“Got kitesurfing on the mind, mixed with some search & classification tech, and a dab of political ranting”

Archive for the ‘Security/Privacy’ Category

Comcast Security…or Something Moronic? You Decide

Posted by direwolff on February 2, 2010

{NOTE: what follows is my rant against this morning’s experience with Comcast.  If you’re having a great day, you may just want to skip reading this.}

Comcast = FAIL

A month ago my wife and I decided to begin paying our Comcast bill from our bank’s online bill payment service.  For some reason, Comcast was one of the few bills for which we were still receiving dead trees over snail-mail and it didn’t make any sense given the convenience of paying online like all the rest of our bills.  From my bill payment service I elected to receive Comcast bills directly there and to be notified when these arrived.  With other bills we do this, clicking on the “View Bill” link displays the invoice with all of the details, in other words, convenience to the max!

Today was the first time I received the notification that the Comcast bill had arrived.  As with other bills, I went to the site and clicked on the “View Bill” link, however the ensuing pop-up didn’t show me the invoice and details, instead it asked that I sign in to the Comcast site to view the bill.  Well, that was going to be tricky because we don’t use the Comcast email account for anything nor do we login to the site ever.  Heck, just remembering the email address that Comcast had designated to us was tricky.  Fortunately, I managed to get a customer service agent on their chat system to help in this matter.

Sure, it took 15 mins to wait for an agent, but that was a small price to pay, and when the agent came on, they were very effective in helping resolve our account info.  Strangely however, he tried to up-sell me on the Comcast phone service…which we already have.  Reminded me of the follies of behavioral advertising, offering stuff I don’t need or already have.  Almost like what’s the point of having all of my information if you don’t know or are not going to use it properly.  So here I thought, our trials were over and I could proceed to complete my bill payment transaction.  Well, I thought wrong.

After logging into the Comcast system a screen offered me to update my account information.  I clicked on this and was faced with questions about needing to provide my “Security PIN” with an option of changing it, as well as provide yet another security question (beyond the one for the normal login).  Decided to cancel out of that process figuring I could leave well enough alone.  Once again, I would be wrong.  From then on, any procedure to see my bill or check email would result in that same Security PIN screen popping up.  There was a link to have the Security PIN resent to my email address…the one on the Comcast site of course.  I clicked on this, went to the site, and could see that indeed that email was there (that page shows the subject line of the last 3 emails you’ve received).  Clicking on the email brought up the Security PIN screen….WHAT?!  I have never seen a bigger case of circular security logic than this flawed process.  In order to get the Security PIN from the email, I would need to have that Security PIN…huh?!

Called Comcast customer support and while I got a very nice and polite young lady on the phone, and despite providing to her all of my account information that she needed to be assured that I was the account owner, she could not change the email on file for me.  The Security PIN would be snail-mailed to me in 4-5 days.  In explaining that I couldn’t pay my bill because I couldn’t see it, she suggested that I pay it by phone.  As happy as I would have been to do so and get past this hassle, there was no easy way to get the itemization of what we owed.  Now she is snail-mailing the bill too.

There’s something ironic in trying to reduce the use of dead trees, and by doing so increasing its use by two or three fold.  However, clearly Comcast has issues to think about with their security system, that is so impenetrable that you can’t even get to the information you were meant to access in the first place.  Not to mention that they’re just a cable company, it’s not like my life savings is sitting in their vaults somewhere.  Even my most secure online banking service, with multiple levels of security, let’s me register and get to my money online whenever I want to from day one.  What Comcast has derived here is clearly not security, it’s moronic but I leave it to smarter minds than mine to figure this out.

Frank Eliason, if you’re still out there in cyberspace doing the good work for Comcast, you might want to intervene in this one, they need a solid mind to get involved here and you understand this stuff more than most.  Please jump in and save Comcast from itself.


Posted in Security/Privacy | Tagged: , | 1 Comment »

For all those who believe the TSA is a good thing…

Posted by direwolff on January 12, 2008

A special treat from the Washington Post:

Report: TSA Site Exposed Travelers To ID Theft

A House of Representatives panel yesterday released a damning report about a Transportation Security Administration Web site built to address grievances from travelers errantly flagged by the government’s no-fly list. It conlucded that cronyism and a lack of oversight exposed thousands of site visitors to identity theft.

I’m getting tired of seeing security theatre lulling the public into a false sense of security only to open up greater dangers that were preventable had the knee-jerk reaction that brought the TSA into being not been acted upon. Oh well.

Here are a couple of good books for those who want to better understand the challenges of dealing with the unpredictable and the fact that these events don’t actually happen as much as the media would have you believe, nor are they predictable or preventable:

Both of these books provide a sobering view of spectacular (and some not so spectacular) events in addition to some worthwhile insights to keep in mind.

