The problem with legislation

By Peter Coffee  |  Posted 2004-06-14 Print this article Print

Do you feel a need for a stronger dialogue between the IT profession and legislators and regulators so that the right kind of laws get passed as opposed to well-intentioned laws that completely misunderstand the situation? Or is the law just not a very effective mechanism for dealing with the problems that you face?

Benincasa: Unfortunately, the laws are only going to be U.S.-based. You can get attacked from anywhere in the world. Unless youve got some uniformity, the European community and the U.S. community can pass as many laws as they want, but youve still got a lot of other countries that can perpetuate attacks.

So, as far as youre concerned, the laws and the regulatory bodies are unable to make a meaningful contribution here?

Rosen: Weve got worldwide problems, but we dont have worldwide laws.

It sounds as if we have some agreement here—that the change in the threat environment from one where you can be reactive versus one where you have to be proactive demands that some real questions be asked and answered. For example, how much does it cost to have the appropriate level of protection in terms of compute power, and is the technology really ready to use?

Calabrese: You can add one more piece to it: The [vendors] Im talking to are looking for a two-year commitment. So Im being asked to sign a two-year contract for technology that is appropriate today but that I wouldnt have known I would have been concerned with two years ago.

Gunnerson: I think you need to tap into the realities of the technology change and make sure that the contracts are appropriately worded. ... If youre going to be locked in to something for 24 months, put the wording in there that says there will be a technology escalation review at 12 months, where you can actually make sure that the contract and the relationship between the two parties are cognizant that technology is changing. I think youll be OK then.

Check out eWEEK.coms Security Center at for the latest security news, reviews and analysis.

Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page

Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developersÔÇÖ technical requirements on the companyÔÇÖs evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter companyÔÇÖs first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel