Sunday, June 26, 2005

IRS Hackage Happens . . .

It looks like IRS may have, as they say in the vernacular, screwed the pooch. How much do you want to bet that if IRS information can be hacked, it has been?

When it comes to my own computer security, I have choices to make. I can open an e-mail adressed to me, or not. I can even not use e-mail. I can pay by on-line checking account or I can write "dead-tree" checks and send them through the mail. Or I can pay by cash and get a receipt. I can install a firewall, or not. I can use security software, or not. I don't even have to have a computer; I can go to the library. I can open up accounts using computer identities different from my own. And I don't have to buy anything on line. I can control how much information I, personally, put on line and how much information I pull off the web onto my own computer.

But I have no control over information about me collected by others. My medical and financial records, and yours, together with lots of other information about me are out there stored in electronic bits and bytes in a multitude of public and private servers hither and yon. These bits and bytes are watched over by youthful geeks and geekettes who may or may not have degrees in computerology, and who may or may not spend their working hours hiding their computer games and "free" tunes on their employers' servers, and who may or may not care about preserving the integrity of the data they guard -- except insofar as guarding the data from unauthorized intrusion resembles a computer game where the evil dark lord is a hacker fellow geek. Regardless of what they may or may not think, these folk probably have the notion that "information wants to be free." And most certainly, these folk are company men, each and every one. They will do what they are told by their superiors to assure a continued paycheck and access.

And who are the superiors employing the geeks preserving the security of your personal information? Bean counters seeking the least costly, most shoddy product that can still be sold without the formation of an actual lynch mob. Marketers designing the exact fictional exploitation of consumer fear and need likely to generate a desired commercial response. Peddlers who don't plan to be there tomorrow when you discover you've been had. Politicians who will say anything to obtain the attention of the media. And senators (spit).

These are the kinds of people who peddle a "superior operational plan" for operating energy production companies, where the plan consists of trumpeting fictional earnings to inflate stock values of stock bonuses. These are the kinds of people who will sell a rollover-prone SUV on the premise that SUVs are safer for your family. These are the kinds of poeple who tell you how much they care about their customers and make it unlikely that any actual customer will maneuver through the automated telephone tree to speak with anybody who can make a difference or cares to. These are the kinds of people who, based on their performance, can't be trusted to keep roads consistently free of potholes or provide enough money to lock up the felons placed in their charge for a period of years. These are the kinds of people who make a decision to confiscate fingernail clippers and manhandle boobs as a condition of flying on a commercial airline from Seattle to Los Angeles, but who also figure it's a good idea to leave the entire southern and northern national borders relatively unwatched. And these people are senators (spit).

You don't have a choice when you deal with IRS. Tell them what they want to know. But don't worry. According to the self-serving announcements of big business and big government, the information you supply is confidential.

That's what they say but too often it isn't what they do. The problem is -- what about accountability? If you or I screw up when we deal with these business and corporate bureaucrats, we aren't entitled to say, "We're sorry, gee guys, we screwed up but we are really working hard on it. Probably won't happen again. "

But that pretty much is the response of government officials when they screw up.

Not good enough. I figure it's possible in a large state or corporate bureaucracy to track through the records and find out exactly who made the bonehead decision that compromised our information supplied without choice on the legal promise of confidentiality. But it isn't done because the boss doesn't want to.

I want to see something like this on CNN:

Today, CNN has learned that it was Bob Hypothetical, a senior analyst in the buggery audit team of the financial controls section of the comptrollerz office of Continental Pivot Co, who two years ago decided to postpone implementation of the hacker prevention program suggested by the financial controls section. Bob thought the budget for security would not permit it so he killed the program rather than bust the budget. Being over-budget would have looked bad on his personal job evaluation. The rejected program would have prevented the recent massive loss of personal finacial information including pin numbers that recently made its way to Nigeria, leading to thousands of people being billed for a pledge to Nigerian Public Television in the amount of $10,000 each. CNN has also learned that Mr. Hypothetical was fired from his job. Finally, CNN has learned that Mr. Hypothetical resides at 1234 Tamer Lane in East Disease, Georgia, where inquiries about his present job hunt may be addressed.

It would only have to happen once. Betcha security would get a lot better all over the place.

No comments: