Copyright 2001 John Zipperer.
Learning to Live with Insecurity
By John Zipperer
(3/29/01) Sometimes the choices we face are not very appetizing, and this is definitely so with security issues. Ongoing threats, as well as new threats resulting from recent developments in the structure of electronic business, are making it an ongoing struggle. And with that struggle will develop a mindset in which we, in essence, learn to accept a degree of failure regarding our most important assets.
Last Friday, there were two news items that served as timely reminders of the imperfection of the grand new security world. The first article reported on claims by two Czech cryptologists of a flaw in PGP -- Pretty Good Privacy, a program for sending encrypted e-mail -- that could let someone fake "digital signatures" used by senders of the encrypted communications. Defenders of PGP downplayed the potential problem. The second item concerned Microsoft's warning that someone had tricked VeriSign's automated digital signature system, in the process receiving certificates in Microsoft's name.
And those are the nongovernmental threats. Let's not forget the controversy in Germany over its military's use of software products that some critics claim have a built-in back door for the U.S. government to use for snooping. Oh, yeah, and there's always the Echelon electronic spying program used by the United States and the United Kingdom to keep French and German companies on edge about the privacy of their electronic communications.
So what's a sensible company to do? "It's not just buying the firewall and plugging it in," said Peter Horst, senior vice president and chief marketing officer at TruSecure. "It's not a single point in time; it's a continuous process." Of course, Horst has a reason for saying that; his company provides comprehensive security assessment and certification and ongoing monitoring for companies. But even taking that self-interest into consideration, he's correct.
His colleague, Kristin Gallina Lovejoy, a TruSecure product manager, told me about meeting with companies that kept important information on a server under someone's desk or in an un-air conditioned closet. Luckily, Lovejoy and Horst believe attitudes are changing at companies, as people begin to realize the importance of security and the need to have continuous monitoring of it. I believe that will only snowball, as the latest catchphrase -- business webs -- creates even more linkages between companies and their partners and temporary alliances and, heavens, just about anybody else with whom they need to interact electronically.
But what does that mean when talking about our critical business information? Because even if only one out of every 900 million people can steal the info, that still requires us to assume that the info can and will be stolen or compromised at some point. We know things are not 100 percent safe even locked away in a company's IT room. Through the wonder of disgruntled employees, sneakernet, break-ins, and the odd acts of nature such as earthquakes and tsunamis, data gets copied or stolen or lost. And you would be naive to count on 100 percent accuracy in your monitoring and remediation program, as well.
I don't believe 100 percent security is possible. Though it looks like your company can cover itself as well as possible with a comprehensive monitoring and action program, any scientist will tell you that you can't reach 100 percent perfection.
Your choices are either to protect yourself as well as possible and live with insecurity -- knowing that at one point or another it will be compromised -- or change the very kind or amount of data you keep in the first place. The second option is simply not practical for the vast majority of businesses, which leaves us with the first option. And we don't like to admit that we are simply accepting a certain level of failure in security, but with 100 percent an impossible goal, there you are.
So what exactly do people think when they hear claims about privacy and security? If you are responsible for your company's database -- in other words, your company's business -- just how likely are you to trust that to someone else? I'm curious; let me know.
(Internet Whirl appears in this newsletter every Thursday. It is written by John Zipperer, associate managing editor of Internet World magazine. E-mail: firstname.lastname@example.org .)
Alphaville Calls Some Music Industry Bluffs
By John Zipperer
(3/22/01) Just what do the record companies exist to do these days? Their dark deal with artists used to be career development in exchange for an unhealthy portion of profits. Their dark deal with consumers was high prices in return for making the music available. Now, they're not absolutely necessary for either duty, but they're managing to make artists and consumers live in fear of the record companies' demise.
Their No. 1 target at the moment is the threat to their wallets posed by Napster. Now, Napster as a commercial entity is debatable, but Freenet, JackalopeAudio.com, and other peer-to-peer efforts demonstrate that the issue won't go away. Whether the P2P efforts are legal or not, the Recording Industry Association of America doesn't speak for all musicians -- and may not speak for many musicians who still consider themselves artists.
