Mail Markup Language

Introduction and Benefit

Table of Contents

• Legal Status
• What is it?
• Intention
• Business Solutions
  • Security
  • Analytics
  • Accessibility
  • Inherent Privacy
  • Immunity from web-focused Legislation
  • Ownership
  • Semantic Data
• Summary

Legal Status

• Owned by Travelocity
• Claimed inception date of 12 October 2007
• Protected features claimed by patent application 12/425,524
• Patent application dated 17 April 2009
• Application published by USPTO on 22 October 2009
• Currently unlicensed
• This document does not mention the protected features

What is it?

• A peer to HTML, the official markup language of the WWW, except this describes email
• Written in XML Schema language
• Structured email threads, more expressively than a webpage, without collision
• Inherently both semantic and accessible
• Extensible like other technologies written in XML

Intention

• Upgrade email from a text format to a media format
• Supply an alternate media format to the web, but inherently private and a bit smarter
• Create a data structure based upon structured human dialog… email threads
• Make accessibility immediately straight forward
• Solve expensive business problems

Business Solutions

• Security
• Accessibility
• Analytics
• Inherent Privacy
• Immunity from web-focused Legislation
• Ownership
• Semantic Data

Security

Making web applications safe is in the best interest of all organizations and the general economy. Providing a clearly defined set of web application security best practices will advance security professionals' ability to anticipate and rapidly address potential threats to their enterprise. Yuval Ben-Itzhak, CTO and Co-Founder KaVaDo

Current Security State of the Web (part 1 of 3)

• Over 286 million web-attack malware variants observed in 2010 alone 1
• The volume of Web-based attacks per day increased by 93 percent in 2010 compared to 2009. 1
• With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion). 2

1. Symantec Internet Security Threat Report, Trends for 2010
2. Norton Study Calculates Cost of Global Cybercrime: $114 Billion Annually

Current Security State of the Web (part 2 of 3)

• We noted consistent search-term abuse throughout the quarter, with 49 percent of the daily search terms in the top 100 results leading to a malicious website. 1
• The price for 24 hours of distributed denial of service in first quarter 2011: $50. 1
• Most Web-based attacks take place on legitimate websites, and most, as measured by Sophos, are hosted in the United States, China and Russia. 2

1. McAfee Threats Report: First Quarter 2011
2. Sophos: Security Threat Report Q1 08

Current Security State of the Web (part 3 of 3)

• Today by one estimate, 70% of all websites are open to XSS attacks on their users. 1
• President Obama called the cyber threat one of the most serious economic and national security challenges we face as a nation. I believe the cyber threat is an existential one, meaning that a major cyber attack could potentially wipe out whole companies. It could shut down our electric grid or water supply. It could cause serious damage to parts of our cities, and ultimately even kill people. 2

1. CSO Online: Software Vulnerability Disclosure: The Chilling Effect
2. Shawn Henry, Executive Assistant Director - FBI: Responding to the Cyber Threat

Security - OWASP Top 10 for 2010 1

1. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Mail Markup Language and Security

Nonrepudiation

• Nonrepudiation is the practice of eliminating a communication sender's challenge to sending a communication in question.
• This does not exist on the web without considerable sophisticated help, because from a technology perspective everybody is always anonymous.
• This is regarded as an important form of security in email for the transfering of liability.

Analytics

Because web analytics tools are more complex than chisels, we have leapt to the hopeful conclusion that the action of buying and installing a web analytics tool is a guarantee of online success. Insight and action are expected to be delivered by the tool, without any assistance from humans (except for buying and installing). And that's why web analytics tools are seen to fail. June Li, Click Insight

Analytics without Scripting or Cookies

In a properly designed email environment there is no need for script, tracking pixels, cookies, or other artifacts. Users and data can be tracked in one of three ways.

1. On the email server - Email servers provide a completely different purpose than web servers. Email servers, from the perspective of content and media, should be thought of as an invisible proxy where analytics can be gathered, similar to Adobe Insight. The only difference is that the data would be more reliable on email as everything is captured without a tracking pixel.
2. Through logging of email accounts - This would be comparable in function and limitation to web session tracking from the webserver.
3. Tracking pixel in the content body - Spammers and marketers already do this. Without something like Mail Markup Language this is the only option for email. This is substantially less reliable than the other options and is equivalent to web analytics.

