People expect answers from security experts, but certainty is rare, says Ed Gibson.
This was by far the worst presentation I have attended this week. I was led to believe we were going to get answers, and Gibson only asked questions. If the chief security adviser for Microsoft doesn't know the answers to the questions he asked (about the best ways to protect children online), why waste our time? I wanted answers!"
Hmmm... not exactly the kind of inspiring critique I was hoping for.
I had just spent nearly an hour talking about the online "criminal environment" and Microsoft's responses to help law enforcement and general computer users. That meant the development of CETS (child exploitation tracking system), technical assistance given to the UK government agency Child Exploitation and Online Protection centre, and work with the Government to help educate computer users in how to be more safe online (www.GetSafeOnline.org).
Would he have preferred to hear that technology is not 100 per cent secure? Or was he someone who felt that if Microsoft would just create better software, his bank details would be secure, paedophiles wouldn't be able to "groom" young children and we would all have whiter teeth.
And then something unusual happened: the person who gave me that bad review approached me - and told me why. "All the things you talked about were good, but you didn't tell me what steps I should be taking with my kids when I go home. You kept asking us what we thought would be the best way forward. I expected answers. I expected you to give us at least a perception that something is being done."
What I clearly had not done was "personalise" my message, whether on issues such as protecting children against online predators or organised crime's surreptitious control of hundreds of thousands of computers (botnets) to extort, blackmail or destroy one's online business. Only when we are able to assess the risk associated with a particular activity do we feel at ease facing that risk.
Three thousand or so people were killed on UK highways last year, compared to 57 in the July 7 terrorist bombings. Yet, what do we fear most and focus considerable time protecting ourselves against? I had not given this guy anything he could take home to help him assess the risk to his children and family.
If only it were that easy. The internet "revolution", if you will, has brought social and economic prosperity to millions of people. You don't even need a plug or battery pack to communicate. A solar cell and satellite uplink may soon be the only "basics" one needs with a laptop to communicate with another, anyplace, anytime.
Unfortunately, this so-called revolution has also produced a unique breeding ground for all kinds of bullies, from child predators, spammers and scammers to organised crime. Add to this the prospect that it is not that easy to apply the same rules of law that govern the physical world to crimes that occur online and we have the ingredients for a perfect storm.
I hope you will come with me over the next 11 months on a journey into the cyberworld... and I'm not referring to binary code. I will sometimes give you peeks into a world that I have lived in for the past 20 years; glimpses intended to help you better understand why all computer users must take computer and online security seriously. And let's be clear, you may find the journey uncomfortable at times. But I give you my word, if you stay with me for the entire series of articles, you will arrive home with more than at least a perception that something is being done for you.
We'll begin this journey in the next issue. But be ready for our first stop! It isn't the likeliest place to start a journey into IT security: a second world war military bunker in the North Sea.
Ed Gibson is the chief security adviser to Microsoft UK. Prior to this role, he was a special agent with the FBI. He is a widely recognised lecturer on cyber crime and IT security.
If you have questions, want to vent some angst, or suggest issues you'd like Ed to talk about, e-mail him at EdGibson@Microsoft.com.