The FTC to Monitor the Internet of Things

federal-trade-commission-ftc-logo_jpgLast week the Federal Trade Commission Chairwoman Edith Ramirez announced that the FTC’s latest initiative was to watch the Internet of things for privacy violations. They are already concerned that IoT devices are subject to easy hacking, and also that they are being used to gather data on us.

In a report issued last week the FTC Staff, and approved by 4 to 1 by the Commissioners, the FTC made specific recommendations in the areas of privacy, data collection and customer notification and choice. They also discussed the need for federal legislation to give them more power to police the IoT.

The FTC broadly defined the Internet of Things to include any device, other than computers and smartphones, which transmits information about the owner of the device over an internet connection.

The report makes specific recommendations about security and recommended that manufacturers of IoT devices should:

  • Assess the security risk for every device they make;
  • Minimize the data they collect and retain;
  • Test security before they ship product;
  • Implement measures to keep unauthorized users from accessing a device or data stored on their own networks;
  • Monitor devices throughout the product life cycle and provide patches to cover known risks;
  • Develop a defense to be ready to react to security breaches.

It’s good to see the government espousing these kinds of concerns. You might recall that HP tested ten popular IoT devices last year and found an average of ten security flaws on each device. My fear is that if the industry doesn’t self-police itself (or get prodded by regulators to do so) then someday we are headed for a perfect storm where hackers will do something terrible, like hack and kill hundreds of people with pacemakers. If something really dreadful happens because the industry doesn’t care about security then the world could quickly turn against the IoT. The IoT industry has the potential for huge growth, but one really terrible security breach on devices could badly sour people on the devices.

The report also made recommendations about storing and misusing customer data. The FTC has already been engaged in monitoring company’s use of data. For example, late last year the FTC reached an agreement with SnapChat to stop misrepresenting that data on their network was completely private. SnapChat has changed their advertising and also agreed to hire an independent privacy monitor for the next twenty years.

For now the report recommends that companies limit the data they collect, and absent legislation that is probably as strong of a warning as the FTC can issue. The report is specifically very concerned about customers not knowing what data is being collected about them from an IoT device. They think it is fundamental that customers be informed about the data they are giving up in order to make an informed decision about using any specific device. While any IoT device will have this concern, the sharing of data from things like health monitors is more troubling than the data gathered from a smart refrigerator or smart washing machine.

The report also voice a concern that the IoT device manufacturers would become the target of hackers and that the kind of information that could be stolen, such as detailed health records, are more troubling than stealing things like credit card numbers.

There is some industry concern, echoed by the dissenting Commissioner in adopting the report that the FTC needs to balance the desires to monitor the industry against too much regulation that might stifle innovation and investment in the field. But as a customer I would already vote in favor of what the FTC has started here. The risks to the industry are far greater from allowing companies to be lax with security and play free with customer data. I am going to be a lot more likely to use a device from a company that I think is being truthful with me and careful on both counts.

Can You Really Multitask?

jugglingThis blog is a bit off my normal beat, but I’ve read several articles lately about the effects of technology on our brains. I think the findings of these studies are things that you will find interesting.

I think most people will agree that we are busier today than we have ever been before. Not only do we lead hectic lives, but we have compounded our lives with connections through our smartphones and computers to coworkers, family and friends all throughout the day and night.

I meet people all of the time who say that they are good multitaskers and who say they that they are good at handling the new clutter in our modern personal and  work lives. There are days when I feel I am good at it and days when I definitely am not.

Researchers at MIT say that multitasking is an illusion. Earl Miller, a neuroscientist there says that our brains are not wired to multitask. What you think of as multitasking is really the brain doing only one thing at a time and switching quickly between tasks. He says there is a price to pay for doing this because what we call multitasking leads to the production of the stress hormone cortisol as well as adrenaline. Multitasking creates a dopamine feedback loop which rewards the brain for losing focus and searching for the next stimulation. The bottom line is that multitasking leads to less focus and makes us less efficient.

Miller says that multitasking is a diabolical illusion that makes us feel like we are getting things done, when instead we are just keeping the brain busy. When we multitask we don’t do any of the tasks as well as if we stopped and concentrated on them one at a time. And it’s addictive. Those of us old enough can remember back to a simpler time when we often made choices not to do things. If we were reading a book or watching a TV show we chose not to let ourselves get easily distracted. But since multitasking rewards the brain for getting distracted, we now routinely will break into everything we are doing to read an email, look to see who texted, see who commented on something we said on Facebook or Twitter.

I decided to test myself and I decided to watch a one-hour show on Netflix to see if I could watch it end-to-end without distraction. I was amazed at how poorly I did. Every few minutes I found myself wanting to go do something else. And a few times I almost automatically clicked on a different application on the computer. And I wanted to stop a lot more than I did and it was a real effort to stay focused on the show I was watching. I thought this would be easy, but apparently I am now addicted to multitasking. I wonder how many of you can do better?

One of the reasons we have gotten pulled into multitasking is a new expectation that we are always available. It used to be easy to drop out of sight by simply walking out of range of the telephone. People were not surprised to miss you when they called and leaving voice messages was a big deal. But today the expectation is that we have our smart phone with us and turned on at all times, and through that we can be called, texted, emailed and reached on demand.

Research shows that multitasking kills our concentration and is more detrimental to our short-term memory than smoking marijuana. Cannabinol, a chief ingredient of pot interferes directly with memory brain receptors and directly interferes with our ability to concentrate on several things at one. But research have shown that if you break off concentrating on a task to answer an email that your IQ temporarily drops ten points. And cumulative multitasking degrades your brain’s performance more than smoking pot.

Researchers at Stanford have shown that if you learn something new while multitasking that the information goes to the wrong part of the brain. For instance, if you read work emails while doing something else like watching TV that the information from the emails goes to the striatum, the place where we normally store skills and physical memories and not where we store ideas and data memory. If not interrupted, the same emails would be stored in the hippocampus, which is essentially our brain’s hard drive that is good at retrieving data when we need it.

Multitasking comes at a big cost. Asking the brain to constantly shift tasks burns up a lot of glucose in the brain which we need to stay focused. So multitasking can lead to feeling tired and disoriented after even a short time. I used to believe that deep thinking caused your brain to get tired, but staying on one task actually uses far less energy that constantly shifting from one task to another.

This makes me worry about what we are doing to our children who now multitask at an early age. Perhaps there is some hope since one of the new trends among many teenagers is a rebellion against technology, and that is probably a healthy thing. If the pressure to be always connected is hard on adults, one can only imagine the peer pressure it creates among teens. People of my age use email as our primary method of communication while teens almost exclusively use text. The biggest problem with texting, according to the researchers is that it demands hyper-immediacy and you are expected to return a response as soon as you get a text.

I have started my own little rebellion against multitasking. I am not checking emails more than a few times a day and I rarely check to see if somebody has texted me. After all, I need to save some time for Twitter!

New Technology – January 2015

TransistorIn this month’s blog about new technology I focus on innovations having to do with computers. It seems like there are innovations in this area almost every month.

Faster Computing through Chip Flaws. One of the more interesting lines of research at chip manufacturers is to make chips better by making them perform worse. MIT has done research that shows that many of the tasks that we perform on computers such as looking at images or transmitting voice don’t require perfect accuracy. Yet chips are currently designed to pass on every bit of data for every task.

MIT has shown that introducing flaws into the data path for these kinds of functions can speed up computing time while also cutting power usage of a chip by as much as 19%. So the MIT researchers have developed a tool they call Chisel which helps chip designers figure out just how much error they can introduce to any given task. For example, the program will analyze the impact of making mistakes for 1% or 5% of pixels when transmitting pictures and will compare quality of the finished transmission with the power savings that comes from allowing transmission errors.

Computers that Don’t Forget. A few companies like Avalance, Crocus, Samsung and Toshiba make MRAM (magnetoresistive random-access memory) devices that are replacing older RAM and DRAM technologies in chips to provide non-volatile memory. The expectation in the industry is that these kind of storage devices will replace volatile memory (hard disks) within ten years because they are much faster and use far less energy.

There are a few initiatives working on improved MRAM technologies.NEC and Tohoku University of Sendai Japan has developed a 3D processor architecture where MRAM layers are combined with logic layers. The chip uses a technology they call Spin-Cam (content addressable memory) that promises to allow more fixed memory with faster access speeds.

KAIST, a public research university in Daejeon, South Korea has developed a chip they are calling TRAM (topologically switching RAM) that uses a phase-changing super capacitor to quickly write to non-volatile memory.

Computers with Common Sense. The Paul G. Allen Foundation is awarding grants to projects that aim to teach computers to understand what they see and read. The projects will look at several different fields of machine reasoning to try to understand diagrams, data visualizations, photographs and textbooks.

The grants are part of a larger $79.1 million initiative into artificial intelligence research. This new research fits well into other Allen initiatives in deep learning to allow computers to explain what’s happening in pictures or to classify large sections of text without human supervision.

Quantum Memory. Researchers at the University of Warsaw have developed a quantum memory that will allow the transmission of the results from quantum computers over distance. Quantum computers operate very differently than Boolean computers in that they deal with probabilities rather than number crunching. Until now there has never been an ability to transfer the results of a calculation of a quantum computer because the very act of reducing it to ones and zeros destroys the result. For example, transmission of quantum results had no way to deal with the normal laser amplifiers in a fiber optic network.

The quantum memory consists of a 1 inch by 4 inch glass tube that is coated with rubidium and filled with krypton gas. When hit with a series of three lasers the quantum information gets imprinted onto the rubidium atoms for a very short period of time of perhaps a few microseconds. But this is enough time for the data to be re-gathered and forwarded to the next quantum storage device.

Self-Healing Computers. With hacking and malware on the rise, a new line of defense will be to give our computers the ability to heal themselves. Today we use a very static defense system for our computers consisting of mostly firewalls and virus checking. But anything that slips past those static defenses can be deadly.

There is an initiative at the Department of Homeland Security which is funding the development of a more active defense system that not only detects problems but which automatically fights back. The first stage of this new active defense is being called continuous diagnostics and mitigation (CDM). The goal of CDM is to enable each device in the network to self-monitor itself for signs of having been hacked. The first CDM systems will activate malware software to try to immediately rid the machine of the invader.

The next step after CDM will be to form a network-wide active defense that will allow networks to provide feedback about threats identified from individual CDM computers. In this next step the whole network will help to fight back against a problem found on one machine in the network. The ultimate goal is to create self-healing computers that continually make sure that all systems and data are exactly as should be.

Big Carriers Wear Many Hats

hatI have seen several articles lately that note how carriers like AT&T and Verizon play both sides of the regulatory fence. But this is something that industry insiders who work with these carriers have known for years.

These articles talk about how these carriers are very good at picking and choosing their arguments based upon the fact that they are regulated in multiple ways. Both AT&T and Verizon are unique in the industry because they are certified in almost every way possible in the carrier world: they are incumbent regulated telephone companies; they are a wireless carriers; they are long distance companies; both of them operate as a CLEC in some markets where they serve businesses not in their telco footprint; there are times when they are what is called a carrier’s carrier, meaning they sell wholesale connections to other carriers; and finally, they provide broadband which they deem to be fully non-regulated.

When one of these large carriers makes a statement, the first thing I have always asked upon reading it is which one of these different regulated entities within the company is doing the talking. Each one of those types of entities operates under different rules and this often gives leeway to their policy people to say something that might be truthful for one part of their company and yet be stretching the truth if applied to another.

A lot of people, even those in the industry assume that these carriers lie a lot, when in many cases they are just doing this regulatory shuffle. I have seen this same behavior for decades and I have come to understand that generally what these companies say is the truth, at least for one of the many hats they wear. The trick is to know who they are talking for, because that let’s you then respond to them properly when you need to get them to do something. But this behavior drives people crazy who are not from the industry and they just think these companies lie a lot.

