Send a Tweet
Most Popular Choices
Share on Facebook Share on Twitter Share on LinkedIn Share on Reddit Tell A Friend Printer Friendly Page Save As Favorite View Favorites
OpEdNews Op Eds

Your Money or Your Life - Credit Cards, Identities and Democracy For Sale

By   Follow Me on Twitter     Message Joan Brunwasser       (Page 1 of 2 pages)     Permalink    (# of views)   7 comments

Related Topic(s): ; ; ; ; ; ; ; ; ; ; (more...) ; ; ; ; ; ; ; ; ; ; ; ; ; ; , Add Tags  (less...)
Add to My Group(s)

View Ratings | Rate It

Become a Fan
  (85 fans)
- Advertisement -
By any chance, did you catch Sixty Minutes a few Sundays ago? I’m referring to the segment hosted by Lesley Stahl called "Hi Tech Heist." It tells about the “worst high-tech heist in shopping history.” TJX – the parent company of TJMaxx and Marshalls – was the target, and the thieves netted themselves tens of millions of personal records over the course of 18 months. I’m going to tell you how it can be done. (But don’t worry that I’m giving away any secrets. You could go to YouTube and find simple instructions on how to do it yourself.) When your credit card is swiped, the data is routed to the bank or the store’s computer database via wireless network. While it’s in transit on this invisible pipeline, it’s in a highly vulnerable state made worse because the encryption software commonly used, called WEP, was rendered obsolete by repeated security breaches only a few years after its creation. Using WEP can also leave its stores with false sense of confidence, as management may feel the records are secure when they clearly are not. The thieves who siphoned the records from two Miami stores used a little free technology to penetrate the wireless network without even having to enter the building. Stahl’s escort, computer forensic investigator Kris Harms, achieved success while cruising the mall parking lot with nothing more than his laptop.

It’s doubly hard to understand why stores are still using and installing WEP, when a newer, better alternative, WPA, is available. Cost and inconvenience seem to be the main reasons retailers don’t upgrade and protect their customers. The expression “penny wise and pound foolish” comes immediately to mind.

Breaching security in two stores in Florida gave the thieves free access to 2,400 more stores across the country, Canada, and the U.K. Once the thieves were inside the network, they were able to meander undetected from store database to store database bagging, in this case, nearly 100 million credit card numbers. The haul also included social security numbers, dates of birth, driver’s license numbers, PIN numbers, military IDs, and even answers to those special security questions like, “What’s your mother’s maiden name?” Anyone who has ever applied for a credit card knows that’s all you need to be good to go.

Fully armed with all the pertinent information, imposters can make fraudulent purchases and entire identities can be stolen, recreated, and assumed. The purloined data is dispersed around the globe via internet auctions where four full identities can go for as little as $25. Take a moment to marvel at the size of this security breach – it takes your breath away. There are millions of complete and factual identities floating around, ready and available. So much for homeland security.

- Advertisement -
And where does this leave the lowly consumer? Lesley Stahl says, “I don’t know why anybody who looks into [it] would ever use a credit card, ever.” She is talking with Mark Rasch, who used to head the cyber-crime unit at the Department of Justice. He says that the hackers are winning this war. It’s not convenient to walk around with wads of cash, so “retailers need to adopt the next appropriate technology and the next one, and the next one, and the one after that, because they want people to keep buying from them. This is an arms race.” While credit card companies are the big winners – they expect to rake in $200 million next year by fining retailers that don’t update their security – in the upgrading frenzy, consumers and privacy are the first casualties.

To recap
Let’s isolate and examine the key elements of this story. We’ve got:
• Computers and databases;
• Insufficient security;
• A wireless network;
• A subsequent security breach;
• Billions of dollars lost and millions of customers at risk of identity theft and fraudulent purchases.
The prescription: more and more upgrades to keep up with the hackers. One of the parties – in this case, the credit card companies, is capitalizing on the crisis to make money. And the customer is left holding the bag.

Let’s recast this story with a different set of players and see if it sounds at all familiar. Substitute computerized voting or EVM (electronic voting machines) for store computers. Then add in the laughable and primitive security provisions that have been condemned in every independent study and hack conducted over the last five years.

- Advertisement -
Wireless network
Last year, investigative reporter Pokey Anderson explored the wireless capabilities of our election systems and made disturbing discoveries. Advanced Voting Solutions, for instance, brags about its ability to program and change data on as many as 1,000 voting machines simultaneously without even being in the same room. How? Remotely, via the wireless network. And how is this technology protected? With WEP – the same substandard, oft-hacked software that contributed to the notorious TJX debacle. Anderson quotes Dr. Avi Rubin, computer science professor at Johns Hopkins,
There are tools on the Internet to break WEP in seconds. We were the first to do it when I was at AT&T. I think that as bad as some of the voting machines are in terms of security, having wireless capability is a total disaster. I can’t think of a worse idea.

Even universally banning the technology would be impossible to enforce. The 2006  Brennan Center Report that identifies well over 100 potential threats to our elections puts banning wireless capability as #3. The document states,
Wireless components should not be permitted on any voting machines… Banning the use of wireless components (even when that involves disabling them), rather than requiring removal of these components, still leaves voting systems unnecessarily insecure. Among other reasons, a software attack program could be designed to re-activate any disabling of the wireless component.

In the very same way that access to the database of two stores allowed the TJX thieves access to 2,400 stores, so access to one computerized voting machine can allow access to thousands of others, even if they are not connected to one another. Over two years ago, computer security expert Bruce Schneier, wrote in "What's wrong with electronic voting machines?"
A software problem, whether accidental or intentional, can affect many thousands of machines and skew the results of an entire election…This has nothing to do with whether the voting machines are hooked up to the internet on election day…The threat is that the computer code could be modified while it is being developed and tested, either by one of the programmers or a hacker who gains access to the voting-machine company's network. It's much easier to surreptitiously modify a software system than a hardware system, and it's much easier to make these modifications undetectable.

