Share This

Wednesday, 13 January 2010

Google Turns on Gmail Encryption to Protect Wi-Fi Users

Google Turns on Gmail Encryption to Protect Wi-Fi Users

google_logoGoogle is now encrypting all Gmail traffic from its servers to its users in a bid to foil sniffers who sit in cafes, eavesdropping in on traffic passing by, the company announced Wednesday.

The change comes just a day after the company announced it might pull its offices from China after discovering concerted attempts to break into Gmail accounts of human rights activists. The switch to always-on HTTPS adds more security, but does not help prevent the kind of attacks Google announced Tuesday.

All Gmail users will now default to using HTTPS, the secure, encrypted method for communicating with a remote server, for their entire e-mail sessions, not just for log-in. Session-long HTTPS has been an official option for Gmail users since 2008 (and unofficial for much longer), but Google says it hesitated turning it on for all since the encryption does slow down the service.

“Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,” Gmail Engineering Director Sam Schillace wrote in the Gmail blog.

This option often wasn’t necessary when people used fixed and trusted connections, such as their home or office DSL or cable lines. But as Wi-Fi connections, especially public ones, became more popular, hackers began using simple sniffing software to snoop on people’s online activities with the goal of stealing passwords.

Still, the switch doesn’t encrypt e-mail — it simply encrypts the communications in transit between Google’s servers and a user’s computer — the same as when you use your bank’s website. E-mails sent to other people are transmitted in the clear as they have always been. True encrypted e-mail can only be read by the sender and receiver, regardless of how they move across the internet.

For those whose schools or workplaces routinely monitor employee or student internet usage, the change also shields their e-mails from the IT department.

A coalition of privacy and security experts called on Google publicly to make the change last June, saying that Google was putting millions of people at risk by not using encryption as the default for their cloud computing services.

Users who find the service slows them down or determine that it’s overkill for their needs can turn the HTTPS off in their account settings.

Rival free e-mail from Yahoo and Microsoft do not use HTTPS throughout their sessions, nor do social networking sites or other so-called cloud-computing services.

Instead, most of those services use the secure HTTPS protocol only for logging in, and fall back to unencrypted browsing thereafter. Failing to use HTTPS full-time increases one’s vulnerability to a host of nasty hack attacks when using an open or badly secured network, particularly a public Wi-Fi spot.

America's Financial Illiteracy

America's Financial Illiteracy
Thomas F. Cooley, 01.13.10, 12:01 AM EST
Protecting consumers in the confusing world of modern finance.

One of the common elements of the regulatory reform proposals being crafted by the House and Senate is that both propose to create a Consumer Financial Protection Agency (CFPA). Although there has been concerted opposition to the creation of a new bureaucracy, there is certainly some logic to the idea of consolidating existing consumer protection functions in one agency. Currently, responsibility for consumer protection is scattered across several existing regulatory bodies, and as a consequence the task has fallen between the cracks. Authority for enforcement is in the hands of at least 11 agencies. Each one has responsibility for only a subgroup of financial firms, and their mandates partly conflict. Among the agencies, the Federal Trade Commission (FTC) is unique in having consumer protection on the list of its primary mandates.

There can be no doubt that many consumers have been battered by bad decisions that they made about mortgages, credit card debt, auto loans and so on. And there is no doubt that some of these bad decisions were driven by unscrupulous business practices and that alarms should have been raised about certain lending practices that drove the increase in household leverage.

Our recent experience raises a legitimate and interesting question--what exactly is the role of the government in protecting people from their own bad decisions? It is important to bear in mind that for 30 years we have been in the midst of a major social transformation in which responsibility for risk management has shifted to individuals. In the past, the government and employers often made financial decisions for households, for example by providing health insurance, defined benefit retirement plans and social security; now households are on their own more than ever. We can't just shrug off the problem because if many individuals make bad financial decisions, it creates a negative externality.

Many of the most important decisions consumers make in their lifetimes involve financial products: a mortgage to purchase a home, a loan to purchase an automobile, credit to make a large durable purchase, investments for retirement and insurance to keep one's family secure. All of these financial products have become increasingly complex over time and there is a much wider range of product options offered by different providers, making decision-making more complicated. Consumers need to be financially literate in order to make well-informed choices about such complex products. A growing body of evidence suggests that many consumers lack the knowledge they need to evaluate and make decisions about financial instruments.

So, what should we do and how should the CFPA address this? We don't want a CFPA that limits innovation in financial products--it shouldn't be modeled after the FDA, which requires that products be safe and effective before being allowed into the marketplace. We certainly want the CFPA to monitor abusive practices and raise warnings when they occur. Although as I noted in an earlier column, lobbyists have been hard at work limiting the impact of the CFPA. One result is that House bill H.R. 3126 exempts all of the following entities from regulation by the CFPA: automobile dealers who provide financing; any person regulated by the Securities and Exchange Commission; any person regulated by a state insurance regulator; smaller banks and credit unions (those with $10 billion or less in assets); brokers and agents for mortgage, title and credit insurance; real estate brokers and agents; attorneys; and most retailers. The Senate proposal has fewer carve-outs but does exclude from CFPA regulation small banks and credit unions, merchants, retailers and other nonfinancial institutions that extend credit to consumers.

