Fazal Majid's low-intensity blog

Economists use the term “ externality” to describe a situation where economic agents’ decisions are distorted by the fact they do not have to pay for some of the costs of their actions. This is usually addressed by regulation. The textbook example is pollution, but I find security to be at least as interesting.

In the US, the level of security associated with credit cards and credit reporting is abysmal. Most of Europe has switched to smart cards for their credit cards over a decade ago, leading to a much more secure system for offline purchases (which must be authenticated by the smart card and a PIN), rather than easy to tamper magnetic strips (which are kept, to allow visiting US tourists to make purchases). As the PIN code must be entered by the cardholder, a waiter in a restaurant verifies the card at the dining table and does not have the opportunity to engage in skimming.

There is usually no national credit bureau equivalent to Experian, Equifax or Trans Union in most European countries, because these would fall afoul of privacy laws. For this reason, credit card fraud is much rarer in Europe than in the US, and identity theft is almost unheard of.

In both cases, the externality is lax security, leading to lost time for consumers, whether simply an annoyance (credit card fraud) or a serious nightmare (identity theft). Credit reporting services do not bear most of the cost of identity theft, the hapless victims do. For online purchases, merchants are liable for fraud they have limited means to detect, and to add injury to insult, they also have to pay fees for the chargeback. Credit card companies figure the cost of processing claims and absorbing what little fraud they are liable for is less than the cost of upgrading the whole card reader infrastructure to use smart cards. They also think keeping perfunctory verification procedures will reduce barriers to impulse spending and thus increase profits.

They can do this, of course, because industry lobbying groups have been very effective at defeating consumer-friendly legislation in Congress or state legislatures. The time for action has come, however, because credit card fraud is now a primary source of funds for terrorists, whether abroad or in the US. To quote an interesting article in The Economist, it seems Al-Qaeda sometimes acts as a kind of venture capitalist for terror:

Units of his organisation are believed to raise money through financial and other sorts of crime. For example, Ahmed Ressam, an Algerian who plotted to bomb Los Angeles airport but later co-operated with American authorities, says he was given $12,000 of seed-money to set up his operation. When he asked for more cash, he was advised to finance himself by credit-card fraud.

For the sake of all, the credit industry cannot be allowed to continue in its complacent ways any more.

Updated 2003-06-02 following comments from “Saffiyya” regarding merchant liability

A friend is moving from San Francisco to Paris, and I told him about a very low-cost option to ship books in bulk, the US Postal Service Airmail M-Bag. I used this service ten years ago when shipping books back from Yale to Paris, some of them were slightly battered in transit but all in all a remarkable service. It is also available for domestic use.

You basically buy the right to send a whole postal mail bag at a wholesale price, which comes to slightly under a dollar per pound for France. Interestingly, the French post office does not offer M-Bags to French customers but will accept those sent by the USPS.

Eric S. Raymond is a celebrity of sorts in the open source world. He is mostly self-aggrandizing, having to his credit a couple of books and two minor email utilities.

A side of him not many geeks are aware of is his frothing-at-the mouth diatribes such as this one. As a person of Indian ancestry, I was tickled by one of the more laughable assertions in this collection of racist and bigoted remarks, that the British somehow “civilized” India, which had highly evolved cities with refinements like sewers in a civilization that dwarfed Egypt 5000 years ago.

British colonialism had everything to do with the extraction of resources through the sheer application of violence (as in their invention of concentration/extermination camps during the Boer war, their ruthlessly efficient genocide in Tasmania, the Opium wars or the Amritsar massacre), not any Kiplingian post-facto rationalizations of a supposed civilizing mission.

I won’t dignify the rest of his viscerally anti-muslim prejudice with comment, but this raises an interesting point. Raymond is a techno-anarchist libertarian, and a neo-paganist. As such, his profile looks very similar to that of the Dutch fascist Pim Fortuyn. There was certainly too much indulgence for Fortuyn’s racist rhetoric and proposed policies simply because he was homosexual, a perfect illustration of what Bertrand Russell called the “fallacy of the moral superiority of the oppressed”.

I just had the unfortunate experience of receiving my first SMS (GSM mobile phone text message) spam. If this happens again, I will have to ask for a phone number change.

Last Tuesday, Microsoft Outlook started behaving strangely, exiting silently a few minutes after starting. after a number of fruitless attempts to revive it, I finally realized my Cloudmark SpamNet beta was causing Outlook to exit, probably when checking for updates. I went to their website and discovered the program was out of beta, with a version 1.0.1 out. A less pleasant surprise was that using it now requires a $5/month subscription. This change has already raised quite a ruckus among beta-testers.

Cloudmark’s original material did imply the basic SpamNet product would remain free, but I don’t mind a subscription plan so much (although I would have preferred a yearly plan to the monthly one they are proposing). The program is extremely effective – when coming back to work on a Monday, I often have over a hundred spam emails waiting for me, and SpamNet will more often than not catch all but a couple or so. This 99% effectiveness is well worth $60 per year in my book.

I will probably not subscribe to their plan, however. What Cloudmark failed to realize is the effectiveness of the program is directly related to the number of users who participate in its distributed peer-to-peer data collection. If most of the beta testers decide to leave SpamNet, its effectiveness will be compromised and thus the value of the program dwindle.

I am experimenting right now with SpamAssassin and the bayesian filtering programs bogofilter (in spite of lead author Eric S. Raymond’s racist and bigoted remarks), Annoyance-filter by John Walker (a co-founder of AutoDesk and author of the excellent Hacker’s Diet, a.k.a. “How to lose weight and hair through stress and poor nutrition”) and the Python-based SpamBayes which is available as an Outlook plug-in.