November 4, 2008

Private/confidential e-communication

Filed under: Security — Tags: , — jothmeister @ 12:24 pm

 

When you send a physical letter though the postal service you have an expectation and a guarantee of privacy for that communication: it is a federal offense to open mail not addressed to you.  From Wikipedia:

The U.S. Postal Inspection Service (USPIS) is one of the oldest law enforcement agencies in the U.S. It was founded by Benjamin Franklin.[12]

The mission of the USPIS is to protect the U.S. Postal Service, its employees and its customers from criminal attack, and protect the nation’s mail system from criminal misuse.

U.S. law provides for the protection of mail. Postal Inspectors enforce over 200 federal laws in investigations of crimes that may adversely affect or fraudulently use the U.S. Mail, the postal system or postal employees. The USPIS is a major federal law enforcement agency.

The physical seal on the envelope is pretty darn good assurance that the letter has not been opened. And the physical nature of the medium makes monitoring all mail a completely unscalable proposition. In the EU, there is a constitutional guarantee of secrecy of correspondence and e-mail is covered from eavesdropping. The guarantee is a lot softer in the US with a requirement for a reasonable expectation of privacy.

 

The Internet is a huge network of computers designed to withstand major disruptions (e.g. nuclear strike) on one portion and still able to function and in fact continue to route traffic around the disruption through a redundant set of routers and switches. The Internet is amazingly open and accessible making all this traffic inherently vulnerable to eavesdropping or worse. The standard still used for email today was established as the SMTP standard in 1980. It was originally designed to exchange messages between the researchers who were by design the original users of the Internet. The standard has not been replaced but simply had add-ons such as MIME for attachments added to it. As a mail message leaves your desktop it probably goes through your company’s server, through the ISP’s servers who serves your company, through some unknown intermediate switches, routers and servers and finally to the ISP and corporate servers of your addressee. That is a lot of servers, switches and routers not to mention connections between them where the message could be read. Many people believe they have some protection called “security through obscurity” whereby there are so many billions of messages going through these servers that the chances someone will pick my little message to focus on must be really low. For anyone who uses Gmail or one of the other free mail offerings that publish ads on your Inbox page, you know better. They have clearly scanned your messages to pick out words and phrases to drive their auto-placement of ads. We are told this is a fully automated process and that no one intervenes, but as we now know, such assurances about the NSA monitoring phone communication only of non-US citizens were not true so it calls the email assurances into equally high questionability.

If you work for a company in the US where we do not have any secrecy of correspondence laws, e-mails sent using company computers are considered the property of the company and they have an explicit right to monitor them and they do. They are looking for proprietary information leaking out of the company. They are looking for employees who are not doing company business on company time. And they are looking for potentially libelous or other types of inappropriate communication (e.g. sexual harassment, pornography) that could put the company at risk.

OK so why don’t we just encrypt all these messages and be done with it? There are actually a number of solutions that have been proposed to encrypt email communication so why don’t we all just do it as a regular course of daily activity?

Let’s just spend a minute talking about how encryption works. I am going to focus on public key cryptography for this discussion but there are other technologies that also can do this; PKI just happens to be the most prevalent form of encryption around. Like everyone else talking about cryptography, let’s use Bob and Alice as the actors. Bob wants to send something secret to Alice and he wants Alice and only Alice to be able to read it. First we need someone we both trust to identify us and to be able to assert we are who we say we are. If we don’t have this Alice could be someone else who just claims to be Alice. So we each have to prove we are who we say we are to a Certificate Authority (CA). We do that to our bank so you know how this goes. We have to tell them some personal secrets that they can validate before they are convinced we are who we say. There are all kinds of levels of authentication starting with “just trust me, I am who I say” all the way up to providing a DNA sample. The problem with “I am who I say” is that that approach has given us literally thousands of people who got certificates that said they were Bill Gates. OK so clearly that is a joke. But its pretty standard now to ask someone some questions only they know and you can check in databases like credit bureaus, drivers license bureau and other sources. So without having to show up at the doorstep we can pretty reliably get authenticated by a CA who will issue us a certificate. 

A certificate has two keys in it: a public key and a private key. These keys are just large numbers that can be plugged into a special mathematical algorithm used to transform (or scramble) some data. They are pretty magic in that if I use one of them to scramble some data, only its mate can unscramble the data. If I scramble with the private key, only the public key can read the original data. Or if I scramble with the public key, its only the private key that can read it. They are named public and private for a good reason: you always keep the private key very close to you and no one ever gets to see it or access it. On the other hand you freely distribute to everyone who needs it your public key. So play this out a little. If Bob grabs Alice’s public key and uses it to scramble (let’s start using the correct term – encrypt) a message, and assuming Alice really does keep her private key to herself, guess what, only Alice can read that message. Very simple, very clean, so what is the big deal?

Three things make this a technology that has never taken off. One is getting everyone who wants to communicate privately to get authenticated and get their certificates with the key pairs in them. If Bob wants to send a private message to Alice and she does not have a key-pair, Bob is stuck. He has no Alice public key to use to encrypt his message to her so if he wants to communicate at all he better just send it in the clear. The “network effect” is strongly at work here too. Bob can be a good guy and go get his certificate but if everyone he ever wants to communicate with has no certificate, Bob might as well give up because he can never encrypt any of his messages. And with none of those people out there having certificates, Bob will also never receive an encrypted message and he got that certificate for naught. Only within very closed environments such as the military and employee-to-employee within the same large company is there enough control such that everyone you communicate with can be counted on to have the certificate needed to participate.

The second reason this has never taken off is that it has never been smoothly integrated into the email / chat / SMS user interfaces. If its not easy to use, people will not be bothered and they will continue to hope that the critical data they are sending is not noticed by anyone out there. Finally, the third reason is that many of the biggest participants in email transport don’t want those messages encrypted. Certainly if you are a Google or a Yahoo! getting ad revenue by placing context-sensitive ads on people’s InBoxes, you will lose revenue if you can’t read the messages to extract the context.

People are increasingly sophisticated about e-communication. They hear the stories about people not getting a job because the new employer looked at the old pictures of them drunk out of their minds at the frat party. They see that the NSA is eavesdropping on US-citizen to US-citizen calling to have intimate comforting calls. And they know that technology exists to make communications secure. If we create a system built in one of these Internet Clouds where people register to get a new email account and when they do, a decent authentication that they are who they say they are is done, then we have a way to make sure everyone who is part of that system has a certificate. Further, as that system grows and grows, the network effect works in everyone’s favor and the people you want to communicate with will also be part of this system and will have a certificate. Finally, since such a system is just being built now the encryption of messages and the privacy of profiles is smoothly and elegantly built into a simple, clean UI from day one.

November 3, 2008

Unified instant messenger

Filed under: Convergence — Tags: , — jothmeister @ 9:59 am

 

We are big fans of unified interfaces to modes of electronic communication. So we applaud companies like Trutap with this little ditty in TechCrunch last week. They recognize that with 67M IM users in North America and a whopping 82M in Europe, instant messaging is still a very important mode of communication. And there are so many different IM protocols: MSN, Yahoo!, AIM, ICQ, GTalk, Jabber, MySpace, LiveJournal IM, Bonjour, Groupwise, IRC, XMPP, Skype and probably a few I missed. Trutapp has created an interface that supports many of these protocols in one UI so you can access your network on each service without switching to a new client. They have a lot of competition including Mig33, Nimbuzz, eBuddy, Palringo, Adium, and others.

Here is my problem with this. IM is a commodity and no one is making money on it. From the user’s perspective, while it is nice to have one UI, this is just a small part of the problem. Frankly, what I really care about is that I want my IM conversations treated just like email and I want a dialog between you and me that started in email and at one point veered off into a quick chat via IM, to be storable and searchable in its entirety. Frankly, what I really want to be able to do is see all communication between you and me no matter what medium of e-communication we used at various times. From the standpoint of archiving, legal discovery and corporate liability, this is a big deal; its not just an issue of convenience to users.

October 30, 2008

This blog

Filed under: Overview — Tags: , , , — jothmeister @ 10:49 am

I am a serial (incorrigible?) entrepreneur who, like you and everybody I know, uses a lot of different modes of electronic communication and am quite frustrated with the current state of affairs. When I personally take into account every different UI I use to send or receive communications here is what I have to include: 4 different email accounts; voice calls on home phone, office phone, mobile phone, and Skype; voice mail messages left for me on home phone, office phone and mobile phone separately; text messages on mobile phone; faxes which require a special client even though they come to my email InBox; IM/chat on Skype, Yahoo!, Gchat, AIM; Inbox messages on Facebook, LinkedIn, Plaxo and Spock; comments I need to read and respond to on 2 different blogs I maintain; blogs I read regularly that I occasionally want to comment on; not to mention multiple calendars and miscellaneous things like To Do lists and on-line note pads. I come to the total count of 29 and the vast majority of them are in different UIs. I try to unify things as much as I can. For example I use Adium to combine three of those Instant Messaging services into one client. You have to agree this is a mess! And with lots more social networks coming into our lives all the time where they try to do everything they can to keep you on their site, this is actually getting worse. And very little has been or is being done about it. So a lack of a unified Inbox is my hot button #1 I will be talking about in this blog.

