Over the past couple of years I have attended quarterly briefings given by CheckPoint Canada that give me some perspective on Internet security issues from a third party (relative to Microsoft, Google, Facebook, Skype, etc.) who understands not only the issues that challenge a business’s Internet security but also how they are changing over time. I’m more interested in the security issues overview and what business issues need to be considered and addressed, not the technology details. (I’ll trust CheckPoint’s sales results to be the guide as to their credibility.) CheckPoint Canada’s presentations are quite educational in this respect, in part due to the knowledge and passion of their lead technical resource for Canada.

At the most recent presentation two weeks ago I learned (i) about the evolution of CheckPoint’s new approach to addressing security at the enterprise level and (ii) about an experience that demonstrated one simple example of CheckPoint’s thoroughness at identifying and addressing Internet security issues at a personal engagement level.

In taking a new approach there are several changes in the business environment that challenge the ability of simple solutions such as firewalls and IP address identification to manage security, including intrusions such as malware and business data loss.

• Users have more than one device: a PC, a smartphone, maybe even a tablet.
• Employees need to be able to carry on personal activities, such as banking, from their place of employment
• this creates data privacy issues
• IP address-based policies no longer work – users no longer belong to one network.
• The emerging IPv6 standard means that it will become very difficult to track activity via a “single” IP address; also the IPv6 protocol is not a simple extension of IPv4’s nnn.nnn.nnn.nnn format.
• Security policies need to synchronize with a customer’s internal business processes as the priority.
• Use of collaboration tools and services is on the rise; not everyone is at one “secure” location.
• Security needs to address permission issues involving both websites and applications
• 189 new websites were created every minute in 2010
• The rise of video use for, say, marketing and support create bandwidth issues

Yet businesses obviously continue to seek protection against security breaches and data loss at minimal overhead and costs to the operation.

CheckPoint addresses these issues with a focus on the business’s policies, people (employees and contractors who need access) and enforcement as opposed to the underlying technology infrastructure. This is reflected in their unique ability to configure their installations to meet a business’s needs. In its infrastructure CheckPoint maintains a dynamically updated database of critical data.

In part CheckPoint addresses these issues through engagement of users as they attempt to visit a website or use an application:

• For instance, when accessing Facebook, a notification comes to the user advising of company policy and a warning about the information that cannot be shared on Facebook.
• Exceptions can be established to permit access to, say, an online banking site without inspecting data.
• All traffic is inspected to ensure SSL certification where appropriate.

One issue CheckPoint addresses is data loss prevention, both internally and externally. Here is one example of how CheckPoint has a significantly complete offering that provides a warning to the individual employee’s activity.

CheckPoint Canada’s Regional Security Engineering Manager was recently checking out one of Checkpoint’s new data loss prevention (“DLP”) tools on his home network (no, they do not have a home product, yet). He attempted to check into an Air Canada flight via the Air Canada application on his iPhone. But the DLP software identified an issue:

His personal information data – including his Aeroplan number – was going across the Internet to Air Canada as unencrypted clear text. Apparently doing an Air Canada check-in via their website is encrypted; however, until Air Canada addresses this issue for their iPhone application (they have been notified), Kellman will not be doing check-ins via his iPhone (and probably the same applies to their BlackBerry application).

Bottom Line: What I can say from the presentation is that CheckPoint has developed not only the technology expertise but also the business experience that addresses they dynamic nature of the Internet, its growth, its usage and its security threats while ensuring that individual users can be comfortable with their work and personal activities. As with business use of social media, engagement of the individual user is a key to their ongoing success. (And their recent sales growth is the best indicator of that success.)

One final comment: CheckPoint employees are heavy users of Skype and, in fact, CheckPoint has no qualms about allowing usage; in the case below, the CheckPoint customer is giving permission for its sales department to use Skype. I’ll have more to say in another post about Kellman’s use of Skype to keep in touch with his young family while having a heavy travel schedule across Canada and to CheckPoint’s headquarters in Israel.

Over at Disruptive Telephony, Best Practices Chair of the VoIP Security Alliance, Dan York, summarizes recent reports on a security vulnerability in Skype for Mac.

Given that I basically live inside of Skype for Mac and use it extensively every day, this is obviously extremely concerning. Particularly because I do let anyone on Skype send me messages… and my Skype ID is easily found on my websites and many other locations (and since is rather obvious – “danyork”).

