There are places on this planet where good, civilized people simply do not voluntarily go, or willingly stay. What elected governments do in safer and more developed parts of the world are carried out in these areas by despots and militias, often at terrible cost to those who have nowhere else to go and no means to go if they did.Life online is not unlike life in these ungoverned areas: anyone with the skill and the will is a potential warlord governing their own illicit enterprise, basking in the spoils garnered from the misery of a mass of unfortunates. Who is to stop them? A relative handful of government entities, each with competing agendas, varying levels of knowledge, skills, and resources, none of whom can move fast enough, far enough, or with enough vigor to respond in-kind.Reaping the whirlwind of apathyOutside of the government, computer security is rarely something anyone asks for except in certain edge cases. Security is a burden, a cost center. Consumers want functionality. Functionality always trumps security. So much so that most people do not seem to care if security fails. People want an effective solution to their problem. If it happens to also not leak personal or financial data like a sieve, great, but neither is it a deal-breaker.At the start of the PC age we couldn\u2019t wait to put a computer on every desk. With the advent of the World Wide Web, we rushed headlong into putting anything and everything online. Today online you can play the most trivial game or fulfill your basic needs of food, shelter, and clothing, all at the push of a button. The down side to cyber-ing everything without adequate consideration to security? Epic security failures of all sorts.Now we stand at the dawn of the age of the Internet of Things. Computers have gone from desktops to laptops to handhelds to wearables and now implantables. And again we can\u2019t wait to employ technology, we also can\u2019t be bothered to secure it.How things are doneWhat is our response? Laws and treaties, or at least proposals for same, that decant old approaches into new digital bottles. We decided drugs and poverty were bad, so we declared \u201cwar\u201d on them, with dismal results. This sort of thinking is how we get the Wassenaar Agreement applied to cybersecurity: because that\u2019s what people who mean well and are trained in \u201chow things are done\u201d do. But there are a couple of problems with treating cyberspace like 17th century Europe:Even when most people agree on most things, it only takes one issue to bring the whole thing crashing down.The most well-intentioned efforts to deter bad behavior are useless if you cannot enforce the rules, and given the rate at which we incarcerate bad guys it is clear we cannot enforce the rules in any meaningful way at a scale that matters.While all the diplomats of all the governments of the world may agree to follow certain rules, the world\u2019s intelligence organs will continue to use all the tools at their disposal to accomplish their missions, and that includes cyber ones.This is not to say that such efforts are entirely useless (if you happen to arrest someone you want to have a lot of books to throw at them), just that the level of effort put forth is disproportionate to the impact that it will have on life online. Who is invited to these sorts of discussions? Governments. Who causes the most trouble online? Non-state actors.Roads less traveledI am not entirely dismissive of political-diplomatic efforts to improve the security and safety of cyberspace, merely unenthusiastic. Just because \u201cthat\u2019s how things are done\u201d doesn\u2019t mean that\u2019s what\u2019s going to get us where we need to be. What it shows is inflexible thinking, and an unwillingness to accept reality. If we\u2019re going to expend time and energy on efforts to civilize cyberspace, let\u2019s do things that might actually work in our lifetimes.Practical diplomacy. We\u2019re never going to get every nation on the same page. Not even for something as heinous as child porn. This means bilateral agreements. Yes, it is more work to both close and manage such agreement, but it beats hoping for some \u201cuniversal\u201d agreement on norms that will never come.Soft(er) power. No one wants another 9\/11, but what we put in place to reduce that risk, isn\u2019t The private enterprises that supply us with the Internet - and computer technology in general - will fight regulation, but they will respond to economic incentives.The human factor. It's rare to see trash along a highway median, and our rivers don\u2019t catch fire Why? In large part because of the crying Indian. A concerted effort to change public opinion can in fact change behavior (and let\u2019s face it: people are the root of the problem).Every week a new breach, a new \u201cwake-up call,\u201d yet there is simply not sufficient demand for a safer and more secure cyberspace. The impact of malicious activity online is greater than zero, but not catastrophic, which makes pursuing grandiose solutions a waste of cycles that could be put to better use achieving incremental gains (see \u2018boil the ocean\u2019).Once we started selling pet food and porn online, it stopped being the \u201cinformation superhighway\u201d and became a demolition derby track. The sooner we recognize it for what it is the sooner we can start to come up with ideas and courses of action more likely to be effective.