Or maybe “Should Be A Critical Element…” Because American business by and large doesn’t really care about security very much.

Thanks to Bruce Schneier we learn that the Indians are pushing to get the encryption keys to RIM’s BlackBerry system. What this means is that the messages sent to BlackBerrys in the field could be decrypted by the Indian government. Strangely, only non-corporate users are at risk for now.

How long do you think it will be before other governments get the keys in exactly the same way as the Indians did? How long do you think it will be before a corporate user is thought to be enough of a security concern that even corporate users must turn over keys?

The reason why this is significant for the BlackBerry vs iPhone situation is that the iPhone works differently. It doesn’t pass all messages through a server. It behaves like a computer connected to the internet, with a regular email client. So, as soon as someone is allowed to create an email client with encryption capabilities we will have secure mobile email. Apple has released the iPhone SDK, and is expected to unveil applications along with an improved version of the iPhone in June. It might even happen that Apple builds encryption into the mail client themselves.

The problem for RIM is that there is no way to do full decryption on the BlackBerry without doing it on their server, at least with their current software. Creating this after making deals with governments to provide access will be impossible.

So, if you believe in having privacy, and you conduct business overseas, it looks like BlackBerry isn’t the best choice.

I’m at Print Outlook 2008 in New York City, and I noticed during Andrew Paparozzi’s presentation on commercial printing in 2008, based on survey results, that there were several themes revolving around competition. Print is more competitive than ever, and he stressed differentiation and not doing things just because competitors were doing them.

Will this drive an increased interest in competitive intelligence in printing? My experience is that this is one industry where CI hasn’t really taken hold, at least not in the same way as in medical/pharma and other industries. Perhaps as print gets more competitive and more dependent on innovation and positioning we will see a growing demand for CI in print.

Why do companies insist on making our accounts less secure?

I just tried to log in to Lowes, and got the password wrong and they then asked me the stupid questions that they build into the system to try to avoid having to deal with lost passwords. Idiotic questions like “What was the name of your first pet?” and “Where did you go to high school?” When I’m forced to provide answers to these security risks I usually just enter 30 to 60 characters of gibberish. I figure if for some reason I cannot recover the password I can talk to a human being at the company and regain access that way.

The normal and professional way to handle lost passwords is:

1. Send the lost password to the person’s registered email address. This is the most sensible way, as long as you give the password loser the chance to back out if they know their email account is compromised.
2. Make them call and talk to a human being.
3. Email them a new randomly-generated password.

Not at Lowes - if you don’t remember what you put down as your high school (I went to two) then you’re screwed. The idiots at Lowes make you re-register. Re-registering is bad enough, but my old account is still out there somewhere.

So, I guess the only sensible thing to do is just treat these stupid questions like a password prompt, and come up with a 20 character answer to give all of them. I’m sure as hell not going to tell the truth. Seriously - how hard would be to get anyone to give up the name of their high school or their first pet? If I wanted to break in to, say, a coworker’s account, all I’d do is try to get to find the questions, and then ask the coworker. Do you think anyone’s going to balk at talking about their first pet or their high school days?