First of all, as background information, I learned the Thai alphabet (script with 44 consonants and 32 vowels) nearly 20 years ago, so I have have a pretty decent foundation for the Thai language compared to most foreigners visting or working in Thailand.   I can read (slowly) and speak better than 99.99+ percent of all foreigners in Thailand.  For this reason, I thought it was ”the right thing to do” to redirect my career to a “new challenge” in the business climate of Thailand as I continue to improve my foreign language skills.   I wanted to help Thailand progress in IT and IT security, so where else would I go but where I have second language skills?

This was no small decision as you can imagine.  Your career and life changes quite dramatically when you give up a long established consulting practice in the US and dive into business in a foreign land, seeking a new challenge.  I can frankly tell you thatit is more difficult to do business in Thailand (as a foreigner) than I expected, for a number of reasons.  Here is my first off-topic post on this topic.

First of all, it is not legal for foreigners to directly own land in Thailand.  Foreigners can ”own” land using a variety of legal loopholes, proxy owners and shell companies; but all of this is risky and not advised.  Many foreigners lose a lot of money coming to Thailand and attempting to buy land via various “structures”.  Some get lucky, but the entire process of foreigners buying and selling land is quite risky and not recommended.

Foreigners can legally own condominiums, under certain conditions, but this “foreign market” results in inflated prices for condos in Thailand that are traded in an “artificial market place” designed for foreigners.   Condos in Bangkok and major resort areas that are up-to-par with condos in the US can easily cost more than condos in major cities in the US.  Hence, the cost of living in Thailand is not as economical as some might believe when you visit Thailand as a tourist.

Second, business in Thailand can best be described as protectionism with discrimination where the government has placed many barriers to entry to foreigners working and competing in Thailand.     Every foreigner must have a work permit and these work permits are expensive and time consuming to maintain.   If you own a business you must pay high professional service fees for “auditors” to perform annual and semiannual audits regardless of how much income you have (including zero).   Firms in Thailand charge thousands of dollars for these ”audits”.      

Third, if you operate a business in Thailand, you must have a place of business (you cannot legally work from your condo you bought at high prices!), so you are forced, by law, to lease office space.   Foreigners from the US, for example, must be paid a minimum of 50,000 Thai Baht per month, so the government will take 10 percent of that each month as their share of tax withholdings.  Startups with no income simply pay income taxes against their personal savings to comply with the law.  Therefore, to start a company and maintain the business in Thailand, you are required to pay significant startup, monthly, semi-annual and annual fees, permits, tax, leases, visas, etc. 

Forth, generating incoming revenue in Thailand can be quite difficult in a climate of both protectionism and discrimination.   In Thailand, it is easy when you are spending money.  This is the ”Land of Smiles” that tourists see and experience.   However, when you are legally permitted to work in Thailand and trying to generate in-country income, you cannot help but notice the protectionism and discrimination against foreigners working and living here.  Many foreigners working in Thailand just “give up” because the barriers to business success are quite high.

Fifth, on top of the challenges of protectionism/discrimination regarding foreigners and foreign investments, which I have only just scratched the surface here, is the overall global business slowdown combined with a climate of political instability which I am sure you have seen in the news.  Thailand has seen 18 coups since 1932.   Currently, Thailand is under a State-of-Emergency  which negatively impacts business even more.  Sound challenging? 

Most people who live and work in Thailand have the opinion that it is far better to enjoy being a tourist here. Working in Thailand is very difficult for many reasons.   Being a tourist in Thailand is completely different than working here.  When you are a tourist, foreign currently flows from you into Thailand, so life in Thailand as a tourist is fun and friendly, hence the “Land of Smiles” you have heard about or experienced.     However, when you are working in Thailand and trying to generate income from Thailand versus bringing in foreign currency, you don’t see the “Land of Smiles” quite the same anymore.