That suggests that the most important role for a CFPA may be to increase the public's financial literacy. The level of financial knowledge among U.S. households is shockingly low, and that fact is at odds with the trend of shifting risk management to households.

How bad is it? Two economists, Annamaria Lusardi and Olivia Mitchell, have been studying financial literacy and the effectiveness of efforts to promote it for many years. The results are not at all encouraging. To take just a few of their examples, they asked the following questions of a representative sample of Americans over the age of fifty:

1. Suppose you had $100 in a savings account and the interest rate was 2% per year. After five years how much do you think you would have in the account if you left the money to grow: more than $102, exactly $102, less than $102?

2. Imagine that the interest rate on your savings account was 1% per year and inflation was 2% per year. After one year would you be able to buy more than, exactly the same as or less than today with the money in this account?

3. Do you think that the following statement is true or false? "Buying a single company stock usually provides a safer return than a stock mutual fund."

Only 50% of respondents were able to answer the first two questions correctly and less than a third were able to answer all three. In a related study less than 18% of people surveyed were able to answer a simple two-period compound interest problem. This is pretty discouraging. Not surprisingly the extent of financial illiteracy differs with education, gender, race and age. Most efforts to improve financial literacy are not effective.

So what is to be done? One view is that we can improve welfare through the judicious choice of "default" options. For example, in the choice of mortgages or consumer credit plans, the default option could require financial service providers to include a "plain vanilla" product in their menu. This offering should be easy to understand even for the inexperienced customer. It would also serve as a point of reference in comparison to other products. Default options have to be prudently chosen, since consumers, especially those who are inexperienced, are likely to refrain from active choices.

There are a lot of unanswered questions about default options. Sweden, Mexico and Chile have accumulated experience with the use of default investment portfolios in retirement plans. So far the evidence suggests that the choice of default option can have a tremendous effect on retirement savings, but not always to good effect.

Clearly the best way to protect consumers is to educate them. As a society we don't seem to have figured out how to do that. It's time we did.

Thomas F. Cooley, the Paganelli-Bull professor of economics and the former dean of the NYU Stern School of Business, writes a weekly column for Forbes.

Tuesday, 12 January 2010

Google Docs Becomes Google ‘Any File’ as Cloud Wars Heat Up

Google Docs Becomes Google ‘Any File’ as Cloud Wars Heat Up

Google is now offering a small virtual hard drive in the cloud so you can access all sorts of files anywhere — the latest salvo in an arms race to become the dominant player in cloud services.

As with many Google initiatives, this one may be deceptively modest: When it is completely rolled out, Google Docs will accept uploads of any kind of file — not just text and spreadsheets. That move heightens their competition with Microsoft, and takes on Apple and a number of small startups in the business of creating backup and storage space on remote servers.

This business is suddenly becoming viable with the ubiquity of broadband connectivity (which makes things almost as accessible as they’d be on your hard drive) and the popularity of netbooks (which are usually light on internal storage). Cloud computing also makes it possible never to lose data when you drop your beloved laptop, or when you don’t have it with you.

It’s already a crowded field, with all of the usual suspects: Microsoft’s cloud-based platform, Azure, is already available in a fully a la carte pricing scheme geared toward their core enterprise customers, and it offers a 25-GB online Skydrive for home users through its Microsoft Live services. Apple’s Mobile Me (once known as iDisk) has a 20-GB floor for $100 a year and a family plan in keeping with their mainly consumer focus.

For now, Google is portraying the initiative less dramatically, as a USB key rather than as a hard-drive replacement.

Instead of e-mailing files to yourself, which is particularly difficult with large files, you can upload to Google Docs any file up to 250 MB…. This makes it easy to back up more of your key files online, from large graphics and raw photos to unedited home videos taken on your smartphone. You might even be able to replace the USB drive you reserved for those files that are too big to send over e-mail.

While text documents and spreadsheets don’t count toward the total, the offering is actually quite underwhelming in terms of capacity: 1 GB, with extra storage available for $0.25 per GB/year. By contrast, Gmail now offers more than 7 GB of storage for e-mails and attachments, while Google’s Picasa lets you store 10 GB of photos.

But perhaps this is just a beginning of the famed Google Drive, a full-on hard drive in the sky. It’s one more step to make the free Google Docs into a compelling alternative to Microsoft Word — another attempt to break the hold Microsoft has on the desktop to transition users to using the internet even more (because that’s where Google makes its money).

If this is the precursor to something larger — say a giant Google drive that combines Gmail and Picassa, etc., Google ought to get themselves and their checkbook over to Dropbox, the little startup that offers a fabulous service that turns a folder on your PC or Mac into a shared storage drive. And if I were at Yahoo or Microsoft, I’d hope to get to Dropbox ahead of Google.