Identity Theft? That’s Been Outsourced, Too

There’s been a lot of attention paid to “pretexting”,the practice of posing as someone else in order to gain access to their personal data, lately in the wake of the HP scandal. However, a British TV program has shown that there’s more than one way to skin the identity fraud cat, as an undercover reporter was offered the personal details of 100,000 UK bank customers, stolen by offshore call-center workers.

The knee-jerk reaction is simply to point the finger at outsourcing and offshoring, but they’re largely irrelevant to the situation. Lax corporate security and indifferent attitudes towards data breaches certainly aren’t restricted to a particular country, industry or line of work, so the suggestion that banks and other companies that allow offshored workers access to personal financial information could simply solve the problem by bringing outsourced functions back in-house is inaccurate.

Quite clearly, many companies’ security policies are inadequate, unenforced or nonexistent, whether for in-house employees or external suppliers, and there’s currently little motivation for them to take the problem seriously. Whether data is kept internally or shared with offshore workers doesn’t really seem to matter — it doesn’t appear particularly secure either way.

The Age of Technological Transparency

“Executives and politicians may be starting to realize that privacy is dead and secrets can no longer be kept in the information age. There is always a technological trail, and transparency is pervasive. Just ask Patricia Dunn and Mark Foley.

In a piece at eWeek, Ed Cone from CIO Insight talks about the specific technologies that brought them down.”

From the article:

“Foley may have thought his IMs were disappearing into the ether as soon as they cleared his computer screen. Instead, the messages were saved, and his career was ruined, and the House leadership is left to fight for survival. We talk a lot a about transparency as a virtue in the age of the web, and hold it up as a marketing technique and a better way to run an enterprise. Sun’s blogging CEO, Jonathan Schwartz, is lobbying the SEC to allow more financial information to be disclosed online. Corporations are using all manner of web-techs to speak more directly to stakeholders. But transparency needs to be understood as more than a slogan or a strategy. It’s a reality. It can be imposed on you by the Internet, whether you want to be transparent or not.”

Digital voter fraud is here

This morning, the House Administration Committee held a hearing on legislation to require auditable, voter-verified paper trials for electronic voting machines, such as those manufactured by Diebold.

 

The hearing featured a demonstration by Princeton University professor Dr. Edward Felten, showing how easily such machines can be tampered with. Felten, along with two graduate students, wrote a paper, earlier this year, for the Center for Information Technology Policy, that details who easy it was to hack the Diebold machine and change the outcome of an election. Felten and his two associates set up the machine for an election between George Washington and Benedict Arnold. All three voted for Washington (good choice!) But the machine tabulated only one vote for Washington but two for Arnold.

 

This can be done in a way, Felten says, so that the virus is completely undetectable, and can be set up to generate results that won’t be questioned. If the virus is designed to give 55% of the vote to the winner, the loser is unlikely to question the results, and without a paper record, the result can’t be audited. Felten later explained that because of the way boards of elections typically set up the machines, a virus can be introduced into one, via its memory card, and then many more machines can be contaminated as the rest of the machines are set up. Very scary indeed.

Rather than prohibit the use of such machines, altogether, Rep. Rush Holt (D-N.J.), along with 215 co-sponsors, is supporting legislation that would provide that voters have the opportunity to verify the accuracy of their recorded vote, require that all voting systems produce a voter-verified paper record, ban the use of undisclosed software and wireless devices in voting systems, require random unannounced, had count audits, among other measures.

 

“Voters need to be confident of the central act of their democracy, and voter confidence is unraveling,” he said. The last six years have brought us example after example, in state after state, of the problems caused by unverifiable voting machines.”

In addition to the voting machines bill, Holt in the House and Senators Barbara Boxer (D-Calif.), Russ Feingold (D-Wisc.) and Christopher Dodd (D-Conn.) introduced emergency legislation on Sept. 26 to authorize Federal funding to the states for the printing of paper ballots to be available for voters in case of problems with the electronic voting machines. Boxer told the New York Times that “If someone asks for a paper ballot they ought to be able to have it.” Neither Holt’s voting machine bill, nor the Boxer bill appear to have much chance of enactment, this year, however.

 

It’s not hard to see why the Republican leadership in the Congress is not very interested in moving these bills. The Diebold machines would make what Karl Rove managed to pull off in 2000 in Florida and in 2004 in Ohio much easier and much harder to detect. And that’s why these machines should be banned altogether. Even without fraud, they can malfunction in other ways and screw up your election, just as happened in Montgomery County, Maryland during the Sept. 12 primary, when malfunctions in both voting machines and the electronic voter roles left many people unable to vote.

Rep. Rush Holt (D-N.J.) advocates for paper trails from electronic voting machines. To his left is Dr. Edward Felten of Princeton University.

No One Has Any Idea How Much Work Email Is Spam

Can we just say, for the record, that no one actually has a good handle on how much spam is out there? This is absolutely true when it comes to corporate email accounts.

In 2001, we had a report that said that only 21% of all emails were work related, with the rest being junk or personal emails… but a year later the story was that office employees don’t get much spam at work. Last year, a report came out saying that spam made up 33% of office email, which seems lower than the other studies (which also said another 25% of work emails were personal, and thus 42% — twice of that earlier study — were work related).

The latest such study claims a flip of that original stat: 21% of corporate emails are spam. So, basically, over the past few years, we’ve had reports of lots of spam and not very much spam at all when it comes to the office — suggesting that, frankly, no one really knows how much spam there is in the office. Also, to be honest, the aggregate number is pretty useless, as different companies (and different people within a company) probably face vastly different levels of “spam threat.”

