Tag Archives: Data Protection

The My Face Value “Tout Free” Guarantee

My Face Value is preparing for launch on 31st December 2017. To keep up to date with the latest news follow us on Facebook and Twitter

The My Face Value ability to tackle the problem of touts using our community is key to  earning and retaining the trust of the My Face Value community. The algorithms that My Face Value have developed to solve this problem are only one of many unique selling points in the My Face Value promise to genuine fans.

Using Innovative Technology To Beat The Touts

Similar to the auditable Random Number Generator algorithms that our Random Picking Software utilises to ensure fairness & transparency when selecting winners of our competitions & promotions, our approach to Phishing Prevention, Intercept “Man in the Middle” Attacks and our proprietary Automated Tout Detection systems use our own set of proprietary processes and algorithms to keep My Face Value secure and “tout free”.

My Face Value have developed sophisticated mechanisms that protect the data that the My Face Value community entrust us with and prevent the My Face Value community unwittingly assisting touts in their efforts to buy tickets at face value.

Protection from Trolls and Hackers 

My Face Value expects to be the target of concerted campaigns by trolls (on a simplistic level) and hackers (in a sophisticated manner) because My Face Value are dislodging and disrupting a lucrative “street level” business as well as a “respectable” corporate sector who make large amounts of money from ticket touting and price gouging tickets to events.

The first target of these hacks as we see it would be to undermine the trust in the My Face Value community by targeting our community members’ data, in all its forms. But in particular our community members credit card details. Aside from the myriad white-hat hacker tests that we have conducted, our operating systems, applications and network configurations have been comprehensively penetration tested by leaders in the field.

The Safety of Your Data – Security & Encryption 

My Face Value uses security protocols that protect the My Face Value community member from malicious interception attacks. My Face Value use a secure and encrypted connection (HTTPS/SSL) when handling My Face Value community members’ data.

The My Face Value EV SSL certificate offers the highest available levels of trust and authentication to our website. When performing transactions, the green address bar prominently displays our company name and provides highly visual assurance to customers that our site is secure – immediately giving the My Face Value community member the confidence to complete their transaction.

Sensitive Data Storage

For a further level of comfort My Face Value use an external provider with PCI Service Provider Level 1 Certification (the most stringent level of certification) to manage the process of no-hassle security and compliance that meets all PCI-DSS requirements for desktop and mobile transactions [PCI-DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organisations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.]

No sensitive data hits the My Face Value servers. To bolster this counter measure My Face Value have added an extra layer of security in the form of Two-Factor Authentication.

Phantom Community Members / Spam Accounts

But how do My Face Value detect touts posing as allegedly legitimate community members and avoid the scenario where the tout uses the My Face Value community as a source of leads to purchase tickets at face value and then tout.

The My Face Value community, without the measures that we have taken, would be a readily available environment with millions of community members which touts could “raid” for tickets.

The Value of Anonymity

This process is outlined in great detail on our website and on our social media pages. But in short, the answer to preventing the use of My Face Value as a ticket sourcing platform for touts is “anonymity”.

The information posted by My Face Value community members in relation to BUY/SELL/SWAP requests is not visible to the My Face Value community. Rather My Face Value store the data and identify matching BUY requests with SELL offers and SWAP requests with SWAP matches.

The relevant My Face Value Community members are then notified simultaneously by email. The email contains a link and when clicked this link will allocate the ticket on a First-Come-First-Served basis to the first My Face Value community member who secures the ticket by making the required payment.

The SELLER / SWAPPERS are then requested to send the ticket(s) to My Face Value for a counterfeit check and thereafter – assuming no issues relating to payment fraud or counterfeiting arise – My Face Value will post the ticket to the BUYER and pay the SELLER or in the case of SWAPS post the tickets to the respective My Face Value community members.

The process is managed from end-to-end by My Face Value to ensure compliance.

