Epidemics, virus outbreaks, we want and try to stop them. We’ve seen their destructive capabilities throughout history: small pox, yellow fever, and more recently, swine flu. Often, the best way to slow and even stop an outbreak is through research, education, and enforcement.
At a meeting of the American Academy of Arts & Sciences on the Hill last week, Prof. Deirdre Mulligan of the University of California-Berkley analogized applying tactics used in preventing the spread of real world diseases to limiting the spread of viruses on computer systems, stating “We must manage the ‘disease’ in the computer system” much in the same way we manage diseases in the real world.
This analogy makes sense, but Prof. Mulligan was speaking to a room of House and Senate staff who might misinterpret the analogy to justify new laws instead of using exising laws to protect the common online good.
In the real world, we work to research, educate, and enforce. We research vaccines, we educate citizens on how to prevent the spread of disease, and we enforce by working to report potential outbreaks as well as contain and mobilize when they occur.
The same can be done in the online world. We can research potential opportunities for virus and malware attacks. We can educate consumers to regularly update their systems and install virus protection software. And we can enforce by identifying the source of malware and botnet attacks and go after the bad actors that create them.
In both the real world and the online world, one of the best ways to successfully enforce is through surveillance and monitoring.
Congress could pass a law to ban viruses, but these laws won’t stop diseases, real world or online.
Keeping with the public health analogy, we use doctors and schools to report and monitor the presence of dangerous diseases. This method has been particularly useful in the recent swine flu outbreaks.
In the online world, if we monitor the source of data packets, we can better identify the source of computer viruses and malware botnets. We can then go after the source and stop the potential epidemic. Moreover, we can identify infected computers and quarantine them then begin working on a cure.
One thing that we don’t do is turn to Congress to solve our health problems. Congress could pass a law to ban a virus, an epidemic, or even the common cold, but it’s silly to even think that these laws would stop diseases.
Likewise, Congress can pass laws to stop these online bad actors (creators of malware, etc.), but the real solution to stopping them lies in research, education, and most importantly, enforcement.
So let’s start treating computer viruses like we treat real world viruses. Not solving them through legislation or new laws, but by strapping on our gloves and researching, educating, and enforcing.