The choice in this election is between a small or large left-ward shift. McCain is a moderate Republican, Obama is a radical Democract. A bigger issue than the candidate is the Democrat-controlled congress. Our country was designed with the idea of checks and balances, but this system breaks down when the same party controls both the presidency and congress. Our country has prospered most when difference parties controlled these two branches of government.
Technology regulation is the biggest concern for us. McCain is famously over a hundred years old and has never sent an e-mail. Yet, Obama is not much better. Whereas neither candidate knows much about computers, McCain has extensive experience in telecoms regulation. It is here where McCain has demonstrated a greater understanding of the Internet and its history.
Obama has frequently described the Internet as something created by the government. In contrast, McCain watched the Internet evolve from its infancy. McCain remembers how the over-regulated telecommunications industry failed to innovate. He also remembers that the government did indeed design an Internet known as "GOSIP", and that this alternative Internet failed. McCain knows that today's Internet was designed not by government nor by corporations, but by mavericks that opposed both.
A test of the candidates' desire to regulate is "Net Neutrality". Obama sees this as government protecting the people. McCain sees this as yet another example of the type of overregulation that destroys innovation. What concerns McCain is that Net Neutrality laws protect business interests, giving power to those at the "ends" of the network (like search monopoly Google) over those providing Internet service (like AT&T). McCain is concerned with the fact that Google has spent millions lobbying congress to pass Net Neutrality legislation. McCain is worried about the way Google has hired former FCC employees and Internet luminaries to do its lobbying, exactly the sort of Washington cronyism that has stifled telecommunications for the last 30 years.
Government regulation cannot fix cybersecurity. There is a myth that some sort of "magic pill" will solve all security problems, and that government should just force everyone to take this "magic pill". This "magic pill" doesn't exist. If it did, everyone would have taken it already. No such pill will ever exist. Security is a tradeoff - each gain in security requires sacrificing something else. Different people want different tradeoffs and therefore different solutions (and different risks). Government regulation forces a one-size-fits all set of tradeoffs. We want less government regulation in cybersecurity. We want people to choose tradeoffs and risks for themselves.
The state of the art of hacking and defense changes faster than government regulators can keep up. Today's compliance issues were based on a model where hackers attacked "server" vulnerabilities. Now hackers target mostly "client" vulnerabilities, and those regulations are out of date. Regulatory compliance is forcing companies to keep their focus on the old threat rather than addressing these new threats.
Government regulation is corrupt. Laws are heavily influenced by lobbyists. Companies have cozy relationships with auditors that allow them to pass compliancy checks while having little or no security.
McCain is not our perfect candidate in regards to Internet regulation, but he is much better than Obama and the Democrat-controlled congress.
Economics is our second concern. Entrepreneurs and small companies drive the innovation in our industry. Most cybersecurity innovations come from the United States because of our business-friendly climate.
Obama's tax plan hurts small cybersecurity companies. The majority of people we know work 80-hour weeks. Their spare time is spent reading technical books to keep their skills sharp. They quit their jobs at large firms in order to create an independent consultancy or create a new product company. It is this highly skilled, hard working professional that Obama proposes to tax in order to send welfare checks to unskilled laborers that don't work as hard. The cybersecurity professionals we know don't have time to watch much TV, the average American receiving Obama's checks spends 28-hours a week in front of the TV. This income redistribution is a strong disincentive to entrepreneurs. Why improve your cybersecurity skills, work hard, or take the risk with a startup if you cannot enjoy the rewards of doing so? This is a selfish point of view, of course, but a large reason we support McCain.
Security is a luxury. It is one of first things companies cut when profits decline, it is one of the first things they invest in when things get better. Obama's anti-business policies, such as trade protectionism we cut corporate earnings and reduce their investment in cybersecurity.
And, the issue of regulation comes up again. American's start their own business at a rate of 10 to 1 vs. Europe precisely because it's easy. In most other countries, it can take a year's wages and months of hard work just to get the business licenses needed to start a company.
We are also concerned with foreign policy. Many foreign countries, notably China and Russia, have policies that encourage their citizens to attack American cyberspace. While we are not happy with the current president's Texas-cowboy approach of attacking foreign countries, neither are we happy with Obama's stated strategy of appeasement. We prefer McCain's more moderate approach between these two extremes. As a side note, we suggest that the next government respond in kind - making it easy for our own citizens respond to these attacks.
Both candidates displease us on certain issues. Both candidates failed on the issue of the so-called "Patriot" Act and the recent FISA bill. Both candidates fail on the issue of intellectual property. Both candidates fail on the issue of free speech, although we worry more about the passage of a so-called "Fairness" Doctrine next year designed to curtail right-wing speech.
These issues are like the slavery debate 200 years ago. The issues are so integrated into society that many people cannot see their obvious immorality. We understand how our society is based upon the protection of property rights, and how intellectual property is a leading American expert, but this should not blind us to the obvious abuse of intellectual property.
In summary, we believe John McCain is the best candidate for cybersecurity. The next president will not help cybersecurity much. The most we can hope for is that they resist the urge to meddle in something that government does not understand, cannot understand, and which will ultimately be driven more by special interests than technical knowledge.
EDIT: This blog asks should security company's endorse a president? It suggests our inspiration comes from movie stars, but in reality it comes frm Google's endorsement of Obama. Why is the search/advertising monopoly allowed to endorse a candidate but not a small security consultancy?