Not mine, but Bruce’s. It’s a good read; if you’re interested in cybersecurity issues, I recommend you take a peek, especially if you’re wondering what politicians ought to be doing to improve the condition of the Intertubes.
My favorite paragraph:
Security is both subtle and complex, and — unfortunately — doesn’t readily lend itself to normal legislative processes. You’re used to finding consensus, but security by consensus rarely works. On the internet, security standards are much worse when they’re developed by a consensus body, and much better when someone just does them. This doesn’t always work — a lot of crap security has come from companies that have “just done it” — but nothing but mediocre standards come from consensus bodies. The point is that you won’t get good security without pissing someone off: The information broker industry, the voting machine industry, the telcos. The normal legislative process makes it hard to get security right, which is why I don’t have much optimism about what you can get done.
Hoo, lord, is he right on that score… and this isn’t just about legislative processes. Security by committee doesn’t work in your IT organization, either. If you work for a medium-to-large company, you’ve probably seen the results of just this sort of intra-organizational political dogfight.