Policy is hard

We’re back at work after a trip to M3AAWG. This conference was a little different for me than previous ones. I spent a lot of time just talking with people – about email, about abuse, about the industry, about the ecosystem. Sometimes when you’re in a position like mine, you get focused way too much on the trees.

Of course, it’s the focusing on the trees that makes me good for my clients. I follow what’s going on closely, so they don’t have to. I pay attention so I can distill things into useable chunks for them to implement. Sometimes, though, I need to remember to look around and appreciate the forest. That’s what I got to do last week. I got to talk with so many great people. I got to hear what they think about email. The different perspectives are invaluable. They serve to deepen my understanding of delivery, email and where the industry is going.

One of the things that really came into focus for me is how critical protecting messaging infrastructure is. I haven’t spoken very much here about the election and the consequences and the changes and challenges we’re facing. That doesn’t mean I’m not worried about them or I don’t have some significant reservations about the new administration. It just means I don’t know how to articulate it or even if there is a solution.
The conference gave me hope. Because there are people at a lot of places who are in a place to protect users and protect privacy and protect individuals. Many of those folks were at the conference. The collaboration is still there. The concern for how we can stop or minimize bad behavior and what the implications are. Some of the most difficult conversations around policy involve the question who will this affect. In big systems, simple policies that seem like a no-brainer… aren’t. We’re seeing the effects of this with some of the realities the new administration and the Republican leaders of congress are realizing. Health care is hard, and complex. Banning an entire religion may not be a great idea. Governing is not like running a business.
Talking with smart people, especially with smart people who disagree with me, is one of the things that lets me see the forest. And I am so grateful for the time I spend with them.

Related Posts

Censorship and free speech online

One of the things I discovered yesterday while looking at Krebs on Security was that Google Alphabet has a program to provide hosting and dDOS protection for journalists.  Project Shield, as it’s called, is a free service for approved applicants that keeps up websites that might be taken down otherwise. Eligible organizations include those providing news, information on human rights and monitoring elections.
This is something I hadn’t heard of before and my only reaction is good for Google.
Look, we’ve gotten to the point where attackers have resources beyond the scope that most of us can imagine. It’s expensive even for large organizations to manage and pay for the level of protection they need.
Even more importantly a lot of very important work is done by individuals or small organizations. Brian is a prime example of that. He does an incredible job investigating online crime on his own time. His site and his information is an invaluable resource for many. Losing his site, and losing his information would leave a huge hole in the security community. There are other folks in other spaces who, like Brian, don’t have the resources to protect themselves but do have important things to say and share.
margaretmeadquote
I’m glad to see Google committing their resources and skills to help organizations protect themselves. It’s so important that this work is done and we don’t lose voices just because they can’t afford hundreds of thousands of dollars a year.
There has been abuse and harassment online for as long as I’ve been here. But it seems recently the size and severity of attacks have increased. And a lot of service providers are struggling with how to manage it and what their responsibilities are.
A few weeks ago Facebook deleted an iconic photo from the Vietnam era due to child nudity in the photo. That decision was reversed and discussed in many, many different places. One of the most interesting discussion happened on a friend’s Facebook feed. Many of the participants work at various online providers. They have to make these kinds of decisions and create policy to do the right thing – whatever the right thing is. It was very interesting to be able to follow the discussion and see how many different issues FB and other online providers have to consider when creating these types of policies.
I thing the thing I have to confront the most about the internet is how big it is. And how crucial it’s become to all sorts of issues. Social media can be a cesspool of abuse, there’s no question. But it can also be a force for good. I’m glad companies like Google are stepping up to preserve the good parts of the internet.

Read More

M3AAWG in Philly This Week

Today marks the training day for M3AAWG 37 in Philly. With all the traveling and speaking I’ve been doing lately we’re not going to be there. So no tweeting from me about the conference.
logo
We’ve been attending various M3AAWG meetings since way early on – 2004? 2005? in San Diego. The organization has grown and matured and really come a long way since the early days. One of the challenges of M3AAWG is that it is a true working group. This isn’t like the various conferences I’ve been attending recently. I think there are two things that makes M3AAWG different from other conferences.
One of the most obvious things is the lack of a vendor floor. Sure, there are vendors and sponsors but vendors don’t bring in displays and have sales people stand around them to talk to folks. The conference does have demos and negotiations and meetings, but done differently than other events.
The other difference I’ve noticed is that M3AAWG is much more about participation. As the name says, this is a working group. Everyone is encouraged to get involved in things they’re interested in or that they think they can contribute to. Other conferences are a lot more about information being shared by speakers and panels. But during M3AAWG conferences, there are 2 mornings devoted to round tables.
The round tables are a true community effort, and probably deserve some discussion for people who’ve never been to the conference. Before the conference, members of the community submit ideas for things they think M3AAWG should discuss. These suggestions are reviewed by the board and leadership and ones that fall within M3AAWG’s purview are taken to the conference.
The first day of roundtables each topic is discussed in small groups. Volunteers facilitate a 20 – 30 minute discussion on the topic at hand with attendees. After time is called, attendees go to another topic and discuss that one. Part of what is discussed is not just the issue (say, how to get off a blacklist) but also what the final work product looks like. Is this a document for M3AAWG members? A panel at a future conference? A public document?
The second day is refinement of the roundtable topics and commitment from people to move the project forward. Champion is the person who is project managing this. Other roles depend on the work product. For presentation or panels, there is one set of roles. For documents there are roles as writers and editors and contributor.
M3AAWG has written and produced some useful resources and information over the years. Many of those resources are public, like best practice documents and metric reports. Other docs and reports are specifically for members.
The working group part of M3AAWG in one of its real strengths. Experts on all sides of the business of email get together to keep email useable and workable. Early on it there were a few barriers and some suspicion about various participant groups. But, as the industry as grown things have changed. Many folks have moved from ISPs to ESPs and back. There’s also a bigger place for companies that provide services to ESPs and ISPs, like us here at Word to the Wise. We’ve built bridges and technology and have been a positive force on the world.
 

Read More

Back from M3AAWG

Last week was the another M3AAWG meeting in San Francisco. The conference was packed full of really interesting sessions and things to learn. Jayne’s keynote on Tuesday was great, and brought up a lot of memories of just what it was like to be fighting spam and online abuse in the mid to late 90s. It’s somewhat amazing to me that many of the people I first met, or even just heard about are still actively working to fight abuse and make the Internet safer.
Wednesday was another great keynote from Facebook, discussing security. Facebook is committed to sharing threat information and has started the ThreatExchange website as a hub for sharing data among large companies.
One thing that was amusing was during one talk someone mentioned YubiKey for managing logins. They said many people were sharing long strings of random keys that sometimes happen because someone has accidentally triggered the one time passcode. YubiKey is awesome, if sometimes ccccccdkhjnbitklrrtnhjrdfgdlhektfnfeutgtdcib inscrutable.
As has become a bit of a M3AAWG tradition lately, Wednesday was also kilt day. There may be pictures. For those of you planning to go to Dublin, Wednesday will be kilt day as well.
The conference was great, but ended on a bit of a down note. We received word that Wednesday night a long time friend, Ellen R., passed away due to complications from a stroke. The conference held a moment of silence for her at the end. Ellen was a friend as well as a colleague. She was around on IRC when we started this crazy experiment called Word to the Wise and was always helpful and insightful. She volunteered with, and then worked for, Spamcop and then volunteered with Spamhaus. Ellen will be very missed.
I started off the conference remembering all the friends I made back in the late 90s and ended it remembering and missing those who are no longer around. Email has been one amazing journey, and doesn’t look like it’s going away anytime soon.

Read More