As a heavy user of Skype for Mac’s group chat feature, Dan questions why there has been no communications from Skype other than a response to ZDNet UK’s story where they say:

UPDATE (5:13pm): Skype has just sent ZDNet UK a statement promising a fix next week. The statement reads: “We are aware of this and will release a fix early next week to resolve the issue. We take our users privacy very seriously and are working quickly to protect Skype users from this vulnerability.”

This evening Skype has responded in their blog post, Security Vulnerability in Mac Client Has Been Addressed. To summarize:

• Skype acknowledges they were aware of the vulnerability, not only via Pure Hackers but also their own internal processes
• The issue was addressed in a “minor” update, version 5.1.0.922 released on April 14, 2011

This vulnerability … is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized, hence the term malicious contact.

However, they also stated:

As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week.

And go on to point out that customers will prompted to install a more comprehensive update to be released next week. But they made the following statement:

In the meantime, we recommend you update your software with the fix made available on April 14th, just click on Skype -> Check for Updates or you can download the software here.

I checked my installed version; it was 5.1.0.914. I did the “Check for Updates” and was told there were “no updates”.

Bottom line: download the updated software here (version 5.1.0.9220 and install it to ensure you have no exposure to this vulnerability. And expect to be notified of a more comprehensive update next week.

You can’t win … when customers are heavily prompted to update, there are complaints; when they are not prompted the story somehow gets out  anyway. Decisions, decisions….

One final question: will this update address any of the issues discussed not only in my recent posts but also in several other online discussions (listed at the end of some of these posts).

Update: Dan questions why this issue even had to come to light in ??Skype’s Security Communication FAIL – Why Issue a HotFix If You Don’t Tell Anyone?

Related articles

• Skype Bug Leaves Mac Users Vulnerable to Exploit (macstories.net)
• Expert: Skype for Mac hole can be used in remote attack (news.cnet.com)
• A bug in Skype for Mac could give hackers root access to OS X (thenextweb.com)
• Skype bug gives attackers root access to Mac OS X (theregister.co.uk)
• Skype vulnerability discovered by Pure Hacking (purehacking.com)

Over the past two years I have been occasionally reporting on Tungle, the meeting accelerator that facilitates scheduling meetings and conference calls. Tungle’s goals as a service are:

• bring down barriers, such as different calendar programs, between companies and work teams
• share availability (Busy/Free status only)
• respect privacy and user control

In summary Tungle wants to be “the last mile” for booking a meeting.

Since my last report a year ago on the introduction of the Tungle.me feature, Tungle has added several features including:

• a BlackBerry client available via the BlackBerry app store,
• participation in Google Apps Market Place
• addition of Plancast to its existing social networking integrations with Twitter, FaceBook and LinkedIn, Ning, etc. and
• integration into Lotus Notes.

Basically Tungle has been building up an infrastructure and partner relationships that accelerate meeting scheduling across your email contacts and social networks. Key to its success is that individual users of Tungle can be agnostic with respect to their calendaring program. Tungle works with Outlook, Google Calendar and Lotus Notes as well as iCal and Entourage on the Mac. And it adapts to a user’s local time zone; Tungle has users in over 100 countries across all the world’s time zones.

At the same time Tungle has evolved its various user interfaces to make Tungle much more readily accepted by both the meeting organizer and the invitees. Key here was the removal of the need for an invitee to actually be registered with Tungle. Simply receive a Tungle invitation via email, click on a link, show your available times and the meeting organizer can move ahead with scheduling a meeting, including sending meeting time confirmation emails.

But there were still many opportunities to improve Tungle and further accelerate meetings. Today Tungle is announcing Tungle.me 2.0 with several new features that “extend the application’s social networking features with the addition of a public directory, search functionality, and group meeting capabilities”.

Modify Your “Weekly Availability”

A year ago Tungle introduced Tungle.me where you could, at your discretion, show times you are available for meetings on a “weekly” basis from a URL, “tungle.me/username”, that could become, say, part of an email signature. Your Tungle.Me availability would automatically be modified as you reserved times slots in your calendar application. As the first of several new features introduced today, users can also edit or customize those availabilities on a daily basis should you decide to take time off for a golf game, have a “must attend” family event or have the boss second you into a short term project.

