Lost in the Mail: HSBC Loses Disk With Personal Data on 370,000 Insurance Customers

HSBC LogoAccording to this Bloomberg report, HSBC, Europe’s biggest bank, mailed a disk containing personal information from one city to another. But it didn’t make it there. And the data on it was not encrypted.

The disk, sent unregistered to Swiss Reinsurance Co., contained password-protected details including customers’ names, life-insurance cover levels, birthdates and smoking status, London-based spokesman James Thorpe said. It didn’t contain clients’ financial details or addresses, he said.

The article then goes on to state: “The company will encrypt any disk which includes sensitive information in the future, Thorpe said.”

Good idea, guys.


Why I Think Google Will Offer Free Hosting

google.gifAbout a month ago I had coffee with a friend, a systems administrator who pitched me on his plan to provide managed web services for clients. Where was he going to host everything? He had a relationship with a local data center. Who in their right mind would invest in hosting infrastructure, I asked him, when Google has already figured it all out and will sooner or later offer this for free? He gave me a puzzled look.

You can argue that Google is already there with Google Page Creator and Google Sites, but there’s no doubt in my mind Google will start offering a free hosting platform that will rival — and likely surpass — Amazon Web Services.

Dave Winer has written two posts on the subject of a hypothetical Google Web Services. From reading the comments, it seems a lot of people are still skeptical about this happening. Let me explain why I think Dave is right.

Google Server FarmThe picture you see here is of Google’s entire server park from 1999 — ten CPU’s across four servers. Google has come a long way since then, building up a massive global server infrastructure. A 2006 estimate is that they had in the ballpark of half a million servers across the globe. Gartner last year estimated Google has a million servers. How is this all possible?

Google Adwords is a killer cash cow for Google. The profit from the Adwords franchise, which represents nearly all of Google’s revenue, more than covers the cost of their infrastructure several times over. For all intents and purposes, therefore, Google’s incremental cost to add new applications to its cloud is zero.

It’s not like going free would be without precedent. Google Analytics is a prime example of how they’ve done it before. Google purchased Urchin and promptly reduce its price from $499 per month to $199. They later made it free by invitation only and with a five domain limit. Today, the application is completely free, with no restrictions or limitations.

A more recent example is Google Ad Manager, a new ad serving platform which is by invitation only — for now. Then there’s Google Apps for Domains, Google Website Optimizer, Google Earth… all applications that people were used to paying for before Google made them free. Why would hosting be any different?

Google has already won the battle for search engine market share. So how do they keep up the revenue growth the market expects of them? Here are a few ways:

  1. Increase CPC’s
    In 2006, Google launched a new quality score algorithm and revenue up 70% and profit doubled. Yup, leave it to Google to help you bid against yourself. Last month, Google started piloting something called automatic matching, which lets Google sell you clicks on keywords you didn’t even bid on.
  2. Increase ad inventory
    Wikipedia is great, but stubbornly refuses to run Adsense. Enter Google Knol. Google Ad Manager helps here, too. But Adwords is not limited to the web. You can now use the interface to buy ads on the radio, in print publications and even on TV.
  3. Place bets on what the next big thing could be
    The next big thing could very well come from within Google, and the company has not been shy to hire legions of programmers with the hope that one of these teams will strike gold. But what if it comes from the outside. Google’s covering that, too, with equity investments in startups. Offering a hosting platform would make sense also, which would let startups focus more on creating new applications as opposed to the nuts and bolts of managing hardware and networks.

So how will Google roll out their hosting offering? A logical start could be to offer free hosting to sites with Adsense on their pages. Or free hosting for, say, your first million or so hits monthly. And they’ll go from there.

One way or another, the move is inevitable. And until it happens, I for one won’t be investing in massive server infrastructure.

Blogging, montreal

Help Emru Townsend Find a Bone Marrow Donor

Emru Townsend photo by Vicky VriniotisMontreal animation writer and blogger Emru Townsend has been diagnosed with leukemia and needs a bone marrow donor. Emru needs your help.

Finding out if you’re a match requires just a cheek swab or simple blood test, and you are not under any obligation to follow through later.

Emru’s chances of finding a suitable donor are complicated by a lack of registered donors from minority groups. While the chances are higher if the potential donor is of African or West Indian descent, Emru’s match can come from anyone, from any ethnic background, in any country. And if you’re not a match for Emru, you may end up helping somebody else.

You can read more at the Montreal Gazette or BoingBoing. Then head on over to healemru.com (version française ici) to find out how you can sign up with your country’s donor registry.


First TwittYul, Meetup of Montreal Twitterers

TwittYulThe first TwittYul was last night. Sylvain Carle, who organized it, says that TwittYul was just like Twitter, with people popping in and out of unstructured conversations.

Here’s the list of people who were there:


If you’re not on the list aboce, or if you’re in Montreal but were not able to make it, leave your Twitter username in the comments so that others can link up.

Blogroll, Entrepreneurship, Microsoft

Microsoft Acquires Technology and Team from Montreal-based Credentica

Credentica logoMicrosoft this morning announced that it has acquired the technology and patents of Credentica, a Montreal-based provider of identity management solutions. The team, led by Stefan Brands, will join Microsoft’s Identity and Access Group.

(More blog coverage from Microsofties Kim Cameron and Adam Shostack, and on Stefan Brands‘ own blog)

Brands is the inventor of private credentials technology which allows a user to prove something about their identity without disclosing more information than is absolutely necessary. For example, a voter can prove unequivocally that they have the right to vote in the state of California, without having to disclose their name or other personal information. As more and more of our lives moves online, privacy is increasingly becoming an issue that cannot be ignored. Most solutions require that you trust a third party (such as your bank, government, or Google), while Brands’ approach uses advanced cryptographic techniques that do not re.

The technology has previously found temporary homes at now defunct DigiCash and then Zero-Knowledge Systems, neither of which were able to succeed in commercializing the patents. But our plan is to integrateMicrosoft says it plans to integrate Credentica’s U-Prove technology into both the Windows Communication Foundation (WCF) and CardSpace.

I’ve known Stefan personally for nearly a decade now, and wish him the best of luck in this new chapter of his professional life.

Update: I’ll be writing a follow up post with an interview from Stefan focusing more on the personal side of his journey as an entrepreneur. Watch my blog for more.

Banking, Blogroll, Entrepreneurship

Regulators force Canadian P2P lender IOU Central to suspend activity

Over the past five or so years, the Internet has radically changed the way most industries (from content, to music, to travel) function. Central to this wave of change is a shift of power from large institutions to consumers. The financial industry is one of the last bastions where old-school business models still reign supreme.

But that’s changing.

Sites like SmartHippo empower consumers with tools and the information on the best available rates that they previously did not have access to. Peer to peer (P2P) lending sites such as Prosper and Lending Club empower consumers to bypass banks and lend directly to each other, with the promise of better rates on both sides of the equation. Where technology now provides a scalable way for consumers to exchange information and capital between themselves, the middlemen of the past are no longer as relevant.

Needless to say I’m a but fan of P2P lenders so I was quick to sign up with IOU Central was the first Canadian company to launch in the space. (I tried signing up with Prosper, but the site is restricted to US residents with a Social Security Number.) Lo and behold I logged into IOU Central today to start using the site only to be greeted by the message that “IOU Central is now operating with limited functionality.” Translation: No new loans on IOU Central, at least for now. Startup North was the first to report on this here.

I just spoke with Phil Marleau, their President and CEO, and he told me the action was taken at the request of the Autorité des marchés financiers, Quebec’s securities regulator. The agency is infamous for its impotence in front of real issues that should be under its control, such as its abysmal failure to help the 1,600 investors who lost $130 million in the Mount Real scam back in 2005.

He told me the AMF paid a visit to IOU Central yesterday and asked them to halt operations. It turns out that individuals using the site to lend money are making an investment, so IOU could be construed as selling securities.

“The important thing is that we’re working with the regulators and want to comply,” Marleau said.

According to Marleau, IOU Central had received legal advice stating they did not have to be regulated. This was based on the fact that their model was closely based on the way Prosper and Lending Club operate in the U.S., as well as Zopa in the UK. Based on this legal advice, IOU Central did not bother to even brief regulators on what they were doing.

Canada’s other P2P lender, CommunityLend, hit the scene with a lot of noise when they announced in December they had raised $2.5 million in financing. However, they have yet to have launched, citing the needs to properly address regulatory compliance issues first.

When IOU Central launched earlier this month, it looked like they had come out of nowhere and one-upped CommunityLend. CommunityLend must be gloating now.

“Our approach has been to build a viable and sustainable company, that will appeal to Canadians, and their desire for security with anything financial,” Colin Henderson, CommunityLend’s CTO told me via email. “There are no shortcuts with peoples money, and we have been working hard with the regulators for over 8 months, on over 40 Licences to ensure we can satisfy the needs of Canadians, by the time we launch.”

Marleau, to his credit, at least put on positive spin on the events: “When we’re back up, it’s going to be a better model. Because we’ll be regulated and that adds credibility and confidence.”

Here’s hoping it happens quickly. Canada’s financial system, an oligopoly if I’ve ever seen one, badly needs some shaking up.


Desjardins “Enhances” Security: Don’t Use Long Passwords

I love my bank credit union, I really do. Today they launched a new security initiative to improve security and combat phishing, by requiring all users to create a personal message and select an image from their library.

You enter your username and password in two steps now, and if you don’t see your message and image on the password screen, you know you’re not on the right site, so you don’t enter it.

So far so good. Except as part of their “enhancements,” passwords longer than six characters long stopped working. Needless to say, their customer service lines have been busy all morning, and if you do manage to get through, hold times exceed half an hour.

Nice way to reward the customers of yours who actually did what the security-conscious were supposed to from the start and had longer (more secure) passwords, isn’t it?

Blogroll, Conferences, Entrepreneurship, SmartHippo, Web 2.0

Montreal Tech Events for January

January’s a busy month for Montreal techno-geeks. Here are some of the events going on:

Speaking of web building, here’s a video about just that subject:

Blogroll, Reflexity, SmartHippo

Reflex CRM is now Reflexity, Inc.

Reflex CRM is now officially Reflexity, Inc. More on the name change in this blog post on the Reflexity web site.:

After a few years we drifted away from our original starting point as a company (read we followed our clients’ needs and the money) plus we didn’t have anything to do with Customer Relationship Management (CRM) anymore.

Although we still deal with customers everyday, our focal point and passion moved to new horizons (and new buzzwords); marketing, optimization, targeting, social networks, intent, scent, social marketing, crowd sourcing, behaviour, etc.

In a nutshell, we are now more than ever finding new ways to build new relationships with consumers for their benefit and the companies serving them. In a few more words, we are providing campaign management and lead generation, customers acquisition, marketing and revenue optimization services to large and mid size companies in the United States with a strong core in financial services.

Reflexity continues to push the boundaries and redefine the way consumers and financial service providers connect. One such example is the beta launch last fall of SmartHippo, with the participation of banks such as Quicken Loans, Bank of Internet and Countrywide Bank. And you can get community-contributed rates and reviews on almost any bank imaginable, from national banks such as Wells Fargo or ING Direct to regional or local players like Boston Pacific Mortgage or Safe Harbor Mortgage.

2008 is already off to a great start, so stayed tuned for many more developments. And in case you were wondering, yes, we’re hiring.

Blogroll, Entrepreneurship, SEM, Web 2.0

Starting up in 2008 — Do You Really Need External Funding?

There’s a debate brewing on the state of startup funding in Canada.

This got me wondering how many startup entrepreneurs think their bottleneck is a lack of financing when in actuality it’s not (or doesn’t have to be). I was reminded of this Business 2.0 article from 2005 in which entrepreneur Joe Kraus compared the costs involved in launching Excite in 1995 with what it cost to launch Jotspot exactly a decade later.

It took $3 million to take Excite from concept to launch, versus $100k for Jotspot exactly one decade later. I thought it would be interesting to extract some of his comments and see what has changed just three years later:

1. Hardware has become insanely cheap. As Kraus recalls, Excite ran on Sun servers that cost as much as $60,000 a pop. “Today JotSpot runs on commodity hardware–Intel chips inside boxes with no corporate logo, made by companies no one’s heard of.” And instead of $60,000, those anonymous boxes cost $1,000 each.

2008 Update: Even cheaper today with Amazon S3.

2. Infrastructure software is even cheaper. Excite paid a vast amount of money to companies such as Oracle just to license the software needed to build its service. “We must have spent $250,000 before we’d written a line of code,” Kraus says. But now open-source–Apache, Linux, MySQL, Tomcat, and so on–has reduced that cost to zero.

2008 Update: Zero is still zero, although the tools you can get for that price have improved.

3. The labor market has gone global. In the 1990s, only monster companies like IBM had tapped into offshoring. Today JotSpot, using Elance and RentACoder, has programmers on the payroll in Germany, India, Romania, and Russia–at a fraction of what they’d cost in the Valley.

2008 Update: Still holds true as ever. If you’re still at the stage where your concept is not yet proven in the marketplace and you’re raising money to hire a bunch of local developers, you probably don’t get it.

4. Search has rewritten the rules of marketing. Before Google, advertising on the Web was all about big marketers paying big bucks to reach as many eyeballs as possible. “But now,” Kraus says, “pay-per-click advertising, placed in an automated fashion, with no money spent on creative, lets me reach small or medium-size markets incredibly efficiently.”

2008 Update: Search Engine Marketing is no longer the panacea. In fact, in can be downright dangerous to rely on it exclusively as competition for your keywords and even Adwords’ algorithm itself are out of your control and can have a significant effect on your campaigns. Today’s successful startups are ones that harness communities, and hence thrive on the fact that their very own customers refer others to the site.

$100k is still a chunk of money, but it’s arguably within the reach of entrepreneurs with a bit of creativity.

Venture Capital still does and always will have a role to play. But I’ve seen entrepreneurs spend a year trying unsuccessfully to raise capital for a new concept, time they may have been able to better spend getting much further along their product roadmap before seeking out external funding. (OK, I’ve been that entrepreneur.)

What do you think? Post your feedback in the comments below.