Modernizing Authentication — What It Takes to Transform Secure Access
You know... Toner on bond paper, resplendent with acres of partners' names in engraved print along the margins? The old-fashioned stuff.
We were a very high-tech firm, actually. Haley, Bader and Potts had been around since the late 1940's, when the patriarch of the firm, Andrew Haley, asked his son-in-law, Mike Bader, to join him in the practice of a relatively new but growing area of specialization: communications law.
Haley had been a true pioneer in the field of radio and satellite communications law. He spent nearly 20 years convincing the Federal Communications Commission to license spectrum for one of the first wireless paging systems. Indeed, a decade after that, an upstart telecommunications company called Microwave Communications Inc. -- the name was later shortened to MCI -- would be born in the firm's main conference room. So you could hardly call that little firm technologically backward.
''Why,'' I asked, ''when email is so convenient, and so many of our clients have Internet access'' The answer was simple: at that point in the late 1990's, email just did not have the kind of reliability that the firm demanded for client communications.
Unfortunately, I couldn't deny it. In 1998, email was still something of a novelty for many companies, and not everyone that had Internet access was doing a very good job of keeping email working. It was a challenge that opened many business opportunities for some of our clients. But until then, our orders were to stick to paper mail for the really important stuff.
But in today's hyper-connected world filled with redundancy upon redundancy, email is vastly more reliable.
Today, a shockingly large amount of email is purposely lost. Some ISPs drop, delete, or delay billions of emails a day on purpose. Most of this is done in the name of security and spam-fighting. For example, many ISPs with dial-up access service will specifically block the ability of those using the dial-up connections from sending mail via any server not owned by that ISP.
The up-shot? If you are trying to send email via your company's mail server, blocking of such outbound mail will end in a failed message bounced back at you. What's worse, in some cases, the message might disappear with nary a trace, and no hint that anything is even amiss.
It was precisely this sort of situation that placed publication of my last column for eSecurityPlanet at risk. I was on business in New York City, staying in a lovely hotel owned by one of my clients (whose name I will not write, since they still haven't paid an invoice). Using their in-room broadband service, I had finished my column and emailed it to my editor.
During the week I was in that hotel, I'd sent dozens of emails, and based on the replies I had promptly received, many of them had clearly gotten through to their destinations. But in a couple of instances, I got annoyed calls and emails asking where certain documents were; documents that I'd emailed during that week from the hotel.
I did a little calling around and discovered that none of the emails I sent with attachments had reached their destinations. To this day, I still dont know where those emails went, or where the breakdown in delivery occurred. All I know is that those messages left my inbox and never reached their intended recipients.
Many of us who have spent the last decade working on the issues of spam, email security and email reliability look back at the late 1990's as the golden age of email. It was an era when spam was only a minor annoyance, ''phishing'' was following around a college band while wearing your parents' tie-dyed hand-me-downs, and the only emails mentioning Viagra were between chemists deep in the loins of Pfizer's research labs.
Today's email network operators could actually learn a thing or two from those experts in the medical research field, an industry populated by doctors whose prime directive is to do no harm. In the good old days when email broke, it was by accident. Today's email breakdowns are the result of bad designs, broken implementations, and negligent administration of increasingly Rube Goldberg-esque email infrastructures.
When lost email is called to their attention, many system administrators dismiss the complaint by pointing to the vast amount of spam and virus-generated email they deflect. This bears a striking resemblance to the doctor who says, ''The surgery was a success, but the patient is dead.''
If email is to survive as a viable communications medium through the next decade, it's time that IT managers and network designers take seriously the need to deploy truly loss-less anti-spam and anti-virus technologies.
Now, pardon me while I go fax this column to my editor.
Ray Everett-Church is a principal with ePrivacy Group, a privacy and anti-spam consultancy. He is a founder of CAUCE, an anti-spam advocacy group, and he is co-author of ''Internet Privacy for Dummies.''