CNN has a February-themed (hearts and relationships) report on the struggles of Mint.com’s data aggregation. This is a good study of data integrity risks in the cloud model.

“The dirty, behind the scenes thing is just how complex it is,” said Mint.com CEO Aaron Patzer, who described the first few months moving users to Intuit as particularly “rough.” But he added, “Intuit’s platform is getting better at a much faster pace now.”

But most consumers don’t care about the nuts and bolts — they just want the same service they’ve always been able to get.

Customers paid for a service that ran on a different Software as a Service (SaaS) platform. Clearly the acquisition team did not properly assess and plan for data integrity risks. The new platform seriously impacts the customer experience, which is not supposed to happen with giant SaaS cloud providers, even when the service is “free”.

Nearly $200 million was spent on Mint by Intuit. It makes a personal copy of accounting software running on an Infrastructure as a Service (IaaS) provider a good security comparison. Is SaaS worth the high risk to integrity (e.g. Mint), high risk to confidentiality (e.g. Google SREs, maps, wifi) and/or high risk to availability (e.g. Twitter whale)? Control of when and what features are added to a service(s) can be a problem with SaaS. The struggling Mint users might be ready to go for something better — something that gives more control over the quality of service delivered.

A beta period, for example, is one way of handling the transition with more user control. Another option would be migration in batches, where users elect to be migrated and then given a higher-level of service while bugs are worked out of the system. These methods are not fool-proof. Perhaps Mint used them but extrapolated experiences of a few users too far.

The bottom-line is users need control — a way to trust that controls are working, as I have discussed before. While some analysts say users “don’t want to know what’s going on in the kitchen” (Forrester quote) that is completely wrong. Forrester confuses trust with a lack of care. Users will know and judge what is going on in the kitchen as soon as they are served. They do not want to be unpleasantly surprised.

Imagine sitting down at a restaurant and saying “I don’t want to know…just serve me whatever”. You would only do that if you trusted the kitchen. And you would only trust the kitchen if…

Customers want to know that what goes on in a “kitchen” is what they expect; that is why they agree to sit and “pay” for a meal. In fact, you could say they chose to sit in a particular restaurant because they thought they could tell what would go on in the kitchen based on things like prior experience, reviews, decor, other customers, etc.. They care about the things that affect them, and when they sign up for a “service” they want to trust that someone is taking care of details.

GovInfoSecurity has an interactive 2010 Timeline of skimming attacks. You can roll over the chart and get details, or just scroll through the text of each attack below the chart.

I found the chart a little hard to read, so here’s my remix:

This makes it easier to see that many of the attacks are classified as “unknown”. At least one example should be familiar to my regular readers:

Tino’s Greek Café
Austin, Texas
Type of Attack: Unknown
Cards Compromised: Unknown
Date Discovered: August 11

A popular Austin restaurant, Tino’s Greek Café, reports that its customers’ card data was stolen by criminals. Some customers have lost thousands of dollars and charges that are turning up from as far away as South Africa and Brazil. Local law enforcement says that customers who ate at the restaurant and used debit or credit cards to pay for meals between March and July may have had their card data stolen. Police continue to investigate the crime and have not yet determined how the criminals stole the card data.

Heartland has said both publicly and to me in person that the attack is “outside their system”. They have hinted at fault with the POS, which I have discussed before. This was their official/PR statement:

The intrusion likely occurred in the third-party point-of-sale system used at the merchant location or as a result of other fraud. The Heartland system has not been compromised in any way.

I will be discussing the details of this case and more in my presentation at RSA San Francisco 2011.

Session ID: CLD-204
Date: Wednesday, Feb 16
Time: 1:00 PM
Location: Orange Room 305

Here is the understated banner they gave me to show you. I asked for a bigger one, but this is what they sent :)

The California State Supreme Court turned down an appeal for a San Francisco dog-mauling defendant. The court pointed out that the dog’s owner was negligent by failing to take simple measures to reduce risk of attack and by failing to assist the attack victim.

The court said a fatal dog mauling is murder if the owner knew the animal posed a risk to human life and exposed others to the danger.

Judge Charlotte Woolard reinstated the murder conviction in 2008, saying Knoller had known [the 140 lb dog] Bane was dangerous from past incidents, did not muzzle him before taking him into the hallway, and did not call 911 or take any other meaningful action to save Whipple during the 10-minute mauling.

This brings to mind the controversy surrounding the Idaho prison where guards failed to take simple measures to reduce risk of attack and failed to assist the attack victim.

The surveillance video from the overhead cameras shows Hanni Elabed being beaten by a fellow inmate in prison, managing to bang on a prison guard station window, pleading for help. Behind the glass, correctional officers look on, but no one intervenes when Elabed is knocked unconscious.

No one steps into the cellblock when the attacker sits down to rest, and no one stops him when he resumes the beating.

The victim, a Muslim man of Palestinian decent incarcerated for robbery, can be seen in a graphic surveillance video trying to get away from his attacker. The attacker, who was incarcerated for assault, described himself on MySpace as 5’5″, 150 lbs and half Mexican, half white. The victim tries to reach the guards and signals for help instead of fighting back. The attacker eventually knocks the victim unconscious and then kicks him in the head repeatedly in front of at least three guards on duty.

He then takes a break to sit in a chair, catch his breath and take a drink before returning to kick his unconscious victim in the head. Two minutes pass after the attack stops again before guards enter. The attacker lays down calmly to have cuffs put on. The victim had been attacked and asked for help before, described in the Idaho Statesman.

Before the Idaho attack, [the victim] tried to get help from prison staffers, telling them that he had been threatened and giving them details about drug trafficking between inmates and staffers that he had witnessed, according to his lawsuit. He was put in solitary confinement for his protection but was later returned to the same unit with the inmates he snitched on, his lawsuit said. He was on the cellblock only six minutes before he was attacked.

Steven Pevar, an attorney for the American Civil Liberties Union, said in 34 years of suing more than 100 prisons and jails, the Idaho lockup is the most violent he has seen.

“This isn’t even what we know of as a prison – this is a gulag,” Pevar said.

Pevar blames the violence on CCA and the former warden, Phillip Valdez, who was head of the prison when Elabed was attacked. Valdez was later transferred to another CCA prison in Kansas. The company refused to disclose its reason for moving him.

The victim suffered internal head bleeding and was in a coma for the next three days before he was returned to prison, where his condition worsened. He then had to be discharged from prison due to permanent brain damage. The attacker’s sentence was increased after a guilty plea for “aggravated battery and to committing battery with the intent to promote gang activity”, but he will be eligible for parole in 8 years. Attempted murder?

The FBI is now investigating the Corrections Corporation of America (CCA) for prisoner treatment in this privately run Correctional Center in Idaho. Apparently the CCA was already being sued for guards forcing prisoners to “snitch” on other prisoners. This would mean that not only did they know “the [attacker] posed a risk to human life and exposed others to the danger” but they also may have increased the risk by baiting the attacker.

This situation is said to be different than other CCA asymmetric prisoner fights such as the 2008 death in Oklahoma due to head trauma, because the exact time line and other details were recorded by surveillance cameras.