Friday, September 25, 2009

The dangers of 'e'

Have you ever gone out to post two important letters and, just moments after dropping them into the mailbox, wondered if you might have put the wrong letter in the wrong envelope?

Fortunately there's usually no harm done if you've been careless enough to make such a mistake and the unintended recipients will, most of the time, simply return the incorrect contents to you or at least give you a call to let you know of your mistake.

It's far less likely that you've ever accidentally included a full list of all your customers' account details in the invoices you mail out each month. That would be a very difficult mistake to make -- the added bulk of the extra pages and the resultant "fat" envelopes would instantly be reason to investigate and discover your error.

However, in the e-world, such awful mistakes are not so easily spotted and are often far easier to make.

The very power afforded by the internet to attach files and fire mass-mailings off to huge lists of addresses also make it easy to create the most monumental stuff-ups, as a UK ISP found to their embarrasment recently.

Someone at Demon Internet accidentally attached a spreadsheet containing the details of thousands of other customers to the billing emails sent out to a thousand other users.

Included in the spreadsheet was sensitive information such as customers' login names and passwords. What a right-royal stuff-up!

Outside of the obvious stupidity of keeping plaintext passwords on file, it's clear that this is the kind of "human error" that could happen in any workplace; an error that is made all the easier thanks to the point and click ease with which we dispatch our communications in the e-age.

It's not just accidents that can expose sensitive data either.

I've lost track of the number of emails I've received where the sender has opted to include every recipient in the "To" field -- effectively publishing that list to all recipients. Any company that does this may be effectively handing their competitors an extremely valuable list of prospects.

From a management perspective, the e-age brings in a whole new issue of information security that goes beyond firewalls and anti-virus software. It becomes crucial to ensure that all staff have a full and thorough understanding of just how applications such as email work and what risks are involved.

It's easy for someone to claim to be familiar with email on their CV but have they ever used *your* chosen email client to do send messages to multiple recipients using a list of email addresses? If not, you could be in big trouble.

Even something as simple as developing a fool-proof file-naming and filing system for important documents becomes important. Unless files are stored in carefully categorised folders and named clearly and appropriately it becomes all-too-easy for a tired worker to accidentally send out a copy of your cost-prices to a retail customer -- or a customer quote to a potential competitor.

In the 21st century, 'e' stands for 'easy' but that also means its 'e'asier to make really bad mistakes if you take your eye off the ball.

Friday, September 18, 2009

Will Tivo kill the NZ internet?

New Zealand TV viewers and internet users discovered yesterday that when Tivo launches in this country later this year, they may have to change ISPs to get the full benefits.

Although Tivo can be used like a regular PVR, one of its strengths is the fact that it can also download material over the internet.

Instead of being restricted to broadcast content and programming, Tivo users will be able to hook their boxes up to the internet and suck down all manner of additional material -- some free, some "pay per view".

So far so good.

However, in a deal announced yesterday, TVNZ has opted to form an alliance with Telecom for the delivery of this extra content through the internet.

The alliance is critical to the success of this extra feature because, as we all know, our broadband accounts are not "all you can eat".

Many plans are capped, hitting users with fairly stiff "over-cap" charges when they exceed their monthly allocations or forcing them to suffer the indignity of significantly reduced speeds if they're considered to be exceeding a "fair use".

Under the terms of the deal with TVNZ, Telecom will allow customers to download as much content onto their Tivo as they want, without that traffic counting towards their monthly consumption.

This might sound like a great deal for existing Telecom broadband customers, but what about other ISPs? How can they compete?

Well I suspect they can't

Since the vast majority of the broadband infrastructure around NZ is owned and operated by Telecom, only they can afford to deliver masses of extra data without facing massive additional costs. Any other ISP that simply resells Telecom's DSL service will be unable to match Telecom's "all you can eat" service and may lose customers as a result.

Even those ISPs that have their own DSL infrastructure will find the going hard, due to the very limited coverage their own equipment provides.

All is not lost however...

If/when the government rolls out our own Nation-wide Broadband Network, Telecom's strangle-hold on the DSL infrastructure maybe broken (or at least weakened). It's up to politicians whether they roll out a network that is truly free of commercial bias and dominance but they would be foolish not to take this chance to break Telecom's monopoly.

In the meantime, if you want to get the most out of your Tivo, you may find yourself having to change ISPs.

Isn't that anti-competitive?

And we can only wonder what effect all those Tivo users will have on backhaul capacity that is already saturated in some areas. Will Tivo kill the internet for the rest of us as thousands of Kiwi Tivo users become the new data-leaches?

Friday, September 11, 2009

Arguing the case for 666

As technology advances, most of us are faced with a bewildering number of IDs and passwords that must be remembered in order to access such important things as our internet account, our email, our online banking, our VOIP service, our laptops, etc, etc.

