Lawyers and the law tend to exist only in the background in the world of IT. In fact, they mostly pop into the picture around contract signing time. But the events of the past few weeks have prompted me to take a closer look at the increasing role being played by the legal profession in the IT world.
The SCO Group is suing IBM over intellectual property rights around SCO’s ownership of Unix. Meanwhile, Microsoft and SCO have offered hundreds of thousands of dollars for the arrest and conviction of the Mydoom authors. The latter for the first time, the former adding to a pot of millions. And antispam laws, or the lack there of, have proven that the solution to the scourge of the Internet is going to be more difficult than previously thought – one that actually may require international legal agreements as part of the solution.
The SCO case is an interesting one. Say what you want about lawyers, but one thing they cannot be accused of is being stupid or naive. The contingency based lawsuit, a favourite south of the border where lawyers take a percentage of the proceeds of victory instead of upfront payment, is a bit of a gamble. SCO wins and they are rich, SCO loses and they have 400,000 shares in a company that would appear to be facing the writing on the wall. Are they that confident SCO can win a case that may drag on for years?
On the malware side, setting up a bounty to catch virus writers is a less complex yet more intriguing idea, in part due to the unlikeliness of it working. For the most part bounties are a thing of the past – Saddam Hussein notwithstanding – and expecting them to work in the hacker underworld is to assume hackers will turn in other hackers (possible) and that they trust authorities to play the game honestly (highly unlikely).
Fact is, it is a cost effective way to appear to be doing something while doing little. Companies are putting their money where their mouth is, without the likelihood of ever having to pay up. Here law will play a role, but mostly after the fact. It is technology and education which are key. Tech to plug existing holes and take responsibility for making fewer in the future, education to minimize the effects of mass mailing worms which require human intervention.
Spam, on the other hand, seems to need some actual global legal action. There are technical solutions that will do the job but the cost is high. It seems rather ironic that companies are being forced to buy extra technology to solve a cultural problem. Spam is there because it is cost effective. If no one clicked on the links it would go away. Bill Gates recently said he sees an end to spam by 2006 (story on page 1), a lofty goal to be sure, but is it achievable using solely technical means?
The one thing I have learned over the years covering IT security is that the battle is ebb and flow. If there are new technological means to stop spam, the spammers will find a way around it. Which brings us to the lawyers and the law. Last year California passed a pretty decent antispam law but it will be ineffective if the e-mail originates in Korea or Canada. Globally there is little on the table in the way of antispam. Software piracy, though still a huge problem, has benefited greatly from international cooperation. It is time the same is done to minimize the pain of spam.