USA Networks chairman and CEO Barry Diller, a veteran of the media convergence wars, doesn't think Napster has a future. "You can't have a system that says that the copyright owner doesn't get paid," Diller said at Internet World Spring 2001. "All the people who say people will make music in their garages and distribute it -- hogwash. Artists more than anyone respect the abilities of record companies in terms of career development."
Marian Gold, lead singer of the German music group Alphaville, thinks that type of thinking is hogwash. "I think no artist would ever lose money on Napster," said Gold in a recent interview in Berlin. And though he compliments Metallica on its music, he's derisive about its anti-Napster stance. "They behave like record companies."
Our gazes have been so intently focused on the media giants fighting over parts of the Net that we sometimes miss the fact that some artists are using it to create new ties to (and even collaboration with) their fans, to sell music, and to attract new fans while retaining existing ones.
Gold's group is a great case in point. Many members of generations X and Y remember Alphaville from its mid-80s' hits "Big in Japan" and "Forever Young." In the mid-90s, many of those same fans rediscovered the group when they came across its Web site, finding that, yes, Alphaville still existed and was putting out lots of new music. So much of it, in fact, that in the latter part of the decade it released an 8-CD boxed set that included 125 demos, b-sides, and new versions. Though Alphaville lead singer Marian Gold says people told him, "You can't release demos of songs you haven't released, it's uncommercial," the Dreamscapes set did well enough that he's taking the project one step further. Every month, the group posts on its Web site an MP3 file of a new demo; many of those songs will then make it into Dreamscapes 9, to be released sometime next year.
"Sometimes demos turn out to be very important," said Gold. "The fun for me is to produce these and get the immediate reaction." It's also an extended way of promoting the eventual album, and, as with other types of free MP3 file sharing, Gold doesn't see it as a threat to his sales but as a way of getting people interested in the group's music and official releases. That's not surprising, given Gold's longtime involvement with computers (he learned to play music using computers, he still writes his music on a computer and electronic piano, and he expressed the desire to write the music for a computer game like Myst in the future). Now, the group has incorporated Net communication into its creative process. "This is an absolutely fantastic experience, and the fans have a chance to be part of the process," he said. So much a part that the lyrics of one of its recent demo songs, "Those Wonderful Things," came from the text of fans' e-mail messages.
The group's Web site originated in 1996 with Webmaster Tobias Prohl, whose day job is art director at marchFirst in Hamburg. Though Alphaville's members play an active part in the overall direction -- providing songs for the site and receiving and occasionally contributing to the Alphaville mailing list -- it is Prohl who regularly concocts new designs and features. The latest is a downloadable Web sub-site -- complete with song excerpts -- that fans can place on their own Web sites. "The site is kind of an ongoing experiment, a kind of playground for us and for the fans," said Prohl.
It's also become something of a launchpad. In addition to a solo career (band mate Bernhard Lloyd also has done outside recording with a group called Atlantic Popes), Gold has joined some friends for a group called Sputnik Roadhouse. That group originally formed for a one-song appearance in a film, but after Prohl built a page dedicated to it and added it to the Alphaville site, there were enough fan inquiries that there will be an actual Sputnik Roadhouse CD release of original music.
Conventional wisdom assumes that being a truly independent artist is an unattainable ideal. But as with most things in life, people are more convinced by claims that something is impossible than by any proof that it is so. "I never cared very much for what other people want me to do. I started in 1984 with the dream of being independent," Gold recalled, remembering his band's struggles with record labels and building a recording studio of his own ("It took us three years to learn how to use it"). "But now with the Internet, we are really independent."
(Internet Whirl is a weekly column written by John Zipperer, associate managing editor of Internet World magazine. It appears in this newsletter every Thursday. E-mail: email@example.com .)
