online banking with Bank of America: not quite accessible enough

Janina Sajka janina at rednote.net
Sat Jan 31 14:12:21 EST 2004


Hi, Darrell:

I've already written to Lainey about it. Here's the text of my message
to her where I also included the message from Cheryl:


Hi, Lainey:

Are you able to help me forward the concern described in the attached
email? I'm afraid the issue is sufficiently obscure, technically, to not
make much sense to the first tiers of tech support people. Besides, they
wouldn't be in the position to do anything about it.

The bottom line here is that they're excluding users based on bad
judgement. They've got their log very wrong, technically speaking, and I
can prove it.

If you read the message this woman is getting--which I also get, it
seems very justified--the bank wants you to connect using secure,
encrypted communications channels so that your information can't be
stolen by someone who's eavsdropping. Unfortunately, the way they're
actually determining whether or not the connection is encrypted isn't
accurate and yields false results, as in this instance. Technically
speaking, they're not actually testing for encryption, they're inferring
based on what browser the user is using. My advice to this individual
will be to simply lie--something that one can do with these browsers and
masquerade as Netscape or IE. But, that's not a proper solution.

The truth is that looking at what browser the person is using isn't
going to really tell you whether or not they're practicing safe
computing. As it happens, the old, and now sometimes denigrated text
browser lynx, actually provides twice the level of security available in
Netscape and Internet Explorer. Lynx SSL encryption, to be technical
about it, provides 192-bit encryption, compared to Netscape and IE's
128-bit. In encryption, the higher this number is, the stronger the
encryption is.

Frankly, this isn't much different than denying service to someone
because they wear the wrong clothes. While the users of these browsers
may be a minority, they are a growing minority because of the growing
popularity of Linux even among users who are blind.

The fix is also not difficult or expensive for B of A to implement. But,
it's a decision that obviously needs to be made at a high enough level
inside their IT department.

B of A has been doing an outstanding job of making their extensive on
line services accessible. Every few months I go poke around on their web
pages and I'm always gratified to see more and more services being made
available accessibly. This is making B of A very attractive to potential
customers nationwide. It would be a shame to exclude some of them for
bogus reasons.

Anything you can do would be much appreciated.

-- 
	
Janina Sajka
Email: janina at rednote.net		
Phone: +1 (202) 408-8175

Director, Technology Research and Development
American Foundation for the Blind (AFB)
http://www.afb.org

Chair, Accessibility Work Group
Free Standards Group
http://a11y.org




More information about the Speakup mailing list