I went to school in a state that mandated a fifth year to sit for the CPA exam. I was broke after 3 1/2 years, so after graduation I bolted to another state to work (and sit). Unfortunately, the Master’s in Accounting I skipped covered governmental and non-profit accounting, so I had to teach it to myself.

It never agreed with me, as it didn’t reflect reality. My instincts, it seems, were correct - the “right side” of the federal government’s balance sheet is short a few bucks…actually something like 50 trillion short, when you ignore accrued liabilities.

This isn’t news - David Walker, Comptroller General of the GAO, has been talking about it for a while. But major media coverage has been sparse to this point.

As much as folks think email is a free an easy way to spam for a cause, all it winds up doing is destroying credibility.

Latest, a group that doesn’t like the way the internet is run is spamming the US Department of Commerce.

Feeling powerless? Spamming corporate and governmental bodies isn’t going to help you.

First, someone noted that Skype technology possessed pretty strong encryption. And while it is only a matter of time before folks crack Skype encryption (or Skype cracks from lawsuits), in the tech sector someone else is always finding a new and better way to do things.

Next up in the “protect your phone conversations” department - Zfone, the latest creation by PGP whiz Phil Zimmerman. Wired calls it “a pretty good way to to foil the NSA”, and coming from Zimmerman, I wouldn’t doubt it. PGP was on the ITAR list for a while, and if my memory serves me correctly, Mr. Zimmerman even got a bit of heat for creating PGP in the first place.

PGP has been available as a commercial app for sometime. I’ve been using it since my Windows 2000 days to secure disk data. Steal my laptop or backup drive and you’ll find it pretty much useless for anything other than hardware resale. It wouldn’t surprise me if Zfone is hardened the same way.

So much for all that wiretapping political rigmarole.

***UPDATE***

More on phone call security, from someone who might know a bit about security.

Google just avoided providing the government with person-specific search data, but has to lift the hood on their engine for them nonetheless (whatever the hell that means).

Meanwhile, the center of the internet universe (according to some) has been ordered by a Federal Magistrate to turn over some crook’s Gmail account data, including any deleted emails.

With the search stuff, who cares? Everyone looking for bad stuff on the net most likely already knows where to find it. But in the second regard, I’d say this is a nail in the coffin for free, web-based email services. Even those folks (like me) who use services like Gmail on a “POP only, Delete After Download” basis now get to wonder when and where all those emails they thought they deleted might…well…er…pop up again.

I suspect that for many, Gmail is the defacto address for every Craigslist communication and email newsletter they don’t really want, so its not a problem. But, if you use such services to correspond with the attorneys forming your irrevocable trust, or set up meeting times with the boyfriend or girlfriend your husband or wife doesn’t know about, I’d say you could get finely screwed (not that you aren’t already, in either case). If these services become useless for anything but cat and mouse games with internet marketers, I don’t see longevity in them.

Of course, if your surreptitious liaison schedule is already wrapped in one of those extremely long encryption keys you generated for the sender, you aren’t going to care who gets their hands on that email - you’ll be the one in the coffin before anyone gets around to reading it.

A pack of US Government agencies, along with a couple of states, performed a mock attack to test their internet security readiness.

Some of the critical points of contact - power grids, financial systems, and…..bloggers. The government wants to make sure the bloggers can’t spread misinformation. Hmm. That portion of the exercise is rumored to have included testing a system to close comments on major media’s blogs when the miscreants call those authors on the carpet. But again, that is just rumor.

Ever since 9-11, everyone has been clamoring for business with the US Government. Business is booming in and around Washington, and everyone who wants to bid on work must run through the venerable General Services Administration. Unfortunately, that organization is running a system woefully lacking in security.

It isn’t the first time the government hasn’t paid attention to their own shop. A spammer is now going to jail after bouncing his mail off government servers, and that is just news from the last week.

The government needs to wake up and smell the coffee. While they clamor to peek into Americans’ private lives, driven by groupthink paranoia, they are sitting on holes in their own systems big enough to drive trucks through.

I read that the White House and Congress fail miserably in addressing internet security issues, and wonder why anyone would think otherwise.

Politicians will always be partisans - they will fight amongst themselves ’till hell freezes over. Their egos will never allow them to get any competent advice, and the ones that know their place will make the smart move.

The US Government is starting to put their foot down on the incidents of ID theft. Everyone is becoming aware of the fact that ID theft is not an isolated purvey of email phishers, so US regulators are asking financial institutions to develop appropriate notification measures (for their customers, that is).

ID theft results in losses that number in the tens of billions per year, and growing fast. I have seen numerous announcements at bank sites, warning customers of what to and not to do when utlizing online services. But the notification issue is a good additional step, if done right.

California has a notification rule, but gives institutions several weeks leeway before having to take action. Spamroll can’t say it enough…a couple of weeks is a crime in itself! Customers who may fall victim to ID theft, at the hands of lax security protocols inside an organization trusted with their personal information, need to be notified yesterday! (read Drug dealing is big business…so is Phishing and Spamroll: Data Stolen from UC Berkeley, again, if you still don’t get what I am saying).

Some say that data is already regulated, and safeguards are in place. Not quite true. Section 607 of the Fair Credit Reporting Act does provide impetus for those in possession of personal data to properly handle it, but seems a little outdated for our fast paced, picobyte level world. Section 607 is just a few paragraphs, for goodness sakes.

What I am exceptionally curious about is whether regulators will put their money where their mouth is, or simply their foot. Asking financial institutions to make “some changes” is a far cry from requiring the implementation of strict guidelines. With billions upon billions at stake, you would think financial institutions would accept this as a foregone conclusion, but you never know.

Read the whole story over at IT-Analysis: Identity Theft - U.S. banking regulators take action.

Wired News found out that the hole in T-Mobile’s systems that allowed hackers access to gobs of personal information was known about for some time (see Wired News: Known Hole Aided T-Mobile Breach). I think this is worthy of a few pointed questions, don’t you?

1) How long did T-Mobile and federal investigators know this was going on? …and if so…

2) Was the hole left open solely to nab one fellow? …and if so…

3) Did anyone stop to think that maybe there might be a follow-on attack?…and if so…

4) Did they just assume the government personnel who were the targets of the previous attack would gain magical immunity to another?…and if not…

5) Was there any potential for additional, and possibly national security, breaches?…and if so…

6) Who the heck was crazy enough to allow this to continue?

On the other side of the coin…

We can already surmise that nobody involved gave two nickels worth of concern to the other multi-million’s of T-Mobile subscribers, including but not limited to the lovely Paris Hilton and her cadre.

What other breaches have been had that nobody deems worthy news? Is this another ChoicePoint in waiting (see USATODAY.com - ChoicePoint heist led to at least 700 identity thefts), where first its one theft, then three, then a string of thefts occuring over a period of many months.

Who the heck is protecting the consumer?

I bet the Open Source Community comes up with another solution for these woes.