It's over: All private data is public

By Roger A. Grimes

Created 2013-06-18 03:00AM

This is not another article explaining that Google and Facebook already know everything about us or that our governments sniff all our Internet transmissions [1]. That's true, but it's just the tip of the iceberg.

This article represents my own realization of the incredibly poor state of data security and what that means about our privacy and data privacy laws. If you're looking for an upbeat article with feel-good solutions, stop reading now.

[ The NSA upshot: We're finally taking Internet privacy seriously [2]. | Learn how to secure your systems with the Web Browser Deep Dive PDF special report [3] and Security Central newsletter [4], both from InfoWorld. ]

I'm pretty sure I'm not the first person to have this epiphany, but I'm happy enough with myself that I'm going to call this Grimes' Second Corollary. My first corollary [5] states: "Whatever is the most popular software in a particular category is also the most successfully exploited software." It's been retroactively true since 1986, though I came up with it somewhat later [6].

Grimes' Second Corollary

I feel confident enough in my second intelligent thought of the last decade to declare this revelation my second corollary.

To wit, in a world where every single entity is thoroughly hacked, it is naive to try and determine how ethical or legal it is for a particular custodial entity to hold a particular database by considering only individual circumstances or scenarios. It's wrong to ask if Google, Facebook, our government, your hospital, or your bank should be allowed to collect and store personal information about you. That's the old way of thinking.

Instead, we must ask ourselves if the database in question should be collected or created if we knew that information could be seen by the world -- because it will be or already has been.

No custodial entity can ensure the data it holds will remain private. We must instead assume that information can be stolen by unauthorized parties. If you ask security experts, every database worth stealing is already in the hands of someone who shouldn't have it. This is not wild conjecture; this is the general, well-understood consensus of the world's best computer security experts.

Yours, mine, and theirs

We need a new way of thinking until we can begin to control cyber crime, which won't happen anytime soon. We need to start thinking about any information we give as being given to the world.

For example, a hospital may have and need our medical and financial information. Yet we must, especially in today's world, assume that our hospitals have insufficient IT controls. Hackers can get that information at any time if they want it. They could sell our medical information to insurance providers and our payment records to credit bureaus, or they can give our credit card or bank account information to thieves. The formal, legal entities that collect the data are usually unaware that the information is pilfered, at least for many months or years.

Because all companies are doing a poor job at protecting data, it seems humorous to consider only whether a particular company or entity should have particular database. Simply by virtue of its collection and existence, our data is being shared by the world and the world can do anything with it.

There's a very good chance that many strangers around the world already know more about us than Google and Facebook. They may even know more about us than we know about ourselves.

Open to the world

We must determine whether or not a particular database should exist, not by a single, isolated evaluation of risk, but by a global evaluation of risk.

The norm isn't that some company's databases are stolen. Most privacy discussions should begin with the assumption that all companies' databases are stolen or are likely to be if they contain anything of value. If that assumption is correct -- and it is whether or not we acknowledge it -- then I think the answer would often be no, we should not trust most companies to hold and secure most data.

It doesn't take malware [7] or Chinese APTs [8] to steal all our secrets. Potentially every person who has legitimate access to our data can leak information.

For example, Bradley Manning is currently on trial for leaking top military secrets. If he is found guilty, he needs to go to jail. But 1.4 million people in the United States have top-secret security clearances. It's likely that at least a few -- if not more -- of them are leaking secrets, too. It can't just be Pvt. Manning. He was simply dumb enough to get caught. I've read about American spies stealing secrets for more than a decade before they were nabbed.

In the corporate world, you'd be amazed at how many staffers in a company can read, copy, or download a private database meant to be seen only by a few people. I frequently conduct data protection audits for big companies, and what I find no longer astonishes me.

On top of that, every outside company and contractor that has access to the data is a potential point of leakage. It's almost certain that one or more of those data custodians have been thoroughly compromised.

By accident or design

Often data leaks are purely accidental. Millions of people inadvertently overshare other people's personal information every year -- by posting on public websites, excessively divulging details in public documents, or leaking through a file-sharing program they installed to illegally download movies.

Do a little search engine "hacking" to find classified or top-secret information and you'll be amazed. You'll find entire state databases of financial information sitting on the Web -- for years -- just waiting to be downloaded. Spend a little time Googling for passwords and other supposedly secret information and you'll scare yourself.

Wait, it gets worse. You might think information is protected, but guess again. Most cryptographers believe that in less than one decade, quantum computing will be marshaled to crack any encryption [9]. We spend our professional lives protecting information inside of encrypted datastreams and encrypted files. One day those boundaries will suddenly evaporate. The world's governments are symmetrically recording all encrypted traffic because they know it will all be easy to read soon enough.

The truth will set you free

My intention is not to scare anyone. It's to awaken everyone. Our private data hasn't been private for a long time. The first decade of the third millennium will go down in history as a period of time in which the world's thieves stole everything.

Our laws and regulations are all written with the assumption that data custodians can protect data. That assumption is wrong. If that is so, should any entity be allowed to collect our information?

The answer is no -- and I can't blame you for responding that preventing any company from collecting our personal data would bring business and industry to a halt. I'm not the one making the rules. The laws and regulations say that data custodians must be able to protect our data. They clearly can't. They clearly haven't. Nothing they are doing to improve their security right now is making it any better in the short term.

I'm not the bearer of bad news. I'm your enlightenment. You can take the red or the blue pill. It's up to you.

This story, "It's over: All private data is public [10]," was originally published at InfoWorld.com [11]. Keep up on the latest developments in network security [12] and read more of Roger Grimes' Security Adviser blog [13] at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter [14].

Security Data Security

Source URL (retrieved on 2013-06-18 02:42PM): http://www.infoworld.com/d/security/its-over-all-private-data-public-220901

Links:

[1] http://www.infoworld.com/t/internet-privacy/the-nsa-upshot-were-finally-taking-internet-privacy-seriously-220695

[2] http://www.infoworld.com/t/internet-privacy/the-nsa-upshot-were-finally-taking-internet-privacy-seriously-220695?source=fssr

[3] http://www.infoworld.com/browser-security-deep-dive?idglg=?ifwelg_fssr

[4] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_sec_rpt&source=ifwelg_fssr

[5] http://www.infoworld.com/d/security-central/popularity-the-biggest-hack-magnet-886

[6] http://www.infoworld.com/d/security-central/macs-low-popularity-keeps-them-safer-hacking-and-malware-138

[7] http://www.infoworld.com/d/security/download-infoworlds-malware-deep-dive-report-186438

[8] http://www.infoworld.com/d/security/5-signs-youve-been-hit-advanced-persistent-threat-204941

[9] http://www.infoworld.com/d/security-central/imagine-world-no-cyber-secrets-421

[10] http://www.infoworld.com/d/security/its-over-all-private-data-public-220901?source=footer

[11] http://www.infoworld.com/?source=footer

[12] http://www.infoworld.com/d/security?source=footer

[13] http://www.infoworld.com/blogs/roger-a.-grimes?source=footer

[14] http://twitter.com/infoworld

http://www.infoworld.com/d/security/its-over-all-private-data-public-220901?source=IFWNLE_nlt_daily_pm_2013-06-18

Google challenges U.S. gag order, citing First Amendment

By Craig Timberg, Tuesday, June 18, 12:39 PM E-mail the writer

Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests it makes, arguing that the company has a constitutional right to speak about information it’s forced to give the government.

The legal filing, which cites the First Amendment’s guarantee of free speech, is the latest move by the California-based tech giant to protect its reputation in the aftermath of news reports about sweeping National Security Agency surveillance of Internet traffic.

Google, one of nine companies named in NSA documents as providing information to the top-secret PRISM program, has demanded that U.S. officials give it more leeway to describe the company’s relationship with the government. Google and the other companies involved have sought to reassure users that their privacy is being protected from unwarranted intrusions.

In the petition, Google is seeking permission to publish the total numbers of requests the court makes of the company and the numbers of user accounts they affect. The company long has made regular reports with regard to other data demands from the U.S. government and from other governments worldwide.

“Greater transparency is needed, so today we have petitioned the Foreign Intelligence Surveillance Court to allow us to publish aggregate numbers of national security requests, including FISA disclosures, separately,” the company said in a statement.

That information would not necessarily shed much light on PRISM, whose existence was first reported by The Washington Post and Britain’s Guardian newspaper. But initiating a high-profile legal showdown may help Google’s efforts to portray itself as aggressively resisting government surveillance.

All of the technology companies involved in PRISM, including Facebook, Apple, Microsoft, Google and Yahoo, have struggled to respond to the revelations about NSA surveillance. Most have issued carefully word denials, saying that they do not permit wholesale data collection while acknowledging that they comply with legal government information requests. (Washington Post Co. chief executive Donald E. Graham is on Facebook’s board.)

FISA court data requests typically are known only to small numbers of a company’s employees. Discussing the requests openly, either within or beyond the walls of an involved company, can violate federal law.

The technology companies linked to PRISM publicly urged U.S. officials last week to ease official secrecy about information requests. Facebook on Friday night issued its first-ever account of how many data requests the company gets from government entities – state, local and federal – in the United States. That number included FISA requests but the information was categorized too broadly to offer a precise view of these especially secretive data transfers.

The FISA court, composed of 11 federal judges appointed by Chief Justice John G. Roberts Jr., rarely rejects government requests for information and rarely make its opinions public. The court approved each of the 1,789 government requests it received in 2012, except for one that was withdrawn.

In 2008, the court rejected a challenge from a technology company that argued that a government request for information on foreign users was too broad to be constitutional. The court redacted the name of the company and other details when it published the ruling.

Revelations this month about PRISM have sparked fierce debate about the appropriate balance between national security with privacy rights, with U.S. officials in recent days mounting vigorous defense of data collection efforts.

NSA director Gen. Keith Alexander told the House Intelligence Committee on Tuesday that more than 50 attacks – including one potentially targeting the New York Stock Exchange -- had been thwarted with the help of the agency’s surveillance programs. President Obama said on a PBS interview aired Monday night that the government was “making the right trade-offs” in allowing the programs.

http://www.washingtonpost.com/business/technology/google-challenges-us-gag-order-citing-first-amendment/2013/06/18/96835c72-d832-11e2-a9f2-42ee3912ae0e_story.html?wpisrc=al_comboNE_b

Tech companies jockey to seem the most transparent

     

By Sam Gustin, Time

updated 11:33 AM EDT, Tue June 18, 2013

Fearful of a backlash over surveillance, Facebook, Google and other tech companies deny giving the NSA access to their servers.

STORY HIGHLIGHTS

Big Internet companies are tripping over themselves to bolster their public image

Apple, Facebook, Google and others deny giving the NSA access to their servers

The tech companies have released aggregate numbers of total U.S. data requests

But the disclosures skirt around the central issue of the NSA-snooping controversy

(Time) -- Trust us, we're from Silicon Valley.

America's largest Internet companies are tripping over themselves to bolster their public image following blockbuster disclosures about their role in the U.S. government's controversial data-gathering program.

Ever since news reports suggested that major tech firms — including Apple, Google, Facebook and Yahoo — provide the National Security Agency (NSA) with unfettered or "direct" access to their servers, the companies have been waging an aggressive campaign to demonstrate that they're not government stooges.

Now, several of the top Silicon Valley firms are engaged in a game of one-upmanship to show that they are the most transparent Internet company on the block.

The initial reports about "direct access," as part of a classified U.S. intelligence system called Prism, have turned out to be wrong. But the Prism reports have highlighted long-standing privacy fears about how the largest U.S. tech companies handle their vast troves of user data. The Internet giants have come under scrutiny following reports that the NSA uses Prism to examine data — including e-mails, videos and online chats — that it collects via requests made under the Foreign Intelligence Surveillance Act (FISA), one of the controversial laws at the heart of the current NSA-snooping furor.

Following the Prism leak, which was supplied to the Guardian and the Washington Post by whistle-blower Edward Snowden, Apple, Google, Facebook and Yahoo all issued statements — in strikingly similar legal language — denying that they give the NSA "direct" or unfettered access to their computer servers.

But the companies apparently felt the need to go further than those denials, and in recent days have engaged in a competition to demonstrate their commitment to transparency.

Although Silicon Valley has roots in the U.S. military — the Defense Advanced Research Projects Agency was central to the development of the Internet — today's big tech companies are keen to demonstrate their independence from the government and often display a libertarian streak.

Many engineers in Silicon Valley are sympathetic to "hacker" culture. Above all, Silicon Valley tech titans are wary of losing the trust of consumers, which could endanger their businesses. These companies are no doubt well aware of the numerous more secure alternatives to their services, some of which enable users to roam the Internet anonymously.

Google kicked off the transparency battle last week when it asked U.S. Attorney General Eric Holder and FBI Director Robert Mueller for permission to publish "aggregate numbers of national-security requests, including FISA disclosures — in terms of both the number we receive and their scope."

That request was noteworthy because it was the first time Google had even acknowledged that it receives national-security FISA requests. Facebook and Microsoft quickly followed suit with similar requests. A Department of Justice spokesperson told TIME that the agency is in the process of reviewing the request.

Then, over the weekend, Facebook, which unlike Google has never published a transparency report, reached an agreement with the government allowing it to disclose data on U.S. information requests. Facebook said that for the six months ending Dec. 31, 2012, it received between 9,000 and 10,000 data requests, including criminal and national-security-related requests, covering between 18,000 and 19,000 accounts.

"We're pleased that as a result of our discussions, we can now include in a transparency report all U.S. national-security-related requests (including FISA as well as National Security Letters) — which until now no company has been permitted to do," Facebook general counsel Ted Ullyot said in a not-so-subtle dig at the company's rivals.

Shortly thereafter, Microsoft released similar data, indicating that the company received between 6,000 and 7,000 criminal and national-security requests affecting between 31,000 and 32,000 consumer accounts.

"This only impacts a tiny fraction of Microsoft's global customer base," John Frank, Microsoft's deputy general counsel, said in a blog post. "Transparency alone may not be enough to restore public confidence, but it's a great place to start."

On Monday, Apple joined the party and announced that from Dec. 1, 2012, to May 31, 2013, it received between 4,000 and 5,000 requests from U.S. law enforcement for customer data related to between 9,000 and 10,000 accounts or devices, including both criminal investigations and national-security "matters." Apple said it was releasing the data "in the interest of transparency."

