The Digital Millennium Copyright Act (PDF), better known as the DMCA, is a troublesome piece of legislation. One of the many legislatively regressive darlings of the music and movie industry, the DMCA has long constrained an important element of technological development: Reverse engineering.

The DMCA has vaguely written anti-circumvention restrictions that make simple actions like repairing your car (there's a computer-based sensor adapter you're not allowed to touch) or backing up your DVDs potentially illegal. So if you've made a backup copy of the Barney disk because you know your four-year-old will break it again, you may be breaking the law.

A big problem of the DMCA is that it purposely restricts fair use, and yet illegal copying and piracy goes on with abandon. Part of the problem is that the DMCA is domestic legislation, but the internet is international. If you want to restrict torrent downloads of Game of Thrones, an American law won't prevent a Russian pirate from posting the episode.

Studio behavior is also at issue when it comes to piracy. As I wrote back in March, one way to fight video piracy is to make shows available legitimately.

But this article isn't one of the many that complain about the DMCA. This article is to acknowledge and support actual legislative action intended to fix the DMCA. Seriously. Constructive work from Congress. Whodathunkit?

This, by the way, marks the second time in the space of 90 days that our Congress critters have actually done something constructive. I reported the last time, in March, about the US government requiring security reviews for Chinese tech purchases.

This time, we have three Democrats and a Republican (Zoe Lofgren, Thomas Massie, Anna Eshoo, and Jared Polis) who have proposed a House Resolution entitled the Unlocking Technology Act of 2013 (PDF).

This five-page Bill edits the DMCA. Rather than just restricting any reverse engineering or unlocking, it allows reverse engineering unless the purpose is to infringe on copyright. In other words, it puts the fair use back into the law, as it was always meant to be.

In addition to clarifying law about things like backing up DVDs, or attaching your own test equipment to your car to maintain it, or fixing abandoned products that you still happen to own, it allows for the unlocking of cell phones, allowing you to take your expensive device and find the carrier that you want to use without the Library of Congress dictating how you're locked into your phone service.

So far, the Bill doesn't even have an HR number. It's an intelligently written edit, so the chances of it passing are pretty low. But that, boys and girls, is where you come in.

This is when it's time to take to the Twitterverse, to Facebook, to the internet, even to the old-fashioned telephone and call your Congressional representatives (just click here and type in your ZIP code), and tell them you want DMCA reform. While the Unlocking Technology Act of 2013 may or may not be the answer, the DMCA as it stands certainly needs help and has been "buggy" for years.

Oh, and remind them that this is America, land of the free and home of the brave. We want free use, and Congress needs to be brave enough to stand up for what's right.

And we can print guns out of plastic and video private conversations simply by wearing eyeglasses.

The challenge of technology is that it has no soul. Technological devices have no direct awareness of wrong or right (with the exception of certain videogame quest lines). What we, as humanity, craft out of our brilliance and enterprise and concentration of economic power are simply tools.

A hammer can be used to build a home, or bash in a head. A pressure cooker can be used to make chilli, or brutalize a city.

And a consumer-grade 3D printer can be used to print out tacky little toys, or make undetectable and untraceable weapons.

We rely on law enforcement to keep us safe, to investigate crimes, and to bring criminals to justice. The science of forensics has become a key tool in criminal investigations. Guns leave traces, and when a crime is committed, it's often possible to forensically analyze the limited evidence left by a weapon and trace it back to a suspect.

But 3D plastic guns open up worrisome doors. No longer are guns available only from dealers and known manufacturers; they can now be printed from melted plastic. If you thought cooking crack was a problem in cities, wait until gun makers start cranking out handguns from open-source designs.

Not only could these things be made by anyone with a relatively inexpensive printer and laptop, they could be melted down and repurposed into children's toys upon completion of the crime.

Then there are the digitally enhanced eyeglasses we're currently calling Google Glass. Like 3D-printed plastic guns, these things are crude in their early versions. Even so, they open the door to some very disturbing violations of privacy (and good taste).

The ability to miniaturize cameras, shrink computers, wirelessly send data packets, and socially network to thousands of our friends may make George Orwell's vision of Big Brother seem tame by comparison.

Certainly, we've already seen how hidden recorders and cameras have upset presidential campaigns, whether it's the 47 percent or bitter small towners, clinging to guns and religion.

We've also seen the benefit of citizen smartphone recording, especially when it comes to finding terrorists who carry out acts of extreme barbarism.

And yet, what of employees who use Google Glass to record trade secret information, spies who use hidden eyeglass cameras to record national security secrets, or the high-school student who uses eyeglass cameras in locker rooms to record the private parts of his or her fellow students?

Then, of course, there's the constant, never-ending, always increasing, unyielding barrage of cyberespionage and cybercrime.

By enabling always-on broadband, and plumbing our towns and cities with high-speed internet access, we've made it possible to connect with each other in wondrous ways. But we've also created a world where criminals in China and Belarus are only a few hundred milliseconds from our parents, children, and loved ones.

These technologies are wonderful, empowering, and simply breathtaking. They're also no end of trouble.

How would wise minds like Thomas Jefferson or Ben Franklin have looked upon these threats, when they were coding the DNA of our great republic? Would they have constantly tried to diminish our privacy, like our current Congress critters seem hell bent on doing? Or would Jefferson and Franklin have insisted that our online liberty is the same as liberty itself?

The fact is, this scale of technological vs. terrible challenge is not new. It goes back thousands of years. When the Romans created trade between Europe and China for much-desired silk, not only did traders travel the Silk Road — so did vermin. And so did the Black Death.

When nuclear technology was initially developed, it was harnessed to destroy our enemies. Fat Man and Little Boy killed hundreds of thousands of people when they exploded over Nagasaki and Hiroshima, respectively. And yet, nuclear medicine has saved hundreds of thousands of lives.

I believe that Jefferson and Franklin would have advised us that nothing is black and white. Our legal and policy systems can't paint everything with a broad brush, and we must use our unique human intelligence and analytic skills to distinguish between true threats and crimes from mistakes and the expansion of our technological knowledge base.

In fact, this necessity to distinguish and discern is why we have a complex justice system with courts, judges, prosecution, defense, witnesses, and more. The challenge of adjudicating shades of gray must fall to humans with the ability to distinguish the subtlety of the facts and how situational circumstances relate to human behavior.

Take, for example, the recent case of Eagle Scout Cole Withrow, a young man who made a mistake. He drove his truck to school and, upon arriving, realized he still had left his skeet-shooting shotgun in his truck.

He faced a choice: Leave school to return the shotgun to his home (which would have resulted in a leaving-school penalty) or admit his problem and ask for help. Perhaps he didn't take exactly the right course. He locked his truck, went into the school office, and called his mother, asking her to come to school and bring home the shotgun. He was overheard, and all hell broke loose.

The boy, mere months from graduating, is now facing felony weapons charges and has been suspended from school, pushing back his graduation date by a full year.

And yet, young Cole did almost exactly what we'd train an Eagle Scout to do. I had the high honor of having earned my Eagle Scout badge (along with bronze, gold, and silver palms) almost four decades ago, but the training of how to be prepared and how to react with a level head in the face of emergency has always stayed with me.

Perhaps Withrow should have admitted his mistake directly to school officials, without calling his mother first. But that's the only mistake he made. Many would say he would have been smarter to rush home, feign illness, and lie to avoid penalty. But that's not how we want our young men to behave.

We want our future leaders to behave with honor, with honesty, and to face sticky problems with integrity and in partnership with the various authorities in residence. The problem is that Withrow was punished without consideration of nuance. His authorities took a young man, who by all accounts knew how to behave and how to handle problems, and taught him (and, by extension, other promising young people) that being honest is not the way to behave, that trusting in the authorities is a mistake, rather than a best practice.

This brings me back to the question of our technologies, of 3D printing, of Google Glass, of ubiquitous, worldwide internet access, even of nuclear technologies, and the benefits and horrors that come from what we often call progress.

As we move forward, as we face more technologies that have positives and negatives, yins and yangs, the promise of incredible good and the curse of unyielding evil, we must distinguish and discern our policies and systems of law with care, with consideration, and perhaps with a thought to how Jefferson and Franklin would have approached the amazing advances of mankind.

The representative system would work so much better if our representatives weren't such schmucks.

This time, the brilliant idea is taxing Internet sales. Oh, I know we've been down this road before, but this time there appears to be some traction.

Senate moves closer to backing online sales taxes

Before I explore why an Internet sales tax is such a bad idea for our current times, I'll quickly summarize the reasons some factions are arguing in favor of an Internet sales tax.

Here goes: "Waaaaah! It's not fair!"

Okay, perhaps that's an over-simplification. There are two vectors to this discussion. The first is that traditional retailers have to charge sales tax, so they are effectively at a price disadvantage to online retailers. In order to level the playing field and give moribund brick and mortar stores a chance to live, we need to tax the upstarts.

The second vector is the actual truth though: Congress has so mismanaged America's finances that the states are going broke. The states desperately need a new source of revenue and Congress doesn't want it to come from the federal budget. So let the states add a new Internet sales tax, and voila! More money for the states and nothing out of the federal budget.

Congress gets to appear as if it's standing up for their local constituent interests, for brick and mortar traditional values, and for the states, all in one screw-the-public-and-the-economy blast of bipartisanship.

Brick and mortars are hurting. States are hurting. Why shouldn't Internet companies do their part to help out?

The answer is pretty simple: "It's the economy, stupid."

This is not a time to add a 4% to almost 12% price increase to the purchasing of goods. A tremendous number of people buy online, and by increasing their costs across the board, tax revenue won't go up nearly as much as sales will go down.

Here's how the economists look at it: Sales tax revenue is just one component of the overall economy; everything is interconnected. If sales tax income goes up, but overall tax income goes down because (a) people are spending less, (b) companies go out of business, (c) fewer companies start up, and (d) people lose their jobs, the net tax income will actually be less.

And that's just what will happen if we get an Internet sales tax. It will result in further damaging our economy while also causing the loss of jobs while also causing states and the federal government to collect less revenue, not more.

It's not just that consumers will buy less online if their purchases are taxed. It's that operating an online store that deals with sales tax accounting is a very non-trivial task.

There are 50 states, almost all of which have individual sales tax rates. Worse, there are hundreds (possibly thousands) of local tax rates across the country. For an online retailer to sell in an America with an Internet tax rate, sales taxes will suddenly have to be collected for all of these jurisdictions.

Even that's not so bad. Good shopping cart software can track rates based on ZIP code.

Where it gets bad is reporting. Filing sales tax reports for hundreds or thousands of jurisdictions, each with their own different forms and filing rules, can become incomprehensibly complex. Small online retailers won't be able to keep up.

Of course, the large online retailers, like Amazon, will have the IT resources to build out tax management into their systems. As a result, Amazon will get stronger at the expense of small online retailers.

Now, here's the biggest irony: Who are the small online retailers? In many cases, they're stores that have also set up shop on the Internet. They showcase their inventory, not only in their brick and mortar storefront, but in their online store as well. With complex, convoluted Internet-based sales tax in place, these local brick and mortars will have to close their online stores and concentrate only on local sales.

Amazon will once again be strengthened at the expense of local brick and mortars.

Now, don't get me wrong — I like Amazon. I probably buy more from Amazon than from any other retailer. But Amazon is not the U.S. economy.

If the economy is to get stronger, charging consumers more when they're already struggling to afford goods and services is not a wise move.

Well, I guess nobody has ever accused Congress of wisdom.

It's just so sad. It will be much harder for small online retailers to start, set up shop, and keep up with the paperwork demands. The one really strong growing sector of our economy will be nerfed and, really, no one will benefit.

Amazon won't really win because overall purchasing will still go down when an Internet tax is charged, consumers won't win because they'll be asked yet again to spend more, new startups won't win because the paperwork will be much worse, brick and mortar won't win because their online shops will be much harder to run, and even the states won't win because, ultimately, damaging the economy does not create more tax revenue.

