Seeking Alpha

iTrax's  Instablog

Send Message
EXPERIENCE - KNOWLEDGE - INTEGRITY: 25 years of experience in media production; newspaper, magazines, radio, tv, web-publishing, multimedia and corporate communications . Also experienced in starting new business, management and consulting. Areas of expertice: Economic- and financial journalism,... More
My company:
H5F communications Ltd.
My blog:
My book:
View iTrax's Instablogs on:
  • Fight For Your Privacy (Or Someone Else Will)

    It's not like the citizens of Europe are taking to the streets to defend their right to keep their private dataprivate. They are probably not quite sure who to defend themself against. But an increasing number ofacademics and intellectuals across the EU are now lining up as the frontline in the upcoming battle of electronic consumer data. The computer industry lures with huge national income and millions of new jobs if they just get complete access to the information about your online activity stored in hundreds of large databases around the world.

    "The fact that so many came to sign the position actually shows that the situation is serious."

    Kai Rannenberg

    (click to enlarge)

    Leading academics across Europe are signing an online petition to support the European Commission's draft data protection regulation in protest at industry lobbying to weaken it. So far, more than 80 professors from computer science, law, economics and business administration disciplines have joined. The industry's hunt for profit could seriously undermine people's trust in companies who want to use their personal data, they warn, pointing out the financial risk involved.

    The outraging professors refers to a study conducted by the US based firm, Boston Consulting Group, that states profit potential could be seriously undermined if people do not trust companies who want to use their personal data. The group estimates €440 billion in 2020 in the EU alone is at risk if the industry fails to establish a trusted flow of data.

    The computer industry's lobbyists, on the other hand, are waving with surveys that says the companies will generate $1.1 trillion in revenue in 2015, while creating nearly 14 million new jobs worldwide.

    It may seem like the two conflicting parties are living in two separate worlds, (and to some degree they do), but soon we will all be united in one big global network called "The Cloud".

    Currently, companies can process personal data without client consent if they can argue that they have a legitimate interest in the use of that data. So far, unfortunately, the term "legitimate interest" leaves plenty of room for interpretation: When is an interest legitimate and when is it not?

    You see, there are two things going on here:

    Writing Their Own Laws

    First, the development of what the geeks call cloud computing, which means that data is stored on random servers around the globe instead of your own hard disk. This new technology is expected to change the whole computer business radically, making it possible to access and analyze large amount of information anywhere in the world.

    Second, the EU commission is about to finalize an update of the 18-year-old directive that aims to bring the law in line with the latest technologies. And this is where the privacy issue comes in.

    Some EU parliamentarians suggest that anonymized, pseudonomized and encrypted data should generally not be covered by the data protection regulation. They argue that such data is not "personal" any more. This misconception is dangerous.

    The right to be forgotten and fines for organizations that mishandle personal data are among the novelties some experts believe will ensure greater privacy rights for individuals, the writes. The protection of personal data is also guaranteed under the EU charter of fundamental rights.

    But pro-industry groups are pushing amendments into the regulation to help shape parliamentary committee opinion reports. Some of the amendments weakened the commission's draft by removing safeguards and introducing terminology that is more open to interpretation in favor of industry.

    The reports are then passed onto the civil liberties committee who get the final say in April before it goes to vote in the plenary.

    In February, the LobbyPlag website exposed dozens of euro-deputies who copy-pasted industry proposed amendments directly into the regulation.

    The practice, while not uncommon by EU lawmakers when drafting legislation, have convinced many of the academics to sign the petition in an attempt to shift the debate away from the industry's view that the regulation would harm innovation and competition. Adding that the uncertainty over data protection itself is what prevents some companies from adopting cloud computing services today.

    A Serious Situation

    The Data Protection in Europe' site was launched in February by four German academics and an Austrian colleague.

    "They decided they had to do something against EU lobbying on the draft regulation," says Anne Grauenhorst, who helps manage the site for the Centre for Advanced Security Research Darmstadt (Cased).

    The academics are spread among 19 member states while others have signed on from Switzerland and Norway. More are joining, according to the

    "If you had asked me last week, if we would have 80, I would have told you that certainly I would have liked it but I wouldn't have made any promises," Dr. Kai Rannenberg, professor at Goethe-University in Frankfurt/Main, says.

    Rannenberg said the intensity of lobbying in Brussels to weaken the regulation by the industry prompted them to create the site.

    "The fact that so many came to sign the position actually shows that the situation is serious," Ranneberg notes.

    In many articles, the current draft from the European Commission sets only vague goals. For further details, it establishes the European Commission itself as the institution that would later define details through 'delegated' and 'implementing' acts. This plan would put the European Commission into a position of power that does not correspond to the European constitutional requirements.


    Related by econoTwist's:

    Mar 15 8:11 AM | Link | Comment!
  • Gigant Social Media Security Hole In Banking

    Did you know that you can log into an American online banking service from outside the US, using only your Facebook log-in credentials? Well, now you do. And so does about a million criminal hackers from around the world…

    "That's the very, very, very risky thing about social networks. The idea of using them as an authentication platform really has its drawbacks. I really think it's a bad idea."

    Dr. Ken Baylor

    (click to enlarge)

    Facebook and access to millions of people through a single social login process . All customers right there on the platform. And aid in registering and creating new online accounts. This "dream of a bank marketer's" may soon turn into a horrible nightmare for the decision makers in the international banking industry.

    I have suspected for a while that this may be the case:

    But, last week it was confirmed through an article written by the banking industry itself and published on their own website,

    Not the fact that some banks have already started to allow users to access their bank accounts with a Facebook account as the only form for identification, but the fact that any breach of security that a user encounters on social networks could potentially spread to that person's online bank account, and from there, leak into to highly connected global system of online banking.

    According to vice president at information security research and advisory company NSS Labs. Dr. Ken Baylo, the social networking as an authentication factor have "just proven to be highly susceptible to malware, multiple times."

    Additionally. many unsophisticated users wouldn't't think twice about clicking on a malicious link, making it particularly enticing for criminals hackers.

    "That's the very, very, very risky thing about social networks," says Dr. Ken Baylor.

    "The idea of using them as an authentication platform really has its drawbacks. I really think it's a bad idea."

    "Banks outside the US are starting to allow direct access to online banking through Facebook and that's where there should be a concern about Facebook hacking," says Nicole Sturgill, research director in the cards and retail banking practice at CEB Towergroup.

    "Facebook should be used as a gateway to online banking, but there should be an extra layer of security. No one should be able to log in to online banking with nothing but their Facebook ID and password," Nicole Sturgill says.

    Most banks in the US, though, are still just using Twitter and Facebook for marketing and customer service messaging, rather than as a portal to online banking,

    Massive Gang Attacks

    Facebook, Twitter, Apple (AAPL) and at least 40 other companies were recently victim of the efforts of a band of high-tech criminals from Eastern Europe, according to Bloomberg.

    Twitter said in early February that 250.000 of its users' passwords may have been compromised.

    In addition, high-profile hacks of the branded Twitter accounts of Burger King and Jeep show just how vulnerable social media identities are.

    In the Burger King case, hackers changed the logo on the company's Twitter page to the McDonald's logo and spread false information that the fast food chain had been sold to McDonald's.

    Linkedin isn't much safer - the professional's social network has also endured attacks recently that have compromised millions of users' passwords.

    Last week, Facebook said it was targeted by thieves that loaded malicious software onto employees' computers directly through a compromised developer website.

    Over the weekend we've also come to learn that tech giants like APPLE and Microsoft are amongst the victims.

    But all of them claims that their users data have not been compromised.

    Now, do you believe that?

    Playing the Risk Game

    You better make up your mind pretty soon, because the banks are just doing what they think they do best:

    Calculate risks.

