The one thing I would like to see government do is make financial institutions liable for fraud. Until banks bear the costs of losses, they're not going to fix the problems. It's basic economics.

Why are European countries doing better at fighting fraud than the United States?

I've already given some examples. In general, Europeans are much better at balancing personal security with the needs of business. In the United States, at least under the current administration, we largely ignore individual interests in favor of corporate interests.

Europe doesn't have the same notion of "credit rating" that we have in the United States. European banks have different procedures to open bank accounts and credit cards. There are different rules about account holders accessing their resources. The U.S. financial industry views these as inefficiencies and impediments to business, but they make European citizens safer.

Government is a seller of personally identifying information. Should that practice be stopped? If not, what should be done to assure that government doesn't abuse or misuse personal information?

Government should both stop selling personal information, and pass laws regulating the security and privacy of the personal information it is entrusted with.

Since total security is not feasible or even possible when it comes to governments, do you think we also should replace the term "security" with something like "managed risk"?

Total security isn't feasible or possible for anything, but it's still a useful word. I think we're better off replacing people's unrealistic expectations of security with more realistic ones ... ones based on risk. The key is to remember that security is a continuum, and not all or nothing. Security is a trade-off.

As for the term, I like the word "security." And in general, I think we're all better off by limiting business-speak and not creating more of it.

Is security too often viewed as a technical problem and not a people problem? What's the solution?

The first solution is to stop looking for "the solution." Security is primarily a people problem, but technology plays a huge role in it. You're certainly right that there is a widespread belief that technology can "solve" security problems. My latest book, Beyond Fear, directly addresses this issue.

Should software companies be liable for producing software replete with security holes? What will it take to get them to do a better job of fixing these security holes?

The only thing that will get software companies to sell more secure software is for it to be more expensive for them not to. Capitalism works, and it's simply wrong to expect private corporations to act as charities. The trick is to make it in a corporation's financial interest to sell secure software. Competition is only partially effective for several reasons, and more incentive is required. Either liabilities or regulations will directly affect a software vendor's bottom line.

Jim McKay, Justice and Public Safety Editor  |  Justice and Public Safety Editor