Sadly, even Congress won't win because consumers will be more annoyed than they are now, and when consumers are annoyed, they tend to vote against the incumbent.

Talk about shooting yourself in the foot. Congress would do well to back away from this issue quickly and quietly.

How the email archives are going to be managed

I really think that for this treasure trove of historical information to become useful, it's going to need some machine filtering. Back in the day, most government agencies "archived" email by printing it all out. That was their archiving mechanism, fully supported by law and regulation.

The idea, to meet the requirements of both the federal and the Presidential Records Acts, was to print out email messages and stick them in great big paper piles and shove them into an Indiana Jones-style warehouse.

That approach might be acceptable according to the law, or even from the point of view of some sad professor somewhere who decides to devote his life to sifting through email messages. But it doesn't really provide tangible use. For realistic and practical use, this stuff has to be machine readable, machine addressable, and machine searchable.

What we need, from a historian's perspective, is the ability, for example, to take a Google-like engine and just be able to type in queries and see what comes back out of the data stream. I'd like to see that level of transparency. Again, for policy reasons, it's probably not going reach that level, but as administrations use digital messaging technology more and more, we're going to see increasing amounts of traffic that needs to be sifted through.

To make the full cache of presidential records useful to the populace — which is obviously never the priority of any White House — some sort of machine analysis is going to have to be a key part of the solution.

More to the point, hand sifting and hand managing all of that paper is going to become extremely expensive. Unless we decide to outsource sorting through America's most confidential documents to a third-world nation where the pay is cheaper, we'll need to turn to machine-based analytics.

The issue of availability in machine form is important. For example, just being able to search, Google-like, on a message archive is a far different sort of capability than having the entire dataset and being able to subject that to advanced heuristics.

So there's also the question of whether the raw data is made available to researchers versus being able to retrieve individual messages. Different kinds of research projects are going to need different kinds of things.

Politics becomes an issue, again, sadly. Opposition researchers, searching for political nuggets of joy, will want to search for various words and see if anybody says anything interesting, inappropriate, illegal, or even just out-of-context explosive.

Outside of politics, we should be able to look at what the whole dataset can tell us, what kind of knowledge we can derive by essentially observing, and even modeling the interaction of a White House over the space of eight years.

In that light, releasing the entire dataset to academic analysis is something that I'd really like to see. For the political reasons I've mentioned, that's probably not going to happen.

The question of legacy

Wrapping this up, one of the things that always exists in the minds of current presidents — as well as former presidents — is the question of their legacy. A president's legacy is often defined not by the true historical record, not by deep analysis, but by sound bites.

President George W Bush, like most presidents, was very controversial in his time. And, like most presidents, he's certainly going to want to be sure that his legacy is presented in the best possible light.

In that context, archivists are likely to want to go through all of those 200 million messages, examine each very carefully, and determine how they will fit with the legacy that President Bush wants to leave with future generations of Americans.

Presenting all those messages in the best light could take some time.

Our best wishes go out to all members of the Bush administration, the Bush family, and all the Americans who served in the White House, past and present. Thank you for your service.

Hand-processing 200 million messages

The problem will be analyzing all those email messages as part of the archiving process, especially if the goal is to separate out what can be made publicly available and what can't. Unfortunately, political interests, along with national security interests, will probably prevent this from being simply a machine processing problem.

Doing it without machine analytics assistance is going to be an epic problem.

If it were simply a machine processing problem, even if complex heuristics or artificial intelligence were used, it could probably be processed through in a month or two with high performance hardware.

When it becomes a question of making sure that every single message is thought through in terms of its political and national security implications, that thinking-through process is going to take a while.

Worse, each message may not be thought through by just one archivist. Each message (or at least the questionable ones) may have to be routed through an entire workflow process for approval to release. That, in turn, might be dependent on committee discussions, and all the normal foolishness that Washington is so good at, making sure nothing gets done.

These messages could be in limbo for a very, very long time.

What can you do with all this email data?

The most obvious (and the most likely) reason you're going to see this stuff delayed will be to prevent the opposing political party digging through all of it in the hopes of finding something that they can use as a mallet with which to beat their opposition. Opposition research is not necessarily the best use of a historical archive, but that's certainly going to be both the highest funded and the highest priority for those in politics.

When you move beyond politics and into governance, this stuff becomes interesting. For example, historians can look for clusters of emails around various events and see, perhaps, the discussions that went on and the thinking and the mindset of individuals in the White House during the various stages of those big events.

There were eight years of very volatile history that went on during Bush 43 that would be really fascinating to explore at the email message granularity level.

Of course, as we move forward, the years with our current administration have also been very interesting. If we can see what goes on in White Houses now and going forward into the future, that becomes quite educational from a historical perspective.

Even more important becomes the question of, "What can we learn to help us better manage the nation as we move forward?"

That, too, may benefit from machine help.

For example, we could do sentiment analysis. We could go through and process all those email messages and run analytics to see if certain events changed word usage. We might be able to predict stress levels before even the members of the White House know that things are heating up, and use analytics systems that can provide early alerts to certain kinds of situations.

That sort of thing could be very, very helpful as we look at crisis management in the future. For example, let's say that a situation is getting stressful to the point where mistakes might be made, or there might be unusual pressures going on in the White House.

Those people there, serving every day in the full force of the activity, might not realize that a situation has actually heated up or stepped up to the next level of crisis. Think of the frog who doesn't notice that things are heating up as it sits in the ever-warming water. The same kind of slow boil happens when you're in the crucible of the White House.

But if, behind the scenes, you can have systems watching behavior through email messages, they might be able to pop up an alert, for example, to the Chief of Staff saying, "You may not have noticed it, but things have heated up rather further than you expect. Use some caution, or be aware of your messaging." The alerts might offer specific historical examples, important cultural cues, and suggest potential courses of action.

This sort of analytics could apply to any number of things that officials may not have realized went from a lower level of concern to a higher level of impending crisis, where people may start making mistakes.

Later this week, in honor of the dedication of the Bush Presidential Center, Part 4 of our Special Report will explore how curators will manage 200 million presidential email messages and the question of a president's legacy.

But, surprise! Congress is screwing us over. And apparently, I can't hold back my opinion.

Here's the thing, and in this case, I'm directly addressing those so-called "representatives" we send to Washington theoretically on our behalf. It's a simple concept, so I want you to say it out loud, roll it around in your mouth, and think on it.

The Constitution must not end where the digital domain begins.

That's it. That's the big thought of the week. Say it again for me. Go ahead. You can do it. Repeat after me. The Constitution. Must not end. Where the digital domain begins.

What does that mean? Put simply, we have rights and expectations of rights when we do things online. Just because we're using that internet thing doesn't mean we're giving up what it means to be an American.

And to those who don't think we have any expectation of privacy when we go online, let me ask you this: If you take a poop in a bathroom in a shopping mall, do you expect privacy? Or would you not mind it if the government just recorded all your "functions" because your in a public place? Even our elected representatives who have dalliances in airport bathrooms clearly had some expectation of privacy.

So let's try something else out for size. We Americans don't lose our expectation of privacy just because we use a service to manage our communication.

We Americans expect privacy. Period. It's in the Constitution.

We expect privacy in all our dealings. We expect that unless a judge orders it for probable cause, that the United States Postal Service won't open our letters. We expect that unless a judge orders it for probable cause, that the plain ol' telephone service we use won't be tapped.

We expect privacy. And we expect, in the unusual circumstances that our privacy is being reduced, that a judge has granted that privacy reduction to law enforcement after careful consideration of the law and the situation.

In recent years, however, American lawmakers, law enforcement agencies, and some of my colleagues in the national security apparatus seem to have decided that judicial review is in impediment — it just gets in the way.

In a few, very limited instances, this may be true. Trying to stop events like the recent Boston bombing, when there are mere minutes to prevent a catastrophe, might justify not waiting for a judge to review your case. But those situations are few and far between, and should be the rare exception, not the rule.

The Cyber Intelligence Sharing and Protection Act (CISPA), and a wide variety of other legislation recently beta-tested by Congress, seeks to eliminate the essential judicial check and balance. But it's this judicial check and balance against overly-aggressive, overly-predatory, and overly-opportunistic public servants and corporate interests that has always separated America from de facto oligarchies like the former Soviet Union and 20th century South Africa.

Without a doubt, cybersecurity is absolutely essential as organized criminals, rogue nation states, and international actors target our citizens, infrastructure, and government operations with constant and unyielding ferocity. Certain laws need to be modernized to accommodate our changing world and the new realities inherent in the justifiable siege mentality that comes from being under constant cyberseige.

But America has always had the mandate to protect its citizens and its interests, and it has always tried to walk the fine line balancing protection of our interests with the protection of our rights, especially our privacy.

There are practical issues here as well. The current variation of CISPA allows an almost free-flow of private and personal information through corporate interests to government, as long as that information flow is labeled as necessary to protect against cyberthreats.

CISPA makes two serious mistakes in this regard. It removes judicial oversight, and removes the ability to penalize corporations for overstepping reasonable behavior.

As we've seen with how our bankers have schemed the system, finding loopholes in regulations and conducting themselves in both truly reprehensible and truly irresponsible ways, we can be sure that industries from insurance to collection to healthcare to banking to advertising will all likely find CISPA-supported loopholes to overstep their bounds and abuse their relationships with American citizens.

Not only will we become an America without privacy, we'll become an America without recourse.

It's ironic that just as CISPA is once again winding its way through the twisted and wrong-thinking halls of Congress, that Google (essentially our modern realization of Big Brother) has introduced Google Glass, a method by which our own citizenry can record and publish life experiences constantly, easily violating the privacy of anyone being glanced at by a Glass wearer.

Of course, the security implications of Glass are mind-boggling as well. The Health Insurance Portability and Accountability Act (HIPAA) violations become almost instant by medical personnel wearing Glass. Any employee looking at a screen while wearing Google Glass could be either augmented, improving productivity, or could be extracting confidential corporate information for sale or other nefarious purposes.

But the difference between CISPA and Glass is that Glass is voluntary and one-on-one. We don't expect our fellow citizens to protect our interests, and if we happen to encounter a Glass-wearer, we can choose to shun him or her, or avoid being within the range of the all-recording Glass eye.

But CISPA is something we can't avoid. With CISPA, online personal information can be sifted, sorted, examined, shared, and apportioned by virtually anyone with access to our online information.

There are loose restrictions about how that information can be gotten, but the restrictions are so loose that we can be sure the huge treasure trove of detailed personal records, from individual email messages to our purchasing history at Amazon and the local supermarket will be used and abused across the spectrum of corporate and government interests.

One concern, of course, is Big Data sifting of our online personal information without a warrant by government agencies. Information ostensibly gathered in the interests of deterring cyberthreats may well be used by excessively gung-ho agencies and law enforcement officials to find new people to penalize, fine, and prosecute.

This, of course, could put an even greater burden on our already over-taxed legal system, increase the time it would take for legitimate cases to wind their way through the courts, increase our already over-extended costs for managing the criminal justice system, and unjustly bring a lot of people to justice who are not deserving of prosecution or persecution.

And then there's the issue of all this data just hanging out there. While some government agencies have good operational cybersecurity protection, others are still just getting the hang of even the most basic of best practices.

A huge database of American personal information would be a very tempting target-rich environment for the very same criminals, rogue nations, and international actors that CISPA is theoretically designed to protect us against.

That's one of the great ironies of this legislation: It may actually worsen the very situation that it's designed to protect against. The House (and possibly the Senate) seems entirely willing to set aside the protections of the Constitution in favor of increased protection against cyberthreats.

But if the reality is that they're selling out our Constitutional protections and sacrificing our privacy, and the net result is we've actually delivered even more damning information into the hands of our enemies, well there can be no polite words for the irresponsible damage Congress is doing to our cherished freedoms and liberties.

America is a great nation because Americans are a great people. That said, history has shown us that the American government has been willing to act against the interests of Americans, often in ways that are mind-bogglingly unconstitutional, brutal, shameful, horrific, and even just plain stupid.

If Congress continues to proceed on the path it's been on these past few years — trying to bypass just cause, judicial review, and due process for the sake of expedience and freedom from oversight — America will no longer be the land of the free and the home of the brave.

So, once again, I must remind our Congressional representatives of this one simple truth: The Constitution must not end where the digital domain begins.

Related stories

• Ben Franklin would say our online liberty is the same as liberty itself

• Letting our lawmakers make laws about cybersecurity is probably a mistake

The conflict between IT challenge and archiving challenge

I was recently asked in a radio interview about whether or not the 200 million message email trove being archived is really that large. That number can be interpreted in different ways. To archivists, 200 million messages is a tremendous number of documents. To most IT professionals, that's a drop in the bucket for a medium-sized enterprise.

There are about 200 million messages that the archivists are dealing with, which is roughly 80 terabytes. That's not a small amount of data. But when you consider that most IT operations dealing with anything resembling Big Data are looking in the multi-petabyte quantities, it's far from unmanageable.

It's just not really that many bits and bytes. You could actually load all of these messages into RAM and process them in real-time using something like SAP's HANA product. So, from a technical point of view, the Bush message archive isn't exactly a large data structure.

But, from an archivist's point of view, it's huge because the archivists want to go through every single message and redact anything that is still considered a national security issue or a thorny political issue.

Think about 200 million messages. If you don't explore solving the problem using machine-based analysis, but instead expect individual humans in the National Archives and Records Agency to look at every single email message, it could be the end of time before they finish their work.

From a technical point of view, managing White House email is really a pretty simple thing. But, from a policy point of view, it's a very difficult thing. In my book and the various speeches I've given on this topic in D.C., I've always made it clear that archiving is a technical process, where retrieving what's been archived is a policy process.

In other words, it's up to us techies to make sure the data can be saved. But whether or not anyone gets to see that saved data has to be determined by laws, judges, and — courtesy of the Presidential Records Act — current and former presidents and vice presidents.

Quite obviously, not all email data is constrained by national security. Much of the data stored is also political in nature. That information may be suitable for safe public viewing from a national security perspective, but politically charged all the same.

That's where the push and pull has come from with White House email — because of that difference. Of course, the weird thing is that most recent White House generations have claimed that solving the archiving challenge is a technical problem. Clearly that's not the case.

From an IT geek perspective, email archiving is an activity that we do across enterprises every day. But from a "What do we want to show? How do we want to show it? How do we want to control our messaging?" perspective, it's a much bigger problem.

But wait, there's more

Even though the collection of 200 million email messages being archived is a boon for historians, it's far from the whole story.

Because I did so much research into the Bush administration email operation, I'm very well aware that those 200 million messages only represent a portion of the email traffic that went on during the Bush White House. The messages being discussed are only the official emails that went through the EOP (Executive Office of the President) email channels.

President Bush's team operated another email operation, based around the GWB43.com domain name. This operation wasn't run by the White House. Instead, it was run by an ISP located down in Chattanooga, Tennessee. While some conspiracy theorists might think that using GWB43 was a way for the Bushies to get around email requirements, the opposite was actually the truth.

There's a 1939 law, called the Hatch Act, that governs how White House email works. Yep, a law enacted way before anyone even knew of email controls email in the most important office of the land.

In any case, the Hatch Act restricts government officials from using government resources to conduct political activities. This means any sort of communication about politics, campaigns, political strategy, and so on could not be conducted through official White House channels and were required — by law — to run through outside services, like our friends in Chattanooga.

Because of this, using what then Deputy Press Secretary Dana Perino called "an abundance of caution," any email message, official or not, that might have had a political tinge, was not routed through the EOP email servers, but instead was routed through GWB43.

None of these official emails, the ones that also contained political information, are available for archiving. In Where Have All The Emails Gone, I estimated that 103.6 million messages ran over the open Internet, through GWB43.com. None of these will be turned over to the archivists.

That means that the historical record being turned over to the archivists is missing a full third of the story.

I've always wanted to ensure that this very large (and completely undocumented collection of political messages) are also made available to the public, but they may well be lost to time.

Adding to the problem is the fact that many White House staffers had multiple email accounts. For example, then Deputy Chief of Staff Karl Rove had a GWB43.com account, which was the domain used for the political arm of the White House operations. He also had an AOL account.

He would use each of those for different things. As you might imagine, most individuals had their own personal accounts, accounts for their work as political operators, and accounts for their work as public servants.

But let's just forget those hundred million or so political messages. Everyone else certainly has. Let's instead focus on what's involved in processing the 200 million messages that the Bush Presidential Center is willing to make available.

Next week in Part 3 of our Special Report: Hand-processing 200 million emails and how modern analytics techniques could provide innovative new applications for presidential email.

This doesn't mean CISPA is a done deal. As many of you know, I called the earlier incarnation of CISPA "more heinous than SOPA". Whether this new version includes bug fixes or adds new "features" remains unclear.

The problem is, we really don't know what is in this version. So much for transparency. Even though we don't know what the bill contains, The Hill reports we can rest assured because such champions of privacy as Google, Yahoo, and Oracle that support the bill, saying Congress is "taking steps to address privacy concerns".

Steps. Whatever that means.

I've talked about these issues before. For example, Ben Franklin would say our online liberty is the same as liberty itself. On the other hand, as a cyberwarfare advisor to various government officials, agencies, and NGOs, I'm also quite aware of the very real threat that's out there. We need comprehensive cybersecurity protections, and that means we need modern laws that address those protections.

The problem, of course, is letting our lawmakers make laws about cybersecurity is probably a mistake.

It may also be a mistake to put too much of our trust in the very large tech companies, many of whom trade almost entirely on the personal data we've willfully volunteered in return for trinkets like free email and the ability to "Like" someone we've never met or wish would like us back.

The key rights issue of CISPA — and any other cybersecurity legislation — has to be clearly and constitutionally answering the question, when it comes to cybersecurity law, where do we draw the line on information sharing?

For now, we don't know enough about CISPA to freak out. It still has to make it through the House, through the Senate, and then to the President's desk. Last time, President Obama threatened to veto it. We also don't know where he stands, again, because we really don't know enough about this CISPA beta release.

So, that's why I'm telling you not to get all freaked out. Just because the panel passed the bill, don't freak out. Even if the House passes the bill, don't freak out. But once it makes it to the Senate, and if we don't know any more about what's inside it than now, then it will most definitely be time to freak out.

Related stories

• How cybersecurity is like Star Trek's transporter
  

• CNET: Privacy protections booted from CISPA data-sharing bil

My interest, however, is behind the scenes. As many of you know, I wrote a book, Where Have All The Emails Gone? (free PDF download), about five million missing White House emails and the national security implications revolving around how White House email was managed back in that era.

As the Dallas News reported, the library archivists are going to archive 200 million emails from the Bush Administration, the largest trove yet of electronic communication from a presidential administration.

This is big news, and since it's an area I spent a lot of time on, I wanted to explore the various issues involved with this process.

In honor of the Presidential Center dedication, ZDNet Government is proud to present an exclusive, 4-part in-depth special report on the George W Bush Presidential Center and the 200 million email archive project.

Some background on White House email

Historians and researchers really want to have access to presidential archives and, generally speaking, all presidents aren't too thrilled with the idea. Throughout history, we've seen the situation where presidents tend to try to limit access to their records.

You can understand why, because presidents don't really want conversations taken out of context or a discussion by a 23 year old assistant to be considered the voice of their administration.

Up until the Clinton era, we really didn't have a whole lot of email in the White House, although email did arrive at the White House in the Reagan era.

If you really want to go back, President Lincoln was the first to use electronic communication. He would actually go down to the War Department and hover over the telegraph, waiting for messages coming in from the field about the Civil War.

This practice of hovering over the teletype waiting for reports from the war — and he was tall, so he really did hover — drove the teletype operators absolutely crazy. Lincoln effectively conducted part of the war from where the teletype machines were, making that teletype and the space containing it into what could be considered the first White House Situation Room. It's quite the story.

Moving on to modern days

President Reagan's administration actually had email first. Email in President Reagan's administration was considered very low priority, so it was actually used as a back-channel communication for the Iran Contra affair.

When Admiral Poindexter (who was then the National Security Advisor) didn't want things to be considered "records" that would be kept under the Presidential Records Act, he used email in a scheme he called "Private Blank Check", because he thought email would bypass the Presidential Records Act.

Of course, as it turned out, we had special prosecutors who were very interested in what Reagan did at the time and what his office did. Eventually, the "Private Blank Check" conversations were brought into public view as well.

None of the presidents, until President Obama, have actually sent many email messages. In fact, one of the reasons that I personally think it was worth becoming President was not having to look at email.

Right as he came into office, President Obama decided that he couldn't be separated from the flow, so he's actively using email. President Clinton, I believe, sent two or three messages to the troops at one point, and that was about it.

President George W Bush did not use email at all. His interaction with email was simply: "I'm not touching it. Period." — probably one of the wisest decisions he ever made in office.

He believed that his statements in a casual communication might be misinterpreted. He wanted his statements to be interpreted in the context in which they were intended. So he just completely avoided using email.

On the other hand, his staff used email very actively. That's why access to an archive of Bush administration email messages has caused such great interest among historians and analysts.

The presidential staff is the operation arm of the US government in the sense of governing, decision-making, and process, so while the archives wouldn't contain an email message from President Bush to Vice President Cheney, you're certainly going to have the potential to see discussions from lower tier people, advisors, cabinet secretaries, and the like. That becomes fascinating.

Next week, in Part 2 of our Special Report: The conflict between IT challenge and archiving challenge, and the 103.6 million White House email messages that are still not accounted for (and no one seems willing to talk about).

In order for America's government to fund its operations, programs, and agencies, money has to be allocated for this purpose on a regular basis. In many years, that budget money is allocated through something called a "continuing resolution", which passed in Congress and signed by the President.

A continuing resolution passed this year as well, except this time, it had some teeth, in particular when it comes to China's ongoing acts of apparent espionage and skulduggery.

Put simply, the newly signed 240-page law requires law enforcement authorities to be consulted and to perform a cybersecurity and sabotage risk assessment when buying IT gear.

Here's the hot button, the once-in-a-blue-moon, hell-freezing-over smart move by our politicians. The formal risk assessment by law enforcement must (and I'm quoting the Reuters article that quoted the bill): "... include any risk associated with such system being produced, manufactured, or assembled by one or more entities that are owned, directed, or subsidized by China."

This. Is. Huge.

I'm not going to go over the whole China risk thing in-depth here because we've been down this trail before. See the links at the end of the article for a good set of reads on China's apparent inability to play well with others.

But I will say this: China, by all indications, wants it both ways. They want to sell us gear, bring our currency into their country, and grow their economy with the help of American purchasing power. But they also seem to want to sneak into our computer systems, constantly testing, probing, and attacking our networks, and otherwise cause us harm.

They want to make money from us at the same time they're willing to attack us.

What's been deeply disturbing me for years (and I've been writing about this here on CNN, and even giving lectures and advisories on this to government officials) is that Chinese gear is inside everything we use today.

The motherboard inside the computer I'm using right now was made in China. In fact, the computer I'm using right now was made in China. Your iPhone was assembled in China.

Many of the internal components and entire computers (Lenovo on its way to becoming the world's largest PC producer) are made in China. Telecommunications equipment is made in China. We even did a Great Debate here on ZDNet about whether it was wise to buy networking gear from Chinese Huawei, who has been involved in some dubious doings (and is becoming a major vendor of smartphones as well).

