Authentication Redux

The trip to New York for a board meeting last week went smoothly. Traffic was light — even within the city — and I got to the hotel lobby in much better than normal time. The one thing that went less well than it could have the check in process at the Radisson Martinique on Broadway. After a long wait line I was greeted by a person at the desk. Hoteliers actually think that guests want to be greeted by an employee and have them ask how you are today. One would think that they would realize is that the most important thing a guest wants to get to their room. I had a reservation. All the information about me is already in the reservation record and the frequent stayer record. In spite of this the hotel agent had to enter a lot of keystrokes for some reason. The only thing they did not have was authentication. They wanted to make sure I was the person I said I was. I showed them my driver’s license in the flip-up plastic window of my wallet but that was not good enough. The agent had to go to the back office and make a photocopy. No wonder the waiting line is so long.

The solution to speeding up and improving the accuracy of the authentication process is the use of biometrics. The technology has been around for decades. Pick your favorite — hand geometry, fingerprint, iris scan, face scan, or voice print. There are many working solutions available today from many vendors. None are perfect and that is why we don’t see more implementations. Rather than take a leadership approach, many institutions in effect say, "we can’t do *anything* until it is perfect. Some lawyers say that if it hasn’t been to the Supreme Court then don’t use it. The result is that we stand in line waiting for someone to photocopy what might be a stolen driver’s license.

My favorite approach is hand vascular pattern biometric a technology that originated from a conventional vein pattern recognition system. Studies show that 99.98% of the world’s adult population can use it. It is highly secure because there is no back door, such as a key or numeric password. Fingerprint devices suffer from usability because some users have faint fingerprints while iris and retina scan devices may not be appropriate for people with eye diseases. On the other hand, no pun intended, hand vascular patterns are unique to each of us and to each hand. The chance of someone being incorrectly recognized is 0.0001%. Not perfect but that is good enough for me. The best part is that hand vascular scanning does not require physical contact, compared to fingerprint scanners which require users to press a finger onto the scanner in order to capture the print. The idea of wiping your finger over something that millions of other people have wiped their fingers seems inconsistent with what people on cruise ships are told. One other subtly for increased security with hand scanning is that because of the sensor’s capability to sense the user’s temperature, there assurance that the hand is alive. Being able to establish that we are who we say we are could speed the lines at airports, hotels, sporting events, and hospitals.

Other patrickWeb stories related to authentication

Seven Wonders

The Seven Wonders of the World is an expression that is as old as I can remember but it turns out there are actually multiple lists. Recently a non-profit organization called New7Wonders decided the list needed an update and so they set about to seek nominations — almost 200 came in — and then the list was narrowed to the 11 most-voted by the start of 2006. About 100 million votes were cast "by the Internet and cell phone text messages" and the new list was announced shortly after the fourth of July (2007). As you can imagine, there is a lot of controversy surrounding the list.

The most interesting part to me is not the list per se but the process used to "elect" the winners. According to the Associated Press, "Organizers admit there was no foolproof way to prevent people from voting more than once for their favorite". A simple step would have been to not allow more than one vote from the same email address or cell phone. Of course many people have multiple phones and addresses but at least disallowing clear duplicates would be a step in the right direction. The only foolproof way to assure no duplicates would be to have some form of strong authentication. Authentication is the single most important gap in the integrity of the Internet (and mobile text messaging). If I borrow (or steal) your cell phone I can send a message as though I am you. If you put your login and password on a Post-It stuck to your desk and someone visiting your house "borrows" it, then they become you. The bottom line is "Who are you – really?".

There was a cartoon by Peter Steiner in the July 5, 1993 issue of The New Yorker showing a dog at a PC speaking to another dog watching from the floor. The caption was, “On the Internet nobody knows you’re a dog.” Very true and in fact nobody really knows for sure just who you are when you are online. Nor do you know who is at the other end of an IM, text message, or eCommerce transaction. Technology is available to make things different by using "digital IDs". Unfortunately, there has been a prevailing attitude that digital IDs would mean that the “government” would issue an ID that would then enable them to spy on us; read our email, track what we do on the web, or invade our privacy in some way. I have a much more positive view — that digital ID’s are not to be feared but in fact should be embraced. They represent the empowerment that can unleash the full potential of the Internet. They will allow us establish that we are who we say we are and to validate that the web server we are doing business with is really who they say they are. Security, per se, is not the issue. Authentication is.

