Spoutin' Off Bonus Column

Spammer's conviction overturned leaving us all less secure

By Michael Rau

September 27, 2008

It's kind of sad just how insecure I feel these days.

If you've been reading this column for a while, you know that I've followed the case of Jeremy Jaynes, considered by many in his heyday to be the world's most prolific spammer, as he was prosecuted and convicted under Virginia's tough anti-spam laws.

Jaynes was sentenced to nine years in prison, and I rejoiced in his downfall, while pointing out how rare it was to successfully interrupt a dedicated spammer.

Well, it seems the celebration was a bit premature. Jaynes’ conviction was recently overturned by the Virginia Supreme Court. It seems our lawmakers passed a law that couldn't pass constitutional muster, so Jaynes, who has never denied his insidious activity, will go free on a technicality.

This is just another example of the utter failure of our government to protect us from the daily personal terrorism of being spammed and attacked by malware. Our lawmakers have had an utterly indifferent, laisez faire attitude to this issue. They just don't seem to grasp the risk.

CAN-SPAM, the body of federal legislation, ostensibly designed to protect us from such malicious behavior, has proven to be the joke that many of us said it was at the time of its passage.

There are anti-spam laws of one type or another in most states now, but they're very weak and enforcement is virtually non-existent.

Now, maybe you're wondering why I keep making such a stink about this issue. After all, it's just a little spam, right?

I suppose I've never successfully expressed how profoundly I feel that this lack of concern at the highest levels of our representative government is symptomatic of a much larger problem. What has to happen for them to take it seriously?

If having scum like Jaynes clogging up 90% of the network with their effluent won’t do it, how about this:

Published reports over the last couple of years have pointed out that many of the most sophisticated spam and malware operations are now centered offshore, with a large proportion coming out of Russia and strong indications that Russian organized crime has been financing, and profiting from the operations.

Other well-documented investigative reports have pointed out the apparent ties between Russian criminal organizations and the Putin-Medvedev administration.

There have also been reports of massive denial-of-service attacks targeting former Soviet republics that are no longer on good terms with the Kremlin. These attacks have reportedly come from Russian IPs.

Georgians reported that their computer networks became virtually unusable just before the Russians crossed the border into their country.

There have been accusations that the attacks have come from criminal organizations trying to negatively impact the economies of those countries for profit, and others that have said it's political retribution from the Russian government.

My suggestion would be that in Russia, there's a fine line between those two points.

There are other reports of possible state-sponsored cyberattacks, including from China and even tiny Myanmar.

So with that in mind, do you really believe that cybersecurity isn't a huge issue? Are you not concerned that our representatives seem to be treating the threat as anything but serious? Have you heard one even mention this issue while running for office?

Now, a recently released draft report from the Government Accounting Office says that in the six years since its creation, the Department of Homeland Security has yet to fulfill one of its primary missions – that of securing our country from the threat of cyberthreats.

The U.S. Computer Emergency Readiness Team, known as US-CERT "still does not exhibit aspects of the attributes essential to having a truly national capability," according to the draft report.

It goes on to say US-CERT "lacks a comprehensive baseline understanding of the nation's critical information infrastructure operations, does not monitor all critical infrastructure information systems, does not consistently provide actionable and timely warnings, and lacks the capacity to assist in mitigation and recovery in the event of multiple, simultaneous incidents of national significance."

David Powner, the GAO's director of information management issues was quoted as saying that of 30 recommendations made since 2006 by the GAO to DHS to improve its performance in terms of protecting the country from cybersecurity threats, the department “still has not fully satisfied any of them".

With a little over a month to go before Election Day, I've lost all hope that we'll know where the presidential candidates actually stand on substantive issues. But in this case, it's more of a legislative issue anyway, and every single seat in the House of Representatives, as well as a third of all Senate seats, is up for grabs.

If the opportunity arises, I implore you to let the candidates know that the issue of cybersecurity is important to you and you want them to address it. Laws will only be passed, and agencies forced to accomplish their assigned missions, if voters insist.

Please don't let this fall through the cracks. I know it's not as sexy as “lipstick on a pig”, but it really matters.

Michael Rau is a mass-communications consultant in Virginia Beach. To send feedback or view past columns, go to http://dailypress.asoundidea.com.