Tungle.Me Public Directory and Search

Since introducing Tungle.me Tungle has also discretely developed a Tungle.Me public directory accompanied by Tungle.me Search. Provided a user gives appropriate permission, you can now search Tungle’s public directory for a particular user and see if they have made their availability information accessible to schedule one-on-one meetings. Over 85% of Tungle users have given the appropriate permission; recall that only your “Free/Busy” time availability is shown – with no details of why a time slot is tied up or an associated meeting location. But Tungle Search simply becomes one more contributor to a key new feature.

Accelerating Meeting Scheduling Through Aggregation

A major issue that has held up the time taken to schedule multi-participant meetings was the need to have responses from at least a significant portion of the potential participants. This could take two or three days waiting for responses while others are tentatively holding time slots open in the back-of-their-minds if not on their calendar.

Yet, as mentioned above, the information of their availability, if a registered Tungle.me user, is accessible. Today’s announcement is about accelerating meetings through aggregation. Simply go to your Tungle.me Home page (www.tungle.me/username), select contacts who have made their information available and you have an overlay showing what time slots are available. Bingo! Set either the suggestions for a meeting time and send an invite email with pre-qualified time slots or just set a meeting time, if appropriate in context. (Another hint: cursor over an individual contact’s name to overlay a view of the individual’s availability.)

In the graphic below, purple represent my own committed time slots for this week, light blue represent committed time slots of three other invitees to the prospective meeting.

Tungle.Me Groups

While the above process helps to set up one-time meetings, for teams or groups that meet frequently, Tungle.me’s most powerful new feature is the creation of contact Groups. Much like the Group Contact feature in Skype you can designate the members of a group and create the Group as an additional contact. Want to see when your group can get together, simply click on the Group’s name in your Tungle Contact list. You will immediately see the available times at which your Group can come together. Best part of Groups: you can create a URL, “www.tungle.me/username/groupname”, so that all members of your group can quickly see the group’s availability from any web browser.

Two overriding guidelines to Tungle.me’s new features:

1. Privacy – you only make public your available times. No information is provided about why your time slots are tied up or where you will be physically.

2. Aggregate availability to show common times available for meetings with one or two mouse clicks.

Tungle CEO Marc Gingras has provided a short demonstration video to provide a more dynamic introduction:

Bottom Line (and Full Disclosure): I have been using Tungle and Tungle.me for the past two years, witnessing its evolution into a fully featured, easy-to-use service. Consistently their goal has been to improve the user interface, making it a “no-brainer” service to use whether a meeting participant is a registered user or not.

Fifteen years  ago I was taking up to a week to schedule cross-company meetings via emails. Tungle brings the process down to a few easy to follow steps that pull together readily accessible user information and time slots through one service platform such that a meeting can be scheduled within hours, if not minutes. No longer simply an aggregator of user availability, Tungle, incorporating its own social networking ecosystem, has become a key social networking tool that can facilitate the real time “social sharing” envisioned by Skype’s Jonathan Rosenberg at his recent eComm keynote.

Tungle CEO Marc Gingras has also put up a few blog posts with more details on these new features:

• Search and Directory
• Tungle.me Groups
• More new features
• Concerned about privacy? Don’t be

Related articles by Zemanta

• Tungle and Plancast Partner to Bring Together Social Calendar Sharing & Scheduling (eon.businesswire.com)
• Tungle makes scheduling meetings a bit easier (bbgeeks.com)
• Cloud Synergies: Lotus Notes Adds Tungle, Tripit and Gist (readwriteweb.com)
• Tungle.me for IBM Lotus Notes Collaboration Software Now Available; Makes Scheduling Meetings Easier for the Many Millions of Lotus Notes Users Worldwide (eon.businesswire.com)
• InnerPass 2.0 – Exposing Skype’s Collaboration Potential to Over Two Million Users (voiceontheweb.biz)

If you own a brand name as a TwitterID, take heed. Twitter will reveal your ownership details to the brand owner. Nerdgirl Stephanie Robesky, a former employee of a venture fund established by the founders of Skype, was shocked recently into realizing she still owned the @Skype TwitterID even though she had moved on in her career and never used the account. In an email exchange with Techcrunch she responded:

“I registered the Skype Twitter name because I worked at Skype at the time so thought it might have been of use to us at some point. I’m sure I told someone in marketing who ignored me and had no clue at the time what Twitter was. Left Skype last year and forgot that I even had registered the name until yesterday… Glad they don’t have my credit card details.”

