The Theory of Product
"Q"
and Why Most
Cryptographic
Products Fail
Arnold
Reinhold
Digital Commerce Society
of Boston
September 4,
2001
Q
"A measure of the
sharpness of resonance or frequency selectivity of a resonant
vibratory system
"
-- Dictionary of
Technical Terms for Aerospace Use
NASA SP-7
The Discovery of the J/Psi
Particle
The discovery of the J/Psi
is one of the cornerstones of the standard model of physics.
First detected in 1974 by
two independent groups of American physicists:
Burton Richter's at SLAC
Samuel Ting's at Brookhaven
Why was the J/Psi hard to
find?
Expected:
Reality
Reality
Large mass m = 3096.93
MeV
Extremely narrow width =
86.6 keV
"long" half live
A bound state containing a
charm quark and an anticharm quark
Richter and Ting shared
the 1976 Nobel Prize
Metaphor for Product
Development
New business opportunities
are like undiscovered particles
Best opportunities sometimes
are the hardest targets to hit
Tuning is required
But more than one dimension must be
explored!
Cheaper & better is
not enough
Product Dimensions
Value (how well does it meet
a need?)
Prerequisites (Chicken v.
Egg)
Price
Differentiation (ability to
overcome inertia)
Initial markets
Credibility
Timing
Examples
Value -- PKI
Prerequisites --
Viatron
Price -- WiFi vs.HomeRF,
IA
Differentiation -- Vanilla
Beans, Mac vs IBM PC
Initial markets -- PC disk
drives, Passport
Credibility -- BeOS &
Sony IA
Value -- The Need for
Tuning
VT-50 -- feature set
matters
Newton vs Palm -- size
matters (Walkman)
Windows 1.0, 2.0, 3.0 --
getting it right
Java--getting it almost
right
Linux -- GNU + Kernel
Crypto Examples
PGP
Hushmail
Smart Cards
SSL
WEP
PayPal
ecash
Lessons for Crypto
Products
Must work seamlessly
Must meet a real need
Pay attention to initial
experience
(What they do, not what they
say)
Pick initial market
carefully
Patent and standards
squabbles are deadly
Poisoning the Well--
Consumer Crypto
Confusion
Poor password advice
"Use a password that's
six to eight characters long and has a mixture of upper and lower
case letters, numbers and special symbols, and make it easy to
remember..." -- NS IP mgr
Poor P/W design -- too
short, transmission en clar
Poor user
conditioning
Leave computers on and connected
Click OK to all security warnings
Privacy isn't possible anyway
(Hotmail)
The Innovator's
Dilemma
by Clayton M.
Christensen
"Disruptive technologies
underperform established products in mainstream markets. But they
have other features that a few fringe (and generally new) customers
value.
What this implies at a
deeper level is that many of what are now widely accepted principles
of good management are, in fact, only situationally appropriate.
There are times at which it is right not to listen to customers,
right to invest in developing lower- performance products that
promise lower margins, and right to aggressively pursue small, rather
than substantial, markets, in order to discover forces that lead to
profitable sustaining technologies in the future.
Future Crypto Markets
Tim May's proposal --
Criminal activity
(Does crypto really help
crime?)
Medical Crisis--info mgmt,
self help
Legal crisis--ADR, pro
se
Chat Security (AOL's big
win, text, voice, video)
Where does cash fail?
Manhattan Smart Card
Study--laundromats
Demographics: Mass Transit
vs BMW
Video game loot
exchange
The Bubble's over, time
to get to work!