Slashdot Mirror

SharkJumper writes "Looks like this question has been asked before, but might be due for an update. I'm a self-employed programmer who is about to become a father. Previously, my family's insurance has come through my wife's employer, but she is eagerly looking forward to being a stay-at-home mom. We must look for that elusive low-cost insurance in order to enable her to do this. Losing her insurance is not a huge loss as, due to failed negotiations, the hospital in our city (3rd largest city in the state), along with most of the doctors that refer to it, is dumping the network (largest in the state) that our insurance uses. On the individual coverage plan front, my research shows story after story of deception, fraud, and general run-around or obfuscation by most of the major players and nearly all the minors. With all of the bad experiences out there, I've yet to see a good review of an insurance company. What does the Slashdot crowd use and recommend? Company and plan-type? PPO? HMO? HDHP + HSA (High Deductible Health Plan + Health Savings Account)?"

Yesterday's report of name-based blocking of money transfers as a result of U.S. Treasury policies intended to reduce the flow of money to Middle Eastern terrorists drew more than 800 comments. Western Union money transfers were at the heart of the linked Associated Press article, but as some of these comments point out, that's not the only case of interference in electronic financial transactions based on the names of the participants, akin to the use of the much-derided no-fly list. Read on for the Backslash summary of the conversation.

Several readers concentrated not just on the undesirability of government snooping on money transfers in the first place, but on the unintended but likely side-effects of heavy-handed government oversight of conventional money-transfer methods; as the AP article explained, there are ways to route around large-scale commercial services like Western Union, including informal networks called "hundis" or "hawalas." Reader quantaman calls increased control on conventional money-transfer services "worse than useless," writing:

"From what I can gather from the article this policy is actually harming security.

... If law abiding people are avoiding official institutions what makes them think that terrorists are stupid enough to use them?

More than that, by driving additional people to the hawalas it circumvents existing security measures. For starters, it means that more money (even the legit stuff) is moving around and they have no idea where it went. Also the additional people using the hawalas will mean they are more developed for the terrorists [to] use them. Additionally, when you uncover a hawala network it will be that much harder to pick out the terrorists, since you've added all these false positives. And finally, for the terrorists who would have used official institutions in the past since it was easy and the hawalas weren't developed, now you no longer have a money trail you can inspect later on.

All this security measure does is inconvenience and alientate a whole bunch of people while making the world a little less safe."

No matter how legitimate the ends to which it will be put, high-handed interference with the transfer of money isn't popular for other reasons, too. Reader ColourlessGreenIdeas writes "I know of a charity that works with (mostly Christian) organisations in the West Bank. Their usual way of getting money to their partners is to fly into Israel with a big bundle of money. Otherwise it tends to get massively delayed by U.S. banks."

(And at least one reader points out reason to suspect that Western Union in particular might have been willing to turn over information on its customers even in the absence of Treasury regulations.)

The Treasury regulations on which the name-filtering is based are clearly imperfect, but not quite as simplistic as certain comments painted them. Responding to the claim in the AP article that "Western Union prevented [taxi driver Abdul Rahman Maruthayil] from sending $120 to a friend at home last month because the recipient's name was Mohammed," reader lecithin says "Not true. They prevented him from sending the cash because his name was Sahir Mohammed. A bit of a difference. Perhaps a Sahir Mohammed has some links to 'bad guys'? Well, it happens here in the U.S. too. There are plenty of stories regarding people being put on the 'do not fly' list due to circumstances like this as well."

Reader bwcarty, too, calls "FUD" on claims that the list is indiscriminant or exclusively targets those with Arab names, writing "I work for a division of a large financial firm, and we are required to download a list of Specially Designated Nationals from the Treasury Department and compare names from it against new accounts and transfers. The list includes lists of suspected terrorists, and they're not all Arabic (think Irish Republican Army)."

Reader rhsanborn offers a similar account of the regulations and why they affect one-time transfers so significantly:

"... They aren't blocking people because they have some generic Arab name. They are blocking people who have names that match the Federal list of suspected terrorists. As someone mentioned above, something like Sahir Mohammed. Probably a perfect match for the list.

We too have to run periodic checks against the names in that database. If a match comes up, we have people individually check other information to confirm that it is an actual match (e.g. same name, different birthday).

We have open accounts with these people though, so we have a significant amount of time to deal with these. Western Union has a very short period of time because it is a one time transaction that happens relatively quickly."

Several readers related personal experience with the no-fly list, and a few pointed out some of its better-known shortcomings, such as a Soundex-based name database which has the potential to needlessly flag passengers like Senator Ted Kennedy and the former Sex Pistol Johnny Lydon (though as dan828 points out, Lydon has never actually been stopped because of the list).