The Gildered Age
George Gilder foresees a future that history says is unlikely
By John Zipperer
In this economic boom, globalism has evolved from science fiction to a cliché; nations—particularly the U.S., but others as well—have lowered taxes and deregulated industries; labor unions have continued to fade; capital and jobs flow across borders at unprecedented rates. Many businesses are expecting this trend to continue indefinitely.
Perhaps the best-known prophet of the laws underlying this economy is Telecosm author George Gilder, whose extensive writings delineate his vision of cheap bandwidth, entrepreneurial freedom, and an occasional dose of spiritualism. Gilder’s not alone, and these prophets target companies that don’t change quickly and ruthlessly enough and governments that try to regulate parts of the Net. In opposition comes Thomas Frank, author of One Market Under God, a jeremiad against such new-economy market theories. Frank writes powerfully and occasionally hyperbolically, and though it would be tempting for some in the Net world to dismiss him as an old-style antibusiness type who “doesn’t get it,” he has enough history and human nature on his side that he deserves a hearing.
Frank’s none too thrilled with Gilder, whose name pops up frequently in his book and in a recent phone interview. One of his problems with Gilder is the way his theories have entered the zeitgeist through advertising and public relations. “The language of someone like Gilder or Wired’s Kevin Kelly gets amplified and magnified and comes out the other end,” says Frank.
One related assumption of the new-economy theorists—that globalization will wipe away national boundaries—is giving way to a realization that those boundaries sometimes are there for good reasons. For example, the French court case against Yahoo spurred a great deal of tsk-tsking from Netizens disappointed in what they see as France’s inability to understand the free movement of information and commerce. Frank, who calls himself “very civil libertarian” on most cases, points out that what is at stake for the French is something more important than Yahoo’s bottom line. “France isn’t a backward state,” he says. “What did they ban? Nazi material?” We are, after all, talking about a country that was invaded, divided, and ruthlessly occupied by the Nazis during World War II.
Add to that the 200-year-old democratic tradition of the French Revolution. This isn’t to say everyone doing e-business should study University of Chicago historian Francois Furet’s studies of the period, but there are significant, long-standing, and logical reasons why governments and individuals and even many businesses will not surrender to new-economy “inevitability.” Companies that understand those reasons and avoid letting the prophets set the tone for their business are going to be in better long-term positions than others.
There is overregulation and insufficient regulation—either can hurt businesses and consumers. Some laws will be passed to facilitate e-commerce, others to rein in its excesses. Like them or hate them, laws and regulations have not been consigned to the historical past. Pretending they have been will amount to ignoring reality. That won’t make your investors, shareholders, customers, or employees happy.
(3/15/01) In the version of Temptation Island inhabited by the Internet marketing industry, there's just so much private consumer information and tracking data hanging around like ripe shiny apples that e-businesses can't help taking them and trading them. But as with another famous temptation, these companies risk being kicked out of their garden paradise if they don't face the fact that they really have no right to that fruit.
An executive from Adflight, speaking at Internet World Spring 2001, in Los Angeles, described the good ol' days of the Internet as an episode of Fantasy Island; today, it is more like Survivor. That theme was picked up by J.G. Sandom, president and CEO of marketing services firm RappDigital, who noted that there are a lot of benefits to be derived from one-to-one and other forms of carefully targeted marketing, and, in these Survivor-like times, that kind of customer knowledge is even more important than it was when companies tried for general brand-awareness campaigns.
So as the market continues to be rough going for Internet businesses, they are being directed ever more to mine the data they have on consumers. That leads to conflicting predictions of the world that could result from such a mining of information about where consumers go, what they buy, what they use, what they see. In the negative version, private data will be traded like baseball cards, without consumers' consent or without their informed consent (in which they actually know what's at stake). In the positive version, we'll get things like refrigerators that check our cholesterol for us and respond accordingly with suggested foods.
That sounds like hell on earth to privacy advocates -- partly because there's no good reason to trust companies to handle such tracking and data-collation matters. New York Times columnist William Safire, who's not exactly a left-wing, anti-business type, has gone what can politely be called ballistic on the issue of information privacy. In his column earlier this week, he blasted such "solutions" as opt-out (calling it a fraud and a sham) and supported legislative attempts to require opt-in. "It is up to me to decide whether to consent to trading that information of value to you in return for whatever benefit you have to offer me," Safire wrote.
He's correct. Far too often, the privacy issue gets described purely from the point of view of the information company that already has collected the data on its site visitors or customers -- as a public service, practically -- and then treats consumer complaints as pesky intrusions into the business world. Yet, as Safire rightly points out, those companies know full well that most people aren't aware of the extent to which they are in danger of having their personal information used in ways that harm them, and therefore they fail to protect themselves.
In a development as predictable as strip mall construction in L.A., a group of big-name Internet businesses have banded together to try to defeat whatever weak consumer protection legislation the United States might try to enact. Microsoft, AOL Time Warner, IBM, AT, BellSouth, and Sun Microsystems are all members of something calling itself the Online Privacy Alliance (proving that people do still read George Orwell), which is aiming to scare consumers and legislators away from consumer-protection legislation.
The Wall Street Journal reported that the companies are touting studies claiming that putting boundaries on the ability of companies to trade, share, or sell consumer info without consumers' permission "would cost 90 of the largest financial institutions $17 billion a year of added expenses, and would result in a $1 billion 'information tax' on consumers through costs tacked onto products from catalogs and Internet retailers." It's a bald attempt at scaring people into doing the absurd. Do you flinch at the cost of locks on your new home or car? Do you throw up your hands in resignation at restrictions on who can access your ATM PIN number?
It gets even more absurd: The Journal quotes Indiana University's Fred H. Cate as claiming the financial cost of privacy protections on the U.S. economy would be "in the trillions."
The issue for these companies is not their desire to save consumers money. They pass along their costs to consumers anyway. The real goal of these companies is to ensure themselves the future revenue streams of selling info that belongs to them only by right of their having taken it from consumers (not having bought it or been given it). I'm not tempted by their arguments.
(3/1/01) There is no Holy Grail in e-mail schemes, because not everyone wants the same thing. But in certain parts of the e-mail world, there are some pretty straightforward problems that would welcome a Holy Grail solution. Silverpop, formerly known as Avienda, is pitching its hosted e-mail solution to the rich-media crowd, but to me it means something more direct: the ability to fix an e-mail even after it's been sent to the recipient's in-box.
The company calls its development the Dynamic Messaging Transfer Protocol (DMTP), an XML-based protocol for sending e-mail via hosted messaging. If it works as promised, it could save a lot of frustrated recipients from having to download giant files of video or audio clips and help the senders better manage their communication with customers and clients.
On my desk is a rough drawing by Silverpop's chairman and chief marketing officer, Aaron Shapiro, illustrating his company's scheme. In the first part, it shows the pre-Silverpop e-mail setup, in which the sender's e-mail client creates a message and sends it via SMTP (Simple Mail Transfer Protocol) to servers that are accessed by the recipient's client.
Below that diagram is a more complicated one in which the client creates the message in the Silverpop Compose Tool, which uses a template-based system for adding text and rich media, selecting from an available set of background images (or using one of your own) and positioning the elements on the layout. The client then sends it via DMTP to the DMTP server, which sends an instruction set to the mail servers via SMTP (and it is those instruction sets that then get sent to the recipient's client). The DMTP server also sends the actual message with all of its media elements to its hosted message server. When the recipient opens the e-mail, her client's e-mail program uses the instruction set to access the message from the hosted messaging server, which then streams the rich media (and the non-rich media) to the recipient's client.
It went from a straightforward three-box diagram to a five-box diagram, with various arrows and dividing lines drawn throughout. It's definitely more complicated, but it aims to simplify the sending and receiving of these rich-media messages, and if it works, then no one needs to see the boxes and arrows and dividing lines. As the saying goes, you never want to see sausage or legislation being made; the end result should have several benefits.
