[funsec] Cybercrime as destructive as credit crisis
rsk at gsp.org
Fri Nov 21 17:16:56 CST 2008
On Thu, Nov 20, 2008 at 05:26:22AM -0700, Bruce Ediger wrote:
> Just the other day, I read that something like 60% of all "cybercrime"
> investigations was for child pornography. How on earth can $60 billion
> annually be devoted to child pornography?
It's not. This is a huge overestimate, but it's one that will no doubt
be echoed by the press, just like the ones from The Cartel (the MPAA,
RIAA & Co.) about losses due to the content "piracy" and The Other Cartel
(the BSA, the SPA & their cronies) about losses due to software "piracy".
These numbers are not intended to be defensible, serious estimates:
they're intended to be talking points, as Mike Masnick over at TechDirt
has pointed out, more than once.
How do they arrive at them?
Well, pretty much, to borrow a line from Buzz Burbank, they make them up.
But as to whether 60% of all *investigations* are focused on CP?
I have no problem at all buying that. It's an easy target, especially
when suspects are crucified in the press the moment their arrest is
announced, *even if the evidence is pathetically weak*. Convictions
are easy based on circumstantial evidence and juries -- who lack even
baseline awareness of IT security -- will believe whichever geek-in-a-suit
takes the stand and gravely testifies for the prosecution. And notice
how these cases are always accompanied by lots of numbers: this many
magazines, this many photos, this many movies, whatever -- all to make
it look as big and significant as possible. And notice how often they
go after the folks *buying* it, and how rarely they go after the
folks *making* it.
Roughly along these lines, I think the canonical example of prosecutorial
misconduct, police stupidity, and jury idiocy would be the Julie Amero
case -- imagine how much worse that would have gone if CP had been involved.
(Although the recent cases of teens taking nekkid photos of themselves
and being prosecuted under CP statutes are arguably even more ridiculous.)
As I've said elsewhere (e.g, the NANOG list):
Law enforcement is almost a complete non-factor in dealing with
Action is erratic, slow and incompetent at best; it tends to only
happen when one of four things is true: (a) someone's running
for office (b) positive PR is needed (c) a government has been
publicly embarrrassed and needs a scapegoat or (d) someone with
sufficient political connections, money, and/or power wants it.
And even when it happens, it's ineffective: for example, token
prosecutions of spammers have done nothing to make the spam
problem any better. Multiple spyware vendors have settled their
cases for pitifully small sums and then gone right back to work.
Notice how fast authorities swooped down on the kid accused of fiddling
with Palin's Yahoo account. That's a (c) and (d) I think. The Amero
case was (a) and (b), at least. A number of spyware cases have been (b),
never mind that in toto they've achieved nothing. You can just about run
down the list of cases, with few exceptions, and tick off which factors
Now if we want to talk real economic damage -- then let's talk about
things like this:
Robert L. Borosage: Keep Dancing, Chuck - Politics on The Huffington Post
which makes the point (and cites sources) that the top five Wall Street banks
handed out 39 billion dollars in year-end bonuses last year (2007).
Not salaries, just bonuses. Not over the past century, just for 2007.
Not the entire banking industry, just five banks. $39 billion.
Extrapolation to the rest of the banking industry and then to the rest
of the financial sector is left as an exercise for the reader.
More information about the funsec