On a practical note this is something I run into all of the time. For example, I help clients purchase connections to AT&Tat places like tandems. One would think that the cost to connect to an AT&T tandem would be the same for everybody, but it can vary widely depending on your own regulatory status and upon which AT&T entity you are buying from. For instance, if you buy from AT&T the phone company then you buy special access connections at tariff rates. However, if you are a CLEC then you might be able to buy at rates from interconnection agreements. If you are carrying wireless traffic you might be able to buy from yet a third set of rates. If you are a large business you can buy either from AT&T the RBOC or from AT&T the CLEC. If you are large enough you can probably negotiate unique rates that are contractual. And AT&T is very good at trying to get you to buy a more expensive connection than you might be entitled to. It’s a very confusing puzzle that comes from the fact that different parts of AT&T are regulated differently.

Several of the articles I saw talked about a recent interaction between AT&T and the FTC. The FTC sued AT&T because they have been throttling their unlimited wireless data customers for years. This has been widely covered in the press. When an unlimited customers hits some threshold like 5 GB of data for month, their speed is slowed down to the point of barely working. The FTC is tasked with monitoring false or misleading advertising and they say that these plans are not unlimited if the speeds are too slow to use.

But AT&T is claiming that the FTC has no authority to sue them. They say instead that it is the FCC that should be investigating them. Basically, by this claim AT&T is saying that they are a common carrier and subject to Title II rules, which would give the jurisdiction of the case to the FCC.

But wireless data is not subject to Title II regulation. That might change in February if the FCC decides to regulate wireline and broadband data under Title II as part of the net neutrality order. So it’s very interesting to see AT&T claiming in the FTC suit that they are a common carrier. Because for wireless data they clearly are not regulated today by the FCC. But most of the rest of their business is covered by Title II.

You know how I said that most of the time you can figure out which entity is doing the talking if you think it about long enough? This is not one of those times, and sometimes they just lie.

Our Aging Internet Protocols

HeartbleedThe Internet has changed massively over the last decade. We now see it doing amazing things compared to what it was first designed to do, which was to provide communications within the government and between universities. But the underlying protocols that are still the core of the Internet were designed in an on-line world of emails and bulletin boards.

Those base protocols are always under attack from hackers because the protocols were never designed with safety in mind or designed for the kind of uses we see today on the Internet. The original founders of the Internet never foresaw that people with malicious intent would ever attack the underlying protocols and wreak havoc. In fact, they never expected it to grow much outside their cosy little world.

There is one group now looking at these base protocols. The Core Infrastructure Initiative (CII) was launched in April of 2014 after the Heartbleed virus wreaked havoc across the Internet by attacking OpenSSL. There are huge corporations behind this initiative, but unfortunately not yet huge dollars. But companies like Amazon, Adobe, Cisco, Dell, Facebook, Google, HP, IBM, Microsoft and about every other big name in computing and networking is a member of the group. The group currently is funding proposals from groups who want to research ways to upgrade and protect the core protocols underlying the Internet. There is not yet a specific agenda or plan to fix all of the protocols, but rather some ad hoc projects. But the hope is that somebody will step up to overhaul these old protocols over time to create a more modern and safer web.

The genesis of the CII is to be able to marshall major resources after the next Heartbleed-like attack. It took the industry too long to fix Heartbleed and the concept is that if all of the members of the organization mobilize, then major web disruptions can be diagnosed and fixed quickly.

Following are some of the base protocols that have been around since the genesis of the Internet. At times each of these has been the target of hackers and malicious software.

IPv4 to IPv6. I just wrote last week about the depletion of IPv4 IP addresses. At some future point in time the industry will throw the switch and kill IPv4 and there is major concern that hackers have already written malicious code to pounce on networks that first day they are solely using IPv6. Hackers have had years to think about how to exploit the change while companies have instead been busy figuring out how to get through the conversion.

BGP: Border Gateway Protocol. BGP is used to coordinate changes in Internet topology and routing. The problem with the protocol is that it’s easily spoofed because nobody can verify if a specific web address belongs to a specific network. Fixing BGP is a current priority at the Core Infrastructure Initiative.

DNS: Domain Name System. This is the system that translates IP addresses into domain names. DNS is often the target of hacking and is how the Syrian Electronic Army hacked the New York Times. There are serious flaws in the DNS protocol that have been hastily patched but not fixed.

