This blog is now hosted at

Tuesday, August 28, 2007

Protests and child rearing

I brought my son to work with me yesterday, not realizing that sleepy little Bellevue was about to be the site of a protest.

Little did I know that President Bush was coming to town for a fundraiser. The crowds gathered hours in advance to protest, so I decided that my son should have an impromptu civics lesson.

It prompted lots of good questions, and we had a long discussion about the political process. It was a good chance to explain the importance of different opinions, and the need for healthy debate. Read more...

Friday, August 24, 2007

Non-business email messages are not public records in Florida

At least for the State of Florida.

Follow the jump for an interesting opinion on the question of whether non-business email constitutes a public record.

The opinion Makes the following assertions:

..."official business communicated by e-mail transmissions is a matter of public record." In re: Amendments to Rule of Judicial Administration 2.051 -- Public Access to Judicial Records, 651 So. 2d 1185 (Fla. 1995). However, the court has also recognized that e-mail messages may include transmissions that are not official business and which, consequently, are not public records." id. at 1187. Thus, the Supreme Court has already given us some guidance in this area. Non-business e-mail messages are not public records and need not be retained.


Experience in our office indicates that many e-mail messages consist of one or two lines dashed off electronically because, at any given time, it may be the most expedient means of communicating a simple message: "your meeting is at 2:00, don't be late"; "remember to order a new copier cartridge this afternoon"; "please let me know when you will have the project finished." These communications are the electronic equivalent of communications that under different circumstances would take place verbally -- either by telephone or directly.

It seems that there is a prevailing legal mantra, "save everything". Including every joke of the day, every email from social networking sites, every chain letter, every everything.

I'd like to suggest that it is possible to manage your archive with a little less extreme-ness. There are definitely items that can be safely removed: do you really need the 65,000 low toner notices?

I think it is time to really discuss what constitutes a business email. What are your thoughts?

Thursday, August 23, 2007

E-Discovery Searches are Inadequate

Many e-discovery efforts focus on two things: date range searches and searches for email addresses. I'd like to suggest that these are inadequate, and what you can do to really find the messages you're looking for.

The main problem with searching addresses is that they are not normalized. They come in myriad formats:




These are just examples-- there are others. The point is that these all refer to the same user. On the other hand, you might end up with different users sharing the same address (which Joe Smith were we referring to during the three year period covered by the e-discovery?).

Dates in email are really completely random, unless you are referring to dates in the received lines. Alternately, you could keep metainformation about the email, i.e. the date that it was delivered to the journal, etc.

Emails need to have the current contextual information applied at the time of archive insertion. At a minimum, I would suggest looking at inserting unique identifier for the user (something like an employee id), what department the user is in, whether the user is an executive, whether the email contains potentially proprietary information, and whether the email is potentially privileged.

It would also be a good time to set retention policies and flag non-business mail, but that's a discussion for another day.

Wednesday, August 22, 2007

Schadenfreude and Bacn

Schadenfreude is one of my favorite words, precisely because of the almost universal reaction received upon defining it. "There is a word for that?!", is the incredulous refrain.

Now there's a new term making the rounds of the noosphere, and it is bacn.

Bacn is the term for mail that isn't spam, isn't personal email, and isn't business email, either. Think about the newsletters you get from companies you purchase from, automated notices from internal systems, etc.

The reason I find this term interesting is that it is something I've been talking about for some time, but just never had a good word (words are power!) to properly describe it quickly. Even though it has "hip", "Web 2.0", "look I dropped a vowel, how creative I am!"-ness to it, I suspect it is going to make it into the common lexicon.

Here's why:

  • It talks about a productivity problem with email.
    The modern information professional has 10-30% of their email composed of these types of email (newsletters, automated notices, your order has shipped), and every interruption to check email takes 15 minutes to properly resume from.

  • It talks about an infrastructure problem.
    These emails are going in the archive. 10-20% of the emails in an email archive are bacn. They are especially likely to be saved by users, because, "I want to read them, just not right now."

  • There are tools to help deal with it.
    Here at MessageGate, we use our software to automatically tag email as bacn, and the end user can set up rules to file these emails appropriately. A more intensive approach could auto-file these mails for the user (without them setting up rules).

  • The volume of email involved has a very negative impact on e-discovery efforts, especially since the current (broken) methodology of searching by address and date has basically no false-positive filtering.

Companies are starting to look at the productivity and infrastructure burden of bacn; I'm just glad to have a word to describe a topic I've been working on and thinking about. Read more...

How to do a successful technical presentation

Update: more on this subject here

I have done my fair share of technical presales calls and proofs of concept. I have a few notes on what I've found to help them be successful.

  1. Ditch the acronyms and technobabble
    Also known as know thy audience. If you can learn to bridge the gap to the non-technical crowd, you'll be leagues ahead of your cohorts. I use my wife as a sounding board for technical explanations; if I can explain it to her, I know I've sufficiently simplified things.

  2. Get rid of Powerpoint, if possible.
    If not, follow my revised version of Guy Kawasaki's 10/20/30 rule. I suggest no more than 5 slides, 10 minutes to discuss the slides, and 30 point font, minimum. Consider it the 5/10/30 rule. Do Not read from the slides.

  3. Ask questions.
    Nobody is opposed to answering legitimate questions. I took a Solution Selling course, and was amused to learn that sales people typically have 18 months of increasing effectiveness in a new position, and then productivity falls off. This is, also, coincidentally, the same point at which most people "learn all there is to know" about a product or service, and stop asking questions.

  4. Use the whiteboard to your advantage
    This ties in with the previous point-- use the whiteboard to ask questions. Ask about their environment. Draw it on the whiteboard. Ask leading questions about the potential solution you're looking to provide. Draw the solution into their environment.

  5. Use your hands to emphasize points.
    This article points out that using gestures makes a math teacher more effective than their less gesticulating counterparts (from the article):
    Susan Goldin-Meadow, a professor of psychology at the University of Chicago, found in a recent study that Chicago schoolchildren learned math best when the gestures of teachers enhanced their words rather than simply repeating them.

  6. Don't fall into the perception vs. correctness trap.
    I was once giving a presentation, and the customer asked me if turning on encryption would affect performance. The obvious technically correct answer is that yes, it does impact performance.

    So I told him yes, that it had a 20% impact on performance. This was also technically correct.

    And the wrong answer.

    Why? Because I could have told him (and whiteboarded) that an average transaction takes 2 seconds, to which we add 2/10ths of a second, to which encryption adds 20%. In total, encryption adds .04 seconds to a 2.2 second transaction. And then told him, "basically, no, encryption does not affect performance."

  7. Make your demonstration interface with their infrastructure.
    I used to work at WRQ (now Attachmate), and consulted on a product called Verastream. We really started to hit our stride when we honed our ability to interface with a mainframe in an afternoon. We would walk in, exchange pleasantries, talk about the potential solution, and have a web or web services interface to the mainframe up in hours.

    Customers were always amazed that we could make it work so quickly, and the real power was in the idea that it wasn't just a canned demonstration, it really was their mainframe.

    My current employer (MessageGate) is announcing an update to our current IIS adapter which will be much easier to plug into a test Exchange server and demonstrate our email governance capabilities. I'm excited, not because we can't already demonstrate our software, but because it will make demonstrating our software in a live (test) environment that much easier.

In short, it's all about interactivity. One-sided discussions aren't really discussions at all; there's no chance of establishing rapport or coming to a common understanding. Both of these are necessary to move the sales cycle forward.

The New Rickenbacker

I got the new Rickenbacker cleaned up (man, it was grungy!). I'll be taking her out tonight for her first live usage, but I don't have a proper set of straplocks, so that's definitely something I'm going to need to remedy.

More on strap locks after the jump.

I'm pretty enamored with a set that I put on my Alembic-- they are called the Zeppelinn ZSL600 (yes, Martha, an extra N). You can find them here.

