Identity Theft? That’s Been Outsourced, Too

There’s been a lot of attention paid to “pretexting”,the practice of posing as someone else in order to gain access to their personal data, lately in the wake of the HP scandal. However, a British TV program has shown that there’s more than one way to skin the identity fraud cat, as an undercover reporter was offered the personal details of 100,000 UK bank customers, stolen by offshore call-center workers.

The knee-jerk reaction is simply to point the finger at outsourcing and offshoring, but they’re largely irrelevant to the situation. Lax corporate security and indifferent attitudes towards data breaches certainly aren’t restricted to a particular country, industry or line of work, so the suggestion that banks and other companies that allow offshored workers access to personal financial information could simply solve the problem by bringing outsourced functions back in-house is inaccurate.

Quite clearly, many companies’ security policies are inadequate, unenforced or nonexistent, whether for in-house employees or external suppliers, and there’s currently little motivation for them to take the problem seriously. Whether data is kept internally or shared with offshore workers doesn’t really seem to matter — it doesn’t appear particularly secure either way.

Digital voter fraud is here

This morning, the House Administration Committee held a hearing on legislation to require auditable, voter-verified paper trials for electronic voting machines, such as those manufactured by Diebold.

 

The hearing featured a demonstration by Princeton University professor Dr. Edward Felten, showing how easily such machines can be tampered with. Felten, along with two graduate students, wrote a paper, earlier this year, for the Center for Information Technology Policy, that details who easy it was to hack the Diebold machine and change the outcome of an election. Felten and his two associates set up the machine for an election between George Washington and Benedict Arnold. All three voted for Washington (good choice!) But the machine tabulated only one vote for Washington but two for Arnold.

 

This can be done in a way, Felten says, so that the virus is completely undetectable, and can be set up to generate results that won’t be questioned. If the virus is designed to give 55% of the vote to the winner, the loser is unlikely to question the results, and without a paper record, the result can’t be audited. Felten later explained that because of the way boards of elections typically set up the machines, a virus can be introduced into one, via its memory card, and then many more machines can be contaminated as the rest of the machines are set up. Very scary indeed.

Rather than prohibit the use of such machines, altogether, Rep. Rush Holt (D-N.J.), along with 215 co-sponsors, is supporting legislation that would provide that voters have the opportunity to verify the accuracy of their recorded vote, require that all voting systems produce a voter-verified paper record, ban the use of undisclosed software and wireless devices in voting systems, require random unannounced, had count audits, among other measures.

 

“Voters need to be confident of the central act of their democracy, and voter confidence is unraveling,” he said. The last six years have brought us example after example, in state after state, of the problems caused by unverifiable voting machines.”

In addition to the voting machines bill, Holt in the House and Senators Barbara Boxer (D-Calif.), Russ Feingold (D-Wisc.) and Christopher Dodd (D-Conn.) introduced emergency legislation on Sept. 26 to authorize Federal funding to the states for the printing of paper ballots to be available for voters in case of problems with the electronic voting machines. Boxer told the New York Times that “If someone asks for a paper ballot they ought to be able to have it.” Neither Holt’s voting machine bill, nor the Boxer bill appear to have much chance of enactment, this year, however.

 

It’s not hard to see why the Republican leadership in the Congress is not very interested in moving these bills. The Diebold machines would make what Karl Rove managed to pull off in 2000 in Florida and in 2004 in Ohio much easier and much harder to detect. And that’s why these machines should be banned altogether. Even without fraud, they can malfunction in other ways and screw up your election, just as happened in Montgomery County, Maryland during the Sept. 12 primary, when malfunctions in both voting machines and the electronic voter roles left many people unable to vote.

Rep. Rush Holt (D-N.J.) advocates for paper trails from electronic voting machines. To his left is Dr. Edward Felten of Princeton University.

Biometrics Promising Says Report

A report issued by RNCOS has encouraging news about using biometrics in securing authenticated identities. Making transactions more secure, they state that such biometric technologies include iris scans,fingerprint scan, matching shape and size of palm, skin, voice and face patterns can be used successfully.

The recently published market research report by RNCOS namely “World Biometric Market Outlook (2005-2008)” after having conducted a thorough survey says that there is a growing worldwide interest in biometrics technology for access control or personal identification. As compared to 2003 the market is expected to bounce 6.5 times by 2008. The RNCOS Report further states “the market of biometrics the point-of-sale equipment and services are predicted to leap to $440 million or 85% by 2010,up from $31 million or 2% in 2005.”

Preemptively fingerprinting your kids

Parents in New Zealand have taken to having their children fingerprinted by police as a means of scaring their kids onto the straight and narrow. The fingerprints and palm prints added to a nationwide juvenile print database. According to Detective Inspector Malcolm Johnston, “We do take a lot of voluntary juvenile fingerprints. Feedback from parents is that it’s a wake-up call for the youths, and crime prevention.” Detective Johnston is in charge of the South Island’s crime prints and forensics team. He explained that a large number of burglaries and car thefts were committed by youths, so having this sort of forensic evidence on file is very important. Voluntary collection of fingerprints and palm prints is allowed by current law.

