After a successful career in capital markets, Cards, payments, identity, mobile internet voting technology. Philip is now focusing on developing a movie script focusing on IOF the Interplay Of Faiths.
Wednesday September 5th, 2018 I had the opportunity to speak to a Information Technology class about my ten successes and learning as a project and program manager. Below is the presentation I used with this I hope interested room full of student of Kennesaw State University.
Project Management Kennesaw 180905
Recently I was reading a blog and ran into an interesting statement
“In the beginning, there was nothing, and there was something.”
The blog goes on to talk about the binary construct or what we know as the world of computers. Three basic concepts are the foundation of all that a computer can do:
The most basic logic functions are the NOT, AND and OR gates.
IF something is FALSE, then it is NOT TRUE.
IF some OR another value is TRUE, the result is TRUE.
IF some AND another value is TRUE, the result is TRUE.
I immediately reflected back on a course in the Apologetics and remember the lecturer speaking the idea that SOMETHING cannot come from NOTHING. Somewhere between these two discussions is a rift. In that simple statement “In the Beginning” we immediately are drawn to think of the BEGINNING and the unimaginable be it “The Almighty” – “The Creator” – “God”. For the apologetic his argument is that something, our universe cannot emerge from the nothingness of nothing. There was something before call it the creator. Like the Big Bang what was before it? a previous universe that had collapsed into a Black hole.
We then think about Binary logic. It is built on the idea there is either nothing A Zero or there is Something A One.
There is something inherently missing from this
Transaction Costs and Tethers: Why I’m a Crypto Skeptic https://nyti.ms/2NYYSdw
As a technologist with an understanding of cryptography and very aware that in order to remain secure and tamper proof we increasingly increase the complexity of the work to assure the integrity of what we are using cryptography to protect. I wonder why so many people got so excited about Bit coin and Blockchain. As I have written before the cost to assure the integrity of the ledgar. Be it the original work to calculate the nonce or the subsequent work to confirm that the nonce the miner calculated was the right one, there is a need to spend money buying work specific computers, renting or building a facility to houses these work units and the power to cool and run these computers.
Mr. Krugman properly outlines the challenges. He effectively focuses on two issues. The cost and the idea of tethering.
It is this need to identify the value of the coin. Governments help to stabilize their defined currency. The intrinsic value or use of Gold, establishes its value.
Understanding and being able to clearly articulate how cryptocurrencies are valued and how then can achieve the stability necessary to support commerce is essential. This is what tethering is about. How do we establish and more importantly share the nature of the valuation.
Not too long ago, the House Ways and Means committee learned about and understood the difference between Identifiers (such as the PAN SSN, Driver License number, Email, User name, or account number) and an Authenticator.
A recent document produced by the Identity Coalition speaks to the challenge of identity. Found on their website https://www.betteridentity.org/
One paragraph reads
As a general rule, to be useful across multiple systems a widely used identifier must be persistent, meaning that it stays constant over time. The complexities induced by shifting an identifier to one that is not persistent – but revocable – are significant.
This is a pivotal thought and one we should embed in our thinking.
This report starts with a discussion about who can play a role and who has established coherent verification and proofing mechanisms that can be used as a root of trust. The Social Security number, given its pervasive place among the data stored about us, became an area of focus:
There are five steps that the government should take to change – and improve – the way we treat the SSN.
As I read through these choices, I replace the acronym SSN with PAN or any other identifier and I end up with the same concern. We have allowed identifiers to become authenticators and now struggle to replace them with something else (i.e., a token). When what we should have done is recognized that authentication was the missing element of the identity puzzle.
The report then continues with a set of recommendations including two areas of personal interest.
Strong Authentication Equals Multi-Factor Authentication
Promote and prioritize the use of strong authentication. Inherent in any policy change that prohibits use of the SSN as an authenticator is a way to replace it with something better. Here, the problem is not just with SSNs, but also with passwords and other “shared secrets” that are easily compromised by adversaries.
…
Multi-stakeholder efforts like the Fast Identity Online (FIDO) Alliance, the World Wide Web Consortium (W3C), and the GSMA have developed standards for next-generation authentication that are now being embedded in most devices, operating systems and browsers, in a way that enhances security, privacy and user experience.
International Coordination and Harmonization.
This one has particular meaning to me. My family lives in two countries, we are citizens of a third and we have lived in four. I want to be assured that whatever the process is to authenticate our identities in one will meet the basic requirements of all.
An interesting read and one I strongly recommend we work to promote.
I recently absorbed the following article and offer the following reflections.
http://paymentsjournal.com/there-are-an-estimated-how-many-million-smartphones-in-the-hands-of-us-consumers/
An article answering the question can now be found at this link.
http://paymentsjournal.com/could-a-us-cryptocurrency-prevent-systemic-harm-to-the-underbanked-and-underserved/
After reading the article, I thought about this graph derived from the US Census. What income level equates to that of the un-banked? I think of my expenses and about the expenses most people are dealing with. Health issuance for two people in Georgia is $1,100 a month. That’s a lot of people struggling to make sure they at least have health insurance! If $53,700 is the median income and $13 thousand is spent on health Insurance, and then we consider all the other daily expenses we need to live: food, medicine, co-pay, gas, utilities …
Then I remember an economics report which claimed that the hourly wage required to afford a place to live in the least expensive part of the US was something just over $15/hour. All of this causes me to ask the question – At what income do people find it of value to have a banking relationship, e.g. a card?
Those who argue that we should migrate from Cash to Card should remember the primary motivation for credit cards is directly related to the profits and revenue the banks, processors and other players who touch the flow of money earn from processing the payment transaction, and the revenues earned by lending money (i.e., a credit card) or by holding your money (a debit card).
Sure, we could propose giving the poor pre-paid cards, as some of the Government’s entitlement programs already do. But then who will be responsible for the fees to manage the program and who will earn the interchange from each transaction?
The service fees, OK, maybe we the taxpayer will cover, given the perceived social value of supporting the poor. On the other hand, entitlement is perceived by many to be a scheme to support the lazy, therefore many would say that the fees are part of what the entitlement should cover.
Let’s get back to the real subject at hand: What is the most economic form of payment and are crypto-currencies the future?
In the world of cards, interchange is a cost to the merchant and revenue to the Banks. Therefore, since merchants end up loading their processing costs into their price, the consumer pays. Those who advocate migration away from cash recognize and argue cash has costs, for intance:
Many would agree that a card is cheaper. Others would argue they are not. This becomes a question of faith in your employees, the cost of a safe and a visit to the bank and the fun of sitting up at night counting your earnings.
Are crypto-currencies an answer? At whose cost? The nodes or miners who maintain the Blockchain need to be paid to ensure the immutability and consensus inherent in the Bitcoin model. Someone must pay.
This begs the question: Which is more expensive to society?
A toll on the Massachusetts turnpike is $4.00, unless you can’t afford an EZPass then it will cost you $7.35*. This article published in Convenience, the web site of National Association of Convenience Stores (NACS), points out that restaurants are also increasingly eliminating cash and that the impact this has on the poor has finally started to create some pushback in D.C.:
“As more restaurants go cashless, a backlash is building, especially in the nation’s capital, where an increasing number of fast-casual eateries are only accepting credit or debit cards and mobile payments, the Washington Post reports. Sweetgreen, a national chain, doesn’t accept cash at most locations, including its Washington, D.C., unit, while Menchie’s, Barcelona Wine Bar, The Bruery, Jetties and Surfside in the District also refuse cash payments.
‘By denying the ability to use cash as a payment, businesses are effectively telling lower income and younger patrons that they are not welcome,’ said D.C. Council member David Grosso, who has introduced a bill that would require retailers to let customers pay in cash. Chicago didn’t pass a similar bill last year, and Massachusetts has a 1978 law on the books that’s for cash payments but it hasn’t been enforced regularly, according to the state retailers association.” (Emphasis by Payments Journal)
I was unaware of the 1978 Massachusetts law described here, but clearly MassDOT and the Massachusetts legislature are more interested in how it will spend the money saved and the new revenue generated than it is in old laws. The fact that the policy to go all electronic will also increase late payment fines from the poor, perhaps even putting some in jail for non-payment, is just icing on the cake.
In our rush to save money we have ignored the systemic biases this action creates against the poor (if you doubt this statement reread the Justice Department’s report on Ferguson Missouri and how the town’s cost cutting measures created that very same bias). My dollar bill states that “THIS NOTE IS LEGAL TENDER FOR ALL DEBTS, PUBLIC AND PRIVATE” and yet nobody is considering how this is becoming less true every day and the impact that reality will have and it isn’t just the poor.
It is ludicrous to think that paper currency can survive even as everything around us shifts to electronic bits that are controlled by software. But we mustn’t ignore the ramifications of this shift. Consider what the future would be like if all payments are electronic utilizing our existing payments infrastructure. It is likely the cost burden would move from the Federal government (that prints money) to all the entities that need to send or accept money (because they pay the network and processing fees). In this scenario a) the government will see significant savings, b) the entities making a payment will see increased costs, and c) payment networks will receive increased revenue and profits.
If we would prefer to keep the status quo then the Federal government should support an electronic form of tender, establishing a cryptocurrency that replaces paper but is also recognized as “LEGAL TENDER FOR ALL DEBTS, PUBLIC AND PRIVATE”.
If not done relatively soon, say in the next 5-8 years, then every state and private payment network will be so entrenched that it would likely prove too difficult and costly to switch.
* The difference described above is for anyone driving 113 miles between Natick and West Stockbridge according to MassDOT’s toll calculator
As we continue to explore the case for Identification and Authentication I share the below article.
What is becoming clear is standards are being embraced.
Will it be W3C WebAuthN, 3DC and Webpayments or EMVCo SRC & Tokenization?
My guess depends on if standards bodies can play well together. EMV (contact or contactless) will remain the many stay for physical world commerce, until the App takes over the Omni Channel shopping experience. then the merchant will properly authenticate their loyal customer and use card on file scenarios for payments. The question of interchange rates for CNP will see a new rate for “Cardholder Present&Authenticated/ Card Not Present.”. In time when a reader is present I can see an out of band “tap to pay” scenario emerging using WebPayments and WebAuthN.
I contend the government and enterprise market will go for a pure identification solution with the biometric matched, in the cloud, in a large central database. In order to maintain a unique and secure cloud identity, they might probably make use of various opportunities that come their way (you can hover over at this website to learn more).
However, does that mean it includes what you know username, email address or phone number? Maybe! If it is simply the captured image or behavior, then it is a 1 to many match. If it is with an identifier, it is classic authentication with a one-to-one match.
In the pure authentication space where the relying party simply wants to know it is the person they registered. Then, the classic FIDO solutions work perfectly and will be embedded into most of our devices. Additionally, the use of a visitor sign in sheet synced with the security database could expedite the sign-ins of visitors. It could also see its applications with employee log authentication and verification. Or, as we’ve seen with some enterprises, the relying party will embrace U2F with be a FIDO Key, like what Yubico and Google recommend.
- Enrollment = I would like to become a client or member
- Proofing = Ok you are who and what you claim, we have checked with many to confirm your Identity – This is where federation comes in.
- Registration – Verification = Ok, now we confirm it is you registering your device(s)
- Authorization & Authentication = Transaction with multiple FIDO enabled relying parties using your duly registered authentication.
How Microsoft 365 Security integrates with the broader security ecosystem-part 1
by toddvanderark on July 17, 2018
Today’s post was coauthored by Debraj Ghosh, Senior Product Marketing Manager, and Diana Kelley, Cybersecurity Field CTO.
This week is the annual Microsoft Inspire conference, where Microsoft directly engages with industry partners. Last year at Inspire, we announced Microsoft 365, providing a solution that enables our partners to help customers drive digital transformation. One of the most important capabilities of Microsoft 365 is securing the modern workplace from the constantly evolving cyberthreat landscape. Microsoft 365 includes information protection, threat protection, identity and access management, and security managementproviding in-depth and holistic security.
Across our Azure, Office 365, and Windows platforms, Microsoft offers a rich set of security tools for the modern workplace. However, the growth and diversity of technological platforms means customers will leverage solutions extending beyond the Microsoft ecosystem of services. While Microsoft 365 Security offers complete coverage for all Microsoft solutions, our customers have asked:
In this series of blogs, well address these topics, beginning with Microsofts strategy for integrating into the broader security ecosystem. Our integration strategy begins with partnerships spanning globally with industry peers, industry alliances, law enforcement, and governments.
Cyberattacks on businesses and governments continue to escalate and our customers must respond more quickly and aggressively to help ensure safety of their data. For many organizations, this means deploying multiple security solutions, which are more effective through seamless information sharing and working jointly as a cohesive solution. To this end, we established the Microsoft Intelligent Security Association. Members of the association work with Microsoft to help ensure solutions have access to more security signals from more sourcesand enhanced from shared threat intelligencehelping customers detect and respond to threats faster.
Figure 1 shows current members of the Microsoft Intelligent Security Association whose solutions complement Microsoft 365 Securitystrengthening the services offered to customers:
Figure 1. Microsoft Intelligent Security Association member organizations.
Industry alliances are critical for developing guidelines, best practices, and creating a standardization of security requirements. For example, the Fast Identity Online (FIDO) Alliance, helps ensure organizations can provide protection on-premises and in web properties for secure authentication and mobile user credentials. Microsoft is a FIDO board member. Securing identities is a critical part of todays security. FIDO intends to help ensure all who use day-to-day web or on-premises services are provided a standard and exceptional experience for securing their identity.
Microsoft exemplifies a great sign-in experience with Windows Hello, leveraging facial recognition, PIN codes, and fingerprint technologies to power secure authentication for every service and application. FIDO believes the experience is more important than the technology, and Windows Hello is a great experience for everyone as it maintains a secure user sign-in. FIDO is just one example of how Microsoft is taking a leadership position in the security community.
Figure 2 shows FIDOs board member organizations:
Figure 2. FIDO Alliance Board member organizations.
To help support law enforcement and governments, Microsoft has developed the Digital Crimes Unit (DCU), focused on:
The DCU is an international team of attorneys, investigators, data scientists, engineers, analysts, and business professionals working together to transform the fight against cybercrime. Part of the DCU is the Cyber Defense Operations Center, where Microsoft monitors the global threat landscape, staying vigilant to the latest threats.
Figure 3 shows the DCU operations Center:
Figure 3. Microsoft Cyber Defense Operations Center.
In part 2 of our series, well showcase Microsoft services that enable customers to protect assets and workloads extending beyond the Microsoft ecosystem. Meanwhile, learn more about the depth and breadth of Microsoft 365 Security and start trials of our advanced solutions, which include:
A man is being tailgated by a stressed-out woman on a busy boulevard. Suddenly, the light turns yellow, just in front of him. He does the honest thing, and stops at the crosswalk, even though he could have beaten the red light by accelerating through the intersection. The tailgating woman hits the roof, and the horn, screaming in frustration as she misses her chance to get through the intersection with him. As she is still in mid-rant, she hears a tap on her window and looks up into the face of a very serious police officer. The officer orders her to exit her car with her hands up.
He takes her to the police station where she is searched, fingerprinted, photographed, and placed in a cell.
After a couple of hours, a policeman approaches the cell and opens the door. She is escorted back to the booking desk where the arresting officer is waiting with her personal effects.
He says, “I’m very sorry for this mistake. You see, I pulled up behind your car while you were blowing your horn, flipping the guy off in front of you, and cussing a blue streak at him. ”
“I noticed the “Choose Life” license plate holder,
the “What Would Jesus Do” bumper sticker,
the “Follow Me to Sunday School” bumper sticker,
the chrome plated Christian fish emblem on the trunk. “
“Naturally I assumed you had stolen the car”.
When we think of investing in various macro business needs e.g. revenue. We see that establishing relationships with customers to stimulate sales is why we create the goods and services, hopefully, others want.
If the buyer has something the seller wants, in exchange for the good or service they desire, then a transaction occurs. The challenge is simple, each party defines the value of what they are providing or exchanging and presto the trade occurs.
When society grows and the complexity of what each of us produces and when our needs are not aligned to this process called barter, a means of monetization is established. Society creates a trusted form of exchange – pebbles, coins, money, a promissory note or now even cyptocurrencies.
In other words, society creates an answer to enable the exchange of goods and services between parties who do not have goods and services the other party seeks in exchange.
With cash, coins or other trangible representations of value, commerce is easy. When we complicate things and worry about carrying cash and seek to buy things with debt. A need for a Network emerges.
These payment networks, by necessity, add complexity. They create the need to establish two sides to the market, one focused on the relationship with the buyer and the other with the seller.
Issuance and Acceptance. Two words to descibe the two sides of a network. It’s only when the two sides of the market have sufficient participants. Only at the tipping point, enough critical mass exists, to create a self sustaining network. This is the network. At this moment the network blossoms. If either side of the market does not achieve critical mass, the network collapses.
Any two entities familiar and trusting in the Brand, or each other, can easily establish a temporary relationship. Adding anonymity to the requirements, increases the leave of trust and recognition the Brand must establish.
In a digital environment we have to define mechanisms to share and establish trust across trillions of electrons. The two sides will not pursue understanding of nor focus on security. Until the risk exceeds a threshold unique to each party on either side of the market.
To often in the past, the idea of the individuality of the individual or the need to design security in from the beginning. Has left us with a legacy of system all needing design of custom approaches to how to integrate security with requisites necessary to capture, calculate and manage risk.
When a mutually trusted set of parties gives the citizen, consumer, employee or courtier a card, a device or an object and provides every acceptor with a reader capable of recognizing the trusted thing; then the two parties are in a position to establish “trust”. The consumer has a thing which is recognized and trusted by the acceptor. This is often referred to as “What You Have”.
Once the thing is recognized by the acceptor, then, the process of identification and authorizations (the transaction) can take place. The object – the artifact – carries an identifier. It possesses characteristics that establish its unique character. The object also posesses a means of assuring the acceptor the presentation of that identifier repreents a unique entity.
The simplest artifact of establishing “trust” is a hand held thing, be it a key, fob, card, watch, pendant, phone, ear piece. It does not matter what it is, all that counts is that the merchant recognizes it and that the consumer is willing to carry and present it.
Trust, for the merchant, means they can, according to the rules, recognize and authenticate the thing. They are then in a possition to pursue a temporary and trusted relationship. What can be achieved during the time the relationship of trusted is bounded, is the constrained by an additional layer. In this layer the consumer, the acceptor and any third parties address which the rights and privileges are to be granted or pursued. This is when the exchange, sale, conversation, tranaction, event or access is granted.
Two sides meet several common mediums of exchange are available.
[contact-form][contact-field label=”Name” type=”name” required=”true” /][contact-field label=”Email” type=”email” required=”true” /][contact-field label=”Website” type=”url” /][contact-field label=”Message” type=”textarea” /][/contact-form]
When we look at what this market have done my own journey parrallels.
The adoption of something new it is a human process influenced by culture.
1976 first programming job and exposure to OCR and timeshare
1978 cash management, electronic money transfer, ACH & Wire
1982 Digital, video and voice integration.
What happened to Marginal Satisfaction?
1986 fiber across the Atlantic
The wall
1994 Stir EMV, drive WWW payments, cryptography, MFA
1996 Convergence of leather and technology
2001
2003 EMV in Canada
2008 Lehman went bankrupt
2015 US EMV Liability Shift
2018 WebauthN Web payments Web of things
We all are aware and many of us dream of a time when all of our physical identity artifacts are digital. We dream of consolidating these credentials in our electronic wallet, otherwise known as our mobile phone.
Today while visiting an outpatient imaging center, I was asked for my driver’s license. She would only accept the physical document, I offered to send an image by email. Her goal to scan my identity document into the electronic patient file she was creating. The idea of an image of the driver’s license in an email, well.
Sure the system could easily be changed to record digital credentials delivered by NFC or BLE. The first question, given the expensive medical system we have here in America; at whose cost?
Time could not be argued as a saving, she would only have saved a second or three of time to pass the card back to me.
People discuss contactless cards and contrast them to the convenience of a Mobile Wallet. What we often forget is the reality. As long as we need to carry other physical identity artifacts, the convergence of our leather wallet into our electronic device is not happening.
In my humble opinion, it is an all or nothing situation. Yes, I will add digital credentials into the mobile wallet. But, unfortunately, the leather wallet is still part of my attire.
Better still, it does not need to be recharged. My leather wallet still works after the phone’s battery has died.
The life of a small town, 2000 plus the 1500 students attending the University 9 months of the year, sets a scene for a conversation.
A conversation about community and who we are.
Do those that knew us then, know us now?
The issue of going back is hard.
There is clearly a difference between those that have roots and those like me without.
Who, save family, do I still know from then?
Who knows me, where?
The story of Jesus Mark 6:1-6 as he emerges and his mission becomes clear this passage reminds us.
When he went home he was ridiculed by many,
People who had known him then did not appreciating who he had become.
The story teaches us that we simply need to stand up and go forth.
As he did we simply must continue forward.
The power of Jesus, therefore what each of us must do, is exemplified in the next section mark 6-7-12.
He simply instructs his disciples out to go out into the world and share in the glory of God.
Do we fit in a box because others think so?
Or, do we like Jesus simply continue in the direction?
We all belong, yet where is it we belong?
Who is God calling us to be?
Is it who we know we are?
No, it is who we are here to be.
Who is God calling each of us to be?
Who is God calling me to be?
It is the discernment I struggle with.
Who Am I
President Donald John Trump
White House
1600 Pennsylvania Avenue
Washington, DC 20500
United States of America
July 6, 2018 Ref. Mine thoughts and Those of My Canadian Friend
Dear Mr. President, Tuesday, June 19, 2018
Mr. President as an American who had the opportunity to work in five states (NYC, NJ, Georgia, MN, & NC), four countries (USA, UK, Belgium and Canada), two super cities & three major cities (Manhattan, London, Brussels, Toronto and Atlanta); I have had the chance to see and hear about our great country from multiple angles and perspectives.
August of 2008, after 23 years away, I returned home, after spending 7 years in Toronto; in a 35-foot motor home. Parked across the river from the town of my birth, near Liberty State Park and with the Statue of Liberty as my morning view. I learned about and had to accept the misfortunate of the recession. A recession resulting from the creation of those mortgage backed derivatives. Compounded by the devious behavior and the greed of the speculators, I brand “Wall Street”.
I will remember September 15th 2008, the day Dick Fuld, who I had worked with while with Shearson Lehman, made that fateful announcement. Newly returned to the United States, I had to learn about what 8 years of Republican control of the Executive branch of our country had achieved, what the heightened religious fault lines across this country were and the anxiety of the terror emanating from the middle east had done to this nation. Like 9/11, we were swept into another spiral of despair and anger.
We have been a great nation; for most of my life, we were seen as the great white hope. A country willing to stand up to tyrants, bullies, jihadists and anarchists. A great nation capable of reaching any part of the world. Strength built on the military and diplomatic respect we established with both our enemies and most importantly our allies and friends. I will admit I am an urban dweller. I have lived a good life. I found success in the world of Financial Services and the application of technology. I do not appreciate the struggle those in the manufacturing and agricultural economy feel.
Words like labor arbitrate, outshore resources and outsourcing are familiar. What stands behind these words has much to do with the state of our nation and the situation in most of the developed world. It is the result of these actions so many people in middle America feel left behind.
In 1982, when I first began to build a Wall Street trading room for Bankers Trust, I saw how Shareholder value not Stakeholder value, had become the most important factor within our capitalistic system.
People, be they customers or employees, no longer mattered. What I learned and frankly was disheartened by is that the only thing that matters anymore is the returns, as seen from the superrich executives, the shareholders’ and the financial analysts’ perspective. We had become a nation focused on the balance sheet and the quarterly report.
Yes, I have my views and recommendation as to the state of this nation and what we need to do to make sure we remain the great nation we live and believe in.
If I think about the economy. We do not need to bring the manufacturing or restart coal mining. We need to embrace the fact that our nations wealth is now in our service economy. A national of American healthcare works taking care of the sick and wounded, American call center operators serving Americans, American programmers developing systems for our digital world, American innovators creating for all and American business leaders is what we need. Yes, we need to rebuild our infrastructure and address public transportation. Yes, since 2010 our economy is growing, I hope we can sustain that growth and assure the people good wages, good jobs and a bright future.
If I think about healthcare. I felt the most exposed when I returned to the USA and discovered I did not have healthcare. I was unemployed and did not have the funds to simply go out and buy an individual healthcare plan. Healthcare was a big topic on the news as Washington worked through what ended up being a terrible mess of a healthcare plan. In my immediately family there are 5 Doctors. four practicing and one just finishing med school. As you can imagine it has been a topic of conversation since I was very young. Now the conversation is about how broken our system is. I take the view of someone who has lived within multiple national health programs. It bothers me that this great nation cannot figure out how to assure the health of every American, affordably.
If I think about education. We as a nation should make sure that every person living in this country is WELL EDUCATED. There should be no excuses. There should be no bias. Property taxes tend to pay for primary schools. It is primary education we must make the best in the world. Unfortunately, the way our system works the poor get poor schools – the rich have great schools. We need to figure out how to assure everyone an equal chance with a GREAT PRIMARY EDUCATION. Your idea of apprentice programs is exactly what our primary education system should assure exist. Everyone should be able to walk into the world with a set of skills at age 18. Graduating from primary school everyone should be able to go our and find a job, join an apprentice program, join the military or decide to invest in higher education. A college degree should not be required to succeed. A University education should be there to allow those who are gifted the ability to excel.
If we think about the environment. Please listen to the majority of scientist who know we are affecting the environment. It is the pollution we create and the materials we inject into our environment that is responsible for the state of our environment. We the people and our corporations are responsible for all the islands of floating plastic, all the Carbon, Sulphur or who knows what we inject into the atmosphere and all those chemicals we pour into our rivers and oceans. We must continue the good work, you and I saw, when we cleaned up the rivers around Manhattan. Environmental work making it possible to breath the air in central park, swim in the Hudson river or taking a cruise from the East 23rd street mooring, you used all those years ago.
If we think about our military and our role as the defender of peace. We need a strong and well-funded military. Not too much and not too little. We need to make sure we have strong alliances. Frankly, Mr. President, I would hope we would discourage other country form investing in military hardware. Our goal should be to have the best. Our goal should be to watch and gain as the cost of maintaining the peace and avoiding war and conflict falls to zero.
If we think of our role as a global leader. What more is there to say. We need to be diplomatic. We need to pursue the growth of democratic societies. We need to focus on quelling violence and protecting human rights. We need to be the partner everyone wants to have on their side and the enemy those who seek to do us harm; do not want to enter into a conflict with the United States of America, because they know they will lose, before they start.
If we think about the Statue of Liberty. She stands proud in the harbor of New York beaconing people to our shores. Yes, we need to manage the flow of immigrates into this great nation. We must remember those that come seek the opportunity this nation promotes. We need to accept all with kindness, grace and dignity. When necessary only then should we return those, who have not followed the published policy, back from where they came, gently.
We must also remember they come because they know they can find work. As long as employers can hire people who do not have the right to work in this nation they will come. Stop American companies from hiring illegal immigrants and they will stop coming. Simple economics – reduce the demand will eliminate the supply.
If we think of our nation and its people. You must lead by example. You are the President of all of us. Whatever our color, race, religious views, social position, economic situation or sexual preferences you are the President and you must be an example for our children and our nation.
We do not want our children to believe lying is OK. We do not want our children to believe bullying is ok. We do not want our children to shun someone because they are different. It is your role to bring the parties together, to lead the left and the right back to the middle ground and restore civil discourse.
On these next pages is the note my Canadian friend wrote.
Given you are into social media I will also post this via Twitter, Facebook and on my own website.
Yours sincerely,
Philip Andreae
Dear Mr. President:
I am writing you as an outsider, someone who has always loved your country for the values it represents and has fought for.
I was going to write you to express my appreciation for your efforts to dial down the risk of nuclear war by meeting with Kim Jong-Un and initiating a peace process which should make life less stressful for our Asian neighbours as well as for us here in North America.
But the euphoria didn’t last long, only because of the children. The ones separated from their parents at the US/Mexico border. You see them on either the front pages of the major newspapers or on the various media outlets and you know, this is not going away.
Children are ever the fly in the ointment which disturb our individual and collective conscience. Riding in the back seat of a car downtown on any New York or Toronto street and they are the ones asking, ‘Why is that man sleeping on the sidewalk?’ or ‘See that military vet begging in front of Dunkin Donuts? Is that the way we treat our soldiers?’
The children are invariably the ones who ask how did we let our world become so uncaring that we confine the elderly to institutions where nobody visits them, or send our street youths to jail when they had no opportunity to succeed?
And now they are congregating at the border asking ‘why are we being separated from our parents?’ ‘Is that how America treats its most vulnerable people?” ‘Isn’t this the land of the free, the land of opportunity, the land who has inscribed on its Statue of Liberty:
“Keep, ancient lands, your storied pomp!” cries she
With silent lips. “Give me your tired, your poor,
Your huddled masses yearning to breathe free,
The wretched refuse of your teeming shore.
Send these, the homeless, tempest-lost to me,
I lift my lamp beside the golden door!”
However, it has occurred that there are now over 2000 children separated from their parents along your southern border, you are the one person who can fix this. It doesn’t mean you have to allow them all in – which would be my preference – or decide to send them all back home.
That’s not the issue. The issue here is the trauma your administration and by extension, all freedom loving grown-ups, are foisting on innocent children for which there are lifelong implications.
That is the issue which you alone can change.
Unzero the Zero in Attorney General Session’s Tolerance Policy, so the one thing that isn’t being tolerated is the confinement of children in cages and gymnasiums separated from the people who love them and who have risked everything, in the hope of a better life here.
Again, whoever is to be blamed for things ending up the way they are now is not the issue. The issue is – what is happening now is wrong, and you are the one person who can make it right.
