David Sternlight writes:
Here's the problem in a nutshell: Everyone who has looked at our systems, from Cliff Stoll
A *famous* security expert.
on to blue ribbon scientific commissions,
The last of which recommended that crypto be entirely deregulated.
Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors.
Defense is cheaper than attack in encryption because it is easier to make coherent information incoherent (see Usenet) than it is to make incoherent information coherent.
In such a case, where public benefits from government action greatly exceed public (taxpayer) costs, and the private sector cannot (or will not) act unaided, the classical basis for government action in the interests of the citizenry exists. It's the economist's "lighthouse" argument.
But since the Internet and the WANs and LANs that you are talking about are all "private value-added networks," the benefits of enhanced security a fully captured by the users of those networks and there is no "public goods" problems. (BTW, there were private lighthouses too.) Note too that major money center banks disagree with you. There was a recent article about the fact that they are not reporting computer intrusions and just fixing the problems themselves. They don't seem interested in official security "help" with all the disadvantages (publicity and security leaks) that it brings. DCF