October 25, 2013

Technology: Instability of the (supposedly secure) Danish e-boks Document and Message System

After the American Century                                                                                                                                                          

In the United States the current IT fiasco story is about the Obama-Care website that is not working to expectations, to say the least. In Denmark, a comprehensive system of vital information that has been up and (sort-of) running for several years has also run into serious problems this week.

In theory, the electronic exchange of information is making the whole world more efficient, allowing people to save time in their everyday transactions. However. I have spent the last hour trying to get into my official electronic mail box, or "e-boks." This is not the usual e-mail system, but a more secure one set up with support from the Danish state. Getting in requires not just an identity number and one code, but two codes. The mail there is about taxes, refunds, fees, fines, car inspection, insurance premiums, salaries, bank accounts, and the like. All residents and citizens must use the system, and we must use it for an increasing number of things.

There is just one problem. At the moment it does not work. I am unable even to view the log-in page, which, after quite a long wait trying to load it, displays the following message:

Reloading the page does not change a thing. Try it several times, and all of my three browsers freeze up entirely.  (Several days after publishing this post, on November 2 such problems were acknowledged and discussed in the leading Danish paper, Politiken.)

The magnificent security system that is on this inaccessible page is called "NEM-ID" which roughly translates as "Easy ID." Of course it is not easy. This system has given me continual problems from the start, several years ago. It was not designed with Apple computers in mind, and the original instructions for its use contained errors. If one followed these instructions literally. an Apple user could not log in. In the last year or so improvements have been made, however, and I was able to use it. Until this week.

I now get two sorts of messages about this dysfunctional system. The first comes from the newspapers and radio. They inform me that the software is outdated and insecure. It apparently has a number of holes that can be (i.e. they are being) used by hackers to steal information. They are  almost certainly stealing money too, since the system is linked to all the Danish banks. Apparently this is not a problem that can be solved centrally. Rather, users are supposed to upgrade their own software. However, precisely what software? How to avoid downloading something that makes the problem worse, or even aids hackers? Indeed, how to avoid inadvertently turning to a false "help" website that was set up by hackers? From what I can see from reading other web pages, the new java script that must be installed requires that I buy a new operating system, which in turn demands a 64-bit processor. In short, I suddenly need to buy a new computer. The one I have is only two years old and works quite well. Alternately, I can try to do all these financial transactions using my Iphone, which is less an a year old. But this involves downloading many documents, transferring them to my computer, and only then reading them. Opening an envelop was much easier.

The second set of messages arrives in my ordinary email almost every day. They tell me that another important piece of information has arrived in my e-box, which I can only see using my "NEM-ID." I am told that each document is important, and that I need to read it soon. This week my bank, employer, and one insurance company have sent documents.

In theory, help is available when the system breaks down. However, one cannot even open the home page to find out where to write or call. Meanwhile, electronic thieves apparently can get in and out of the system in seconds.

This breakdown is making life less secure and less efficient, wasting time, and driving up electricity bills. The sudden, desperately needed upgrade of the official web page apparently means that I will be denied access until I purchase a new computer. Meanwhile, the criminals are clearly becoming more efficient, and they save time in their pilfering. This was not exactly the intended result of installing, and requiring everyone in Denmark to use, e-boks and Nem-ID.

Where is the frictionless high-speed communication of the supposed future? It's enough to make me long for ancient times, about a decade ago, when information came by letter and telephone calls reached a knowledge person, rather than a robotic system.

None of this surprises me as a historian of technology. The utopian expectations attached to new machines and processes have continually been undercut by actual results. There were people, including the Wright Brothers, who thought airplanes made war so potentially devastating that it would be unthinkable. Weapons expected to abolish war and usher in permanent peace include the submarine, the torpedo, land mines, poison gas, missiles, and laser guns. In the 1950s automated production was expected to reduce the work week to less than 30 hours and allow people to retire much earlier.

Over and over, politicians have believed exaggerated claims for new technological systems and put them into operation, only to discover that they have unintended consequences. The Danish government has imposed on its citizens a permanent new expense (rapid upgrades of computers, printers, and software) and forced them to use a system that is unstable and insecure. There seems to be no Plan B, or backup system when it fails. I cannot obtain the digital documents sent to me in any other way. The new system is also strongly favored by the banks, which have closed many branches in recent years, while imposing large fees for face-to-face services.

The new system is convenient and it saves money for the government, corporations, and banks, but it imposes new problems and expenses on the population as a whole. If it were secure and worked as well as the water or electrical distribution system, then the trade-off would be worthwhile. But it does not work that consistently and it must be tinkered with continually.

It is likely that one day this electronic system full of financial information will crash or suffer a cyber attack. Massive electrical blackouts have occurred, and most technological systems do fail once in a while. (I wrote a history of electrical failures called When the Lights Went Out.) There is no reason to believe that the Danish e-boks and Nem-ID will be immune.