Think back to the Cold War days, when the Soviets and the Americans where banging shoes at each other and threatening total nuclear destruction. Would any of us (or our grandparents, I guess) have thought it made sense to buy security gear from the Soviets?

Of course not. Even the most pacifist peaceniks around would have thought that letting your enemy provide your security wasn't exactly a wise course.

And yet, that's what we've been doing. Nearly all of us rely on gear made by China. Nearly all of our personal and confidential passwords and logins travel over circuits made by China. Many of our networks and network switches, if not made by China directly, have Chinese components.

I applaud this action by Congress and the President (did you ever think I'd ever say anything like that?), and I encourage the government to take even more stringent action and due-diligence against foreign-supplied security equipment.

Related stories

• Questionable loyalties: the cybersecurity implications of buying system software from foreign companies

• Great Debate — Huawei: Should you put it in your data center?

• It might be time to throw some SALT on China

• State of the Union: Cyberthreat

• 14 global cybersecurity challenges for 2013

• Dear China: Cut out the sneaky spying shenanigans

• Researcher reveals ease of Huawei router access

• UK to probe Huawei, BT relationship

• Did Chinese security firm snag too many American security secrets before the barn door closed?

• In China, many younger military leaders view America as the ultimate enemy

• Is China gearing up to start World War III?

• Welcome to the new Cold War: China vs. the United States

• Dear Mrs. Clinton: whether you believe it or not, China is a threat to America

• U.S. finally acknowledges Chinese and Russian cyberthreat

• Video: Should Americans worry about a Chinese cyber-threat?

• Pace University forensics expert on China and cybercrime (exclusive video)

• Technology policy challenges faced by the U.S. Federal Government (video seminar)

• Deconstructing a nasty Chinese World of Warcraft phishing scheme

• Why the United States might pay China before we pay our own soldiers

• Also see: There are chapters covering China in my book, How To Save Jobs (free PDF download)

• And for balance, from ZDNet Asia: Dear America: Enough with the China-bashing already

Governments, going back to the times of the ancient Romans and Egyptians, required extensive record keeping to operate their empires, both for the management of extremely large civic works projects (like building the pyramids), and for the collection of revenue to fund those projects.

Later governments, both fair and oppressive, have found the gathering of data in vast volumes to be a functional necessity and competitive advantage. Both the old Soviets and the Nazis were infamous for their obsession with recording data about their citizenry. In those two examples, of course, that data collection would result in horrors and human rights abuses we hope to never again see practiced by so-called civilized nations.

So the gathering and processing of vast amounts of data is not new. What is new is the speed at which we can now process that data. By hosting databases fully in RAM, rather than on disk (or even faster solid-state devices), processing operations can increase in speed by a factor of a million or so.

Queries that used to take a day and a half to be solved using disk-based databases can now be resolved in a tenth of a second when based entirely in a few terabytes of directly addressable RAM.

We saw real-time analytics deployed in the last US election. President Obama's election team was able to dynamically analyze the global state of pre-election sentiment, and deploy advertising resources and human volunteers to the areas that needed the most attention, virtually in real time.

By contrast, Mitt Romney's analytics team famously provided incomplete and inaccurate information to the Romney central command, resulting in Romney's deployment of election resources to areas completely unrelated to need.

Now, we all know that elections aren't won solely by analytics. The policies of the two candidates contributed to the results, and some epic political (rather than computation) mistakes on the part of the challenging party didn't help matters.

Here we see not just big data in action, but fast big data in action. Had the president's data analytics operation taken months instead of days, or even days instead of minutes, his team might have missed key clues until the election was long over.

The challenge, of course, is how we handle this power

For example, the American Society of Civil Engineers said that one quarter of all American bridges are "deficient"; 17,000 bridges didn't meet inspection criteria, including 3 percent of all freeway bridges.

Want a scary statistic? The average age of America's bridges is 43 years. The average lifespan of America's bridges: 50 years. This means, unless something changes, we should all avoid pretty much all river crossings after the year 2020.

But my point here isn't to scare you (much). My point is that real-time analytics can help government and drivers alike. We all know about the spending reductions forced on American government agencies as a result of sequestration. So, the challenge (even after the parties get past their sequestration protestation infatuation), is how we can do more and more with less and less expense.

The bridge situation is an ideal example. The University of Texas is working on sensor technology that can report dynamic telemetry on a bridge's condition. They're working on sensors that can survive the constant vibration, weather, and even send and receive data through all the steel that normally would make radio transmission a near impossibility.

A little imagination can help us see how all this can work. Terabytes of sensor data come streaming into a central analytics engine straight from all the bridges. Dynamic, real-time analysis helps filter the signal from the noise, and — in real time — those bridges needing the most timely attention can get resources applied first (and, with dynamic crisis alerts, immediately, when warranted).

We can also see how this sort of telemetry can help fight terrorist threats. By sifting through vast amounts of data in real time, analytics systems can identify potential sources of threats, and mitigation teams can be dispatched to investigate.

Ah, but there's the rub. Did you see it? Did you feel it?

Did you notice how we suddenly went from big data to the possibility of Big Brother?

Clearly, we want and need to protect Americans from the constant threats against our security. Whether digitally or in meat space, the threat level is dangerously high. The American government must provide threat management or baaaad things will happen.

But the challenge is distinguishing between data collected for protection and data collection that violates our privacy, all while respecting the very core of our Constitution. Another challenge exists because a "potential" threat isn't an actual threat, and if we act against our citizens because some Minority Report analytics system assigned a threat potential to someone who hasn't yet done something, we're discarding our Constitution for some sort of dystopic future.

Congress isn't helping matters

There is a real need for corporations and government to share data that might help protect our infrastructure. And, in the worst case, that data may need to be de-anonymized so law enforcement can be dispatched to stop some bad guys from doing some very bad things.

But Congress tends to confuse national security with media industry preference. In the ongoing, and vaguely futile, effort to prevent media customers from fair use of the media they've purchased, Congress keeps attempting to conflate security with DRM, and so we wind up with CISPA and SOPA and all the rest.

So where does this leave us?

For the ZDNet IT audience, there are two things you need to keep in mind. First, you will need to understand real-time big data and what it means, how it works, its strengths, limitations, and what it can do for you.

To that end, I invite you to a free webcast I'm giving on Thursday at 2pm ET. In that, I and Dan Kearnan, senior director of SAP HANA Marketing, will be discussing keeping up with the volume, velocity, and variety of big data in real time.

Second, it's important to keep an eye on legislative activities, and understand when our privacy rights are being violated compared to when our security is being protected. This difference is a nuance quite clear to the rank-and-file investigators in America's famous three-letter agencies, but seems quite lost on Congress members more devoted to their lobbyist friends than their own constituents.

Keep reading ZDNet and stay up on these issues. This is only going to get more interesting as we move further into the future.

Related stories

• Guns, the First Amendment, and the Bill of Rights

• 14 global cybersecurity challenges for 2013

• When it comes to cybersecurity law, where do we draw the line on information sharing?

• Letting our lawmakers make laws about cybersecurity is probably a mistake

• Ben Franklin would say our online liberty is the same as liberty itself

• CISPA: more heinous than SOPA, and it just passed

• 5 reasons why SOPA, PROTECT-IP and other legislative idiocy will never die

We don't even know for sure if Kim-the-younger is 28, 29, or 30. We know even less about Jong-un's wife, Ri Sol-ju, except that the marriage was apparently a hastily arranged affair set up by Dear Leader Kim Jong-il from his death bed.

What we do know is that a young man roughly between the ages of Lindsay Lohan and Britney Spears — with absolute control over the fourth largest army in the world and the world's largest submarine fleet — has declared his intention to nuke the United States.

He certainly wouldn't be the first young Generation Y male with an anger management problem, but he is the only one with a real chance of becoming a nuclear power.

It's easy to dismiss the North Korean leaders, whether Jong-il or Jong-un, as Looney Tunes

After all, we've all heard of Kim Jong-il's penchant for American movies and his Elvis obsession. But Kim Jong-il managed a huge military build-up for Korea, and while Jong-un did have the advantage of being Jong-il's hand-picked successor, he did manage to hang onto and consolidate his power, all before the age of 30.

The North Korean story is actually quite amazing. If you want further background, I recommend you read the briefing I wrote for Counterterrorism Magazine last year, Spotlight: North Korea.

For a feet-on-the-ground look at what North Korea is like today, I strongly recommend you read Sophie Schmidt's fascinating account of the trip she took to North Korea last year with her father, Google chairman Eric Schmidt, and former Ambassador Bill Richardson.

So where does all this leave us? Is Kim Jong-un the Doctor Evil of the modern age? Are we really, seriously, back in the game of intercontinental ballistic missiles and nuclear warheads?

The fact is, North Korea is a viable threat on at least three separate levels

First, the nation is actively involved in cyberwarfare and cybercrime. As I've been saying for years, and which the US government is now beginning to articulate as well, cybercrime and cyberwar are huge national security threats.

North Korea is problematic here because not only is it using cyberattacks for political reasons, it's also decided that systematized cybercrime can be a good source of Western currency. For a nation essentially off-the-grid financially, cybercrime is the goose that keeps on laying the golden egg.

North Korea is also a viable threat because if its sizable conventional military. The Kims have never fully accepted the bifurcation of Korea into North and South, and have long made grumbling noises of crossing the 38th parallel.

South Korea is the world's 15th largest economy, with a GDP something north of a trillion dollars. By contrast, North Korea has a GDP somewhere in the range of $12-28 billion, which puts its total economy somewhere in the range between companies Sara Lee and Staples. South Korea's Samsung alone brings in fifteen times the annual cash of all of North Korea.

Were the North to attack the South, it would cause economic devastation to South Korea and ripple-effects across the globe. And of course, the US would be pulled into the battle, since our taxpayers have long paid for South Korea's defense, even as South Korea's industry has ungratefully done its best to compete against our own companies.

This leads us to the nuclear question: can North Korea build a nuke? Unfortunately, the answer to that is a definite "probably". Too many nuclear experts and too much nuclear material has been on the world's underground markets since the demise of the Soviet Union, and it's entirely likely that North Korea has been in the market for years.

Whether, of course, they can put the whole thing together, then build a long-range, ocean-crossing delivery vehicle, and then be suicidal enough to completely ignore the doctrine of Mutually Assured Destruction (MAD) to try to nuke an American city, is a much bigger question.

Most leaders in most nations are both too sane and too well aware of their reliance on a world economy to flip the nuclear switch. That's why we've been pretty much mutant zombie and giant lizard-free since Hiroshima and Nagasaki.

But Kim Jong-un is not most leaders. His nation is almost completely disconnected from the outside world. His entire nation could on the far side of the moon for all of his country's interaction with the world's economy.

Keep reading. This is where this starts to get good...

The youngest Kim may or may not be crazy in a padded-cell and hallucinations kind of way, but he has shown evidence of ruthlessness in his quest to consolidate his power. The key question is whether he's more of a regional annoyance, like Saddam Hussein or Muammar al-Gaddafi, or whether he's a big bad, like Adolf Hitler or Joseph Vissarionovich Stalin.

If young Kim is a proto-big-bad today, he could be a thorn in our side for a very long time

Fidel Castro was only 33 when he became Prime Minister of Cuba back in the 1950s. He held onto power for 55 years. It's entirely possible that Kim Jong-un could be his own, personal Axis of Evil for most of this century.

All of this brings me back to the original premise of this story, that a crazy, nuke-obsessed Kim Jong-un might actually be good for America.

Look, I — like most sane people — would much prefer a world where the leader of North Korea was much more concerned about his Klout rating and Facebook fan page than attacking all of Western civilization. It would be much better for everyone if he'd decide it was more fun to hold big parties, invite second- and third-tier stars, and appear on some reality TV shows.

