Business Technology: Asinine Florida Law Undermines Efforts
Perhaps it's time for us to initiate some public advocacy concerning outdated and asinine laws that run counter to our own anti-cybercrime efforts, Bob Evans says.
Y'know, I'm completely serious when I say I don't want to turn into the neighborhood grouch. I do not want to be the scowling frump that puppies growl at and kids run from, the sourpuss who pours curmudgeon powder into the water supply.
This one's about a need for you to add another high-priority item to your already-jammed To Do list. This one's about your best efforts going for naught because we have 19th-century laws in a 21st-century world. This one's about possible repercussions that could render useless a great deal of what you and your team have been fighting for over the past few years.
With the ongoing and often turbulent spread of technology into every part of our lives, in combination with the related concern about how those advances will affect privacy, you would think that even our national and state legislators couldn't possibly screw things up. Just look at the juicy list of electronic vermin they could pursue: the recent and disastrous releases of confidential customer data; the rapidly spreading epidemics of spamming, phishing, spyware, adware, viruses, pharming, worms, and other cyberterrorism; hypersensitivity over RFID advances and deployment; fear about video surveillance; and other concerns that have gotten incredible visibility in the past several months. Talk about a setup: how could any lawmaking and deliberative group eager to show that they're looking out for their constituents not be able to do something -- anything -- at least mildly effective against such no-shades-of-gray bad guys?
How indeed. Well, it seems the state of Florida and the Federal Trade Commission have, in spite of substantial odds, come up with a way to aid and abet the loathsome bastards who are using cyberterrorism to steal from and cause other harm to American businesses and consumers. As my colleague Tom Claburn wrote last week about Creaghan A. Harry, "The accused spammer and perpetrator of fraud, based in Boca Raton, Fla., has agreed to settle charges brought against him by the Federal Trade Commission for $485,000, less than a tenth of the estimated $5.9 million consumer injuries the FTC attributes to his sham anti-aging and weight-loss products."
But, you might say, a fine of almost $500,000 is a pretty big hit, right? Well, not when you consider that this cyberslug has an estate valued at $2.4 million. So why doesn't Florida and/or the FTC do whatever's necessary to take all or most of that estate to make at least partial restitution to the thousands of people Harry bilked, rather than settling for less than 10% of the damage and loss he caused?
Claburn explains it this way: "Harry gets to keep the bulk of his $2.4 million estate thanks to Florida's homestead and asset-protection laws. Though the Bankruptcy Abuse Prevention and Consumer Protection Act of 2005, signed into law in April, includes homestead-protection limitations that might have enabled the FTC to seek more of Harry's assets, the agency decided in a 4-to-1 vote not to risk the almost half-million-dollar settlement for a potentially larger sum."
Claburn continues: "Steven Wernikoff, staff attorney for the FTC, notes in an E-mail message that the agency based its monetary judgment on the defendant's ability to pay. 'The Florida homestead exemption protects a primary residence from most involuntary liens regardless of the circumstances,' he writes. 'Thus, Mr. Harry was left with some equity in his homestead. This exemption frustrates the ability of the commission to obtain maximum recovery for consumers.' "
Intermix Media said it would pay $7.5 million to settle the lawsuit brought by New York Attorney General Eliot Spitzer that claimed the Los Angeles Internet marketing company illegally distributed adware. The news, along with an announcement of strong revenue, jumped the firm's stock by more than 12% in trading early Wednesday.
So that's the state of the law in Florida, eh? Under this law -- this "justice" -- the "rights" of this cybercriminal clearly outweigh the rights of the victims he defrauded to the tune of almost $6 million. This situation begs for the global and timeless perspective of a keen legal mind whose insight has been noted before in this column: in Charles Dickens' "Oliver Twist," the detestable charlatan Bumble the Beadle, when informed that a certain facet of the law will finally take him down for the wrongs he has done, says, "If the law supposes that, then the law is a ass, a idiot!"
We all recognize that cybercrime and cyberterrorism are bad, and are getting worse -- very quickly. As we take steps to protect our own companies from cybercrime, and as we take further steps to protect our customers from the repercussions of such crimes, perhaps it's also time for us to initiate some public advocacy concerning outdated and, yes, asinine laws that run counter to those anti-cybercrime efforts of ours. No matter how hard law-enforcement officials work to help us identify, pursue, catch, prosecute and punish cybercriminals, if those same criminals end up with wrist-slaps because of antiquated and/or stupid laws, then the problem falls right back in our laps. And we are left once again with an expensive internal problem to patch, and a disastrous customer experience to try to overcome. In today's hypercompetitive business world, that is a guarantee of failure.
It's preposterous to think that Creaghan A. Harry will cease and desist in his life of cybercrime because of this absurdly small financial penalty. The basic laws of economics tell him -- and us -- that he'd be a fool to do so; just look at the numbers. His revenue was $5.9 million, and let's say he was an effective manager and was able to keep about half of that, or $3 million, in profit. So the legal cost to him for that $3M windfall is a fine of about $500,000, leaving him free and clear with $2.5 million. With useless laws like Florida's the only thing between him and more cybercrime, why in the world would he stop?
But we know he won't stop. And he won't stop because the Florida law is an ass. And it will remain an ass until legitimate businesspeople use their hard-earned clout to bring about new legislation that punishes in full measure these cyberfrauds and cybercheats whose current set of tools include not only the dark side of technology but also the dim side of laws like Florida's that protect the criminal and punish the victim.
To discuss this column with other readers, please visit Bob Evans's forum on the Listening Post.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.