Detecting “Organised Touting” in the My Face Value Community

My Face Value will keep the community tout free. The BUY/SELL/SWAP Process is conducted thru a series of simple menu selections. This process is outlined in detail on our website and on our social media pages. Once completed and in order to SUBMIT the information to the My Face Value databases – the My Face Value community member is requested to LOGIN, if they have not already done so, or REGISTER – if they are not an existing My Face Value community member.

Now the science bit – the steps in the REGISTRATION process provide one level of protection against touting – but not enough. Sweat shops exist and the industry (organised crime element) are well capable of setting up hundreds of identities and email addresses using pre-paid cards in an attempt to circumvent this LOGIN or REGISTER Wall counter measure.

Tout Prevention & Community Compliance 

My Face Value have developed systems to encode expertise for detecting touts, in the form of rules. Employing Big Data Analysis / Data Mining to develop community member behaviour patterns and profiles for matching against a baseline to detect deviations and automatic responses / actions or in certain cases issue automated real time notifications to the  My Face Value Tout Prevention & Community Compliance Team for examination (See Level 1-4 below for details on this process).

The My Face Value Pattern Recognition techniques to detect clusters or patterns of suspicious behaviour are automated to ensure scaleability. Machine learning techniques automatically identify the characteristics of touting. The My Face Value algorithms learn suspicious patterns from samples which are then used later to detect breaches.

My Face Value deploy these detection algorithms on a number of levels using statistical techniques and artificial intelligence:

Level 1: Email addresses used by a community member, contact telephone number provided by a community member, frequency and time of day of logins by a community member, number and type of payment instruments used by a community member, transactions levels (numbers of transactions) by a community member, types of transactions conducted by a community member – BUY/SELL/SWAP;

Level 2: Combining source metadata, platform and device usage, IP address, browser type, geo-location (clustering), proxy spoofing and VPN detection to augment the Level 1 data My Face Value hold on behaviour patterns;

Level 3: Cross referencing My Face Value community member profiles with publicly available information on social media accounts for pattern matching and augmenting the community member risk profiling data to augment the Level 1 and Level 2 data;

Level 4: In the event that all the information points to a positive breach of the My Face Value Community Guidelines then the community member will be blocked. In circumstances where the information points to a possible breach of the My Face Value Community Guidelines then the My Face Value Tout Prevention & Community Compliance Team will request identification and documents to prove that the “member” is not a phantom account AND that the documents supplied to vouch for that assertion are genuine.

The My Face Value “Tout Free” Guarantee

By implementing Behaviour Analytics & Profiling with Context Data the My Face Value Machine-Learning Algorithms ensure a tout free environment. These processes reduce to almost zero the ability for touts to engage in the volume transactions that would make the effort commercially viable or feasible.

Whether dealing with touts as individuals or organised gangs their inability to fool the profiling algorithms and/or comply with the My Face Value escalating requests for proof of identity to determine if a suspicious account is in fact a genuine fan will keep our community tout free.

The My Face Value Tout Prevention & Community Compliance Team

 

The USA, Narcissistic Rage, A Sense of Entitlement & Holding Our Rights Hostage

The US is taking a giant shit on all of us, and our rights. And we are letting them. This is a nation that is currently led by extremists who inherited the job from a crazily compromised administration.

I previously wrote in All The Presidents’ Messes:

“In my lifetime the American people have elected Nixon (Vietnam, Laos, Cambodia), Ford (by accident), Carter (Iranian Revolution & Iran Hostage debacle), Reagan (Funded the Taliban / Iran-Contra Affair / Nicaragua / El Salvador / Guatemala), Bush the First (Gulf War I), Clinton (Somalia, Rwanda, Haiti / Israel-Palestine / Ethnic Wars in Europe – Croats, Serbs and Bosnian Muslims / Kosovo & Albania), Bush the Second (Iraq / Afghanistan), Obama (IRANDEAL, global appeasement, the relatively unopposed rise of ISIS, and the disintegration of Syria and Libya and Egypt as a result of US Foreign Policy failures) and now Trump.”

All US policy decisions and their side-effects, one way or the other, cascade down into our European democracies. In the current climate that should worry you.

