Can we litigate the internet into safety?

On April Fools’ day President Obama signed yet another executive order making cybercrime a federal prosecutional offense for foreign nationals. I wrote about it here:

Making cybercrime a crime is linguistically redundant but still, it raises a real question. “By making cybercrime a litigious offense will it stop or even reduce cybercrime?”

Lets look at this as adults and the answer becomes rather obvious. It is only a matter of looking at history to see the answer.


  • Did the criminalization of illegal drugs stop illegal drugs?
  • Did the criminalization of murder stop murder?
  • Did the criminalization of bank robbery stop that?
  • Did the criminalization of drinking and driving stop that either?

You get the idea. Laws do not stop crime. Just look at prohibition and prostitution.

  • Policing lowers crime.
  • Removing access lowers crime.
  • Education lowers crime.

Having laws in place are grossly ineffective if they are not enforced or enforceable. How can they be enforced unless there are means and resources to enforce those laws?

This may be a time where laws must be tempered with reality.

Cybercrime is not going away just because President Obama signed an executive order. It is not going away even if the resources are available to police. Just look at our war on drugs and that war is funded. Cybercrime will only be reduced, not eliminated, when we remove the ease of access.

Making cybercrime a crime and arresting teenagers for felony unauthorized access of school computers while doing nothing when financial data is stolen just seems ludicrous .

The weakest link in the system is the password. The second weakest is how data is stored. These are both fixable. Criminalization and litigation threats are ineffective tools for some things, and cybercrime is one. Making cybercrime a priority and then doing nothing seems hypocritical.

Systematically eliminating the password should be a top priority for all cyber security professionals. It is for us at BPID.

Looking at retailers recently breached, we see no one punished in cyber crime but the victims. Threats of litigation, even prosecution are moot. Targeting errant teenagers is shifting the responsibility of computer security to the fox who eats an omelet for dinner because the farmer failed to close the coop door.

The real question, the unifying theory of cyber security, is why don’t we just eliminate the password all together? The password is the weakest link.

Coming soon… BPID password-free authentication.

KONICA MINOLTA DIGITAL CAMERAPaul Swengler is the CEO and principal of Bulletproof ID a password-free login. He can be reached through and can be found on twitter @bpids

BPID is on a mission to eliminate the password in 2016. Our asymmetrical  data system makes eliminating the password possible without compromising security or convenience. Stay aware of our progress, please join us by signing up for our news.

[stextbox id=”stb_style_904901″ mode=”css” image=”null”]