Unfortunately, the human brain is not perfect and, especially as we age, it's prone to forgetting some very important things, including passwords.

As a result of the limitations of our memory, many people opt for simple, easy to remember passwords that can often be trivial to crack.

Even worse, some folks simply choose a single password for all their authentication activities. This means that if their password is compromised, it becomes possible for any evil little sod to assume their identity across a wide range of services.

So what is the solution to this problem?

How can we use technology to provide a universal authentication system that can prove a person's identity and thus restrict access only to those who are properly authorised to access a service?

And how could such an authentication system extend beyond the virtual world into the real one?

Already most of us have to carry multiple forms of ID. We have a driver's licence, passport, credit-card, FlyBuys and any number of other authentication documents. Surely it would make sense to do away with all this unnecessary duplication and switch to a universal identifier?

Biometrics are one option but have proven to be less reliable and more easily duped than proponents had hoped, thus compromising their practical application.

So what about an embedded RFID chip?

It works for cats, dogs and palm trees so why not for humans?

Already some nightclubs have experimented with such things, allowing members or VIP patrons to gain free access and have drinks automatically debited to their accounts without the need to present any other form of ID.

If we were all to have an RFID chip embedded in a part of our bodies that was not vulnerable to unauthorised scanning, we could leave all those other documents at home. No longer would you have to worry about being fined for failure to carry your license when stopped at a checkpoint while driving down to the beach for a late-evening swim in mid-summer, wearing just your togs and a towel.

Even better, you could authorise any transaction (online or real-world) by simply placing your hand on an RFID energising pad.

Imagine how much efficiency this would add to such mundane things as buying your groceries. No longer would you need wait for the old lady in front of you who is confused about which way to swipe her card or who can't remember her PIN.

It would also provide the universal identifier and authentication sought-after by governments for the safe use of their e-services.

As people, we already carry the universal marks of vaccinations on our shoulders and have already yielded to the pressure to adopt such Orwellian mechanisms as electronic passports, so why not take the next logical step and go for RFID chip implants?

Would the benefits outweight the concerns?

Would the savings outweight the costs in terms of privacy and human rights?

We have the technology, all we need is the resolve.

Or, would this be seen as validation of the Bible's predictions and considered "the mark of the beast" by too many people?

Friday, September 4, 2009

Google Music? Bigger than Google Books?

What do you think would happen if I decided to make copies of every piece of music ever recorded and place it on the internet for people to sample and download?

Do you think I'd be allowed to do this?

Would authorities just say "that's okay, carry on"?

What would the recording companies have to say about it?

Do you think it would make any difference if I said that I was only going to allow people to listen to about 20 seconds of each track but, if they wanted to buy it I'd sell it to them for a price I felt was fair -- and send 60% of that money to the artists who wrote and performed the track?

Would that be fair or even legal?

Should those artists have to give their permission for me to do this or should I be allowed to do it anyway and only withdraw their music if they filed a law-suit against me?

And what about those artists whose work I'd already put online? should I be allowed to offer them some paltry amount (say $50) to make amends for the infringements to their intellectual property rights so far?

Well I think the answer to the above questions are not hard to work out.

Anyone who tried this would find themselves sued to oblivion and back, penniless and probably facing prison-time.

But, if you replace "music" with "books" and introduce Google as the company copying and offering these copyrighted works online you'd be looking at exactly the situation as it exists with Google Books.

Why should books be treated any different to music?

Why are Google effectively riding rough-shod over the rights of writers, authors and book publishers that they would not dare to do to recording artists and studios?

Take YouTube, another Google property for example...

When Warner Music threatened to sue them for carrying music tracks and videos without expressed permission, YouTube pulled all those videos and is now very active at policing the uploading of new potentially infringing content.

So why are they now saying "we're going to publish everyone's books online", pretty much without regard to the intellectual property-rights of those who wrote them?

Could it be because the recording industry is a lot better organised and has a lot more money in its war-chest than the publishing industry does?

Google have offered to sweeten the pot for writers by acting as a sales portal for their works and, as an author, I think their deal is pretty damned good. However, their "take it or leave it" approach to this does leave a sour taste in the mouth.

And of course Amazon, who possibly have the most to lose if Google starts selling e-versions of popular books, is outraged. They're bouncing off the walls, furious that Google's move may well ankle-tap their own e-Book initiatives in a way no other company ever could.

If Google gets away with this, I'm hoping that it will set a precedent that may tempt them into launching "Google Music" - where recording artists will finally have a useful and profitable way to sell their wares directly to the public in a way that offers great value to everyone.

Will it happen?