Erosion Threatening America: And it's not global warming

At the supermarket you try to buy fresh, natural produce. but you recently heard that more than 60% of the food on the shelves today likely contains GM ingredients (a recent survey said 80% of Americans want food labels to indicate the presence genetically modified ingredients but 99.9% of GM food it is not labeled as such).

In the meat aisle you look for some meat to grill at the weekend when friends come over to watch the game. You see some are Black Angus steaks on sale, but are vaguely aware that under USDA rules any beef meat can be labeled Black Angus if the animal has a "black hair coat". You just hope the steaks taste okay.

At the checkout you swipe your debit card and hope that there is not some malicious code in the store that is capturing your card details and shipping them offshore for use in fraud schemes (which was happening for a while at nearly 300 otherwise reputable grocery stores).

Come the weekend, you fire up the grill and settle in to watch the game, unaware that one of the teams has been illegally spying on its opponents for years. At half time a friend asks about an email he got from the IRS asking for bank account information so the agency could send his tax refund via direct deposit. You tell him the message is a scam and the IRS does not use email because it can't be trusted.

In fact, you have this growing feeling that there is too much that can't be trusted these days; surely this erosion of trust is not good for the country. As the second half of the game begins you find yourself surreptiously surfing the Web on your laptop, entering search strings like: trust economic payoff, trust erosion growth, and such like. You find a widely quoted paper from 1997 that showed trust having a significant impact on aggregate economic activity, specifically "the coefficient for Trust [...] indicates that a ten percentage point rise in that variable is associated with an increase in growth of four-fifths of a percentage point" (Knack and Keefer, 1997). You find another paper from 2000 that concludes "a ten-percentage point increase in the number of respondents revealing themselves as “generally trusting others” is associated with a rise of per capita income in purchasing power standards of three-fifths of a percentage point" (Van Puyenbroeck and Cherchye, 2000).

So, increasing trust within America by ten percent could actually provide a big boost to an otherwise sagging economy. Is that feasible? Consider the numbers in this IBM study. America's trust level is 36. The figure for the Netherlands is 55 and for Norway it's 65. The UK is at 44 and Ireland's at 47. In other words, if Americans had the same level of trust as the Irish, an annual GDP growth rate of 3% percent could be boosted to 3.8%. If we reached Dutch levels of trust, that 3% GDP figure could be 4.6%. And if we achieved Norway's trust level, we could hit 5.4%, a veritable powerhouse of growth, achieved not by raping the land and ruining the environment and hogging resources, but by engendering trust between individuals and institutions.

Child Porn: Why One Man's Innocence May Worry IT Managers

Computer security news out of Massachusetts this week could be a sign of big troubles to come for IT managers in enterprises, government agencies, and SMEs, in the U.S. and around the world. It's not a virus or worm or Trojan as such, although they may be involved. No, it's a case in which an innocent man lost his job and his reputation, and may now win a landmark suit against his former employer. Why? Because he was fired for having child pornography on his company laptop without adequate forensic evidence that he put it there.

The case of Michael Fiola could become a landmark of sorts, although some observers seem to have missed the point I'm going to make: Any employer considering taking action against an employee, based solely on what is 'found' on an employer-issued computer, must have solid forensic evidence to justify that action, and preferably be in a position to justify the action on additional, non-forensic grounds. Why? Because failure to do so could have serious consequences.

Legal Precedent, the CIO/CISO Remit, and Indian Affairs

Q. Have you spent much time at the U.S. government's Bureau of Indian Affairs web site lately?

A. No.

I didn't think so. Because, when you go to it's not there. According to a recent news story that may be about to change, but don't hold your breathe. There hasn't been a web server at for most of the past 7 years. Why? The short answer, which I consider to be highly instructive to Chief Information Officers and Chief Information Security Officers everywhere--inside the government and out--is this: "Because the judge just said No."

Allow me to elaborate. Back in 2001 a judge told the BIA to take its site off the Internet because it was not secure. And, in a judgment that strikes me as a brilliant application of commonsense, he added: "Don't put it back until it's secure."

How does a judge determine if a web site is secure? The same way that the Federal Trade Commission does: submit it to examination by an objective, independent third-party who is suitably qualified, such as a CISSP (Certified Information System Security Professional). And that's what the BIA did, in 2003, and again in 2004. Basically, the BIA kept reworking its systems to try and achieve a standard that I like to call "secure enough." That means the site can withstand all of the obvious, predictable and realistically feasible attacks.

And that pretty much sums up the real world standard used by site like and For example, a site won't fail the "secure enough" standard just because it's encryption could be defeated by a brute force attack that would take $50 million super-computer to execute. A site will fail if it is found to be vulnerable to a known cross-site scripting attack or a SQL-injection hole that was patched six months ago.

Well now there is a Court Order permitting Internet reconnection for Indian Affairs and the agency is "on the path to full reconnection to the Internet." Note that this is not happening because the judge's security experts gave the site a clean bill of health. On the contrary, the United States District Court for the District of Columbia Circuit and agreed with the agency that the judge was out of line when he issued the Consent Order Regarding Information Technology Security that suspended the site back in December, 2001. So, the court gave permission for the "information technology systems of the Bureau of Indian Affairs (BIA), the Office of Hearing and Appeals (OHA), the Office of the Special Trustee for American Indians (OST), and the Office of Historical Trust Accounting (OHTA) to be reconnected to the Internet." It will be interesting to see how long that takes, and how secure the site proves to be, in a real 'real world' test.

In the meantime, companies might ponder how they would fare if all Web sites had to pass a security review before they were allowed to go live.

Anti-spam: A Stephen Cobb Podcast

A couple of months ago I recorded a 15 minute, interview-style podcast with Brian Kraemer of TechTarget on the subject of spam, then I promptly forgot about it. Well, today I remembered and figured I would embed it in a blog post.

For those who prefer a direct link to the original MP3 podcast file, all 14 megabytes of it, here it is: Cobb on Anti-spam.

I hope you find it useful listening. The target audience was mid-market CIOs (that is, Chief Information Officers at companies with 100-5000 employees or revenue up to $1 Billion). But I think it would be of interest to most SMEs (that is, small-to-medium sized enterprises). Finally, here's a link to the podcast on the TechTarget site.

Freelancers Unite! A way to get health insurance and a voice

If, like me, you've worked as a freelance writer (or coder, developer, editor, consultant, etc.), then you know the pain of trying to get affordable health insurance for yourself and your family, of trying to get paid on time, and generally trying to get the respect you deserve [to say "America runs on freelance labor" would not be an exaggeration].

Now there's an organization that is uniting freelancers to get action on some of these items, most notably health insurance. It's called the Freelancers Union and actually has been around since 1995 when Sara Horowitz, a former labor lawyer, founded Working Today. This was renamed Freelancers Union in 2003 to better reflect its expanded role, which includes lobbying on issues of concern to freelancers (the union received 501(c)4 status in 2007). The original focus was to serve freelancers in New York City but the group is now on a national membership drive. The timing could not be better, with a lot of people being laid off from salaried jobs and rates for individual health insurance is now higher than house payments in many states.

That's right, according to the Census Bureau, the median monthly housing cost was below $1,200 in 20 states in 2006 and $1,200 which the monthly premium we were paying for basic husband/wife BlueCross coverage, no dental, no optical, limited hospital benefits, with a large deductible and hefty copays; that was until we dropped our coverage because we couldn't afford it, which is not unusual for many baby boomers who are now in the health insurance 'dead zone' i.e. too young for Medicare but old enough to have acquired a few health problems and thus really hammered by rising premiums.)

Checking over the web site it appears that Freelancers Union's health insurance rates are about half those for individual plans. Definitely worth checking out if you freelance.

The End of the Internet As We Know It?

Could the day be approaching when blogging about how much you dislike the Church of Scientology or a certain political candidate gets you knocked off the net? Or worse, a heavy knock on the door?

Love it or hate it, the Internet of old appears to be on its way out. A few years from now, two recent news items, when taken together, may reveal a turning point. Most recent was the agreement of several major ISPs to censor Internet traffic. New York Attorney General Andrew Cuomo has coaxed Verizon, Time Warner Cable and Sprint into dropping the long-accepted notion that ISPs are immune from liability for content posted by users, much the same way that phone companies have eschewed liability for what people say in phone calls and, to get historical about it, printing machine makers took no responsibility for what was printed with their presses. This principle, that the carrier is not responsible for what is carried, is even established in law, notably under the 1996 Communications Decency Act.

But as David Kravets, writing at observes, under the Cuomo deal, "the ISPs seem to acknowledge a moral role in policing the internet."

An Historic Night for America, Great Hope for the Future

One month shy of the 44th anniversary of the signing of the first civil rights act, the headline from New York Times says it all: Obama Claims Nomination; First Black to Lead a Major Party Ticket.

We've come a long way! And we need to acknowledge that a lot of younger voters are a big part of what made this happen, and that really is a welcome dose of hope for the future.