Why Americans are technology, political, and educational laggards and how it will doom them

Why Americans are technology, political, and educational laggards and how it will doom them

Summary: The other day, via CNET Networks' internal email system, fellow ZDNet blogger and TechRepublic technical director George Ou sounded an alarm about an urgent online banking issue he came across on the Web site for the SANS Institute.  It probably didn't get the attention it should have.

SHARE:
TOPICS: Banking
186

The other day, via CNET Networks' internal email system, fellow ZDNet blogger and TechRepublic technical director George Ou sounded an alarm about an urgent online banking issue he came across on the Web site for the SANS Institute.  It probably didn't get the attention it should have.  Ou blogged the item with a headline that for many may require That culture of convenience, laziness, and ignorance is going to doom the US in the long run. no further reading: Many banks failing to use SSL authentication.  Ouch.  The risk to you if your bank isn't using SSL authentication is that you could end up logging into a Web site that looks like your bank's Web site but isn't (some banks like BofA are using interesting technologies to avoid this).  By logging into the impostor Web site, you'd be turning over your banking credentials (user ID, password)  to the bad guys and what happens next may not be pretty. Wrote Ou:

This looks really ugly for the American Banking system as a whole and it's time that they cleaned up their act and learn to use some basic cryptography.  If you have a bank on this hall of shame list where "SSL Login Form" is listed as "optional", be sure to complain to them that this is unacceptable.

What's really scary about this is that for something as sensitive as online banking, even the best banks in the US are still using little more than single factor security to grant you access to your bank account.  Two years ago, a friend from The Netherlands who was visiting asked if he could use one of our PCs to do some online banking.  As he began to login to his bank's Web site, he pulled a credit-card sized authenticator out of his wallet.  Hardware-based authenticators like RSA's keyfob-esque SecurID 700 generate a random sequence of numbers at regular time intervals (eg: every 60 seconds).  The way this works is, at any point in time when yo login to your banking system, you have to use your authenticator to randomly generate a key.  I watched my friend as he pressed a button on his authenticator and then, from authenticator's LCD display, he read-off and keyed-in (on the keyboard) a long string of randomly generated digits.

If you had something similar and you were using one of RSA's authenticators, then, the bank would have an RSA-built appliance on its internal network that's generating matching keys for your account.  The only way someone can log into your account is if they have your UserID, your password, and your authenticator.  Randomly generated keys are only good for a minute or so.  So, even if someone gets a hold of your UserID, password, and one of the randomly generated keys (eg: if they watched you key it on your keyboard), by the time they got to a computer to pretend to be you, the randomly generated key would have expired.

This to me is secure.   I asked my friend how much it costs to have the added level of security.  "Nothing" he said.  While I'm sure the cost gets absorbed somewhere and is passed along to customers, it comes with the account (much the same way you get a free ATM card in the US).  I'm not sure if every European bank does this. But apparently, a bunch do.  After observing my friend in action, I started asking knowledgeable people why US banks don't do the same thing.  The consensus answer, I'm afraid, is a sad commentary about our culture rather than some technological roadblock.  There are, of course, plenty of Americans who would gladly exchange this bit of friction in the system for the security it offers.  I'm one of them.  But America is a culture of convenience and additional friction -- especially friction that requires you to carry more gear with you -- apparently doesn't fly with most Americans. 

Other examples of this are how most businesses don't even check your ID anymore when you use your credit card (I wrote "C PHOTO ID" on the back of mine but half the clerks don't even turn the card over) .  Some merchants -- for example the Dunkin Donuts in my neighborhood -- don't even require a signature anymore.  It gets me through the drive-in faster.  Everywhere you look, friction is being squeezed out of the system and customers love it.  Just try adding friction to the system and customers will take their business elsewhere.  Even worse, the more secure system involving authenticators is apparently too sophisticated for most Americans.  As much as I don't want to believe this, I've encountered enough of my compatriots in person or have seen them on Jerry Springer to know this is true. 

Compared to other parts of the world, we're a relatively unsophisticated bunch, us Americans.  And that culture of convenience, laziness, and ignorance is going to doom the US in the long run because of how it will deprive America of its edge in other areas where it was once a beacon to the world.  Democracy is one of those.  Education the other.