So, rather than focusing on how much corporate email is spam, why not focus on how effective (or not) IT departments are at stopping the spam from those who are most targeted?

Hezbollah Hacked Israeli Military Radio

Newsday is reporting that Hezbollah was able to monitor secure Israeli military communications, perhaps using technology supplied by Iran, during the recent Lebanon war. A former Israeli general, speaking anonymously, called the results ‘disastrous’ for Israel. The story reports that an anonymous Lebanese source said that Hezbollah might have taken advantage of Israeli soldiers’ mistakes in following secure radio procedures. The radio gear uses frequency hopping and encryption.

Biometrics Promising Says Report

A report issued by RNCOS has encouraging news about using biometrics in securing authenticated identities. Making transactions more secure, they state that such biometric technologies include iris scans,fingerprint scan, matching shape and size of palm, skin, voice and face patterns can be used successfully.

The recently published market research report by RNCOS namely “World Biometric Market Outlook (2005-2008)” after having conducted a thorough survey says that there is a growing worldwide interest in biometrics technology for access control or personal identification. As compared to 2003 the market is expected to bounce 6.5 times by 2008. The RNCOS Report further states “the market of biometrics the point-of-sale equipment and services are predicted to leap to $440 million or 85% by 2010,up from $31 million or 2% in 2005.”

How Retailers Watch You

“With $30 billion lost to shoplifting and employee theft last year, retailers are turning to increasingly sophisticated electronic surveillance systems to fight theft. Some systems, like RFID tags, have been well-publicized by privacy advocates. Others are less well known: video surveillance systems are being tied to software that can recognize specific types of activity and identify individuals; and data-mining software is being used to analyze everything from shoppers’ habits to irregular register activity.”

From the article: “Despite this revolution in retail tech, you won’t find many stores bragging about their new security tools. No one wants to tip off shoplifters or advertise that they suspect their customers. That’s why so much of the technology is hidden in the first place. But another reason stores don’t talk much about surveillance is that they know it sparks concerns about privacy. Consumer groups and legislators have opposed the spread of RFID and video surveillance for just that reason.”

Mandatory fingerprinting of European children

The European Union is working on a new rule that would require all children in the EU to be fingerprinted and entered into an international database. Currently, the proposed regulations would require all children age 12 and up to be fingerprinted, but some committee members are lobbying for an even younger age limit, possibly as young as six. The European Commission notes that “Scientific tests have confirmed that the paillary ridges on the fingers are not sufficiently developed to allow biometric capture and analysis until the age of six.”

Ben Hayes, spokesman for the civil liberties group Statewatch said “We are going from fingerprinting criminals to universal fingerprinting without any real debate. In the long term everyone’s fingerprints will be stored on a central database. You have to ask what will be the costs to a person’s privacy.” Statewatch also accused the EU Governments of making decisions based only on “technological possibilities – not on the moral and political questions of whether it is right or desirable.”

On the one hand, so long as you do nothing wrong, what difference does it make who has your information on file? On the other hand, however, the potential for misuse is huge. What do you think? Would you be concerned if your kids had to be fingerprinted and put into an international database? Or do you, like I do, see this as a positive move forwards in authentication?

Preemptively fingerprinting your kids

Parents in New Zealand have taken to having their children fingerprinted by police as a means of scaring their kids onto the straight and narrow. The fingerprints and palm prints added to a nationwide juvenile print database. According to Detective Inspector Malcolm Johnston, “We do take a lot of voluntary juvenile fingerprints. Feedback from parents is that it’s a wake-up call for the youths, and crime prevention.” Detective Johnston is in charge of the South Island’s crime prints and forensics team. He explained that a large number of burglaries and car thefts were committed by youths, so having this sort of forensic evidence on file is very important. Voluntary collection of fingerprints and palm prints is allowed by current law.

Apparently, earlier this year, there were an average of six cars stolen and seventeen cars broken into every day in the Canterbury district where Detective Johnston works. I suppose parents think a trip to the police station for fingerprinting on their terms is better than being called down to pick a kid after they’ve committed a crime. But would this really be a deterrent to teens who already think they know everything and think they can get away with anything? While I wouldn’t cover up for my kids if they broke the law, I’m not sure I would go out of my way to help the government track them either. Would you add your kids to such a government database? Do you think doing so would keep them out of trouble?

Technology: tracking or trusting?

Would you, if you could, track how fast and how far your kids go in the family car? I drove pretty fast when I was a teenager and, for the most part, my folks never knew; if they had, I might not be here today. What about their internet usage? Would you read their e-mail or listen in on their instant message conversations? Would you want to know what websites they visit?

If the answer is yes to any of these, then you’re in luck — you’re living in the right era. There is a lot of technology available today that will let you keep track of your kids like never before. SFGate has a nice write-up of some of your options, including devices for your car — including some that would have worked with my mother’s vintage Citroens — and your computer.

While the article cites some instances where this sort of technology has helped, such as the case of a 14-year-old who met a 24-year-old man online and was given a bus ticket to meet him out of state, it covers all sides of the issue. According to Jane Bluestein, parent educator and author, “To track kids for the sake of tracking kids — I know it gives parents a sense of control, but I think it points to bigger problems in the relationship: mistrust, a need to control, a need to think for your kids.” She also points out that it’s important “for parents to teach kids how to think and act when they’re not there.”

I’d like to think that I’ll be able to trust my kids and that, by the time they’re ready to go off on their own, I will have taught them to make good choices, but that could just be my arrogant innocence waiting to be smacked down by reality. What do you think? Do you or will you use technology to stay on top of what your kids are up to? Which is more important, trusting them or tracking them?