Apparently, earlier this year, there were an average of six cars stolen and seventeen cars broken into every day in the Canterbury district where Detective Johnston works. I suppose parents think a trip to the police station for fingerprinting on their terms is better than being called down to pick a kid after they’ve committed a crime. But would this really be a deterrent to teens who already think they know everything and think they can get away with anything? While I wouldn’t cover up for my kids if they broke the law, I’m not sure I would go out of my way to help the government track them either. Would you add your kids to such a government database? Do you think doing so would keep them out of trouble?

MySpace takes precautions against predators

In the wake of a series of negative articles and increasingly nervous parents, My Space is taking precautions against Internet predators by introducing new security measures.

The new rules are meant to prevent adults 18 and over from requesting to be on a younger person’s friend list unless they already know the youth’s full name or email address.

While the move is nice in theory, it’s a tad useless, in my opinion, because the site doesn’t have any way of verifying the real age of the user when they’re registering. I just registered successfully as a 16-year-old and I’m 54.

I don’t know if there is much My Space can do to solve the problem of Internet predators and false identities unless they agree to use authentication of all their users. Bringing all the MySpace millions of users ‘inside’ would be difficult if not impossible, but my hope is that a new, safer environment for teens and young adults will eventually take on MySpace. Such a new social environment could be a very popular place if parents were satisfied that all the users were authenticated. I know I would be. 

Parenting teens in the days of MySpace

I’ve written before about MySpace and that I allow my teens to have pages on this site, despite my reservations. I do so because I am ever vigilent about watching their pages, questioning anything I think is inappropriate, and deleting friends I don’t want them talking to. I’m extremely careful and I talk about adding new friends and giving out personal information all the time. My kids roll their eyes they’ve heard it so much. But evidentally not quite enough.

Today I was checking my daughter’s page while she was in school. First I went through her inbox to see any new messages. She has several, from some guy I’ve never heard of, and a couple of them are really inappropriate. So I looked at his site and there are 6 pages of women and no men at all in his friends list. Plus, quite a few of the women are scantily clad and a bit too sexy for my taste. They guy identifies himself as 23 years old. I’m really not happy.

I contacted MySpace and reported him as a predator. I contacted the police and reported him as a predator. The police are taking it seriously enough to come over and get the printouts of his mail to the Girl. They’re going to be watching his space carefully. I also sent him a message telling him I was reporting him to both the police and to MySpace and not to contact my daughter any more. She is no longer on his friend’s page, either.

But what upsets me the most is that when the Girl came home and I questioned her about this guy, she told me a friend of hers is in love with him, and that he’s been to our house to pick up said friend. Her friend is 13, too. OMG, I’m so upset it’s beyond pissed and angry. This is bothering me to the core of my being.

I deleted this guy and blocked him from my daughter’s site. But the bad thing is, unknowingly she gave him WAY too much information as to where her friend lives now, and now to get in touch with her. I don’t think she meant to, and she says that he’s a ‘nice guy’, like all predators are. She just doesn’t get the whole predator thing at all, despite watching Dateline shows on this very topic over and over. She thinks that because her friend knows him in real life, he’s OK. Even when I showed her the latest mail from him asking about her sexual preferences. She’s 13. I don’t think she needs to be asked this by anyone, never mind some 23 year old creepy guy on MySpace.

I so want to delete her page, but she is using it appropriately 99.9% of the time. She made a bad error in judgement, one that involved the police and her friend’s parents. Hopefully she’ll learn from her mistakes. If not, the page goes.

Update: About 2 hours later, after I had talked to her about this, this jackass emailed her thru MySpace again. AGAIN. First he responded to my email telling him to leave my kid alone with this ditty:

” I might also add that a bitter old lady should really mind her own business and allow her daughter to become a person, not just a posession that you monitor. “

Then the Girl writes back, idiot that she is:

” THANK YOU. want to tell her that. but i really am sorry and i like totally cried ova this “

He responds to her mail:

” HAHA, Im sorry, I know your mom is just looking out for you, but i dont think your profile says ur 13 anyway does it? i thought it said a bit older, but dont worry, im a nice guy, I assume mxxxxx told you some stuff about me so….ya, thatd be good lol. so how was ur day otherwise??? “

Then she writes back:

“if i were u, i would nt message me, but if u want to talk to me, tell some to message me and tell them to tell me to message u back. i can message u and we can talk that way but u shouldnt message me first. did that make any sence?”

And he responds:

“it would make more sense if you just had an email address lol???”

At which point I catch her in the act and go ballistic. I emailed him this:

“How fricking stupid are you? I told you to leave my child alone. I’ve reported you to the police. YOU STOP HARASSING MY CHILD NOW. NOT ONE MORE WORD. NOTHING. You are a predator and a real sicko. She’s 13. Mxxxxx is also 13. I’ve contacted her Mom, and she isn’t happy. Either you stay far away or I’ll be forced to have the police take immediate action.

DO NOT RESPOND.”

So, I again blocked him from her site (yahoo to MySpace for ignoring me the first time), copied all the emails for the police to pick up tomorrow morning, and banned her from the computer unless I am sitting with her. She told me she felt badly that she just left this jackass hanging. She STILL thinks he is a nice guy.

I called her friend’s parents to let them know, and found that her mother had already reported this guy and called the FBI. And still he goes on.
I haven’t yet pulled down her page, but the computer is now password protected and she cannot get on it without my knowing. Heh.

I fricking HATE THIS.