The one caveat with them is that the screw they ship with it is just plain inadequate. Do not attempt to use the screw it ships with. My suggestion would be to use a threaded inserts and a better screw.

Tuesday, August 21, 2007

Burn Them With Fire

I am a Desert Storm vet. While I was formally trained as an infantryman, I drove a fuel truck during the time I was deployed. I have a lot of stories from this time, but one of my favorites is about Dung Beetles.

I was completing my fuel run for the day when a Sergeant (First Class, and acting first sergeant) approached me and told me he needed to show me something. I followed him a couple hundred meters into the desert, and he showed me a patch of ground completely riddled in holes. "What's this all about, top?", I asked.

"Those are Dung Beetles.", with a you know what to do nod of the head. The last unit in this area had apparently buried a latrine here, and the Dung Beetles were having a field day. I didn't know what he was expecting, so I asked.

"I want you to soak all of this with MoGas, and light it on fire." I'm not kidding when I say that he looked like a demented priest bent on an exorcism. Let's just say that this was a somewhat atypical request, but I thought about it for a minute, and went to get my truck.

Tossing matches at 100 gallons of gasoline is a fairly precarious task, but we did eventually get it lit-- fifteen foot flames and roiling black clouds ensued. I wish I had the presence of mind to have taken a picture.

Sometimes it works to gently correct course or mildly adjust angle of attack; sometimes purging with fire is the only option.

Monday, August 20, 2007

Lack of email controls considered harmful

The Treasury Inspector General for Tax Administration performed an audit of the Internal Revenue Service. In summary, the IRS has improved greatly, but employee noncompliance is still leaving Personally Identifiable Information (PII) at risk.

analysis and link to the report after the jump.

Full report here.

Employees have also shown they are susceptible to social engineering techniques that hackers could use to gain access to their systems, and they continue to ignore IRS policies on the use of email, which increases potential security vulnerabilities.

Now, maybe I'm biased (and who are we kidding: of course I am!), but this again points to the need for centralized, server based controls on email. How long would employees continue to "ignore IRS policies on the use of email" when they receive an email each time stating that they are in violation of the Acceptable Use Policy, and that their email has been logged?

Our SenderConfirmTM even allows the user to make the final judgment on whether an email should actually be sent. This is a powerful influence on behavior, nonetheless.

One of the core benefits of this approach is that you don't actually have to add any human infrastructure-- it isn't necessary to actually hand analyze the mail: the threat of it alone is enough to change user behavior. I believe that this coincides with the "broken windows" theory; allowing users to make "little violations" leads to a lack of vigilance ending in a breach, but the blocking the "turnstile hopper" promotes an increased level of security.

New Rickenbacker

I wasn't really in the market for another bass, but I found a really good deal on a bass that I've been lusting after for some time. A JetGlo (black) Rickenbacker 4003.

She's a little beat up, and I'm not convinced that the bridge pickup works, but this bass has been one of my longer term desiderata. The Colonel (a.k.a. my longsuffering better half) wasn't too impressed, but it was a really good deal.

So, in trade, I'm selling my fretless Alembic Epic, and I have a new #1 bass.

Friday, August 17, 2007

Email statistics

Chances are that you have some decidedly unexpected behaviors happening on your email network. You probably expect that there are jokes and video files being emailed around. But did you know about that user on you network that only forwards mail?

That's right. In an enterprise of any substantial size (over 500 users), there is virtually a 100% chance that there is at least one user that for every 10 mails sent, 9 are forwards (and it isn't uncommon to see 100%). No, I don't know what they do all day.

Have you ever measured which account sends the most emails in a given unit time? I'll take odds on it being a printer (or copier, or database, or application). This certainly points to enterprises using email as a generic messaging platform, and that enterprises consider it acceptable to use email as a method for applications and devices communicating their state.

Of course, the law of unintended consequences rears its ugly head when you realize that the printer sent 65,000 emails last month lamenting the loss of toner. To a distribution group. With dozens of users. And all of it gets archived.

Of course there's the 25-40% of your email (by volume) that is entirely Office documents, and the 20-40% that is non-business email (non-business images, video files, jokes, chain letters).

