Did a Microsoft VP really suggest an Internet tax for cybersecurity?
In a keynote speech to the RSA security convention in San Francisco on Tuesday, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney, spoke to the issue of whether a global organization on the order of the World Health Organization or the Centers for Disease Control -- a public/private cooperative -- should be established to help secure the Internet and its billions of users worldwide. During that speech, Charney tossed out a number of ideas as to how such an organization could conceivably be funded.
A transcript of Charney's comments verified by Microsoft for Betanews this afternoon indicates that he suggested such an organization could conceivably be charged with the task of empowering government regulators in member countries to impose restrictions on the behaviors of enterprises and Internet users whose policies endanger global Internet users at large.
Bracketed additions in the comments below were added by Betanews for clarification.
"The attacks are happening at light speed; we have to respond at light speed. So, we should think about inspection and quarantine," Charney told the RSA conference attendees. "Now, there are some obvious questions. Why should we be doing this for people? Will people accept it socially and politically? Well, we've done it with smoking. People used to smoke, and we said, look, you're going to kill yourself, but if you want to die, go ahead. You're causing cost to the health care system; we'll eat those costs, go ahead and kill yourself. Then, of course, the EPA [US Environmental Protection Agency] comes out with secondhand smoke [regulations]. Suddenly, smoking is banned everywhere. You have a right to infect and give yourself illness, you don't have the right to infect your neighbor.
"Well, the computers are the same way. We've told people run anti-virus, patch, backup your data. But if you don't do that stuff and you lose all your stuff, that's a risk you can accept. But today you're not just accepting it for yourself, you're contaminating everyone around you, right?" Charney continued. "And we do this in other areas like vaccinations. If you have kids who go to public schools, they get vaccinated or they don't go. We do those under enforcement."
That probably would have been the set of comments that generated the most headlines, had it not been for where Charney went from there: How would such an organization be funded?
"And then there's a question of who would pay for that," he said. "Well, maybe markets will make it work, but if not, there are other models: use taxes for those who use the Internet. We pay a fee to put phone service in rural areas, we pay a tax on our airline ticket for security. You could say it's a public safety issue and do it with general taxation."
Spokespersons for Microsoft did not make attempts to clarify or restate Charney's comments this afternoon, nor did they try to align his points of view with, or disassociate them from, those of the company. They did point out highlights, though they declined to elaborate. One of the highlights they did point out was Charney's suggestion of "general taxation."
The reason those comments rang a bell with Washington insiders yesterday was because, on the same day as the speech, Sen. Dick Durbin (D - Illinois) convened a hearing on the very subject of government involvement in compelling companies, especially software firms and Web publishers, to abide by a common code of conduct in their Internet affairs. During the hearing, Sen. Durbin said he was drafting legislation that would, in his words, "require Internet companies to take reasonable steps to protect human rights or face civil or criminal liability."
A spokesperson for Sen. Durbin told Betanews this afternoon that the draft legislation remains in its early stages, and is not yet ready for public distribution.
While adherence to human rights codes may not be considered in the same department as security policy, inevitably, the topic of privacy protection will breach the boundaries between those departments, casting a spotlight onto issues such as how well databases with personally identifiable information are protected from outside sources. Durbin specifically cited the Global Network Initiative as a model for the code of conduct he would like to see implemented; and in explaining how little respect that code gets, he said that of the GNI's many members, only three private companies have bothered to embrace it thus far: Google, Microsoft, and Yahoo.
The parallels between the two events were difficult to ignore, leading some to imagine the possibility of a multi-national organization with CDC-like power to order the quarantine, as Charney put it, of offending Internet-using enterprises.
But some of the other comments Charney made during the keynote -- those in-between the highlights Microsoft's spokespersons pointed out to us -- suggest that he may very well have been speaking extemporaneously. Perhaps in recognition of the importance of his previous words, Charney halted his train of thought, and rambled in search of a new one.
This is how Charney wrapped up his topic before proceeding to the subject of cloud computing: "And there's also a good role for government here. If access providers are going to scan for content, what content can they scan for, if you want to protect networks and you have to limit the activity to network protecting activity, not worry about copyrighted material or speech or other kinds of things. But we do have to innovate, and this example gives you another reason to constantly think about alignment, and how would you get social acceptance, political acceptance, find the right economic model, and have IT, which does do, of course, things like NAP and NAC today, how do we use IT to achieve these objectives. So, we have some interesting opportunities here."
He may have been searching for the phrase, "Let's move on, shall we?" And perhaps that's something CEO Steve Ballmer might have said if he had shared the stage.
8:05 pm EST March 4, 2010 · This evening, after the initial publication of this story, a Microsoft spokesperson contacted Betanews to say Scott Charney did not intend to suggest the creation or imposition of a tax to pay for a global or government cybersecurity initiative.
"Scott Charney did not suggest a new Internet tax to fund cybersecurity programs. As part of his keynote at RSA he recommended that the industry and government look at developing the equivalent of the World Health Organization to combat malware on the Internet," the spokesperson said. "Within this context he mentioned the need to explore how to develop a sustainable funding model for this initiative, not suggesting that any particular funding model is best."