It doesn't sound like that dramatic of a proposal: At the RSA Conference 2010 this week in San Francisco, Microsoft Corporate Vice President Scott Charney followed up on comments he made at last year's show and vaguely proposed standards for more secure and private access to the Internet. But his comments have caused a bizarre backlash online, with some criticizing his suggestion that an Internet tax could be used to help pay for the initiative. Unfortunately for those who wish to make a mountain out of a molehill, however, Charney's suggestions were both realistic and reasonable.
"End to End Trust is our vision for realizing a safer, more trusted Internet," he said during an RSA keynote address. "To enable trust inside and outside of cloud computing environments will require security and privacy fundamentals, technology innovations, and social, economic, political, and IT alignment."
Charney suggested that a technology based on an emerging IT standard called Network Access Control (NAC) could be used on the broader Internet to help protect users against electronic threat. NAC essentially shuttles unsafe PCs to a segregated network where all they can do is bring themselves up to date with the latest security software and clean themselves of any malware. When the PCs are deemed safe, they're allowed onto the corporate network. A public version of this infrastructure would thus keep unsafe PCs off of the Internet until they were cleaned, protecting all users.
Implementing such a scheme would be time consuming, complicated, and expensive. But compared to the current situation, where users are treating issues after they've occurred rather than preventively, if at all, is even more expensive in the long term. More important, it's insecure. (Comparisons to the national health care debate are, of course, obvious.)
To help pay for this scheme or a similar protection mechanism, Charney suggested that existing tax revenues could be used, or perhaps a special Internet tax.
Charney also talked up recent Microsoft security initiatives, such as the takedown of a massive BotNet in "Operation B49," new products such as FrontFront Identity Manager 2010 (and a proposed product called YouProve), and a continuation of the company's ongoing End-to-End Trust initiative.
