[ Return to the SOAPBOX ]



And while I'm on the topic of security, what's going to happen with authenticity? I mean, that's more what it's all about, right? Being who you actually say you are? Not being allowed in places you're not supposed to be? Being given the amount of respect your identity deserves?

One of the most colorful stories regarding authenticity I can think of somewhat recently is the whole mess with Emulex, a company whose stock is a favorite of stock traders. A while back, some guy who used to work at one of the major news wires that distribute headlines and reports was holding a short position on EMLX.

I think EMLX at the time was fading the rest of the market and was still rallying while other stuff was beginning to falter. Well, this guy got really nervous about his short position and used his former employer to post a false news report of Emulex warning of heavily reduced earnings and growth numbers.

I remember seeing it on IRC. Someone mentioned that this headline was going around, and people slowly caught on. The stock wasn't dropping yet, as traders didn't see the headline hitting other news wires yet. Some people went short on the news. Not much later, EMLX started dropping. FAST. I think it fucking dropped from 115 or so to what, 45? In what was easily less than an hour. By that time it was a spectacle among all the trading channels. People were in disbelief.

And THEN, NASDAQ finally decided to halt the stock. Which is a debacle in itself. NASDAQ asleep at the wheel as usual. Anyway, some people covered near the bottom, and some people who were bold even bought the stock. Then the news came that the report was faked and that one news wire was responsible.

The stock opened I think 55 points higher, at 100ish. Those scared longs were now huge winners. Lots of stops had been blown out and some people had lost big bucks. Later that afternoon NASDAQ said they would NOT reverse the trades. It was a huge scam.

The stream of information had been tainted. Severely. Someone inside a news organization exploited it.

Bad information has smeared CNBC numerous times over the last year or so as well, and listening to traders bitching about CNBC on a daily basis, they take particular glee when CNBC completely botches earnings numbers and breaking news. It's like you can't trust what you hear unless it's been verified from many different sources.

And even THAT isn't a given. Remember election night? When all the news stations piggybacked the wrong info about Gore winning, after one station said it?

A smaller example: a guy I know has a sister who somehow was victim to identity theft. Somehow someone got a hold of her credit card or debit card or something. And all the sudden her mom started receiving bills of $1.2k from chain stores where her daughter lived. The person who stole her identity must have bought $11k worth of crap from 5 stores or so, and evidently these companies thought nothing of giving some girl a new credit card and then watching her max it out right there. And the sister's last name clearly did not match the ethnicity of the person one sales clerk remembered the offender as being. And credit card companies being what they are, even if the sister gets the payments reversed, it'll still be stuck on her credit report for ages.

You hear horror stories about chat rooms full of people who extract huge lists of stolen credit card numbers and post them for the users to use. They're all maxed out until they're cancelled. Some companies don't require the shipping address to match the billing address or don't do any verification, so this works. Granted, shopping online in my opinion has to be one of the safest ways to buy...I'd rather have companies with money to put into security than trust some 18 year old kid with a scanner at a restaurant.

The whole Internet thing was supposed to bring us anonymity and the ability to shift into any sort of monikor we wanted, at will. While this was realized in the early days, eventually I think it will become unfeasible for just about all places requiring authentication. After all, someone will trust your post more if they see that you are posting using an auth'd name, and companies will give you more sensitive info about your account if you login. Sure, there'll always be some deal of anonymity, moreso if you spend more time protecting it, but at some core level, if you're using the Internet for a lot of things, you'll need a sole presence.

Personally I have little problem with this. Many places I just want to use throwaway accounts or not log in at all because I don't trust them, but the underlying principle of a verified, accountable identity is sound.

Can this be accomplished? Not really. It would take all countries and all businesses to require authentication and overt identification from even the most core level, the ISP level. Getting other countries to agree to the same won't happen.

It's like I said before. People act like rabid dogs when privacy is brought up, but it is a knee-jerk reflex and not wholly a reasonable one. I mean, what are we going to do in the future? What stops malicious people from breaking into respectable web sites and altering their factual data to in effect change the news? How will our identities be maintained when huge credit card databases are cracked into? (which is often) Where does our legal identity truly reside, and what rights do we have to maintain it? What about our commercial consumer identities? Don't we have a right for companies and hackers not to be able to taint them for a decade while our hands are completely tied? What stops someone from posting a bunch of articles written by "Ben Turner" and passing them off as mine? Copyright? You've got to be kidding me. Copyright as it exists now is a fucking joke. Anyone with even a minimal set of skills can forge an identity without being traced.

Authentication is near impossible to implement 100% securely. I mean, people want maximum security, but perhaps even more, what they want is facility and simplicity. How often do you hear people complain about how their banks only use 32- or 64-bit encryption online compared to how often they wish they had a device that let them authenticate/login/sign up everywhere using one card or password or whatever? People care a lot more about being able to get something with one easy-to-keep card rather than 30 of them. People want everything to be painless and easy. Security is not like that. You're facing off against criminals who make a living off taking advantage of such mistakes. I mean, when it's realistically unlikely for you to get your identity stolen, wouldn't it just be wondrously cool to be able to use your cellie to buy something by auth'ing through it and not carrying a credit card or whatever? Then one of the few weaknesses would be auth'ing whoever was using the phone. Since people misplace their phones all the time. Entering an access code every time you open your phone? Not feasible...

But hey, all these security problems don't stop companies from trying to bring that tech to you. It's the holy grail of commerce. Everyone wishes they could develop a standardized card or chip that holds ALL your information. Guess who looks like they're going to bring this to you? Yes. Microsoft. Yes, Microsoft. With their Passport tech. Go read about it. The company that routinely allows for major break-ins to Hotmail and its IIS web server platforms.

Not exactly an optimistic piece of news for the future of authentication, huh?

I admit though, the future isn't all that bad. There'll be a lot of disasters along the way, but there'll be a lot of safeguards built in as well. It'll continue to be a battle between the companies promising security and the hackers and exploiters. A stop and go ride to be sure. A contest between the predators and the protectors. We, the consumers, are the prize, the prey.

[ respond to this in the General Discussion forum ]


[ Return to the SOAPBOX ]


benturner.com:  click here to start at the beginning
RECENT NEWS (MORE):  Subscribe to my del.icio.us RSS feed! about moods | mood music
12/03/08 MOOD:  (mood:  yellow)