On the political front, we are no longer a nation of people that goes deep on the issues and seeks out the truth.  I'd like to believe there was a time when the majority of Americans were passionate about democracy and politics.  But perhaps I'm fooling myself.  The People, helped along by a failing media complex, have established a preference for fast food politics. Forget any real exploration.  Just give us the sound bites please, thank you very much. 

Just yesterday, our culture of political convenience was probed and picked apart on National Public Radio when Tom Ashbrook interviewed Time Magazine columnist Joe Klein whose book Politics Lost: How American Democracy was Trivialized by People Who Think You're Stupid was published this month.  American democracy is being trivialized because we Americans are letting it happen.  During the show, one caller remarked on how John Kerry as a communicator was very different in his town meetings leading up to the 2004 Presidential Election than he was on TV in front of the news cameras.  Al Gore was the same way.

Before interviewing Gore on stage at one of Research In Motion's annual Wireless Symposiums (this year's event is coming up next month), I spent some time with him backstage.  I felt like I was talking to someone I'd never met or seen before.  I've heard the same about President Bush too.  I'm not sure it's their fault.  The law of political information supply and demand practically says there's no demand for the person with the biggest supply of information.  Cure the sound-bites please (and kill democracy while you're at it). 

dropoutnation.jpgAnd if you want real evidence of how our culture of convenience is going to doom the US (long term), just check out what's going on in our education system. The rest of the world's kids are hungry for worldliness and knowledge.  OK, maybe not all of them.  But enough of them to make most American kids look like laggards that are too lazy to embrace benefits of two-factor security (like the aforementioned authenticators) or, worse, real democracy. 

What motivates a child to weather sandstorms and bullet crossfire to get into a classroom? Is it them? Their parents? Their governments? Or, is what's taking place in a technology-deprived classroom in the foothills of an Afghan mountain that much more titillating than what's happening in American schools.  Perhaps one day when we as a people wake up to the reality that China, India, Pakistan, and Singapore have billions of engineers working in the R&D labs that American companies had to relocate to Asia just to stay competitive, things will change.  But right now, as evidenced by Time Magazine's recent cover story -- Dropout Nation -- as far as I can tell, most American children are being left behind and so too is this country.  Unfortunately, we have no one else to blame but ourselves.  Think I'm wrong?  In response to a recent blog of mine that quoted Mark Cuban on the education issue, ZDNet reader Chris W pointed me to a treatise by former New York State and New York City Teacher of the Year John Taylor Gatto who wrote:

Boredom is the common condition of schoolteachers, and anyone who has spent time in a teachers' lounge can vouch for the low energy, the whining, the dispirited attitudes, to be found there. When asked why they feel bored, the teachers tend to blame the kids, as you might expect. Who wouldn't get bored teaching students who are rude and interested only in grades? If even that. Of course, teachers are themselves products of the same twelve-year compulsory school programs that so thoroughly bore their students, and as school personnel they are trapped inside structures even more rigid than those imposed upon the children. Who, then, is to blame?....We all are.

Whether its online banking fraud, anarchy, or academic underachievement, as long as we continue take the convenient path of least resistance, the bed that we'll all have to sleep in today, tomorrow, or in 10, 20, or 30 years will be the one that most of us asked for.

Topic: Banking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

186 comments
Log in or register to join the discussion
  • Regarding Dutch banking and the price for security

    According to the CapGemini World Retail Banking Report Dutch banking is the cheapest in Europe, for a normal account people pay 34 Euro, (you get a banking pas, a credit card and an account). EU average is 108 Euro's.

    In the Netherlands you can use any banking ATM for free, no charges apply. Credit card usage is low, as most of us just use our banking card and a pin code to pay (if you haven't got money on your account, you can't use it).

    For online sales they're rolling out a system called iDeal http://www.ideal.nl unfortunately only in dutch available but it works as follows.

    I buy something at an online shop, when i have to pay, i push the checkout button, it will ask which bank I use and will put the payment in my account, upon logging in into my bank account i can pay the amount. (indeed using all the security measures as you describe in the article). The shop is told that I've payed and receives the money within 48hrs. (try that for a creditcard ;) ). Is it expensive, no, it has an entrance fee of EU 100, subscription cost of EU 50 per month, and EU 0,62 per transaction.
    tombalablomba
    • Most Americans would say it's very expensive!

