Fri, 18 Jun 2004

Email Technology Conference - Day 2
posted by Chip Witt

Today's events got off to a good start. Woke up on time, despite being tired, and managed to catch the 6:45AM ferry into SF. Had time to grab a lovely venti soy mocha on my walk to the Palace Hotel, and was able to enjoy a complementary breakfast.

One of the nicest things about most conferences these days (especially ones focused on technology) is that one can stay connected to the Internet via wireless networking throughout the day. The ESSID of the Wi-Fi network is published in the conference collateral, and one seldom has to deal with cumbersome WEP key issues. Set the ESSID for the client, then open a browser to initiate a network connection, and voila. You're in business. Despite this seemingly simple process, things can go wrong...and typically they do. This morning I discovered that someone had re-configured one of the access points being used in one part of the hotel, and the published net required a WEP password (key)...something that was not provided to attendees. Luckily, I was able to use my Kismet software to scan for other networks, and found a suitable replacement for my after-breakfast emailing needs.

I was eager for this morning's keynote presentation, as it was being delivered by one of my favorite icons of Intenet security, Phillip Zimmerman. Mr. Zimmerman is the designer of Pretty Good Privace (PGP), software used to sign and/or encrypt email messages using public key infrastructure (PKI) mechanisms instead of relying on Certificate Authorities like S/MIME. PKI allows for users to build a "web of trust" among those with whom they must communicate securely. Despite my excitement to hear him speak, I found his presentation to be a bit flat, and disorganized.

Several interesting things were shared during the keynote. He first began speaking about the Patriot Act, and some of his insight into goings-on in Washington regarding the upcoming sunset of the "emergency authority" granted to law enforcement agencies in the "War on Terrorism". His account of the situation was that the deep-set affront to individual rights packaged in the act was something that had been on the wish list of law enforcement and law makers for some time, and world events over the last few years gave adequate political cover to move forward. It was also conveyed to us that the Patriot Act, unlike the perceptions most have regarding its singular focus on combating terrorism, is positioned to be used as a means for prosecuting all manner of crimes. In fact, prosecutors were given instruction on how to invoke the provisions of the act to prosecute and/or investigate any crime or suspicion of crime. If true, this is very alarming indeed. Mr. Zimmerman's suggestion was to make sure the voices of the people are heard; that we still expect/demand a sunset...now or within a reasonable, finite time frame. It sounds, from his account, the current administration is under the impression that we are all willing to permanently give up our rights to privacy and due process permanently, despite the "social contract" that granted the rights of the act only so long as they were proven useful for combating the threat of national security...a case the government may be hard-pressed to make in any truly compelling way.

Mr. Zimmerman also presented an overview of the new technology in PGP Universal, a gateway software that handles signing and opportunistic encryption invisibly for users. The need for such software has been evident for some time, as encryption technology and the software that enables it have long been the tools of the digital elite, and well beyond the grasp (from a conceptual as well as functional perspective) of ordinary end-users. Having a policy-based, invisible service handling security for the user makes perfect sense.

The second morning session was quite interesting, as it addressed issues associated with email overload. Not from spam or viruses this time, but from legitimate messages. Statistics shared showed that 25% of the average employee's workday is spent on email. Furthermore, 8% of employees spend 4 hours or more on email each day. These mind-boggling numbers were attributed primarily to inefficiencies in the linear way most email clients file messages, and the inefficiencies in business processes associated with managing these messages in an employee's workflow. One product shared which may address some of these issues was Nelson Email Organizer (NEO). No demo was given, so no practical insight was given into the tool.