Posted in Security/Privacy | Tagged: , , , , , | Leave a Comment »

Voter Privacy Issues: Latest Blue Lithium Offering

Posted by direwolff on August 13, 2007

Today’s announcement of Blue Lithium’s new behavioral ad targeting network may begin to push the boundaries which were once considered sacred in terms of voter privacy. Here‘s the story (free subscription req’d):

BlueLithium Delivers Voters With New Behavioral Ad Network

BLUELITHIUM HAS LAUNCHED A NEW behaviorally targeted ad network, the first service built to help political candidates leverage the Web’s geo-, demo-, and behavioral targeting abilities to advertise their campaigns.

The San Jose-based digital marketing company rolled out its Voter Network today, and politicos can run standard display, rich media, and even video ads, crafting messages with targets as specific as: Women, ages 18-34, living in Seattle, with a household income of $70K+, who are interested in foreign affairs.

So what’s the concern here?  Well, for one, to the extent that Blue Lithium can tell if a user clicked on an ad, they can begin to classify them further in terms of where they sit on the political spectrum based on the candidate whose message they followed.  The opportunity for misuse of the information gathered through this network is also fairly substantial in an area, that unlike companies pushing unwanted offers for commercial gain, can begin to affect our political & social lives in undesired ways.  Imagine such a network in a country where the ruling political party decides to start going after its opponents in nefarious ways.

It will be interesting to see where the privacy advocates will come down on the value or concerns over this offering, but frankly, I think the possibility of abuse is fairly significant and something that Blue Lithium will have to answer to sooner or later.  To me, this raises concerns on par with the DoubleClick/Abacus privacy issues, and more recently the Google/DoubleClick ones.  Certainly a topic for a good debate.

Posted in advertising, Security/Privacy | Leave a Comment »

Open Data 2007 Summaries, Pictures and Discussion

Posted by direwolff on March 15, 2007

The Open Data 2007 Conference really brought out some worthwhile issues that will need to keep getting discussed and debated as these are fundamental to the continued development of the Web’s underpinings as well as the business models being developed by many early stage and existing companies in the space. These issues also need to get resolved in some fashion soon before the swell of public opinion from the uninitiated forces policy makers and politicians to impose more naive rules and regulations that suppress important developments in favor of keeping the status quo of onerous laws that only serve to support the interests of existing business stake holders.

For those interested in comments, discussions, and pictures that came out from the conference, go check out the Open Data 2007 Conference Wiki. This event was graciously hostedby Reuters in participation with the AttentionTrust, two organizations struggling through these issues today. Both Gerry Campbell from Reuters and Seth Goldstein from the AttentionTrust put together a wonderful event laying out great topics for discussion and setting out an agenda that was both intellectually stimulating and well in line with the issues we need to contend with immediately.

Tags: , , , ,

Posted in Intellectual Property, Online Community, Public Policy, search & categorization, Security/Privacy, Technology | Leave a Comment »

Good stuff being discussed at Open Data 2007

Posted by direwolff on March 13, 2007

I’ve been attending the Open Data Conference in New York at the Reuters office.  Good stuff.  There’s a real good post about last night’s dinner discussion at Roger Ehrenberg’s blog, Information Arbitrage.

Posted in Intellectual Property, Public Policy, reviews, search & categorization, Security/Privacy | Leave a Comment »

Apple & DRM, More Than Meets The Eye

Posted by direwolff on March 7, 2007

As with most things, taking what’s being said at face value and reacting to it can often result in an inappropriate reaction from not fully understanding the underlying issues. I’m plenty guilty of these leaps of heresy myself, so I’m not throwing stones here, just pointing it out because of an excellent write-up I just read on the issues surrounding Apple’s digital rights management (DRM) strategy that I was not previously aware of, which has drawn from some the wrong kinds of criticisms given the landscape that they are operating under. From Bruce Schneier’s “Schneier on Security” blog, he provides a link to an excellent post on the Roughly Drafted blog titled “Apple’s iTunes DRM Dilemma“.

The post goes into understandable detail on how the iTunes DRM technology works. For those not so interested in the technology aspects (still worth reading though), but more curious about the policy issues around this, skip down to the section titled “Why Apple Cares About DRM” (which is quickly followed by “Why Apple Doesn’t Care About DRM”) and read down through the end of the post. It’s well worth the read and provides some great insights into the issues surrounding Apple’s need to maintain the platform, Jobs’ recent comments on doing away with DRM, the regulatory environment in the E.U., the competitive aspects, and the RIAA’s iron fist in all of this.

For any one interested in the debate surrounding DRM and the role of the various constituents in this ecosystem, this blog post provides a very lucid picture worth reading.

