"Despite progress, greater efforts are needed in the fight against cybercrime." That's how the Business Software Alliance summarized a town meeting that the software industry interest group hosted today at the 2007 RSA Security Conference in San Francisco.

It's a fair statement that deftly avoids disconnect that could been seen between federal officials and the security experts on the discussion panel. Greater efforts are needed, but from whom?

Clearly, something needs to be done. The Federal Trade Commission on Wednesday released its list of the top consumer complaints for 2006. For the seventh year in a row, identity theft led the list with 36% of the complaints, at least five times more than the next complaint-generating categories: shop-at-home/catalog sales; prizes, sweepstakes, and lotteries; Internet services and computer complaints; and Internet auction fraud.

In the question and answer session that followed an address by FTC chairman Deborah Platt Majoras, Marc Groman, the FTC's chief privacy officer, and Christopher Painter, principal deputy chief of the U.S. Department of Justice computer crime and intellectual property section, enumerated some federal success stories and argued for improved consumer education to combat online fraud.

Ira Winkler, president of the Internet Security Advisors Group, more or less said that consumer stupidity was incurable and argued for at least a 10- to 15-fold increase in federal cybercrime enforcement budgets, the integration of security and infrastructure, and criminal penalties that are greater than the profit enjoyed by successful identity thieves.

"Why aren't the ISPs doing more?" Winkler asked, a question that brought applause.

The other non-government panelist, Robert Maynard, an ID theft victim and the founder and COO of online security firm LifeLock, used more measured rhetoric to argue for prevention in addition to enforcement. He did, however, allow that consumers are easily confused with regard to identity theft.