Four concepts for re-framing email, and training users to avoid email overload were shared:

• Think about the essence of email
• Communication of any form is first and foremost about establishing and/or maintaining a relationship. It may not be a permanent relationship, but it is a relationship important for performing the tasks at-hand. Email, unlike other forms of communication, relies solely on words (no body language or tones-of-voice to give non-verbal queues regarding context), and must therefore be carefully crafted to convey the correct message.
• Despite the ease-of-use, there are certain things that should never go into emails. Communications which are private (personal in nature), highly confidential (company business, but not for all eyes), or highly emotional should never make their way to the inbox. These types of communication are best left to voice or face-to-face communication
• Clarify the distinction between "urgent" and "important" information
• Urgent: requires immediate action of some sort, regardless of reason
• Important: tasks that are required to meet a particular goal
• Urgent information can be important, but not all important information is urgent. Teaching people to respect these distinctions, and to act appropriately is critical in minimizing the "option paralysis" symptomatic of email overload
• Understand the "Priciple of Completion"
• Checking-off tasks on one's list creates a sense of fulfillment, and thus creates energy
• Email, especially if left to build-up, creates an often overwhelming sense of incompletion...which robs one of energy
• The equivalent of checking-off tasks within the context of email requires one to manage it; replying to others, filing messages, and deleting messages deemed unnecessary. This process requires better tools designed for this purpose.
• There is an unspoken organizational obligation not to waste the time of others
• Top-down writing is critical (i.e. provide the key purpose/point of the message within the first paragraph, and expound from there)
• Use CC: sparingly. The majority of those copied on messages do not require the information, and seldom make use of it.
• Trim the fat. Re-read the message for tone and content prior to sending it to insure it meets its intent.

In a technology demonstration, something popped-out that I have always believed, and try to practice: the evaluation of what email (or any) security policies and technologies should be implemented must be conducted with a close eye towards what the business practices are, what user education can do to address the situation and risks involved, and then what technology frameworks are available to meet the needs of the first two. The order is critical, and very often the mistake of finding the right solution (to the wrong problem) prior to accessing the business and users involved is made.

Some interesting discussion commenced in a break-out session focused on the challenges and opportunites of "email on the go" with the expanding array of mobile devices available. After looking at security, productivity, and employee privacy, the discussion quickly turned to the issues surrounding work/life balance in a world where employees increasingly have the ability to take the office home (or anywhere else). It is imperative that management keep a close eye on these issues, as burn-out, attrition, and lossed productivity can follow a poor work/life balance. It is therefore critical for organizations to develop a communications policy focused on clearly defining how, when, and under what sets of circumstances an employee should be contacted when away from the office. There are benefits on both sides of the equation (employer and employee), but there are also opportunities for abuses.

Mobile trends to keep an eye on are the "office-in-the-pocket" concept being made reality with a growing number of mobile devices, the convergence of voice and data networks enabling increasingly diverse sets of services to be made available to mobile users, and the future of having broadband access anytime, and anywhere via new Wi-Fi enabled mobile devices which act as not only receivers, but as access points to expand the footprint of the network.

The "firecracker" of this two-day conference on email technology was saved for last. The topic was the idea of freedom of speech as it relates to email. Three gems flowed from the debate between industry experts:

• We have been conditioned, due to the vast problems associated with spam and viruses, to be comfortable with the filtering of our personal messages by third parties, some of whom are completely unknown to us. This constitutes an issue of privacy...or rather a voluntary abandonment of the right to privacy to address an issue no one wants to (nor are most equipped to) address themselves.
• Consumers do not have a firm grasp of what happens to their data in transit (filtering, storage, mined for content), and often have negative reactions to the news that their privacy has essentially erroded right from under them.
• Those that use the argument, "Privacy concerns are only valid for those with something to hide. I have nothing to hide." should be probed with the response, "If that's true, take your clothes off". Whether or not you are doing anything inappropriate, there are certain things one shares only with intimate friends and loved ones.

Although I enjoyed the content of the final session, I think it overlooked the concepts of appropriate uses of email outlined in the earlier morning session. Messages of a private, confidential, or emotional nature may not be best suited to email. These are best left to phone or face-to-face communications.

All-in-all, I enjoyed the conference very much. Lots of food-for-thought, and a tremendous opportunity to rub elbows with the elite personalities in the email technology industry. It will be fun to continue to watch what happens from here on in this exciting space.

CW

[/conferences-training] permanent link

• conferences-training
• cool_software
• good_books
• hey_mr_DJ
• laugh_lest_we_cry
• stayin_active
• tech_tips
• the_new_unix
• thinking_outloud
• whatznew