Credit Union Geek

Marketing, Strategy, and The Force by Joe Winn

Tag: bugs

A Challenging Balance: Safety & Security

The debate between privacy, safety, and security has been ongoing for longer than I can guess. I wouldn’t be surprised if cave dwellers used secret passwords to enter adjoining caves or offer assistance in hunts. What were those codes worth to other tribes?

While we may have evolved in language skills and developed mind-boggling technology, the basic premise is unchanged. There is a perception that your privacy in some way compromises the security of the masses. If law enforcement cannot read your mail, then how will they stop the next terrorist attack? Obviously, the discussion merits far more than a short CUBit on this humble blogger’s site. I won’t argue that point. There is a place to strike balances between the privacy rights of individuals with the security responsibilities of your government. But this balance should never tip excessively in favor of the latter. I’d argue it must always lean towards the individual. Even if that person has committed heinous crimes?

There’s the rub. To collect evidence against this one person would put the security of a billion others (most of which not citizens of this country, and therefore not beholden to its laws) at risk. Is the balance needle moved?

This precise situation came to a head yesterday. Remember that time a person shot a bunch of innocent people in San Bernardino? Yeah, no love for them and deepest sympathies to the victims and their families. Well, the shooter owned an iPhone 5C and the FBI wants to collect information from it. Unfortunately for their investigation, the suspect used a passcode. As you may know from your own devices, you can only get it wrong 10 times and the device will erase itself. This feature is so good that the FBI cannot bypass it. So, they did what you’d expect…ask for a key. Since iOS 8 (we’re on iOS 9.2, or 9.3 on beta), Apple stopped keeping encryption keys. This means only the person with the passcode can access the phone’s data, not Apple. The FBI went to court against Apple on the matter. Early this week, a Federal judge ruled that Apple must provide a way for the FBI to access the phone.

They refused.

“So Apple sides with terrorists?” you may say. No, they side with their customers. You see, to modify one device would mean opening all of them up to this same intrusion. “But it can prevent another shooting or even a terrorist attack!” This is circular reasoning, as it presumes the result at the outset. I could just as easily say that it causes a terrorist attack since malicious actors used this “backdoor” to access a government official’s phone. In that case, the argument would be that we should encrypt and secure our devices better. Not to mention all the cases where a suspect’s information could now be accessed by authorities with impunity. All that encryption and security would then mean nothing. It would be akin to having a state of the art deadbolt on your door, but not adding hinges.

Is there a solution? Yes, but it’s not great, and it’s a bug. Companies regularly offer “bug bounties”, or cash rewards, to hackers finding security issues in their software. If the FBI wants this information so bad, offer an enormous bug bounty, say, $5 million, to crack the iPhone’s encryption. However, stipulate that payment only occurs if the flaw is not publicly disclosed and is submitted to the FBI and Apple simultaneously. That way, the FBI gets what they want (access to the suspect’s phone), Apple doesn’t compromise their values or the software (and gains an opportunity to fix a flaw, making it more secure for all), and none of us lose security for the sake of one investigation. Perfect? No. It’s possible no one will figure out how to bypass the passcode lock. Then what?

What’s your take? Can you think of a better way to satisfy all parties? Is there a way to truly balance privacy and security? The comments are open.

PS – This affects your credit union and members, too. Just swap “key to phone” with “key to member data”.

If You Don’t Speak Up, Someone Else Might Not Too!

Has this ever happened to you?

I was using my web browser and noticed it behave in a way that seemed odd. Sure, I could have thought, “you silly computer” and continued on with my day. But I’m a geek, remember? So, I reported it directly to Apple. Turns out, the behavior was an unreported security issue. Do you use a Mac? Take a look at your recent Safari update details. Who do you see credited in that second bullet point?

Fast forward to the day that update was released. Many sites presented the changes, both visible and under the hood. While I was getting the computer back up-and-running, I noticed a change to the way it reported RAM being used. Oh, that’s not something you’d typically check? 😉 Once again, I could have said, “I’m sure someone else will pick up on it.” Instead, I wrote to the leading Apple reporting site online with a screenshot of the change. Not an hour later, they updated their article, visible to millions of visitors, with my comments and screenshot.

A difference was made.

Even though we’re all geeks in something, I’m not suggesting bug-hunting as a new staff strategy. But what about a staff member who notices a typo in a new marketing piece? Or a member stuck in a service loop? Do they feel empowered to speak out? How about places where it’s more subtle? Imagine your phone system. It has a recording for members, and may change depending on promotions or season. Say a staff member hears an old loan offer being discussed on the recording: “Not my department. Obviously, someone else already knows about it. I don’t want to be a bother.”

No matter your position, you are valuable. From the member who points out a slow drip in the branch bathroom to an MSR who informs management about a bug in the system, that voice made a difference. It might be substantial, saving your credit union large amounts of time and money. Or, the comment may spawn a small improvement, making the member experience just that little bit better.

Speaking out is scary. Why? We put ourselves out there. And we might be wrong. That’s ok. Create a culture of inclusiveness amongst your friends, family, and workplace. Whether above or below you on the “corporate ladder”, value that input! It won’t all be amazing, but sometimes, a bug will be found, a security vulnerability will be discovered, and a better member experience will be identified!

Image credit: http://stuffpoint.com/the-simpsons/image/92012-the-simpsons-speak-up.gif

Set Yourself to Auto-Update

How often do we just get drawn in to one project after another, not having an opportunity to step back and say, “let’s see how this all fits together”?

When your phone or computer gets stuck doing the same thing, churning away with no results, first we restart, then we clamor for an update. In fact, that’s what most of the updates you install are intended to correct; bugs encountered during normal use.

What is a bug? Without going into the technical, it is simply a situation, reproducible or not, when the system does not perform as intended by the user (who is following proper instructions). Naturally, when we can narrow down exactly what causes it to happen, we can more easily work to fix it.

Doesn’t that sound familiar? Ever find yourself doing the same thing, over and over, and just not getting the results you intended?

You need an update.

Even if you don’t have the time, force yourself to stop what you’re doing and take a look at the results. Are they what you hoped? If not, why? What can you change to edge closer to your goals?

Your computer doesn’t think it can stop for an update when it’s stuck in a loop. Then the update gets installed, and things move so much more smoothly.

There’s an update available. Install now?

Image by geekinside.com

© 2018 Credit Union Geek

Theme by Anders NorenUp ↑