But that's probably not going to be the case. The new Kimster had the opportunity to change the personality of North Korea, to make it more of a citizen of the world, but instead, decided to double down on his grandfather's and father's policies of Juche, which, at least in spirit, means "us against the world".

Say what you will about the old Soviet Union, but it sure had a way of focusing our attention.

There was a tangible, credible, easily identifiable threat — and our military and our politicians recognized it as such.

Even though American politicians have always — always — been self-obsessed, selfish, back-biting, in-fighting, partisans of limited patriotism, when a real, credible threat has faced the United States, they've generally been willing to put aside partisanship, at least for the important stuff.

But things have gone off the rails ever since the Soviets decided that they wanted to get out of the crazy evil business and into the much more profitable international anti-malware market. American politicians haven't been able to focus on an external enemy and instead, have done their level best to hollow out America from within.

Take this sequester idea; it boggles the mind how this was the one thing Congress could agree upon: Their brilliant plan was, because they couldn't come to an agreement at the time, that they'd set up a time bomb so a later Congress would have to come to an agreement, because otherwise, the results would be just too terrible to live with.

Seriously? This is how we run the greatest nation on Earth?

The sequester guts all sorts of programs (not necessarily a bad idea), including a lot of our military defense (not necessarily a good idea).

But let me ask you this: Could the sequester have flied back in the days of duck-and-cover? Would Congress have let our defense slide into the ocean when there was always an impending nuclear threat from the Ruskies?

No, of course not.

But now, we've all but forgotten the very real threats out there. We ignore the need to bulk up our cyberdefense because (and this, too, boggles the mind), our corporate leaders have asked the President to take a softer touch when it comes to cybersecurity.

Seriously. You can't make this stuff up.

We've killed Saddam and we've killed Osama. Sure we've just come out of the longest war in US history, but we're not really all that worried about things here at home. We're still buying our iPhones and iPads, and we're all just a little disappointed that the South Korean Samsung Galaxy S4 isn't more exciting.

While America most assuredly has its enemies, both outside our borders and within, they're amorphous. Terrorists and cybercriminals don't have faces. They don't have names. They're not super villains, and they don't unite the selfish and the partisan.

But super villains, the Hitlers, the Stalins, to some degree the Castros, these are the faces that unite our defense. When we're able to point to a Big Bad, we're all able to focus on it together, and then, sometimes, we'll actually work together.

So while I'd really prefer that North Korea's Kim Jong-un would take a chill pill, that we could set up some sort of 20-something leader exchange and swap Kim Jung-un for Mark Zuckerberg — Zuck would certainly get North Korea out of its isolationist funk — the reality is that Kim Jong-un may be more than just bluster.

He may be the pudgy face of our next super villain, he could be a credible threat, and he might actual inspire America's politicians to put aside partisanship and work together for a change.

Nah. Who am I kidding? Right now, I'm convinced there are politicians in Washington working hard to come up with something even more epically stupid than the sequester.

Let's just hope the Chinese can talk some sense into Kim Jong-un. After all, given how much we owe them, these days, the Chinese have more of a vested interest in America's continued well-being (and ability to make regular installment payments) than even our own politicians.

I pulled a lot of my material from a year of research I'd done back in 2009 and 2010 writing How To Save Jobs (free download). While those two articles, The enormous societal benefits of working from home, and What if more Americans worked from home?, looked at the working-from-home question from a policy point-of-view, this article looks at the management question.

Some quick background

I was a CEO for about 20 years. While I never had tens of thousands of employees, like Yahoo, or hundreds of thousands of employees, like Best Buy, I managed between two and 50 people at various stages of company growth.

Back in the mid-1980s when I started my first company, I worked out of my one-bedroom apartment for almost six months, until I'd hired some staff and rented office space. Back then, there was a tangible business prejudice against people working from home — and for good reason.

We didn't have the technology resources we have today. Faxes were just beginning to find their way into business, email was rarely used to communicate outside of the walls of a given company, there was no such thing as video conferencing, desktop sharing, voice-over IP, or any of the other remote work technologies we now take for granted.

In a strange foreshadowing of today's virtual assistant, a few weeks after I started my first company, I hired an answering service. They set up a special patch line, answered my phone, and then called me to patch calls through. All of that was because the distributors who I called on to sell my software products categorically refused to deal with any companies they perceived as too small.

While there will always be some prejudice against working from home — particularly among those people who drive hours each day to work — working from home is now a much more well-accepted mode of doing business.

Working from home is not just for small businesses.

I work regularly with senior executives at very large companies who work from home, with home offices often halfway across the country from the divisions or departments they manage.

While the benefits to the newly minted entrepreneur are obvious, many larger companies are embracing the work-at-home work style because it saves money and time. Rather than having that key employee in the car for two hours a day, that time can be better put to work at home.

Office space doesn't need to be rented, furniture doesn't need to be purchased, power for heat and air conditioning an office isn't consumed (although that might be balanced by home consumption), and there's a lot less internal battling over who gets the office or cubicle near the window.

There are challenges, of course, and this is where the Yahoo question comes up in tangible way. If you work from home, you need to be more responsible for your output. If you're an employee, you have to establish trust with your managers. You have to set boundaries with your family and you have to develop the discipline to stay away from the TV — and the fridge.

Another challenge, one I discussed in How To Save Jobs, is that once you've convinced your boss your job can be done from a few miles away, what's to stop him from sending it across the ocean to India or China?

There's also the very real issue of isolation. Working from home tends to reduce those water-cooler moments, the times you stand and chat and brainstorm with colleagues.

I honestly think that one of the reasons Twitter and Facebook have blossomed is that they take the place of water cooler chatter. Rather than asking Bill what he's working on while walking back to your cube from the men's room, you can see his updates from his Twitter feed.

This level of short communication is not to be discounted, but it'll never take the place of rubber-band wars, fought over the rims of cubicle walls while the departmental administrative assistant was at lunch. Ah... the memories.

All that brings me back to Yahoo and the basic premise of this article, which is sometimes as a CEO, you just gotta do what you gotta do.

The big chair

If you've never been the head of a company, if you've never sat in the big chair, you may not know — really — what I'm talking about. There's a level of responsibility that hits like a ton of bricks when you realize decisions you make can directly impact peoples' lives.

Making a necessary business decision, like a layoff, hits real people where it hurts. It's not just numbers on a spreadsheet. It's not even just your individual employees. Families might not be able to make ends meet, they might not make their mortgage payments, and they might not be able to survive in a down economy. And yet, as a CEO, you have to make that decision.

I learned this lesson hard in my third year as a CEO. I was in my mid-20s and the market had compressed quite a bit. Our particular market segment was in transition, and I had a few too many employees. Was it my fault that I had too many employees? Probably. I suppose could have read the minds of our partners better and had better psychic friends so I could have predicted the future better.

We weren't funded by some big venture capital infusion. We ran on our own income (and my credit card balance). If sales went down, we had less money to work with. Around Thanksgiving, we lost a big customer, not because of anything we'd done wrong, but because they were getting out of the market we were in. The right move would have been to layoff people right then and there. But holidays were coming and I just didn't want to be a Scrooge.

I kept paying payroll for everyone throughout the holiday season. It was a mistake. I didn't have money in the bank to cover it, so I charged up my credit cards to make payroll. It took almost a decade to clean up that mess. Worse, I put the company at risk because the situation was unsustainable. We needed a course correction, and instead I ran a charity for three critical months. I eventually had to do the layoffs, anyway, but I had waited too long and the financial repercussions took years to overcome.

We bounced back, but it was a rough time. The point is, unless you've had that personal responsibility, unless you're the person staying up nights trying to find the best, most honorable, and most strategic path, and unless you're the person people scream at when you layoff their spouses, you'll never truly understand how CEO decision-making works.

I'll tell you another short story of my early days as a CEO and then I'll move on to this Yahoo thing. Don't worry. It's relevant.

This was a few years after the layoff I mentioned above. We had grown to about 14 people, and like all good newbie CEOs, I'd read all the management books. Delegating responsibility was the big thing. Don't over-manage. Create teams, and let those departments be managed by capable managers.

So that's what I did. The change in company-wide behavior — almost overnight — was breathtaking. Where in the days before departments, everyone jumped in to help with whatever needed doing, now it was Shipping's problem. Or it was Sales' problem. Or it was Engineering's problem. The almost-universal teamwork ethic we'd organically created went away. Instantly.

Nothing I could do could get everyone to work together again. Each department tribed up, and suddenly it was them against the world. It was breathtaking how quickly this change in culture happened, and it was a completely unexpected result of simply creating an org chart for a business plan.

Productivity was rapidly sinking. I had to do something. No amount of meeting and talking seemed to work. I finally decided to get draconian. I banned the use of the word "Department" anywhere in the company. Anyone heard uttering the word was disciplined in some way. Almost 20 years later, I can't remember if it was a fine, a public mocking, or they had to bring in the donuts -- that memory is lost to time.

Everyone thought banning the departments and the "D-word" was stupid, but slowly, after about a month, people started working together again, putting the strategic needs of the company before their own departmental fiefdoms. We were meeting customers' needs again, we were making money again, and we were once more shipping on time.

Yahoo and CEO Mayer's decision to ban remote workers

This decision has been picked at, dissected, criticized, and turned upside down by the tech press, by employees, by stockholders, by pretty much everyone.

It might not have been the best decision from the perspective of setting an example for an industry. It might not have been the best decision from the perspective of keeping employees from jumping ship to Facebook or Google. It might not have been the best decision from the point of view of hiring new employees. It might not even have been the best decision from the perspective of convincing the world that Yahoo is cool again.

But it might have been the best decision to keep the Yahoo ship afloat.

You know, because I've been making the case for days, that I think encouraging remote working and working-from-home is not just a viable strategy, but one that may be critical to America's economy and even our breathable atmosphere, going into the next hundred years.

So you know I'm not saying that banning remote working might have been a good decision for Yahoo because I'm against people working from home.

But, sometimes as a CEO, you just gotta do what you gotta do. Sometimes, you can't take into account what all the pundits will say. Sometimes you have to take notice of the storm your ship is about to encounter, batten down the hatches, and make course corrections.

Sometimes you have to make the unpopular decision, just to snap people back onto mission and get the ship pointed in the right direction.

Sometimes, despite what everyone says, despite the criticism, despite the screaming and yelling and anger and hatred, sometimes as a CEO, you just gotta do what you gotta do.

Only time will tell whether Mayer made the right decision or not. But I give her points for not just sitting in the big chair, but making the tough, unpopular decisions that come with job of CEO.

Her willingness to make this decision — which from the outside looks short-sighted and even regressive — may, in fact, be evidence that she's the right person for the job. If Yahoo is to be saved, if it's to be turned into something effective or meaningful once again, tough, unpopular decisions will need to be made.

I've said it before, and I'll say it again. Sometimes as a CEO, you just gotta do what you gotta do.

Related articles

• The enormous societal benefits of working from home
• What if more Americans worked from home?
• Yahoo: Fix your culture and get better telecommuting tools
• Can other companies go the Yahoo way?
• Yahoo seeks to reboot notorious company culture
• Marissa Mayer, I hear you
• Telecommuting: Dead or alive?
• First Yahoo, now Best Buy ends home working for staff
• Who's left to stand up for teleworking?
• Should all staff members work in the office? Yahoo thinks so

By the way, I'm running this article in ZDNet Government rather than my DIY-IT column because so much of working at home can be aided or hindered by government policy. I am on record as strongly recommending major changes in American employment policy designed to encourage Americans to work from home.

This article, the second in the series, looks at policy questions and explores what might have to change in our policy discussions to encourage more telecommuting.

