PS Consultants - ideas & solutions

Inadvertently Open Systems
Ocotber 2000

Two years ago we were criticizing the banks and large businesses for being unduly paranoid about the security issues of the web when they used the lame excuse about credit card interception to justify their slow arrival on the web. Now they are doing their level best to prove that they were right all along and that the web is an insecure place to conduct business.

The first whoopsie was when Halifax customers’ share dealings became part of the world of “inadvertently open systems”.

Powergen also joined the fun by letting details of customer debit cards to be accessible, prompting ecommerce minister, Patricia Hewitt to get involved:

Hewitt said: "We are exploring with the company how best we might disseminate the lessons learnt to improve the performance of all those UK companies who are rising to the challenge of working online.

"While the standards of security of websites are not regulated, my department takes seriously its responsibility for promoting good information security to business."

Barclay’s Bank recent experience where users got to see other users banking details provided rich headline fodder for the usual alarm mongers of the media. The ultimate irony being that when the withdrew the new site and reverted to their previous site, another user got to see someone else’s details – but this time the culprit was good old human error. Allegedly.

However arising, these stories do not inspire consumer confidence in ecommerce, and the paranoids have a field day. So let’s recap briefly.

The answer to all this is a standard for security that goes rather beyond the SSL (secure socket layer) that allows browser users to communicate with servers with that reassuring padlock in the bottom of the browser frame. What this means is that the link between servers and browser is encrypted so that the data sent to and fro is (to all practical intents and purposes) not easily intercepted.

This is the point at which the wicked internet’s role in the matter ceases. The rest is down to inept programming and systems management by the individual service providers (banks etc), nothing to do with the net at all. Honestly.

Remember, the internet is only a fancy phone connection. It’s what goes on at the devices connected at end that matters, and there is no reason to imagine that just because Barclays IT department was too lethargic to want to implement a decent smart card ID system (for example), that the rest of the internet is somehow any less (or more) secure.

The media doesn’t start predicting the demise of the entire road system and the future of all forms of transport when a motor manufacturer recalls a vehicle to rectify some manufacturing defect, does it..?

It still couldn’t happen to a nicer company.

As of August 3rd., Microsoft has 2 months to respond to an EU probe into anti competitive behaviour by the Redmond lovelies.

Bill & Co. could be forgiven for a sense of déjà-vu after the US Department of Justice decision to contemplate breaking the company up into separate operating units. In June, Microsoft was found guilty of abusing its monopoly power in the market for PC operating software and uncompetitive behaviour in its fight against browser software rival Netscape.

The EU case is based on Sun’s assertion that Microsoft breached EU competition rules by engaging in discriminatory licensing and refusing to supply essential information on its windows operating system. Users with long enough memories to recall how Sun used to operate before its conversion on the Road to Open Systems may find this ironic, but it’s a fast moving business, and if Sun can longer enjoy its own private monopoly, why should Microsoft..?

And students pf the EU and irony will also enjoy this statement from the EU commissioner Mario Monti.:

"We will not tolerate the extension of existing dominance into adjacent markets through the leveraging of market power by anti-competitive means," the Commissioner said in a statement.

Readers will of course appreciate that the EU is fascinating example of a very nice legal monopoly, where mostly unelected officials direct the lives of some 200 million “subjects” who pay their salaries.

The penalty that the EU is able to exact in the event of finding Microsoft guilty is up to 10% of a company’s global operating revenues. This is more than enough to supply another Eu-funded international airport in the wilds of the Irish countryside, or pay for another 10,000 olive farmers to live long and prosper without ever growing another olive. Or fund the commissioners’ modest Brussels lifestyles well into the next century.

Whatever happens, the decisions will be appealed if they are not wholly sympathetic to Microsoft, so as usual, it’s Lawyers 99 - The Rest 0.