Getting right the name

My name is Phil Thane, if you want the whole thing it’s Philip Alan Thane. I’m a freelance writer and editor of a small magazine. In the last few weeks I’ve had emails addressed:

  • Dear Editor, Phil
  • Hi Phil Thane
  • Hi phil@pthane.co.uk
  • Dear philthane (my username on some websites)
  • Hi @pthane (Twitter handle)
  • Hi Thane!

Sometime way back in the last century marketing departments discovered an unholy alliance between databases and wordprocessors and started sending mail-merged letters. For a while we fell for it and really thought someone had written to us. Then we wised-up but for a few years were impressed that we were dealing with a company so advanced that it could do this, with computers.

50 years later marketing departments are still doing it. These days with email, SMS and a host of social media systems, but they are doing it worse.

In the early days of mail-merge companies had their own lists of customers and suppliers built up over years of trading. Some poor soul had to type the lot into Lotus 123 or Excel which was a lot of overtime but if the lists were accurate and you employed a decent touch typist the data would be accurate and in the format the company wanted.

Then we got Big Data and everyone wants more. More raw data, more tags, more categories, subdivisions, links to other data points, more ways of extracting value. The simplest way of accumulating data is to buy it. Or swap it or merge all the data belonging to companies you have acquired. That data was collected over years by different companies for different purposes and stored in different formats. It is difficult to merge nicely and errors creep in. Then it is passed on to another company, merged again, separated when a division is spun-off, re-merged following a takeover and so on. A lot of Big Data is a mess and because it’s such a Big mess no human ever tries to put it right.

The naming thing is just an indicator of how bad it is, but it’s important because if you get someone’s name wrong they realise immediately they are dealing with a company that has poor data and doesn’t care who knows it. Not a good way to win friends and customers.

My own name is fairly unusual but most British people would realise Thane is a surname even if it’s not one they are familiar with because Phil is obviously an abbreviated first name. But of course no humans are involved in data any more and some of the transformations this data has been through may well have been held in the form NAME, First name. My contacts in France do that all the time. At some point in all the data manipulation something hasn’t matched up properly and first and last names of some people have got muddled. You might try to write an automatic data processing routine to sort that out by comparing with lists of first and last names, but in a connected multi-cultural world that’s not going to help much. Even in the Anglosphere Thane can be a first name, especially in the US. In India it’s a city.

Some names would baffle even human native speakers. James Alexander, or JAMES, Alexander? Gender too is a minefield, Mr Robert Lesley or Ms ROBERT, Lesley?

There is a simple solution. Stop using the conventions of an earlier age in modern business practice. No-one is impressed by ‘mail merge’ these days. When it’s right it’s unnoticeable when it’s wrong, as it often is, it’s an irritant. Make your business communication impersonal like flyers or posters, don’t try to emulate the letter form, most of your contacts are too young to remember it anyway.

Marketing, data and forgetting the human

We (or more specifically, my wife) changed our energy supplier yesterday. This morning she got a text message from our former supplier, ‘ We are sorry to lose you…’. She snorted and moved on. It happens all the time, change a supplier, unsubscribe from something and moments later your phone pings with a personalised message. But why?

No-one in the developed world who has used any IT in the last few years still believes that these messages come from an actual person who actually cares that you’ve cancelled. We know the message comes from the cloud-based IT system of a multinational corporation that is foreign owned and has its HQ somewhere sunny and tax efficient. The code was probably written by a contractor concerned only that it worked, passed the scrutiny of his/her peers and was a step up on to the next contract. So why do it?

Do you think we’ll be so touched by your concern we’ll reconsider? Or is it a long-term investment, leaving on good terms so that one day when we once again face up to the hassle of finding another supplier we’ll remember your kind message and give you another try? Really? You think your customers that sentimental?

Or maybe it’s just because everyone else in your industry, every industry, does it, it costs little and requires no thought, so you do it too. Thus demonstrating to your customers, or to those that think about it rather than just ignoring you, that you are just as much an unthinking corporate behemoth as all the others. Well done marketing department, have a bonus.

Amber Rudd – 3

Apparently MPs, even cabinet ministers, will/can/do not reply to mere members of the public unless they are constituents, so eventually I made contact with my MP’s office and they contacted the Home Office which  replied to my MP whose office sent it to me. This is progress, in my previous constituency my MP replied to every email by letter. When I queried this I was told that it was essential for record keeping as paper letters were always copied before sending and the copy filed. Apparently this is not possible with email.

On the actual matter in hand, the reply is as bad as I feared.

(From Alastair Burt MP)

Further to previous correspondence, I attached for you a response from the Home Office.

I do understand the points you make about end to end encryption, but the technology companies offering these services, must work with the Government to ensure they are not abused.

Thank you for taking the time to outline your concerns in this matter, which I can assure you have been noted by the Minister.

He obviously missed or failed to understand my point that it doesn’t have to be ‘companies offering these services’ any muppet can set up encrypted email.

So maybe the Home Office reply is better?Judge for yourself – HomeOfficeStatement. (PDF)

Amber Rudd – part 2

No answer to my message to Ms Rudd about internet encryption. It’s possible my email didn’t arrive, and possible it did but her reply got lost in cyberspace. I’ve emailed my MP, Alastair Burt asking him to look into it. We’ll see if he replies. I might have to resort to paper in the snailmail!

Apologies

Some low-life, or more likely some automated script, hacked my website and scattered so many files around I ran out of disk space and hence people trying to contact me on Oct 16 got a ‘Mailbox full’ message. Sanity has now been restored.

For the techies, using Cpanel file manager I got my password changed by the hosting company, deleted all the dodgy looking files and directories from public_html, downloaded the rest of public_html to my desktop and ran ClamAV on the whole directory. Didn’t find anything. Hope that’s all…

Message to Amber Rudd

Dear Ms Rudd,

A few days ago I read a headline on the Independent “Amber Rudd admits she doesn’t understand WhatsApp technology but intends to ‘combat it’’.

(http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-imessage-encryption-facebook-apple-amber-rudd-conservative-conference-a7979811.html)

Headline writers do tend to over emphasise stories to get readers’ interest, but the story contains a quote from you, apparently uttered at a party conference event, “I don’t need to understand how encryption works to understand how it’s helping – end-to-end encryption – the criminals. I will engage with the security services to find the best way to combat that”.

Then two more quotes from the Indy,

“It’s so easy to be patronised in this business,” she said. “We will do our best to understand it.”

“We will take advice from other people but I do feel that there is a sea of criticism for any of us who try and legislate in new areas, who will automatically be sneered at and laughed at for not getting it right.”

If I promise not to sneer or laugh, can I help you understand it? Before you say or do anything that will get you both sneered and laughed at, and could have more serious consequences.

Encryption is based on maths and you can’t ban maths. Now the principle is understood any decent mathematician could re-invent a similar system anytime he/she chose. When PGP (https://en.wikipedia.org/wiki/Pretty_Good_Privacy)

was invented in 1991 the US government tried to classify it as a military secret and prevent its export outside the USA, but by then the inventor had already shared it with friends and colleagues and the secret was out. Even if he hadn’t some other mathematician would have come up with the same idea sooner or later. It’s not the only encryption method but it’s common and it can be used by anyone.

The first thing to note is that encryption of some sort is vital to how much of modern life functions, the little padlock symbol you see in the address bar of your browser shows that encryption is being used when you visit a secure website, your online bank for example, or the .gov.uk site where one pays tax or claims benefits. Banning encryption is impossible unless you want North Korean levels of surveillance and control.

You could of course ban companies that provide encrypted messaging services from operating in the UK. Or you could allow such companies to operate only if they introduced a system whereby messages were recorded unencrypted somewhere before being encrypted and sent, and ensuring that that stash of unencrypted messages could be viewed by law enforcement officers with the right warrants.

There are several snags to this apparently simple plan. Wherever the messages are stored they will sooner or later be hacked. The threat of that happening will deter anyone with something to hide, whether it’s information of use to terrorists or A Level exam questions from using the system, they will look for something more secure. The knowledge that messages can be read by law enforcement officers provides an even stronger deterrent to use by miscreants. That’s nothing new, when criminals realised the police could intercept their letters and steam open the envelopes they stopped planning bank robberies by post. Similarly once wire tapping became standard practice for investigators criminals became careful about what they said on the phone. If you ban Facebook or WhatsApp from using encryption people will find an alternative.

Probably the simplest is to virtually offshore your communications. You might be aware that many British ex-pats like to watch BBC TV, and that BBC output is freely available online in the UK using iPlayer. But not to expats, if you try to access iPlayer from an IP address outside the UK, it is assumed you are not paying a UK TV licence fee and the service is blocked. Unless you use a UK based proxy server, which many, many ex-pats do.

In essence it’s very simple. Someone sets up a webserver (or lots of them) in the UK to which ex-pats can subscribe, paying a small fee or being subject to adverts to pay for the service. The server lists BBC programs available from iPlayer. The ex-pat chooses one and the UK-based server connects to iPlayer, receives the stream of data then resends to the cheating ex-pat. I suspect one could quite easily do something similar with other communications systems.

