The Google-SOPA-PIPA-DNS-Copyright-Oil-and-Gas Link

What does copyright infringement have to do with scraping oil from the bottom of a barrel and an acronym soup like SOPA, PIPA, DNS and DNSSEC? The answer lies with Google, not the search engine but the company.

More specifically, the answer lies with Google's Executive Chairman, Eric Schmidt, who said the following at the University of Minnesota last week when asked about legislation (SOPA/PIPA) which would--in the name of protection against copyright infirngement--give the U.S. government the power to mess with the Domain Name System (DNS) that forms the backbone of the Internet:
“There are a whole bunch of issues involved with [SOPA] breaking the Internet and the way it works. The correct solution, which we’ve repeatedly said, is to follow the money...Making it more explicitly illegal to make money from that type of content [pirated movies, software, or other counterfeit goods] is what we recommend.”

Mr. Schmidt is entirely correct, and I love the expression "making it more explicitly illegal to make money from..." because it covers a range of actions that governments and law enforcement agencies can take without interfering with the way the Internet works.

For example, the act of distributing pirated movies would be more explicitly illegal if the pirates were identified, arrested, extradited or extracted, imprisoned, tried, convicted, and given 20-year sentences in maximum security facilities without the possibility of parole. The same goes for the makers of malicious software. Let's put a bunch of them in jail with long sentences and see if that reduces the malware problem.

I just don't see a downside to this hardline approach to making something like software piracy or handbag counterfeiting "more explicitly illegal" except that some people will say it costs too much money. Au contraire, if you do this right it will actually make a lot more money than it costs. Consider the numbers put out by supporters* of the Stop Online Piracy Act: "IP theft costs the U.S. economy more than $100 billion annually and results in the loss of thousands of American jobs" (The Austin Statesman).

If you gave me a budget of one percent of that amount ($1 billion), I would most assuredly, and within a period of 12 months, reduce the cost of that theft by at least 15 percent ($15 billion). In other words, backing the effort to crack down on piracy to the tune of $1 billion in fresh money would pay huge dividends, save thousands of U.S. jobs, and actually create jobs (without messing with DNS).

Why am I so sure of this? My answer is not a lot of hot air, but it is a bit oily, as in petroleum production taxes. Thirty years ago I was criss-crossing America auditing the state oil and gas taxes paid by petroleum companies, firms with names like Koch, Hess, Ashland, Texaco, and Hunt. During that time I learned a lot about the ways in which we humans try to cheat each other.

Consider the sludge that forms at the bottom of a crude oil holding tank such as you see next to wells in oil fields where the wells are not connected to a pipeline. Some of that sludge is recoverable oil and, from time to time, someone goes into the tank to suck it out. How much of the sludge is oil? How much gets pumped out? Where is it taken? How much of it gets there? These are all points in the oil production process where numbers and readings and measurements can be fudged, to the advantage of one party and the disadvantage of another.

Not that every case of missing petroleum tax dollars was a case of cheating. Oil companies were sometimes being cheated by employees and contractors. And every time the production output of a well is understated that also cheats the royalty owner, the person who owns the mineral rights to the land from under which the oil and gas is being extracted.

Operating on a shoe string budget my auditing team raked in millions of previously unpaid taxes within the first 12 months of operation. We used no new laws or fancy gimmicks. We just followed the money, which is what Eric Schmidt is saying when it comes to cracking down on copyright infringement. In oil production areas you don't close down the roads in and out of every county where production is apparently going missing. You go to the top of the organization, the people getting the money, and you figure out how they came by it. You examine the paperwork. You audit the heck out of the operation. If the organization is shady, you shed light. If it is in another country then you remind that country of our mutual interests.

We have already seen positive results when private dollars are used to help enforce public laws, as in the Microsoft and Pfizer funded action against the Rustock botnet. (If you're wondering why a drug company got involved, read the story, it really is a big deal.) So why not an anti-infringement posse formed and funded by the likes of Google, eBay Facebook, and Yahoo! The backers of Protect Innovation could really make a lot of friends in high places, and on the High Street, if they were seen to spearhead a new effort to put cyber-criminals behind bars.

* Note: Here are some of the fine companies and trade groups that back SOPA (I respect and admire many of them, I just think they are wrong about SOPA): National Cable and Telecommunications Association, National Association of Manufacturers, Pharmaceutical Research and Manufacturers of America (PhRMA), Business Software Alliance, Screen Actors Guild (SAG), the U.S Chamber of Commerce, Independent Film & Television Alliance (IFTA), National Association of Theatre Owners (NATO), Motion Picture Association of America, Inc. (MPAA), American Federation of Musicians (AFM), American Federation of Television and Radio Artists (AFTRA), Directors Guild of America (DGA), International Alliance of Theatrical Stage Employees, (IATSE), International Brotherhood of Teamsters (IBT), Comcast/NBCUniversal, National Songwriters Association, the United States Conference of Mayors, National Sheriffs' Association, International Brotherhood of Electrical Workers, International Trademark Association.

Security and Privacy Links: Marketing cybersecurity

As some of you know, I hit the ground running when I landed in San Diego at the beginning of September, happy to be back in California, wrestling with my first love, information security.

Okay, so that prose was a trifle purple--not to be confused with a delicious purple trifle--and information security is not, strictly speaking, my first love.

But hopefully you get the point: I was ready to up my game in the fight against digital malfeasance after three fun years focused on the marketing of marketing software to marketers (three highly successful years, I might add, because the marketing software, Monetate, was clearly headed for best of breed from day one and can now be found on major websites from PETCO to QVC).

There were a number of happy congruencies in this latest development. My marketing skills had been honed, my marketing experience broadened, just in time to sell a fresh message of cybersecurity awareness to a deeply digital world. That message goes like this: "The bad guys are badder than ever, better funded, more organized, but there are simple steps we can all take to make cyberspace a lot safer tomorrow than it is today."

For me, this was just the right time to run into ESET, a Slovakian company with a growing presence in North America and a strong commitment to the public good, as evidenced by a pioneering community initiative called Securing Our eCity. I spend part of my time working on this initiative and the rest on research and publication, in all its forms, including blogging, tweeting, and speaking. Here are just a few of my efforts so far:

On TV:



Speaking:



Quoted:



Published:



Bonus Security Video: Malware Delivery Scam: