Tuesday, August 23, 2016

social security admits error

Well, the American government once again is doing its best to prove that incompetence is not a monopoly of the Clinton and Trump campaigns.

Earlier this month (breach in the chinese wall), I brought you a bit of bizarre news from the Social Security Administration. The federal government has spent years in trying to wean Americans from using paper. Instead, we are to trust the government and banks with direct deposit checks (a process I have used since the 1970s) and we are to transact our business with the feds over the computer.

That system appeared to be working well. Citizens had easy access to their accounts and information. Unfortunately, Chinese and Russian hackers found the access even easier.

In a ham-fisted attempt to fix the weaknesses in its computer systems (defects the federal government has known since the Clinton administration), Social Security announced at the end of July that access to personal accounts will now require obtaining a code by text-enabled cell phones for each time a person wants to see his own information.

You all saw the weaknesses in that system when I wrote about it. The primary one is that a large portion of people on Social Security do not have text-enabled telephones. And, for many who do, the process of requesting a code and then using it, has baffled many American seniors.

To Social Security's credit, it has now called king's X. Hey, folks, we really did not mean it.

Well, that's my paraphrase. The official announcement is a bit less personal in its tone.

On July 30, 2016, we began requiring you to sign into your my Social Security account using a one-time code sent via text message. We implemented this new layer of security, known as “multifactor authentication,” in compliance with a Presidential executive order to improve the security of consumer financial transactions. SSA implemented the improvements aggressively because we have a fundamental responsibility to protect the public’s personal information. However, multifactor authentication inconvenienced or restricted access to some of our account holders. We’re listening to your concerns and are responding by temporarily rolling back this mandate. As before July 30, you can now access your secure account using only your username and password. We highly recommend the extra security text message option, but it is not required. We’re developing an alternative authentication option, besides text messaging, that we’ll begin implementing within the next six months. We strive to balance security and customer service options, and we want to ensure that our online services are both easy to use and secure. The my Social Security service has always featured a robust verification and authentication process, and it remains safe and secure. We regret any inconvenience you may have experienced.
Who writes like that? If I understand its thrust, the message goes like this.

"The president ordered us to improve our computer security. We were doing only what he told us to do, and we did it very well.

"Unfortunately, you, the people who we were attempting to help, are a bunch of whiny babies who still live in the 19th century. This is the age of Twitter, not of liveried footmen running around delivered perfumed notes. The fact that your eyes roll back in your head reacting to such terms as 'multifactor authentication' and 'consumer financial transactions' proves our point.

"Well, you have complained enough that we are now going to take our jolly good time in protecting your account information. For those few of you who understand how to use a cell phone, you can request a code. And you should.

"Of course, it will not matter because all of your non-connected fellow citizens will be sharing their information directly with Xi and Putin. Yours, too.

"Have a nice day."

But, it gets even better. When I tried to read the announcement on the Social Security web site, I was blocked with this message: "The owner of blog.ssa.gov [Social Security] has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."

Now, that hardly instills in me the type of confidence that the bureaublather announcement was targeting. And it puts paid to that reassuring tag line: "
The my Social Security service has always featured a robust verification and authentication process, and it remains safe and secure."

I am not surprised at the rollback. This is almost exactly what happened with the initial electronic registration for Obamacare. The program was put together to amaze computer programmers, and forgot that citizens would be using it.

The good news is that those of us who live in Mexico will now be able to deal with Social Security electronically as if the text-message requirement had never reared its head.

That is, until another new requirement rolls out. And it will.

No comments: