Microsoft’s Scott Charney has been ringing the alarm for cooperation among consumers, businesses, and governments over issues involving cybercrime for years.
Tuesday at the RSA Conference 2011 in San Francisco, Charney, corporate vice president of Trustworthy Computing at Microsoft (NASDAQ: MSFT), proposed what he refers to as “a global Internet health model,” to help the various constituents get a handle the burgeoning problem of global cybercrime.
Saying that the time has come for coordinated action against cyber criminals, Charney presented his ideas for his health model.
“Security is not a problem that can be addressed fully by individual consumers, or even individual companies or governments. That is what led to the development of my public health model proposal, which calls for collective defense against cyber threats,” Charney’s post continued.
He proposed such a model in October, when Microsoft released a whitepaper (as PDF) discussing it.
While admitting that nothing happens overnight, Charney said that he had identified two strategies to improve Internet “health.”
“[The first strategy is] bolstering efforts to identify infected devices and get them healthy, [and the second is] implementing policies and practices that promote device health by reducing known risks,” he added.
In one video scenario presented on the blog and also at Charney’s RSA keynote, a bank customer goes to make a financial transaction, and is stopped by the bank’s health check, which identifies that the anti-virus software on the customer’s machine is out of date.
Charney also described a program started by the Internet Industry Association of Australia, “which creates a notification system for consumers with compromised computers and a standardized resource to clean them.”
Such systems can evoke serious privacy questions, however.
“That being so, contracts should provide, and legal frameworks should help ensure, that any such programs are limited to ensuring device health and that information gathered is used for no other purpose (for example, the enforcement of intellectual property rights or the creation of marketing profiles),” Charney’s blog post continued.
A related important consideration is that, while providing health checks, users must not be not cut off from critical services such as Voice Over Internet Protocol (VoIP).
“As devices converge (e.g., a computer may be used to make VoIP calls, including calls to emergency services), denying a user complete access to the Internet, even for a short period, could well have damaging consequences,” he added.