Here's an idea for blocking chain letters: just block any email with more than one exclamation point in the subject line. While this is meant to be tongue in cheek, it is pretty accurate.

Thursday, August 16, 2007

The Ron Paul fan club

This is not about politics.

While I have to admit that Mike Huckabee definitely has impressed me with his bass playing (which is decent, but more marked by the fact that he plays a "semi-boutique"** bass-- a Tobias. He's even on YouTube.)

I'm also amused that John Edwards has decided that Men Who Look Like Kenny Rogers is part of his core demographic.

But I've been really interested by the grass roots campaigning of the Ron Paul campaign (and supporters). More thoughts after the jump.

If you have any exposure to the blogosphere, you've likely heard of Ron Paul.

You can't have read Digg lately without finding a reference to him.

What is interesting to me is that this all seems to be a rather deliberate and purposeful effort. It looks like a very organized grassroots effort to provide their candidate with coverage that I doubt that the mainstream media would have provided.

Our generation now has the Internet as one of the primary influencers of thought, and one campaign seems to have really capitalized on that. I suspect that the cost for this extra boost in "market presence" was the equivalent of a rounding error in a normal campaign budget.

It isn't quite as catchy as a bass solo (or men who look like Kenny Rogers for that matter) but pretty impressive, none the less.

** Semi-boutique: since these are really production line basses built by Gibson, but originally designed by Mike Tobias. He may have a pre-Gibson model, in which case, it's in great condition, and a boutique bass. Read more...

Three (more) things you can do today to get email under control

My friend Robert posted an article entitled three things you can do today to get your email under control. I'd like to propose my own list of three items after the jump.

  1. Implement an Acceptable Use Policy (AUP)and educate your users.
    This is the starting place for all email governance efforts. You must offer your users guidance on what constitutes acceptable uses of the email system. Have you actually educated your users about policies regarding non-business email?

    It surprises me how many organizations either do not have an AUP (or one that is hopelessly out-of-date), or do not properly educate their users on it. If, God forbid, an employee termination is necessary, proof that the user was educated on the policy is more than just nice to have. Every webmail service has an AUP that must be acknowledged before an account can be set up, why shouldn't all organizations implement this?

  2. Block proprietary content from leaving your organization.
    This can be as simple as searching the email and attachments for terms like "proprietary and confidential" or "internal use only", or as complex as fingerprinting specific documents, and flagging emails containing subsections of the documents.

    Whatever you do, you need to look at the types of files that constitute your intellectual property. Some suggested starting places:

    1. Office Documents (including Adobe PDF)

    2. Source Code (VB, Java, C, C++, Perl, COBOL...)

    3. The files that support your business, e.g.: AutoCAD, Matlab, specific reports, etc.

  3. Perform an audit of your traffic to see what is really going on.
    Okay, so admittedly I copied this from Robert's article. But it bears repeating, since the vast majority of organizations do not know what exactly is moving through their email network.

    If you are concerned about privacy, have the report anonymized. This is something that MessageGate does regularly. It provides a great value, and I can assure you that there will be unique and interesting information in the audit. It will help you understand the metrics of your network, and will, I dare say, offer insight into the character of the organization as a whole.

    Just like a financial audit, it is most helpful to do the email audit on a regular basis, allowing you to track to particular goals.

Implement these, and you'll have a much greater understanding of your email, a lower risk of information leakage, and better control over your email network.

Wednesday, August 15, 2007

Email and Stress

There is an interesting (although not unexpected) study published by researchers from Glasgow and Paisley universities about email stress.

Interesting findings:

The participants in the study were checking mail up to 40 times per hour.
They thought that they were checking 4 times per hour.

Links to the articles after the jump.

The article is on the Ars Technica: link.

Another interesting study was conducted in 2003, with American workers: Overwhelmed by Email. Since this study is from 2003, keep in mind that email volume has been climbing 10-20% per year (which implies that time consumed by email may have as much as doubled since then).