In her own Nerdgirl blog she wrote a letter to Twitter:

I would like to say, however, that I am hugely disappointed that my name, email address (even if it didn’t work) and details were given out to anyone in reference to any account held on Twitter.  And, yes, someone at Twitter did give this information out and this is how I was contacted about the account, so please do not try to deny it.  This is a violation of my privacy and, quite honestly, probably a big violation of your privacy policies. It is unprofessional of your team to hand out users information regardless of circumstances and this is something that we never would have done at Skype – even if Obama himself couldn’t log into an account that he says wasn’t even his!

I hope that you and your team take privacy more seriously in the future.

Read the Mike Butcher’s amusing post on Techcrunch, Gone in 140 characters – Privacy issues raised as Twitter employee hands over personal details of @Skype registrant to Skype, for more details.

I always appreciated that Twitter would close down accounts that had an element of illegitimacy to them. However, let’s hope Twitter can come up with a more discrete protocol for handling issues involving use of brand names as TwitterID’s.

In closing I need to draw your attention to the Chief Twitter Officer for Skype: Skype’s blogger Peter Parkes, who goes by the ‘nom de Tweet‘ PeteratSkype. Peter is often found addressing individual customer issues in the Twittersphere. You do need to be following him in order that he can DM you a reply to any Twitter queries.

This is the third of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report “Breaching Trust”.

Two weeks ago Phil republished an April 2006 Skype Journal post with about sixteen questions related to the TOM-Skype security breach discovered by Nart. My interview provided answers to several of these questions but I ran them by Nart for more completeness, where an answer or response was feasible.

1. Is TOM only filtering chats where at least one of the callers’ accounts were signed up by TOM Online?

A: One party must have the TOM-Skpe client installed. For example, if you (a normal skype user) sign in via a friends Tom_Skype client you’ll be filtered. If you (tom user) sign in on a normal Skype client, you won’t be filtered.

2. Will TOM filter chats if both parties are Chinese nationals but outside the PRC, say traveling in the US?

A: It is all dependent on which client software is installed. If you are using TOM-Skype you’ll be filtered no matter where you are (although the degree to which you are filtered may be dependent on your IP address). TOM-Skype would definitely have the Call Detail Record associated with the call.

3. Is TOM only filtering conversations where at least one of the parties are using the custom [TOM-Skype] version of the Skype client written for the joint venture?

A: Yes

4. Will TOM filter conversations using the TOM client being used by non-PRC nationals who are outside of China?

A: Since you have a TOM-Skype client here, Yes.

5. Does TOM’s contract with Skype provide for disclosure to Skype and Skype users when their information is provided to a government official? Not at this time.

A: I don’t know. It would be nice to have a Chinese speaker read the EULA you agree to on the install.

6. Are records of what the filter does kept? If so, by whom? Does Skype have or keep copies of those records?

A: Yes: TOM-Skype’s servers: unknown.

7. Does the filtering mechanism use a list of keywords? If so, is the list public? May I have a copy? Who has the list? How often does it change?

A: There is an encrypted keyfile that the TOM-Skype client downloads that I believe contains the keywords. There are also a few entries from the keyfile hardcoded in skype.exe (TOM-Skype version)

8. Are the keywords only in Simplified Chinese or are they in other languages too?

A: All languages but 60% English and 40% Chinese for the majority of conversations. English appears to be swear words, Chinese appears to be political.

9. Is China the only country where Skype and Skype’s partner have set up filtering? Have you done any testing for any other countries?

A: I haven’t tested any others.

10. Do all Skype chats have the potential for a hidden participant, whether human or a robot? ??

A: I don’t know.

11. Are filenames for transfer subject to filtering?

A: There are logged messages that are essentially the “this file was shared with participants of this conversation” message.

12. Are people’s names among the keywords?

A: Possibly SkypeID’s (but not real names), but also names of Chinese political people e.g. Hu Jintao

13. Are the content of files transferred via Skype also subject to filtering?

A: Unknown.

14.. Does Skype encrypt end-to-end the IMs that are subject to filtering? ??

A: Yes. TOM added an addition layer to the client that uploads the messages.

15. In a multiparty, multinational chat, can I as an American citizen have my text to a British subject filtered if someone from Shanghai is in that chat too?

A: I am not sure about it being filtered (such as not to be displayed in the recipient’s chat window) but it can be logged.

16. Are audio conversations, where at least one party is in China, being listened to, filtered or recorded?

A: Only the Call Detail Record, there appears to be no interception of the voice stream.

