Email E. Neumann

Email E. NeumannHow stupid is email?

Actually, email is great. It’s robust, widely-supported, and highly accessible (in the 508 and economic senses of the word). The problem is email clients.

Security

A colleague of mine and I once considered starting up a business around a new email client. The problem though, is that it works best when someone send emails using your email client to someone else using your email client. E.g. you can easily implement PGP encryption:

  • if you’ve previously exchanged email, you both have each others’ keys — snap you’re done;
  • if you haven’t, your client asks whether you want it sent insecurely or asks you for authentication information (something you know about the person that a man-in-the-middle probably doesn’t, or an out-of-band mechanism for authentication such as calling you on the phone; and then sends an email initiating a secure authentication process OR allowing them to contact you and opt to receive insecure communication; all this can happen pretty seamlessly if the recipient is using your email client — they get asked the question and if they answer correctly keys get sent).

It’s relatively easy to create a secure encryption system if you (a) opt out of email, and (b) have a trusted middleman (e.g. if both parties trust a specific website and https then you’re done — even a simple forum will work). But then you lose the universality of email, which is kind of important.

The obvious goal was to create a transparently secure email client. The benefits are huge — e.g. spam can be dealt with more easily (even insecure email can be sent with authentication) and then you can add all the low-hanging fruit. But it’s the low-hanging fruit I really care about. After all, I figure if the NSA can hack my storage device’s firmware, my network card’s firmware, and subvert https, encryption standards, and TOR — and that’s just stuff we know about — the only paths to true security are anonymity (think of it as “personal steganography”) or extreme paranoia. When dealing with anyone other than the NSA, Google, China, Iran, etc. you can probably use ordinary caution.

Well, how come Windows Mail / Outlook and Apple Mail don’t do exactly what I’ve just said and automatically handshake, exchange keys and authentication questions, and make email between their own email clients secure? If it’s that easy (and really, it is that easy) why the hell? Oddly enough, Apple has done exactly this (using a semi-trusted middleman — itself) with Messages. Why not Mail?

OK, set all that aside.

Why?

  • Why can’t I conveniently send a new message the way I send a reply (i.e. “Reply with new subject and empty body” or “Reply all with new subject and empty body”)? When using an email client most people probably use Reply / Reply All most, then create new message and copy/paste email addresses from some other message second, and create a new message and type in the email address or use some kind of autocomplete last. Furthermore, many replies are actually intended to be new emails to the sender or sender and recipients. Yet no email client I know of supports the second — very frequent usage.
  • Why does my email client start me in the subject line? Here’s an idea: when you create a new email you start in the body. As you type the body the email client infers the subject from what you type (let’s say using the first sentence if it’s short, or the first clause with an ellipsis if that works, or a reasonable chunk of it with an ellipsis otherwise).
  • Why does my OS treat email, IMs, and SMSs as completely separate things? Studies show grown-ups use email and hardly SMS. Younger people use SMS and hardly use email. Both probably need to communicate with each other, and both are generally sending short messages to a person, not a phone number or an email address.
  • (While I’m at it, why does an iPhone treat email and IMs as different buckets? How come they had the nous to merge IMs and SMSs, and even allow semi-transparent switching between secure and free iMessages and less secure and not-necessarily-free SMSs based on whether the recipient was using an Apple device or not? I don’t ask why Android (or heaven forfend Windows) does this because (a) Android generally hasn’t even integrated mailboxes, and (b) don’t expect real UI innovation from Google; they can imitate, but when they originate it tends to be awful — aside from Google’s home page which remains one of the most brilliant UI decisions in history.
  • Oh yeah, and voicemail.

Nirvana

Now imagine a Contacts app that did all this stuff. I’d suggest it needs to be built into email because email is the richest of these things in terms of complexity and functionality, but let’s call it Contact. Consider the nirvana it would lead to:

  • Instantly, four icons on your iPhone merge into one (Mail, Phone, Messages, Contacts (the existence of the last has always bothered me, now it would make sense). Three of those are likely on your home screen; now you have more space.
  • You no longer have to check for messages in four different places (e.g. if you have a voicemail system that emails you transcripts of voicemails, you can mark them both as read in one place, or possibly even have them linked automatically.)
  • Similarly, when you reply to a given message, you can decide how to do so. (Is it urgent? Are they online? Is it the middle of the night? What is your preferred method of communicating with this person?) Maybe even multiple linked channels.
  • Message threads can cross message domains (imagine if you reply to an email with a phone call and Contacts knows this and attaches the record of the call to the thread containing the emails, SMSs, iMessages, voicemails, and so on). Some of this would require cleverness (e.g. Apple owns iMessages, so it could do things like add subject threads to messages on the side, but SMSs are severely constrained and would lose their thread context).
  • Oh, and you can use the same transparent encryption implementation across whichever bands make sense.
  • Obviously some of these things won’t work with some message channels e.g. you can’t do much with SMS because the messages aren’t big enough, but MMS, which is what most of us are using, works fine, similarly Visual Voicemail could support metadata but doing it with legacy voicemail systems isn’t going to happen.

