If it's a story about me, then I'll say so up front.

This is a blog about Truth, Justice and the American Way. The stories are true. No names have been changed to protect anyone's identity, including my own. If the story is about me, then I'll say so right up front. If I don't use a name to identify whom the story is about, then it's because it's not relevant. So please do not call me or e-mail me with your kind condolences or unwarranted congratulations about something that you believe is a cleverly disguised bio from my alter ego. These stories, like my photo, are unretouched.

Monday, November 30, 2009

Twitter “Croaks.” Gone Phishing!

Last week, I had to apologize to Miss Universe. Twice. I hate it when that happens.

You see, she had taken exception to a couple of DM tweets that I had sent her, inviting her to check out an LOL video that “made my day,” and daring her to beat my IQ score. Frankly, I feel pretty confident that I could have held my own on the IQ score. The trouble was, I didn’t send either tweet. Nor did I taunt her with, “Did you know you were in this video?” Or offer to hook her up with Viagra at dirt cheap prices. At least, not on purpose.

Somebody hacked my Twitter account. What a mess! Multiple DMs (Direct Messages) had been sent to virtually every one of the hundreds of people who are “following” me. Bummer. Actually, Miss Universe was pretty nice about it. Others, not so much. I got some fairly nasty “croaks” from people I’d never even heard of. I just this minute invented the term “croak” because the whole word “tweet” has a kind of a nice, fun, upbeat sound to it. And there was nothing nice about some people’s reactions.

I felt real bad about it. At first I was just plain confused; then it became clear what had happened. I was the victim of phishing and I felt violated. Using my account, some hacker dropped a virus in my cookies (goodness, that sounds downright unsanitary) and sent out messages to everyone in my database.

Here’s the deal: social networking sites are tripping all over themselves to embed powerful features that most subscribers will never use, such as digital image or media files with the ability to download content from third-party Web sites. These features are not the kind of worms or viruses that shut your computer down. They just send out messages using your own friend list, or something similar. 99% of them are harmless advertising spam that result from wandering around in YoVille on your Facebook. (Hey, you gave them permission when you adopted your first cow.) But a moderately-proficient hacker can use the features to phish your network with files that, when opened, transfer the virus through that person’s network, and so on, and so on…

Mostly, the public doesn’t hear about nobodies, like me, who get phished. We just change our password, run a virus protection scan, clean out cookies in the browser, and a write a lot of apologies to people like Miss Universe. But I did some research and discovered that having your Twitter account hacked is not nearly as rare as you might have hoped. (Actually, Twitter tries never to use the word “hacked,” preferring instead to speak of having your account “compromised.” Sounds nicer, I guess.)

My research turned up 10 large-scale “compromisings” so far in 2009, covering thousands of accounts. Some of these include high-profile folks such as President-Elect Barack Obama (in January, before the swearing-in), Britney Spears (3 times in 2009), and the official feed for Fox News. Yikes. My personal favorite took place in mid-July, when a hacker broke into the online accounts of various Twitter staffers, including Twitter CEO Evan Williams’ email account. How embarrassing! The attack exposed all sorts of internal documents which were distributed widely and gleefully reprinted by the French website Korben.

As unique as I like to think of myself, my own experience targeted about 750 people, including New York Jets Wide Receiver David Clowney. I only hope that I’m not going to have to apologize to him as well.

Did I bring this upon myself? Well, maybe partly. It turns out that I’m not the only one who can’t retain anything but water these days. The systems are designed as they are because huge numbers of us with college degrees and reasonable IQs are unable to remember a single four-digit PIN number without “hints,” let alone a unique password for every application for which we ever sign up. The result is that 41% of internet users unwisely use the same username and password for numerous internet services, including online banking accounts. Couple this with apps like Ping.fm, which automatically triggers your message to your profile on FaceBook, hiF, MySpace, Plaxo Pulse, Plurk, Pownce, Tumblr, Twitter and Xanga simultaneously, hooking them together like an ecosystem – when one account is “compromised,” the others are likely to tumble like dominoes.

Would I do something as stupid as this? Well…. not any more. Additionally, giving the user an option to guess the name of a pet in lieu of actually knowing a password has just dramatically shortened the odds for an attacker. Does the fact that I had three dogs as a kid, each one named Skippy, show continuing sentimentality on my part or an incredible lack of childhood imagination? You choose. Would I actually stoop to using “Skippy” as my password, let alone my “hint?” Well…..not any more.

There are some things that we simply can’t control. The kinds of DDoS attacks that occurred on August 6th managed to slow both Twitter and Facebook to a standstill by using a network of computers (dubbed zombies) to flood the server with requests for data until the server overloads and comes crashing down. No amount of firewalls on our end can protect us from this, but I so loved the security experts’ analogy of likening a DDoS attack to 15 fat men trying to get through a revolving door at the same time, that I just couldn’t resist working it into this post. Sorry.

I discovered two other interesting miscellaneous pieces of information in my research: The first is that there are Hacker Conventions. Lots of them. All over the globe. The world’s largest annual hacker convention is called DEF CON and it’s held in Las Vegas. Of course it is!! Federal law enforcement agents from the FBI, DoD and other agencies regularly infiltrate DEF CON but they just can’t keep pace with a couple of 18-year-olds with too much time on their hands.

The final remarkable thing is that this past April, University of Wisconsin doctoral student Adam Wilson, by wearing a cap outfitted with electrodes that monitored changes in his brain activity, managed to tweet 23 characters just by thinking. Yup, by focusing on the letters, he spelled out “USING EEG TO SEND TWEET,” among other messages.

You know what this means, don’t you? It will only be a matter of time before some dweeb in a party hat will be able to stand across the room from me at a cocktail party and tweet spam into my head; words that will, no doubt, come rolling uncontrollably out my mouth like a gumball dispenser.

With my luck, I’ll be chatting with Miss Universe at the time. I could just croak!

Tuesday, November 17, 2009

Why We Don’t Need Another Nonprofit

Those of you who have been following me for the past couple of months know that I recently lost my job as the Executive Director of the Hawaii Women’s Business Center. It was nothing personal. Federal funds were cut to such a point that they could no longer pay my salary, or that of our office manager. I was sad to leave the Center, because I am still passionate about their mission, but the board and I were in agreement. In a dwindling economy, you can’t squeeze blood from a turnip.

Since then, a surprising number of friends and colleagues have suggested that I should start a competing non-profit. Bless their hearts, I know that they mean well. But I consider this to be a mistake of astonishing proportions on a number of levels.

First of all, frankly there are just too many non-profits already out there in the marketplace. They often have similar goals and even though the work that they are doing is altruistic and necessary, the administrative costs involved in overlapping services ultimately hurts those who need them the most. As an example, I googled “drug treatment youth Hawaii” and quickly found 124 separate rehabilitation facilities and programs – and I didn’t even try very hard.

Let me be clear about this: I am not suggesting that we need fewer addiction programs in the state. I haven’t studied this situation enough to make a judgment such as that. But I do strongly suspect that we don’t need any more programs. I believe that we would get better ROI by putting additional funding into the programs already in place rather than by starting yet another.

Funds are dwindling – everywhere. There’s just not enough money to go around. The pie is smaller; the need is greater. In the past, it has been difficult for moderate and small-sized nonprofits to recruit suitable leadership, simply because nonprofits traditionally pay substantially less than their counterparts in the for-profit marketplace for positions of equal responsibility. Often the best candidates don’t even bother to apply. Of course, there will always be those of us (particularly baby boomers) who feel a calling for working in the nonprofit industry, despite the monetary downside. But the hard fact is that resources are diminishing, even for those of us committed to the altruistic goals.

In April of 2009, a survey of over 1,100 nonprofit leaders in markets nationwide was released by Nonprofit Finance Fund (NFF). The key findings were pretty bleak:

• Only 12% of nonprofits expect to operate above break-even this year.

• Just 16% anticipate being able to cover their operating expenses in both 2009 and 2010.

• 31% don't have enough operating cash in hand to cover more than one month of expenses, and another 31% have less than three months' worth.

• 52% of respondents expect the recession to have a long-term (2+ years) or permanent negative financial effect on their organizations.

• 93% of lifeline organizations that provide essential services anticipate an increase in demand in 2009.

According to the Washington Post, a recent survey of member nonprofits by the D.C.-based Center for Nonprofit Advancement revealed that:

• one-third have no operating reserves or endowment

• 41 % are suspending or closing down programs

• and 44% are laying off staff.

So where will the nonprofits that do survive get their funding?
Oh, oh….more bad news:

It probably won’t be from foundations. On November 4th, The Foundation Center located in New York City reported that their latest survey shows foundation giving will likely decline in 2009 by 10%, slightly worse than their 8% estimated earlier this year. And as if that isn’t bad enough, the Center predicts further declines in 2010.

The extra money needed probably won’t be coming from the public either. According to a November 16, 2009 Associated Press report, only 38 % of Americans say they are likely to give at least one charitable gift as a holiday present this year, compared to 49 percent last year.

Looks like Santa is going to be skipping a lot of 501(c)(3) chimneys this year.

So will nonprofits fold up their tents and close their doors? Some will. But the smart ones will quickly discover that there is safety in numbers. Savvy nonprofits will band together with like-minded organizations and share costs. They will disclose strategic planning information so as not to cannibalize each other’s programming and educational bases. I predict that the ones who will succeed are the ones who understand their clients’ needs and allocate their budgets to doing one thing really well rather than trying to be all things to all people.

Those who sit tight and pray for a white knight to gallop in and save them won’t stand a chance in this economy.

So, to all of my dear friends who have encouraged me to start a women’s business center, bless your hearts but don’t hold your breath. I may be neurotic but I’m not stupid. The world doesn’t need another nonprofit right now. Let’s just support the ones we already have, OK?

P.S. This holiday season, the world probably doesn’t need another $16 scented candle, either. But there are families around the globe whose lives would be changed by the gift of a goat or a chicken. May I suggest that you check out Heifer.org or Oxfam.org, two nonprofits that help families in third world countries become self sufficient while providing nutrients for their children. Or give the gift of a smile – The Smile Train performs free cleft palate surgery on children around the world, changing their lives in societies who shun those born with deformities. With nonprofit organizations like Doctors Without Borders, Project Hope, Mercy Ships or your local Shriners Hospital for Children, there is very little excuse to spend money on candy (it rots your teeth and makes your butt fat), knickknacks (they collect dust) or jewelry. Do something good this holiday season. Please. Thus endeth the lesson

Tuesday, November 10, 2009

No Shirt. No Credit. No Employment.

A few years ago, I suspect that I lost the chance at my dream job because I refused to grant permission to check my credit history. My refusal actually had nothing to do with my credit history. In fact, I have no idea what my current credit score is or how I am rated, nor did I then. (Yes, I know that it is foolish and irresponsible not to keep track of this stuff. But that’s a future blog.) I refused on the grounds of privacy issues and the fact that credit reports are notoriously inaccurate. Today they couldn’t even ask - In July 2009, Hawaii became the second state, behind Washington, to limit the use of credit histories in pre-employment screening.

Last week I wrote about some of the insidious devices that human resource people are using these days to make the determination of whether to hire you. Some of these tools are just the natural evolution of technology, such as LinkedIn and Google. They can be both helpful and, in some cases, misleading to the point of pure untruth. But of all these contemporary screening techniques, none is more invasive or abused as the practice of using credit checks as a litmus test for hiring.

SHRM (Society for Human Resource Management) states that 43 percent of companies conducting any type of pre-employment screening use credit checks for some or all employees. And those numbers are from their last study which was done in 2006. Credit score screening has skyrocketed since then, so we can only imagine how rampant it is today.

In the other 48 states, employers can (with an applicant’s permission), pull a credit history and decline to hire a candidate based on what they find – even if the information has absolutely no relation to the job responsibilities, such as the handling of money, confidential financial information or having access to the personal property of others.

Employers claim that your credit history is a gauge your level of responsibility. Whether that is a valid assumption or not, some employers believe if you are not reliable in paying your bills, then you will not be a reliable employee. That philosophy might possibly have held some water in 2006, before the economy tanked, but in today’s job market it is just a cycle of discrimination against the jobless, whose lack of employment contributes to their financial woes. The worse their debts, the harder it is to get a job to pay them off.