You could try to ban proxy servers in the UK to stop abuse of the BBCs service, but there are legitimate business and privacy reasons for using them, people don’t always want others to know who they are or where they are. In the case of foreign proxies, they are way beyond your jurisdiction. If someone in, say, DePfefflistan set up a website where one could download the .boris version of WhatsApp there would be little you could do.

Then you get into the Whack-a-mole scenario, you ban WhatsApp and within days, if not hours, someone launches Wotzapp, WattsApp and so on. Encryption is easy to use, web developers are two a dollar in most of the world and the internet runs on free software. And then even if you could find a way to stop all these new messaging services springing up, there’s email.

I’m not a mathematician, I’m not a software developer or IT expert, so let me give you the non-maths, low tech version of how PGP can be used with old-fashioned email.

To use PGP you need a piece of software, freely available online (http://openpgp.org/), that creates two encryption keys, known as a keypair. One key is a ‘private key’ the other a ‘public key’. The former you store on your computer (phone, tablet, whatever) the latter you give out to friends, contacts or broadcast on the internet if you wish. The keys are created such that any message encrypted using the public key can only be decrypted using the private key. Anyone can have the public key, but only the person with the private key can read the message. It is impossible to figure out from the public key what the private key looks like.

You need to make sure your email client software is aware of the private key and where you filed it, but this is usually just a point and click affair. When you receive an encrypted message the software uses your private key to decrypt the message.

You can also append your contacts public keys to your addressbook system so that you can encode a message to them.

This system is the basis of secure email as used by governments and commercial organisations everywhere, in most cases the IT department sets it up and user knows nothing about it. Something similar happens when you use a messaging app or online banking, your web browser sends your public key to your contact, bank, whatever and it uses that key to send you an encrypted message with its public key which your browser uses to confirm that you are now securely connected.

PGP it is simple to implement, if I can do it in a few minutes so can terrorists and other criminals. Unlike commercial applications such as WhatsApp, email is universal and operates on standard protocols. Anyone can set up an email server, it doesn’t have to be one of the big IT corporations where you might have some influence, it can be a £20 computer in a shed somewhere.

Don’t despair though. You cannot un-invent encryption, and you can’t stop people using it but the law enforcement and security organisations can and do get a lot of information by simply finding out who is sending messages to whom, where from and how often. And who is responding. On the web that’s hard to hide, though using systems like Tor do make it tricky. There is probably more info to be gleaned from looking at suspects’ use of readily available private messaging systems than there is from trying to gain access to these systems and driving the people of interest into using even harder to trace methods.

Finally, please stop making statements that suggest that you don’t need to understand something in order to combat it. It may win plaudits from a few technophobes but anyone who thinks for a moment will see how stupid it is. You don’t need to be an expert any more than the health secretary needs to be an oncologist to combat cancer, but you do need to have some concept of what you are trying to achieve. Mandating the impossible just leads to disappointment.

I’ve written to a couple of MPs in the past, and in most cases received a standard, ‘Mr/Ms xxx wishes to thank you for your communication…’ from their office. One never knows if the MP actually read it, I assume they didn’t and I suspect you won’t either. I’ll just have to wait and see if you make any more ill informed comments about encryption, or worse still try to enact legislation on the matter.

Writing Magazine

When I’m not writing technical features for money (or DIYing the boat) I try to write fiction. I attend a local writing group and a while ago a publisher, Collette Smith, from Writing Magazine joined us. For her it’s research, trying to get inside the heads of her customers, but it set me thinking. Writers use software and, it often seems to me, pay over the odds for it. I’ve used free software for years and written about it in techie magazines and on industry websites, so why not try a simple guide to free software for writers?

Here it is. (PDF approx 400KB)

And here is a sidebar I wrote to go with it which the magazine put online rather than in the print version.

Nextcloud(2)

As promised the server now runs Nextcloud and MySQL. Unfortunately Nextcloud was forked from the latest version of ownCloud and requires the latest ownCloud client on the desktop. Which wasn’t supported by my operating system a LTS version of Linux Mint based on Ubuntu 14.10. So I waited for the next KDE version of Mint to arrive, which it did in September. Now Nextcloud syncs everything with my desktop, which is fine except that the desktop is temporarily set up in the garage of our temporary accommodation. Until we move to our (hopefully) final destination I’m using an old (Bodhi Linux) laptop which runs the client fine, but I daren’t sync too much because the disk isn’t that big.

The other ‘interesting’ issue is remote access to the server which is being blocked somewhere. It’s fine via the LAN but not via the Internet. I’m beginning to wonder if my new ISP contract has something to do with it, even though it’s the same company. More on this when I get to the bottom of it.