Many readers denounced as racist the use of common Arab names to justify interference in money transfers. One response to that claim comes from reader mrxak, who offers a more innocuous explanation, namely imperfect information and a limited pool of names, which will inevitably contain variations of commonly used names. Such a system, he argues, is therefore based on pragmatism — not necessarily racism." Arguing that a similar system would pose just as much risk for "John Smiths" on the list as for those with Arab names, mrxak concedes the need for "a better system," and asks "but what kind of system would work?"

To this, reader eln had a ready answer: "Maybe a system where you gather a little more information about suspected terrorists other than their name before throwing them on some sort of list that prevents anyone with that name from doing all sorts of normal tasks. ... [O]f all of the pieces of information that can be used to identify a person, his name is probably the one that's most easily falsified. So, instead of doing some actual police work and gathering some actual evidence against an actual person, we decide to cast a wide net, and end up catching a lot of innocent people while actually decreasing our chances of catching the actual bad guy."

Jah-Wren Ryel's answer to the same question is more radical -- Ryel suggests that perhaps "none at all" is the best approach. He asks "What makes you think that any system could work?" Rather than spending money on elaborate surveillance or other intelligence-gathering efforts, Ryel says, "spend it on emergency services instead. ... No matter how many tax dollars you throw at the problem, terrorism is a tactic that can not be fully countered." Rather than concentrating on the prevention of terrorist acts, he argues, the most intelligent use of resources is on "the infrastructure that minimizes the damage. Better hospitals, better fire departments, better 'first responder' teams. That way, we get the benefit of the money spent regardless of if a terrorist blows up a building or an earthquake knocks it down."

The Israeli response to recurring attacks illustrates that these approaches may be in large part reconcilable; infrastructure improvements and intelligence gathering can certainly coexist, details of their implementation aside. The effectiveness of the pre-emptive side of any nation's approach to minimizing terrorist attacks, though, is slightly different from its approach to "fighting terror" in a broad sense.

On that note, reader karlandtanya describes measures such as the U.S. policies subjecting what might otherwise be private financial transactions to automated scrutiny as "effective, but still unfair," categorizing the use of name-based interference as what Bruce Schneier has described as "security theater." Karlandtanya writes, cynically, that in reaction to perceived security threats, "we present the appearance of security measures. Going overboard and causing outrage is just part of the salesmanship." To combat terror in a literal sense, he writes, "[t]he solution is, of course, the perception of security."

Thanks to all the readers whose comments informed the conversation, in particular to those whose comments are quoted above.

femto writes "Hew Raymond Griffiths, alleged to be one of the leaders of the warez group DrinkOrDie, is to be extradited to the United States after losing an appeal. The case is of interest as the appeal was based on the fact that during the offences, alleged to have been committed in the US, the accused did not leave Australia."

Iphtashu Fitz writes "CNet News is reporting that the US Secret Service in conjunction with authorities in six foreign countries have arrested 28 people in the last 48 hours on charges of identity theft, computer fraud, credit card fraud and conspiracy. Dubbed Operation Firewall, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria. The investigation started in July 2003 when the Secret Service began investigating an unspecified financial crime. They identified the website Shadowcrew.com whose members traded tutorials and information about identity theft and forgery and exchanged sensitive personal and financial information. The Shadowcrew website has since undergone a makeover thanks to the Secret Service. A press release about the operation can also be found on their website."

BWJones writes "National Geographic is running a story this month on surveillance. I received my copy today and the article is reasonably extensive (for National Geographic) and well written, covering many issues that get attention here on Slashdot both good and bad. There is coverage of what's good with the technologies (a program called Poseidon that helps ensure folks don't drown in swimming pools) and what's bad (death of privacy). In between are some additional details on backscatter X-ray and a taste of some of the security for the 2002 Winter Olympics here in SLC. I got to see a little bit more than the average person of the security during the winter games as our building was the emergency backup headquarters if anything went wrong and was routinely crawling with FBI and other folks including the Secret Service making for some interesting nights at the lab."