As for me, my refusal to allow the potential employer access to my credit records was twofold:

1. There are long-standing concerns about the accuracy of information contained in consumer credit reports. One study by the U.S. Public Interest Research Groups (U.S. PIRG) examining credit reports found that “70 percent of credit reports investigated contained incorrect information; 29 percent contained errors significant enough to have serious adverse consequences on the consumer’s credit”

2. It’s the principle of the thing. If I apply for a job that involves national security, FDIC clearance, or significant financial responsibility (such as a bank manager) I expect that my credit history will be relevant and required. Otherwise, unless I’m trying to buy your house, it’s none of your business. It’s personal. It’s private. This is America. Is nothing sacred anymore?

Excuse me while I take a moment to get myself under control….. OK, I’m back. My husband claims that I am an Olympic contender in “upstream swimming.” Never one to just go with the flow, he calls me his personal Don Quixote,* tilting at windmills and thwarting injustice wherever it rears its ugly head. He has a point. But I am not alone in my belief that accessing credit history to make employment decisions is a bad idea. Go to the American Civil Liberties Union website and see what they have to say on this subject.

In addition to the laws that Hawaii and Washington have already enacted, the states of California, Ohio, New York, Missouri, Texas, Michigan, Illinois and Connecticut all have similar restrictions in the works. “In my opinion, it’s a clear case of discrimination,” says Representative Jon Switalski, the Democrat who proposed legislation in Michigan. “If you miss a few payments or you have medical debt, your skills as a pipefitter or an electrician don’t diminish.”

Many in Washington D.C. also agree. On July 31, 2009, members of the U.S. House of Representatives introduced the “Equal Employment for All Act,” a national bill that would amend the Fair Credit Reporting Act to prohibit the use of consumer credit checks in relation to current and prospective employees for the purposes of making employment decisions under all but a few circumstances.

Employers would also be prohibited from asking applicants to voluntarily submit to credit checks (as they are currently able to do).

The bill (technically entitled HR 3149) is endorsed by over 25 organizations, including the NAACP, NAACP Legal Defense and Educational Fund, National Consumer Law Center, Leadership Conference on Civil Rights, National Fair Housing Alliance, Consumer Action, those pinko commies over at the National Association of Consumer Advocates, Unite Here, National Employment Law Project, U.S. Public Interest Research Group, Legal Action Center, National H.I.R.E. Network, Community Legal Services of Philadelphia, Center for Economic Justice, Asian American Justice Center, Communication Workers of America, AFL-CIO, Lawyers’ Committee for Civil Rights Under Law, International Union (no good can come from unions), United Automobile, Aerospace & Agricultural Implement Workers of America (more unions!), National Employment Lawyers Association (lawyers!!), and worst of all - women -- National Organization for Women, National Partnership for Women and Families, National Women’s Law Center and Women Employed.

I guess a lot of people would have agreed with me when I refused to sign on the dotted line. If I had a do-over, I’d still refuse although the money sure was tempting. Still is. But we have to draw the line somewhere and there’s always a price to be paid for sticking to your principles.

In doing research for this blog post, I discovered other dark things living under the rocks of the credit card industry. Things I didn’t want to know, such as the fact that every time a potential employer or third-person party pulls your credit report, they are making an “inquiry” into your credit. These inquiries or credit checks are recorded in a list on your report. Having too many credit inquiries tends to lower your credit score, so don’t go applying for a credit card unless you’re sure you don’t need it.

Also, I learned that insurance companies use your credit score to set your insurance premiums so that if you’re poor (or unemployed and credit-challenged) you pay more for your insurance. (Yes, there’s legislation pending all over the country to stop that, too.)

There I go, getting all upset again. I gotta lie down. No, what I really have to do is find a new job. But maybe I should check my credit history first, since employers seem to think that my ability to make my car payment on time is the key to my reliability as a nonprofit manager or my good character.

I wonder what Bernie Madoff's credit score was?


*The main character in “Man of La Mancha”