17. Are all calls filtered, or only if users meet certain criteria, or are conversations selected for filtering randomly?

A: Other than the call detail record I don’t have evidence that suggests the content of voice calls were being filtered or monitored, but I wouldn’t rule it out as a possibility.

Bottom Line: If your chat conversation includes someone using TOM-Skype, you can assume there may be filtering of chat messages and/or logging of Call Detail Records. Conversations where all participants are using the normal Skype client cannot be filtered or logged.

Next post: Nart’s recommendations to Skype.

This is the second of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report “Breaching Trust”.

After discussing the report itself and some of the follow up activity, we went on to talk about The Citizen Lab, its mission and its activities. From their own website they are “focusing on advanced research and development at the intersection of digital media and world civic politics”. Nart described their activity as research on the politics of technology.

Under the leadership of Professor Ronald Diebert, their activities are carried out by graduate students with an undergraduate degree in either computer science or political science who join the lab to build up expertise in the other discipline while carrying out their research. They explore issues using their strong understanding of technology to “lift the hood” behind various politically and/or economically motivated intervention of web-based information exchange by governments and other agencies.

Assisted by a worldwide network of volunteers and a check list of relevant websites, they can develop a sense of the content that governments are censoring. According to Nart, all governments do some form of surveillance but definitely not to equal levels of resulting actions. At one extreme one finds outright blocking of content but the UAE has economic motivation to block Skype to protect a local communications monopoly. Apparently the Saudis are most interested in blocking porn. China obviously allows “uncensored” content to pass through but we are aware that Skype Journal is often blocked.

They will look at filtering techniques used by various countries, the type of content being blocked and try to determine the “local” government’s policy environment in which filtering is taking place. At this point in time most filtering addresses websites but gradually some countries are moving into screening applications (as we have seen with TOM-Skype). There is also “social filtering” censorship activity that involves blocking of porn, drugs and gambling.

At this point companies, such as Google, Microsoft and Yahoo, are modifying their products to address various “local” issues. For instance, Google has modified their process for enquiries from designated countries to “pre-filter” results delivered from their own servers in the U.S.. But then they put out a notification for “filtered” results with the wording for some search results: “to comply with local law, some results are not displayed”. On the other hand Google will not offer GMail accounts with a “.cn” domain name and does not make Blogger available in China.

The Citizen Lab also participates in a broader effort to develop guidelines for Internet companies operating in China. But, given that has much broader implications, it will be the subject of another post.

Next post: Answers to Phil’s Questions

Tags: Citizen Lab, censor, filter, Nart Villeneuve, Ronald Diebert

This is the first of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report “Breaching Trust”.

Last Tuesday afternoon I returned to a University of Toronto building I had last visited in its role as an engineering students’ residence in the mid-1960′s. Abandoned as a residence in the 1980′s, the building was restored in the late 1990′s to house the Munk Centre for International Studies, when the university’s Centre for International Studies was designated as a strategic priority for future growth. In the basement of the former Devonshire Place South House, I found the Citizen Lab, “an interdisciplinary laboratory focusing on advanced research and development at the intersection of digital media and world civic politics”.

I spent 90 minutes with Nart Villeneuve, the PhD student and Psiphon Fellow, who was the principle investigator resulting in the Citizen Lab’s recently published “Breaching Trust: An analysis of surveillance and security practices of China’s TOM-Skype platform”. We covered a wide range of issues related to this report, from the initial contact with New York Times through to the follow up activities as a result of the report’s release. We also discussed the broader mission of the Citizen Lab and some recommendations for how Skype should address the challenge of participating in the China market while making all parties aware that their conversation activity may be tracked.

Key points about the report and the follow up activity:

