Israeli Software

I'm putting the final touches on my presentation on "How to protect customer privacy with extrusion prevention". This afternoon - I'm flying to Zurich and then taking the train to Bern to present a talk to the UPU - the Universal Postal Union. The UPU has a working group (EPSG) (electronic products and services) with about 20 members who are putting together guidelines and strategies for the Postal e-commerce operations.

An obligatory opening to any talk like this is - the so-called "March of history" slide. You talk about how the industry has evolved over the past 5 or 10 years and impress people with your deep yet entertaining insights into the history your particular technology niche.

The march of history slide turned into the hardest, most time-consuming piece of my presentation; finding myself bouncing off the walls with a lot of unrelated, unimportant insights like e-commerce being driven by search as opposed to online, undifferentiated advertising 10 years ago.

1998: Personalized content keeps vendors busy

Remember when the buzz-word du-jour was delivering personalized content?

1998 was the year Google was founded, and also the year that Firefly and Netperceptions were founded. Firefly was founded by Pattie Maes from MIT and after being acquired by Microsoft for $40M, the Firefly community was shut down; the programmers taken into captivity to develop what was soon to be called Microsoft Passport - later retired in 2004 after a fundamental security vulnerability in Passport led to several well-publicized hacks in 2002. Passport is a good example of a flawed software design - namely basing user authentication on client-side session cookies. The original exploit used to compromise a Passport account involved using a malformed URL to expose a user's cookies to an unauthorized Web site; probably one of the first reported cases of what is now commonly called cross-site scripting and session hijacking. Read more here - MS Passport hacking.

Companies like Firefly and consortia (like the P3P - itself shutdown last year) had this amazing notion that privacy was a form of alternate currency - to be given up by a person in exchange for personalized Web pages. How dumb could we have been! Do we really want the e-commerce site for Illy Coffee run by Poste Italiano to know enough about us in order to pop up an ad for a short espresso and then offer up an ad for a new credit card?

2007: User-generated content drives the Net

Fast forward - Netperceptions assets were purchased by a company that makes elevator weights. Google is now doing $20 Billion a year in Ad Words and Yahoo still has a ton of non-specific traffic to its home page.

Conclusion

In 2007, we see that vendor-standards do not live long - and with the huge mass, long tail, and user-generated content on the Web today, the only thing that will hold water is vendor-neutral-standards.

This is my first time in Switzerland not just passing through, despite having a cousin who lived in Geneva for many years and a good friend from Zurich. The day before the conference, I took the afternoon flight to Zurich and then the train to Bern; it's a 1 1/2 hour ride; I got into Bern around 9:45 - my hotel is a 5' walk from the Bahnhof.

The next morning is Tuesday Feb 20 - the weather in Bern is beautiful, about 5 degrees centigrade and clear. I took the tram to the UPU (Universal Postal Union) and get to the building about 15' early - they have a nice sized conference room on the 7th floor with a stunning view - I arrived together with the two representatives from the Ukraine Post. Within 20' - about 25 participants have arrived from 20 countries.

The entire event has a very international feel - with each attendee having his/her own microphone and headset for the simultaneous translation. In the back of the room, there is a glass-window with translators to English and French.

The workshop discussed the issues facing the postal sector, the needs of the consumers, the retailers and the issues surrounding the positioning of the Posts in the B2C space. It was fascinating to see how Posts have (re) discovered e-commerce - taking opportunity of the lessons learned in the 90s and leveraging their considerable strength in moving parcels and processing electronic payments. Some have created unique offerings - for example Canada Post with its Border Free service for US e-tailers. Others are revisiting the hosted shopping mall paradigm of the 90s but with integration with their parcel operation and Google Ad words - for example Poste Italiane, who are using Microsoft Commerce Server 2007 and integrated their SAP back office to provide an end-to-end e-commerce service for SMEs).

I spoke second after lunch - which was not as bad as I thought it was going to be - people were pretty alert, I kept it lively, and as an outsider - I think it was very well received.

The second amazing insight for me was that this group is building an e-commerce strategy for Posts, but they have not given any thought at all to IT security and protecting customer records privacy. This is disappointing; but as a person who is ABC (always be closing) - I saw it as a sales opportunity for my products and services.

You can see my presentation here: From customer convenience to customer privacy

I would like to thank Fidelis Security Systems for sponsoring my trip.