      I hope you get substantial interest on you average balance, because I haven't paid a cent for my checking account in 18 months (since my last overdraft), and that includes online banking with BillPay. The cost comes from only getting .5% interest on the average balance.
      jimbo_z
      • Well, they're getting what they're paying for . . .

        a more secure form of banking. And we're getting what we're paying nothing for.
        ebrke
      • payments

        Ok, you haven't payed for your checking account, but is your credit card free? Can you go to [b]any[/b] ATM in the US without having to pay? How long do transfers last between accounts?

        I think you would be surprised what we get for that amount of money. But then again, the market is somewhat different that the US market because credit cards are not as heavily used as in the US, and people tend to spend only the money the've got instead of borrowing or spending money that isn't there.
        tombalablomba
        • Paying for Checking...

          [b]Ok, you haven't payed for your checking account, but is your credit card free? Can you go to [i]any[/i] ATM in the US without having to pay? How long do transfers last between accounts?[/b]

          As long as it belongs to the same bank the card is issued by, generally yes, we can go to any ATM and it's free. Credit cards... That depends largely on the card itself. Is it an ATM card with a credit card logo on it - chances are it's free. If it's a "regular" credit card, then probably no. Premium cards (Amex, etc...) aren't free either.

          Transfers between accounts - once again, that depends. Is it a transfer between two linked accounts (i.e. both accessible with your ATM card), then the transfer itself is registered at the ATM in a matter of seconds but may require verification if the amount transfered is large.

          [b]I think you would be surprised what we get for that amount of money. But then again, the market is somewhat different that the US market because credit cards are not as heavily used as in the US, and people tend to spend only the money the've got instead of borrowing or spending money that isn't there.[/b]

          Sounds like you Europeans have a sound fiscal policy. Personally, I despise credit. Unfortunately, it can be a necessary evil. Saving up a big enough chunk of change to say, buy a car or house or other large ticket item is pretty difficult, if not impossible given the price of things these days. I agree though that people go bonkers with credit cards and dig themselves into some very deep holes. On the bright side, there ARE a lot of people who are waking up to this fact and an entire industry has cropped up to help them deal with it.
          Wolfie2K3
    • correction and addition

      Being Dutch myself, I would like to correct something: if you have a credit possibility on your bank account, it is very easy to pay even if you have no money on your account. I have a credit limit of euro 5000, never had to use all of it ;-)
      Furthermore, I think the last sentence is not for the individual customer, but the fee foor the company that wants to offer this possibility to its customers.
      For what I know of other countries, I think that The Netherlands has indeed a cheap and rather advanced banking system.
      european
    • The thought of entering my pin # into someone...

      elses system is dangerious to say the least. Ahy use of a debit card is dangerious. Once you enter your pin # you have lost control of the use of it. You are at the mercy of the holder of you #. As we have seen in the last month or so, companies are under no obligation to protect your information. And even if they were, the have no liability for you losses such time from work, expenses recovering you assests, only the acutual amount.
      sykandtyed
    • Unbelievably expensive

      This is incredibly expensive by U.S. standards. I would use my credit card for such transactions. It's free. There is no fee. As I read your message there is a EU 100 entrance fee plus EU 600 per year plus a transaction fee. That's about $800 per year just to have a debit card. Pretty strange by U.S. standards.
      bgc9
      • you've got it all wrong

        These are not [b]consumer[/b] charges.
        The are charges for stores who want to use the ideal system.
        A credit card company will charge a store 3-4%

        My debit card + credit card + internet banking costs me $45 p/y.
        DiRadical
    • Too Many Banks!

      Wow, with the EU Banking system so commoditized, why would you need more than one or two banks? Seems like just one big transaction processing and validation system.
      dpowell9
  • What do the Banks have to say on this subject?

    Have you or George tried to interview the ABA or any of the individual banks on this subject? It would be interesting to hear their perspective.
    Also, note that If the banks would agree on a technology, PC makers would likely add a card reader, or USP dongle to do the validation which would require no additional "friction" to the transaction other than plugging a dongle, or swiping a card in a card reader. Along the same lines, I would like to understand why, If I have multiple VISA accounts, I can't carry a single smart card which contains validation information for all 5 accounts (Plus all the hotel/airline promotional accounts and all my insurance information)? The hold-up is not technology. I'll even bet most customers would pay a couple of bucks a month for the convenience.
    jimbo_z
    • Form factor is a major problem

      As you point out, there's a problem in terms of what form factor is the one that wins? A few years back, Target issued smart card readers to anyone that got a Target credit card with the idea being they'd drive up revenue by virtue of the faith that the customers would place in reader-secured transactions (but only when buying from Target). It didn't fly. Whatever the form factor ends up being, it has to work everywhere (your PC, your friends, an Internet terminal, etc.). Some thin-client based kiosks have no provision for USB or card readers. The decision is so hard to make that it's just not getting made. At least with an authenticator like the RSA one, it's interface agnostic. It works everywhere there's a browser because you don't have to plug it in or swipe it. But, for some it's too inconvenient. Uggh.

      db
      dberlind
    • I'm going to try to

      I'm going to try and ask them.
      georgeou
      • Good for you, George

        The banks really need the heat and spotlight turne don them. They will avoid any responsibility and cost.

        I still cringe every time I do an online transaction, banking or otherwise because you just don't know and I don't trust them to make it right should something go wrong.
        ordaj9
    • What do the Banks have to say on this subject?

      Smart Card Readers and Tokens have been expensive for a Bank to give then to all online banking members, about $20 each. So the Banks basically say it has been cheaper to pay the Fraud.

      I have a new company that provides either a smart card or a Token for under $5 and we are just now starting to move it. Banks like it, so it's coming! It will connect to your microphone jack, which is available on all computers and therefore leave your valuable USB ports freed up.
      mangelinovich
    • t

      nt
      pkrdk
      • Read history, and learn

        Ever read about the Roman Empire, The US counterpart 2000 years ago ?

        They thought they ruled it all, knew it all and was generally better off that anybody else, and thought the WERE better than anybody else. Their main interests were partying, basking in the sun,and generally have a good time. Birthrate fell, population grew older, development stopped - and somebody else took over.

        Generally history repeats itself.
        pkrdk
        • Sound Like Europa Today

          Sounds like Europa as it is today not the U.S. Look at average number of hours worked per person among other stats. Trust me the U.S. might be going there but Europens will get there way before Americans will.
          bcclendinen
    • The inside story of a Dutch bank

      I work for a Dutch bank. It's a very special bank, though it's concept seems somewhat strange to my foreign friends:
      Our bank was founded in 1849 by Dutch farmers to protect themselves against poverty and hunger. It's a cooperative bank, which means there are no shareholders and no profit margins.
      We have no top-down structure, but consist of 250 independend local banks, owned by their members. There is no headquarter, but a central organisation who works for and supports the local banks.
      All decisions are made by consensus. Everybody has the right to provide their opinion. This can sometimes be a bit longwinded and might sometimes aggrevate those who are used to work for fast paced American companies.

      However, we aren't doing so bad, overall:
      We provide safe access to online banking with the use of small, portable random generators / card readers that can be used anywhere.
      We are also the largest internet bank in Europe, the largest bank in NL, the only privately owned triple-A bank in the world. We have a foundation to support local population in poor countries to start up their own cooperative banks and enable small businesses to grow.
      We have also just won the Dutch Usability Award 2006 for the most userfriendly Website in NL, designed by our inhouse design group and usability lab, one of the largest in NL.
      In the Netherlands, people call this the "poldermodel".
      aros
      • Hmmm..

        [b]I work for a Dutch bank. It's a very special bank, though it's concept seems somewhat strange to my foreign friends:
        Our bank was founded in 1849 by Dutch farmers to protect themselves against poverty and hunger. It's a cooperative bank, which means there are no shareholders and no profit margins.
        We have no top-down structure, but consist of 250 independend local banks, owned by their members. There is no headquarter, but a central organisation who works for and supports the local banks.
        All decisions are made by consensus. Everybody has the right to provide their opinion. This can sometimes be a bit longwinded and might sometimes aggrevate those who are used to work for fast paced American companies.[/b]

        This sounds a LOT like credit unions we've got in the US. The structure's similar in so far as it's not a "for profit" entity - they generally can offer some services cheaper than a regular bank.
        Wolfie2K3