The path of least resistance to Doom

[Guest guest]

April 28, 2006

 

Why Americans are technology, political, and

educational laggards and how it will doom them

Posted by David Berlind

 

The other day, via CNET Networks' internal email

system, fellow ZDNet blogger and TechRepublic

technical director George Ou sounded an alarm about an

urgent online banking issue he came across on the Web

site for the SANS Institute.

It probably didn't get

the attention it should have. Ou blogged the item

with a headline that for many may require

 

That culture of convenience, laziness, and ignorance

is going to doom the US in the long run.

no further reading: Many banks failing to use SSL

authentication. Ouch. The risk to you if your bank

isn't using SSL authentication is that you could end

up logging into a Web site that looks like your bank's

Web site but isn't (some banks like BofA are using

interesting technologies to avoid this). By logging

into the impostor Web site, you'd be turning over your

banking credentials (user ID, password) to the bad

guys and what happens next may not be pretty. Wrote

Ou:

 

This looks really ugly for the American Banking system

as a whole and it's time that they cleaned up their

act and learn to use some basic cryptography. If you

have a bank on this hall of shame list where " SSL

Login Form " is listed as " optional " , be sure to

complain to them that this is unacceptable.

 

What's really scary about this is that for something

as sensitive as online banking, even the best banks in

the US are still using little more than single factor

security to grant you access to your bank account.

 

Two years ago, a friend from The Netherlands who was

visiting asked if he could use one of our PCs to do

some online banking. As he began to login to his

bank's Web site, he pulled a credit-card sized

authenticator out of his wallet.

Hardware-based

authenticators like RSA's keyfob-esque SecurID 700

generate a random sequence of numbers at regular time

intervals (eg: every 60 seconds).

The way this works

is, at any point in time when yo login to your banking

system, you have to use your authenticator to randomly

generate a key. I watched my friend as he pressed a

button on his authenticator and then, from

authenticator's LCD display, he read-off and keyed-in

(on the keyboard) a long string of randomly generated

digits.

 

If you had something similar and you were using one of

RSA's authenticators, then, the bank would have an

RSA-built appliance on its internal network that's

generating matching keys for your account.

The only

way someone can log into your account is if they have

your UserID, your password, and your authenticator.

Randomly generated keys are only good for a minute or

so. So, even if someone gets a hold of your UserID,

password, and one of the randomly generated keys (eg:

if they watched you key it on your keyboard), by the

time they got to a computer to pretend to be you, the

randomly generated key would have expired.

 

This to me is secure. I asked my friend how much it

costs to have the added level of security. " Nothing "

he said. While I'm sure the cost gets absorbed

somewhere and is passed along to customers, it comes

with the account (much the same way you get a free ATM

card in the US).

I'm not sure if every European bank

does this. But apparently, a bunch do. After

observing my friend in action, I started asking

knowledgeable people why US banks don't do the same

thing.

The consensus answer, I'm afraid, is a sad

commentary about our culture rather than some

technological roadblock. There are, of course, plenty

of Americans who would gladly exchange this bit of

friction in the system for the security it offers.

I'm one of them. But America is a culture of

convenience and additional friction — especially

friction that requires you to carry more gear with you

— apparently doesn't fly with most Americans.

 

Other examples of this are how most businesses don't

even check your ID anymore when you use your credit

card (I wrote " C PHOTO ID " on the back of mine but

half the clerks don't even turn the card over) .

Some merchants — for example the Dunkin Donuts in my

neighborhood — don't even require a signature anymore.

It gets me through the drive-in faster. Everywhere

you look, friction is being squeezed out of the system

and customers love it.

Just try adding friction to the system and customers

will take their business elsewhere.

Even worse, the more secure system involving

authenticators is apparently too sophisticated for

most Americans. As much as I don't want to believe

this, I've encountered enough of my compatriots in

person or have seen them on Jerry Springer to know

this is true.

 

Compared to other parts of the world, we're a

relatively unsophisticated bunch, us Americans. And

that culture of convenience, laziness, and ignorance

is going to doom the US in the long run because of how

it will deprive America of its edge in other areas

where it was once a beacon to the world. Democracy is

one of those. Education the other.

 

On the political front, we are no longer a nation of

people that goes deep on the issues and seeks out the

truth.

I'd like to believe there was a time when the

majority of Americans were passionate about democracy

and politics.

But perhaps I'm fooling myself. The People, helped

along by a failing media complex, have established a

preference for fast food politics.

 

Forget any real exploration. Just give us the sound

bites please, thank you very much.

 

Just yesterday, our culture of political convenience

was probed and picked apart on National Public Radio

when Tom Ashbrook interviewed Time Magazine columnist

Joe Klein whose book Politics Lost: How American

Democracy was Trivialized by People Who Think You're

Stupid was published this month.

American democracy is being trivialized because we

Americans are letting it happen. During the show, one

caller remarked on how John Kerry as a communicator

was very different in his town meetings leading up to

the 2004 Presidential Election than he was on TV in

front of the news cameras. Al Gore was the same way.

 

Before interviewing Gore on stage at one of Research

In Motion's annual Wireless Symposiums (this year's

event is coming up next month), I spent some time with

him backstage. I felt like I was talking to someone

I'd never met or seen before. I've heard the same

about President Bush too.

I'm not sure it's their fault.

The law of political information supply and demand

practically says there's no demand for the person with

the biggest supply of information.

Cure the sound-bites please

(and kill democracy while you're at it).

 

And if you want real evidence of how our culture of

convenience is going to doom the US (long term), just

check out what's going on in our education system. The

rest of the world's kids are hungry for worldliness

and knowledge. OK, maybe not all of them. But enough

of them to make most American kids look like laggards

that are too lazy to embrace benefits of two-factor

security (like the aforementioned authenticators) or,

worse, real democracy.

 

What motivates a child to weather sandstorms and

bullet crossfire to get into a classroom? Is it them?

Their parents? Their governments?

Or, is what's taking place in a technology-deprived

classroom in the foothills of an Afghan mountain that

much more titillating than what's happening in

American schools.

Perhaps one day when we as a people wake up to the

reality that China, India, Pakistan, and Singapore

have billions of engineers working in the R & D labs

that American companies had to relocate to Asia just

to stay competitive, things will change. But right

now, as evidenced by Time Magazine's recent cover

story — Dropout Nation — as far as I can tell, most

American children are being left behind and so too is

this country.

Unfortunately, we have no one else to blame but

ourselves.

Think I'm wrong?

In response to a recent blog of mine that quoted Mark

Cuban on the education issue, ZDNet reader Chris W

pointed me to a treatise by former New York State and

New York City Teacher of the Year John Taylor Gatto

who wrote:

 

Boredom is the common condition of schoolteachers, and

anyone who has spent time in a teachers' lounge can

vouch for the low energy, the whining, the dispirited

attitudes, to be found there.

When asked why they feel bored, the teachers tend to

blame the kids, as you might expect.

Who wouldn't get bored teaching students who are rude

and interested only in grades?

If even that.

Of course, teachers are themselves products of the

same twelve-year compulsory school programs that so

thoroughly bore their students, and as school

personnel they are trapped inside structures even more

rigid than those imposed upon the children.

Who, then, is to blame?….We all are.

 

Whether its online banking fraud, anarchy, or academic

underachievement, as long as we continue take the

convenient path of least resistance, the bed that

we'll all have to sleep in today, tomorrow, or in 10,

20, or 30 years will be the one that most of us asked

for.

 

©2006 CNET Networks, Inc.

 

135 comments

 

http://blogs.zdnet.com/BTL/?p=2946 & tag=nl.e540