to engage in manufacturing and trade. The better we are at the trade that is allowed by surplus food, the wealthier we become. There is, therefore, a direct relationship between wealth and food surplus: in fact, wealth equals food surplus. That is, there is a finite amount of wealth in existence at any time; and it is proportionate to the food surplus produced by the farmers.
If you think I’m wrong, try this thought experiment. Think of any industry you like, and imagine it ceases to exist for a year. Will the human race survive? Now cease all food production for a year. Will the human race survive? Quite simply, nothing whatsoever can increase wealth unless it increases or improves food production, upon which all else is built.
So what are the economists on about? ‘Economy’ as a science is simply the explanation for, and sometimes the facilitation of, the redistribution of the food surplus. Adopting this new technology will not increase wealth, it will redistribute what already exists. The difficulty with this approach is that if everybody adopts the new technology, then it will redistribute nothing – everything remains the same. That doesn’t mean you shouldn’t bother with the new technology; because if you don’t and your competitors do, then they gain advantage and the redistribution of wealth is from you to them. You lose.
So this is the contradiction in economic predictions. Adopting a new technology will not create wealth for you. It might redistribute the wealth of your competitors to you if you adopt and they do not; or it might redistribute your wealth from you to them if they adopt and you do not. It’s just a carousel of fallacious wealth – and the only group virtually guaranteed to accrue other people’s wealth are the eCONomists themselves.
Rob Wainwright, director of Europol and once a leading figure in SOCA, has “briefed a Lords EU sub-committee on plans for a European cyber crime centre.”
It could operate along similar lines to America’s Internet Crime Complaint Center (IC3), a joint venture between the FBI and the National White Collar Crime Centre, which for the past 10 years has allowed victims of cyber crime to make a complaint online.
BBC: EU could turn to ‘crowd sourcing’ in cyber crime fight
But it is likely to go much further:
Europol strategic analyst Victoria Baines later explained to BBC News that the organisation was interested in eventually using a form of “crowd sourcing” to gather examples of suspected cyber crime so it could build up a fuller picture of illegal activity.
This would involve concerned net users scouring the net for possible examples of crime and reporting it, possibly through a dedicated website.
This scares me more than I can say. The idea that a million anoraks with a computer but no life will start a new pastime of cybernet-curtain-twitching is a little scary. Reporting a crime perpetrated against you is one thing; reporting an acquaintance who appears to be sending you pornographic material is something else. If security experts have difficulty tracking down the genuine criminals on the internet, how on earth will Joe Bloggs succeed? What will Europol’s software – you know, the stuff that seeks to find links and connections – make of a couple of false accusations, a subscription to Freeview’s adult channels, and a phone call to a friend who is the friend of someone under different surveillance, come up with?
We’ve had crowd sourcing before. The crowd was the FBI – and look what a mess the UK police made of Operation Ore:
New evidence I have gathered for my work as an expert witness in defence cases shows that thousands of cases under Operation Ore have been built on the shakiest of foundations – the use of credit card details to sign up for pornography websites. In many cases, the card details were stolen; the sites contained nothing or legal material only; and the people who allegedly signed up to visit the sites never went there.
Duncan Campbell, Guardian: Operation Ore flawed by fraud
I really hope that Mr Wainwright does not get his way in this. Crowd sourcing is no replacement for old-fashioned policing and genuine evidence. And, frankly, I don’t want to live in this Stasi-inspired shop-your-neighbour Orwellian society SOCA and Europol seem to want for us.
When I was younger, with one foot on the corporate career ladder (before I subsequently fell off, permanently) we had what I thought was an American joke: if you came into the office in the morning and your desk was bare – no phone, no computer, no nothing – you’d been sacked. But it wasn’t a joke. It was the physical effect of material de-provisioning; and a necessary part, along with the security guard escorting you off the premises, of letting people go.
Somewhere, with the evolution of the cyber office, we have forgotten the importance of de-provisioning – of cancelling online accounts, removing passwords and restricting access immediately on termination. There is a second line of defence. It’s the courts; and Bank of America has won a court injunction temporarily blocking use of its data by four ex-employees.
Bank of America Corp. won a court order temporarily blocking four former employees from using and sharing the bank’s client records at their new employer, New York-based Dynasty Financial Partners.
Bank of America Wins Order, Ex-Workers Can’t Take Data
The problem is that this smacks rather of stable doors and horses, or genies and bottles. The courts are no alternative to adequate staff provisioning and de-provisioning. Kurt Johnson, vice president of strategy & corporate development at Courion, whose AccountCourier product does just this, comments:
This is not just another “employee gone bad” story; it’s a reminder to companies that if the proper access controls and monitoring tools are not put in place to protect sensitive data, they could suffer significant financial and operational losses.
Companies need to be one step ahead of a departing employee. In letting these staff members go, all administrative controls should have been shut off and changed immediately so that there was no opportunity to gain access to these sensitive files. Leaving even a short time gap between notice of termination and closing accounts creates vulnerabilities. For example, the Ponemon Institute has reported that 59 percent of terminated employees admitted to stealing confidential company information so the Bank of America is not alone. Implementing an automatic de-provisioning process is the only way to confidently avoid glaring lapses in security when your company’s data stores are vulnerable to attack.