Clearly, if more Americans worked from home, it could be very, very good for America:

• We'd reduce our reliance on foreign oil

• We'd reduce pollution

• We'd reduce global warming

• We'd regain billions of hours of productivity and family time

• We'd save a ton of money

• We'd reduce our costs for road construction and highway maintenance

• We'd even probably reduce the number of latch-key kids

That's why it's so unfortunate that the IRS seems to distrust some home-based businesses, home offices, and people working from home. According to BusinessWeek:

The home office deduction acts as something of a red flag to the Internal Revenue Service because it can easily be abused by small business owners who claim a larger home office than they actually have, or who deduct expenses for an office that is not truly dedicated to business use.

Instead of using a home office as a red flag, US tax policy needs to encourage working from home. Part of the problem is that deducting a home office is a complex process. One way to encourage working from home is to establish a standard home office deduction that can simply be checked off as part of the tax preparation process. This would still allow for itemizing more complex home office expenses, but makes it easier for most home workers.

I spoke to Kristie Arslan of the National Association for the Self-Employed (NASE), and asked her if they'd considered a policy for this. She told me:

The NASE believes that the home office deduction must be simplified and expanded to allow home-based businesses to easily utilize this tax benefit. We support the creation of a standard deduction option within the range of $1,500 to $2,000. Home-based entrepreneurs qualifying for the deduction could choose between selecting the simple, standard deduction, or itemizing if they feel they would receive a larger tax benefit.

I'd actually recommend going further than this. Rather than providing a relatively minor standard deduction — which, admittedly, would reduce audit risk — I'd like to see an aggressive program that actively encouraged working from home, perhaps in the form of a tax credit.

So many of our nation's mission-critical challenges could benefit if millions of Americans transitioned from commuting to working from home. I'd like to see a program that provided a credit for the number of days worked from home, or some other metric that was both easy to calculate and a strong incentive.

Perhaps this could be extended to employers as well, with deductions or credits that encouraged employers to encourage employees to work from home — as long as those homes are in the United States, of course.

But there's more to this than just tax policy. As with other aspects of changing how we function as a nation, our perception of ourselves has to change as well.

Changing hearts and minds

During World War II and after the Great Depression, the United States government set out on what, today, we'd almost call a propaganda campaign. The government's campaign was designed to educate Americans on values that would be helpful in a recovery. Yes, I know. If we did that today, certain pundits would have a coronary. But we're talking history here.

As part of the New Deal, President Franklin D Roosevelt created the Works Progress Administration (WPA). Although not without its critics at the time, the WPA was considered to be the nation's largest employer and helped drive recovery from the Great Depression. One of the more interesting and enduring aspects of the WPA was its employment of artists and other creative people.

Early on, the WPA employed mostly construction workers and traditional tradesmen. But, according to Margaret Bing, curator of the Bienes Center for the Literary Arts, "Federal Project No. 1 of the Works Progress Administration was developed to give artistic and professional work to the unemployed who qualified".

According to Bing (the arts curator, not the search engine):

Federal Art Project (FAP) began as a part of Federal One with Holger Cahill as its director. By March of 1936, regional field offices were established throughout the country, employing as many as 6,000 people. Fifty percent of the FAP workers were directly engaged in creating works of art, while 10 to 25 percent worked in art education; the rest worked in art research.

By 1938, 42,000 easel paintings and 1,100 murals in public buildings were commissioned. Large numbers of sculptures, silk-screen prints, posters, and other graphic works were also made, and the FAP frequently worked in cooperation with the Federal Writers' Project to design covers and illustrations for its publications.

Many of these images were used to communicate values and messages, like the wonderful images shown at the beginning of this article.

If you look carefully, you might notice one poster that's particularly familiar. Have you noticed it? It's the one on the upper right with the caption "Work With Care". According to the United States Library of Congress WPA Poster Collection, this particular WPA poster was created in 1936 or 1937 in Pennsylvania by an artist named Robert Muchley.

The art from Mr Muchley's poster is also the cover illustration for How To Save Jobs (from which this article is derived), and the image was chosen for a reason. I believe that if we're going to transform our approach to jobs in America, the motivations can't just be the result of legislative changes or come from simply hacking our tax policy.

Instead, I believe we have to change how we think about jobs and some of our core values here in America. For example, instead of discouraging home workers, we need to change our value system so we celebrate home workers, because each person who works from home is someone who's helping to save our resources, our roads, our air, and possibly the planet itself.

As you think about teleworking and working from home, think about ways in which our relationship to employment and income production needs to change. Whether or not we can save jobs in America may well depend on changes not only in policy, but in attitude.

Healthy bicycle commuters

While I was writing this chapter, one of my Twitter followers pointed out that not all commuters drive cars. He asked: what about people who ride bicycles to work? According to a Portland State University study, about 1 percent of commuters ride a bike to work. While those 1.6 million commuters are certainly fitter than the rest of us, they're already part of the solution. Bike commuters (and those who walk to work) don't pollute — and the natural cardio exercise of their commute often makes them healthier than the rest of us.

Stay tuned. More tomorrow about the challenges of managing all this.

Related articles

• The enormous societal benefits of working from home

• Yahoo: Fix your culture and get better telecommuting tools

• Can other companies go the Yahoo way?

• Yahoo seeks to reboot notorious company culture

• Marissa Mayer, I hear you

• Telecommuting: Dead or alive?

• First Yahoo, now Best Buy ends home working for staff

• Who's left to stand up for teleworking?

• Why Yahoo's "no home working" rule will lead us back into the office

• Should all staff members work in the office? Yahoo thinks so

Back in 2009 and 2010, I spent a tremendous amount of time researching work patterns and society, which resulted in the book How To Save Jobs (free download). As part of my recommendations for saving American jobs, I looked at the issues and benefits of working from home. This article is the first of a series derived from that research. The subsequent articles will be posted next week.

Working green by working from home

There are enormous societal benefits to working from home, but no one is really aware of them. Working from home is ultimately green.

According to an ABC News/Washington Post/Time Magazine poll taken in 2005, "220 million adults average an hour and a half a day in their cars". 60 percent admit to driving "well over the speed limit"; 62 percent say they get frustrated from time-to-time; 40 percent claim they get angry; and 20 percent admit that they sometimes "boil into road rage".

That's 44 million people experiencing road rage. That's a lot of boil. In fact, 41 percent report seeing road rage, and 54 percent claim they "often see other drivers making angry or impolite gestures".

I used to commute from Berkeley to Mountain View across the San Francisco Bay Bridge, California. If driven at 3am, it would take only 45 minutes. But during rush hour, my commute took me more than two hours each way. I only lasted five months with that commute, and then I moved closer to work. My new commute was only a 50 minute bumper-to-bumper drive, each way.

The ABC poll shows that most workers' commute times can vary from day-to-day by as much as 27 minutes each way — with a good trip to work taking an average of 19 minutes and a traffic-filled trip taking as long as 46 minutes. ABC said the average is 52 minutes on the road commuting, overall, over an average round trip distance of 32 miles.

A 2007 Gallup poll reflects some of the ABC News numbers. According to Gallup, workers spend an average of 46 minutes commuting round trip, with 85 percent driving themselves, 6 percent riding with someone else, 4 percent taking mass transit, and 3 percent walking.

If the average commuter takes 52 minutes to go 32 miles, that means the average commuter is driving at 37 miles an hour. Obviously, drivers go slower getting to and from the highway, and start and stop traffic takes longer than cruising at highway speeds, but let's just be simple and work with 37 miles an hour.

According to a 2007 United States Census report, 77 percent of American workers drive themselves to work alone. So let's work with that. As I discussed elsewhere in the book, there are roughly 234 million Americans in the civilian, non-institutional population. Let's drop out the 20 million or so we know who are not working right now, which leaves us with 214 million Americans.

214 million American commuters

That gives us about 164 million Americans who drive themselves to and from work. Multiplying 164 million by the average daily trip distance of 32 miles, we get 5,248,000,000 miles driven by American commuters each day. If the zeroes are getting to you, that's 5.2 billion miles driven each day.

Are you sitting down? That's 1.9 trillion miles driven by American commuters each year.

Now let's have some fun. Just how much fuel are we consuming by commuting? This is not an easy number to come by, so we'll be conservative again, in order to present the best-case scenario. Newer cars get better gas mileage, so let's just assume everyone's driving a 2009 or later model-year vehicle.

According to the US Department of Energy, the most fuel-efficient regular ol' gasoline vehicles were teeny-weeny two-seaters, which averaged 33 miles-per-gallon in the city and 41 on the highway. Of the 16 cars rated as most fuel efficient, the worst of these most fuel efficient rated 18 miles-per-gallon in the city and 27 on the highway.

We all know that your fuel economy is better on the highway and worse in city. And we also know our average driver is driving at 37 miles an hour, so we'll just take the highway and city miles-per-gallon numbers and average them.

So, just for the sake of our quick analysis, let's assume that the average driver gets about 22.5 miles-per-gallon commuting to work, which fits the mileage for an average American commuter vehicle.

Remember our 1.9 trillion commuter miles driven each year? If we divide that by 22.5 miles-per-gallon, we'll discover that American commuters use about 85 billion gallons of gasoline each year.

85 billion gallons

Gasoline prices have been all over the map, but let's just say that gas is a low $3 per gallon. That means American commuters spend about $255 billion per year just to commute to work.

I found it somewhat difficult to find average carbon footprint measurements for all these commuters, so I took the easy way out and used the "carbon footprint calculator" at TerraPass.com, a tool created by Dr Karl Ulrich of the University of Pennsylvania. It's not an official, unimpeachable source, but it's probably good enough for some rough estimates.

According to the TerraPass calculator, our average commuter generates 7,114 pounds of carbon dioxide per year, simply driving to and from work. Calculated out nationally, that's 1,166,696,000,000 (1.16 trillion) pounds of carbon dioxide generated each year simply by commuting Americans, just during their commutes.

Let's recap some of our numbers. First, let's look at individual commuters:

• 52 minutes commuting each day, for about 225 hours a year (that's almost six full, 40-hour work weeks, just commuting)

• 32 miles round trip, for about 8,320 miles driven a year

• 22.5 miles per gallon, for about 369 gallons of gas consumed per year

• $3 per gallon, for about $1,109 spent per person commuting, and

• 7,114 pounds of carbon dioxide released each year commuting.

Now let's look at this across America, for a full year.

• Americans spend 36.9 billion hours a year commuting

• Americans drive 1.9 trillion miles commuting each year

• Americans spend $255 billion just for the gasoline to commute

• Americans consume 60.5 billion gallons of gasoline (the capacity of 1,298 Exxon Valdez tankers, fully loaded) each year to commute

• Americans release 1.16 trillion pounds of carbon dioxide into the air while commuting.

Remember, that's a conservative estimate; it doesn't include how much of our taxes goes to road maintenance, how much we spend on cars, how many cars become scrap material, the cost of day care for working parents, and on and on and on.

Update: This is only one of a series of articles, but to answer the question posed by commenters below, and articulated perfectly by my colleague Steven Cherry, not all "cops, bartenders, assembly line workers, crop pickers, insurance adjusters" can work from home. But as commenter @Jeff_D_Programmer said below, even if only 3 percent work from home, there will be enormous benefits.

By the way, if you want to see where this data came from, here's a comprehensive list of my research resources.

Stay tuned. Next week, I'll discuss the benefits to the American economy if more Americans worked from home.

Related articles

• Yahoo: Fix your culture and get better telecommuting tools

• Can other companies go the Yahoo way?

• Yahoo seeks to reboot notorious company culture

• Marissa Mayer, I hear you

• Telecommuting: Dead or alive?

• First Yahoo, now Best Buy ends home working for staff

• Who's left to stand up for teleworking?

• Why Yahoo's "no home working" rule will lead us back into the office

• Should all staff members work in the office? Yahoo thinks so

The article focuses, as they say, "on another network", but the piracy challenges are quite real for any online content producer, TV network, blog writer, or software developer.

I've talked before how, back in the days when I wrote and sold software, I'd often get support complaints from people who either downloaded pirated copies of the software I'd written, or worse, paid someone for copies who had never bought them from me.

