Your social security number is a very poor password

I've written before about why using social security numbers as an identifier is a bad idea. But why learn from other's mistakes, when you can learn from your own?

First Tech Federal Credit Union is the product of the merger of First Technology Credit Union and Addison Avenue Credit Union and they're finally integrating their banking systems. As always, there are a few hiccups in the process. For example, some members are getting new account numbers since there are conflicting account numbers between the two.

There's a bigger problem with the phone banking system. As part of the transition, they need to reset the PINs of all members of the old First Tech (Addison Avenue members are not affected). I'm guessing this is because they're moving the First Tech members over to the old Addison Avenue system. According to the First Tech integration guide (page 11), they're making two changes during the transition at the end of May:

• you will be able to "use any of  your account numbers to login"
• "we'll reset your Phone Banking PIN to the last four digits of your social security number"

When you write a check, many businesses ask for the last four digits of your SSN for identification or verification purposes. So anyone with a copy of that check now has access to exactly what they need to access your account by phone.

How sure are you that your account is safe? I'm not – which is why I asked First Tech to disable phone banking on my account.

I love First Tech and have been a member for a long time. Before posting this, I contacted First Tech to notify them of the problem. Their response:

We could not issue new PINs to members because they would have to be issued after our system conversion, which would leave members without access to Phone Banking for at least several days. Setting the PINs to the last 4 digits of the Social Security Number allows members to continue to access Phone Banking during this system conversion. At this point we are moving forward with the plan as stated in the integration guide.

I hope that First Tech will change this decision, but in the meantime, I know that many members will not be aware that their accounts are at risk. Unfortunately, I can't be as sure that hackers aren't targeting First Tech customers. In fact, First Tech is aware of this possibility and specifically advises people to watch out for "phishing" attacks during the transition.

Therefore, I've decided to write this blog post to publicize the problem. I recommend that you disable phone banking for your account before May 26th. To do this, call 1-800-637-0852 option 2 or sign into online banking and send First Tech a message asking them to disable phone banking.

Ironically, a glaring Google grammatical error

Google unveiled a new trivia question a day site to encourage people to learn better searching techniques.

Note this part:

"... signed me ... my importance ... I have ... What is it?"

Why doesn't it end with "What am I?" Apparently, whoever wrote this isn't aware of how to properly use the first person convention in riddles. It just sounds awkward and ungrammatical.

Personally, I would have used the word "readers" instead of "viewers" but that's a more minor quibble.

March gets more madness next year

There's no doubt that the selection of teams for this year's NCAA Men's D1 basketball tournament was a complete debacle, with both the tournament selection committee and ESPN commentators proving that they have no special (or normal) ability to decide which teams belong in the tournament.

Today, the NCAA announced a series of changes designed to improve the tournament. First, the tournament will roll back to 64 teams next year. This will avoid the possibility of a team like VCU, which really doesn't belong in the tournament, embarrassing the committee so spectacularly.

Second, the NCAA will no longer use a committee to select the teams or seeding to match up teams. Instead, teams will be selected by the well-respected BCS selection algorithm and randomly dropped into the bracket. This should result in more interesting and competitive games as well as increased revenue for Las Vegas sports books.

Third, the tournament will have eight regionals instead of four with each regional having eight teams. The geographic region names have been a challenge, with the majority of teams seeded outside their region. To avoid that problem, the NCAA announced that the new regions will not be geographically based and instead we will have:

• Dogs – canines such as Huskies, Huskies, Bulldogs, and Bulldogs 
• Cats – felines such as Wildcats and Bobcats, as well as Lions and Tigers
• Bugs – insects and orther arthropods, such as Spiders and Hornets
• Reptiles – including both Alligators and Crocodiles
• Birds – both fictional, like Jayhawks, and real, like Cardinals and Geoducks
• Primates – including Gorillas and Pirates and everything in between
• Fish – including Dolphins, Penguins and Banana Slugs
• Legends – recognizes the conferences that can't think of good names and includes all the inanimate or otherwise perplexing mascots, including Zips?, Heat!? and Orange!?? 

The regions will be matched up differently each year on a rotating basis. So one year, the Dogs will fight the Cats for a Final Four berth while the next year, the Dogs might face the Birds. Teams that don't fit into any of the above categories will be arbitrarily and capriciously assigned to one using the same process that the selection committee has been using for seeding up until now.

UPDATE: After posting this I learned that the Miami Heat is, in fact, an NBA not an NCAA team. My bad.

UPDATE 2: Sorry, this is all made up. Except the part about the Big Ten (sic) having a Legends division.

Fix the filibuster

If there's a debate in the Senate and there's nobody talking, is there any noise? The US Senate has a long tradition of allowing unlimited debate but over time this tradition has been perverted: in today's Senate, Senators can filibuster without ever debating. And it's being increasingly abused: there have been more filibusters in the last 4 years than between 1920 and 1980.

The worst abuse of the filibuster is the "secret hold" where one Senator can secretly block the Senate from doing its business. This has been used to block legislation as well as presidential nominations from being considered. It has no place in a democratic society: if a Senator objects to a bill or a nomination but wants to remain anonymous, tough. They were elected to represent the people of their state and the people have a right to know what they're doing.

Sen. Tom Udall (D-NM) is on the right track. The Senate should adopt rules that preserve the right of Senators to debate legislation and curb the abuse with two simple steps:

• Ban secret holds.
• Require actual debate.