NTP: Network Time Protocol. NTP’s function is to keep clocks in sync between computer networks. In the past, flaws in the system have been used to launch denial-of-service attacks. It appears that this has been fixed for now, but the protocol was not designed for safety and could be exploited again.

SMTP: Simple Mail Transfer Protocol. SMTP is a protocol used to transfer emails between users. The protocol has no inherent safety features and was an early target of hackers. Various add-ons are now used to patch the protocol, but any server not using these patches (and many don’t) can put other networks at risk. Probably the only way to fix this is to find an alternative to email.

SSL: Secure Sockets Layer. SSL was designed to provide encryption protection for application layer connections like HTTP. Interestingly the protocol has had a replacement in place since 1997 – Transfer Layer Security. But SSL is still included in most networks to provide backward compatibility and 0.3% of web traffic still uses it. SSL was exploited in the infamous POODLE attack and the easiest way to make this secure would be to finally shut it down.

 

Are Smartphones Bad for Us?

SONY DSCI saw that last week was the eighth anniversary of the day when Steve Jobs introduced the iPhone at MacWorld in San Francisco. Smartphones are so ubiquitous today that it feels like it’s been longer than eight years and it’s already hard to imagine a world without smartphones. Certainly something may come along to be even more amazing, but this so far is the transformational technology of the century.

The iPhone certainly transformed Apple. In 2006, the year before the iPhone was introduced they had revenues of $19 billion with the largest product being the iPod at $7.7 billion. Last year Apple had revenues of $182.8 billion with the iPhone producing revenues of $102 billion. iPods were still at a surprising $2.3 billion (who still buys iPods?).

There were smart phones around before the iPhone from companies like Palm and Blackberry. But the packaging of the iPhone caught the eye of the average cellphone user and the smartphone industry exploded. One of my friends bought an iPhone on the day they came out and I remember being very unimpressed. I asked him what it did that was new and the only thing he could come up with FaceTime – but he didn’t know anybody else who had an iPhone at the time and we couldn’t try it. The original iPhone didn’t have many apps, but that void was quickly filled.

Now that smartphone usage is ubiquitous in the US, we are starting to see studies looking at the impact of using them. Not all of these studies are good news.

Researcher Andrew Lepp at Kent State University looked at how smartphones affect college students. Lepp’s study found that frequent smartphone usage can be linked to increased anxiety, lower grades and generally less happiness. Students who are able to put down their phones are happier and have higher grades. Lepp’s study also showed, unsurprisingly that students with the highest smartphone usage have worse cardiovascular health – meaning they are in worse physical shape.

Researchers at Michigan State found that work-related smartphone use after 9 PM adversely affects a person’s performance the following day. They found that not taking a break from work results in mental fatigue and lack of engagement the next day. Researchers at Florida State found similar results and postulated that the smartphone backlighting interferes with melatonin, a chemical that regulates falling asleep and staying asleep.

The statistics from various surveys on smartphone usage are eye-opening:

  • 80% of all smartphone users check their phone within 15 minutes of waking.
  • Smartphone users with Facebook check Facebook an average of 14 times per day.
  • A scary 24% of users check their smartphone while driving.
  • 39% of smartphone users use their smartphones in the bathroom (I have no idea what this means).

My own theory is that smartphones do so many different functions they can feed into many different versions of addictive behavior. People can use a smartphone and get addicted to playing games, or addicted to texting their friends, or addicted to using FaceTime, or addicted to reading sports scores and stories.

It’s not like addiction to technology is new. We all remember people who got addicted to early computer games. Perhaps there is still somebody today in their basement addictively playing Pong. There are many stories of people before smartphones who texted thousands of times per day. These early studies don’t surprise me and I am sure that many more studies will describe even more woes that can be added to the list of how technology can be bad for us.

Okay, I admit I use my smartphone in the bathroom – it’s a good chance to catch up on tech news. But that’s it. I swear!

