Identity Theft? That’s Been Outsourced, Too

There’s been a lot of attention paid to “pretexting”,the practice of posing as someone else in order to gain access to their personal data, lately in the wake of the HP scandal. However, a British TV program has shown that there’s more than one way to skin the identity fraud cat, as an undercover reporter was offered the personal details of 100,000 UK bank customers, stolen by offshore call-center workers.

The knee-jerk reaction is simply to point the finger at outsourcing and offshoring, but they’re largely irrelevant to the situation. Lax corporate security and indifferent attitudes towards data breaches certainly aren’t restricted to a particular country, industry or line of work, so the suggestion that banks and other companies that allow offshored workers access to personal financial information could simply solve the problem by bringing outsourced functions back in-house is inaccurate.

Quite clearly, many companies’ security policies are inadequate, unenforced or nonexistent, whether for in-house employees or external suppliers, and there’s currently little motivation for them to take the problem seriously. Whether data is kept internally or shared with offshore workers doesn’t really seem to matter — it doesn’t appear particularly secure either way.

Digital voter fraud is here

This morning, the House Administration Committee held a hearing on legislation to require auditable, voter-verified paper trials for electronic voting machines, such as those manufactured by Diebold.

 

The hearing featured a demonstration by Princeton University professor Dr. Edward Felten, showing how easily such machines can be tampered with. Felten, along with two graduate students, wrote a paper, earlier this year, for the Center for Information Technology Policy, that details who easy it was to hack the Diebold machine and change the outcome of an election. Felten and his two associates set up the machine for an election between George Washington and Benedict Arnold. All three voted for Washington (good choice!) But the machine tabulated only one vote for Washington but two for Arnold.

 

This can be done in a way, Felten says, so that the virus is completely undetectable, and can be set up to generate results that won’t be questioned. If the virus is designed to give 55% of the vote to the winner, the loser is unlikely to question the results, and without a paper record, the result can’t be audited. Felten later explained that because of the way boards of elections typically set up the machines, a virus can be introduced into one, via its memory card, and then many more machines can be contaminated as the rest of the machines are set up. Very scary indeed.

Rather than prohibit the use of such machines, altogether, Rep. Rush Holt (D-N.J.), along with 215 co-sponsors, is supporting legislation that would provide that voters have the opportunity to verify the accuracy of their recorded vote, require that all voting systems produce a voter-verified paper record, ban the use of undisclosed software and wireless devices in voting systems, require random unannounced, had count audits, among other measures.

 

“Voters need to be confident of the central act of their democracy, and voter confidence is unraveling,” he said. The last six years have brought us example after example, in state after state, of the problems caused by unverifiable voting machines.”

In addition to the voting machines bill, Holt in the House and Senators Barbara Boxer (D-Calif.), Russ Feingold (D-Wisc.) and Christopher Dodd (D-Conn.) introduced emergency legislation on Sept. 26 to authorize Federal funding to the states for the printing of paper ballots to be available for voters in case of problems with the electronic voting machines. Boxer told the New York Times that “If someone asks for a paper ballot they ought to be able to have it.” Neither Holt’s voting machine bill, nor the Boxer bill appear to have much chance of enactment, this year, however.

 

It’s not hard to see why the Republican leadership in the Congress is not very interested in moving these bills. The Diebold machines would make what Karl Rove managed to pull off in 2000 in Florida and in 2004 in Ohio much easier and much harder to detect. And that’s why these machines should be banned altogether. Even without fraud, they can malfunction in other ways and screw up your election, just as happened in Montgomery County, Maryland during the Sept. 12 primary, when malfunctions in both voting machines and the electronic voter roles left many people unable to vote.

Rep. Rush Holt (D-N.J.) advocates for paper trails from electronic voting machines. To his left is Dr. Edward Felten of Princeton University.