Computerworld, via CSO, is claiming that people searching for porn are “attacking” Microsoft’s platform with “poison”.

Microsoft on Saturday disabled the search tool on its Safety & Security Center after attackers poisoned results with links to pornographic URLs.

[…]

Although search poisoning is not unusual — it’s a well-worn tactic by those hoping to spread malware and dupe users into visiting scamming sites — this is different, said [CEO of Sunbelt Software] Eckelberry.

“This is crafty,” Eckelberry said today in an interview. “This isn’t normal search poisoning. It’s poisoning the results with actual searches. Users were getting back a prior search as a search result.”

Now you know a “crafty” way to “poison” search statistics — search for something.

Nowhere in the story does anyone mention that searches for porn are expected to be a huge percentage of total search results. Meanwhile the recent news from Nepal, which has tried to ban porn, is that search statistics show porn is popular.

Despite the August 2010 Home Ministry ban on pornographic websites in Nepal, the number of Nepali internet users surfing pornographic contents online has not dwindled.

Currently, the number of porn content seekers on Google—the most popular search engine—stands at a staggering growth rate of over 140 percent.

The Microsoft attack is described by CSO like this:

By repeatedly searching for sites using pre-selected phrases — “sex” and “girl,” for example — on the Safety & Security Center, criminals tricked the site into saving those searches, which then popped up near the top of the results of any subsequent searches by others.

Now consider that the Nepal news is written like this:

Google states the searches are often done with titles such as “hot babes”, “beautiful girls”, “cute hotties”, “sexy models wallpapers” and “bollywood babes”. […] Searches for naked and vulgar images have also rocketed to around 90 percent in the last few years.

So was the Microsoft site actually “tricked” or was it reflecting a predictable search statistic as a result of an open policy on results?

Eckelberry does not explain whether the saved searches were linked to actual human searches or falsified (i.e. automated) accounts. The article speculates a Twitter feed may have been related to the surge but it also sounds like a search engine ranked porn pages as popular when a lot of users searched for porn. That means they could have called it a search engine data point on behavior (i.e. Nepal’s news) instead of an attack. The CSO story follows the trend of experts who like to call attacks “sophisticated” or “crafty” without offering any guidance on what that really means relative to daily threats/behavior.

Scientific American reports that NCR is developing an ATM for customers who are illiterate and often have no pockets. No pockets? It’s interesting that they call that out as a major consideration.

The pillar ATM’s form and function are the result of considerable socioeconomic research in low- and middle-income countries—including how and when residents in rural areas use money, the utility of ATMs to people whose clothing often lacks pockets and the practicality of delivering modern banking services to a population literally unable to read the fine print. “The invention of this unit was based on our examination of the underbanked in India, particularly in the neighborhoods of Mumbai,” says Lyle Sandler, NCR’s vice president of Design and Consumer Experience. “We’re talking about a community with a high level of illiteracy, so clearly the typical ATM that someone would approach would be impossible to maneuver.”

First I am curious if they considered spending the same money on literacy programs to achieve the same results (banking in rural regions) with greater benefits.

Second it seems to me the illiterate could put on a headset and listen to an ATM, like the blind. It already is deployed in ATMs to comply with ADA — Interactive Voice Response Services (IVRS). Is audio too expensive or fragile for this project?

And then there’s the security of the fingerprint data and the log of who was where and when. If the target population is using these boxes for small denominations on a regular basis then NCR is really building a surveillance box…

Speaking of illiteracy and security, the story claims a receipt is important even to those who can’t read.

NCR researchers also found that the users they queried wouldn’t consider a transaction complete without some form of receipt, “which is how and why NCR built the first cash register, so some things never went away,” Sandler says.

Is this really about illiteracy?

Something didn’t sound (pun not intended) right to me (e.g. illiterate customers with no pockets who want receipts) so I dug through the NCR research papers on ATMs. The key to unlock this story may be in a 2009 report called the “Financial Inclusion Whitepaper“.

NCR points to three steps of “Financial Inclusion”. Self service solutions appear to be the opposite end of banking from “accounts under utilized” as illustrated in their chart:

The under utilized end of the spectrum is then revealed to be a security concern; traditional methods of banking face risks from robbery and remoteness. Those are the two big inhibitors that NCR hopes to fix with technology.

Currently, the favored delivery channel for microfinance and microcredit is via the business correspondent (BC) model, whereby an agent (who may or may not be a direct employee of the financial institution) personally travels within a wide geographical area to enroll customers, delivers loans, and collects repayments. The ‘doorstep banking’ model has obvious restrictions of scale as well as security. Agents may abscond with their clients’ funds or may themselves be the target of thieves.

Conventional delivery model
Technology can improve conventional delivery channels such as the BC model by adding new levels of security, speeding up enrolment procedures or ensuring accuracy. Used in this way, technology offers conventional models the chance to increase scale, though to a limited degree. A conventional BC model will always be restricted by the amount of ground the agent can physically cover.

The real story is about banks looking for ways to lower their risk when lending in micro-finance environments. Now I see how this fits into literacy. NCR is building technology developed over the past two years meant to reduce cost for banks to offer services in high risk but also high interest areas. They aim to reduce the need to provide the security personnel that would protect lending staff/assets, to reduce the burden of audit, and to reduce the need to hire lending staff at all — all replaced by technology usable by even illiterate customers.

This technology solution is based on an infrastructure path already worn by the postal service. The research they cite provides some great data points for discussion on trust and security in a publicly shared service (cloud) environment. A “Collaborative model to provide postal and telecommunications facilities to [27,000] unserved villages”, for example, has developed “a network of fixed infrastructure that can be shared for delivering various services including banking and microfinance.”

The primary consideration is to create a tamper-proof cash box that will be inexpensive enough to make micro-finance profitable (with its 20-50% interest rate) when operated over long distances with limited (and shared) infrastructure.

NCR’s system will have a tough time competing with the rapid growth of mobile phone tokens used for payment, such as the M-PESA currency transfer and bank account service. Launched by Vodaphone in Eastern and Central Africa, Afghanistan and India, NEC mentions the system in their paper on financial inclusion.

It allows subscribers to deposit and withdraw money via Safaricom’s airtime-sales agents, and send funds to each other by text message (SMS). The service is now used by around a quarter of Safaricom’s 10.5m customers. Casual workers can be paid quickly by phone; taxi drivers can accept payment without having to carry cash around; money can be sent to friends and family in emergencies. More than twice as many people have a mobile phone than have a bank account in Kenya which indicates that mobile phones could act as an important tool for financial inclusion.

Mobiles can beat the no pockets and no literacy requirement but also operate without fingerprints and expensive tamper-proof boxes (surveillance is another story). NCR however believes the two will be complimentary, not competitive (mobiles will need assistance if cash is required). The issue is thus whether requiring a fingerprint to access a strange box without human interaction will help speed the demise of cash instead of making it more inclusive.