| This 1966 Article About 'Computer Danger' Predicted a Bleak Future of Bank Crimes and Info Leaks [message #368771] |
Thu, 07 June 2018 10:54 |
Anne & Lynn Wheel
Messages: 3156
Registered: January 2012
Karma: 0
|
Senior Member |
|
|
This 1966 Article About 'Computer Danger' Predicted a Bleak Future of
Bank Crimes and Info Leaks
https://paleofuture.gizmodo.com/this-1966-article-about-comp uter-danger-predicted-a-ble-1826571043
A short editorial in the September 19, 1966 issue of the Sandusky
Register newspaper in Sandusky, Ohio predicted that life was about to
get worse as information, especially financial information, became more
centralized.
The editorial noted that although the "computer age" was "in its
infancy," the computerization of financial information would lead to
more robbery, more embezzlement, and a complete "assault on personal
privacy." And we can't say they were wrong.
.... snip ...
there are references to several other time-travel articles further down
the page.
Before the turn of the century we were brought in to help wordsmith some
cal. legislation. At the time they were working on electronic signature,
data breach notification, and opt-in privacy sharing. Several of the
participants were heavily into privacy issues and had done indepth,
detailed public surveys. The #1 problem was identity theft involving
fraudulent financial transactions, frequently involving information
obtained from breaches. At the time there was little or nothing being
done and it was hoped that the publicity from notifications might prompt
corrective action. The issue is that entities will take security
measures in self-protection ... however in these breaches, the
institutions weren't at risk, it was the public.
electronic signature posts
http://www.garlic.com/~lynn/subpubkey.html#signature
data breach notification posts
http://www.garlic.com/~lynn/submisc.html#data.breach.notific ation
I was co-author for X9 financial transaction standard for ALL retail
payments ... which slightly tweaked the current infrastructure and
eliminated ability to use information from data breaches for fraudulent
financial transaction (which would have drastically reduced the amount
that financial institutions set interchange fee charged merchants). It
didn't eliminate breaches, it just eliminated the risk of financial
fraud that resulted from breaches. Part of the issue is that there are
millions of these (merchant and transaction processing) financial
transaction repositories all over the world (required in dozen of
business processes). Rather than trying to secure them all, just
eliminated the risk of (and motivation for) breaches. The other issue
(security proportional to risk) is that profit for merchant from every
transaction (in their repositories) can be a dollar or two. The
(current) motivation behind the breaches is it puts at risk the account
balance or credit limit ... hundreds to thousands of dollars. As a
result, crooks can afford to spend hundred times more attacking the
systems (than merchants can afford to spend defending).
security proportional to risk posts
http://www.garlic.com/~lynn/submisc.html#security.proportion al.to.risk
Opt-in Privacy required institutions and other entities to have
authorization record from you permitting sharing your personal
information. Before opt-in passes, "opt-out" was added to GLBA
(preempting cal. legislation, now better known for repeal of
Glass-Steagall) which allowed institutions to share your personal
information unless they had record of you objecting to the sharing. Last
decade at annual national privacy conference in DC, there was a panel
discussion with the FCC commissioners. Somebody in the audience asked if
FCC was going to do anything about "opt-out". He said that he worked at
company providing call center technology to most of the national
financial institution ... and he said that none of them provided 1-800
call-in facilities any mechanism to make record of "opt-out" requests
(i.e. there would never be a record of people objecting to personal
information sharing).
I then was co-author of X9 financial industry privacy standard ... in
the intro I added the part about institutions have little motivation to
protect personal information.
The last product we did at IBM was HA/CMP ... past posts
http://www.garlic.com/~lynn/subtopic.html#hacmp
.... including working with RDBMS vendors on commercial cluster scaleup
and with national labs on scientific/technical cluster scaleup. Old post
about Jan1992 commercial scaleup meeting in Ellison's conference room.
http://www.garlic.com/~lynn/95.html#13
within a few weeks after the above meeting, cluster scaleup is
transferred, announced as IBM supercomputer (for technical/scientific
*ONLY*) and we were told we can't work on anything with more than four
processors. A few months later we leave IBM.
Later, two of the Oracle people (mentioned in the Jan1992 meeting post)
have left and are at a small client/server startup responsible for
something called "commerce server". We are brought in as consultants
because they wanted to do payment transactions on the server. The
startup had also invented some technology they called "SSL" they wanted
to use; the result is frequently called "electronic commerce". I had
absolute authority over the server to payment networks gateway ... but
could only make recommendations on the client/server side ... some of
which were almost immediately violated (that continue to account for
some number of exploits to this day). That experience in part motivated
the later work on financial standard that eliminated the risk associated
with exposing financial transaction details (as opposed to applying more
and more layers of security trying to prevent their exposure).
some SSL related posts
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
--
virtualization experience starting Jan1968, online at home since Mar1970
|
|
|
|
Members
Search
Help
Register
Login
Home
