Friday, 3 May 2013

From AP to Yodlee via miiCard

Trust: miiCard foresees a new world
in which you can "grant access to your spouse ...
with a simple touch on a screen"

AP Twitter hack causes panic on Wall Street and sends Dow plunging

Wall Street collided with social media on Tuesday, when a false tweet from a trusted news organization sent the US stock market into freefall.

The 143-point fall in the Dow Jones industrial average came after hackers sent a message from the Twitter feed of the Associated Press, saying the White House had been hit by two explosions and that Barack Obama was injured. The fake tweet, which was immediately corrected by Associated Press employees, caused a sensation on Twitter and in the stock market ...
That was the Guardian, last week, 23 April 2013. Very unpleasant.

Traders are paid to respond quickly and they did – "the market recovered within a few minutes".

That time, the hackers caused a few minutes of panic. Next time it will be a few seconds. People are beginning to understand that hacking is very hard to protect against. And that information has to be checked before we decide that it's a fact. Even if it appears to come from a trusted source like AP. Because it may not be them operating the AP Twitter feed, it may be hackers, as it was in this case.

Six days later, a lot slower than the traders, enter the marketing men:
TRUST BREAKDOWN - WHY WE NEED TO OWN OUR ONLINE IDENTITIES

Posted on April 29th 2013
By: James Varga

... People, businesses, and governments need to be more proactive about creating and then managing trust online so that we can both prevent things like this from happening, and also turn on the possibility for a new future where completely new products and services are available online because we can trust one another. Imagine being able to access your medical records online, grant access to your spouse, and then send them to another doctor for a second opinion – all with a simple touch on a screen. It can happen if we build the trust frameworks necessary to both secure and manage those identities involved ...
It's not as though the individual sentences make much sense in the copy above but you get the drift.

It may help to tell you that Mr Varga is the chief executive officer of miiCard, a company which claims to provide "the only way to prove you are who you say you are purely online". (Apart from all the other companies making the same claim, you will no doubt wish to add.)

You know what's coming:
Our own identity service is working closely with the White House driven initiative in the US, efforts in the UK, and a number of private coalitions – including The Respect Network – to help accelerate this process and deliver online trust today. But to be effective, this will also take a commitment by users and businesses and organizations to embrace the concept and make it standard practice. Only when everyone commits to owning their online identity, can we truly build trust online and eliminate the possibility of fraud, hacks, or even more dire scenarios.
"Eliminate the possibility of fraud, hacks, or even more dire scenarios" – eliminate?

That's a tall order. Even James McCormick, who was sent down for 10 years yesterday, might have trouble pitching that line.

Before you subscribe to the miiCard service in the hope of eliminating fraud, hacks or even more dire consequences from your life, do take a look at the terms and conditions. "We will use reasonable endeavours to provide alerts in a timely manner with accurate information", they say at clause 9, very good of them, "however, we neither guarantee the delivery nor the accuracy of the content of any alert". Oh.

And then they start shouting:
THE CONTENT AND ALL SERVICES AND PRODUCTS ASSOCIATED WITH THE SERVICE OR PROVIDED THROUGH THE SERVICE ARE PROVIDED TO YOU ON AN “AS-IS” AND “AS AVAILABLE” BASIS. WE MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE CONTENT OR OPERATION OF THE SERVICE. YOU EXPRESSLY AGREE THAT YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK.
and they go on:
WE MAKE NO REPRESENTATIONS, WARRANTIES OR GUARANTEES, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, RELIABILITY OR COMPLETENESS OF THE CONTENT OF THE SERVICE, AND EXPRESSLY DISCLAIM ANY WARRANTIES OF NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE. WE MAKE NO REPRESENTATION, WARRANTY OR GUARANTEE THAT THE CONTENT THAT MAY BE AVAILABLE THROUGH THE SERVICE IS FREE OF INFECTION FROM ANY VIRUSES ...
and on:
WE SHALL NOT BE RESPONSIBLE OR LIABLE TO YOU OR TO ANY THIRD PARTY, WHETHER IN CONTRACT, WARRANTY, DELICT OR TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, LIQUIDATED DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE OR BUSINESS, ARISING IN WHOLE OR IN PART FROM YOUR ACCESS TO THE SERVICE ...
The Ts and Cs don't sound nearly as confident as Mr Varga's article, do they. In fact, there's a bit of a "trust breakdown" in the proceedings now, and it only gets worse if you move on to read the miiCard documents on:
  • security – to subscribe to miiCard you have to store your bank account details with Yodlee, a company you may or may not have heard of.
  • and privacy – miiCard promise to keep your data confidential unless they can't.
The problem was a few minutes of consternation on the stock markets. The proposed solution involves giving your bank account details to some total strangers. It's not obvious that the antenna is connected.

2 comments:

James Varga said...

Thank you David for the attention. I can only apologies for taking a few days to blog about this but these are busy times. I did find it an interesting step for the market to be so influenced by social media and wanted to share some of my own thoughts on the impact in the market.

Your right that the term ‘eliminate’ might be too strong of a word especially out of context of the blog but comparing it blunt fraud activity is a bit extreme.

Along with a number of others we are simply trying to make a difference in the market. To do so we have to, as an industry, bring awareness and shout about it. Yodlee is a very well established company as well as some of our other partners (Respect Network, OIX, Trust in Digital Life, etc). If you want more information about this please let me know as I’m happy to share information about this or anything else.

David Moss said...

Thank you for your response, Mr Varga.

Post a comment