“Data Is Digital Gold”: Beyond The NSA, What About Big Data Abuse By Corporations, Politicians?
Taking steps to end, or at the very least to constrain, the federal government’s practice of storing information on the personal communications of Americans is a good thing. There is every reason to respect initiatives that seek to prevent the National Security Agency’s metadata programs from making a mockery of the right to privacy outlined in the Fourth Amendment to the US Constitution.
But the moves that President Obama announced Friday to impose more judicial oversight on federal authorities who might “listen to your private phone calls, or read your emails” and the steps that may be taken by Attorney General Eric Holder and intelligence officials to check and balance the NSA following the submission of proposals on March 28 ought not be seen mistaken for a restoration of privacy rights in America.
What the president and his aides are talking about—in response to revelations by former NSA contractor Edward Snowden, congressional objections and public protests – are plans to place some controls on the NSA and perhaps to keep most data in “private hands.”
But what controls will there be on those private hands?
As long as we’re opening a discussion about data mining, might we consider the fact that it’s not just the government that’s paying attention to our communications—and to what they can reveal about our personalities, lifestyles, values, spending habits and political choices.
There’s a reason the NSA has been interested in accessing the servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. When you’re mining, you go where the precious resources are, and technology companies have got the gold.
Data is digital gold. Corporations know that. They’re big into data mining.
This data mining, and the commercial and political applications that extend from it, gets far less attention than the machinations of the NSA or other governmental intelligence agencies. Tech publications and savvy writers such as Jaron Lanier recognize these concerns. The Federal Trade Commission, the Federal Communications Commission and the Senate Commerce Committee have taken some tentative steps to address a few of the worst abuses. But that’s not enough, especially when, as Fordham University’s Alice E. Marwick noted in a smart recent piece for The New York Review of Books,
there are equally troubling and equally opaque systems run by advertising, marketing, and data-mining firms that are far less known. Using techniques ranging from supermarket loyalty cards to targeted advertising on Facebook, private companies systematically collect very personal information, from who you are, to what you do, to what you buy. Data about your online and offline behavior are combined, analyzed, and sold to marketers, corporations, governments, and even criminals. The scope of this collection, aggregation, and brokering of information is similar to, if not larger than, that of the NSA, yet it is almost entirely unregulated and many of the activities of data-mining and digital marketing firms are not publicly known at all.
Significantly, it is not just financial profit that data can yield.
As Robert W. McChesney and I note in Dollarocracy: How the Money-and-Media Election Complex is Destroying America (Nation Books), data is also mined by those who seek power.
Political candidates, political parties, Super PACs and dark-money groups are among the most ambitious data miners around. They use data to supercharge their fund-raising, to target multimillion-dollar ad buys and to stir passions and fears at election time.
Both parties do it. All major candidates do it. Obama did it better than Romney in 2012, and that played a critical role in providing the president with the resources and the strategies that allowed him to easily defeat a well-funded and aggressive challenger. The Grand Old Party’s response was to begin hiring the best and the brightest technical talent. A recent headline announced: “Republican National Committee to Build Platform to Share Voter Data.” Another reported: “RNC Pledges $20 Million to Build Data-Sharing Operation.”
So campaigns are going to do more mining. And so are the billionaires who fund so-called “independent” political operations. Last spring, Politico announced: “Karl Rove, Koch Brothers Lead Charge to Control Republican Data.”
Data already drives the money-and-media election complex that is rapidly remaking American democracy into an American dollarocracy, where election campaigns are long on technical savvy but short, very short, on vision.
So, give the president credit for wading into the debate about how the government uses and abuses phone data. Give key members of Congress, like Jerry Nadler, the ranking Democrat on the House Judiciary Committee, credit for pointing out that what the president has proposed is “not enough” to “safeguard against indiscriminate, bulk surveillance of everyday Americans.”
But then go the next step. Recognize that addressing governmental actions and abuses does not begin to restore privacy rights. For that to happen, there must be recognition that Marwick is right to argue: “While closer scrutiny of the NSA is necessary and needed, we must apply equal pressure to private corporations to ensure that seemingly harmless targeted mail campaigns and advertisements do not give way to insidious and dangerous violations of personal privacy.”
And that recognition must extend beyond concern regarding abusive commercial applications to include an examination of and responses to new approaches to fund-raising and campaigning that have the potential to warp our politics—and democracy itself.
By: John Nichols, The Nation, January 17, 2014
“There’s Always Bitcoin”: Your Credit Card Has A Dangerous Flaw That The Banks Refuse To Fix
Hackers stole payment records on as many as 110 million customer accounts from Target over the holiday shopping season, in one of the largest data security breaches in history. The company has struggled to regain customers’ trust, with noticeable drop-offs in sales since they disclosed the breach on December 19. And Target is not alone in what looks like an identity theft epidemic. Neiman Marcus announced a similar hack of payment records, and at least three more major retailers could come forward in the next several weeks. As more and more customers have reported fraudulent charges, Congress has begun to ask questions about why this happened.
Here’s an answer: The United States has one of the worst payment systems in the entire world, inviting fraud and increasing hassles for anyone who wants to exchange money. In this case, a simple credit protection available on virtually all payment cards outside the U.S. could have dramatically narrowed the scope of the Target breach. It hasn’t happened here, mainly because banks don’t want to spend the money to upgrade the system, writing off the hassle and expense of your identity fraud as a cost of doing business.