Security breach
Let’s visit Cook County, Illinois, where I live, to see how easily these computerized systems can be hacked. In late October 2006, Bob Wilson and his colleagues at the Illinois Ballot Integrity Project conducted a friendly hack into the Cook County Online Voter Registration Database. They had notified the Chicago Board of Election Commissioners several weeks before about the disturbing security breach they had discovered, but nothing had been done to address the problem. Apparently, at least 1.5 million Cook County residents had all their most personal information exposed for six years – names, addresses, and social security numbers – a veritable gold mine for identity thieves. Another unnerving feature of the breach is that registration information could have been downloaded and edited, making election day a potential nightmare.

The result of those compromised voting computers is broken elections with results we can neither observe nor verify. Votes are routinely lost, flipped, or miscounted. Here are a few choice examples.
• The Gahanna I-B ward in Franklin County, Ohio 2004 where less than 700 voters magically yielded more than 4,000 votes,
• The Alaska 2004 Presidential race where there were 100,000 more votes than voters,
• The  Volusia County computers that, in 2000, suddenly and temporarily erased 16,000 votes, allowing Florida to move into the Bush column and affecting the national race.
Whatever your party affiliation, few can argue that our nation’s direction would have been quite a bit different under either Al Gore or John Kerry. The ramifications of stolen elections are huge.

Benefiting from the crisis
Critical reports and voting machine hacks have been piling up for years. Nevertheless, billions of federal tax dollars have gone into an electronic voting system plagued by major problems and a total lack of accountability or responsiveness on the part of the vendors. Vendors have extorted huge sums for maintenance and service, far exceeding their original estimates, according to Maryland’s former Governor, Republican Bob Ehrlich. Even when voters and municipalities decide to dump their DREs, the vendors are in place to sell them millions of dollars worth of optical scan machines and other “updated” election technology. Continuing to entrust our elections to this sleazy group of fraudsters is truly a question of national security and importance.

There are some scary king-size wrinkles when we use this inherently flawed, problem-ridden system. Here are two examples.

New York
New York is the last state to comply with HAVA – the Help America Vote Act of 2002. The Department of Justice is threatening to take over New York’s elections in order to make them buy the very EVM systems that have consistently failed so abysmally across the country. None of those machines pass New York’s more stringent standards and trying out a new system right before a presidential election is clearly a recipe for disaster. Forcing New York to adopt machines that fail their own high standards also means federalizing our elections and subverting states’ rights.

Andi Novick, of Northeast Citizens for Responsible Media, has written a number of good articles on this that you can find here. She makes the case simply and eloquently.
We need to keep writing in favor of elections the people can see and verify and understand with their own eyes. Would you accept a guy who takes all your votes, goes in a back room, comes out later and announces who won? Would you just trust him? Then resist these computers in New York.

In California, the word is in, and the last domino has fallen. All of the computerized voting machine systems tested in Secretary of State Bowen’s Top To Bottom Review (distilled here) failed miserably. ES&S, used in L.A. County, refused to submit the source code and therefore was not part of the tests. They finally did so and the reports concluded that they have also flunked, putting L.A. County voters at risk. This is very bad news because Bowen is considering running the February primary using these vulnerable machines, which could play a critical role in the upcoming 2008 election.

- Advertisement -
In “Testers for CA Secretary of State Finds LA County's ES&S E-Voting System Vulnerable to Hacking, Fraud and Manipulation,” Brad “BradBlog” Friedman writes,
Los Angeles County itself, a reliably Democratic-leaning county over all, carries an enormous number of votes for the state. It's the largest such county in the nation, larger even than two-thirds of the states in the country. Tampering with the vote tabulation in that one county alone, could easily change enough votes to see the Electoral College initiative passed successfully across the state.

The perfect storm of a compromised voting system and a democracy-thieving amendment could result in a historical shift even further toward a permanent one-party system. Is it a coincidence that two states are under attack are both large and Democratic? Demographics and Bush’s legacy do not bode well for Republicans. Under normal circumstances, 2008 would be as close to a sure thing as politics ever is.

Surely there are democracy-loving Republicans who eschew winning at all costs and want our political system to be as healthy as possible. It’s time for you to speak up! Democracy must have dissent, debate, discussion and accurate, observable elections to thrive.

Next Page  1  |  2


- Advertisement -

View Ratings | Rate It

Joan Brunwasser is a co-founder of Citizens for Election Reform (CER) which since 2005 existed for the sole purpose of raising the public awareness of the critical need for election reform. Our goal: to restore fair, accurate, transparent, secure elections where votes are cast in private and counted in public. Because the problems with electronic (computerized) voting systems include a lack of (more...)

Joan Brunwasser Social Media Pages: Facebook page url on login Profile not filled in       Twitter page url on login Profile not filled in       Linkedin page url on login Profile not filled in       Instagram page url on login Profile not filled in

Go To Commenting
The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Follow Me on Twitter     Writers Guidelines
Contact AuthorContact Author Contact EditorContact Editor Author PageView Authors' Articles

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Interview with Dr. Margaret Flowers, Arrested Tuesday at Senate Roundtable on Health Care

Renowned Stanford Psychologist Carol Dweck on "Mindset: The New Psychology of Success"

Howard Zinn on "The People Speak," the Supreme Court and Haiti

Fed Up With Corporate Tax Dodgers? Check Out!

Snopes confirms danger of Straight Ticket Voting (STV)

Literary Agent Shares Trade Secrets With New Writers