Arthur W. Coviello Jr., CEO, RSA Security

Some years ago, a salesman from a home-security company came to my house with a scrapbook of newspaper stories chronicling local robberies. Does RSA have a scrapbook?

That's a good analogy for what we've been doing with our consumer-facing initiative. The fact is, the Internet is a crime-ridden neighborhood. We could give you quite a number of cases of how fraud is perpetrated. Unfortunately it's not one isolated instance--there's actually an ecosystem for fraud. You have the guys that design the methodologies for gathering the information and the forms of malware--the insidious software that gets on your computer. Eventually the information is passed on to the criminal elements who go ahead and perpetrate the attack.

You've begun talking a lot about RSA's consumer products, yet you don't actually sell anything directly to people in their homes who are, say, surfing the Web or buying something on eBay. In what way are you serving consumers?

We sell to consumer-facing organizations. So, let's say you're a bank with 10 million online banking customers. How sure can you be that all of those customers have up-to-date operating systems, up-to-date firewalls, personal firewalls, up-to-date antivirus, up-to-date anti-spyware? The odds are pretty minuscule, right? Our products are designed to help the banks help the consumers stop the fraud and stop the identity theft.Since 2002, California has had a law requiring companies and government agencies to notify customers whose private information has been compromised. Will laws like this force companies to boost information protection, or do you think companies will find a way to circumvent them?

I don't think companies are in the habit of breaking laws; I think they're in the habit of complying with them. People do need to be protected and notified, and I think the California legislation is a good start. But it's something that should be done at the federal level. There are several bills before Congress that we've advocated. Then we'll have one standard for the country.

You've agreed to be acquired by EMC, a company that's more than 25 times RSA's size and that has its roots in storage management, not security. Is there a risk of getting lost next to a parent that's so big and so foreign?

I don't think so. For too long, security has been bolted on. EMC has made a bold move here to make sure that security technology is built in. We will be run as a separate security division within EMC, with a charter to build a security franchise of over a billion dollars. That's right in line with the goal we had as an independent company.

You've served on committees related to cybersecurity, both regionally and nationally. With the publicity surrounding the fifth anniversary of September 11, how big a role do you think there is for commercial technology companies in fighting terrorism?I do think commercial companies like RSA have an obligation to build in security so that we are protecting this infrastructure. But I've never been a believer that terrorists wanted to mount this massive attack to bring down the Internet. First, it's a bit of folly; the Internet is incredibly resilient. Second, terrorists like to kill. The only terrorist threat I would see is a combined physical and logical attack that might somehow affect our ability to respond. But I think that even that, while it's theoretically possible, is not likely.

• PODCAST: Right-click to download the complete interview.

• Get more NWC Podcasts