How The Democrats Blew 2008: Florida's SAD voters

"We can now safely predict that the Democrats, once the clear favorites to sweep both houses and the presidency in November of 2008, will blow it."

Here's how: Hillary Clinton fights all the way to the convention in late August, demands she be awarded the Florida and Michigan delegates. This wastes so much money, resources, and goodwill that could have been spent defeating McCain in November, he wins.

McCain's 2008 victory is sealed by the Stay Away Democrats. These "sad voters" as the media may well christen them, are the people who feel their party failed them. Tens of thousands of these sads will be Floridians, specifically Floridians who didn't vote in their state's primary because their party said their vote wouldn't count.

To these people, and I know some of them,  the idea of awarding Florida's delegates to Clinton is so absurd, such a travesty of democracy, they will keep their wallets closed in the two months between convention and election day, and on that day they will stay home. If you think that won't happen, consider how a Floridian Obama supporter will feel if Clinton does get the nomination. Thousands of Floridian Obama supporters didn't vote in their state's primary. Their candidate did not campaign there. The entire vote had already been declared invalid. You could argue, indeed the Democratic party did argue, at the national level, that NOT voting in that election was the right thing to do. And your reward for doing the right thing? Your candidate is denied the nomination.

I can think of no precedent for this situation and right now the Democratic party is acting like it has no clue how huge this problem is. And maybe 2008 is already too broken to be fixed. The implications are enormous, a potential national tragedy. Brought to you by: The Democrats.

What Are Facebook Friends For? Maybe data mining

Further evidence that Facebook does not 'get' privacy is brought to you this month by the BBC, which recently built a Facebook application that could mine personal data from anyone who played it, and their friends. (In a nice touch of irony, the application was called The Miner, as in 'data miner' get it?)

A video clip from the BBC's Click programme can be seen here (you can find a text report here). It turns out that, by default, Facebook gives application developers wide-ranging access to anyone who installs the game, and their friends. Notice the theme here: "and their friends." In other words, you might be exercising due diligence over what you do with your Facebook account, but just one careless friend could undermine your privacy.



And you'll love the Facebook response: Using an application to abuse access would be a violation of the Facebook terms and conditions. Oh well then, no problem. That should take care of that. And here I was worried that someone would steal my credit card, but no worries, using someone else's credit card is a violation of Visa's terms and conditions. Those terms and conditions are probably what's limiting online credit card fraud losses to just a few billion dollars a year. And that's considerably less than what some analysts think Facebook is worth.

1-866-395-5011 or How Dell Loses Customers

Over the past two months we have been subjected to some serious harassment by Dell Computer, from which we purchased, last year, the one and only Dell Computer we will ever own. Nice computer, terrible company, particularly the part known as Dell Financial, which is apparently based on the other side of the planet. Most of the calls are hang-ups, sometimes half-a-dozen within a three hour period. Many have blocked caller ID. Many of the callers have Indian or Pakistani accents but lack the courtesy I normally associate with people from those regions. Sometimes, after we manage to get a word in and request that the calls stop,  we are assured that they will. But do they? Nooooo!

Best quote so far? "At your request your name has been added to our do-not-call list but bear in mind this will take 3 or 4 weeks to take effect." So let me get this straight: The web site says "Using an efficient, standards-based approach, Dell helps customers build dynamic IT infrastructures" but a change to a Dell customer list cannot be performed under 21 days?

Think we doth protest too much? Click here to see how many angry hits Dell's number gets on Google. Some of these links lead to forums where multiple posts make it clear that loads of people have been, and are getting, harassed by Dell. Of course, the idea may be get out of the computer financing business, annoy people so much that they pay off the balance, which is what we did (not that it stopped the calls).

I am mailing Dell a "cease communication" letter on Monday (certified of course). Violations supposedly carry a fine of $1,000. Maybe Dell is so clueless we will get lucky.