Without getting into too many details in this post, I can simply say that a foreigner doing business in Thailand experiences both protectionism and discrimination.  I came to Thailand hoping to contribute my experience to help the Kingdom.  However, sometimes it feels like foreigners are only welcome if you are working for free, giving seminars for free, and bringing in lots of foreign currency here.

In a future post on business in Thailand I will dive into some details on a number of topics that might be of interest to readers who will never have a chance to come and work here.   

First of all, I learned the Thai alphabet nearly 20 years ago, so I have have a pretty good foundation for the Thai language.   I can read (slowly) and speak better than 99.99+ percent of all foreigners in Thailand; so, I thought it was time to redirect my career to a “new challenge” in the business climate of Thailand.   

This was no small decision.  Your career changes dramatically when you give up a successful consulting practice in the US and dive into business in a foreign land for a new challenge.  I can frankly tell you that often the challenge is sometimes overwhelming.    It is quite difficult as a foreigner to do business in Thailand.

First of all, it is not legal for foreigners to own land in Thailand.  Foreigners can ”own” land using a variety of legal loopholes, proxy owners and shell companies; but all of this is risky and not advised.  Foreigners lose a lot of money coming to Thailand and attempting to buy land.  Some get lucky, but the entire process of foreigners buying and selling land is quite risky.

Foreigners can own condos, under certain conditions, but this results in  inflated prices for condos in Thailand that are traded in an artificial market place.   Condos that are up-to-par with condos in the US can easily cost more than condos in major cities in the US.  Hence, the cost of living is not as cheap as some might believe.

Business can best be described as “protectism” where the government has placed many barriers to entry to foreigners working in Thailand.     Every foreigner must have a work permit and these work permits are expensive and time consuming to maintain.   If you own a business you must pay high professional service fees for auditors to perform annual and semiannual audits even if your business has no income yet.   Firms in Thailand charge thousands of dollars for these ”audits”.      

In addition, if you operate a business, you must have a place of business, so you are forced to lease office space.   Foreigners from the US must be paid a minimum of 50,000 Thai Baht per month, so the government will take 10 percent of that each month as their share of tax withholdings.   Therefore, to start a company, you will pay a lot of money in startup fees, permits, tax, leases, visas, etc.  The entire system is designed to secure money from you, even if you do not have a penny of incoming revenue.

Of course, generating incoming revenue can be quite difficult in a climate of protectionism.   In Thailand, it is easy when you are spending money.  When you are trying to generate income from Thailand, as a foreigner the challenge can seem overwhelming at times.   Many foreigners here give up because the barriers to business here are very high.

On top of all these challenges, which I have not described in detail, is the overall global business slowdown combined with a climate of political instability, which I am sure you have seen in the news.  

Most people I know say it is better to be a tourist here.   Being a tourist is completely different.  Money flows from you, so life in Thailand is fun and friendly, complimentary to the “Land of Smiles” you have heard about.     However, when you are working to have money flow the other direction, flow to you versus away from you, you don’t see the “Land of Smiles” as tourists experience.

Without getting into too many details, I can simply say that a foreigner doing business in Thailand experiences protectionism and, to a certain degree, discrimination, and sometimes I wonder if coming here for a “business challenge” was a good idea.    I was seeking a “new challenge” and I got more than I bargained for!

In a future post on business in Thailand I will discuss issues regarding how little value is placed in intellectual property in Thailand and how this adversely impacts professional services.    I will also touch on how this lack of regard for intellectual property impacts a consulting practice.   Also, I will touch on some cultural differences in how Thais appear to view teamwork, which is very different than in the US.

Boingo releases Mac client for its aggregated service: The free GoBoingo for Mac client works with Leopard, at last. Boingo resells U.S. and worldwide service at $22 and $40 per month, respectively, for unlimited use.

Bruce Sterling (11/20/2001):

You know what I want? I don't want a National ID Card. I want a Global Coalition Visa.