I know as someone who relies on Christians of sincere conviction to help shape the bigger decisions one has to make in life, the one thing devout Christians all agree on is that God so loved the world, not that we would put our children in cages, but love them in such a way that regardless of who they are or where they are from, our treatment and care for them would reflect God’s thinking about them, that ’theirs in the kingdom of God.’
I can assure you, that kingdom does not include a cage. Nor should ours.
Thanks for hearing me out on this.
Sincerely,
John Deacon
Reading what Wikipedia had to say about authentication leads to an interesting array of discussions across a wide set of sciences and other social segments. The exploration led to a search for a definition of Identification:
Next exploring what Wikipedia had to say about Authentication leads to a much richer discussion aligned around the idea of assuring the truth of a particular attribute, someone is claiming to be true. Seeking to assure a degree of parallelism to the discussion:
Authentication is
These two words: authentication and identification, some think represent the same act, yet when we bring into the conversation – privacy the two words have very different meanings.
We then have to think about the how and the what we are attempting to do.
In the physical world there are a set of situations and considerations. We will leave those for another article.
When we think about the digital world, this place were our physical presence is not present. We must find solutions that prove we are who we are without necessary needing another to vouch for our identity each time.
As a consumer we want the freedom to visit multiple sites and believe that where we visit and who we interact with is not open to all to know.
As I write, I can hear some say, all our stuff is known so why try to hide. They are correct and then they miss the concern – who knows. Not to get distracted.
Verification, a third word must enter into the discussion. In order for anything associated with only serving or sharing with a clear and identified party one needs to be able to provide Identity.
This Sunday our minister spoke of Mark 5:20-43 and how we must trust in Jesus.
Her evocative sermon provoked a wider or is it broader question,
“What is Trust”.
First we must ask the classic question what does the Dictionary and Wikipedia say. This then leads us to have to think of the use of the term. Are we using it to describe a legal structure, the nature of a business, a computational concept or the name of a film, song or other human creation?
Given this discussion started as a result of a sermon, the best approach is to consider the social and emotion context of trust. Understand the sociology, psychology, philosophy, economics and systems perspective, may offer clarity to the words “we trust … “. In the first paragraph the Wikipedia authors condensed a lot of thought into a short paragraph. {formatting of my doing}.
Definitions of trust typically refer to a situation characterized by the following aspects:
- One party is willing to rely on the actions of another party (trustee); the situation is directed to the future.
- In addition, the abandons control over the actions performed by the trustee.
- As a consequence, the is uncertain about the outcome of the other’s actions; they can only develop and evaluate expectations.
- The uncertainty involves the risk of failure or harm to the trustor if the trustee will not behave as desired.
In this flow of thought it is clear this word trust carries with it risk. It assumes we are thinking of tomorrow and there is an expectation the trustee will act in a manner that is consistent with our “the trustors” wishes, hopes and desires.
Vladimir Ilych Lenin expressed this idea with the sentence “Trust is good, control is better”.
In the field I have spent the better part of my life, computers have played a big part. Be it as a tool we programmed to perform a function or task. Or, the systems supporting the products and services we sought to promote. More recently, as we look to this global village we are a member of. We think about the need to establish mechanisms to assure trust between parties. Parties who probably will never meet, in person or even by chance speak to. We must therefore establish acceptable social and psychological mechanism with machines which we inherently are wary of.
Looking to the sociology of trust set of sentences stands out
“It does not exist outside of our vision of the other. This image can be real or imaginary, but it is this one which permits the creation of the Trust.” … “Because of it, trust acts as a reductor of social complexity, allowing for actions that are otherwise too complex to be considered (or even impossible to consider at all); specifically for cooperation.”
All of this leads one to wonder how in a anonymous world can trust be established.
Trust is specifically valuable if the trustee is much more powerful than the trustor, yet the trustor is under social obligation to support the trustee.
In a social context this thought offers a view as to the dominance a position the trustee must have in society. It also frames the responsibility and the obligation established by the trustor in the trustee.
This then leads one think about Multi-Factor Authentication. MFA is emerging as the standard method companies are used to assure one of degree of “trust”. Trust in a claim of the identity of another, be it a customer, employee, citizen or recognized guest.
Is this enough? How can a company be assured of the identity of an individual? How can we, a third party, accept the claims or attributes offers when they are presenting themselves to us. Especially when they present themselves across a global digital highway, prone to the nefarious acts of those who seek to take advantage and profit.
Proof of identity therefore becomes the primary means of establishing trust in an seemingly anonymous space – Cyber Space. This need for proof of identity is the role of the Trustee. These parties who we instinctively have faith in can give us the ability to trust in the claims of identity and the associated attributes representing the characteristics, assets and relationships a person has.
For now I will stop. The next step is to think of and look at words. enrollment, proof, identification,registration, identifier, authentication, rights, privileges, claims, certificates and authority.
In a NYTIMES article “What Explains U.S. Mass Shootings? International Comparisons Suggest an Answer” the following statistic jumped out
Americans make up about 4.4 percent of the global population but own 42 percent of the world’s guns. From 1966 to 2012, 31 percent of the gunmen in mass shootings worldwide were American, according to a 2015 study by Adam Lankford, a professor at the University of Alabama.
The article then goes on to show that most of the assumed contributor to why America has such a high rate of mass shooting. after demonstrating how none of these can be identifed as the contributor it makes th following statement
Rather, they found, in data that has since been repeatedly confirmed, that American crime is simply more lethal. A New Yorker is just as likely to be robbed as a Londoner, for instance, but the New Yorker is 54 times more likely to be killed in the process.
Our love of guns seems to be the major contributor.
More gun ownership corresponds with more gun murders across virtually every axis: among developed countries, among American states, among American towns and cities and when controlling for crime rates. And gun control legislation tends to reduce gun murders, according to a recent analysis of 130 studies from 10 countries.
The article relies on data to establish its argument. The net result, America is a culture unlike any other with a second amendment right, which one can argue, is the reason we are such a dangerous country to live in.
