In fact, it’s not just great artists like Mr. Lucas and I starting up old projects, our honourable colleagues wearing the black hats have got the same idea. We have new victims reporting in, rumours abound of an auth system compromise at Citi, the Ombudsman is backlogged with months of disputed withdrawal cases, and some like Alain Job are even going to court.

One original contributor to the phantom case histories has just been hit by a second phantom withdrawal five years on and is chalking up another case in the files. While her new phantom is a bread-and-butter skim incident (a magstripe clone used in the far east), amongst this mass, true phantoms — the real mystery cases — are on the rise too. Two new victims with whom I have been corresponding very kindly offered to fund the hosting for the revamped site.

Let’s consider one of these mysteries. The McGaughey case has been reported in the media in Northern Ireland: dozens of withdrawals taking place over four weeks, totaling almost five thousand pounds, all within a ten mile radius of the McGaughey’s home. Summarised that way it looks like a classic first party fraud (couple short on cash withdraw money, then deny it later). But no-one in the family is short on cash, the McGaugheys look after their card details carefully, and have solid alibis at the time of many of the withdrawals, and the interlocking pattern of real and disputed withdrawals is such that any third party would have a hard time taking and returning the card (whether covertly or in collusion with the McGaugheys). No-one appears to have either the means or the motive.

Unusually the bank has been very cooperative, providing logs from their authorisation system (BASE24), including all of the cryptograms, input data and transaction parameters covering the affected transactions. Everything turns on the Application Transaction Counter (ATC), an on-card counter which increments with every transaction initiated. If an EMV chip can be fully cloned (secret keys and all), then it will have to submit an ATC value when transacting, and if used in parallel with the real card, it won’t be long before the same number pops up twice in the auth system, or large gaps in the sequence appear. The McGaughey’s ATC sequence appears to interlock perfectly: clearly the original card was used?

Of course logs can be misinterpreted (Badger) or even faked, auth systems may not work as expected, and customers may lie and cheat following all sorts of agendas; just around the corner the missing piece of the jigsaw may lie, which reveals the truth behind the case. And there is the totally separate matter of who should suffer the loss in the interim, whilst the truth remains unclear. Liability for disputed withdrawals is the most hotly contested issue of all.

phantomwithdrawals.com can’t do much more for the McGaugheys, but it can bear witness. Documenting the incidence of phantoms and the experiences of customers disputing them adds much needed transparency to the process, and helps researchers and experts seek out the really interesting cases.

Maybe we can lift the lid and discover the truth behind the “phantom menace” — everyone is united in that goal at least — but let’s also hope that Episode 2: Attack of the Clones has not yet started shooting!

Mike.

Like most of the service providers we talk to, they look to virtualization to provide immediate benefits to the business – e.g, cost savings from server consolidation and support for Green IT through cutting power/cooling requirements. And one more dimension to virtualization – Opus launched a new service, vClustr, which is a virtual dedicated server that provides the benefits of a fully managed dedicated server at a fraction of the cost…managed by EM7, of course.

We were happy to help Opus by working with them to implement our EM7 solution. Their growth plan was severely limited by inefficient processes and tools. As Opus grew rapidly in 2006, the tools they had in place were not easy to integrate as they were managed independently. There was a manual billing and ticketing infrastructure in place, and valuable engineer time was spent on maintaining what they had instead of enabling business growth. The company faced a choice, either grow by adding overhead and bodies or grow through automation.

Opus chose automation. They needed an automated solution to cover their immediate needs, and also enable them to scale processes for emerging technologies and future service offerings. Throughout their growth, Opus wanted to maintain their “customer first” philosophy and expand their green efforts.

By choosing EM7, Opus was able to replace their multiple, disparate tools with a single, integrated management system for networks, servers, applications, service desk assets and virtualization infrastructure. EM7 provided automated billing, ticketing, alerts and escalation options as well as a branded customer portal for transparency and self-service ticketing.

The results were tremendous. Opus Interactive recouped $130k per year of engineering resources. They automated critical operations to increase efficiency, enabled proactive monitoring and prepared for growth, while giving the business the processes and tools to grow the business without additional human capital resources.