Consider for a moment how much rocket science was involved in getting Continuity to work on iOS and OS X devices. To begin with it requires hardware that isn’t on older Macs and iOS devices. And what it does is pretty magical — I am working on a Keynote presentation, walk over to my Mac and automagically I am working on the same document in the same place. But really, how useful is this really and how often? Usually when I switch devices I am also switching tasks. Maybe that’s because I grew up in a world without Continuity.

Now consider how this stuff would require almost no rocket science and how often it would be useful.

 

 

Common Core Comprehension

My favorite joke about the mathematically inclined goes like this:

A mathematician, a physicist, and an astrophysicist are attending a conference in Scotland, and between sessions walk through the hills and come upon a black sheep.

“I had no idea that sheep in Scotland are black!” says the Astrophysicist.

The Physicist, arching a brow, sneers, “Typical. You see one black sheep in Scotland and you assume that they’re all black.”

At which point the Mathematician says, “Actually, all we know is that this side of the sheep is black.”

I don’t know much about the Common Core aside from the fact that it’s not the same thing as No Child Left Behind, but the teachers I know don’t seem to care for it either. (In general, I don’t think teachers particularly like being told what to teach except in the broadest of strokes.) A little investigation shows that the Common Core for Comprehension is more interested in teasing out figures of speech than actually parsing the meaning of text. It seems to me that what we really need is a Common Core for Comprehension. Consider this:

Jane, a six year old girl, is playing at home when her father enters the front door with bags of groceries. “Daddy, did you buy chocolate?” asks Jane. “No, but I bought cherries,” replies her father, who then empties a bag of cherries into a bowl, washes them, and puts them on the dining table. “I hate cherries,” declares Jane. While her father unpacks the rest of the groceries, she eats all the cherries and goes back to playing.

Questions

  1. Did Jane’s father buy chocolate at the store?
  2. Does Jane like chocolate?
  3. Does Jane like cherries?

Answers

  1. Jane’s father entered with bags of groceries. Assuming he did go to the store, we know that he said he didn’t buy chocolate, but he may have.
  2. Jane asked for chocolate. Anything beyond that is supposition. She may, for example, have been checking that her father bought the things he was asked to buy earlier.
  3. Jane says she hates cherries, but she ate a bowl of them (apparently quite quickly). It seems reasonable to conclude she does actually like them, but she may have been very hungry.

Bear in mind that it appears that no-one in the mainstream news media would appear to be able to answer these three questions correctly (I’m sure that many actually could, they’re just paid not to), so we do have a problem here, and I think it’s more important than whether kids can solve arithmetic problems “lickety spit”.

According to its official website:

The reading standards focus on students’ ability to read carefully and grasp information, arguments, ideas, and details based on evidence in the text. Students should be able to answer a range of text-dependent questions, whose answers require inferences based on careful attention to the text.

A little investigation shows that there is a “Common Core for Comprehension” (part of the English syllabus) but it devotes far more attention to figures of speech (most of 9th-12th grades) than actually parsing the meaning of text (some of 4th-5th). Such attention as there is emphasizes drawing conclusions and making inferences rather than figuring out what has actually been stated. While it’s no doubt useful to be able to correctly label figures of speech — none of which is necessary for comprehending the fact that “Fred is an ass” doesn’t necessarily mean Fred has four legs or infer from “Claude says, ‘Hi'” that Claude is probably male and not a stapler — apparently teaching kids to actually comprehend what they read (isn’t that “reading carefully”?) is not, in practical terms, part of “comprehension”.

The Worst Recurring TV Show Plot Ever

There was an interesting story in the New Yorker (Person of Interest, the TV show that predicted Edward Snowden) that got me watching a show I had initially dismissed (I think because it was marketed as a J.J. Abrams show). It’s got the guy who played Ben in Lost — who’s an excellent actor, even if I’d like to do terrible things to the creators of Lost with a fork.

The basic premise of Person of Interest is that in the wake of “9/11”, the US security apparatus started doing exactly what anyone with a clue knew they were doing and Snowden later revealed they were in fact doing and that a billionaire hacker genius (Ben… er Finch) wrote software to analyze all the data and spit out “persons of interest” — i.e. people planning future terror plots. The wrinkle is that the software initially couldn’t differentiate between people plotting terror attacks and those plotting ordinary violent crimes, so the hacker figured out how to divide its hits into “relevant” (to national security) and “not relevant” (i.e. ordinary criminals). For some reason the non-relevant hits are always in New York, but I digress. The billionaire feels guilty about all the non-relevant people who keep dying, and tries to save them (with the help of an improbably effective ex-CIA agent).