The Tug-of-War Over Municipal Competition

Capitol_domeI wrote back in July that politics had reared its head in the issue of allowing municipalities to compete in broadband. Depending on who is doing the counting there are 19 to 21 states that restrict local governments from competing with broadband. In some of these states there is an outright ban on competition. In some states a local government can only build wholesale networks to lease out to others. And in some states there are numerous hurdles that make it really hard for a local government to get into business.

And there are attempts every year to add to the list. There currently is a move at the Missouri legislature to create a total ban against municipal competition. Last year a ban was passed in North Carolina (although it was made to look like it was not a ban).

Politics has entered the fray again recently in a big way. President Obama recently made a speech in Cedar Rapids Iowa in favor of having the FCC eliminate all of the bans on municipal competition. FCC Chairman Tom Wheeler has been talking about this for a long time and last summer the FCC asked for comments on petitions files by Chattanooga Tennessee and Wilson North Carolina that asked to lift restrictions that stop them from expanding their existing fiber networks.

The President had barely finished his speech when the two republican Commissions at the FCC issued formal statements against the idea. Commissioner Michael O’Rielly said, “It is clear that this Administration doesn’t believe in the independent nature of the FCC. It is disappointing that the Commission’s leadership is without a sufficient backbone to do what is right and reject this blatant and unnecessary interference designed to further a political goal. Substantively, this missive is completely without ‎statutory authority and would be a good candidate for court review, if adopted. In reality, this debate is about preempting a state’s right to prevent taxpayer rip-offs. Municipal broadband has never proven to be the panacea that supporters claim and the Administration now boasts. Instead, we have seen a long track record of projects costing more than expected and delivering less than promised.”

And Commissioner Ajit Pai said: “As an independent agency, the FCC must make its decisions based on the law, not political convenience. And U.S. Supreme Court precedent makes clear that the Commission has no authority to preempt state restrictions on municipal broadband projects. The FCC instead should focus on removing regulatory barriers to broadband deployment by the private sector.”

Obviously the President and the these Commissioners disagree about the ability of the FCC to preempt state law. I have no idea which side is right about this and I assume that if the FCC passes this that the Supreme Court will eventually decide who is right.

But what I find sad about this is that so many telecom issues are now partisan and are being argued blindly along party lines rather than being looked at for their merits. Municipal broadband is certainly one such issue.

While Commissioner O’Rielly says there is a long track record of poor performance by municipal broadband networks, the facts say otherwise. There are well over 100 municipal networks that are offering fiber to every home and business in their towns and you can count the ones that have gotten into trouble on one hand. If you look at competitive commercial broadband ventures the failure rate has to be higher than that. One of the major premises of competition is that it comes with no guarantee of success. But some communities want broadband badly enough to take this risk. And even where there has been failure, the towns still end up with a fiber network. I think the citizens of Provo are happy to now have Google fiber, which started out with a municipal system that performed poorly.

The whole anti-municipal effort starts with a handful of huge telcos and cable companies that don’t want municipal competition. In reality, these companies are against any competition and they do whatever they can to squelch commercial competition as well. But these companies are very good at lobbying and they are directly behind the recent efforts in states to expand the ban against municipal broadband.

Even though I think every town in the U.S. ought to have fiber broadband, even I am skeptical about the idea of some of the largest cities in the country being able to compete in the broadband business. One only has to look at what is happening in Austin Texas where there are now four different companies offering fast broadband in the wake of the Google announcement to build there. I don’t know that a large city could handle that kind of competition. But no large City has ever come close to building a broadband network and this issue is really about small-town America.

There are tens of thousands of little towns that have been left behind in broadband deployment. While big cities now have 100 Mbps cable modems or even gigabit fiber, these small towns have data speeds that are already not adequate and which fall farther behind each year. The rate of household broadband usage is doubling every three years and places that have broadband below 10 Mbps (often way below that) are going to be left in the economic wastelands if they don’t get broadband. They will lose businesses and jobs and their kids are going to grow up without the same technical skills that everybody else takes for granted.

That is what ought to be debated, but instead opinions on the issue are split down party lines. Why in the world would a rural republican congressman not want his local communities to build broadband if nobody else will do it for them? I honestly don’t get it, but I feel the same confusion about most issues where partisan politics overrides logic. There are arguments to be made both for and against overriding state bans against broadband. But if this was a fair debate there would be some people from both parties on each side of the issue.

Finally Time to Convert to IPv6?

In early 2011 the Internet Assigned Numbers Authority (IANA) allocated the last block of IPv4 addresses to various countries and warned that at the rate of historic usage that all those numbers would get gobbled up by ISPs within a few months. They further foresaw all sorts of new demands for IP addresses for new industry products like wearables, BYOD devices being connected to corporate WANs, an explosion of smartphones in the developing world and the early stages of the Internet of Things.

The IANA warned then that ISPs should begin migrating to IPv6 to avoid running out of IP addresses. But here we are almost four years later and a lot of ISPs still have not converted to IPv6. And yet somehow we are not quite out of numbers. The American Registry for Internet Numbers (ARIN) for the United States and Canada is still handing out IP addresses even today. How is that possible?

The major Internet players in the markets developed ways to conserve and reclaim IP addresses. At the end of 2013 ARIN still had 24 million addresses available. ARIN has been able to stretch the numbers by doing things like reclaiming IP addresses from dead ISPs, and by doling out IP addresses in much smaller blocks than historically. ARIN was predicting that those addresses would be gone before the end of 2014. But again the industry confounded them and there were still 16 million IP addresses at the end of 2014. You can see the count of available addresses at this web site, which is updated weekly.

So is now finally the time to convert to IPv6 or can the industry stretch this further? The issue is going to be of the most concern for growing networks that need a lot of new addresses. If you are growing you might should  convert to IPv6 before you find yourself stopped dead due to lack of IP addresses. ISPs that are not growing are probably good for some time since they can usually use numbers abandoned by old customers and assign them to new ones.

Why haven’t more ISPs converted to IPv6? There are a number of reasons.

  • IPv6 is not backwards compatible and once you convert you need to run what is called a dual stack that will process both IPv4 and IPv6 addresses. And you will have to do that until IPv4 addresses are finally dead.
  • The conversion to IPv6 can be expensive. Every part of your network needs to be IPv6 compatible – that means core hardware, end-user hardware, your Internet backbone provider and even content providers on the web.
  • Not all of the content on the Internet is IPv6 compatible. Almost every major site like Google, Yahoo, Facebook and anybody else with a household name is now IPv6 compatible, but there are older content providers who have not bothered, and maybe who will never bother to make the conversion. (And it’s not so much the content, but the servers they sit on).
  • There is no problem buying new hardware that is IPv6 compatible. So any new gear being installed today is already IPv6 compatible. But this is no help for older routers and gear that is not easily upgraded, and many companies are holding off to avoid the capital outlay or upgrades that will be needed to convert to IPv6. There probably is no way to upgrade a 10-year old DSL modem or a DOCSIS 1.1 modem to IPv6 without changing devices.

But we are finally seeing some large players converting. For example, Comcast converted all of their cable modem customers to IPv6 during 2014. But some other large ISPs are still holding back. Other parts of the industry have converted – most smartphones now use IPv6 as well as new game consoles.

Now that some large ISPs have converted and most of the web has converted most industry experts expect the rate of conversion to accelerate. Small ISPs need to pay attention to what is happening with IPv6 because you don’t want to be the last one to make the conversion. Once most of the rest of the world has converted you can expect to start having compatibility problems in unexpected places. And eventually the large carriers are going to declare IPv4 dead and cut it off. I’m thinking that most small ISPs ought to finally think about converting by no later than next year. If you wait longer than that it becomes a crap shoot.

The GAO Studies Data Caps

meter-hiThe General Accountability Office (GAO) issued a report near the end of last year that said that broadband customers don’t want caps on their data. That’s not a surprising finding. The report was generated in response to a request from Rep Ann Eshoo of California. So the GAO issued a survey and held focus groups looking into the issue. They also talked to the large ISPs and the wireless companies about their networks.

They concluded that there is no reason to have caps on landline bandwidth because networks generally do not experience congestion. The large ISPs used the congestion argument a number of years ago when they first experimented with data caps. But the large cable companies and telcos admit that congestion is no longer an issue.