Today we use the login ID and password as a substitute for authentication. We all use them every day but the problems with them are non-trivial. First is the password sharing problem that enables someone else to be you. Assuming you keep your password to yourself, there is another set of problems. Web sites have different rules for login Ids and passwords. Some require that you use your email ID as your login, some require you to use your social security number, others allow you to pick anything you want as long as it is at least so many characters or in other cases as long as it is no more than so many characters or that it starts with a capital letter or that it have at least two numbers in it, etc. For good reasons they all require that your ID be unique. Sorry, but jjones is already taken. The same thing is the case for the password. Some require at least so many characters, some require that a password must contain at least one numeric character, some require that it be all numeric, and others require that it contain no numeric characters. The variations are vast and the result is that you end up with a lot of different IDs and passwords. I have more than 200. Digital IDs to the Rescue. (read more)

eCommerce Videos

A video of Ira Magaziner’s talk at last week’s eCommerce celebration in Washington can be found here and a video of my wrap-up talk, which I called "The Future of the Internet", is here.

Ten Years of eCommerce

Ken Wasch is a fellow alum (Economics and International Relations) from Lehigh University and a law graduate of SUNY Buffalo in New York. After spending eight years as a senior attorney for the U.S. Department of Energy working on petroleum price regulation, Ken saw the light and established the Software Publishers Association (1984) which is now the Software & Information Industry Association. I have known Ken for more than half of his twenty-two years in the industry, so when he called to ask me to participate in a conference to celebrate an important milestone for eCommerce, it was hard to resist.

A handful of us joined with Tim Berners-Lee to start the World Wide Web Consortium at MIT in December 1994. None of us at the time foresaw today’s level or potential for eCommerce. Most of the focus at that time was on techniques for formatting web pages and on various other content related issues. Jim Clark, founder of Netscape, did see the eCommerce potential and he also realized one of the biggest inhibitors was the U.S. Government regulation of encryption, a key tool for making eCommerce secure. Jim and a handful of us started the Global Internet Project as a public policy group to gain more awareness about encryption and urge governments around the world to loosen the reigns. That effort was successful and use of encryption is no longer an inhibitor. (The inhibitor is insufficient Net Attitude to enable web sites to meet our needs).

There were many other complexities looming under the surface that could have dramatically stalled the growth of eCommerce. Collectively it was a hodgepodge of sticky issues — like non-U.S. countires that objected to the U.S. control over key elements of the Internet infrastructure — but the biggest issue was a lack of vision. There was no consistent framework for eCommerce that could enable businesses to move forward. One of the first of the Fortune 500 to put a stake in the ground was IBM Corporation where Lou Gerstner said in 1997 the web is not for surfing, it is for transactions — later named e-Business. The gamble being taken by IBM and many others was that the Internet would become internationally politicized and potentially regulated to a standstill. Fortunately, there was a person in a high place in the government that would help solve many of the tough issues and enable President Clinton to announce a “Framework for Global Electronic Commerce” in the summer of 1997. It was a huge accomplishment for which we should all be eternally grateful. The person who lead the effort was Ira Magaziner, a top aide at the White House. Ira is best known for his efforts to create a major American healthcare program. His effort got attacked from every political direction and eventually fell. Unlike healthcare, the Internet was not well understood by politicians and they stayed out of the way as Ira raised and solved many of the key issues. He then traveled around the world enlightening key government leaders. The rest is history. At the conference last week Ira modestly said the event was "a good reminder of how far we have come and of how much opportunity still remains". Ken Wasch said “Electronic commerce has provided a significant engine for the growth of the global economy and has sparked the delivery of a multitude of innovative products and services.”

It was my privilege to serve on a panel moderated by Michael Mandel, chief economist of BusinessWeek. The other panelists were Stewart Baker, Assistant Secretary, Department of Homeland Security; Dan Burton, Senior Vice President, at Salesforce.com and former President of the Council on Competitiveness; Jamie Estrada, Assistant Secretary (Acting) at the U.S. Department of Commerce, and Ira Magaziner who is now Chairman of the Clinton Foundation. To set the stage for discussion, Michael announced the results of a poll of thought leaders in the industry in which they voted on the most significant "eCommerce Developments of the Last Decade". The results are so commonplace to all of us that it is hard to believe that they are ten years or so old. No surprise, Google (Sept. 1998) came out on top. Number two was when broadband penetration of US Internet users reached 50% (June 2004). Third was eBay Auctions (Launched Sept. 1997). Fourth was Amazon.com (went public in May 1997). Fifth was Google Ad Words (2000) which enabled key word advertising. Sixth — Open Standards. Seven — WiFi. Eight – User-Generated Content (YouTube 2005). Ninth was iTunes (2001) and last but not least, the BlackBerry (1999). See the SIIA press release for more details on the top ten.

It was my privilege to give the wrap-up talk which I called "The Future of the Internet". I asserted that the Internet has grown to it’s infancy and that we have so far only seen five percent of what the Internet has in store for our business and personal lives. The examples used were things often written about here in patrickWeb. A video of Ira Magaziner’s talk is here and my closing speech is here.

Other patrickWeb stories about Conferences

iPhone – Update No. 4

After a week of using the iPhone, I remain captivated, but less so. As I gain more experience with the elegantly designed jewel, I am more impressed but also begin to see some shortcomings. My primary and secondary email accounts work fine with the iPhone but it requires having two mailboxes instead of consolidating into one like other email clients. When deleting things in a list — such as old emails — you have to do it one at a time. When scrolling through the contact list you can’t key bsm and get Bill Smith. You have to scroll through all the s’s. Synchronizing photos with Adobe Photoshop Elements and grabbing new photos from the iPhone are both mysteries to me at this point. I know they can be done and am confident I will figure it out but these things are not as intuitive as the rest of the iPhone. As for shortcomings generally, I am confident that there will be updates via iTunes that will render the iPhone better and better over the months ahead. Remember, iTunes is on release 7.3. Continuous improvement seems to be a mantra for all things iApple.

The most significant shortcoming of the iPhone is definitely AT&T. My greatest fear came true when I got back to Connecticut after having taken initial delivery of the iPhone in Pennsylvania. There is no usable AT&T signal at my house. If I get in the car and drive a short distance things are fine. It also worked well in Stamford, CT and Washington, DC where I had meetings this week. I am sure it will work fine in all major cities. I do have a landline but at times it is nice to be able to make and receive mobile calls at home. I am no fan of Verizon but they do have better coverage in many areas. Also, when connected to the AT&T network the performance is not good. AT&T claims to be adding towers and fine tuning their network. I hope so.

The good news is the WiFi feature of the iPhone. Whether it is my home wireless or one at a hotel or airport, the iPhone connects very smoothly and remembers how to connect automatically the next time. The use of email, weather and stock updates and of course the web are all automatically handled by WiFi if it is available. JiWire is now listing 150,958 free and paid WiFi hotspots in 136 countries. Stay tuned for an update on other developments in WiFi.

iPhone – continued

A number of people commented about the mini review of the iPhone from yesterday. Early experience from others mostly matches mine but some have pointed out things I missed — both positive and negative. After another day of use I am also learning new things that you can or can’t do. One thing I don’t like is the way SMS works. A list of your prior messages is available but I have not been able to figure out how to send another message to someone in the list without having to key in their name again. With regard to Safari it was pointed out to me that you can zoom the screen. You can either double-tap on the screen or use two fingers to touch and either pinch or reverse- pinch. If you want to see a "pinch" in action take a look here. The zoom is a very nice feature but I still find the browser to be quirky. I suspect it will be compared to the new Opera mini version 4 which is now in beta. All things considered after the first few days, I am still captivated by the iPhone. I am sure many more things will be learned in the days ahead. I especially look forward to seeing some new applications become available. One thing I suspect many people would like to see is a chat client. Meebo works through the browser but it is not really designed for mobile.

iPhone Out of the Bottle

Back in January I said I couldn’t wait to get an iPhone. Of course, I did wait, but not in line. The order was placed online the evening of June 29th and the confirming email said shipping would be within 2-4 weeks. Much to my surprise the iPhone left Shenzhen, China six days later and after Fedex stops in Anchorage, Indianapolis, Allentown, and Pittston the amazing logistics system dropped off the iPhone at the lakehouse the next day, Friday. From late that morning through the afternoon I was captivated.

I don’t claim to a product reviewer but this posting will be my attempt to share reactions and opinions about the iPhone. The bottom line is a big "thumbs up" — my expectations have been exceeded, especially with regard to the sleek look and feel and the ease of entering text on the flat screen.

The Phone. Activation of cell phones has generally gotten much easier than it used to be but for the iPhone with AT&T it was truly simple. I had already upgraded iTunes to the latest version which supports the iPhone. I placed the iPhone in the cradle and plugged the USB cable into the ThinkPad and followed the directions on the neatly laid out pages in iTunes. Within minutes I had a new mobile phone number and my contacts, emails accounts, and calendar had all been synchronized. My mother received the first call and the quality was crystal clear. One thing I don’t like about the iPhone is the exclusive arrangement with AT&T. The iPhone has a SIM (Subscriber Identify Module) card but you can’t take it out. Customers should have a choice to change from AT&T to T-Mobile or other GSM operators around the world and I hope
Apple decides to open the iPhone to more operators over time. In spite of the AT&T lock-in and their slow network, I am pleasantly surprised by the coverage for both voice and data. (The Palm Treo 700P with Verizon gets no data coverage at places where I spend a lot of time. The phone features are a joy — favorites list, call list, easily searchable contacts, large keypad, and simple voicemail setup and use. The speakerphone is very high quality. I have to say that so far I find it a really great phone and much easier to use than the Palm Treo, which had been my favorite of many phones I have tried over the years. The Palm has deeper functions, like details on each call in the call list showing date and length of call. Nice but can’t say I have used that feature more than once or twice. The iPhone has the things you really need and the functionality is intuitive and easy to use.

WiFi. Over time the best feature of all may be the iPhone WiFi support. I have been writing here for years about the ubiquity of WiFi and it is truly happening — JiWire is now listing 150,195 WiFi hotspots in 135 countries. The iPhone is not the first mobile device to offer WiFi but, once again, the simplicity of the implementation is simple to exploit. I keep my WAP SSID (the wireless access point service set ID)is private by turning off the broadcast "feature", so the signal was not visible. After turning WiFi "on" and entering the SSID and they WEP key, I pressed "Join" and in seconds I was connected. The iPhone automatically switches between the AT&T network and WiFi, if a signal is available. The iPhone remembers the WiFi connections you have made and automatically connects using your authentication data. With more and more WAPs out there WiFi will be used more and more with the obvious benefit of significantly faster speed.

SMS and email. SMS is very easy to use. It is integrated with your contact list. Just browsing through your contacts and a press on the mobile phone number and you are ready to send your text message. A favorites list is maintained for those with whom you message a lot. The email support is so simple that I wasn’t sure it was working. Using the AT&T network or WiFi if available, email from all your accounts are retrieved every fifteen minutes. You can have the latest 25 or up to 200 at your fingertips. Scrolling through them is a breeze and you can set a large font to make them really easy to read. Some people prefer the Blackberry service but I have favored Palm for years — until the iPhone. It is significantly easier to use. One drawback is that Thunderbird is not supported.