Consider the costs of this "always on", "pressured to respond immediately" mindset:

It takes up to 15 minutes for an information worker to properly resume the task that was interrupted responding to email. Meanwhile, the average user receives 10-20 emails per day. Even accounting for the mail coming in pairs, that would account for 1 hour 15 minutes of lost productivity, per employee, per day (and going up by 10-20% per year).

In a 1000 employee organization:

1000 users * 1.25 hours * 250 days per year = 312500 hours per year in lost productivity.

Multiply that by an by a fully loaded cost of $35/hr, and you're at $11M per year in lost productivity.

Something to keep in mind when you are analyzing the costs of email governance.

Tuesday, August 14, 2007

Help! My archive is out of control!

One of the great things about email archives is that they keep everything. One of the worst things about email archives is that they keep everything. When I say everything, I mean that you're literally paying (in storage, management, and software costs) for every spam, every picture of Johnny's 4th birthday party, every inappropriate email, every humorous "video du jour" that arrives at the mailbox.

Better yet, when push comes to shove, and an e-discovery event happens, you'll be paying a lawyer or paralegal to inspect these.

What should companies be doing about archives? I can certainly understand the "keep everything" mantra, but I'd like to suggest that there might be a method to keep everything that is necessary and important, while cleaning some of the non-business email from the archive.

First, try to get rid of as much spam as possible. Implement defense in depth: multiple spam solutions with different approaches (reputation services, content analysis, and something that analyzes fraudulent headers are all important) will help eliminate that extra several percent of spam that is currently getting to the mailbox. Five to ten percent of the email in most networks is spam (and that's after the spam filter).

Second, make decisions about what types of media are necessary to your business. Some examples: MP3 (music), Windows Media (video), and MPEG (video) aren't typically business critical files. If they aren't necessary, consider blocking them.

It is helpful if you have the ability to whitelist certain users or provide policies based on job description or department. We have implemented this with great success.

Third, if you allow users to take documents or files home for work purposes, consider encouraging the use of either flash drives or a remotely accessible content management system (e.g. Sharepoint). This has two benefits: it promotes better archive hygiene, and helps prevent information leakage.

Most of the information leakage we see is accidental-- mis-addressed email is probably the leading culprit for confidential information leaving most organizations.

Finally, educate your users. Establish an Acceptable Use Policy (AUP) for email, and specify the appropriate and inappropriate use of email. Establish etiquette guidelines-- many people have no idea what is appropriate in email, especially with Generation Y entering the workforce. They have had their formative years of electronic communication in an entirely personal context, whereas us "old folks" have, generally, had a more business-oriented introduction.

Following these suggestions could cut 20-30% off the size of your archive, without any impact with regards to actual day-to-day business email.

Saturday, August 11, 2007

Analyzing archives

I read a lot of email.

Ok, technically, I analyze a lot of email. One of the services that we perform for our customers is an email audit.

Follow the link for some statistics on archive volumes under typical usage patterns.

The number of messages sent and received varies widely-- the average user sends between 147 and 198 emails per month and receives between 145 and 185 emails per month.

By direction, 70% is internal, and the remaining 30% is pretty evenly split between inbound and outbound mail.

Roughly 25% of email is non-business (i.e. spam that made it past the filter, private communication, external newsletters, etc.).

Most companies have an average email size of 50-60KB. There are two reasons for this:

1) HTML/RTF email cause small messages (that could have been 1KB) to be much larger (3-10x). This drives up the baseline.
2) You may have noticed this: there are a couple of Office documents floating around your email network.

Point 2) bears further consideration: 30-50% of the email (by volume) in a typical organization is Office documents (in which I include PDF files).

This causes the following storage analysis:

1000 users * 300 emails per month * 12 months * 60KB = annual storage burden of 206 GB, on average, per thousand users. That would be 2 TB per 10,000 users (per year).

Your mileage may vary, of course.

Friday, August 10, 2007

What might get revealed in e-discovery?

I saw an article about a Minnesota man who is requesting the source code to the breathalyzer the police used during his arrest for drunk driving. How's that for e-discovery?

