Sections

Services

Information

US United States

When emails go public. How to avoid sharing the things you should never have said

Oops.

There is a lesson for us all in the continuing revelations from stolen Sony emails being splashed over world-wide media. It is a lesson that Sony Pictures Entertainment Co-Chairperson Amy Pascal could have benefited from before sending emails with racist comments about President Obama. Or an email calling Leonardo DiCaprio’s behaviour “Absolutely Despicable” when he decided to pull out of a planned Steve Jobs biopic.

The lesson is a very simple one. It is that when you are writing an email (or any other corporate document), imagine that it will inevitably one day end up on the Internet for everyone to see. Even without the hacking episode, there have been enough horror stories of private emails being accidentally sent to the wrong people who have little issue with making the contents public.

The emails of Amy Pascal and other Sony Pictures’ executives reveal damaging internal discussions about business practises and commentary on a wide range of people that the company relies on to do their business. It is hard to imagine how those involve retain their credibility as more of the emails become public.

The dangers of emails being used against an organisation was something that former Microsoft CEO Bill Gates discovered the hard way during US antitrust investigations. After that point, Microsoft internally discussed a practice of not keeping any emails for longer than 6 months.

In many other cases, emails have been obtained by journalists and others and used against the owners under Freedom of Information requests.

Deleting emails after a set amount of time would have helped a great deal with Sony’s problems but it comes with its own issues. Many organisations, including universities, are subject to legal regulations governing how long official records need to be retained. Emails can be considered part of official records and so it is sometimes difficult to apply a blanket policy that requires all emails to be deleted after a relatively short time.

The problem of email could also potentially be solved by using other forms of electronic communication instead. There have been suggestions that email could be replaced with instant messaging. This is certainly the case but many of these services keep records of conversations. Google for example, allows individual hangouts to be switched into “off the record” mode, but does not allow this setting as a default for all conversations. To delete the record of the conversation, it has to be done individually.

Special software that automatically deletes conversations can be used such as messaging apps Telegram and OneOne but these require widespread use. In terms of the types of email exchanges that were highlighted in the Sony releases, it is unlikely that the participants would have had the presence of mind to use more secure communications in any event.

Although companies should be advising all of their staff, especially the senior ones about good email hygiene, there is still a much easier way of avoiding all of these issues by not writing the email (or document) in the first place. If that is not possible, then there are a few definite things you should do when writing email:

[1] Always keep it brief. The more you write, the harder it is to check you haven’t said something you will regret. [2] Never write email when you are angry or emotional. Leave it for 24 hours before writing, if at all. [3] Never write email when you have been drinking. [4] Never include personal, intolerant, or insensitive statements in corporate email.

If it helps, it is also useful to imagine a prosecuting lawyer looking over your shoulder as you write every email you send.

To deal with chronic disease, patients will need better mobile health apps

Mobile Health.

Of all the potential calamities facing humanity, the one that few people can argue about is that of the global population that is growing in numbers, age, size and incidence of chronic disease. In Australia, 3.6 million people have diabetes or pre-diabetes. In the US, that number was 29.1 million in 2012, or 9.3% of the population. The number of people with pre-diabetes in 2012 however was a staggering 86 million.

Diabetes is the 6th leading cause of death in Australia and the 7th in the US.

More doctors won’t work

It is no wonder then that 8% of all consultations that GPs deal with in Australia concern diabetes. GPs spend on average twice as long with diabetes patients and they visit twice as many times. The incidence of diabetes is rapidly outpacing the health services’ ability to deal with it. Diabetes in Australia is growing at 7% per year, whilst the number of GPs is only growing at 3%.

The challenge for patients

From the patient’s perspective however, the GP visit represents only 3 hours of direct consultation and support each year, for a condition that they need to be managing for the rest of their lives. Even if the patient is given a plan of how they need to tackle changing their lifestyle in order to reduce the development of their condition, it is largely left up to them to actually carry this out.

An interesting issue here is that all of the health information that is useful to the patient is the data that the patients themselves can measure directly. Having access to information held by the doctor is relatively unimportant, which means that the provision of a personal health record would not help in the overall management of the disease. Governments investing in these systems, like the Australian Personally Controlled Electronic Health Record (PCEHR) would actually do much better by investing directly in software and systems that help patients help themselves, ideally in the form of mobile apps. The US is also seeing low adoption of personal health records, pointing to their limited role in supporting direct management of disease.