Like it or not, we've got a huge global diaspora now. It is a fact of life. Nations with stupid and corrupt politics have seen their clever people brain- drained away, to places where the cops don't shake you down twice a day. And jet-setters go everywhere. And properly so. If you're in a true global society, then you spend a lot of your time among aliens. Quite often you are the alien. You might notice that even Al Qaeda is a genuinely multinational group. They gravitated to wicked, lawless places like Sudan, Chechnya and Afghanistan, where the locals shoot you if you ask for a badge.

But what about all us bright, shiny, world-trading jet setters, huh? There are thirty percent fewer Yankees in Europe this Christmas, and that is bad. Let me pose the problem this way. If I am going into a Japanese restaurant in Japan, I would rather like to be able to haul out some gizmo and flash it at my fellow civilians, and have these kindly people understand with a high degree of likelihood that I am not a mass murderer. On the contrary, I am quite civilized, and I should be brought a beer immediately.

A platinum VISA card and a five-hundred-dollar suit will almost do that, but those are too easy to forge and steal, plus they are not very democratic. The UN should get together on this. We should have a high level summit about digital hardware support for the crippled tourist economy. Fear and ill treatment shut down tourism faster than anything short of open warfare. That is bad for all of us. Killing off tourism harms our civilization and impoverishes our cultures. People in civilized states shouldn't routinely treat one another as criminal suspects. I don't want to get done-over for three hours every time I get off a plane in London. When I go to London, I go with empty suitcases. I don't plan to stay, but I am better news for the London economy than a lot of the people who live there.

They should know all that that before I get off the plane. My arrival is excellent news for Britain, so I should be treated that way. If this is a new kind of war, I don't want to be the evil guy hunkered down in the bunker; I want to fly with the boys from Air Assault. I want one of those handy crypto-style Friend-or-Foe IDs.

These people who normally meet me whenever I am an alien, they don't need to know my nationality, my home address or my shoe size. They just need to know that, despite being alien, I'm sort-of okay.

I want a democratic, citizen-to-citizen device that will bridge those social barriers and language barriers. I think we could invent devices and means of verification that would strengthen the global social fabric that terrorism wants to rip. It wouldn't be easy or simple, but it's not beyond our ingenuity. Our social capital sustains all civilized societies, and it is all about trust. So let's invent new methods of trust.

I added bold to the last sentence because I think this is the mission statement for building out federation systems.

...a new GPS device enables authorities to remotely control a bus -- slowing it down to 5 mph and preventing it from restarting once it has stopped. The device has been installed on thousands of local commuter and tourist buses.

The technology is designed to prevent a terrorist from ramming a bus filled with people and explosives into buildings or tunnels.

Private bus companies have received millions of dollars from the Department of Homeland Security for the security systems. It costs $1,500 to equip each bus, with $50-per-bus monthly maintenance costs.

Gray Line double-decker tourist buses and Coach USA have spent hundreds of thousands of dollars in federal funds to install 3,000 devices. After receiving a $124,000 federal grant, DeCamp Bus Lines is installing the device on its 80 commuter buses, which travel routes from northern New Jersey to the Port Authority Bus Terminal in Midtown.

New Jersey Transit is currently in the process of equipping all of its roughly 3,000 buses with the technology. NJ Transit Chief of Police Joseph Bober said: "This enhanced technology helps us protect our bus drivers and customers. It's another proactive tool to protect our property, employees and customers."

Fear, in other words, is a tax, and al-Qaeda and its ilk have done better at extracting it from Americans than the Internal Revenue Service. Think about the extra half-hour millions of airline passengers waste standing in security lines; the annual cost in lost work hours runs into the billions. Add to that the freight delays at borders, ports and airports, the cost of checking money transfers as well as goods in transit, the wages for beefed-up security forces around the world. And that doesn't even attempt to put a price tag on the compression of civil liberties or the loss of human dignity from being groped in full public view by Transportation Security Administration personnel at the airport or from having to walk barefoot through the metal detector, holding up your beltless pants. This global transaction tax represents the most significant victory of Terror International to date.