After Britain had a mass shooting in 1987, the country instituted strict gun control laws. So did Australia after a 1996 shooting. But the United States has repeatedly faced the same calculus and determined that relatively unregulated gun ownership is worth the cost to society.
The article concludes with the following statement that cause one to wonder who are we this country called the United States of America
“In retrospect Sandy Hook marked the end of the US gun control debate,” Dan Hodges, a British journalist, wrote in a post on Twitter two years ago, referring to the 2012 attack that killed 20 young students at an elementary school in Connecticut. “Once America decided killing children was bearable, it was over.”
The long standing question of the future of Mobile Payments, again discussed and again similar conclusions.
Doug touched on all of these questions. He shared relevant statistics demonstrating the slow and possibly indistinguishable grow in usage of mobile wallets. He shared the success of several of the merchant proprietary mobile payment approaches.
Which leads me down the path of another question. What is the value proposition that will ignite the use of our phone and devices as carriers of our means of payment? The possibility to create value simply with a electronic wallet carrying only means of payment, does not create an exciting proposition.
We have embraced dozens of apps. They help us to navigate, shop, explore, play and learn. Our phones are beginning to become security devices, taking advantage of sensors to integrate biometrics into how we access and authenticate ourselves as we browse and explore the ever increasing digital place we now call cyber space.
There is another phenomena emerging as a result of how we are transforming how we engage. Some called it the “Uberization” of payments, the ability to make payments frictionless. A change so profound we must stop and reflect and ponder what next.
I recognize there is a repetitive theme to my musing.
When physical world merchants fully embrace the concept of omni channel and build their virtual and physical experiences to complement and augment one another, then, with the ability to integrate payment seamlessly into the shopping experience a value proposition emerges.
October 2017 EMVCo published version 1.o of their Secure Remote Commerce Technical Framework. Today I decided to read and appreciate what they are trying to accomplish and then consider how it ties into what I remember and think we need to do moving forward.
Clearly the challenge links back to the now infamous New Yorker Cartoon. 
We have not successfully established a means of assuring the identity of an individual when presenting payment credentials (the PAN, Expiry date, name, billing address and CVV. The first attempt, still not 100% implemented, was the introduction of CVV2, CVC2 or CID a 3 or 4 digit number printed on the back or the front of the payment card.
We then developed something called SET or Secure Electronic Transactions and unfortunately the payment networks were not willing to allow Bill Gates and Microsoft to earn 0.25% of every sale for every transaction secured by SET he proposed to build into Microsoft’s browser. Without easy integration into the consumer browser, the challenges of integrating SET into the merchant web pages and the Issuer authorization systems caused this effort to fail the death of some many other noble but complicated attempts to create a means of digital authentication.
Next came 3D-Secure, a patented solution Visa developed. It offered what was considered a reasonable solution to Cardholder authentication. Unfortunately, given the state of HTML and the voracious use of pop-ups, the incremental friction, led to abandon shopping carts and consumer confusion. Another aborted attempt at Internet fraud mitigation.
Yet 3D-Secure was not a total failure. Many tried to enhance it, exploit it and avail themselves of the shift of liability back to the Issuer. Encouraging consumer engagement and adoption was futile in some markets mandated and cumbersome in others.
Now let’s consider what EMVCo is attempting to do with their Secure Remote Commerce Technical Framework. As I started to read, I ran into this:
“As remote commerce becomes increasingly targeted and susceptible to compromise, it is important to establish common specifications that protect and serve Consumers and merchants.”
Clearly the authors do not have institutional memory and cannot remember the various attempts alumni of these same organizations spent time on and encouraged many to invest in their implementing. Clearly this lack of historic context will leave some pondering the purpose of this paper.
I then read this sentence and reflect back on a recent hearing on “Social Security Numbers Loss and Theft Prevention” in front of The House Ways and Means Subcommittee on Social Security
“Over time the Consumer has been trained to enter Payment Data and related checkout data anywhere, making it easy for bad actors to compromise data and then attempt fraud.”
Once again, I stand troubled by how the Payment Data clearly printed on the face of the card and especially the PAN, 11-19 digits, designed to simply be an identifier, was converted into an authenticator. Like the social security number, the drivers license number, the passport number and your library card number, the PAN and other “Payment Data” was never designed to be an authenticator. It was meant to be data a merchant could freely record.
The secure features of the card
now the EMV cryptographic techniques otherwise referred to as the Application Request Cryptogram “ARQC” 
were meant to offer the “What You Have” factor in a multi-factor authentication scheme.
As I began to appreciate the scope of this document, the term “Consumer Device” becomes critical. I began to wonder if a PC is a consumer device or if a consumer device is only something like a mobile phone, watch or other like appliance. Fortunately, later in the document, the definition clears up any confusion created by the earlier use of this term.. This said, I then wonder about the difference between what they define as Cardholder Authentication and Consumer Verification?
After reading through all the definitions, I ponder why the authors had to change terminology? Why could they not embrace known and recognized nomenclature. Do we need a new vocabulary?
I wondered:
If this is another attempt to create a revenue stream for the payment networks?
Or, is this the effort of a “closed standards” body to reduce the potential value of the W3C WebPayments activity?
In search of an answer to this last question, I found this discrete comment inside the SRC FAQ.
9. Are any other industry bodies working in this area?
EMV SRC is focused on providing consistency and security for card-based payments within remote payment environments.
EMVCo aims to work closely with industry participants such as W3C to capitalise on opportunities for alignment where appropriate.
Having read bits and pieces of this and the WebPayments efforts one does wonder what is EMVCo trying to do. We shall see?
Recently I was directed to a link http://paymentsjournal.com/tokens-work-because/ and wanted to write the author Sarah Grotta. As I wrote the message crystallized in my head and maybe as this prior post already discussed, this idea of tokenization made me cringe.
I contend that Tokens exist because we turned the PAN Personal / Primary Account Number, like we turned the SSN Social Security Number, into an authenticator. One can must ask the question. How can a random value (an identifier) become an authenticator and remain secure?
EMV works because it renders the Card unique, hence addressing the question of counterfeit, by employing the first factor of the classic MFA Multi-Factor Authentication concept “What You Have”. EMV defined a common set of secrets and digital credentials; securely stored in a Secure Element or Chip Card.
