Monday, September 25, 2017

How to alleviate the problem of identity and credit hacks?

Will a single crime revolutionize Iceland?

Sydney duo slapped with biggest ever fine for tobacco offences

The web is not as open as it once was, with nation-states exerting their power over the internet: “…Facebook encapsulates the reasons for the internet’s fragmentation — and increasingly, its consequences. The company has become so far-reaching that more than two billion people — about a quarter of the world’s population — now use Facebook each month. Internet users (excluding China) spend one in five minutes online within the Facebook universe, according to comScore, a research firm. And Mark Zuckerberg, Facebook’s chief executive, wants that dominance to grow. But politicians have struck back. China, which blocked Facebook in 2009, has resisted Mr. Zuckerberg’s efforts to get the social network back into the country. In Europe, officials have repudiated Facebook’s attempts to gather data from its messaging apps and third-party websites

Cybersecurity Ain’t the Only Game in Town: The Scams Multiply

Cybersecurity is much in today’s news, but it’s not the only source of scams– which are much more omnipresent than in the past.

Wharton – After Equifax, Can Our Data Ever Be Safe?

Follow up to previous posting – Equifax is one of many companies that collect information about you – via Knowledge@Wharton – “In the annals of data breaches, the Equifax hacking stands alone due to its sheer scale: Digital thieves traipsed through the personal information of 143 million Americans for several months to do with it as they pleased. “It is quite possibly the most serious data breach we’ve ever had in terms of its potential cost,” says Gerald Faulhaber, Wharton professor emeritus of business economics and public policy. “Whoever hacked it, wherever these things end up, this could be costing U.S. consumers billions of dollars over the next decade. It’s terrible.” What makes the breach especially risky for consumers is that Equifax — one of three national credit bureaus — held in one place crucial personal information regularly accessed by lenders, banks, credit card companies and other entities to assess one’s creditworthiness and do things like assign applicable interest rates. At the center of this data is the Social Security number (SSN), which consumers need in order to take out loans, get a job and perform other key activities. “If someone gets my Social Security number, there’s a lot of things they can do,” Faulhaber says. “That’s one of the things that make this a very dangerous hack…”

What if I told you that the credit rating companies already had a system to verify identities before opening new accounts — but, because this would be a minor inconvenience, and a drag on their profits, they only allow this status to last for 90 days for any given account unless a police report can be filed, and furthermore, while they may claim that they’ll do this, it’s not actually a legal requirement? From a Krebs on Security piece from 2015 (as ever, Krebs is two years ahead of the zeitgeist):
“With a fraud alert on your credit file, lenders or service providers should not grant credit in your name without first contacting you to obtain your approval — by phone or whatever other method you specify when you apply for the fraud alert … Fraud alerts only last for 90 days, although you can renew them as often as you like. More importantly, while lenders and service providers are supposed to seek and obtain your approval before granting credit in your name if you have a fraud alert on your file, they’re not legally required to do this.”
That’s right: a solution to the ongoing insane catastrophe which is the American credit system already exists. The infrastructure and process for it is already in place. But thanks to regulatory capture, an inability to understand the scale of data hacks that modern technology enables, or sheer incompetence, it only exists on a case-by-case, opt-in, short-term solution.
Obviously everybody should have this verification — “two-factor authentication,” if you will — turned  on and kept on. This would not be a panacea, of course. Security hipsters will loudly protest that  phones and email are terrible second authentication factors that no one should even consider using.  Phone and email are not ideal, but the point is, universalizing this existing solution would hugely improve matters for a relatively trivial cost.

That is from Jon Evans.  I still would like to know what is the social cost of identity theft.  Furthermore, what is the cost of identity theft as a ratio of the cost of some people simply not paying borrowed money back?

Everyone is all a-flutter on this issue, and attacking Equifax, but I am looking for more reliable information before voicing an opinion. Via How to alleviate the problem of identity and credit hacks? by Tyler Cowen

Out of Africa: Why the Migration Wave?

Why are so many risking their lives to flee Africa?

THIS SHOULDN’T SURPRISE ANYONE BUT…: Thousands of government contractors may have been hired illegally. A new paper from my think tank finds that many of the consultants who have replaced full-time government employees may have been hired contrary to the dictates of the Anti-Deficiency Act (ADA):

“In trying to reduce bureaucracy, the president and Congress focus on things like hiring freezes at agencies, but agencies simply turn to contractors instead, growing the bureaucracy with neither approval nor oversight from Congress,” said Robert Hanrahan, author of Bureaucratic Dark Energy. “Without specific authorization from Congress, hiring contractors for their specific skills to fill ongoing federal jobs is a felony. But many agencies do it nonetheless, as these laws are nearly never enforced. The bureaucracy grows ever larger thanks to this bureaucratic ‘dark energy’—an invisible force that allows government to expand at the discretion of the bureaucracy alone.”
Bureaucratic Dark Energy suggests two solutions for the lack of accountability that has lead federal agencies to misinterpret the “personal services” language in the Anti-Deficiency Act (ADA), a series of laws prohibiting agencies from hiring contractors except as appropriated and authorized by Congress. First, Congress must insist on enforcement of the Anti-Deficiency Act and punish civil servants who outsource their own jobs. Secondly, Congress should establish a private civil cause of action for ADA violations. There may be hundreds of cases at dozens of agencies amounting to billions of dollars in misappropriation. A small fraction of these sums awarded to successful plaintiffs should be a powerful incentive for agencies to rein in their spending on contractors.