Tags: , , ,

Posted in Intellectual Property, Public Policy, Security/Privacy, Technology | Leave a Comment »

Not Your Daddy’s RFID Chips

Posted by direwolff on March 6, 2007

No, this picture isn’t of dandruff next to a hair follicle, but rather it’s of the next generation of RFID chips. They’re still a few bugs (pardon the pun) in terms of making antennas that are small enough to fit these which is keeping them out of production for now, but be very afraid because soon your physical privacy will be as safe and in your control as much as your virtual privacy has been over the past several decades. While it’s easy to be lulled into the belief of all of the good applications it will be put to, I see the scary spook applications as being too tempting for many our world’s governments to pass on. Yes, perhaps a bit of conspiracist perspective, but so was the thought that Americans were being spied on by their government, then that became true, over and over again.

Tags: ,

Posted in Security/Privacy | Leave a Comment »

Interesting Possible Link Between SAFETY ACT & RIAA

Posted by direwolff on February 15, 2007

Pure speculation of course, but given the RIAA’s lobbying power, I wonder if it’s possible that their recent request to ISPs that they provide their customers’ IP logs, is what is driving Senator Lamar Smith’s efforts? Not knowing the power structures or the social network of lobbyists, contributors, general influencers and politicians in Washington, I don’t know if these two issues are related, but it sure seems like requiring ISPs to keep logs of users’ traffic for a couple of years would provide the RIAA with subpoenable (my new word of the day) information which would serve their purposes and satisfy their litigious appetite. This, without needing the ISP’s cooperation. Hmmm…

Tags: , ,

Posted in Security/Privacy | Leave a Comment »

Drug Dealers & Terrorist Only Got the Government Part of the Way

Posted by direwolff on February 14, 2007


Taking away our citizen’s Constitutionally guaranteed rights is tough work. Heck, it took a lot of work and two documents (the U.S. Constitution and the Bill of Rights) to put these rights together, so you can imagine that dismantling is gonna take some time too. But Alberto Gonzalez and crew never rest and things are looking good for them on this front, all in the name of law and order.

One way you can go at removing our rights is by creating artificial fears (Bruce Schneier’s Beyond Fear and Barry Glassner’s The Culture of Fear, are good books on this subject).  We have seen the previous culprits like drugs dealers (remember the “War on Drugs”), then terrorists (don’t forget the Patriot Act), and what effects this had, but that’s only been good enough to illegally tap our phones, the removal of our rights to privacy in our own cars and in our homes, introduced a whole slew of previously illegal searches that are now considered acceptable, and lets not forget what we have go through at airports for the sake of “security theatre“, but this apparently hasn’t helped enough with limiting or removing rights in the virtual space many inhabit these days. Well “Houston, we have ignition”, apparently Rep. Lamar Smith (R-Texas) under the guise of child porn, has introduced a bill requiring ISPs to keep all of our traffic information to be provided to the government upon demand. Wired’s 27B Stroke 6 blog has a good summary on this with links to the bill.

As usual, a bill this open ended, with such broad reaching implications and lack of definition, shouldn’t be viewed as representing its stated purposes, but rather be regarded at as a tool of control over the citizenry (I was going to say a tool of oppression, but that sounds so Middle Ages ;). I’m still musing over a friend who thought all this hubbub over our privacies was overblown and that these intrusions are no big deal. I then remembered a story (and I forget who told it) about a question you can ask any one who feels this way, and so I did. The question was “OK, privacy is no big deal, so what’s your salary?”, but I couldn’t resist and stop there and went on, “what’s your wife’s favorite sexual position?”. As you can imagine, privacy became really important to him at that moment and he conceded the point. I explained that many things like this or even more mundane but embarassing could be made public whether he liked it or not so long as someone else had control over this information. This helped him appreciate what privacy means to him and every other citizen in our country.

Tags: , , , , ,

Posted in Security/Privacy | Leave a Comment »

Microsoft Heading In the Opposite Direction of Apple…Again

Posted by direwolff on February 12, 2007

I hope for Microsoft’s sake, that they’re kicking themselves over the decision to build in Digital Rights Management (DRM) technology into their new operating system, Vista. Given the lead time that it probably took to have this ready in time for the release of Vista, I’m guessing this decision to support DRM was taken well before the recent tide swinging so heavily against the entertainment industry’s DRM enforcement efforts started gaining momentum. Imagine that, here Microsoft thought they were coming in on the side of law and order, and just like you’ve got Steve Jobs who started this whole DRM fiasco coming out saying that it should be removed and done away with. Boy, talk about egg on Microsoft’s face. Playing catch up is never fun to do, and it feels like they’re having to do this in every industry they’re trying to participate in, online services, search, media players, and who knows what else.

Of course, I’m giving Microsoft the benefit of the doubt that this was just an error in judgment as opposed to anything more nefarious, but if Fred Wilson can take bets on the fact that DRM will go away, you would have thought that Microsoft could have seen this coming too. It’s not like EMI’s deliberations are a complete shocker. Microsoft was once regarded as having some of the smartest people around, certainly this decision really brings into question whether any smart strategy people really still work there…hmmm…

Tags: , ,

Posted in Security/Privacy | 1 Comment »