What about confidentiality? Do all those people using Gmail (and I have to admit this statement applies to me sadly) realize that the philosophy “there are so many billions of email messages going through those servers no one will notice my solitary little message” is just as silly as it sounds? Even I have sent very important and very confidential attachments completely in the open through those servers hoping no one stops to notice.  By the way, this is why to communicate with my doctor she requires me to log in to her site with a password and communicate securely using her server exclusively (oh that makes one more client to add to paragraph 1 above!). Why hasn’t encryption of messages taken off? Long topic we will also discuss here. But this has to apply not just to email but to chats, and most especially to your social networking content as well. So private / confidential communication and very tight control over your profile information is my hot button #2.

Now we get to control over how people communicate with you. Why should the caller decide what modality I must use to receive their communication? We as the callee have only the tinniest of control over this as in when we screen the caller on our phone’s Caller ID display and decide not to answer. But I’d rather have a lot more control than that. So this idea of callee control over communication modality will officially be my hot button #3.

My email system and I am sure yours too, is great about letting me sort my Inbox and other folders by any column heading I wish. So that lets me see all the messages From someone or To someone or by Subject and so forth. Some are pretty good with “threads” of communication and show me all the messages related to a certain subject. But none of the major email clients I know of realizes that when I am communicating it’s usually more important to know who than what (i.e. subject) and I need not just to see the messages from someone to me but I want to see *all* communication I have had with that person at the same time in the same place. I would call that relationship-centric which is what communication is all about isn’t it? When I communicate with someone it’s because I have a relationship of some sort with them. And by the way, what if I have had a good dialog with someone via email and then we have a particularly hot conclusion to this dialog via IM. How easy is it for me to see *all* the communication with that person in one place regardless of the modality we chose for each particular conversation? That goes back to hot button #1. There is a lot more to this idea of relationship-centric which we will get into in this blog over time. But suffice it to say relationship-centric communication is my hot button #4.

I have saved perhaps the most annoying thing for last: the sorry state of social networking today. Sure I was a very early user of LinkedIn back when it started in 2003 because it swept through the high tech professional demographic like a Santa Ana wind when it first came out. About the same time, to keep everyone informed of any changes to my contact info, I like everyone I knew also started using Plaxo (which was never thought of as a social networking site until very recently). During those early years, my kids were in high school and then college. First they were diehard IM users and would be on it for hours per day. They communicated directly with people as you would expect but they used their away messages as a broadcast medium. My son would put little dirty ditties up there and my daughter would say things like “in the shower, leave one”. Once in college they like all their friends just about dropped IM like a hot potato as Facebook came on strong when it was limited to only people with a .edu email address (had to be a college student). Now they were on Facebook constantly. IM worked in high school because they all had the same schedule so when one kid was free to IM they were pretty sure the person they wanted to talk to was too. In college this rule was broken and Facebook was a better medium especially because by now, digital photography had gotten mainstream and sharing photos (especially, it seemed, of them doing drinking stunts) was the thing. When Facebook opened up to the world, I got on to make sure I as someone starting companies for this demographic, knew what it was really like. My kids at first didn’t even want to friend me as I was an unwanted interloper to them. I was not the only unwanted interloper. It is amazing to me how they have turned against Facebook. They say it is getting creepy, too complicated, too chatty, and too commercial. They all know friends who had things up on their site that hurt them while applying for a job. Meanwhile, LinkedIn is a good on-line resume but I do not know any of my peers who have gotten more than that out of it. So what is my point? I think people want both more and less out of social networks. I think they want more value and less noise. They want more control over who sees what. They want more ability to build a powerful resource of contacts because everyone getting into the workforce or moving within the workforce realizes who you know really helps in those transitions. But that is not what these social networks are offering. So my hot button #5 is about how to get social networking back to its core value of helping people network.

Stay tuned and we will get to each of these hot buttons over time. I hope readers find this blog interesting.

« Newer Posts