Amazing Coincidence

In yesterday's post I remarked on the need for CIOs and CSOs to raise the INFOrmation SECurity threat level. (Okay, I didn't actually say that, but that was the implication of what I did say.) Why? Because times are tight and that puts a fresh edge on computer crime, data leakage, and plain old data theft.

I also made the point that data theft was nothing new, something you can see for yourself if you Google the words data and theft and a year of your choosing. Serendipitously I chose 1985, and one of the results was this headline: "F-4 Design Data Taken in Theft at Parts Firm" from the Los Angeles Times, January 6, 1985:
"Computer cards containing sketches and design specifications for the F-4 Phantom jet fighter have been stolen from the Camarillo offices of a firm under investigation for alleged illegal shipment of F-4 parts to Iran, authorities said."

And wouldn't you know it, about an hour after yesterday's post I saw this story: Joint Strike Fighter secrets possibly compromised. Now, I should point out that this story does not say secrets were compromised, but it describes some less that stellar goings on at the Pentagon's Defense Security Service, which is apparently underfunded (like our soldiers in Iraq and Afghanistan and Walter Reed and Fort Bragg). There are three main points to note here...

Tough Times and Threat Levels: New wave of infosec issues:

Protecting information, and the systems that process it, is part science, part art. There is no scientifically established correlation [that I know of] between economic conditions and security breaches, but commonsense tells us that the temptation to steal, cheat, defraud, or simply fudge a little, can be greater when times are tough. Witness the Lending Tree case. "Several former employees of LendingTree are believed to have taken company passwords and given them to a handful of lenders who then accessed LendingTree customer data files."

Do such things happen in good times as well as bad? Sure, but I think the human mind is better able to justify certain acts, like data theft, when people are haunted by fears of foreclosure, bankruptcy, gas lines and food lines. And make no mistake, while stealing a loaf of bread might seem the most direct answer to the threat of hunger, data theft is an increasingly viable alternative when a desperate person needs money. Indeed, from an INFOrmation SECurity perspective, one things that makes the current economic downturn different from previous cycles is the existence of a thriving underground market for purloined data, on top of the ever-present market of unethical employees and employers.

When I was researching my first computer security book in the 1980s there was no shortage of examples of bad behavior involving data (e.g. "2 Arrested in Theft of DMV, Credit Data by Alleged Ring" LA Times, December 11, 1985; "Alleged Data Theft by AT&T Probed" Dallas Morning News, November 19, 1985; "Two Arrested in Theft of Customs Computer Data" Miami Herald, July 20, 1986, etc.). Two decades later there is a lot more data stored on computers, a lot more ways of stealing it, and a lot more ways of selling it. Consider:

New SQL attack methods are discovered.
New SQL attacks launched.
New methods of defeating disk encryption publicized.

These threats are real. These are not security experts crying wolf to drum up business. The need to batten down the hatches is greater than ever.

Let Them Eat Watermelon! Congress and the Many Crises

Oil crisis! Food crisis! Mortgage crisis! Healthcare crisis! Watch Nightly News these days and it's Nothing But Crisis. And what are our elected officials in Washington doing about it? A whole lot of nothing. A lot of talk, precious few results. Today, the American people are struggling with tough decisions, like whether to spend their shrinking earnings on the mortgage or health insurance or food. Meanwhile Congress is hunkered down under a nice dry roof, on full stomachs, with full medical and dental, and apparently unable to make tough decisions. Instead it's going for the easy options, the low-hanging legislative fruit as it were, like declaring Watermelon Month.

That's right, all these crises to deal with and their message seems to be: Let them eat watermelon! For many Americans aged 50 to 65 the cost of health insurance now exceeds the median monthly mortgage payment and its time to promote fruit? I mean, no offense to farmers who grow them, or the lovely Watermelon Queen, but is the following really the kind of stuff we want to pay our politicians for?
"Whereas watermelon has been a nutritious summer favorite from generation to generation; Whereas it is important to educate citizens of the United States regarding the health benefits of watermelon and other fruits and vegetables; and Whereas July would be an appropriate month to establish as National Watermelon Month: Now, therefore, be it Resolved, That it is the sense of the House of Representatives that there should be established a National Watermelon Month to recognize the health benefits of watermelon and the importance of watermelon to the agriculture industry of the United States."

At least we know at whom we should be spitting the seeds come Summer recess (and it won't be the Watermelon Queen).

The Price of Voting Rights

The fact that you need money to vote has always been democracy's dirty little secret, from the early experiments in England to the great experiment in these United States.

Over the centuries people with few means have had to pry concessions from those with many; the vote was extended from male landowners of a certain class, with a certain size of landholding, to all landowners, to all males regardless of wealth, to all men and women of a certain race, and so on.

Until yesterday's Supreme Court decision on Indiana's photo ID requirement, the direction was pretty much all one way, to encompass more and more members of society. Now it seems the tide is turning. Now you must be able to get your hands on enough money to obtain a photo ID or you can't vote.

The state of Indiana is providing free photo ID cards you say? But they are not making house calls. Read the Secretary of State's web site and you will see it is no easy matter to get one of these cards if you have no car and no phone (let alone access to the web site). There are people in every state for whom getting to the Bureau of Motor Vehicle is a major challenge. After all, why have neighborhood polling places if a precondition of voting is the ability to get out of the neighborhood? Any politician or Supreme Court judge who thinks getting a photo ID is no burden is out of touch.

Wachovia Gets Fined: Yikes or no yikes?

News of a big fine levied against Wachovia may, or may not, satisfy those who lost money thanks to the bank turning a blind eye to activity other banks said was clearly fraudulent (as blogged here a while back).

The word 'Yikes' is in play here because of its use in a Wachovia email that came to light. Here's how the NYT reported it:

“YIKES!!!!” wrote one Wachovia executive in 2005, warning colleagues that an account used by telemarketers had drawn 4,500 complaints. “DOUBLE YIKES!!!!” But Wachovia continued processing fraudulent transactions for that account and others."

Why? Because the fraudsters paid, presumably with money stolen from victims, huge fees to Wachovia so that the money would keep flowing. And you thought the sub-prime mortgage market was the only thing your bank's cupidity was screwing up.

Navy Needs Information Security Staff: But HR web site is down

If the world economy is headed downhill as fast as some pundits claim, a job with the US federal government might be a safer option than trusting one's future to free enterprise. Or so I was musing this morning when I decided to peruse usajobs.gov.

I found numerous Department of the Navy openings for something labeled "Information Technology Specialist (Security)." These openings were spread across the country so there was bound to be one nearby. And the listing suggest some urgency: "This notice is issued under the direct-hire authority to recruit new talent to occupations for which Department of the Navy has a severe shortage of candidates or a critical hiring need. As such, this notice is targeted to qualified United States citizens who are not current permanent Federal employees."

Bingo! I'm a citizen. There's a critical hiring need OR severe shortage of candidates, let's check it out. I was told to visit https://chart.donhr.navy.mil/. I boldly clicked and, well, nothing. Turns out that server has been off the grid for the past three hours and counting.

Okay, it's a Saturday and these are government jobs. Maybe Information Technology Specialists don't work weekends. I can dig that. So I decided to do a little more digging. What could I expect to earn in one of these jobs? Oh let's say, roughly, something between about $28,862 and oh, how about in the region of around $152,670 per year. That's about as useful as a prospective employer answering "Money" when a job applicant asks "What does the job pay?"

In the private sector a good IT security specialist can earn $150K. But it is hard to imagine a n IT security job starting at $29K (that's less than $14 an hour). So the government has an employment web site that urgently seeks information security specialists who could start at a pay level most people with the necessary skills would rate as "not worth it," rising to an upper pay level that is a whopping 5X the low end, applications for which cannot be accepted right now because the server is down.

People used to ask themselves "Who's running this country?" The question now seems to be "Is anyone running this country?"