Why is analytics so different in email?

Simplified Email vs Web Diagrams

Email Diagram 1

Web Diagram

1. http://en.wikipedia.org/wiki/File:SMTP-transfer-model.svg

Accessibility

The power of the web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee, Co-inventor HTML and Founder of World Wide Web Consortium

What is accessibility?

1. Accessibility is the means of providing common or alternative access to a person, place, or thing regardless of barriers from disability or inequal resource distribution.
2. In the context of structured data, such as markup languages, accessibility is the marriage between document semantics, valid syntax, and alternative descriptions for media.

Accessibility Violations Are Expensive

• Target agreed to pay damages of up to $6 million to the NFB, which would then be distributed to individuals affected by the fact that the target.com web site was inaccessible. 1
• Delta hit with $2M DOT disabilities violations fine. 'DOT said the penalty is the largest penalty it ever assessed against airline in a non-safety-related case'. 2
• United Airlines and JetBlue Airways sued for violations 3, 4

1. Sitepoint: Target Settles Accessibility Lawsuit for $6 Million
2. Minneapolis / St. Paul Business Journal: Delta hit with $2M DOT disabilities violations fine
3. NPR: Unfriendly Skies? Blind Passengers Sue United
4. Law Office of Lainy Feingold: Accessibility Lawsuit Filed Against JetBlue Airways

Why is accessibility so hard on the web?

1. Web browsers will parse anything. Proper use of syntax, much less validation, is just not important to the web.
2. Only 4.13% of 3+ million analyzed web pages passed validation 1
3. There is no technology requirement for accessibility on the web. It is only a business/legal requirement.
4. Corruption and ignorance of the technology produces a culture that severely underestimates requirements planning and misrepresents the role of the technology

1. MAMA: Markup Validation Report

Mail Markup Language and Accessibility

Inherent Privacy

Privacy is not something that I'm merely entitled to, it's an absolute prerequisite. Marlon Brando, Actor

Privacy Is Not Security

• Privacy is a legal classification where security is a defensive practice
• Security cannot guarantee privacy, but laws may guarantee privacy
• Privacy and security are separate functions with separate intentions devised each by unrelated parties
• The most critical mistake in the understanding of privacy is to conclude it is somehow related to security

Email is Private, Web is Public

• In the United States email inherits from Katz v US, which established the expectation of privacy test.
• In the United States the only legal limitation upon email privacy is a limited timespan of 180 days whereafter the communication transfers status from private to protected status due to the Electronic Communications Privacy Act.
• There is no uniform law or policy establishing web privacy.
• In conformance to the test provide by Katz v US the World Wide Web is inherently public.

Web Privacy Failure (part 1 of 2)

• 'Social media has become the new public record of our time,' says Dixon. 'And that information can affect your employment and your credit." Delete yourself from the Web'. 1
• Used to be that privacy was about safeguarding personal space — keeping voyeurs and eavesdroppers at bay. Today, says Larry Ponemon of privacy think tank Ponemon Institute, it's also about staying out of the clutches of social media companies such as Google and Facebook. 1

1. Judith Sjo-Gaber, Bloomberg - The Real Cost of Privacy, Protecting Yourself

Web Privacy Failure (part 2 of 2)

• What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem. 1
• The absence of privacy rules imposes expenses on businesses that many industry-sponsored studies ignore when calculating the costs of privacy. For example, consumers routinely abandon shopping carts on websites because of demands for too much personal information. Analysts estimate that Internet retail sales lost due to privacy concerns may be as much as $18 billion. 2

1. Schneier on Security: The "Hidden Cost" of Privacy
2. Robert Gellman, Privacy and Information Policy Consultant: Privacy, Consumers, and Costs

Why has privacy on the web failed?

• The web is inherently public. Creating islands of privacy in a public medium is expensive and unreliable.
• Ad revenue is harmed by hiding information from the public. 'The Federal Trade Commission's proposed privacy mechanism could cause a major shift in the online advertising industry, as companies that have relied on consumers' browsing history try to make up for what could be billions in lost revenue'. 1
• Information transmission over the web, HTTP protocol, works like a broadcast. Information is a response to anonymous requests no different than turning on the radio or television.

