NPI's Cascadia Advocate

Offering commentary and analysis from Washington, Oregon, and Idaho, The Cascadia Advocate is the Northwest Progressive Institute's unconventional perspective on world, national, and local politics.

Monday, May 25th, 2020

Massive unemployment fraud reminds us that online signature gathering is a terrible idea

As Wash­ing­ton State geared up to respond to the eco­nom­ic rever­ber­a­tions of Gov­er­nor Jay Inslee’s stay home, stay healthy orders ear­li­er this spring, a Niger­ian fraud ring dubbed “Scat­tered Canary” by the secu­ri­ty com­mu­ni­ty saw an oppor­tu­ni­ty to make out like ban­dits. Armed with the spoils of numer­ous data breach­es, they insti­gat­ed a cyber heist, fil­ing tons of fraud­u­lent unem­ploy­ment claims with Wash­ing­ton State’s Employ­ment Secu­ri­ty Depart­ment (ESD).

We don’t yet know how much they stole, but it’s in the hun­dreds of mil­lions.

“To some degree, Wash­ing­ton and its work­ers are the lat­est casu­al­ties in an era of ris­ing iden­ti­ty theft,” report­ed The Seat­tle Times in a sto­ry on the theft.

“Fil­ing for unem­ploy­ment insur­ance in Wash­ing­ton and many states requires the sort of per­son­al infor­ma­tion — Social Secu­ri­ty num­bers, birth dates, address­es — that is depress­ing­ly easy to steal or buy on the dark web, thanks to mas­sive data breach­es such as the 2017 attack on cred­it report­ing agency Equifax that allowed access to records of more than 145 mil­lion indi­vid­u­als.”

“Indeed, offi­cials at ESD and at WaT­e­ch, the agency that man­ages the sys­tem the state uses to authen­ti­cate users for ESD and oth­er state agen­cies, have repeat­ed­ly insist­ed that when thieves have enough per­son­al infor­ma­tion, it’s dif­fi­cult to stop peo­ple from fil­ing fraud­u­lent claims with­out also obstruct­ing legit­i­mate fil­ers,” the Times sto­ry (by Jim Brun­ner, Paul Roberts, and Patrick Mal­one) went on to explain.

ESD and WaT­e­ch offi­cials are absolute­ly right.

Ever heard the adage “On the Inter­net, nobody knows you’re a dog?”

This is the dilem­ma that Wash­ing­ton State offi­cials are wrestling with.

Wash­ing­to­ni­ans under­stand­ably like the ease and con­ve­nience of doing busi­ness online — includ­ing with their gov­ern­ment, which belongs to them — but online sys­tems are unfor­tu­nate­ly high­ly sus­cep­ti­ble to fraud. It’s triv­ial to mas­quer­ade as some­one else if you have their per­son­al iden­ti­fy­ing infor­ma­tion. Triv­ial.

The bad guys know it’s hard for the author­i­ties to sort out legit­i­mate claims from ille­git­i­mate ones with­out mak­ing every­one jump through addi­tion­al hoops, which almost defeats the pur­pose of offer­ing peo­ple the abil­i­ty to file for unem­ploy­ment online. They used that knowl­edge to scam Wash­ing­to­ni­ans on a large scale.

On the Inter­net, nobody knows you’re a sophis­ti­cat­ed Niger­ian fraud­ster.

Pub­lic agen­cies aren’t the only enti­ties that are grap­pling with the twin prob­lems of iden­ti­ty theft and cyber­crime. So are com­pa­nies of all sizes in the pri­vate sec­tor. Fraud in ecom­merce is also a huge and grow­ing prob­lem… a prob­lem that has large­ly been left to banks and mer­chants to man­age as a cost of doing busi­ness.

We’ve all become accus­tomed to zero fraud pro­tec­tion guar­an­tees. Spot a fraud­u­lent charge on your cred­it card state­ment? No prob­lem, just call the bank (or cred­it union) and report it. The charge will be reversed, pron­to, and the card re-issued at no cost. At no direct cost to you, that is.

We may have decid­ed as a soci­ety to tol­er­ate a lot of fraud when it comes to our eco­nom­ic activ­i­ties, but that mod­el sim­ply does not work for elec­tions.

That’s why, as I wrote sev­er­al weeks ago, we need to emphat­i­cal­ly reject all attempts to allow online sig­na­ture gath­er­ing.

This dis­turb­ing case of cyber fraud ought to serve as a reminder of how dif­fi­cult it is to val­i­date some­one’s iden­ti­ty over the Inter­net. And val­i­dat­ing iden­ti­ty is the crit­i­cal step in deter­min­ing whether a mea­sure has earned the req­ui­site sup­port from vot­ers need­ed to qual­i­fy for place­ment on the bal­lot.

Cur­rent law (in Wash­ing­ton State and in most oth­er places) allows peti­tion­ing on paper only. Vot­ers must phys­i­cal­ly sign a peti­tion for their sig­na­ture to count.

That’s the way it needs to stay.

NPI knows of sev­er­al law­suits in which plain­tiffs are present­ly ask­ing judges to issue orders decree­ing that sig­na­ture gath­er­ing should be able to take place online due to the pan­dem­ic. These requests should be uni­form­ly denied. This pan­dem­ic must not be the pre­text for the fur­ther destruc­tion of pub­lic con­fi­dence in elec­tions.

NPI also knows of non­prof­its that are claim­ing to have devel­oped tech­nol­o­gy that can safe­ly facil­i­tate online sig­na­ture gath­er­ing… like Map­Light.

No non­prof­it mak­ing such claims is to be trust­ed.

The Inter­net is unques­tion­ably use­ful for many things, but it is not an appro­pri­ate medi­um for sig­na­ture gath­er­ing. Sig­na­ture fraud (on paper peti­tions) is already a prob­lem. The last thing any­one who cares about the integri­ty of our democ­ra­cy should want to do is make that prob­lem worse by a fac­tor of a zil­lion… which is exact­ly what would hap­pen if online sig­na­ture gath­er­ing were to be per­mit­ted.

Adjacent posts

  • Enjoyed what you just read? Make a donation


    Thank you for read­ing The Cas­ca­dia Advo­cate, the North­west Pro­gres­sive Insti­tute’s jour­nal of world, nation­al, and local pol­i­tics.

    Found­ed in March of 2004, The Cas­ca­dia Advo­cate has been help­ing peo­ple through­out the Pacif­ic North­west and beyond make sense of cur­rent events with rig­or­ous analy­sis and thought-pro­vok­ing com­men­tary for more than fif­teen years. The Cas­ca­dia Advo­cate is fund­ed by read­ers like you and trust­ed spon­sors. We don’t run ads or pub­lish con­tent in exchange for mon­ey.

    Help us keep The Cas­ca­dia Advo­cate edi­to­ri­al­ly inde­pen­dent and freely avail­able to all by becom­ing a mem­ber of the North­west Pro­gres­sive Insti­tute today. Or make a dona­tion to sus­tain our essen­tial research and advo­ca­cy jour­nal­ism.

    Your con­tri­bu­tion will allow us to con­tin­ue bring­ing you fea­tures like Last Week In Con­gress, live cov­er­age of events like Net­roots Nation or the Demo­c­ra­t­ic Nation­al Con­ven­tion, and reviews of books and doc­u­men­tary films.

    Become an NPI mem­ber Make a one-time dona­tion

One Ping

  1. […] Source: Mas­sive unem­ploy­ment fraud reminds us that online sig­na­ture gath­er­ing is a ter­ri­ble idea – NPI… […]