securitas writes "The President's Commission on the U.S. Postal Service's final report (PDF) has recommended that the USPS and the Department of Homeland Security develop sender identification technology for all U.S. mail. The commission said Intelligent Mail could bolster security and let consumers track the progress of all mail they send, which has been a top consumer demand in surveys. The report released July 31 reads, "Each piece of Intelligent Mail will carry a unique, machine-readable barcode (or other indicia) that will identify, at a minimum, the sender, the destination, and the class of mail... Intelligent Mail will allow the real-time tracking of individual mail pieces." Privacy advocates like the EFF and Center for Democracy & Technology are understandably concerned. The Final Recommendations are available in PDF format. More at Direct Marketers News and pro-privacy/civil liberties magazine Counterpunch." Jamie adds: This confuses me, because I read a news story in late 2001 which matter-of-factly explained that authorities would be contacting recipients of letters which went through a particular post office around the same time as an anthrax envelope. The implication, which I haven't seen any discussion of then or since, is that records are kept of every letter's travels through every post office. Anyone know anything about that? Update: mec does.

securitas writes "The President's Commission on the U.S. Postal Service's final report (PDF) has recommended that the USPS and the Department of Homeland Security develop sender identification technology for all U.S. mail. The commission said Intelligent Mail could bolster security and let consumers track the progress of all mail they send, which has been a top consumer demand in surveys. The report released July 31 reads, "Each piece of Intelligent Mail will carry a unique, machine-readable barcode (or other indicia) that will identify, at a minimum, the sender, the destination, and the class of mail... Intelligent Mail will allow the real-time tracking of individual mail pieces." Privacy advocates like the EFF and Center for Democracy & Technology are understandably concerned. The Final Recommendations are available in PDF format. More at Direct Marketers News and pro-privacy/civil liberties magazine Counterpunch." Jamie adds: This confuses me, because I read a news story in late 2001 which matter-of-factly explained that authorities would be contacting recipients of letters which went through a particular post office around the same time as an anthrax envelope. The implication, which I haven't seen any discussion of then or since, is that records are kept of every letter's travels through every post office. Anyone know anything about that? Update: mec does.

securitas writes "The President's Commission on the U.S. Postal Service's final report (PDF) has recommended that the USPS and the Department of Homeland Security develop sender identification technology for all U.S. mail. The commission said Intelligent Mail could bolster security and let consumers track the progress of all mail they send, which has been a top consumer demand in surveys. The report released July 31 reads, "Each piece of Intelligent Mail will carry a unique, machine-readable barcode (or other indicia) that will identify, at a minimum, the sender, the destination, and the class of mail... Intelligent Mail will allow the real-time tracking of individual mail pieces." Privacy advocates like the EFF and Center for Democracy & Technology are understandably concerned. The Final Recommendations are available in PDF format. More at Direct Marketers News and pro-privacy/civil liberties magazine Counterpunch." Jamie adds: This confuses me, because I read a news story in late 2001 which matter-of-factly explained that authorities would be contacting recipients of letters which went through a particular post office around the same time as an anthrax envelope. The implication, which I haven't seen any discussion of then or since, is that records are kept of every letter's travels through every post office. Anyone know anything about that? Update: mec does.

Slashdot covers the continuing efforts of music and other industries to eliminate digital copying of, well, just about anything. But what about paper copies? What if every color photocopy you made included a unique serial number to trace the page back to the copy machine? What if every color printer, down to the lowliest inkjet, printed an invisible watermark on every page it printed? What if every scanner included a watermark in every scan that was traceable back to the scanner?

Slashdot received a lot of submissions of this Privacy Forum article about ID numbers being "watermarked" (just like digital watermarks) into copies made by any color copy machine. Go ahead and read it; the rest of this story assumes that you've read the link.

This not a secret; I remember a case a few years ago where a Columbia University copier was being used to create counterfeit currency, and the imprinted copies were traced straight back to the machine used to create them (amazingly, Altavista turned up an article about this case). Basically, when color copiers first started getting good, the Treasury started leaning on manufacturers to make their products less useful for counterfeiting. AFAIK, there's no law in effect saying that manufacturers MUST include an anti-counterfeiting features in their devices; but on the other hand, there aren't very many equipment manufacturers, so they're easy to lean on.

So today, any copy you make with any color copier will include a unique serial number. Make sure you don't copy anything that someone might want to trace back to you on a color copier. Maybe this isn't that big a deal; color copiers aren't home appliances.

But now home scanners and inkjets make up a nice copying system for as little $200-300. The Treasury Department has a big program devoted to preventing digital copying, and it looks like one of their main concerns is consumer-grade equipment. The Bureau of Printing and Engraving is even soliciting proposals from vendors which have a system suitable for embedding these watermarks in all output produced by color inkjet printers.

Fighting counterfeiting is fine with me. Thus the systems which "recognize" currency and refuse to scan or print it don't seem like too much of an infringement. But embedding serial numbers in all printer output? Maybe I just have a cynical mind, but I can think of about a hundred reasons this is a bad idea.