Of course the details here matter, because if anyone is good at finding and exploiting loopholes, it's politicians. So I hope the Senate keeps it simple. Honest, constructive debate — yes; obstructionism — no.

Enduring Joe Barton

Texas Rep. Joe Barton (@RepJoeBarton) would like to be chairman of the House Energy and Commerce committee. To promote himself, he prepared a presentation to the Republican leadership highlighting his credentials, including:

• "Led Republican resistance to ObamaCare in Committee."
• "Forced markup in Committee to take more than 17 days to complete."
• "Forced the Democrats to endure a 4-day markup, with 300 prepared amendments and 47 offered amendments."

In other words, he stood in the way of healthcare reform, period. He didn't work to make it better. He didn't work to find middle ground. He didn't work to help Americans. And he's proud of it.

Rachel Maddow (@Maddow) and the Huffington Post (@HuffingtonPost) have more to say on Joe Barton and George Patton.

Don't ask, don't kill

The United Nations currently specifically condemns "extrajudicial" executions due to sexual orientation. Now, a UN committee has replaced the words “any discriminatory reason, including sexual orientation” with the words “discriminatory reasons on any basis” and it looks likely that this will be approved by the UN General Assembly.

The pretext for this change is that "there was no justification to highlight" sexual orientation (Benin) and selectivity accommodating "certain interests over others had to be avoided by the international community" (Morocco).

Perhaps there are sincere beliefs that there's no need to specifically highlight sexual orientation. For example, it is a reasonable argument that having a list of specific discrimination has "the danger of leaving some groups out" (St. Lucia). But the fact is that homosexuality is illegal in more than 70 countries including St. Lucia and Morocco, which is more than the 68 countries that have signed the UN declaration on sexual orientation and gender identity. So the sincerity of those arguments is dubious. And gays will remain the targets of violence around the world.

Which brings us to the the US "don't ask, don't tell" policy. Last June, President Obama extended federal benefits to same-sex partners, which he was able to do because he didn't need Congress to go along. And Congress has balked and stalled at taking action on don't ask, don't tell, despite many of our representatives having promised to do so.

But ... if you read the actual law, you'll see that we don't need Congress to go along to end don't ask, don't tell. They've already given the administration that authority:

"Nothing ... shall be construed to require that a member of the armed forces be processed for separation from the armed forces when a determination is made in accordance with regulations prescribed by the Secretary of Defense that ... separation of the member would not be in the best interest of the armed forces." 10 USC 654(e) 

Given the ongoing combat operations that the US armed forces are involved in, all we need is a simple declaration by the Secretary of Defense that in times of war it is not in the best interest of the armed forces to discharge service members that want to serve, regardless of their sexual orientation.

And given the direction the United Nations is heading, a strong statement from this administration supporting gay rights would be welcome.

Just Vote No

(Updated with election results.)

I'm voting no on most initiatives this year. I've decided that the burden of proof is on the side of the initiative proponents and if they don't convince me, I'm voting no. The really sad thing about many of these initiatives is the large amount of money being spent on both sides misleading voters.

Here's the lineup in Washington:

NO on I-1098. I think income taxes are more progressive than sales taxes. I'd enthusastically vote for an initiative that abolished the sales tax and business and occupancy tax and replaced both with personal and corporate income taxes based on the federal income tax with very limited differences. But I-1098 makes our tax system more complicated not better. (Result: Failed)

NO on I-1100 and I-1105. Both of these initiatives privatize liquor sales in Washington. But they do this at an annual cost of $100 million. I'd support a revenue-neutral conversion to private liquor sales, not a giveaway to business. When a government uses eminent domain to take private property, it has to pay fair market value. Conversely, when government transfers property to private use, it should receive fair market value. You only need to look at the amount of money contributed by the proponents of these two initiatives to realize that they expect to make a lot of money from the private liquor business. (Result: Both failed)

NO on I-1082. The current workers compensation insurance system isn't broken and this initiative would transfer it to private business at a cost of $50 million per year. As with the privatizing the liquor business, we shouldn't be spending taxpayer money to enrich private insurance companies. And privatization needs guarantees that ensure that every worker and every business will be insured. (Result: Failed)

NO on I-1053. This requires that "legislative actions raising taxes must be approved by two-thirds legislative majorities or receive voter approval." We've seen the gridlock in the other Washington caused by a 60% supermajority on everything in the Senate. We don't need that here. (Result: Passed)

NO on I-1107. I support the sales tax exemption on food because it reduces the regressive nature of the tax as everyone needs to buy food. But restaurant food is not exempt and eliminating the exemption for candy and bottled water is reasonably along the same lines. Of course, if we replaced the sales tax with an income tax, this would be moot. The proponents of this have spent a lot of money misleading people about the law. They imply that the sales tax on candy also applies to granola and chili which is just not true. The truth is that this law closes a loophole that allows granola and chili manufacturers to claim the tax exemption that were intended for fruit and vegetable processors and meat packers. They also say the legislature picked a crazy definition of what's a candy bar, although that definition is from the Multistate Tax Compact. (Result: Passed)

I am voting yes on one:

YES on Resolution 4220. I realize this is a knee-jerk reaction to a particular tragic case, but this is a rare case of getting the referendum right. This allows the courts to deny bail to dangerous individuals, subject to limits determined by the legislature. Hard to believe a referendum/initiative that gives power to the courts and the legislature rather than taking them away. (Result: Not surprisingly, passed overwhelmingly)

The results match my position with the exception of the anti-tax initiatives.