We’re glad that we could help such a great company achieve their goals of providing an efficient “best-in-class” solution that combined superior customer service with a green philosophy.

Get the entire case study here.

ShareThis

When I discussed this openly with Waters in Muddy Waters comments they kindly replied that “customers are loath to be a reference client for a vendor,”  like this fact somehow justifies having 600 people, most who have never actually used the software in practice, vote on how great it is.  

Follow the Yellow Brick Road.

Or, as Mark Adler pointed out in his well written blog post The First Annual Fluffies for CEP , a secretive “panel of renowned judge” is going to tell us, via Jolt, who has the better solution?  Holy Cow Batman!   Let me buy a nice layout in your magazine  or web site,  please, so “my software company” will be on the short list for the “the awards”.  

Follow the Yellow Brick Road.

All this smoke-and-mirrors. share-the-love, marketing reminds me of The Matrix a bit, where the world as we observe it, is a complete artificial construction, where most people in the Matrix believe they are “real” because they do not know that they really just a computer generated program designed to keep humans happy as they sleep in some cold goop with electrodes stuck up their you-know-what, really just bio-batteries insuring the light bill is paid.

Follow the Yellow Brick Road.

Or better yet, these fluffies are similar to most of the Webinars we see where there are questions from “the audience” but we know that most of these questions did not come from the “audience” - yet we all seem to continue ”the  audience” myth just like Santa Claus and the Easter Bunny! 

Follow the Yellow Brick Road.

The Easter Bunny, Santa Claus, the Tooth Fairy and the Fluffy Awards are real, if you want them to be real.  Just close your eyes and click your heels three times….

Follow the Yellow Brick Road. Follow the Yellow Brick Road.
Follow, follow, follow, follow,
Follow the Yellow Brick Road.
Follow the Yellow Brick, Follow the Yellow Brick,
Follow the Yellow Brick Road.

We’re off to see the Wizard, The Wonderful Wizard of Oz.
You’ll find he is a whiz of a Wiz! If ever a Wiz! there was.
If ever oh ever a Wiz! there was The Wizard of Oz is one because,
Because, because, because, because, because.
Because of the wonderful things he does.
We’re off to see the Wizard. The Wonderful Wizard of Oz

Dan Munz, project manager of the Collaboration Project commented on the unique work that the National Academy of Public Administration (NAPA) is doing to bring together government leaders. The Collaboration Project seeks to innovate across government not just down the silos and create a safe place for leaders to have discussions around innovation.

ScienceLogic: What is the National Academy of Public Administration?

Dan Munz: The Academy is an independent, non-partisan, non-profit organization dedicated to tackling government’s most complex challenges. We were founded in 1967 by James Webb, the NASA administrator who took us to the moon – he saw that he could consult the National Academy of Sciences for expert technical advice, but had no counterpart in government for expert management advice. That’s been our mission ever since.

ScienceLogic: What is the Collaboration Project? How long has it been around?

Dan Munz: The Collaboration Project is the Academy’s response to two parallel trends we see in government. The first is the government’s need to transform the way it does business. There is a strong demand for change out there driven by a number of challenges that are forcing the government to rethink its mission and structure. Challenges include a public disconnected from government; a multi-sector workforce and increasing reliance on contractors; financial instability; and new types of security threats, just to name a few. More and more, the challenges facing government reach across the traditional boundaries of agency and mission. But government isn’t configured to work that way.

The second trend is the unprecedented opportunity collaborative technology offers to drive transformational change in government. Tools like blogs, wikis, and mashups are changing the way leaders think about problems. They’re focusing not on what they can do just within their offices or agencies, but what voices they need to pull together across government, non-profits, the general citizenry, and other stakeholders to solve these problems. The Collaboration Project’s goal is to encourage this type of thinking and empower leaders committed to use collaborative technology to:

• strengthen citizen civic engagement;
• enhance government transparency;
• improve service delivery and operational efficiency; and
• facilitate coordination and innovation within and between agencies.

