SEATTLE—Save the consumers, save the world. At least that’s what online and security experts at the Authentication and Online Trust Alliance Summit 2008 project as they continue to emphasize the industry-wide imperative of earning consumer trust and fighting cybercrime. To win this battle, businesses need to invest in five core objectives: law enforcement, leadership, education, collaboration, and partnerships.
"Trust" is the goal and it is marked by:
- integrity: Doing the right, and legal, thing;
- expectation: Giving consumers what they expect;
- obligation and responsibility; and
- user consent.
When Rob McKenna, Washington State Attorney General, came into office in 2005, there was one person working part-time in the high-tech unit. Since then, the team has expanded to six full-time employees, split into two divisions: criminal justice and consumer protection. "The Internet is still the Wild, Wild West," McKenna told the audience yesterday morning. "Our goal is to train 50 new ‘sheriffs’ to bring some enforcement, discourage fraud, [and] increase consumer confidence [in the Internet]," he added—whether it’s for research, recreation, or e-commerce.
"How many of you know what ‘a/s/l’ stands for?" McKenna asked. Only a few people in the audience raised their hands. When he asked the younger generations, he said, more than half of the room knew what it meant. "We have to recognize that kids are becoming active [on the Internet] in ages that are younger than we realize," he said. Therefore, education isn’t just an option to McKenna—it’s a necessity.
McKenna argues that Internet education should be incorporated into a student’s curriculum from the day they’re in kindergarten until they graduate high school. One of the challenges in fighting cybercrime is rooted in this ignorance. "If we could get consumers to stop responding to these emails, then we can get much farther," said Sana Coleman Chriss, attorney and spam coordinator of the Federal Trade Commission (FTC).
The vibe of conference felt like one big reunion. "That’s why I know everyone," said Des Cahill, chief executive officer of email reputation management services provider Habeas in an interview, "We’ve all been working together on this for years." To Cahill, and others, it’s an obligation that spans the entire industry and it’s coming down to the good guys versus the bad guys.
"United we stand, divided we fall," said Michael Barrett, chief information security officer at PayPal. If we don’t act now, he said, "the bad guys are going to take the Internet away from us." Experts all around echoed this sentiment—security should not be used as a competitive advantage. Share the knowledge to ensure that you, your partners and your consumers are protected.
Aligning with this effort, businesses are encouraged to increase their partnerships not only with other businesses in the industry, but with the law on international, federal, state, and local levels. Moreover, there are alliances companies can join, such as the Anti-Phishing Working Group (APWG), as well as programs established by trusted security vendors like Microsoft and Symantec.
As awareness surrounding Internet safety and security increases, experts hope the World Wide Web will be viewed as a safer place for businesses to interact with their consumers. Industry standards, however, have yet to be set, let alone become widespread. Moving on, businesses still have to iron out to what degree an information breach warrants the attention of its customers; Investors will have to understand what a company’s security plan is before putting money into a venture; and exit-strategies in the event of a security breach, or a shopping cart violation, will have to be a corporate requirement.