I mention all this by way of diversion. The show is exceptionally well-made, cleverly understated, and intelligent. So it’s with considerable annoyance that — watching through season 1 on iTunes — I stumbled into the worst recurring TV show plot ever. OK, there are probably worse recurring TV show plots, but this one is egregious and not worthy of an intelligent TV show such as Person of Interest. The summary goes like this (not a spoiler — this plot cannot be spoiled):

  1. People are getting killed mysteriously.
  2. A drug company is involved.
  3. And it turns out they’re suppressing information that lots of people died horribly during the clinical trial of a drug they’re just about to release.

I think I’ve seen this plot in pretty much every episodic cop show on television, and a bunch of lawyer and doctor shows too. My memory is hazy, but I’m pretty sure it’s occurred in The Good Wife, Law and Order (and perhaps Criminal Intent as well), Bones, etc. Shows that are generally  intelligently written, well-acted, and strongly plotted. (OK, Bones has kind of jumped the shark.)

Yes, drug companies do evil things. Yes, they’re motivated by profit. But the way to make a buttload of money as a drug company is not — repeat not — to produce a drug that kills people, cover up the deaths, and then release the drug.

Now, if the bad guy were a stock market speculator who wanted to make sure a particular drug got released because he/she had some kind of weird futures contract, or was shorting a rival pharmaceutical company, or something like that — OK, that’s kind of barely plausible. But to knowingly release a drug that will get your company sued to oblivion is simply stupid.

Now there are cases of drug companies covering up deaths caused by their drugs. A recent example which got a lot of coverage is the story of acetaminophen overdoses caused by (a)  the drug being lethal at doses as low as double the maximum recommended daily dose, (b) confusion caused by infant tylenol being twice as concentrated as children’s tylenol, and (c) the presence of tylenol in many, many “cocktail” drugs that are frequently taken together. An older example I recall is a drug used to help smokers quit that was associated with a notable, but statistically insignificant, number of sudden deaths. There was also some controversy over Prozac being prescribed for kids and possibly leading to suicide. And of course there’s Vioxx. But these are all drugs that were already on the market, and the cover-ups and maneuverings were over marketing issues (can we call our drug “the safest”? or will the government put our drug on a list of drugs covered by public insurance?). This is about protecting markets and avoiding lawsuits.

Please. Enough.

Here’s an evil thing Big Pharma actually does (and the only TV show I know of that nailed this was House M.D.):

  1. Create a drug that’s just like a drug you already sell which is going out of patent (but “with a vitamin E molecule tacked on the side” to paraphrase House from memory)
  2. Conduct many clinical trials of your new drug vs. the old drug and placebo
  3. Assuming the new drug is exactly as effective as the old drug and the trials are conducted by perfectly by disinterested parties, one in twenty will show the new drug is more effective than the old drug — publish only those results (journals have a strong bias against publishing studies with no statistically significant result, so it’s not like you even need to work hard to suppress the null findings)
  4. Market the hell out of the new drug (e.g. bribe doctors to prescribe or recommend it, scare patients into demanding it)

But that probably won’t create a grisly trail of corpses for your investigators to discover.

Fixing Healthcare.gov

healthcare.gov sign in page

On my way into work today I heard various pretty intelligent critiques of healthcare.gov and realized that the fix is easier (and the existing site stupider) than I ever expected.

The key points are:

  • The IRS provides a service for verifying a person’s income to mortgage vendors.
  • The actual signup for a plan is (I assume) in fact a transaction between a person and a private company that presumably has a website (or phone number) for signing you up, handling security, etc.
  • So the only job healthcare.gov has to do is tell you what products are available to you and how much they cost. And, modulo disclaimers, it probably doesn’t even have to be right.

As someone on NPR pointed out, the job is very similar to selling mortgages through a site like Lending Tree or Quicken Loans. You enter the value of your house, the amount you owe, and your credit score, and you get given an estimate whose accuracy depends on the accuracy of what you put in. If you close the deal, the figures you enter are verified by the actual lender.

So, healthcare.gov basically needs to know the price structure of the plans it is dealing with (this presumably is quite complicated, but not hideously so), and the location of the applicant. It can work with guesstimates of everything else (but there’s an existing IRS service to provide exact figures if needed). So you need a couple of simple web pages that ask the following questions:

  1. Where do you live?
  2. How much do you (and your spouse) make?
  3. How many people do you want to cover?
  4. Do you get health insurance through your employer?
  5. Based on the answers, here’s a list of available plans and their prices.
  6. Click on a button to apply for a specific plan (handed off to vendor website).

This is a little oversimplified, but only a little. (I’ve implemented life insurance application processes — and most of the things that feed into those calculations are expressly not factored into Obamacare health plans — Life Insurance is all about discriminating on the basis of pre-existing conditions.) Without income verification, this could all run client-side from static HTML. It would be technically simpler than the sign-in page shown above. Fixing this fiasco in a few weeks with a team of a dozen people is actually perfectly realistic. Fixing it with hundreds of the “best and brightest”, however, suggests that the wrong approach is being taken to the wrong problem.