    "The use of a social sign-in is twofold. One, it expedite the process of sign-in because it's a common platform. Secondly, we can use the Facebook identity to expedite, because we can draw information out of the profile, also we actually use it as part of the identity check." says fintech entrepreneur Brett King,

    In addition to Facebook, banks are also planning to allow people to tie their bank accounts directly to Twitter.

    "The benefits, for us, outweigh the potential risk," says King.

    "The fact is that Facebook's login platform is still magnitudes more robust than most Internet banks."


    May I remind you that it is, in fact, Facebook that is getting hacked all the time!

    And most Internet banks are more vulnerable?

    "The more I look at Facebook's authorization and reliance on open standards for encryption, and then compare to some existing bank credential code, I am fairly convinced that large fintech providers aren't necessarily doing any better job in physically coding and securing authorization than many of the social sites," says Bradley Leimer, who heads the digital channel strategy for Northern California-based Mechanics Bank, in an email to American

    "Which means it is only a matter of time before we see larger scale breaches - all of it is testing our networks, I'm actually amazed we don't have more breaches that involve account data."

    This is just getting better and better….

    And Hedging the Risk

    Bankers need to make those risk decisions for themselves, says senior vice president of corporate development at digital direct marketing agency, New Control, and author of the Bank Marketing Strategy blog, Jim Marous.

    "I think this is all uncharted territory. It's one thing to have a small or a midsize bank overseas use Facebook sign-on or Twitter sign-on," he says. "But I think you move the needle exponentially when you talk about a large bank in the US doing this where there is more risk."

    According to fintech specialist Brett King at the financial servicer, Moven, they are now working on plans to hedge against cyber crime by requiring multi-factor authentication any time someone wants to move cash, that includes an additional PIN number and a one-time password.

    I really hope someone over there at Moven will remind Mr. King about the fact that he also have the option to hedge against cyber crime by buying some stocks in some IT security company…or short-sell his own….it's called "delta hedging"….look it up….

    Anyway - bankers need to make those risk decisions for themselves, says Jim Marous, a senior vice president of corporate development at digital direct marketing agency New Control, and author of the Bank Marketing Strategy blog.

    "I think this is all uncharted territory. It's one thing to have a small or a midsize bank overseas use Facebook sign-on or Twitter sign-on," he says. "But I think you move the needle exponentially when you talk about a large bank in the US doing this where there is more risk." finally writes that an inquiry had been sent to Facebook's press office seeking comment was not immediately answered, a tweet sent to Twitter was not answered, either. And, an email sent to LinkedIn also received no response.

    I have a strong feeling that the AmericanBanker have been asking the wrong people the wrong questions in a very wrong way…


    Related by the econoTwist's:

    Feb 26 6:55 AM | Link | Comment!
  • Microsoft Confirm: We've Been Hacked, Too

    We are not surprised, Microsoft writes in a statement released Friday afternoon. Quite frankly, neither am I…

    "As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion."

    Microsoft Security Response Center

    (click to enlarge)

    When trying to log on to my online banking service this morning, I was met by a message that said that the service was down due to technical problems. It may, or may not, be related, but somehow I got a feeling it perhaps was more to this story than met my sleepy eyes.

    And I really hate to tell you; I might be right.

    On the Microsoft security pages, I found the following statement, issued on Friday afternoon:

    "As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion."

    The IT giant goes on explaining:

    "During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations."

    Microsoft also says that the company has "no evidence of customer data being affected and our investigation is ongoing."

    Personally, I don't find these standard press release statements very reassuring

    In fact, I find the following line more interesting:

    "This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries."

    Compared to the banking industry's attempts to convince me that online banking is totally safe, it seems rather clear that they are not telling me everything...

    Here's the prior analysis of emerging threat trends by Microsoft.

    (Full statement)

    Related by econoTwist's:
    Feb 26 6:43 AM | Link | Comment!
Full index of posts »
Latest Followers


More »

Latest Comments

Posts by Themes
Instablogs are Seeking Alpha's free blogging platform customized for finance, with instant set up and exposure to millions of readers interested in the financial markets. Publish your own instablog in minutes.