[IP] E-mail is broken full article
E-mail is broken
Four Internet pioneers discuss the sorry state of online communication
today. The consensus: It's a real mess.
- - - - - - - - - - - -
By Katharine Mieszkowski
Oct. 2, 2003 | Somewhere between that spam promoting
<http://www.msnbc.com/news/828942.asp>spyware disguised as a chipper
e-greeting and the latest e-mail-borne virus masquerading as an urgent
software upgrade, something got lost.
Not just a single overlooked urgent message from your boss, lodged in a sea
of ghastly teenage bestiality spam, but something more fundamental,
something more essential.
It's impossible to say exactly when the ritual of opening the e-mail in box
went from being the lure that brought you online in the first place to a
slough of deleting drudgery, full not only of irritating commercial
messages that you never signed up to receive, but also of potential threats
that could bring down your computer. But there's no use being nostalgic for
that earlier, simpler time, whenever you got online, whether that was in
1984 or 1998. You can't go home again, or at least, you can't go back to a
home without spam.
The questions now are: Can e-mail be saved? How bad is the problem, really?
And what can be done to fix it?
Salon interviewed four Internet pioneers, computer scientists who have been
online longer than most of the rest of world and who, in some cases, helped
set up the systems we use today. (The four men were interviewed separately,
but for clarity their answers have been grouped by subject.)
<http://www.cis.upenn.edu/~farber/>Dave Farber, who sometimes calls himself
"the grandfather of the Internet" because many of his students went on to
be its fathers, is now a professor at Carnegie Mellon University's school
of computer science. He first went online in 1962 and started on the
Internet in the late '60s "near the day it was born," when his student
<http://www.dcrocker.net/>Dave Crocker, now a principal in Brandenburg
Consulting but then part of the original Arpanet research community, "got
the damn thing working."
<http://www.templetons.com/brad/>Brad Templeton, chairman of the board of
the <http://www.eff.org/>Electronic Frontier Foundation, first used e-mail
in 1976 and started the first ".com" company, in 1989. And
<http://www.useit.com/jakob/>Jakob Nielsen, a usability expert and
principal of Nielsen Norman group, started using e-mail in 1981 and the
Internet back in 1985, when he worked at IBM's T.J. Watson Research Center:
"Every single time I sent e-mail to a non-IBM address, a screen came up to
warn me that we were sending information outside the company and asked the
user to confirm that no confidential information was included."
How bad is spam, really?
Farber: I'm seeing a fairly wide variety of people, from old, grizzled
network people to major investors in technology companies who say: "Who
needs this pain? I get spammed to death. I get viruses. I get the spam
caused by viruses. I get forged messages."
One guy sent me a note today saying, "I spend about an hour and a half a
day cleaning out my e-mail." And he uses a spam filter, but there's still a
major amount of noise.
The reliability of e-mail has suffered incredibly from the need to put in
spam filters that don't work that well. I think that there's a danger that
people are going to say more and more: Who needs it?
At some point in the game you're going to see people saying: "I can make a
phone call; with voice mail, maybe I'm better off.
Over the last six months the amount of spam has gone up phenomenally. This
last virus or worm that started generating huge volumes of e-mail sort of
broke the back. It's not too late, but I think it's getting to be close to
too late. If you believe in the old atomic scientists' clock, it's five
minutes to midnight.
During the height of the worm that was generating automatic spam, I was
getting close to about 3,000 messages every five hours that were junk.
Luckily, I have a broadband connection. If I had had a dial-up connection,
I probably would have thrown the computer against the wall.
Crocker: Rather than a slow, regular increase, there have been moments in
which spam has jumped up higher. There have been massive increases in
bursts. The consensus is that it's happened a number of times in recent years.
A lot of the problem with spam is the distraction; in its current volume it
makes it difficult to find the important messages.
There is a huge portion of the e-mail user population that is fed up.
Whether they are as fed up as the media are portraying them, I'm not sure.
Whether being fed up means that e-mail has become unproductive, I'm not
sure about. We need to look at these kinds of statements and assessments in
a larger context. People are fed up with gas prices and traffic congestion.
We don't have any consumer revolts about any of them. You don't have people
demanding alternate forms of mass transit.
Jakob Nielsen: "You've got mail" is not a happy sound anymore. People
aren't really looking forward to their e-mail anymore. It's a stressful
endeavor.
People are very pressed for time when they process their in box. They are
really very, very frustrated with their in box and have no idea why they're
getting things.
Spammers poison the well for everybody, because users have no way of really
differentiating between legitimate and illegitimate e-mail.
I really do think that we have to do something to change e-mail.
Templeton: Spam has scared people so much that they want to do anything
that they can to stop it.
It's the problem of the automation of good and evil. Moving into the online
world allowed us to automate all sorts of good things. An ordinary guy with
a Web site can reach millions of people and use that automation to change
the world.
The downside is that one person can also write a program to automate doing
something bad. There have always been bad folks. But there are not very
many of them in a decent society. So if you look at Sears, the department
store, they don't have a lot of security there. We have mostly built our
society on the idea that there will be some bad folks, but they'll be a
very small portion of the population.
But if I could build a thousand robots that could come in off the street
and take all the merchandise, then they would have to put a gate around the
store. That's what happens in the online world. Computers amplify both the
good and the bad we can do, and spam is yet another example.
What do you do to protect your own in box?
Farber: I am a big user of e-mail, and I haven't given up yet. All the
protection that I put in place has filtered out mail that's important to
me. For instance, my tax person sent me stuff as an e-mail attachment.
Twice, I never got it. I don't know where it went.
E-mail was always a very sure way of getting things to people. Now it's not
so sure. What I eventually said, after two times, is "Fax it to me." And
that's not what you want!
I will probably not get to the place where I would give up, because I can
put up a lot of defenses, but the average person can't.
Crocker: I'm forced to use the available mechanism -- filtering. And that's
pretty much it. I don't think that any of the
<http://www.chromatix.org.uk/temp/email-authentication-00.pdf>authentication
techniques have gained a critical mass of utility yet.
Nielsen: I have stopped using e-mail and hired staff to do it for me.
That's not a scalable option. That's an option that only works if you're
the boss of a company.
Templeton: I wrote my own spam-blocking tool in 1997, which was the first
of the
<http://www.templetons.com/brad/spam/challengeresponse.html>"challenge-response"
tools. It takes a secretary-type approach for my public address, which I
put on Web sites and postings.
Will anti-spam legislation have an impact?
Nielsen: I'm in favor of a law against spam, but spammers can set up
business overseas. Unless we're going to send in the Marines anytime there
is a spammer in another country, we just can't pass a law that's going to
work.
Templeton: Legal solutions can have a place. There are some spammers in the
U.S. who could be deterred by the laws, no question.
But the most common spam I get is telling me about $42 million in a locked
box in Nigeria. That's a confidence trick. It's fraud. You don't need a
stronger law against that; you already have a fraud law: the strongest law
you're ever going to get.
Most of the laws are bad, and certainly none of them effective. It's worse
than useless, actually. It creates debates about how you're going to
regulate speech on the Internet.
Farber: The
<http://www.thetranscript.com/Stories/0,1413,103~9054~1664155,00.html>Massachusetts
law says you can sue the spammer.
Happy day! How is Jane Housewife or Joe Househusband going to go sue
somebody? Unlikely. The problem is tracking down people who are out of the
country -- even within the country. It allows me to sue a spammer. That
doesn't work. First of all, you have to find them. Then, there are all
these questions about jurisdiction. E-mail is a national facility. It's not
a state facility. So, I think it's going to take a federal law.
Crocker: Overall the state laws aren't very effective. They're a research
activity for a future federal law. Anybody who understands the range of
venues realizes that the enforcement scope that a state can work from is
too small. The real problem is that so is a country.
Farber: You need somebody out there with the bank account, like the Federal
Trade Commission or the Federal Communications Commission. The FCC did a
good job with fax spam.
A federal law would not stop the little guy around the corner. What it
would stop is the big companies. It would make them behave. It's the same
as phone spam. What did we finally do? We passed federal-level law,
do-not-call, because the state laws were not working.
Again, it's not a magic cure. It has to be done right. It's too easy to
pass laws that don't do anything, laws that don't work.
What about technical solutions?
Farber: Authentication of addresses would help an awful lot. A lot of the
spam is forged, and we've know for 30 years that e-mail has this problem,
and nobody seems to want to invest in fixing it.
You need to encourage and maybe fund technology that lets a user
authenticate that mail comes from who they chose it to come from --
personal <http://www.doctorebiz.com/08/030910a.htm>"whitelisting." Some of
the spam filters do that -- anybody in your address book bypasses your spam
filters.
