I forward this for your edification, and would add that many organizations
are using similar inaccessible techniques for employees to log onto their
intranets..
Peter
> Greetings:
>
> One of the issues discussed at the 2003 meeting of
the NFB in
Computer
> Science was the growing use of verification schemes
that require you
to
> enter a string of text that must match text
displayed graphically on
the
> screen. The theory behind such verification schemes
is that a human
is
> smart enough to extract the text from the graphic
and enter it into
an
> edit
> box while software is not. The unfortunate result
for the blind is
that
> since our screen readers aren't smart enough to
extract the text
either,
> we
> are blocked from any service that is secured in this
way.
>
> We see implementations of this scheme in Yahoo!,
PayPal, and America
> Online,
> and while we might complain vociferously about the
barriers they
present
> to
> the blind, the fact is that in all of these
instances, two important
> things
> should be kept in mind. First, the verification
scheme is used only
> once--at the point where a person is signing up for
a particular
> service.
> Secondly, all of these companies have in place
procedures to deal
with
> our
> inability to use the verification scheme; and while
these procedures
are
> less than satisfactory, at least an attempt was made
to deal with the
> problem.
>
> Now consider Network Solutions
(www.networksolutions.com) and its
> "WHOIS"
> service. The "WHOIS" service allows you to obtain
information about
> domains
> such as nfb.org, npr.org, microsoft.com, etc. This
service is
supposed
> to
> be available freely to everyone. But today, it is
not available to
the
> blind. Each and every time you inquire about a
specific domain using
> the
> "WHOIS" service, you are required to enter a string
of text that must
> match
> text contained in a graphic shown on the screen.
This is not a
one-time
> inconvenience. Oh no. This is a real show stopper
for the blind!
>
> Now, I hear some of you saying "Who cares about
accessing information
> about
> domain names?"
>
> This is a very good question. The fact is that what
Network
Solutions
> is
> doing is but the beginning of what could turn out to
be a very
serious
> problem for us. If security administrators get the
notion that this
> graphical verification scheme actually works, they
are more than
likely
> to
> implement this for all sign in procedures, and what
that means is
that
> we,
> the blind, will not be able to sign in anywhere this
approach is
used.
> Forget about putting alt-text on all graphics or any
other
accessibility
> requirements for the Web. If we can't sign in, it
doesn't really
matter
> how
> accessible a particular site may be. If we can't
sign in, we can't
> access
> anything.
>
> On behalf of the NFB in Computer Science, I have
prepared and mailed
a
> letter to the President and Chief Executive Officer
of Network
> Solutions,
> one W. G. (Champion) Mitchell. I did this after
spending more than a
> month
> trying to find the right person at Network Solutions
to help us with
> this
> problem. While I doubt that Mr. Mitchell will
personally read my
> letter,
> the fact that I have written it and will now
distribute it widely
> throughout
> the land is itself of significance. Should you feel
so inclined, you
> can
> help by distributing this article and the
accompanying letter to
> whomever
> you deem appropriate.
>
> Here is the letter.
>
> --------------------
>
> August 10, 2003
>
> Mr. W. G. Champion Mitchell
> President and CEO
> Network Solutions, Inc.
> 487 East Middlefield Road
> Mountain View, California 94043
>
> Dear Mr. Mitchell:
>
> The purpose of this letter is to alert you to the
existence of a
problem
> of accessibility for blind people who wish to use
the "WHOIS" service
> provided by Network Solutions through its Web site,
www.networksolutions.com. I also
> must inform you that my repeated efforts to make
contact with someone
at
> Network Solutions who could discuss this problem
with me in a
meaningful
> way have not been successful.
>
> The "WHOIS" service includes a security measure
which requires a user
to
> enter a string of characters that must match a
string of characters
> displayed in a picture of text on the screen. The
theory is that
> automated software is not smart enough to convert a
picture of text
into the character
> string that must be entered and then verified by
your system. While
this
> approach may block access by automated tools, it
also prevents blind
people
> from using the "WHOIS" service with screen access
technology.
>
> Screen access technology for the blind converts
information displayed
on the
> computer screen into speech or Braille, thus making
it possible for a
blind
> person to operate many of the same computer programs
as our sighted
> colleagues, friends, and neighbors. In order to do
this, it must be
> able to read the ASCII text which is the basis of
that information.
Screen access
> technology cannot extract any information from a
picture of text.