Yahoo followed late Monday, saying it received "between 12,000 and 13,000 requests, inclusive of criminal, Foreign Intelligence Surveillance Act (FISA), and other requests."

Here's the problem. According to the agreement Facebook, Microsoft, Apple and Yahoo reached with the government, the companies were only permitted to release aggregate numbers of total U.S. data requests. Crucially, they were not permitted to separately break out the number of FISA requests.

For this reason, we don't know if they received 50 FISA requests, 500 or 5,000. As a result, the disclosures, while laudable, skirt around the central issue of the NSA-snooping controversy, which is the nature and extent of the companies' participation in secret U.S. national-security investigations.

"We believe the companies should be allowed to break out specific numbers for FISA requests," said Amie Stepanovich, director of the Domestic Surveillance Project at the Electronic Privacy Information Center, a Washington-based public-interest organization. "These numbers would provide nationwide transparency. We also believe that individual users targeted under FISA should receive notice that they were subject to surveillance, even after the fact, so they have the chance to contest the surveillance in court."

For Google, which earlier this year was the first Internet company to disclose requests made for National Security Letters (NSLs) — a separate type of query than FISA requests — the arrangement struck by Facebook, Microsoft, Apple and Yahoo was not satisfactory.

"We have always believed that it's important to differentiate between different types of government requests," Google said in a statement. "We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national-security requests, including FISA disclosures, separately."

Twitter, which was not named in the NSA leak as a participant in the Prism program, quickly threw its support behind Google.

"We agree with Google," Benjamin Lee, Twitter's legal director, said in a Twitter message. "It's important to be able to publish numbers of national-security requests — including FISA disclosures — separately."

Thus, the contours of the transparency battle were drawn. On one side: Facebook, Microsoft and Apple. On the other, Google and Twitter.

For their part, Facebook, Microsoft and Yahoo said they would continue to urge the government to allow them to be more specific about national-security requests, including FISA requests. Facebook said it would continue "to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national-security grounds." Microsoft said: "What we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues."

But only Google has thus far resisted striking a deal with the government on the disclosure of data requests. On Monday, a Google spokesperson told TIME that the company had no update on its negotiations with the government concerning breaking out FISA requests.

© 2012 TIME, Inc. TIME is a registered trademark of Time Inc. Used with permission.

http://www.cnn.com/2013/06/18/tech/web/tech-companies-data-transparent/

NSA admits listening to U.S. phone calls without warrants

National Security Agency discloses in secret Capitol Hill briefing that thousands of analysts can listen to domestic phone calls. That authorization appears to extend to e-mail and text messages too.

by Declan McCullagh

June 15, 2013 4:39 PM PDT

The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.

Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed "simply based on an analyst deciding that."

If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he learned. "I was rather startled," said Nadler, an attorney and congressman who serves on the House Judiciary committee.

Not only does this disclosure shed more light on how the NSA's formidable eavesdropping apparatus works domestically, it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls.

Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler's disclosure indicates the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval.

The disclosure appears to confirm some of the allegations made by Edward Snowden, a former NSA infrastructure analyst who leaked classified documents to the Guardian. Snowden said in a video interview that, while not all NSA analysts had this ability, he could from Hawaii "wiretap anyone from you or your accountant to a federal judge to even the president."

There are serious "constitutional problems" with this approach, said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated warrantless wiretapping cases. "It epitomizes the problem of secret laws."

The NSA yesterday declined to comment to CNET. A representative said Nadler was not immediately available. (This is unrelated to last week's disclosure that the NSA is currently collecting records of the metadata of all domestic Verizon calls, but not the actual contents of the conversations.)

Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.

William Binney, a former NSA technical director who helped to modernize the agency's worldwide eavesdropping network, told the Daily Caller this week that the NSA records the phone calls of 500,000 to 1 million people who are on its so-called target list, and perhaps even more. "They look through these phone numbers and they target those and that's what they record," Binney said.

Brewster Kahle, a computer engineer who founded the Internet Archive, has vast experience storing large amounts of data. He created a spreadsheet this week estimating that the cost to store all domestic phone calls a year in cloud storage for data-mining purposes would be about $27 million per year, not counting the cost of extra security for a top-secret program and security clearances for the people involved.

NSA's annual budget is classified but is estimated to be around $10 billion.

Documents that came to light in an EFF lawsuit provide some insight into how the spy agency vacuums up data from telecommunications companies. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he witnessed domestic voice and Internet traffic being surreptitiously "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. The room was accessible only to NSA-cleared technicians.

AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to a law that Congress enacted in 2008 and renewed in 2012. It's a series of amendments to the Foreign Intelligence Surveillance Act, also known as the FISA Amendments Act.

That law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.

A requirement of the 2008 law is that the NSA "may not intentionally target any person known at the time of acquisition to be located in the United States." A possible interpretation of that language, some legal experts said, is that the agency may vacuum up everything it can domestically -- on the theory that indiscriminate data acquisition was not intended to "target" a specific American citizen.

Rep. Nadler's disclosure that NSA analysts can listen to calls without court orders came during a House Judiciary hearing on Thursday that included FBI director Robert Mueller as a witness.

Mueller initially sought to downplay concerns about NSA surveillance by claiming that, to listen to a phone call, the government would need to seek "a special, a particularized order from the FISA court directed at that particular phone of that particular individual."

Is information about that procedure "classified in any way?" Nadler asked.

"I don't think so," Mueller replied.

"Then I can say the following," Nadler said. "We heard precisely the opposite at the briefing the other day. We heard precisely that you could get the specific information from that telephone simply based on an analyst deciding that...In other words, what you just said is incorrect. So there's a conflict."

Director of National Intelligence Michael McConnell indicated during a House Intelligence hearing in 2007 that the NSA's surveillance process involves "billions" of bulk communications being intercepted, analyzed, and incorporated into a database.

They can be accessed by an analyst who's part of the NSA's "workforce of thousands of people" who are "trained" annually in minimization procedures, he said. (McConnell, who had previously worked as the director of the NSA, is now vice chairman at Booz Allen Hamilton, Snowden's former employer.)

If it were "a U.S. person inside the United States, now that would stimulate the system to get a warrant," McConnell told the committee. "And that is how the process would work. Now, if you have foreign intelligence data, you publish it [inside the federal government]. Because it has foreign intelligence value."

McConnell said during a separate congressional appearance around the same time that he believed the president had the constitutional authority, no matter what the law actually says, to order domestic spying without warrants.

Former FBI counterterrorism agent Tim Clemente told CNN last month that, in national security investigations, the bureau can access records of a previously made telephone call. "All of that stuff is being captured as we speak whether we know it or like it or not," he said. Clemente added in an appearance the next day that, thanks to the "intelligence community" -- an apparent reference to the NSA -- "there's a way to look at digital communications in the past."

NSA Director Keith Alexander said this week that his agency's analysts abide by the law: "They do this lawfully. They take compliance oversight, protecting civil liberties and privacy and the security of this nation to their heart every day."

But that's not always the case. A New York Times article in 2009 revealed the NSA engaged in significant and systemic "overcollection" of Americans' domestic communications that alarmed intelligence officials. The Justice Department said in a statement at the time that it "took comprehensive steps to correct the situation and bring the program into compliance" with the law.

Jameel Jaffer, director of the ACLU's Center for Democracy, says he was surprised to see the 2008 FISA Amendments Act be used to vacuum up information on American citizens. "Everyone who voted for the statute thought it was about international communications," he said.

http://news.cnet.com/8301-13578_3-57589495-38/nsa-admits-listening-to-u.s-phone-calls-without-warrants/

17 tips and tools to make Gmail better

Live your life in Gmail? These tricks and add-ons will make Google's email service more powerful, productive, and pleasant to use

By JR Raphael, InfoWorld, May 30, 2013

Take control of your inbox

For as much time as many of us spend in Gmail, the service is essentially a virtual home. And as any good homeowner knows, there's always something you can do to spruce up your living space and make it work better for you.

In Gmail's case, there's a lot of handiwork just waiting to be done -- advanced settings to enable, interesting features to be embraced, and third-party programs to install. Google itself just unveiled a new tabbed interface that can change the way you think about email. But that's barely scratching the surface.

So dig in and try a few of these less publicized inbox improvements. Your e-property value will skyrocket -- and your quality of virtual life is guaranteed to improve.

HelloSign

If you're anything like me, you waste a lot of time downloading PDF attachments, applying electronic signatures, and sending the documents back. Fun times, right? A handy little plug-in called HelloSign makes that headache a thing of the past: HelloSign adds a simple Sign prompt into Gmail anytime you open a message with a PDF attachment. Click it, and -- once you've completed a one-time setup -- you can drag and drop your signature wherever it needs to go, then resave the document and attach it to a response with a single click. That, my friends, is a level of convenience I'll certainly sign off on.

HelloSign is free.

Boomerang for Gmail

Ever wish you could type up an email and schedule it to be sent at some specific future time? An add-on called Boomerang for Gmail gives you the power to do that -- and a whole lot more. Boomerang adds message scheduling support to your inbox along with the ability to set follow-up reminders for messages. You could tell Boomerang, for instance, to archive a message, then bring it back to the top of your inbox if you don't get a response after four days.

Boomerang gives you up to 10 actions per month for free; if you want more, you'll have to pay $5 to $15 per month for a higher-level plan.

Gmail labels

Gmail doesn't have traditional folders, but it has something even better: Labels, which can help you stay organized and save time. While folders are generally limited by their nature to one per message, Gmail's organizational system allows you to apply as many labels as you want to a single email -- so one email could have the label "Invoices," for example, as well as the label "Business." You can easily customize your labels and control which are displayed in the main sidebar, as well as which show up within the in-message Labels menu; just head to Gmail's settings to get started.

Customizable addresses

Here's a little secret: Your Gmail account actually comes with numerous email addresses, all of which go straight to your inbox. First, you can add a period anywhere within your username to make a unique address -- changing johnsmith@gmail.com to john.smith@gmail.com or jo.hn.sm.ith@gmail.com. Second, you can add a plus sign and put anything you want after your user name -- johnsmith+banking@gmail.com, johnsmith+amazon@gmail.com, and so on. Finally, you can swap gmail.com out for googlemail.com; the domains are interchangeable for all accounts.

The real power of those options comes into play with our next item....

Gmail filters

Gmail's native filtering feature is one of the best ways to keep your inbox from getting insane. Within Gmail's settings, you can set up advanced rules for processing incoming messages. You could tell Gmail to automatically archive certain messages so that you'll never see them (but can find them if you need to) or to automatically apply specific labels based on a message's sender or subject line.

The aforementioned customizable addresses can come in handy here, too: You might give out a unique address when signing up for a new service, for example, in order to retain control over any messages it sends you.

Copy2Contact

Google has a robust contact management system, but its integration with Gmail often leaves something to be desired. That's where Copy2Contact comes in: The free app puts a special box in your Gmail sidebar; once it's there, you can highlight someone's signature within an email, drag it over to the box, and let Copy2Contact extract all the relevant details and create a new entry in your contacts. It'll even automatically place all the person's details in the appropriate fields.

Copy2Contact is currently free for use with Gmail, though its maker says the pricing may change at some point in the future.

Google Tasks

Sometimes you need a quick to-do list -- and Gmail actually has one; it's just a little hidden from view. From your main inbox view, press G, then K to open up the Gmail Tasks interface. You can also click the word "Gmail" at the top left of the screen to access a drop-down menu with the same option.

You can add tasks directly to your list from emails, too: Just press Shift-T (or click the More menu, then select "Add to Tasks") while viewing a message. For Tasks access on the go, search your phone's app store; plenty of third-party programs are available that provide elegant mobile access to the platform.

Minimalist for Everything

Over the years, Google has added a lot of clutter into Gmail -- ads, features, and cross-service integration that you may not want and might rather have off your screen. If you use the Chrome Web browser, a free extension called Minimalist for Everything offers an easy way to clean up the look of your Gmail and make the interface more productive for you. Minimalist gives you options to hide or tweak practically every element of the Gmail interface; with its help, you can create a clean and user-friendly UI that'll let you focus on the important stuff without all the distractions.

AwayFind

Most of us drown in email -- and making sure urgent content catches your eye is sometimes easier said than done. A service called AwayFind aims to fix that. AwayFind makes sure you know when you get an important email by sending you an alert via text, voice call, mobile notification, or instant message. You tell the service what's important based on sender or subject. You can even set time-sensitive alerts -- if, say, you want to be notified when a certain person emails you anytime within the next 48 hours.

AwayFind offers a limited free plan and charges $5 to $15 a month for its fully featured services.

Priority Inbox

If the new tabbed inbox isn't your thing, Google has another way of helping you sort through messages while you're sitting at your computer: a native Gmail feature called Priority Inbox. Priority Inbox uses a variety of variables to determine what incoming messages are important to you; it then separates the important messages out from the less pressing stuff and presents it all in a single screen to make your inbox easier to manage. It learns over time, too, responding to your habits and taking the hint when you manually adjust something it has sorted.

You can activate Priority Inbox (and choose to use it in place of the upcoming tabbed interface) within the Gmail settings.

Keyboard shortcuts

One of the simplest ways to save time is to quit messing around with your darn mouse. Gmail has a host of keyboard shortcuts that let you quickly navigate through your messages -- pressing R to reply to a message, for instance, or C to compose a new message. To enable keyboard shortcuts, just activate the option in your Gmail settings; once it's on, you can press ? from anywhere in the system to see a complete list of available commands. And if you aren't happy with the shortcuts, you can change 'em; just look for the "Custom keyboard shortcuts" option in the Gmail Labs settings.

Canned Responses

If you suffer from a serious case of email-writing déjà vu, you gotta start using Gmail's Canned Responses feature. Canned Responses are quick templates you create, then insert into messages with a couple of clicks. To get started, first go into the Gmail Labs settings and enable the Canned Responses option; then, when you compose a new message, click the small arrow at the bottom of the window, and select Canned Responses.

Monotony's never been so beatable.

ToutApp

For even more advanced template tools, try ToutApp -- a browser-based app that brings business-grade automation to your Gmail inbox. ToutApp puts one-click buttons in your Gmail compose window for pasting in fully formatted templates with optional file attachments. It'll even fill in preset fields on the fly for you, like the first name of your recipient. ToutApp also provides mechanisms for organizing your inbox, tracking messages after they're sent, and integrating with CRM platforms like Salesforce.

The service starts at $30 a month.

Preview Pane

Do you find yourself yearning for the Outlook-style preview pane that put a permanent message-viewing window inside your inbox? Fear not: Gmail actually has a way to get it. Gmail's Preview Pane feature does just what you'd think: It splits your inbox in half, leaving the message list on the left and putting a viewing window on the right. An icon at the top of the screen lets you toggle the viewing window on or off; it also provides an option to switch to a horizontal setup, if you'd prefer.

Gmail's Preview Pane can be enabled within the Gmail Labs settings.

Gmail Gadgets

Let's face it: For most of us, the sidebar at the left of the Gmail Web interface is a lot of wasted space. With Gmail Gadgets, you can make that space work for you: Start by opening up the Gmail Labs settings. There, you'll find options to enable sidebar gadgets for both Google Calendar and Google Docs; you can also enable an option to "Add any gadget by URL" that places a new dedicated Gadgets section in your main Gmail settings. That section allows you to add in any compatible third-party gadget (see this list for a few interesting ones to try).

Embedded content

Why click to open links and attachments when you can view them right within your inbox? You may not realize it, but Gmail can let you see all sorts of content without ever leaving the message in which it's mentioned. Head into those Gmail Labs settings again and look for all the features with "In Mail" in their titles. You'll find options to activate in-message viewing of documents, spreadsheets, and presentations as well as maps, Google Voice voicemails, and photos from Flickr and Picasa.

Mute

We've all been on there -- on the To list of a mass-recipient email that just won't die. Well, good news: Gmail has a tool to help you quietly excuse yourself from the conversation. The next time you get a message with multiple recipients, click the More button at the top of the screen and select Mute. Gmail will then keep the message archived and out of your inbox, even as new responses trickle in, unless something changes in the thread and a message arrives addressed only to you.

Don't worry -- I won't tell

http://www.infoworld.com/slideshow/103271/17-tips-and-tools-make-gmail-better-219621?source=IFWNLE_nlt_daily_am_2013-05-30#slide19

Google is the General Electric of the 21st century

Last updated: June 5, 2013 6:57 pm

By John Gapper

Larry Page has boundless ambition and the capacity to deliver unexpected products

Everywhere one looks, Google is doing remarkable things. It could soon overtake Apple in downloads of applications; it is developing self-driving cars; people wear its kooky augmented reality Glass spectacles; it is signing renewable power deals in South Africa and Sweden.

From being a one-product company that tapped a stream of wealth with paid internet search, Google is emerging as the dominant consumer technology company of the early 21st century, along with Amazon. Fred Wilson, a leading New York venture capitalist, accuses it of trying to control the internet, “like Microsoft tried with personal computing ... Who will stop Google?”

My answer is: nobody, or not easily. Indeed, the best comparison for Google seems to me not Microsoft in the 1980s but General Electric in the late 19th century – the age of electrification. Like GE, Google is a multifaceted industrial enterprise riding a wave of technology with an uncanny ability not only to invent far-reaching products but also to produce them commercially.

It coincides with Larry Page’s ascent to being undisputed leader of the company he founded at Stanford University with Sergey Brin 15 years ago. Instead of the “Google guys” – Mr Page, Mr Brin and Eric Schmidt, its former chief executive and now chairman – running it as an amiable mixture of a company and a chaotic research lab, Mr Page has made it formidably focused.

Google’s growing lead in data analysis and artificial intelligence became clear at its developers’ conference in May. “It’s easy for consumers to switch to another search engine, but it is difficult to make anything as good,” says Benedict Evans, an analyst. “Google is a massive machine learning project, and it’s been feeding the machine for a decade.”

All of this is happening at a time of growing scepticism about Silicon Valley – its airy claims to be changing the world for the better when the people who most benefit are its own billionaires; its use of low-tax jurisdictions to avoid corporate tax; the dubious ways in which many free services collect and exploit personal data; the triviality of countless start-ups.

The social networking boom that started a decade ago is waning, with Zynga, the internet games company, laying off 18 per cent of employees. George Packer wrote in The New Yorker of Silicon Valley: “The hottest tech start-ups are solving all the problems of being 20 years old, with cash in hand, because that’s who thinks them up.”

Google is not without sin – it faces heavy criticism for its tax avoidance, and despite its proclamation of being an open standards company, it fights as hard as Microsoft to keep others stuck to its platform. But Mr Page can hardly be accused of lacking purpose and vision.

He has extended its search lead into mobile, through Android and Chrome software, and he shows no signs of being satisfied. “We haven’t seen this rate of change in technology for a long time, probably not since the birth of personal computing,” he remarked happily at the May conference.

Meanwhile, other Silicon Valley giants face varying degrees of difficulty. Investors have soured on Apple since Tim Cook became chief executive, discouraged by, among other things, its botched attempt to rival Google Maps. Yahoo, run by an ex-Googler, Marissa Mayer, is struggling to replicate its engineering strength, while Facebook is trying to move to mobile.

