Mx Chronicles pt III
Apr. 8th, 2014 03:21 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sebastienneSome successes!
Two different banks have given me proof of ID with the correct title!
My experiences with Smile and Britannia have reinforced something that I kinda knew anyway - that change to oppressive systems has to happen through changing individual minds. (Top-down or bottom-up are both valid approaches, but perhaps both are necessary.)
With both banks, my experiences have been wildly divergent depending on the individual I've spoken to.
For example -
Me: Please can you fix my title? It should be "Mx".
Smile employee 1: Dear Ms Stardust: nope.
Me: Are you really really sure? How about at least not addressing me by an incorrect title in these messages?
Smile employee 2: Dear Ms Stardust: no chance. It's automatic.
[Time passes]
Me: I'm about to be due a new credit card - when it comes, please can you list my name on it as Mx Sebastienne Stardust? I understand that you can't change it within your systems, but at least in this one place, is it possible?
Smile employee 3: Dear Sebastienne: sure thing!
Letter from smile: Dear Mx Stardust...
Me: Hi, when I renew my savings account with you, I need to change my title to Mx - will that be ok?
Britannia employee 1: Sure thing, just send us your deed poll!
[Sigh; Deed Polls aren't required to change title. But I've got one anyway.]
Letter from Brittania: Dear Ms Stardust, it is not possible to process your name change. Also we've cashed that cheque that you made out to Mx Stardust because apparently when it comes to taking your money, we recognise that titles don't actually have any legal standing as part of a name.
Me: Hey wtf? You lied to me on the phone and cashed a cheque fraudulently, I think maybe I should close my account..
Britannia employee 2: Shit, sorry, that's not cool. I've looked at our systems and I reckon I can get "Mx" onto your statements and stuff, just not onto your internal record with us; there I'll have to put a custom note asking people not to call you "Ms". Will that be ok? There's still a human error element, but let me issue you a statement now and you can see whether or not it comes to you addressed as "Mx".
Statement from Britannia: Dear Mx Stardust...
Next step is the DVLA. They've sent me a letter addressed to Mx (because I fixed their online form) and I've sent back an application with a deed poll. It's been more than the three weeks I'm supposed to wait, though...
Two different banks have given me proof of ID with the correct title!
My experiences with Smile and Britannia have reinforced something that I kinda knew anyway - that change to oppressive systems has to happen through changing individual minds. (Top-down or bottom-up are both valid approaches, but perhaps both are necessary.)
With both banks, my experiences have been wildly divergent depending on the individual I've spoken to.
For example -
Me: Please can you fix my title? It should be "Mx".
Smile employee 1: Dear Ms Stardust: nope.
Me: Are you really really sure? How about at least not addressing me by an incorrect title in these messages?
Smile employee 2: Dear Ms Stardust: no chance. It's automatic.
[Time passes]
Me: I'm about to be due a new credit card - when it comes, please can you list my name on it as Mx Sebastienne Stardust? I understand that you can't change it within your systems, but at least in this one place, is it possible?
Smile employee 3: Dear Sebastienne: sure thing!
Letter from smile: Dear Mx Stardust...
Me: Hi, when I renew my savings account with you, I need to change my title to Mx - will that be ok?
Britannia employee 1: Sure thing, just send us your deed poll!
[Sigh; Deed Polls aren't required to change title. But I've got one anyway.]
Letter from Brittania: Dear Ms Stardust, it is not possible to process your name change. Also we've cashed that cheque that you made out to Mx Stardust because apparently when it comes to taking your money, we recognise that titles don't actually have any legal standing as part of a name.
Me: Hey wtf? You lied to me on the phone and cashed a cheque fraudulently, I think maybe I should close my account..
Britannia employee 2: Shit, sorry, that's not cool. I've looked at our systems and I reckon I can get "Mx" onto your statements and stuff, just not onto your internal record with us; there I'll have to put a custom note asking people not to call you "Ms". Will that be ok? There's still a human error element, but let me issue you a statement now and you can see whether or not it comes to you addressed as "Mx".
Statement from Britannia: Dear Mx Stardust...
Next step is the DVLA. They've sent me a letter addressed to Mx (because I fixed their online form) and I've sent back an application with a deed poll. It's been more than the three weeks I'm supposed to wait, though...
no subject
Date: 2014-04-08 04:12 pm (UTC)Um. About that. From the DLVA's website:
"You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of-service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them."
If that's a risk you're okay with running, more power to you. But I think that Tumblr post really really should say in so many words that that is what is at risk. With any website, but the more so financial and government websites. Especially since that sort of legal danger will affect disprivileged people more than privileged people.
no subject
Date: 2014-04-08 04:30 pm (UTC)Are you suggesting that this could be said to constitute "unauthorised access" to their database? Perhaps I shouldn't dismiss that (even though it's clearly not what has gone on here) given how little courts understand technology... or am I misunderstanding you?
no subject
Date: 2014-04-08 04:45 pm (UTC)I shall ponder on this some more, as that's not an eventuality I'd considered.
no subject
Date: 2014-04-09 03:25 pm (UTC)One is that, yeah, what I don't know about DBA would fill many lengthy books, and I wasn't sure it doesn't alter the database. The link you posted seemed to imply that the changes might or might not persist (I'm guessing depending on how that particular database is configured.)
Thinking about it again, I can't imagine that an unexpected value in the "title" field could cause a really damaging bug even if it did, but if it let you enter one to begin with, presumably it could also have let you enter something deliberately malicious. (In which case, sooner or later someone's going to, and they'll probably jump on anyone who exploited the vulnerability for any purpose, however innocent.)
Two: yeah, the courts. I don't know what your computer security acts are like, but I bet they're vaguely written and incompetently enforced. And I'm just imagining not you, but some kid just turned 18 who can't afford a barrister trying to explain to the judge and opposing counsel why <option value="Mx">Mx</option> is client side and fine but <option value="Mx">Mx;DROP TABLE users</option> is server side and illegal when they weren't prepared for that fight and didn't even know there might be a problem and don't fully understand the technical details themselves.
no subject
Date: 2014-04-09 04:39 pm (UTC)I agree with your points here. I've now also thought about the privileged situation I'm in with renewing my driving licence - I only need it for ID, as I don't actually drive. So I'm not risking as much as someone who needs a car for their work... not to mention how much someone would be risking if they, say, did this on a website where they needed to register for benefits-related things...