>
> The graphical text verification approach is not
unique to Network
> Solutions. I am aware that PayPal, America Online,
and Yahoo! are
using this technique
> to verify that a human being--not a smart computer
program--is
signing up
> for a specific service. However, the graphical text
verification has
to be
> done only once--when the user is signing up for a
service--not each
and
> every time a person wants to use the service.
Moreover, all three
> companies have implemented solutions which, while
not completely
satisfactory,
> attempt to address the nonvisual access problem.
PayPal asks the
user to play a
> sound file which speaks the characters that must be
entered, Yahoo!
asks
> for a telephone number so that the user can be
contacted by a
Customer
> Service representative, and America Online provides
a toll-free
number which the
> blind user can call to complete the transaction.
Network Solutions
> stands out in our experience as the very first
company to force us to
use the
> graphical text verification approach each and every
time we want to
use
> a service--"WHOIS" in this case. The harm that is
being done to the
blind
> community by your implementation of this approach is
both insidious
and
> pervasive!
>
> The irony is that before Network Solutions
implemented this security
> measure, blind people had full access to all of the
services on your
> site. There were those who said that the Network
Solutions Website
represented
> a model of accessibility to the blind. Today, this
is no longer
true.
>
> Since early July, I have tried repeatedly to bring
this problem to
the
> attention of appropriate personnel at Network
Solutions. I started
by
> sending an e-mail to Network Solutions Customer
Service. I was told
> that my problem could not be resolved via e-mail,
and I was asked to
call your
> toll-free number. When I expressed some frustration
about this, I
was
> finally given your name and mailing address--but
only after I
> specifically asked for this information.
Subsequently, I contacted
your corporate
> headquarters by telephone--simply to obtain your
title and the
correct
> spelling of your name. Believe it or not, I was
told that I could
not
> be given this information. However, I was assured
that the matter
would be
> referred to your Executive Support organization. On
July 14, a
> gentleman identifying himself as Erik Bishop called
me and asked me
to send him
> e-mail describing the problem. I tried repeatedly
to send the e-mail
to the
> address he gave me ([log in to unmask]),
but in every
> instance, the message bounced. Finally, on July 21,
after I informed
Mr. Bishop
> by telephone voice mail that my e-mails were not
reaching him, he
gave me
> (via voice mail) the e-mail address of his
supervisor, Michael
Donohue. My
> e-mails to Mr. Donohue did not bounce, and so I
assumed that he
received
> my message. Between July 21 and August 8, I tried a
number of times
to
> reach Mr. Bishop by telephone. A recorded message
was the only
response I
> received. Finally, On August 8, I received this
message from Michael
> Donohue:
>
> Mr. Chong, Mr. Bishop is no longer with the company.
Your issue has
been escalated
> to our upper Management and they are reviewing your
concerns. With a
> change that you are requesting it may take several
months for
everything to be
> reviewed and an approval can be made.
>
> The issue will be reviewed and thank you for your
patience.
>
> Regards,
>
> Michael Donohue
> Network Solutions
>
> This e-mail is noteworthy for its lack of detail and
its transparent
> attempt to delay my efforts at a speedy resolution
to the problem. I
do not
> regard it as being at all responsive.
>
> We in the National Federation of the Blind in
Computer Science are
> determined to work with the appropriate people who
can help us to
> develop and implement a solution that will provide
full nonvisual
access to all
> services offered by Network Solutions via the Web.
We are not
willing
> to be thwarted by a security measure that makes no
allowance for full
> inclusion. Must the blind engage in confrontation
and even
litigation? I for one
> hope not. A solution can be developed which will
satisfy everyone
> concerned--but only if we work together!
>
> Thank you kindly for your time and attention to this
matter.
>
> Yours sincerely,
>
> Curtis Chong, President
> NATIONAL FEDERATION OF THE BLIND in Computer Science
>
> -------------------
>
> As I say, the letter has gone out in the mail. What
will happen next
is
> anybody's guess. I do know that I intend to
continue pressing on
this
> issue until something happens.
>
> Yours sincerely,
>
> Curtis Chong, President
> NATIONAL FEDERATION OF THE BLIND in Computer Science
>
>
>
> Dr. Ronald E. Milliman
> Professor of Marketing
> Department of Economics & Marketing
> Western Kentucky University
> Bowling Green, Kentucky 42101
> Outstanding Teaching Award -- 2002/2003
> ---
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|