Yes we can (improve the security of our e-communications)

Instead of preventing Obama from using e-mail and his Blackberry, we should use this as an opportunity to move the whole country forward in terms of the security of our electronic communications.

You must protect yourself from those evil marketing rays
There’ve been various mutterings about the fact that Obama may have to give us his electronic communications tools like e-mail and his Blackberry due to both security and transparency concerns. However, as Summatus Mentis points out:

You know what this means right? It means that there are 14 year olds that are more connected than our president is currently.

Not to mention 8 and 10 year olds.

Yup, this whole no-e-mail thing seems pretty messed up. You’d think that the full resources of the United States ought to be able to do better than sending the poor fellow into the IT stone age as his reward for being elected to the highest office in the land. What I’d really rather see is some of that “Yes we can” attitude applied to this problem, both because I think it makes sense for the way that Obama works and because it has the potential to improve the security and sensibility of everyone’s IT usage.

At the moment, for example, most people’s use of e-mail is pretty haphazard and insecure. Almost no one is using digital signatures, so forging e-mail is all too easy, which then makes certain kinds of phishing scams far easier to perpetrate. Widespread use of a proper signature system would in fact make large quantities of e-mail spam trivial to identify, as messages that didn’t bear a certified signature could be discarded without further consideration. Similarly, there are quality (if greatly underused) tools that allow us to encrypt important e-mails in such a way that they can’t be (easily) read by anyone other than the intended recipient.

What better opportunity, then, to do better?

A politician (including a President) has many important roles, and one of those is to help inform and educate the public on matters of significance. And this isn’t a matter of elitism, it’s a simple matter of access to resources. There are lots of things that I recognize are probably “important”, but don’t have the time or resources to become expert on. One would presume that if the President labeled something as “important” whole staffs could pop into existence to study the issue, generate summary reports and recommendations, etc.

Here, then, we have a chance for Obama to say that he doesn’t want to lose his electronic tools, and bring the scientific and technological resources to bear to secure and archive those transactions as required by his office. The process itself should be transparent, as the best security is obtained through transparent use of high-quality algorithms and tools, which then means that many of the benefits of this analysis and research can be shared more widely. If, for example, the President started using digital signatures on his public messages, you can bet that all the hip kids (i.e., the people that will be running the world in 10 years) would be installing the software needed to check those signatures at warp factor 9. Then they’d start signing their messages, and the snowball would be off down the mountainside.

These sorts of technologies depend heavily on a perceived use — people aren’t going to adopt X until they perceive that enough other people are using X to make it worth their while. As a small fry, I can adopt all I want and rant ’til I’m blue, but I don’t have the necessary weight to pull much of anyone along with me. Obama, on the other hand, can have a profound influence through fairly simple actions.

This could also open up a wonderful public discussion of security in general, which impacts everything from Facebook to ATM PINs to electronic voting machines, things that are woven deep into the fabric of our social, economic, and political lives. Things that matter, but which we take for granted or ignore.

So now’s the time — likely the best time ever — to move us all forward instead of holding our newly elected President back.

Yes we can.

Related posts

A tale of misery and (file format) woe

Filing cabinet fence
Creative Commons License photo credit: hradcanska
As we were car-less in the UK last year, we would rent wheels at various times when we needed to move all three of us and lots of stuff over what passes for long distances on the small island. Our last rental, for our last week between Spain and our return back to the U.S., was from Enterprise. When we dropped the car off at the airport their desk was closed, so I just plopped the keys in their little return safe.

Today I got an e-mail with the receipt. As an attachment. In “.MDI” format. Whatever the hell that is.

I was pretty sure we were going to find out that this was a M$ format before I’d even bothered looking, as it’s almost always people that have been sucked irretrievably into the M$ vortex that blithely send out files in annoying proprietary formats without considering the possibility that not everyone has sunk loads o’ dosh and a major organ into M$ software. I was right. It turns out that it’s Microsoft Document Imaging format, which apparently scans physical documents and converts them into TIFFs. But instead of then using the open, nigh on universally supported TIFF, they wrap (I’m guessing) that in their own goofy MDI format so people like me can’t open the documents.

Charmed. I’m sure.

Nothing I tried (and I tried quite a lot of things) would open this MDI file up, so I (nicely) wrote back and asked if he could re-send the file in an open format, like plain text or PDF. A model of restraint, I was. Really.

They promptly sent a second message with a new attachment in “.doc”. Good on the promptly. Less winning on the “.doc”, since that’s clearly not an open format. Happily, however, NeoOffice was able to open it up, sparing me a second round of e-mails with this nice person.

And what, after all this fun, did this remarkable M$ Word document contain?

A single, small image.

The image looks like a scan of a small bit of a spreadsheet. A small bit. No names (theirs or ours), dates, or any other standard “invoice” information. Just 10 lines of text, four of which are labels, four of which are actual entries (the rental amount, VAT, etc.), with the rest being sub-totals and totals.

In other words, a ton of machinery to obfuscate a quite small bit of information.

I just hate it when that happens…

Related posts