The average customer understands this as well. You don’t have to think back many years to a time when your home Internet would bog down every night after dinner when most homes jumped onto the Internet. But there have been big changes in the industry that have gotten rid of that congestion.

Probably foremost has been the cost to connect to the Internet backbone. Just five years ago I had many small ISP clients who were paying as much as $15 per dedicated megabit for raw bandwidth from the Internet. That has dropped significantly and the price varies from less than a dollar to a few dollars depending upon the size and the remoteness of the ISP.

During this same time there has been an explosion in customers watching video and video is by far the predominant use today of an ISP network. Video customers won’t tolerate congestion without yelling loudly because if the bandwidth drops too much, video won’t work. When Internet browsing consisted mostly of looking at web pages customers were less critical when their bandwidth slowed down.

So ISPs today mostly over-engineer their networks and they generally try to provide a cushion of 20% or more bandwidth than what customers normally need. This has also become easier for ISPs because of the way they now pay for bandwidth. Ten years ago an ISP paid for the peak usage their network hit during the month. They paid for the whole month at the bandwidth demand they experienced during their busiest hour of the month (or perhaps an average of a couple of the busiest hours). Slowing customers down during the busiest times under that pricing structure could save an ISP a lot of money. But now that bandwidth is cheap, ISPs routinely just buy data pipes that are larger than what they need to provide a bandwidth cushion. Because the ISP has already paid for the bandwidth to provide a cushion there is zero incremental cost for a customer to cross over some arbitrary bandwidth threshold. The ISP has paid for the bandwidth whether it’s used or not.

This is not to say that there is never congestion. Some rural networks, particularly those run by the largest companies are still poorly engineered and still have evening congestion. And there are always those extraordinary days when more people use the Internet than average, like when there is some big news event. But for the most part congestion is gone, and the ideas of data caps should have gone away with the end of congestion.

If the data caps aren’t about congestion then they can only be a way for ISPs to charge more money. There is no other explanation. ISPs with data caps are taking advantage of their biggest users to nail them for using the Internet in the way it was intended to be used.

Consider a cord cutter household. Derrel, my VP of Engineering has cut the cord and his family, including five kids, uses OTT services like Netflix as their only form of television viewing. The average streaming video in the US uses between 1 Gb and 2.3 GB per hour, depending upon the quality of the stream. For ease of calculation let’s call that 1.5 GB per hour. If Derrel’s family watches video for three hours per day he would use would use 135 GB in a month, and at six hours per day 270 GB. Plus he would still use bandwidth for other things like web browsing, emails with attachments, backing up data in the cloud, etc. Since Derrel works at home and I send him a lot of huge files, let’s say that he uses 100 GB a month for these functions.

And so Derrel might be using 370 GB a month if his family watches 6 hours of streaming video per day, and more if they watch TV more. How does this compare the data caps in the market?

  • Comcast had a data cap of 300 GB. They removed it after public outcry but are back testing it again in some southern markets. It just came back onto my bill in Florida.
  • AT&T Uverse customers have a monthly cap of 250 GB while AT&T DSL customers have a cap of 150 GB.
  • CenturyLink has a cap of 250 GB on any plan that delivers more than 1.5 Mbps.
  • Cox has caps that range between 50 GB and 400 GB depending upon the plan.
  • Charter has caps between 100 GB and 500 GB.
  • Suddenlink has caps between 150 GB and 350 GB.
  • MediaCOm has caps between 250 GB and 999GB.
  • Cable One has caps between 300 GB and 500 GB.

Derrel’s household, which is probably pretty representative of a cord cutter household would almost certainly  be over the monthly data cap for all of these providers. Note that there are plenty of providers that don’t have data caps. Companies like Verizon and Frontier don’t have them. But I feel certain that if data caps start producing a lot of revenue that you will see those companies look at data caps too.

Data caps on landline data really make me mad because I understand how networks are engineered and also how ISPs buy their underlying data. This is nothing more than trying to find a way to squeeze more money out of the data product. It lets ISPs advertise a low price but charge a lot of their customers more than that.