The new fear tax falls most heavily on the United States. Last November, the Commerce Department reported a 17 percent decline in overseas travel to the United States between Sept. 11, 2001, and 2006. (There are no firm figures for 2007 yet, but there seems to have been an uptick.) That slump has cost the country $94 billion in lost tourist spending, nearly 200,000 jobs and $16 billion in forgone tax revenue -- and all while the dollar has kept dropping.

Why? The journal Tourism Economics gives the predictable answer: "The perception that U.S. visa and entry policies do not welcome international visitors is the largest factor in the decline of overseas travelers." Two-thirds of survey respondents worried about being detained for hours because of a misstatement to immigration officials. And here is the ultimate irony: "More respondents were worried about U.S. immigration officials (70 percent) than about crime or terrorism (54 percent) when considering a trip to the country."

In Beyond Fear I wrote:

Security is a tax on the honest.

If it weren’t for attackers, our lives would be a whole lot easier. In a world where everyone was completely honorable and law-abiding all of the time, everything we bought and did would be cheaper. We wouldn’t have to pay for door locks, police departments, or militaries. There would be no security countermeasures, because people would never consider going where they were not allowed to go or doing what they were not allowed to do. Fraud would not be a problem, because no one would commit fraud. Nor would anyone commit burglary, murder, or terrorism. We wouldn’t have to modify our behavior based on security risks, because there would be none.

But that’s not the world we live in. Security permeates everything we do and supports our society in innumerable ways. It’s there when we wake up in the morning, when we eat our meals, when we’re at work, and when we’re with our families. It’s embedded in our wallets and the global financial network, in the doors of our homes and the border crossings of our countries, in our conversations and the publications we read. We constantly make security trade-offs, whether we’re conscious of them or not: large and small, personal and social. Many more security trade-offs are imposed on us from outside: by governments, by the marketplace, by technology, and by social norms. Security is a part of our world, just as it is part of the world of every other living thing. It has always been a part, and it always will be.

I know, I know- it’s late- but better late than never, right?

I really tried my best to take photos as much as possible. A quick note on the photography- because of the size of the rooms, it didn’t make sense to have the flash on, unfortunately it slowed the shutter speed, making some images blurry (sorry).

So Day 2 already felt like day 5 somehow. I had flown in early to be a tourist for a day or so but caught up with partners and other event-goers early, making it an especially long week. Wednesday was an eventful day. I have a great  Sins of Our Fathers session to share with you, a day with the Enigmas, and the Security Bloggers Party.

The highlight of the day’s sessions had to be the ‘Sins of Our Fathers’ breakout with an amazingly hilarious geek-filled panel including Daniel Houser, Ben Jun and Hugh Thompson. (Hugh unquestionably won the Most Entertaining Geek Award for the day). I was tweeting live from the session and took some photos of the interactive polls they intertwined in the discussion. They drew some interesting correlations between current security issues, such as SQL injections an ‘previous sins’, likening it to phone whistling. There were random notes about the inherent security risk of mixing data and coding together. View photos from session.

Then they talked about using good technology in a way that made it vulnerable. Examples, the Enigma code machines from WWII. (It was actually broken by the known plain-text gathered from repetition in contact initiation, and the mis-use of one-time-pads). They drew the line from Enigma to WEP and other algorithms that were okay, but mis-implemented.

There were a variety of other anecdotes, accompanied by audience-wide snickers, snorts and laughter. One story of tape backups, encrypted, with the key dutifully stick-noted to the case. Another of the secretary who type-writered all the 5.25” floppies. The story of the unmanned Predator aircraft flying unattended for about 5 minutes during a PC reboot. They were all tied into the topic nicely, and the guys did an outstanding job interacting and playing off one another.