Privacy Is An Absolute Right

I am interested in Privacy. The abuse of Privacy (1) has far more fundamental negative effects than might seem to be the case at first glance.

I am an advocate for the right of every citizen to a private life, the preservation of civil liberties, and the defence of other hard won rights. Technology or rather its unfettered deployment is the single biggest threat to our personal freedoms and by extension to the proper administration of justice.

And so I write about it. Sometimes the writing is a bit technical but most of the time it’s referencing the technical results of other peoples work to support my arguments (which I always acknowledge – most important that is)

Orwell 4.0

Technology facilitated developments have created new tools for the State, Law Enforcement, and Intelligence Agencies to monitor not just person’s of interest but everyone (2). Software industry greed and software developer naivety is also driving an assault on our personal privacy and security (3).

These phenomena have already resulted in wholesale abuses (4) of habeas corpus, an alteration of the perception of what constitutes a fair trial, have worn down the right to silence of a suspect, made the avoidance of self-incrimination almost impossible, made illegal searches and seizures (5) acceptable, and encroached on the ability of defendants to construct a proper defence.

Recently, Graham Cluley (@gcluley) posted a clarification of a definition on Twitter“It’s always bugged me how people say “Innocent until proven guilty”. It’s “Innocent *unless* proven guilty” folks.” – that is worth thinking about in an age of trial by media and JTC-as-a-Service (JTC – Jumping to Conclusions a.k.a Fake News).

In parallel with this there is an increasing trend of “ordinary” crimes being tried in “extra-ordinary” courts, tribunals, or military courts. The checks and balances that used to notionally counter the power of the state and where the actions of government could be publicly scrutinized has almost ceased to effectively exist.

Surveillance politics, the rise of extremists on the left and the right, religious fanaticism, the re-emergence of censorship and even actual talk of “blasphemy laws” in the parliaments of Western democracies leaves one bewildered. How will we fare when even newer technologies such as VRSN, and AI with even greater capacity to embed themselves in our lives begin to mature from the novel stage into the deployment stage?

What will be the effect of kinematic fingerprinting, emotion detection (6), psychographic profiling (7), and thought extraction (8) on the right to privacy and basic freedoms. These are questions and concerns that get lost in the rush to innovate. Software companies and developers have a responsibility but they do not exercise it very often.

What are the ethics? What are the acceptable limits? What are the unforeseen by-products?

The US Has Claimed “Absolute Privilege”

The US is the bully on the block and its “bitch” friends the UK (9), Canada, New Zealand (10), & Australia (11) just follow its lead or actively facilitate them.

The opacity of US laws (12) and SIGINT collection methods is an abuse of the rights of every defendant that comes in front of their Courts. Increasingly, that is just about anybody that they can lay their hands on, from anywhere (13).

The election of Trump just solidified my view that the world has turned upside down and it seems that taking action to reverse the trend of the normalisation of the abnormal (14) is a Sisyphean task and just seems to encourage the buggers (15).

The US position on most of these matters is ephemeral – not just on data protection (16) – and US national interest, national security, or just plain duplicity (17) governs their agenda.

There is so much abuse of power by the US that it is impossible to keep tabs. These things used to matter (18). These things used to enrage us (19). The US has led a race to the bottom on so many fronts that the rest of the world seems to be suffering from bad news fatigue (20) and has zoned out (21).

It is individuals and NGO’s now that are the gatekeepers of our rights and the ones that hold governments to account and increasingly they are being marginalized.