We here in the United States decided not to implement the second factor, the Personal Identification Number or PIN, for a variety of reasons. Hence, why Lost and Stolen remains an issue or weakness in the American Card Payment environment.
Biometrics are emerging and could solve for the assurance of cardholder presence. The challenge is how to effectively (cost and convenience) locate the biometric sensor and facilitate the matching of the sensors output to the persons registered biometric. Let alone, how does one make sure the right persons biometric was registered and associated with the device.
In the mail order / telephone order, now cyberspace, we did not replicate merchant authentication, the first factor – “What You Have. The card, once was secured with things like the magnetic stripe, using CVV1, the Hologram and the other physical features. We simply shifted the liability to the merchant and called it a “card not present” transaction.
People can claim all sorts of goodness because of tokenization. They can talk about how the EMVCo’s tokenization framework describes the use of tokens in device and domain specific scenarios. All of this, an issuer, could have done; if they, like some did, simply issued another number, a PAN, to the wife, bracelet, watch, ring or whatever other permutation they deemed appropriate. They can talk about dynamic data. yet what they often forget to include when they use the words “Dynamic Data” they are really talking about a cryptographic value as described in EMVCo Book 2.
Yes, this does mean the question of how the PAN and its digital credentials get deployed; has to be addressed. This said, GSMA with EPC did offer some thoughts, last decade, when they described the Trusted Service Manager
Instead handset oligopolies replaced the MNO with the their Mobile Pay wallets. They working with the 
Payment Networks and focused on control and the creation of income. They, as monopolist will, have created barriers, restricting others from offering comparable services. The TSP now becomes this restrictive service that guarantees the power of companies like 
Apple and Google, supported by their friends, the payment network operators.
The original article also spoke of the PAR; another data element merchants, processors and the industry, will have to invest in supporting.
I ask the question.
If we had assured the authentication and verification of every payment transaction
Using Multi-Factor Authentication
Why did we need to turn the PAN into a dynamic value?
My contention, simply use the appropriate level of cryptography.
If the Issuer or their processor is in control and understands basic EMV and Cryptography, then securing the PAN is not an issue.
Consider household financial management. If each member of a household has a unique PAN; budget, tax preparation and understanding who spent what where is a lot easier. The husband,wife and children should have their own unique PAN, stored in the clear in their devices and on their card.
The real requirement, my personal devices, including my payment card, simply need to be linked to one PAN their Personal Account Number, associated with the individual. The PAN Sequence number could easily allows each device to be uniquely identified, if necessary. The card and devices becomes the carrier of your identifier. A thing that can be authentication as something you have.
Here is where the second factor comes in. Is the person presenting the PAN the rightful and authorized individual? All this required, is assurance to the shareholders that the presentment of the PAN is a unique and authorized event. This is best achieve by using either something you know or something you are to bind the individual to the instrument carrying the Identifier.
Yes, a bit of friction to assure the consumer they are securely paying for what they want to buy
Since the World Wide Web came of age and merchants saw its potential. The question of how to secure the 
Card Not Present space, this question of cardholder presence, has not been properly addressed. Visa and MasterCard (when they were not for profit associations) created the utility of the Card Verification Result CVV2, CID or CVC2 which would be printed on on the card and not part of the magnetic stripe, the problem the bad guys could still steal the card or get hte card number and capture CVV2.. MasterCard and Visa then created SET, 3D-Secure and now, as for profit owners of EMVCo, are proposing, maybe even will mandate, the industry implement EMV 3D-Secure.
Each, an attempt to provide some means of Authentication and Verification.
Each introducing a level of friction as a means of security.
This is the problem. The market did not start by emphasizing the need for security by educating the consumer. The industry needed to help the consumer understand they should care and want to securely pay for what they intend to buy.
Instead:
The result, as all anticipated would happen, was blissfully ignored and eventually they cried out about.
Fraud migrated to the weakest point
Just like water finds its way to the lowest point.
EMV, introduced in the Face to Face card present environment, pushing the bad guys:
be they criminals, state actors and terrorists to find alternate another channels for their financial gain.
EMV and now the recently published WebAuthN and FIDO specifications create effective mechanisms for Consumer Authentication.
Let us please remember – the PAN, a user name, your social security number or your email address are excellent Identifiers. They should not be authenticators and they are not a means of “Identification”.
Let us also remember, the term Identification means that one is assured of the irrefutability of identity.
The big question:
Some will argue the challenge of using the PIN or a Password, as a means of Verification, is because it is to hard to remember. Especially, if each password people use to access website, services, building, has to be unique. Some will argue imposing friction to add security is not convenient. Others will remind us that security is and has been a necessity since the beginning of time.
Why didn’t we when we created this great new digital shopping mall?
Bottom line each of the devices used to present or acquire the PAN, must be capable of authenticating the identity of the authorized presenter, in both the physical and virtual world.
At least these are the views of someone who believe history provides a baseline for tomorrow and tomorrow must be designed as a function of where you want to be, knowing where things came from.
I agree with the actions you are all taking, yet. I am not a democrat nor a republican. Constantly begging me for a donation creates friction.
When a party emerges that is in the middle and represents
When these values which I hold dear become the focus on a party, then maybe.
All I see today is Greed, Pride getting in the way of common sense and mutual respect. All I hear is ugly noise from both parties. I see a city frozen. The election of President Obama created a racial divide. Washington now smelling like a cesspit, not just the swamp Trump spoke of.
We, through our electoral system, elected Donald Trump.
Am I happy
Does it bother me that:
Let him get on with doing his job. Yes the legislator must do its job and make sure we have a check and a balance. We must restore order and civil discourse.
That said, the press needs to spend less time talking about him. Yes, the press must do its job and be allowed and pushed to continue to do its job. They should highlight what is being done and what some think. But hours of talk only makes the divide wider. Today for any sensible individual to understand the reality one must watch BBC, CNN, FOX, CBS, PBS, NBC, and how many others to filter truth from spin.
We must restore respectful dialogue.
“Do not conform any longer to the pattern of this world, but be transformed by the renewing of your mind.”
Romans 12:2
