In Cloud we Trust
Wednesday July 30th 2014 something key happened in the Dutch Cloud. During summary proceedings, ING Bank demanded AFAS Personal to stop offering an automated service that uses customer usernames and passwords of ING Bank’s internet banking service Mijn ING.
AFAS Personal is a online bookkeeping service that offers automated download of bank transactions for accounting purposes. Mijn ING usernames and passwords are used with customer consent, today’s security standards are applied and verified by 3rd parties.
In ING Bank’s opinion the automated service AFAS Personal is providing introduces a security risk. According to ING Bank it is not ‘safe’ to have AFAS Personal use Mijn ING usernames and passwords. The judge decided that ING Bank was right and ordered AFAS Personal to stop the automated download service.
Once upon a time in the West it was common to sock away money in a safe. At that moment in time a good practice to keep belongings safe. Without the key one could not open a safe. So far so good. Unfortunately safes got busted. A security rat race had started.
Bigger safes with better locks were build. It was a matter of time that safes got busted again. Keeping belongings safe became expensive. Some entrepreneurs noticed the trend, build vaults and offered people the service of secure central safes.
Like safes, these newly born banks got robbed and busted as well. Vaults got even bigger and more secure. Banks hired security guards, bought armor plating and weapons. The rat race continued anyway.
Since then banks have transitioned from deposit money to online banking with different but similar defense systems. The 2008 financial crisis demonstrated that belongings (and trust) can still vaporize inside the most secure vaults.
The above is illustrative of the fact that banks themselves have become a security risk. If governments had not intervened, belongings would have burned inside safes that were supposed to be fireproof. This raises the question of who owns the content in a safe and it’s key.
Obviously banks don’t. Customers do. If customers no longer trust their banks they should at least have the right to keep record of what’s in their safe and be allowed to share the key with trusted parties. What if banks bust again ? Who proofs what was in the safe ? The bank ?
In addition to wednesday’s news it should be mentioned that ING Bank recently announced a pilot program to sell customer transaction data, be it anonymized and with customer consent, to 3rd parties for commercial use.
This announcement let to a fierce public debate in The Netherlands about data privacy and the role of a system bank such as ING Bank. Due to public opinion ING Bank decided to hold off the pilot for now.
Apparently public debate is required to wake-up corporate institutions, governments and legislators, and have the public correct wrongdoings if all controls fail.
The Terms & Conditions of the Mijn ING internet banking service state that customers may only use usernames and passwords themselves and only when using Mijn ING’s web site.
In the case of ING Bank against AFAS Personal the judge decided that, through the automated logon service, AFAS Personal is encouraging customers to violate the Mijn ING Terms & Conditions and therefore ordered AFAS Personal to immediately stop the service.
Through the Schengen Treaty 26 European countries have agreed to abolish passport and any other type of border control at their common borders. The Schengen countries function as a single country for international travel purposes, with a common visa policy.
The Schengen countries have eliminated internal border controls between Schengen members, strengthened external border controls with non-Schengen states and trust each other . The Schengen area encourages the free movement of goods, information, money and people.
In Cloud we Trust
Cloud is nothing new. Cloud has always been there and will always be there. Cloud isn’t a marketing hype either. Cloud is the water we drink, the food we eat, the electricity we consume, the money we draw and the intellectual property we store.
Cloud is also about the good, the bad and the ugly. There’s no way back. We all are interconnected as we live on the very same planet. Customers are entitled to know who’s good, who’s bad and who’s ugly.
ING Bank is worried about so called ‘man in the middle’ attacks. But is it fair to call all ‘men in the middle’ ugly or bad ? Cloud is about trust. Banks, of all people, should know that security is important but that trust is even more important.
The judge should have considered the interests of the customer and not those of ING Bank or AFAS Personal. The judge could have focussed on re-gaining public trust.
Other banks such as ABN-AMRO, Rabobank, SNS Bank trust AFAS Personal. Even ING Bank trusts AFAS Small Business, a similar service for business customers. ING Bank should speak up and be clear about who’s good, who’s bad and who’s ugly.
Apparently some public debate is required here to wake-up corporate institutions, governments and legislators …