[Am-info] A brief update and another request to the list - (LONG)

[Jeff Wasel]

[Forwarded to the AM-INFO list in behalf of Jeff Wasel -Gene Gaines]

Greetings AM-Infoers...

Some of you (John in particular) were kind enough to help with a project
with the UK's NHS I was working on. Thanks to your efforts, we were able to
stop, at least in one little corner, the inexorable march of the beast,
foiling all their FUD efforts with some well-placed open source- derivative
tools and processes. NDAs and all preclude me from further details, but
suffice to say, it was sweet to save the severely strapped service some
moohla, but more importantly, provide an immense improvement to a very
creaky infrastructure. Again, I really appreciate everyone's help here - you
guys are great.

I'm on to other areas, and I would again like to call upon the list. I am
beginning research into AML(anti-money laundering) technologies and have a
couple of requests.

First,given our M$-centric focus, I am interested in any information,
hear-say,
urban myth- in short, anything, that you may know or have heard regarding
the deficiencies of M$' tools in windows-based anti-money laundering
products or other financial security-related applications. These can include
commonly used tools such as credit-scoring, risk prevention, fraud
prevention, profiling in particular (basically neural and predictive
behaviour patterning), and the like. I have to believe that exploits exist
where particularly clever hackers have been able to conceal balance
transfers, currency conversions, or other financial instrument manipulation.
The Russians have shown themselves to particularly good at this, at least in
my initial research, and I am sure other various nasties have their eyes on
similar approaches.

Second, as I am out of the States, I am interested in what you all have to
say about the various legislative actions of the Gov't relative to "Homeland
Security" (god I hate that term; I keep thinking of the "Volksturm" or other
label of desperation) and the PATRIOT act. I've gotten a lot of information
from folks like the EFF and ACLU, but I am more interested in what those in
the trenches have to say. I am for the most part a libertarian, "keep 'yer
mitts off my stuff" American, so this is obviously of great, great concern
for me, particularly as the current government is supposedly philosophically
opposed to such nonsense. My previous 12 years in the Marines, working
primarily in special warfare and the intelligence community, tells me that a
lot of the "threat" is just bollocks, and there are other reasons afoot
here. This is the angle I'm after, if that helps you at all.

In particular, I am interested in how companies like M$ will react in
altering their software, particularly in light of past controversies like
the v-chip, NSA demands and the like. As you may have heard, Adm. John
Poindexter, from Iran-Contra days, has just been picked to head an
initiative called "Total Information Awareness" that, in effect, is tasked
with developing a super Carnivore-like data mining application, to prevent,
among other things, money laundering. It is insidious though, as much of its
use constitutes what is in effect a warrantless search among other
outrages... Much of my AML research focuses on the social as much as the
technical, and this is the angle I would respectfully request (as well as
the technical) from you all, James S. and some of the other legal folks in
particular.

As always, thanks again, and feel free to respond off-line (jeff@wasel.com
or j.j.wasel@lse.ac.uk); however, I feel this topical for the list, as given
M$' corporate ethics, it will be interesting to see how it balances
unbridled capitalism; those libertarian, contrarian values as espoused by
most in the software industry and the pressures of government to "play
along" with security demands.

Best regards to you all!

Jeff

Jeff Wasel
Doctoral Candidate
Department of Information Systems
Tower One, Fifth Floor
The London School of Economics
Houghton Street
London WC2A 2AE
j.j.wasel@lse.ac.uk
07764-944781