Browser. The Safari web browser is probably the weakest feature of the iPhone. The nice part is that if you just turn the iPhone sideways it changes the display to the wider view. Scrolling is a breeze and the .com button speeds up entering URLs. Bookmarks are synchronized through iTunes to the desktop version of Safari. You can choose to sync with Internet Explorer instead — can not imagine why anyone would want to do that — but there is no choice of syncing with Opera or Firefox. I found the adjustment of font size to be erratic — sometimes works and sometimes not — and most of the web sites I have visited on the iPhone are unreadable, including some sites that claim to be "m dot" mobile web sites. Maybe I will master how to do this. Safari, at this stage, is not nearly as good as Opera on mobile or desktop nor Firefox on the desktop. On the many mobile phones where it is available the Opera mobile browser is far better than Safari and Opera Mini works well on nearly any phone — and "mini" does not require a $500 high-end phone. Most people don’t spend a lot of time surfing the web with their phone but that is changing. When it comes to web browsing, the iPhone is a great step but it has a lot of catching up to do.

Entering text. A lot of the pre-launch speculation suggested that entering text without a keyboard would be very difficult. I have not found that to be the case. To the contrary, once you get the hang of it, it becomes quite easy. There are a lot of smarts built in that guess at what you trying to enter and if it gets it right you just tap the space bar and continue on. There are a number of shortcuts that speed things along. A picture is worth a thousand words so if you have doubts watch the video.

Video and Maps. Speaking of video, the iPhone has YouTube built in and if you are in range of a WiFi signal then watching movie clips (in the widescreen mode) is enjoyable. Google maps is also built in and just tapping the screen zooms in to what you want.

Photos. Most mobile phones can take pictures and display albums but, once again, the iPhone has made it really simple. Scrolling through your pictures with your finger is fun and turning the phone sideways gives you the widescreen view. Maybe the novelty will wear off but I am quite impressed. The camera doesn’t have any options, like zooming, that I have found. Push one button to take a picture and one to see the pictures you have already taken. An animated shutter opens and closes. The pictures are 1,200 x 1,600. There is no flash, so low light situations will not produce good photos.

iPod. In some ways the iPod feature of the iPhone is better than the iPod itself. You can sync selected playlists and listen to music while you are surfing or checking email. The built in speaker phone is better than expected fidelity. It is amazing how people are complaining that the storage is "only" 8 gigabytes. Obviously the capacity will grow to 16, 32 and at some point a terabyte. I started out with 1,200 songs, a hundred pictures, 1,500 contacts, my calendar and email. 1,200 songs is plenty enough for me when I am mobile. I may end up reducing the number of songs and add more pictures. At home or traveling with the ThinkPad I can listen to the full library and albums. The limited storage and no removable storage card will be an issue for some but not for most.

Stocks and weather. In partnership with Yahoo! there are built-in stock and weather applications. You can easily add as many stocks and locations as you want and then scroll through them with a glide of your finger. You can select the time period for graphs of stock prices. If you click for more weather or stock information the browser opens and takes you directly to the right page at Yahoo! Stocks and weather are available on many mobile phones but the integration and simplicity on the iPhone is impressive.

Security. Even with "just" 8 gigabytes of information, there is always the worry of losing your mobile phone. The iPhone — as an option — lets you turn on a passcode feature and after a minute of idle time goes by you have to enter the 4 digit code to unlock the phone.

Applications. The strength of the Palm has always been the availability of a very large number of applications. the iPhone, at this stage, only has the ones that most people need, but it is clear that there will be many. By supporting mobile web standards in the desktop version of Safari, developers will be able to create applications which look and behave just like the applications built into the iPhone, and which can seamlessly access iPhone’s services, including making a phone call, sending an email and displaying a location in Google Maps. I would prefer a more open approach but it is clear that Apple and AT&T only want extend capabilities that they feel will not compromise reliability or security. The good news is that the iPhone is a wake-up call for mobile device makers and network operators. Hopefully they will respond and increase competition. I expect that within six months there will be a lot of new iPhone applications to choose from.

Synchronization. The word may be hackneyed but on the iPhone it is truly seamless. You get home or to the hotel and connect your iPhone to the ThinkPad, iTunes automatically starts if it isn’t running and all your music, contacts, calendar, and photos are synchronized.