Apparently the purchase contract included granting the state, "all right, title, and interest in all copyrightable material".

And the Minnesota Supreme Court agreed with him. While most organizations are not bound by such contracts allowing the release of their intellectual property, it does point to one of the major issues in e-discovery-- that it can be difficult to segregate privileged, confidential and trade secret email from the rest of the discoverable materials. So you get to pay (and pay) the e-discovery firms to do this segregation after the fact.

I'm not denigrating the services they offer, just suggesting that an ounce of prevention is worth a pound of cure.

Specifically, if you have an email archive, you should be tagging messages that are from inside and outside counsel, executive management, or contain intellectual property. This definitely contributes to good archive hygiene.

One way to make this much easier is to require all documents containing proprietary or confidential information to be marked as such. Then you can tag these documents as they enter the archive. In this case, a little can go a very long way. Read more...

Thursday, August 9, 2007

It's impossible to sing and play the bass

I have an admission to make. I cannot sing and play the bass. I cannot talk and play the bass.

I can't even answer yes or no questions. I have no idea why, but I've come up with a pseudo-medical term for it: musical aphasia.

Here's Jay Leonhart's take on things:


Storm Worm and adaptability

So, the storm worm is the new kid on the botnet block. I'd like a zombie PC with a side of fries.

Estimates put the storm infected botnet at between 250,000 and 1,000,000 PCs- although I think it definitely has the potential to be much higher.

More interesting than the fact that there's a new botnet du jour is that there are still so many networks that allow this vector of infection. Yes, Virginia, there are still networks that allow executables into their networks via email.

Of course, your network doesn't, right? Here are a few things to think about:

I got a scam email a few weeks back. It had a PDF with an embedded executable in it.
In my consulting practice, I've regularly bypassed these filters using one of the following two expedients:

Simply renaming the file to something other than .exe (i.e. .txt)
Putting the executable in a zip file.

Most email systems out there aren't capable of detecting either of these types of subterfuge. Add to that that this is a de facto acceptable policy (since sending email with executables is actually part of the job description for certain individuals), and you essentially are forced to accept some amount of "slippage" with regards to protection.

Never mind the fact that there are zero-day exploits with Microsoft Office (and just try and block that!).

Without understanding the content (is this an executable, even though it is named foo.txt and embedded in a rar file?) and the context (Joe in IT should have the ability to send executables), it is next to impossible to implement sound policies around email.

However, with these, we can actually prevent these types of attack, and begin to deal with zero day attacks. I have a customer who decided last week that he didn't like the amount of PDF spam he was receiving, so a he built a dictionary to search for the spammer URLs in the PDFs. Net implementation took about 30 minutes (mostly finding the URLs). Net result? 68,000 of these blocked last week. Read more...

Wednesday, August 8, 2007

Social Engineering at the IRS

Information Week published an article outlining how a security test revealed that 60% of the users tested were willing to accept a call from an unknown source and change their password to something that the caller suggested.

First off, kudos to the IRS for actually testing their security. And double kudos for actually being willing to release the (admittedly bad) results publicly. But I am not surprised at all that 60% of the users tested were fooled into helping the person on the other end of the line.

With my amateur psychologist hat on, I assert that users just don't feel the same way about virtual information as they do physical information. How often would you see someone accidentally mis-address a FedEx envelope containing financial data? This happens all the time with email (oops! I meant to send it to Mike Smith, not Mike Jones!).

Welcome to the war on human nature-- and we're losing. Read more...

Monday, August 6, 2007

Custom development

I play the bass guitar. I don't play particularly well, but I can hold down the bottom, as they say. I am having a custom bass built, which I've affectionately titled "the software project." Because it had scope creep: it has way more features than it started with, is late (32 months total), and ever so slightly more expensive than I told my tolerant wife it would be.

It reminds me of some software projects I've worked on.

When you are looking for something that is completely custom, expect it to cost more than you planned. Expect it to take more time than you allotted. Most of all, expect it to change.