Almost alone among developed nations, U.S. credit and debit cards have a magnetic stripe that contains all the financial information necessary to make a purchase. Once information gets stolen from a merchant, it can be encoded into a magnetic stripe and used with a new card. Smart cards in Europe and elsewhere encrypt that data and store it on a microchip, which is much tougher to replicate. More important, the cards also require a personal identification number (PIN) to work. This “chip-and-PIN” system introduces a second authentication, forcing thieves to have both pieces of information to successfully use the card. It’s a combination of advanced technology and simple common sense.
Chip-and-PIN would not have prevented hackers from stealing payment information from Target’s databases, but would have made it more difficult to use the records. Because of this, says Georgetown law professor Adam Levitin, would-be identity thieves would have a lower incentive to steal the data in the first place. “Like Willie Sutton says, bank robbers go where the money is,” he said. “Fraud will always find the weakest link. Now that the rest of world has gone to chip-and-PIN, we’re the weakest link.” Nearly half of all card losses in 2012 occurred in the U.S., according to the trade journal the Nilson Report.
Though 130 countries around the world have phased out their magnetic stripe cards (which you may have noticed if you’ve tried to use a credit card overseas), the U.S. has lagged behind, with both merchants and banks assigning the blame to each other. Retailers need new card readers to handle chip-and-PIN cards, and they can be costly; it’s why only 10 percent of U.S. merchants have upgraded. The merchants don’t want to spend the money until they know banks will issue chip-and-PIN cards. And the banks don’t want to spend money on the more expensive cards until merchants install the card readers. So both sides are effectively telling the other to go first. With no regulatory mandates for anyone, this standoff could continue for years, with consumers paying the price.
“This is different than it has worked everywhere in the world,” said Adam Levitin. “Elsewhere, issuers and merchants have moved in lockstep.”
Some analysts place the blame squarely on banks, arguing that merchants eat the majority of the fraud costs, giving banks no incentive to upgrade. In addition, blogger and author Yves Smith notes that the banks sell the card reader equipment to the merchants, and they have inflated the price. “The impediment is almost assuredly the price point the banks have set,” Smith writes.
Credit card networks like Visa and MasterCard introduced the Payment Card Industry (PCI) Security Standards, which are supposed to provide more anti-fraud controls. But that effectively tries to band-aid an inherently insecure magnetic stripe system. More recently, the card networks proposed a shift in liability rules that they hope will nudge banks and merchants toward upgrading. By October 2015, if the merchant has a chip reader and the card has a traditional magnetic stripe, the bank will be liable for any fraud. Likewise, if a chip-and-PIN card is presented to a merchant with no chip reader, the merchant will be liable. In other words, both sides will be penalized for not upgrading to the chip-and-PIN system.
But again, this is voluntary. And in the meantime, both merchants and issuers manage to absorb the costs of fraudulent purchases (which total around five cents per $100 charged, according to the industry). They consider this cheaper than the costs of upgrading. In fact, one facet of the current system is a profit center for the banks. When a fraud transaction goes through, merchants reverse it through something called a charge-back. Merchants must pay the same fee to reverse a charge that they do to swipe one through, along with additional fees. “The retailers say, ‘we’re having to pay to not be paid,’” Adam Levitin said.
This reluctance to upgrade in the U.S. has led to a general creakiness in the payment system. Most U.S. retailers don’t even have real-time authorization capabilities, making it more difficult to detect fraud at the point of sale. The Automated Clearing House (ACH) system can take days to process transactions, wasting time and increasing costs for customers. Banks have outdated processing systems and have been similarly reluctant to upgrade them. Says Levitin, “We’re still using horse and buggies.”
Meanwhile, other countries have leapt past the U.S. In Kenya, the M-Pesa system allows consumers to pay for virtually anything by mobile phone. It has become widely adopted by merchants, making the African nation a world leader in mobile money. Mobile transactions over M-Pesa hit $19.6 billion in 2013. (Attempts to create mobile payment systems in the U.S. are in the startup phase, with entrepreneurs literally going from one business to the next to find retailers willing to use it.)
Levitin argues that America’s previous position as a payments system leader led to its slow pace in keeping up with new technologies. “The reason we’ve lagged behind is because we were ahead,” he said. “Everyone else had to upgrade, while our card system networks were making money. Kenya just didn’t have a regular banking infrastructure. The alternative to M-Pesa is paying in cattle.” Similarly, Europe upgraded to chip-and-PIN because credit card authorization was typically done through phone lines, and 10 years ago, European telecom costs were fairly expensive. “Our technology was not bad enough to upgrade,” Levitin says.
Congress is highly unlikely to get involved in an argument between banking lobbyists and retailer lobbyists. They learned their lesson when trying to legislate “swipe fees,” what banks charge retailers to process credit and debit card transactions. The result was a knock-down, drag-out affair that took months to negotiate.
But the Target breach, and the reputational risk to the big box store, has both merchants and banks rethinking the consequences of maintaining a substandard old system. Mallory Duncan, general counsel for the National Retail Federation, said this week at the trade group’s annual convention that they now encourage members to upgrade to chip-and-PIN card readers, saying “The technology that exists in cards out there is 20th-century technology and we’ve got 21st-century hackers.” And banks have responded to complaints by gradually distributing dual-use cards with magnetic strips and chip-and-PIN technology, mostly to frequent foreign travelers. U.S. Bank expects all its customers to have the cards by next year.
So there’s a chance that the U.S., like a lumbering giant, will finally make the move to more secure payment systems. Failing that, there’s always Bitcoin.
By: David Dayen, The New Republic, January 16, 2016
Share This Blog
Unknown Feed- An error has occurred; the feed is probably down. Try again later.
mykeystrokes.com 