• A major issue to address in dealing with the media has been the confusion resulting because there is a need to separate out the security breach that allowed Nart to gather the data he has gathered and the functionality of the TOM-Skype servers resulting in the capture and logging of chat conversations and Skype calling activity. (There was no evidence of capturing voice calls themselves).
• As a result of reporting this breach prior to release of the document to New York Times, the security breach itself has been closed but there is no evidence that the actual information capture activity has ceased. Nart has been checking daily to confirm that the security breach remains closed.
• There was a period of several hours between finally establishing contact with someone at Skype who could initiate action to address the security breach and the final close down of the breach. During this time Nart observed blocking of read access to the directories but since he knew the file names he was still able to follow a reconfiguration of the web servers, removal of sensitive files, such as an encryption key, and disappearance of the log files such that they were not accessible.
• While they have captured a significant quantity of call log data going back a year, they are being careful not to expose any of the detailed information which comprised both chat message logs and what amounts to call detail records for voice calls; more details are in the report itself. Basically they don’t want to compromise anyone individually.
• While the log files are still under analysis, they have been encrypted while he continues to mine them for any additional information they may expose. Eventually it is his intention to destroy even these files.
• Messages were about 40% Chinese, 60% English with a small smattering of other languages.
• While it would be very difficult to reconstruct an entire conversation thread, as only each individual message was logged with no ready reference to other messages within the thread, they could build social graphs of conversing parties.
• There are at least two versions of the TOM-Skype client: a normal version and a second version with additional features such as a Baidu Toolbar; however the promote.dll module in this can trigger off anti-virus scanners such as Norton.
• Other evidence that the servers had been compromised was the discovery that the servers were hosting “pirate” movies and had the appropriate software to support Bit Torrent transfers.

Nart had three definite recommendations for Skype; we also covered the broader issue of global enterprises doing business in China. These will be covered in future posts.

Next post: The Citizen Lab: Its broader mission and findings.

Tags: Skype, Citizen Lab, Breaching Trust, TOM Online, TOM-Skype, Nart Villeneuve, Munk Centre for International Studies

Taking back control of your real time communications in the AlwaysOn world.

(While this post was published originally  inFebruary 2007, it still has even more relevance in a very active Social Networking world; see the Update note at the end of the post).

When reporting on my visit last summer to an Alexander Graham Bell museum near his summer home, I discovered an interesting facet to his lifestyle:

In all his homes he had a separate office/laboratory room where he could be a night owl geek writing, experimenting and thinking. But he never had a telephone installed in any of his offices/labs.

Dr. Bell did not want his experimentation activities interrupted during his time in his home offices. Local folklore (I live less than an hour from RIM’s headquarters) has it that when Jim Balsillie, CEO of Blackberry manufacturer Research In Motion, enters his home, his family has asked him to leave his Blackberry at the door. And for years we have been searching for solutions to the dinner-time interruptions of those persistent telemarketers. In the Skype world we have those who seem to think a simple “Hi” in a chat window is sufficient introduction to start a conversation with a total stranger from the other side of the world. The potential for interruptions has become prolific with the introduction of each new technology and/or service, especially those that are “AlwaysOn”. In turn these AlwaysOn services expose us, as users, to being “Always Available”.

Yet we build our lives around communication with friends, lifestyle service providers and business colleagues who need to communicate at an appropriate time and in an appropriate manner. In today’s AlwaysOn world, made possible through both broadband Internet connectivity and mobile phones, there has arisen a crying need to manage our interruptions based on our interpersonal relationships and the real time context of our current activities. We want to ensure our communications efforts and time are spent more effectively with friends and family and spent more productively with the lifestyle service providers, business colleagues and clientele with whom we need to converse to carry on both our personal life and business activities. But such a demand requires a more intelligent algorithm for providing presence and availability information.

Over the past few weeks I have had the opportunity to evaluate many real time communications modes on new platforms such as the Blackberry 8700, Nokia N80i (selected since it runs on both WiFi and all four GSM bands) and a couple of models of the newly released “PC-Free” Skype phones. As a result I have had the opportunity to experience many modes of interruption of my activities and many modes of generating interruptions of my Contacts’ activities. They all have an element of providing basic presence information prior to making a phone call and, in some cases, also provide an ability to Chat through an IM client. And through these devices we also have new modes of real time communication: SMS messaging, email, and, with the arrival of embedded GPS, location-based services. More AlwaysOn services that simply increase the potential to be “Always Available”.