I've seen copies of articles I've written for sale on Amazon. And I wrote last summer about the lowlifes who completely cloned copies of my iPhone apps (right down to the marketing copy) and are still selling them on the Apple Store, right under Apple's apparently uncaring nose.

The WSJ article goes into detail about how challenging the fight is, because with video content, pirates steal episodes immediately and post them. It details an NBC anti-piracy unit that tries to fight all these illegal posts.

I have a couple of problems with the WSJ article. The first is that it seemed to support the inevitability of damaging SOPA-like legislation, and I just don't think Americans need to have their privacy rights damaged completely just to protect episodes of The Biggest Loser.

If yet more legislation won't solve the piracy problem, is there anything that can reduce it? Yes, as it turns out, I believe there is.

A few weeks ago, our TiVo glitched and didn't record a complete episode of one of my wife's favorite shows. She was very disappointed because it's one of those shows that builds on the story of the previous week.

Initially, I thought the problem would be easy to solve by simply buying the episode online. I looked on Netflix. I looked on Hulu. I looked on Amazon. I looked on iTunes. I looked at the network's own website. As it turns out, the previous season was available on iTunes, but current episodes were not.

Now, I know better than to go download a torrent of the episode. You shouldn't download torrents either. First, you're probably violating a law; and second, you're probably subjecting your computer to all sorts of nasty payloads.

The problem was, my wife didn't get to watch her show. I would have easily spent $2, $3, heck, even the price of a movie admission just to make sure she wasn't disappointed. But the network in question simply didn't offer a pay-for digital version of the show.

This brings me back to my original premise. Many TV providers don't provide online versions of their shows at the same time that they broadcast it. I think this is a huge mistake. I know there is the risk of people cutting off their cable TV services, but if that's going to happen, it's going to happen.

A few simultaneous releases won't change anything. They could even sell episodes at a higher price while the season is running, and then reduce the price once the season is over. We would have quite enthusiastically paid a higher price (all while commenting on the wonders of the internet), just so that my wife could keep up with her show.

If the TV producers make their programs available outside of the "be on the couch at this time of the night" mentality, legitimate viewers will continue to support their programs, and possibly those not quite as law abiding as I am would buy the shows instead of pirating them.

So what was the result of my wife's disappointment? She stopped watching the entire series. She's now working her way through a different series on Netflix instead. The network that didn't make that one show available lost her viewership for all that show's remaining episodes. So did that network's advertisers. My wife actually likes what she calls "the tiny programs", and enjoys watching most commercials.

And no, it's not lost on me that ZDNet is owned by a major media company. And yes, I did run this article past the editors before posting.

My concern is that neither can really go it alone, and we certainly can't rely on device users to police themselves. Some users, when well trained, will go along with our guidelines. But when our users range from teenagers (with their level of immaturity) to our senior VPs (with their almost identical level of unwillingness to take direction), we need to protect our users from themselves.

For consumers, this protection falls squarely on the device makers, who can create some level of protective cushion for users. But even Apple, with all its app approval processes and restrictions, doesn't fully police its environment and has millions of users with jailbroken phones.

The carriers who host users are always fighting something of a losing battle, but they must protect the integrity of the network. It used to be that they'd only allow certain phones, with certain applications that they'd vetted thoroughly, onto their networks. Now, with millions of apps out there, carriers do their best to guard their pipes, but the challenge is huge.

For businesses and enterprises, the network vs. device debate is moot. They must protect both. The best approach is with good policy and training, and by specifically allowing only certain devices onto their networks. But even those approaches can run into snags, like when an employee with a BYOD device is terminated with cause — and some procedure must be followed to remove corporate data from a personal device.

In the long run, we're going to need to see protections on both sides. Networks will need to get more secure, intrusion protection systems will be necessary as BYOD devices waltz past the firewall. Devices, either with bare-metal hypervisors or features like the BlackBerry Balance and Samsung Knox, may be able to help keep their users just a little bit safer.

The bottom line, though, is this: device or network, we're still going to be under constant attack, constant threat of incursion, and we're still going to need to be almost preternaturally diligent to keep our enterprises and users safe.

If your neighbor doesn't like that you watch certain TV shows, is it okay for him to come over and smash your TV?

If your neighbor doesn't like the gas guzzler you drive, is it ethical for him to take a sledge hammer to your car?

If your neighbor doesn't like the books you read, is it moral for him to burn your house down?

If your neighbor doesn't like the company you work for, is it righteous of him to break into your house and steal your valuables?

If your neighbor doesn't like the computer games you play, is it just hunky-dory for him to destroy the network connections to your entire neighborhood?

Well? Is it okay?

What would the police say? What would the courts say?

Of course, it's not okay. It's not ethical, it's not moral, it's not righteous, it's not hunky-dory. It's simply criminal.

Now, what if your neighbor, instead, simply told you (or even chanted at you) that he doesn't like your TV choices, your car, your books, or even your employer?

Would that be criminal? No. Annoying, yes. Criminal, no.

What if he held up a sign on the public street outside your house, telling you to watch something different or drive something different?

Would that be criminal? No. It might be in violation of one town ordinance or another, it would certainly be unsettling, but it wouldn't be criminal.

What if he kidnapped a bunch of unwilling and unwitting people, drugged or infected them, and forced them all to carry signs and chant? Would that be criminal? Yep, it sure as heck would be.

It's pretty easy to tell the difference between criminal acts and acts of free speech. Criminal acts are destructive. Free speech acts are, at worst, annoying.

Now, let's move on to the topic of a Distributed Denial of Service attack.

Is there ever a case where a DDoS is a form of legitimate protest, or are DDoS attacks criminal at best, and terrorism at worst?

Before we answer the question, let's explore how a DDoS works. All DDoS attacks aren't identical, but most follow a simple pattern: many attackers and one victim.

Let's start with the attackers first. For a DDoS to have any effect at all, there have to be thousands to millions of computers sending out packets to the victim machine or network. That means, the attacker (or activist, if you will), needs to have access to thousands or millions of machines.

The way this is done is through botnets. A botnet controller sends instructions to thousands or millions of zombie computers. These are computers that you use, your mom uses, your boss uses, your cousin uses, your kids use, or even your emergency responders use to save lives. 

To function in a DDoS botnet, these computers have to be infected without their owners' permission, and corrupted with malware that may be used to initiate a DDoS. It's the digital equivalent of kidnapping and drugging or infecting a bunch of people, then making them carry protest signs.

Often, there is damage to the zombified machine, and the infection often has a secondary purpose of keylogging or otherwise stealing information.

So, even without any discussion yet as to the identity or alleged heinousness of the target victim, we see that crimes have been committed, privacy has been invaded, property has been damaged, and — depending on what computers were infected — lives may have been put at risk.

And all of that is without even looking at the damage to the victim or any other collateral damage.

A recent MIT study explored the question of whether there could be an ethical framework for DDoS actions.

According to Molly Sauter, the study's author, there are, "...three major criticisms of activist DDOS actions: that they are the equivalent of censorship, that as symbolic activism they are not as effective as direct action, and that they have unfocused success conditions."

With all due respect to MIT and Ms. Sauter, she completely misses the point. Activist DDoS actions — like all DDoS attacks — are invasive, they are destructive, and they cause extensive collateral damage to non-combatants.

This is not an issue of whether or not the attack is good messaging. This is an assault where actual damage is being done.

If the 9/11 terrorists had merely stood in front of the World Trade Center and Pentagon with protest signs, they wouldn't have been terrorists. But they chose to fly a plane into the buildings, killing not only thousands of office workers, but also the unwitting and certainly unwilling passengers on Flights 11, 77, and 93.

When it comes to a DDoS, whether or not the intended victim is a schmuck or not has no bearing on whether such attacks can be considered ethical. Beyond the hijacked attack computers, interrupting service can cause all sorts of collateral damage.

No sane person (at least outside the financial industry) will argue that our bankers are entirely ethical. But using a DDoS to block a bank from processing transactions may block individual depositors from accessing their money. What if someone needs to make a financial system transaction for, say, emergency healthcare?

To that end, as I wrote in How To Save Jobs (free download), and Steven Brill wrote in TIME Magazine, it's clear that most hospitals, insurance companies, and healthcare providers have themselves quite a racket at the expense of American citizens.

Using a DDoS to shut down an insurance company may also prevent a patient in need from getting timely healthcare. Using a DDoS or a hack to attack the power grid may inconvenience the fat cat utility CEOs, but it might also cut off power to people who need it to stay warm, study for a test, or power a medical device.

All that doesn't include the stress and expense that comes from being on the receiving end of a DDoS. An activist group might be angry at a bank or an insurance company, but the person at the direct front-line receiving end of the attack is the IT manager — who may well lose his or her job for not preventing the unpreventable.

Or a DDoS might be used against a small company or organization. I can tell you from personal experience that fighting off millions of computers at once is no fun, highly destructive, and almost incomprehensibly stressful.

Then there's the actual cost of the attack. Forrester Consulting recently did a survey of companies to ascertain actual costs of an attack. They reported on one company that would lose more than $10 million in revenue for each hour offline. They disclosed two "respondents would lose between $1 million and $2 million per hour, five indicated that they would lose between $200,000 and $500,000 per hour, and eight would lose between $50,000 and $200,000 per hour."

That's just the loss of revenue. That doesn't include the cost of the battle itself, the IT expense, the manpower, increases in insurance fees, the cost of the eventual layoffs that would likely happen after a sudden large loss of income, or the incalculable inconvenience and resulting consequences to individual customers.

We can simplify the job cost number a bit using research from Ponemon Institute reports that DDoS attacks cost companies an average of $3.5 million each year.

They surveyed 700 companies and 65 percent (455 companies) reported being on the receiving end of at least three DDoS attacks a year. So let's take those 455 companies and multiply that out by $3.5 million dollars.

Just this set of survey respondents alone lost $1.6 billion dollars due to DDoS attacks.

So, let me ask you this: how many jobs could have been created if $1.6 billion hadn't been lost to DDoS attacks? In How To Save Jobs, I used $50,000 as a workable average salary number in the United States. So, how many $50,000 salaries could have been paid out of that $1.6 billion? The answer is 32,000.

You can look at this two ways: the $1.6 billion spent by the survey respondents either cost 32,000 people their jobs, or it could have provided enough money to hire 32,000 people.

In either case, just looking at the small set of survey respondents for one survey, DDoS attacks cost just about 32,000 jobs. Given the worldwide prevalence of DDoS attacks, the actual cost in dollars and jobs is far higher. 

Now, let's bring this back to the discussion of legitimate form of protest vs. terrorism.

If you woke up tomorrow and turned to your favorite news outlet, and you read or heard that 32,000 people had lost their jobs as a result of some kind of attack, would you think terrorism or would you think legitimate form of protest?

Without a doubt, there is absolutely no ethical, moral, religious, or righteous justification for a DDoS. Unlike civilized protests, DDoS attacks inflict damage and pain on a very large number of unwilling and unwitting victims, expose them to future infection, theft, and hardship, and result in astonishing financial losses.

There is no room for prevarication. A distributed denial of service attack is criminal and may well be a terrorist attack. There is no high ground here. If you participate in a DDoS attack, you're either a criminal or a terrorist...and a fool.

There seems to be some kind of major malfunction in the strategic thought processes of China’s leaders.

If one nation attacked, the other was sure to respond. The term “overkill” came to have dire meaning as weapons experts realized that not only could each nation blast the other back into the Stone Age, but there were so many missiles that we could, theoretically, destroy each other many times over.

It was mad. It was, in fact, MAD, as in Mutually-Assured Destruction.

Even in these dire times, cooler heads gave voice to practical concerns. While neither country had much love for the other, the idea of blasting each other into glass didn’t hold much appeal either. If one country or the other could just do it, and win, that would be one thing. But MAD was the maddening truth, and so a smarter strategy needed to be considered.

And so, in 1969, an odd set of negotiations began called the “Strategic Arms Limitations Talks,” or SALT. The talks weren’t designed to limit the number of ballistic nuclear weapons. Instead, they were designed to limit the number of anti-ballistic nuclear weapons – or weapons designed to defend against ICBMs. To be fair, a lot of that technology didn’t even exist at the time (the much-later Reagan Star Wars program was the beginning of real counter-ICBM technology), but it was something.

SALT lead to SALT II, which the U.S. decided not to ratify because – get this – the USSR invaded Afghanistan.

Ah, the irony.

In any case, later SALT II lead to START, which led to START II, which ultimately led to the two nations limiting the number of nuclear missiles to just mere total destruction, rather than 30-times or 60-times overkill.

Then, of course, the USSR became Russia and Russia discovered the value of cash, and who knows what became of all that fissionable material and technology? But hey, they’re now our buddies, right?

After all, almost 300 million of us worldwide have installed anti-malware software on our computers from Kaspersky, a Russian company that is now the world’s fourth largest supply of anti-malware to consumers.

Irony upon irony aside, we’re here today to talk about China, not Russia. All this has been just background so you’re clear on the idea of arms limitation talks.

See, here’s the problem: China and the U.S. may also be poised for mutually-assured destruction, this time of a digital nature.

There seems to be some kind of major malfunction in the strategic thought processes of China’s leaders. They seem to think it’s acceptable to mount hacking attack after hacking attack against United States’ interests – against our government, our industry, and our citizens.

The recent attacks against The New York Times and The Washington Post were traced back to government-backed Chinese hackers. And now, security firm Mandiant, the company hired by both media outlets to trace and mitigate the attacks, has released a report claiming an “overwhelming” number of cyberattacks can be traced to facilities operated by the Chinese government.

Here’s how this could play out.

China could continue attack the United States. To think the United States won’t return the favor is unrealistic.

If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.

First, we’re the country that is home to Apple and Microsoft and Google and Facebook and many other companies with very smart computer scientists, none of whom want foreigners (or even their neighbors) traipsing around inside their computer networks without an invitation.

Second, it would be very un-strategic for the United States to not build an offensive cyberwar capability. The U.S. has always optimized for strategic offense as a way to win wars. While there has been no public admission of an assault arm of the nation’s strategic cybersecurity forces, it would be ludicrous to think such a capability hasn’t been created. The New York Times even reported that the Stuxnet attacks against Iranian centrifuges were masterminded by the U.S.

So China could attack U.S. companies. The U.S. American companies, completely without any involvement from the U.S. government could attack China in order to make the originating attacks stop.

China could retaliate, attacking our infrastructure, perhaps causing damage or downtime to our power grid or water management. The United States cyberforces could retaliate, perhaps causing similar damage to China.

Attack. Counter-attack. Retaliation. Attack back.

At some point, critical infrastructure, like the ability to order pizza online, would be affected. A little later, more systems might go down.

If both companies decided to get into a full-tilt cyberpissing match, it’s entirely likely that financial systems, electrical systems, transportation systems, health care systems, and many of our other way-of-life networks would simply cease to function.

It wouldn’t be a nuclear attack, but we’d still be knocked back to the Stone Age. While the prospect of never again hearing “did you see my Facebook post?” has its appeal, the fact is, we are now so reliant on Internet infrastructure that if the net goes down, we go down with it.

Since China is desperately trying to move its population into the middle class, if we go down, we’re likely to take China down with us. If you think the prospect of a few cranky Texans are scary, imagine how the Chinese leadership must feel about the prospect of a Stone Age population numbering 1.3 billion, many still sporting that newly-entitled attitude, and all very angry about basics like not being able to get food.

The point here is, neither of us can win if we attack each other. While that fact may be hard to get through the heads of the Chinese leadership, it’s an essential truth.

At this point, I don’t think a few high-level phone calls from our new looks-like-an-apple-doll Secretary of State, John “watch me windsurf” Kerry, will convince the Chinese to cut it the heck out.

For some relatively short-sighted reason, the People’s Liberation Army and the Chinese leadership seem to endorse these cyberattacks based on short-term desires, like preventing American news outlets from printing juicy stories. Like that would ever work.

But back in the 1960s, the Soviets were as confrontational and shoe-bangingly disagreeable as the Chinese leaders are today. And yet, some Soviet leaders managed to do the math and were able to comprehend the madness of mutually-assured destruction.

That comprehension led to SALT and the various other talks that did, in fact, reduce the worldwide nuclear risk by some measurable degree. At the very least, those talks made clear to both parties the desire to never see destruction, and the absolute willingness to go there if the other pulled the trigger.

I think we’re at a point where we need to initiate cyberSALT talks with China.

If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.

Here’s the thing. Back in the 60s, all the nukes were in the hands of the governments. Now, our cyberweapons are not. Now, our companies (and our teenagers) also have the means to build weapons of digital destruction.

While it might have been possible for the Americans to reason (after a fashion) with the Soviets and the Soviets to reason with the Americans, can you imagine how much like talking to a brick wall it would be for anyone to try reasoning with a teenager, or, worse, Apple (a company that often shows the responsive communications skills of the most sullen of teenagers) after it was on the receiving end of a cyberattack?

My recommendation to both nations is to begin diplomatic talks limiting these cyber-incursions. And while you’re at it, invite Google and Facebook and Microsoft. Don’t bother inviting Apple or the neighborhood teenagers. They probably wouldn’t show up anyway.

Today is not a normal day. While the union is undergoing its usual economic and political stresses, with the sad addition of increased gun violence, what I consider the most important story got only a two-paragraph mention in President Obama’s speech last night.

Read this

Obama's cybersecurity executive order: What you need to know

• Read more

America is being attacked. Constantly. Unrelentingly. We are being attacked by enemy nation states (like North Korea), frenemy nation states (like China and Russia), friendly nation states (like France and Israel), hacker groups (like Anonymous), just plain ol’ organized crime organizations out to make a buck, and individual hackers out to make a name for themselves.

Although the President only gave the cyberthreat two paragraphs of attention in his speech, he did something else very important yesterday: he issued an Executive Order, “Improving Critical Infrastructure Cybersecurity” (full text, ZDNet analysis).

It is at this point that I must share with you an important disclosure about myself. I am a member of the FBI’s InfraGard program, the infrastructure security partnership between the FBI and industry. I am also a member of the U.S. Naval Institute and the National Defense Industrial Association, the leading defense industry association promoting national security. I'm also the Cyberwarfare Advisor to the International Association of Counterterrorism and Security Professionals.

I’m telling you this because you need to know that I look at these issues from a similar perspective as those in Homeland Security and the other three-letter agencies. We have a challenge here: we are being attacked. We have a second challenge: we Americans cherish our privacy and any defense has to also protect that privacy.

Let me be blunt: I don’t think President Obama went far enough.

Mr. Obama's Executive Order is a step in the right directly, but it’s not strong enough and may even open the door to new exploits.

I also think President Obama missed a golden opportunity to involve the American people. In fact, I think he squandered a necessary, critical, golden opportunity – using  the bully pulpit of the State of the Union and its worldwide media coverage to involve American citizens in their own cyberdefense.

On the other hand, the Executive Order generally gets the privacy protection side of things pretty much right. Previous attempts at cybersecurity legislation have forgotten the the importance of privacy. When CISPA and SOPA were spun up, so were the forces of We The Internet, and rightly so. Those were both bad law-making and they were rightfully squashed.

President Obama’s new Executive Order takes those concerns into account. “Privacy” is mentioned 14 times in the order. Section 5 of the document is entitled, “Privacy and Civil Liberties Protections,” and provides substantial and reasonably guidelines for the ongoing maintenance of our sacred freedoms.

This is supported by a statement from the ACLU (quoting from an article in The Hill):

"The president’s executive order rightly focuses on cybersecurity solutions that don’t negatively impact civil liberties," Michelle Richardson, a legislative counsel for the ACLU, in a statement. "For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information."

Unfortunately, in its first run through Congress, CISPA seemed to miss the point about America freedom and privacy. I am not convinced that additional legislation, especially the way CISPA was written, is necessary to protect America, since our existing laws about crime, espionage, and warfare pretty much cover the defensive aspects of the cyberthreat.

I am also deeply concerned about reports that CISPA is back on the table, essentially unchanged. Sadly, in 5 reasons why SOPA, PROTECT-IP and other legislative idiocy will never die, I predicted this sort of thing would keep on happening.

On the other hand, the new Executive Order seeks to set mandatory cybersecurity standards for government agencies and voluntary standards for U.S. companies and organizations.

However, as malware guru Phil Owens mentioned to me in yesterday’s cybersecurity webcast, once you set standards, you also set a minimum bar for acceptability. Essentially, you’re telling agencies and businesses that “this is good enough,” and you’re telling attackers, “This is what we’re watching for,” leaving the door open for attack vectors not covered in regulations.

My ZDNet colleague and friend Zack Whittaker points out that the terms “cyberthreat” and “cyberintrusions,” remain relatively undefined. His contention is that those “hacktivist” organizations that choose to use Distributed Denial of Service (DDoS) attacks as a form of protest speech might then be targeted by the US government.

My take on DDoS as protest speech is quite simple: DDoS is an attack that must be defended, and the attackers must be brought to justice. In fact, a DDoS attack is an asymmetrical attack, which means that the attackers often have a vast logistical advantage over the defenders.

There is a difference between a flash mob (or even a Million-Man March) and a DDoS attack. A DDoS attack uses computers infiltrated against the will of their users, and turns ordinary computer users into cannon fodder. It would be as if – when a group decided they wanted to conduct a flash mob in protest – they broke into millions of homes, kidnapped the residents, and dragged them along, just to raise their numbers for the TV cameras.

As someone who’s had to defend against an attack from millions of computers a day aimed at a few private servers, I have not a shred of patience for anyone conducting a DDoS. There is no excuse for a DDoS and it is not and never will be a legitimate form of protest.

Moving on, I mentioned earlier that President Obama squandered a golden opportunity.

When the President discussed cybersecurity in his speech, he made it sound like something that’s the concern of government and industry. Although he mentioned identity theft, he didn’t involve the American people – moms, dads, grandparents, kids, teachers, students, office workers, Facebookers – in the discussion.

He didn’t make the threat real to real Americans.

In World War II, when the Nazis were bombing London, the British government communicated the threat to their people. It was obvious, as bombs were dropping. But the government made it clear that everyone had some responsibility in the national defense.

They instituted blackout rules, requiring lights to be doused at night, or black curtains to be hung over windows. The reasoning was very practical. If a Luftwaffe bomber could see a lit building, it could hit the building.

Now, say there was an apartment building with 100 apartments. If even one resident ignored the blackout rules, the building might be hit, and hundreds of tenants might be killed – just because one person disregarded the defensive rules.

This is quite analogous to our cybersecurity problems today. We are not just getting attacked at the entry point to banking networks or federal agencies. No. In fact, most of the attacks are being conducted against regular American citizens, you, me, your mom, my dad, and so on.

If any one of us has poor defenses, malware (like the kind that tunneled into the New York Times last week) could make it into our home networks, and then spread from family member to family member, from home computer to work computer, from work computer to work network, and so on.

Where President Obama missed his opportunity was making this point. We, as Americans, will never ever have a comprehensive cybersecurity defense until every computer-using American is safe from attack. And every computer-using American won’t be safe from attack until each of us fully understands both the risks and the methods of protection.

We need this to be a national priority, a message of Presidential import, and Mr. Obama missed it.

Until every American is on board, until every American is aware of the threat, until every American is actively involved in his or her own defensive behavior, cyberattackers have an easy, wide-open invitation to enter, pillage, and plunder our networks.

This is war. It’s a war where, whether we like it or not, we’re all combatants. I just wish President Obama had explained that to his fellow Americans.