Templeton: Some people wish that e-mail had authentication in it. The U.S.
post office -- snail mail -- doesn't have authentication, and you can send
something in that that will kill you, which is a lot worse than any spam
that I have ever gotten. We survived the Unabomber and anthrax.
Blacklists don't have any accountability, any checks and balances. I've
been on them. It's like punish the innocent in order to get at the guilty.
Spam has led people to endorse [blacklists]. [People] are very afraid of
it, and they do rightfully say that it's damaging e-mail, and you have to
find ways to deal with it.
Filtering on the content is generally a bad idea. If you're actually going
to really mail someone about Viagra, I don't know how you'd get that
through. I'm sure the Nigerians are facing the same problems. The telephone
do-not-call list was struck down last week, because it tried to filter by
content.
Crocker: Spam is fundamentally a human and social problem. It's not a case
of breaking the technology; it's a case of using it in a way that we do not
approve of.
We need small, incremental changes. I'm not saying that they have to be
done slowly. They should be done carefully but quickly. I think that we
need useful but not onerous ways of finding spammers. I think that we need
useful but not onerous ways of vetting legit senders.
There's been authentication technology for 10 years, and penetration into
the user market is minuscule. So we shouldn't expect that any next
technique for authentication is going to take over instantly. When you have
half a billion users, when you have many, many thousands of service
providers, any change takes a long time.
I think that some spam-control proposals are being overly reactive, rather
than trying to go to actual causes of spam, and ignoring the question of
balancing the controls against the negative effects. The approach that says
you have to show your passport for every interaction obviously is excessive.
My personal favorite for proactive approaches to spam is to increase the
accountability. That's not the same as authentication. It says, if I need
to find the author of the message, there is a path to them. It does not
automatically require that they sign the message but provides a reliable
way to link a message back to the originator.
Nielsen: I think basically e-mail does not work anymore, which means that
we have to tear it apart.
The combination of spam and viruses makes e-mail a polluted, dirty, unsafe
environment. And we can all make jokes about the porn, but at the same time
it is also kind of grubby and dirty and unpleasant.
All the spam actually does degrade the environment, and then the viruses
are of course the ones that are actually hurtful.
So, for any individual spam, you can just say, "Get a grip and just delete
it." But with 100 or 200 or 500 per day, after a while, enough offensive
little jabs, and enough five-second productivity losses by scanning the
micro-content of subject lines and deleting it, add it up and you can talk
an hour a day that's just being stolen from you. In the aggregate, spam is
actually incredibly hurtful.
It's not a matter of a little quick fix, like getting a better spam filter.
All these spam filters that have been suggested have huge downsides,
interfering with legit communication, and the average person doesn't
understand how to use it.
Basically start over again from a clean slate. And that's not a popular
message.
It would really mean to stop accepting e-mail according to all the existing
protocols. I think that the only way to do that is if you know enough
important people that you want to talk to who stop using it.
My thought for how to implement this: a number of sufficiently big
organizations -- AOL, Microsoft, the federal government -- would have to
announce that two years from now no more e-mail will be accepted.
All the companies around the world would have to upgrade.
The reason it's impossible to really upgrade e-mail is that everybody has
to upgrade at the same time. The beauty of e-mail -- and it has worked
fairly well for a long time -- is that it's fairly ubiquitous.
I think that it would have to be a system that has built-in security and
authentication that you can always track down. You know where it's coming
from, and it's always encrypted and always secure.
Why do we have to suffer from spam?
Farber: The more people who get on the Net, the more it resembles society
-- and society, especially U.S. society, is a commercial world. And you
have people who see the opportunities to make a few pennies, and if they're
good enough at it they even get to be in the
<http://www.nytimes.com/2003/09/28/magazine/28SPAMLT.html>New York Times,
with their picture, and they go and do it.
Whether it's ethically right or wrong, until it becomes legally right or
wrong, they will do it.
Crocker: Pretty much any institution that grows powerful then attracts
people who want to abuse it.
Spam is a syndrome, not a disease. It's multiple diseases, not a single
disease. I think that spam is a permanent condition. And so we need to look
for multiple ways to control it, just as we need multiple ways to control
cockroaches. We need good infrastructure, proper hygiene and good chemicals
to deal with infestations.
I have a concern that people continue to look for the magic bullet, and
there won't be one.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/