Settings. One feature I really like is that all the settings, options and preferences are in one place — just tap the "Settings" button. On the Palm 700W with I found the complexity overwhelming at times and Windows Mobile unusable. Too many settings, options and preferences scattered across the various applications. The Palm OS is better but has the same basic problem. The iPhone has an operating system too, but it is transparent. Most people will not know or care about it because they don’t have to. I have yet to "reboot" the iPhone. If things get really gummed up you can restore the phone to factory settings through iTunes and then re-sync your data.

Overall. Looks like Apple has hit a home run with the iPhone and raised the competitive bar quite a bit. In some ways there is nothing revolutionary — except when it comes to holding it and using it. It is much more slender than I expected and it is a joy to use. While Microsoft is trying to take Windows to the mobile phone, Apple is trying to hide complexity and make the device simple and fun to use. After two days of use I am sold. Maybe I will get disappointed as I use it more. At this point I would say that within a week I will have a Palm Treo and an iPod for sale on eBay.

January patrickWeb story about the iPhone

The Riches of Kipp Island

When I wrote about the global sport of geocaching in July 2005, there were 181,216 active geocaches in 215 countries and in the prior 7 days there had been been 138,512 new log entries written at geocaching.com by 24,318 participants. As of today there are 423,816 active caches worldwide. In the last 7 days, there have been 325,387 new logs written by 45,911 account holders. In other words geocaching has doubled in the past two years. I suspect it will double again in the next two years. Although my own enthusiasm has not diminished, I haven’t had nearly as many "finds" due to the extensive travel schedule so far this year. (I did manage to find one in St. Petersburg, Russia).

Today was a perfect day to add geocache #76 to my record, so I set out for Kipp Island in the morning before the Lake got busy. There are too many rocks close to shore to go there by boat unless you want to anchor and swim ashore. Instead I went on the jetski. The island is located in Pike County Pennsylvania and is one of four islands on Lake Wallenpaupack. It is roughly 1,000 feet long and a width less than 100 feet at the widest part. In spite of the small size, the Tupperware cache was well hidden and the GPS signal wavered due to the dense trees and other vegetation. The huge number of bugs did not help either. Five of us searched for more than a half hour last summer and could not find it, so it felt very good to have a fairly quick (and lucky) find. After signing the logbook and entering TNLN (took nothing left nothing) at geocaching.com it was off for a ride. Tomorrow is supposed to be 90 degrees so it will be a good day to stay inside and write about my early experience with the new iPhone.

Other patrickWeb stories about geocaching

Book Update: 2Q2007

So many great books, so little time! I read a number of blogs to gain information like most of us, but there is no substitute yet for enjoying a hard-cover book. Every once in a while I post a list of books I have been reading. They all have reviews at Amazon that are much better than I could write. So, here is the list of what I have been reading lately.

The End of Oil: On the Edge of a Perilous New World by Paul Roberts. This interesting book contains a history of how America has interacted with oil producing countries over the years and what the various motivations have been. It also makes surprising forecasts about the supply of oil and of the alternatives. It is not a novel to put it mildly — maybe more like a text book but very informative. Glad I read it.

The Atomic Bazaar: The Rise of the Nuclear Poor by William Langewiesche. This one could keep one awake at night. It describes what is required to build an atom bomb and where it can be found.

The Language of God: A Scientist Presents Evidence for Belief by Francis S. Collins. This is a really good book. Collins is a pioneering medical geneticist who once headed the Human Genome Project. Whether you are a believer, an agnostic, or an atheist, there is something in this book for everyone.

A Thousand Splendid Suns by Khaled Hosseini. This one was every bit as good as his first book, The Kite Runner. Like his first book, it is based on life in Afghanistan. Life for many women in this country is incredibly difficult and keeps you on edge reading about it. The author grew up in Kabul. His writing style is different and a great pleasure to read.

As the summer unfolds I plan to read The Good Guy by Dean Koontz. He keeps cranking out great novels.

Other stories from the "favorites" category of patrickWeb