The IAPP is an association of more than 1,000 of the world’s leading privacy and security professionals. The first day of their conference culminated in a very nice reception at The Asian Art Museum of San Francisco, one of the largest museums in the Western world devoted exclusively to Asian art. Its contents include nearly 15,000 treasures spanning 6,000 years of history, representing cultures throughout Asia.
The IAPP partnered with TRUSTe, an independent, nonprofit privacy organization whose mission is to build users’ trust and confidence on the Internet, to create the conference. Their combined focus on the subject of privacy will surely help accelerate growth of the Internet.
The first speaker the next morning was Howard Beales, Director, Bureau of Consumer Protection, at the Federal Trade Commission. Howard has a team of attornies who are constantly fighting the battle to stop identity theft, spam, and other consumer issues. Talk about a tough job! There have been some successes in taking the perpetrators to court and hopefully the visibility of them will act as a detrrent. I believe the major answer is from technology, however, and not from regulation. It was great to hear in the news today that the FTC has decided to not pursue the "do not spam" registry. I believe it would have been a huge target for hackers and unlikely to be effective.
Following Howard, I gave a talk about my view of the "Future Of The Internet" and expressed optimism about spam control. The new standards work on MARID (MTA Authorization Records in DNS) shows great promise. The Internet Engineering Task Force (IETF) has a new working group that has been dubbed MARID. It stands for Message Transport Agent Authorization Records In (the) Domain Name System. How’s that for a catchy name? The concept is to store and distribute information that authorizes an email server to send messages from a particular domain. If an email says it is from [email protected] but the server which sent the email was actually x5qyw4ze.ru then it is likely spam. This isn’t the entire answer but techniques are being explored that will catch most spam based on basic characteristics of the sending address. I would say somewhere around 95% would be good. Maybe it will be better than that would if we end up with a system that catches 100% of spam then we have gone too far. I attach a lot of value to getting emails from complete strangers who have a suggestion or question for me.
I also expressed views about privacy. (Earlier this year I wrote a series of stories about security and privacy and you can find it here). In a nutshell, it is really important for institutions of all kinds to focus on their privacy architecture. Having a privacy policy is necessary but not sufficient. See the privacy series for more thoughts on this and also visit the IAPP and Truste web sites.