References

(1) Anonymous Chronic; 21st Nov 2016; NSA, GCHQ, The Five Eyes Handing Ireland Cyber-Security Opportunity; AirGap Anonymity Collective

(2) Anonymous Chronic; 21st Nov 2016; Mass Surveillance & The Oxford Comma Analogy; AirGap Anonymity Collective

(3) Anonymous Chronic; 21st Nov 2016; Software Industry Greed is Driving the Assault on our Privacy & Security; AirGap Anonymity Collective

(4) Kim Zetter; 26th Oct 2017; The Most Controversial Hacking Cases of the Past Decade; Wired

(5) Andy Greenberg; 10th Oct 2014; Judge Rejects Defense That FBI Illegally Hacked Silk Road – On A Technicality; Wired

(6) Anonymous Chronic; 3rd Jan 2017; Orwell 4.0: The Stealth Advance of Kinematic Fingerprinting & Emotion Detection for Mass Manipulation; AirGap Anonymity Collective

(7) Anonymous Chronic; 4th Feb 2017; Is Kosinski “Tesla” to Nix’s “Marconi” for Big Data Psychographic Profiling?;AirGap Anonymity Collective

(8) Ian Johnston; 18th Apr 2017; Device that can literally read your mind invented by scientists; Independent

(9) Anonymous Chronic; 30th Nov 2016; My Privacy Lobotomy or How I Learned to Stop Worrying & Love the IP Act; AirGap Anonymity Collective

(10) Anonymous Chronic; 3rd Nov 2016; Overwatch – The Five Eyes Espionage Alliance; AirGap Anonymity Collective

(11) Anonymous Chronic; 21st Nov 2016; Australia Is A Proxy War for the Five Eyes & Also Hogwarts; AirGap Anonymity Collective

(12) American Civil Liberties Union & Human Rights Watch; 21st Nov 2016; Joint letter to European Commission on EU-US Privacy Shield; Human Right Watch)

(13) Tom O’Connor; 6th Jul 2017; Russia Accuses US of Hunting and Kidnapping Its Citizens After Latest Arrests; Newsweek

(14) Anonymous Chronic; 29th Jan 2017; Take Action To Reverse The Present Trend Of The Normalisation of the Abnormal; AirGap Anonymity Collective

(15) Anonymous Chronic; 2nd Dec 2016; Silencing the Canary & The Key Powers & Reach of The IPA; AirGap Anonymity Collective

(16) Mary Carolan; 10th Mar 2017; Max Schrems claims US data privacy protections ‘ephemeral’; The Irish Times

(17) Shelley Moore Capito – United States Senator for West Virginia; 2nd Jul 2017; Stop Enabling Sex Traffickers Act of 2017; https://www.capito.senate.gov/

(18) Adam Taylor; 23rd Apr 2015; The U.S. keeps killing Americans in drone strikes, mostly by accident; The Washington Post

(19) HRW; 9th Dec 2014; USA and Torture: A History of Hypocrisy; Human Rights Watch

(20) Shannon Sexton; 30th Aug 2016; Five Ways to Avoid ‘Bad-News Fatigue’ and Stay Compassionately Engaged; Kripalu Center for Yoga & Health

(21) Susanne Babbel Ph.D.; 4th Jul 2012; Compassion Fatigue; Psychology Today

IBM Mainframe Ushers in New Era of Data Protection with Pervasive Encryption

Main take-outs in IBM Z Systems announcement:

  1. Pervasively encrypts data, all the time at any scale;
  2. Addresses global data breach epidemic;
  3. Helps automate compliance for EU General Data Protection Regulation, Federal Reserve and other emerging regulations;
  4. Encrypts data 18x faster than compared x86 platforms, at 5 percent of the cost (Source: “Pervasive Encryption: A New Paradigm for Protection,” K. R. E. Lind, Chief Systems Engineer, Solitaire Interglobal Ltd., June 30, 2017);
  5. Announces six IBM Cloud Blockchain data centers with IBM Z as encryption engine;
  6. Delivers groundbreaking Container Pricing for new solutions, such as instant payments.

The new data encryption capabilities are designed to address the global epidemic of data breaches, a major factor in the $8 trillion cybercrime impact on the global economy by 2022. Of the more than nine billion data records lost or stolen since 2013, only four percent were encrypted, making the vast majority of such data vulnerable to organized cybercrime rings, state actors and employees misusing access to sensitive information.

In the most significant re-positioning of mainframe technology in more than a decade, when the platform embraced Linux and open source software, IBM Z now dramatically expands the protective cryptographic umbrella of the world’s most advanced encryption technology and key protection. The system’s advanced cryptographic capability now extends across any data, networks, external devices or entire applications – such as the IBM Cloud Blockchain service – with no application changes and no impact on business service level agreements.

“The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale,” said Ross Mauri, General Manager, IBM Z. “We created a data protection engine for the cloud era to have a significant and immediate impact on global data security.”

ENDS

* From an article originally published on July 17 2017 on my Peerlyst blog

Does Legislation Stifle Innovation?

(From an article originally published in July 2017 on my peerlyst blog)

Does legislation stifle innovation? No. Why? Because it legislates in “catch up mode” mostly and on those rare occasions when the legislators do see something coming in advance (examples? I don’t have any actually) – then they fail to implement the legislation or put in place checks and balances to monitor compliance.

Legislators are better at legislating for the abuse of data – the IP Act in the UK – in favour of mass surveillance and warrantless omnipresent spying and eavesdropping. It’s a catch all bucket – much easier than putting your back into it and figuring it out with Privacy, Civil Liberty and Human Rights in mind.

Legislators are looking to heavily regulate IoT. One wonders what their approach will be since they have failed or chose to ignore (more likely), it would appear, to legislate and police the most basic elements of Data Protection despite some of the first statutes being enacted (in Europe) as far back as 1986.

Now we have the kerfuffle of the NIS Directive (compelling member states to “be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority” – another agency just when we thought that the ones that we had were as bad as the disjointed un-joined up implementation of policy could get) and GDPR (which contains the bizarrely general statement in Clause 4 that “The processing of personal data should be designed to serve mankind”) – good luck implementing that.

Data Protection legislation for much of the intervening period was “lip-service” and PR driven. The DATA PROTECTION ACT, 1988 was publicised by the Irish government as an innovative “first of its kind” legislation that would set the Republic of Ireland apart and create a “privacy regulated” USP for RoI as an FDI (foreign direct investment) destination.

The IDA boasts on their website “We favour green lights over red tape, which is why we are one of the best countries in the world for ease of doing business (Forbes). New business is welcomed and supported by the flow of talent coming from our schools, universities and abroad, to work for high-performing companies across a range of cutting-edge sectors.”

What this really means is that regulation in Ireland with respect to Data Protection and Central Bank governance (both having a direct impact on the operations of the likes of EU headquartered tech giants based in Ireland – Google, eBay,Facebook, Twitter, HubSpot etc … pick a name – they are based in Ireland somewhere) was all about accommodating whatever these firms asked for, with scant or little regard to what the privacy protections in the legislation actually dictated in terms of consumer / end user protection.

Put the following statement in front of your local Data Protection commission and ask them to respond with respect to their view on the best way to protect the consumer while enabling innovation – prepare for an answer characterised by vanilla, non-committal prose peppered with out of context TLA’s.

“Dear Data Protection Commissioner, How Does Your Office Propose To Balance Classically-Conceived Privacy Concepts In Light Of The Business Imperative Of Providing The End User With Contextual Richness?”

The Office of the Data Protection Commission and the Central Bank of Ireland are widely regarded as complicit in the wholesale abuse of the data protection, privacy and tax obligations of tech companies operating in the country.

Understaffed, under-skilled and under-whelming, these outfits have presided over some of the most spectacular breaches of these obligations.

Now, they seek to add to their NP-Complete task and their ever expanding skills gap – the area of IoT regulation.

They will be tasked with creating law to govern how companies should implement security protocols and data protection measures to control the people who use the information generated by IoT (or those who seek to illegally acquire it) and the application of Big Data, IoT, AI, data analytics, and machine learning.

I have no faith that Ireland or Europe will stay on the edge of the curve of innovation in order to regulate its expansion in a controlled and understood manner. But I could be wrong. Do you think that I am wrong? I would love to hear counter arguments to my usual cynical stance on these issues.

ENDS