Those potential benefits are obvious: no long downloads or large attachments -- in fact, no attachments. And because the recipient accesses the media and message on a hosted server, the sender can change that info at any time -- whether to correct mistakes or to have information automatically updated -- and the user will see the new info as if it were what was sent the first time. No need to send (or receive) those annoying e-mails apologizing for sending the incorrect info in the first e-mail. In addition, users accessing their e-mail on handheld devices, which generally have less memory to burn, will particularly appreciate not having to download rich-media files.
That last issue came to mind when I heard Brian Chin, of the Seattle Post-Intelligencer's online division, at the recent Internet World Wireless show tell conference attendees you have to be careful what you send to wireless users because of the limited payload size for wireless downloads. "If you are delivering things over the wireless network, the end user is being metered by the minute or by the byte download." Silverpop could mean that you wouldn't even have to worry about that.
So, if that's true, then we can worry about other issues, such as privacy. With all the attention given lately to e-mail wiretapping, users should spend at least a moment wondering about this system's ability to track recipients' use of the e-mails.
The things for Silverpop to worry about probably revolve mostly around money. Though the company has raised $30 million so far, it has a lot of spending to do -- promoting itself, launching its product (which is available in personal, professional, and enterprise editions), and maintaining a huge network of servers around the globe. According to Jacqui Chew, director of corporate marketing for Silverpop, the network can handle up to 20,000 simultaneous users per second. That doesn't sound like very many when you're talking about commercial messages that may go out to millions of people, but Chew is optimistic. "Since this is e-mail, the odds of our system getting 20,000 requests all at the same second is very low. But if it happens, our system can handle it."
Commentary: Wireless Businesses Walk the Line on Enthusiasm
By John Zipperer
(2/23/01) If an Internet trade show can be both cautious and exuberant at the same time, then the gathering this week in Manhattan of wireless companies is striving pretty hard to meet that description. The attendees showed an energy lacking at other recent Internet events, and the difference may be attributable to the fact that this submarket hasn't been around long enough to have had many failures.
To a point, the Internet World Wireless 2001 show (which is run by Penton Media, the parent company of this newsletter) is reminiscent of the early Internet days. Companies begin their trade floor presentations -- and conference session leaders began their speeches -- with charts showing exponential user growth over the next five years. People stood in the hallways, tersely telling their cell phones, "I'm just trying to hook up with a company to strike a deal." People all around the conference center headed off to the side to share information.
There are arguably fewer companies in this field offering smirk-inducing ideas for products or services, but it may be new enough that there are still enough sensible ideas that can be mined without resorting to wireless dog food purchases. Also, investors may be more cautious after the dot-com drop. Still, there is a growing sense that there are a lot of opportunities for companies to exploit, and a fair amount of work is still to be done before much of it reaches the market.
There's still confusion over exactly what wireless users want. Scott Marquardt, CEO of ActiveSky, a maker of a wireless platform for rich-media delivery, told attendees that issues ranging from revenue models to delivery methods still remain up in the air for his market niche. Maybe companies can relax a bit; Marquardt said, "The anticipation by users that everything is free is changing." So the users themselves have learned something from their experience in the wired Internet; in the end, he suggested that the revenue choice between advertiser-supported and subscription models is likely to be played out differently in the United States than in Europe or Asia.
There's a bit more clarity over what users will put up with on their small-screen devices. Brian Chin, of the online division of the Seattle Post-Intelligencer, gave his own list of guidelines for mobile content: brief info (concise data that is easy to scan through), useful info (though this is in the eye of the beholder); and a site that's easy to use and navigate. None of that sounds terribly controversial, but any attendee of Internet conferences can tell you that participants in this business can tell you wildly different things. If you don't agree with one company's approach, turn around and talk to another with a completely different approach. But there is more unanimity among the wireless companies, and as a result there are fewer companies offering consumer-oriented products and services and a lot of companies offering wireless application development platforms and services for wireless service delivery.
It's a situation that won't last long, as more of the products and services actually get tested in the market and spawn competitors, but it's refreshing while it lasts.