ScienceLogic: Why focus on Web 2.0 in the government?

Dan Munz: The question of how web 2.0 will impact federal IT departments is a critical one. Our view is that “the era of big systems” is basically over. Things like disk space, bandwidth, and computing power are basically shifting from being assets to being commodities.

There’s also a shift in expectations. People both inside and outside government – especially Gen-X and Gen-Y – are incredibly frustrated by being able to use lightning-fast apps like Flickr, YouTube, and Facebook that don’t even live on their hard drives while the government and other large organizations still operate clunky PCs, space-limited e-mail accounts, and sluggish e-mail servers.

So aside from the opportunity for transformative leadership, the idea of web 2.0 at a government level is very appealing in terms of getting the most out of the IT infrastructure we already have, rather than embarking on costly, large-scale projects in an era of diminishing budgets.

ScienceLogic: How do you build a sense of community at the Collaboration Project?

Dan Munz: Some community feel emerges naturally, from a sense that mass collaboration really is a tool for “doing government” in a whole new way.

The more formal community building mechanisms we have include our web page, where we share insights, news, case studies, and other content – The virtual space serves as an anchor for people, whether they’re experts or beginners, to learn about what we do.

Finally, we are conducting an ongoing series of in-person meetings, usually featuring a leader who has harnessed collaborative technology in what we think is a truly revolutionary new way.

ScienceLogic: How do you hear about cool new government Web 2.0 projects?

Dan Munz: That’s a key question, because part of our mission is to inspire action by finding leaders who have succeeded and highlight their accomplishments. We’ve done that with folks like Kip Hawley, TSA, Molly O’Neill, EPA, and Jim Walker, Alabama DHS.

We also feel that the Academy’s position as a “safe space” for leaders means that we’re a place people can turn to when they hear about an emerging trend or project and want some help making sense of it.

ScienceLogic: What are the most innovative uses of Web 2.0 technology you’ve seen in the government?

Dan Munz: It’s important to distinguish between agencies that are simply adjusting to the reality of web 2.0, and those that are “using” it. Getting a YouTube account for your agency, or putting some photos on Flickr, is a great first step, but we want to inspire leaders to really transform their normal ways of doing business. At the moment a few that come to mind are the EPA Puget Sound Mashup, ODNI’s Intellipedia, TSA IdeaFactory, the PTO Peer-to-Patent Project, and Virtual Alabama, to name a few.

The TSA launched the IdeaFactory in February 2008. TSA set up a collaboration platform with commenting, voting, etc. to form communities in a way to bring people to consensus and offer ways to improve the agency’s performance.

ScienceLogic: Do you see a difference between state and local versus federal adoption of Web 2.0?

Dan Munz: That’s a hard generalization to make – at all levels you see leaders who recognize the potential in this technology to bring new voices into the governance process.

ScienceLogic: What are the obstacles to Web 2.0 adoption by government agencies?

Dan Munz: The three main challenges that we see are in the areas of technology, culture, and policy/governance.

The technology issue is probably the simplest to solve – it’s important to choose a technology that fits the problem you’re trying to solve, but these technologies are usually inexpensive and almost never very complex.

The question of culture is harder, particularly given the way that baby boomers, gen-xers, and millenials are beginning to interact in the workforce. How do you gain acceptance and buy-in among groups that have very different comfort levels with collaborative tools and environments?

Finally, the most daunting challenge might be the questions of policy and governance, if only because those are the things that most commonly prevent leaders from even dipping a toe in the waters of collaboration. Most of the policies, regulations, and statutes governing the way government does business don’t anticipate things like wikis, blogs, or instant messaging. One of our most important missions is helping leaders who just want to get to action navigate these obstacles.

ScienceLogic: Is there any advice you can give to government employees getting started with Web 2.0? Or any places you would point them to for more info?

Dan Munz: It’s shameless plug time! I’d of course point them to our web page, collaborationproject.org, where, among other things, we’ve collected a case library of over 40 instances of collaborative technology being used in the government and non-profit sectors. The library is growing every day and is a sort of “database of record” for what is and isn’t working in terms of collaborative government. I think that would be a great place to start for anyone looking to get started but not really knowing the way.

