Q&A: Clearswift CTO

In this interview, Clearswift chief technology officer Alf Pilgrim discusses rising spam volumes, the Australian government's plan to filter the internet, and why IT can't play nanny any more for the business it serves.
Written by Alex Serpo, Contributor

In this interview, Clearswift chief technology officer Alf Pilgrim discusses rising spam volumes, the Australian Government's plan to filter the internet, and why IT can't play nanny any more for the business it serves.


Clearswift CTO Alf Pilgrim (Credit: Clearswift)

Based in the UK, privately held Clearswift has 300 employees globally with a focus on anti-spam engines and content filtering.

Despite proclamations from Bill Gates and others, spam is still on the rise. Will there ever be an end to spam, and if so, when?

An end to spam? No, I don't think so, not while there is an economic model in it.

[Spam is] becoming much less of this sledgehammer, broad brush technique of broadcasting the message to a vast number of people; it's evolving to a series of narrow casts with specific messages aimed at specific individuals. It's quite an interesting phenomenon and one that will create quite a few challenges for IT security generally, because they have a much shorter life cycle generally and are under the radar a lot more.

Clearswift's expertise is in internet content filtering, and as you are probably aware, the Australian government is currently trialling a system to filter the internet at the ISP level. What do you think of this plan?

Obviously, it raises interesting questions for ISPs, whether or not that's an initiative they want to follow through on. Today around the world, ISPs have been very reluctant to do content filtering, on the basis of privacy of their customers, despite being pressured by governments around the world.

I think the Australian government has got quite a challenge on their hands to persuade the ISPs that actually this is a good plan.

Content filtering is, by its very nature, very performance-intensive, so with the volumes going through, it's going to be quite a big investment for ISPs to cope with the load that comes with true content filtering.

Technically, it's probably do-able, economically ... I'm not sure it's something that people would want to do right now.

The Australian government has said that it will not look at mandatory data breach disclosure laws for some time, should we have mandatory data breach disclosure laws?

That's really something that communities have to decide for themselves, the technology is there to enable disclosure, one would argue, particularly in western democracies, that mandatory data loss disclosure is a good thing.

If nothing else, it helps raise the bar for everyone. Recent surveys have shown that public service organisations in particular are quite opposed to mandatory disclosure. Clearswift conducted a piece of research earlier this year, which came up with 96 per cent of public servants saying, "no", they don't support mandatory disclosure.

In the US where it has been implemented, I think there is evidence that businesses are looking after people's personal data, they are taking that much more seriously than they have done in the past. But it will add another load onto the business community in a time when some might find that difficult to bear.

Is there anything else you want to say?

The only thing I would add is about content filtering. We spent the whole week going around Australia ... one of the things that has come from that is in terms of the IT security industry, [is that] most vendors have been operating in the nether regions of business.

"we don't want this, we don't want viruses, we don't want malware, we don't want spam". It's quite broad brush.

Now, what we are finding is with the advent of content and data loss prevention, is that IT security guys are going to have to wake up much more to being part of the business, and understanding their role within business objectives.

It can't be the place — and this had come out from lots of discussions we have had with lots of people representing their IT departments and Australian companies — they can't be the IT police for content protection. They need the people who own the data, and understand the sensitivity of the data, to take more ownership of that data and what they do with it.

Editorial standards