1. Tanzina Vega and Verne Kopytoff, New York Times: Web Advertisers Fear Effects of Do-Not-Track System

Immunity to SOPA / PROTECT IP Act

A service provider shall take technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States to the foreign infringing site (or portion thereof) that is subject to the order, including measures designed to prevent the domain name of the foreign infringing site (or portion thereof) from resolving to that domain name's Internet Protocol address. Such actions shall be taken as expeditiously as possible, but in any case within 5 days after being served with a copy of the order, or within such time as the court may order. H.R.3261, Stop Online Piracy Act

Email = Due Process, Web = Civil Liability

• Violations are immediately known on the web without prior restraint. Discovery of violations in email requires a warrant or subpoena to detect before there can be any prosecute. The result is that there is no protection afforded from the web and violations can be assessed en masse where neither apply to email.
• Due process on the web does not apply to consumers, at least not directly. On the web due process only applies to access of data by the government from service providers. In email, however, due process applies equally to service providers and end users because any intrusion violates either privacy or protection upon the data.
• Legal violations are rarely investigated in email with exception to felonies, such as child pornography, and exception to evidence gathering for civil violations not directly related to media content distributed via email.

Ownership

Data ownership refers to both the possession of and responsibility for information. Ownership implies power as well as control. The control of information includes not just the ability to access, create, modify, package, derive benefit from, sell or remove data, but also the right to assign these access privileges to others. David Loshin President, Knowledge Integrity, Inc.

Web Service Providers Are the Data Owners

• In email an author is explicitly known by email address, and so ownership is inherent to the author.
• Since every user of HTTP is always anonymous the author is not known, but the web server is known. As a result data ownership on the web, when in question, resides at the service provider.
• Web service providers typically document their own position on ownership with a Terms of Service agreement.
• Who owns your personal data when submitted to your personal account on your favorite social network website?

Google's New Universal Terms of Service

• New TOS replaces existing various agrees for different services with a single agreement across all services
• New TOS applies equally to search and their email service, GMail.
• New TOS will continue to apply after use of services ends.
• New TOS claims to allow owners to retain ownership while licensing Google to: use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content

Privacy From New Google TOS

• Using our Services does not give you ownership of any intellectual property rights in our Services or the content you access. You may not use content from our Services unless you obtain permission from its owner or are otherwise permitted by law. 1
• Google’s privacy policies explain how we treat your personal data and protect your privacy when you use our Services. By using our Services, you agree that Google can use such data in accordance with our privacy policies. 1

1. Google Terms of Service

Semantic Data

The Semantic Web is a web of data. There is lots of data we all use every day, and it is not part of the web. I can see my bank statements on the web, and my photographs, and I can see my appointments in a calendar. But can I see my photos in a calendar to see what I was doing when I took them? Can I see bank statement lines in a calendar? Why not? Because we don't have a web of data. Because data is controlled by applications, and each application keeps it to itself. Semantic Web Activity, World Wide Web Consortium

Semantic Web and WWW, Not Compatible

Why did the semantic web fail?

• HTML is often not semantic and syntactically corrupt, so the web is more combative than assistive.
• Confusion over data ownership on the web.
• Uncertainties of security and liabilities regarding the transmission of data schemas across the web.
• Ideas around optimizing data are great and loved, but the web is scary and untrusted.
• A successful attempt is around the automated sharing of data between social networking sites.

Semantic Web Email

• Mail Markup Language is inherently semantic and accessible and the grammatical structure will always be uniform.
• Mail Markup Language can be extended by other XML technologies.
• There is no confusion around data ownership in email.
• Semantic data distribution capabilities already exist in email, such as dynamic distribution lists and monitoring of those lists.

Summary

• Super-imposes a media format over email
• Seeks to provide an alternative to the web
• Solves many security problems
• Provides better analytics and data
• Solves major accessiblity problems
• Returns ownership of data to data authors
• Provides uniform semantic data
• Eliminates some major business costs