What a self-management mobile health app would need

Self-management of chronic disease involves a patient understanding the basis for their illness, being able to activate resources that will help them manage and hopefully improve their condition and finally adapt their life to living with the condition. All of this can be overwhelming, but could be made much easier through electronic assistance.

In the case of diabetes, the recommended guidelines for lifestyle modification are actually quite complicated. There are goals to be set for exercise, diet, smoking and alcohol consumption. A mobile app could allocate an electronic care plan based on these guidelines, along with a means of understanding and keeping track of progress towards achieving set goals.

The principle objective once people understand the goals they need to achieve in managing diabetes is actually sticking to them. Very few patients currently continue with exercise programmes, for example, and give up after only a short time.

Mobile apps would also assist with self-monitoring the progress of diabetes, ideally through connected blood sugar measuring devices. Research has shown that patients that self-monitor their condition significantly improve their outcomes and reduce symptoms of diabetes.

Finally, a self-management app would incorporate elements of “gamification” to keep patients engaged with the process of self-management. Recognising achievements in attaining goals, when presented as part of a game has been shown to increase compliance with self-managed treatments of chronic disease.

Unfortunately we aren’t there yet

Although the features outlined above, if available in a mobile app, would provide ideal support for people with diabetes, finding an app available today is going to be hard. In a review of diabetes apps available for Android and Apple mobile devices, researchers found a wide range to choose from although the majority simply provided a means of recording blood glucose levels. There were no apps that they could find that presented evidence-based guidelines allowing patients to properly manage their conditions.

It is hard to understand why the crisis of chronic disease has been allowed to continue largely unabated. Even though politically it might prove impossible to deal with the root causes of poor diet and lack of exercise, finding more effective strategies for self-management is going to be essential as there are no other viable alternatives.

I don’t like Cyber Mondays: cyber attack takes down hundreds of sites

Denial of Service Attacks.

The Conversation, along with many other sites, was rendered unavailable for several hours today after one of its service providers was subjected to a massive “denial of service” attack timed to coincide with “Cyber Monday” in the US.

The attack, emanating mostly from China, targeted a Domain Name Service provider DNSimple and has lasted several hours. DNSimple provides services that translate a name like www.uwa.edu.au into an Internet address 130.95.128.140.

Denial of service attacks are ones were very large volume attacks called “DNS Amplification Attacks”. These attacks bombard servers with so many requests that the servers stop being able to respond normally to legitimate requests. They are called amplification attacks because the attackers use badly configured services that can be found all around the Internet to join in the attack and make it much worse.

More Attacks.

Real time visualisations of cyber attacks on sites like Norse illustrate very clearly the ongoing wars that are continuously playing out on the Internet with most of the attacks originating from China although the United States comes a close second. The attacks that originate in the US and China may actually be infected machines, including PCs and mobile phones that are remotely controlled to join in attacks started elsewhere.

Who exactly is behind the attacks is also unknown. It could easily be independent hackers or governments and the military of those governments with China’s People’s Liberation Army’s Third Department being a favourite service to blame.

The Conversation was not the only site affected. Hundreds of sites were down with site owners resorting to Twitter to inform their users and to vent their frustration.

DNSimple Customers on Twitter.

Preventing these types of attacks is very hard and so Internet providers use a range of strategies to protect themselves against them. One is to spread their services geographically so that if one service gets targeted, they have capacity elsewhere. This is also a strategy that customers of these services can, and should, adopt. Instead of relying solely on one service, websites can use a second service that they can switch to in case of an attack on the first.

Internet providers can also use other means to try and filter out attacks of certain types and finally they can just increase the capacity of their machines and Internet connections to diminish the effectiveness of the attacks.

The attacks however do illustrate a fundamental weakness of the Internet with tens of thousands of misconfigured and infected machines making the entire network vulnerable to these types of attacks. Unless there is a concerted effort to clean up these machines, or to take them off the Internet, these types of attacks will continue.

In this attack, it seems DNSimple were simply overwhelmed with the scale and nature of the attack rather than it being any inherent fault in their services. Unfortunately this will not bring much comfort to the website owners still waiting for their services to return to normal.