In terms of advice, the best thing to say is that, once you’ve settled on a problem you want to solve and an audience you want to reach out to, just do it! We believe strongly that there are a lot of organizational and leadership issues that still need to be addressed regarding collaboration in government, but our biggest mantra is about getting leaders to action. The most successful projects we’ve seen are ones that try something daring and new, and discover the true power of what they’ve done as it catches on more and more widely.

ShareThis

Yes, transparent government is a pretty good goal.  I think the authors of Freedom to Tinker have forgotten that not all Government data is fit for public consumption.  The problem is one of sanitization:  how do you clean all of the PII out of data before you release it to the public?  Not only that, but because of the size of the data sets, most likely you need an automated method to sanitize it.  I think that because of the sanitization factor that the Government would not gain that much efficiency by outsourcing the data presentation to others.

As with all things in security, this is nothing new.  There’s a little-known project (First Rule of “Fight Club” being what it is…) known as Radiant Mercury that does exactly this with classified data.  You can check out the basic concept in quasi-official presentations here (.pdf caveat) and here.

If we were going to make all this data available, we would need an unclassified version of Radiant Mercury to filter out all the PII and “Sensitive but Unclassified” bits.

Now as far as letting second parties build interfaces into the raw data, I’m torn on it.  On one hand, private industry can provide access to data “Now at Web 2.0 Speeds!” but on the other hand, then the Government loses control over the presentation and, by extension, accountability for the content.

Bookmark to:

From the Canadian Press:

Prime Minister Stephen Harper and his cabinet have exempted contracts with Parliament and Canada’s spy agency from oversight by a new ombudsman’s post that was central to the 2006 Conservative election campaign.

The government slipped the exemptions through last week in regulations that empower the contract procurement ombudsman under the Accountability Act - flagship legislation the government introduced as its first bill soon after taking office.

Opposition MPs were taken by surprise at the exemptions, saying they were unaware the Senate, the House of Commons and the Canadian Security Intelligence Service would be excluded from the ombudsman’s statutory duty to review contracts for “fairness, openness and transparency.”

The exemptions also mean anyone who has a complaint about contracts to supply goods or services to Parliament - including contracts with offices of MPs, senators or CSIS, will be unable to have them reviewed by the ombudsman.

Hey, now that seems reasonable. (insert heavy sarcasm)

Article Link

Looks like there is a new system in Ghana as well

E-zwhich smart launched

-ZWICH smartcard, a universal electronic system that facilitates easy access to and transfer of money has now become part of financial transactions in Ghana.

The new system which is also designed to remove the cumbersome and insecure processes of using cash, was launched in Accra yesterday by President J.A. Kufuor, with a call on corporate bodies and government agencies to use it to ensure transparency and integrity on payrolls.

E-zwich is an electronic payment system that allows one to make payments for goods and services or transfer money to others without having to carry physical cash.

Available at all banks countrywide, the system involves the loading of money onto the smart card after registering with any bank without necessarily having an accounts with that bank.

President Kufuor said the introduction of the system has the potential of transforming the payments landscape, the financial services industry and the general conduct of business in the country.

He said accessing the technology was an integral part of government’s overall vision of making Ghana the gateway to the West Africa sub-region and transforming her into a major financial hub.

The President said that globalisation has come with a major challenge of adopting best practices in all spheres of endeavour especially within the macro economy in order to survive in the market.

He said it was against that background that the government has pursued polices to develop and modernise the financial sector to enable it to play a key role in resource mobilisation for increased investment.

With the reforms and the stability of the macro-economy, President Kufuor said the nation was witnessing dramatic growth in the banking sector.

He pointed out, however, that inspite of the impressive growth of financial institutions, an estimated 80 per cent of the eligible population was still "un-banked" or "under-banked" and seemed not to have access to financial services.

Wonder when we will see US, UK, and other first world banks and brokerages catch up to Ghana and South Africa on these technologies? Is it really a good idea in 2008 to have everyone type their username and password into a web browser?