One a more serious note- well, sorta- Hugh showed a clip from his participation in the documentary “Hacking Democracy” about the lack of security of electronic voting.

Here was something amusing… Their crypto list of
If you hear any of these, RUN!

1. Cryptography is expensive.
2. We have this guy that’s reallllly smart…
3. Wired EQUIVALENT encryption… . 
4. It’s “proprietary” security
5. It’s revolutionary NEW cryptography technology!
6. It uses DES- so its FIPS 140 compliant 

Some of the sins from the session…

• Engineering, Development & Management sins
• Using a good technology in a bad implementation
• Lack of metrics to indicate misuse
• Feature/mission creep - using item A for solution B
• Not teaching people how to use security
• Teaching them, but teaching bad habits
• Normalization of deviancy

I’ve spent long enough on that, there’s plenty more to share, but that session was so good, I thought it deserved some special attention. I did stay for the Cyber Storm II Panel, but that left more than ‘a little’ to be desired. I would have liked more anecdotal stories and a little more personality. The panel participants were knowledgeable, and I’m sure they were doing what they had been told, but it made for a very dry session, little content of interest, and much repetition. There’s a little live Tweeting from that session too.

Playing with the Enigma
At the Sins of Our Fathers sessions, I believe it was Ben that mentioned we had at our disposal not one- but TWO Enigma machines on the expo floor here are RSA. And BOTH were for our playing! They had it set so we could set the key and encode a message at the NSA booth, then take the encrypted message to the Cryptographic Research booth and use that Enigma to decypher the message. HOLY COW!!!!!! If their session hadn’t been so great I would have left right then. The only time I’ve seen these beautiful little pieces of crypto history, they’ve been fully encased in glass, and not for the touching. They actually let you set the rotors and punch the code in yourself so my buddy Eric and I ran right over to take full geek advantage of the situation. 

YES, that’s me with an Enigma, and I have more photos of the two Engimas.

The big highlight of the evening? The Security Bloggers Party of course! You get a whole post just for this topic, so stay tuned for that. I didn’t take photos here, because I felt pretty sure someone would be walking around with a camera. I need to find @ajolly (Apneet Jolly) and see if he has any- he’s usually fully equipped with a very nice camera…

# # #

I live in Snoqualmie, Washington (see Snoqualmie Falls, 2nd most visited tourist attraction) - a beautiful place to live that is about 30 minutes from Microsoft.  Quicker drive than my old commute, but physically further out, so that means more gas...

When Microsoft recently launched the free Connector Bus service, with Snoqualmie Ridge as one of the neighborhoods, I thought that it would be a good opportunity for me to support Microsoft "green" environmental efforts by driving to work less and using this service.  One of the cool things about the Connector is that they have wireless connectivity, so you can catch up on email and surf during the drive.

Separately, you may not have noticed, but two weeks ago Microsoft launched its next wave of Unified Communications software.  I installed the Communicator 2007 client last week, which basically looks like a business version of MSN Messenger.  However, it also ties into our phone systems at work *and* will make a secure connection across the internet back to a corporate gateway even when we're out of the office.   I can have it autodial my Contacts, or alternatively, I can set up my laptop as my "preferred calling device." 

This means, for example, that if I am at RSA Europe in London and logged in via the wireless Internet in the booth, and you call me at my office in Redmond, I can get a window to pop up and can answer the phone using the microphone and speaker on my laptop.  Similarly, I can initiate calls from there, so no more calling cards when I travel.

Back to my story.

This morning, I caught the Connector Bus for the first time.  I sat down, pulled out my laptop and logged into the bus' wireless network and started catching up on email.  Then, I noticed that the Communicator client had connected.  I plugged in my microphone/earpiece headset, I clicked on my wife's name and initiated a call ... she answered and there I was, riding the bus to work, surfing the Internet and talking to my wife on the phone via my laptop and it hit me ... my supergeek moment ;-)