None matches its computer science research capacity, or ability to turn ideas into products. The clearest manifestation is Google X, its “moonshot” research lab, which is developing wearable computers and “autonomous” cars. But research in software and artificial intelligence lies at Google’s core.

What was once a search company has become an internet, data and software company with boundless ambition and the capacity to deliver a flow of unexpected products. In that sense, Mr Page is a latter-day Thomas Edison, a commercial inventor marked by “the utterly fearless range of his experimental activities,” according to Randall Stross, a biographer.

Compared with the 1890s, Google resembles GE, while Amazon is like Sears Roebuck, the catalogue shopping company that transformed US retailing. GE was founded in 1892 and Sears Roebuck in 1893, at a time when the continent was altered by the telegraph and electricity.

Mr Page often talks of his fascination with Nikola Tesla, the Serbian US immigrant who worked for Edison and later fought him in the “wars of current” – the battle between Edison and Westinghouse over whether the US should adopt DC or AC electricity. He read a biography of Tesla as a child and “cried at the end because I realised you can be the world’s greatest inventor and still be a failure”.

Both Tesla and Edison were equal parts inventors and showmen, and neither one succeeded completely in business – GE was formed in a merger, with Edison losing control. Henry Ford is said to have called him “the world’s greatest inventor and the world’s worst businessman”. Mr Page, who has a $20bn fortune, scores higher.

But electricity disrupted industries as fully as the internet. The Brooklyn Eagle wrote of incumbent gas companies: “To see them squirm and writhe is a public satisfaction that lifts Edison to a higher plane than that of the wonderful inventor and causes him to be regarded as a benefactor of the human race.”

GE had many rivals, yet its combination of inventiveness and commercial acumen marked it out from the pack, setting it up to exploit the technology Edison had pioneered for the next century. The unnerving thing about Mr Page is that he studies history.

john.gapper@ft.com

Copyright The Financial Times Limited 2013

http://www.ft.com/intl/cms/s/0/e57abef0-cd0c-11e2-90e8-00144feab7de.html#axzz2VSqjZAkY

The Wi-Fi in your home can track your moves like Xbox Kinect

Devin Coldewey NBC News

Want to switch off the living room lights from bed, change channels while washing dishes, or turn the heat up from the couch? A team at the University of Washington has rigged a standard Wi-Fi home network to detect your movements anywhere in the home and convert them into commands to control connected devices.

Gesture recognition is the latest fad in games and tech, but even the newest systems require high-tech depth-sensing cameras or other special hardware. Microsoft's new Kinect, for instance, uses a photon-measuring method called "time of flight" sensing that was, until the Kinect was announced, limited to high-tech laboratories. And Kinect isn't small, either.

UW computer science students, led by assistant professor Shyam Gollakota, looked at the gesture-detection puzzle another way — specifically, how people affect the environment they're already in.

Our bodies distort the Wi-Fi signals we use to beam information to and from our laptops and phones. By watching those signals very closely, the team could determine not just what room you're in, but where you're standing and how you're moving your body. They call the system WiSee.

"By analyzing the variations of these signals over time, we can enable full-body gestures that go beyond simple hand motions," said Qifan Pu, a visiting student and one of the team at UW, in a video outlining the work.

That's no easy task: the "doppler effect" that our bodies have on the wavelength and path of the Wi-Fi signals is miniscule, meaning reliable measurement with consumer-grade hardware is difficult. But the WiSee team's expertise worked it out.

Once the sensing process was rigged up, the group combined the gesture recognition with store-bought home automation devices that wirelessly control lights, media players, thermostats, etc. Soon, they were using WiSee to perform simple tasks like playing a song or changing channels.

The system is also capable of tracking people as they wander through rooms or out of the house, turning off lights or adjusting music volume depending on their location.

The WiSee system senses how Wi-Fi signals bounce off of or pass through people and obstacles on the way from transmitters like laptops.

The team put together a prototype piece of hardware to demonstrate WiSee, but any modern Wi-Fi router should do the trick, too, with a bit of custom software. With no special devices to buy, this could be the cheapest gesture-recognition tech yet.

Don't worry about anyone installing it surreptitiously on your router, though: It takes a bit of expertise and some specific "training" of the software before it can recognize anything at all, much less specific gestures or locations.

PhD student Sidhant Gupta and assistant professor Shwetak Patel, also on the project, have worked with Microsoft Research on similar body-tracking systems, but using soundwaves or radiation from electrical wires as the medium.

WiSee is currently in the proof-of-concept stage, but the creators hope to present it at the International Conference on Mobile Computing and Networking in Miami later this year.

More information, including a technical description of the system, can be found at the project's website.

Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.

http://www.nbcnews.com/technology/wi-fi-your-home-can-track-your-moves-xbox-kinect-6C10194118