• While at CES, I used Blackberry Messenger to communicate directly (PIN to PIN) with key business contacts as I toured the exhibition floor and as we approached the time for key meetings. This “direct” channel was instantaneous and improved our “conference” productivity in a very crowded and noisy environment where voice communications was not only relatively expensive but also almost physically impossible due to background noise. Through its “Open Conversation” mode, one has an element of presence (Available/Not Available//Online/Offline) of user-designated remote contacts.
• Truphone on the N80i allows me to make calls from any WiFi hotspot (provided I have or can readily obtain authentication) but has no ability to tell me if my remote contact is readily available for a real time conversation.
• Fring (also on the Nokia N80i) provides both traditional presence and chat capability with my Skype, Gmail and/or MSN Messenger contacts but its “fringing ringing” with every chat session entry becomes overbearing and very annoying, especially once when I was in five concurrent chat sessions.
• “PC-Free” Skype phones provide Skype’s basic presence but no chat capability. So one cannot invoke the standard VoIM protocol of texting a Contact to enquire if s/he is available to take a Skype call.
• My Blackberry email messages are restricted, via a web-based service from my Service Provider, such that only those email addresses I have designated will find their emails forwarded from my legacy email to my Blackberry.
• Over the past several weeks I have been participating in the technology preview of iotum’s Talk-Now for Blackberry.This testing has provided plenty of opportunity to think about (i) when I want to be interrupted for a real time conversation and (ii) when I want simply to to be able to access presence or availability information in the context of not only my Contacts’ current “status” but also his/her current work activity and even previous communications activity.

Concurrent with managing interruptions I also need the intelligence to manage multiple phone connections (and, potentially, multiple IM connections). For instance,

• “PC-Free” Skype phones potentially put the user in the position of effectively having two phones, especially if one wants to continue to use Skype for business via a legacy PC Skype interface but the “PC-Free” phone is to be used in conjunction with, say, a home phone line. This creates the need to sign up for an additional Skype account for the “PC Free” phone. (More in a separate post.)
• My Fring installation is on a separate device which is the only one that supports both WiFi and GSM connectivity.

Bottom line is that I want to manage my availability for real time communications taking into account:

• Whom I want to be interrupted by in real time? whether the communications mode is chat, voice, SMS, video calls, etc.
• How do I triage my incoming calls to determine if I need to answer immediately or should wait until time permits a callback.
• What is the context of the interruption? Am I in a meeting? Is the caller someone whom I will be meeting later in the day and may want to discuss arrangements for that meeting?
• What is the relationship between me and the Contact? Is s/he a customer, a work colleague, a friend or a family member?
• What hours am I available for business activities? for personal activities?
• What is the context of the Contact’s current situation? Is s/he occupied by a meeting or willing to accept business calls at this time? What are her/his personal/business hours?
• How do we avoid voice mail tag? A recent study of calls placed at CAP Gemini showed that 82% of all calls end up in voice mail and it takes 3.15 attempts to make a voice connection.
• How do I ensure that I don’t miss either business or personal opportunities through ad hoc calls?
• How do I want to be notified of an interruption: a loud ringing phone? a silent vibrating phone?, a ring tone in my Bluetooth headset?
• What is important enough in context to trigger a notification (and therefore an interruption)?
• On what device (or service) do I want to be interrupted at any given point in time and physical location?
• How can my real time communications activity make my day more productive?

What are the implications for the developers and providers of new services?

• While the ability to open the same Skype account on several platforms can be convenient, it raises issues of currency of presence information on any device, including which platform should be considered the “primary” platform for, say, chat messages? How does one keep all the open clients in sync, especially with respect to presence information?
• How can I share my real time availability information with my critical business colleagues to ensure ad hoc access while reducing voice mail’s “running interference” and/or inappropriate interruptions?
• How does a service provide maximum end user flexibility with respect to issues such notification method, desired device at the time, hour of the day, designating Contacts’ relationships, etc.
• How can a service maintain an element of personal privacy in this era where identity theft and aberrant personal exposure can change your life forever?
• How does a service prejudice my interruption management towards those whom the user really wants to communicate with, yet not miss personal and business opportunities that arise from new introductions?

At this point in time there is no single answer. But through technology preview platforms such as Talk-Now, Fring, Truphone and new types of products, such as the “PC-Free” embedded Skype phones, we are getting a chance to experience in practice when, where and how we want to be interrupted. Hopefully these experiences will build the etiquette and protocols for implementing what Alec Saunders at iotum has labeled “New Presence” – delivering intelligent availability in a real time context to facilitate ad hoc interpersonal communications.

Bottom line: I want to be able to participate in the conversations essential to my lifestyle and my business operations – when, where and how I choose. And the service(s) of choice will only rise above the noise (and become a revenue generator) when I can take back control of my life – through a focus on restoring my privacy and my prejudices to my communications activity.

Update April 12, 2011: While iotum’s Talk Now service has gone away and iotum now offers their CallifFlower Conferencing service, the concepts of this Interruption Manifesto actually apply more deeply given all the approaches available in a Social Networking world.