Should the FBI Be Able to Wiretap the Internet?

There is currently a government task force that is working on proposed legislation that would give the FBI the ability to ‘wiretap’ data. This is very different from what is available today. Today, ISPs are required to comply with the ability to turn over electronic records by a series of laws referred to as CALEA, which is from the Communications Assistance for Law Enforcement Act. Under a CALEA an ISP might turn over emails or a list of the web sites that a given customer has visited. ISPs generally retain such data for 60 – 90 days for all customers and it is then automatically deleted unless law enforcement requests it. But CALEA requests generally are for historical data and are not ‘wiretaps’ when it comes to data usage. This new proposal would give law enforcement live access to a customer’s data in the same way that phones have been historically wiretapped. And this is a law with teeth. The proposal includes a $25,000 per day fine for companies who aren’t wiretap capable, with those fines doubling after 90 days for non-compliance.  There are a number of issues with this idea.

It Goes Against the Direction of the Industry

The business world is rapidly heading to the cloud with data. There is a long list of benefits of using the cloud and businesses get it. But before a business will send sensitive data out of their control into the cloud they generally encrypt it (or they should). Companies are not going to put sensitive financial data, trade secrets and things like legal correspondence into the cloud if there is any chance that other parties can somehow crack and read the data. The whole point of encryption is that only the parties involved can unencrypt it.

It seems like the FBI law would forbid this kind of encryption. This would have a ton of ramifications on the industry. Businesses are going to refuse to put sensitive information into the cloud if it can’t be encrypted. This means that they will probably continue to use company-specific LAN storage rather than the more efficient cloud. Further, company lawyers are going to advise companies to not use the cloud if everything there can be wiretapped. Today a subpoena is required to get information that a company keeps on their own servers. But a wiretap at an ISP could be done without the knowledge of the person or company being investigated. No corporate attorney is going to agree to let a company expose themselves to being investigated through the back door just to gain the advantages of using a cloud service.

The FBI’s idea will also put all of the companies that supply encryption out of business. There are a number of businesses that sell encryption to cell phones such as Cryptocat, Silent Circle, Red Phone and Wickr. There are many software packages that can be used to encrypt data files such as Folder Lock, SensiGuard, Safehouse, SecureIT, Cryptoforge and many others. And almost every maker of carrier class transmission equipment, servers and related software has an encryption product.

It’s Costly

One of the biggest issues with the proposed bill is that it casts a far wider net of companies who must comply with a wiretap than who must comply today with CALEA. Today CALEA applies to the companies that supply a basic data pipe to a customer, to whoever is the physical ISP. This may be a telephone company, cable company, wireless ISP or cellular provider. But every firm who must meet CALEA today is a carrier of some sort. They have a physical hub where they perform ISP functions. These hubs are the sort of places where CALEA makes sense.

But the proposed law would impose a more complex obligation on other web-based platforms like Facebook, Google, Yahoo and AOL. Those are all big companies and one might assume that they can all afford to do this, and you might be right. But the same requirements would apply to much smaller firms and start-ups who store and or process customer data. It’s going to be technically challenging for a web-based platform to give live access to data. They just are not configured that way. And the cost to design a system to enable that is going to be costly and inefficient.

The cost of compliance will deter future small start-ups. And if you don’t think that is true, let me give you a real life example of when CALEA costs became an issue for a small carrier. It is very difficult for a small ISP to comply with CALEA on their own, so there are companies who sell CALEA compliance. If you get a CALEA request they overnight you a black box that rides next to your core servers and captures the data that law enforcement wants. This kind of service costs about $600 per month. I have a small City client who wanted to become an ISP just to serve themselves, some other local government agencies and some non-profits. Since they were facility-based using their own servers then CALEA applied to them. They almost decided against doing this since the CALEA fees ate up most of the monthly savings they were trying to bring to their town. I know that is a very tiny dollar example, but I foresee the new requirement to be much more costly than CALEA. Small firms will have a very difficult time creating the ability of live data wiretaps and this is going to stifle small web firms.

It Goes Against the Basic Premise of the Internet

The main premise of the Internet is that it is a decentralized network. The wiretap proposal relies on some of centralized hub in order to implement a wiretap. There has to be a place where you can guarantee that the data the government wants to see will flow. That is a whole lot harder than it sounds and it would end up resulting in some fundamental changes in the way that Internet traffic flows. And that could be the costliest impact of all.

The traffic on the Internet keeps growing at nearly exponential rates. Carriers have been able to keep up with the bandwidth demands because they have upgraded the networks to be more and more efficient over time. This change would go in the opposite direction and would make the network more inefficient.

I fully understand and appreciate the needs of law enforcement. But this could be one of the biggest unfunded mandates ever if it ends up impeding the efficiency of the Internet. The Internet is now a fundamental part of everyday life and is a lifeline for most businesses.

It just seems like a colossally bad idea to me to impose a costly change on everybody that is intended to only catch a few bad guys. Particularly when the smart criminals will avoid these wiretaps. They will find a black market way to self-encrypt their data or they will avoid the web altogether. So this is really just a proposal to catch the dumb criminals. It seems like too great a cost for such a paltry goal.

A Look into my Crystal Ball

Technology of the FutureI have spent quite a bit of time recently reading futurist books and articles that think about the most likely future. I’ve done this to the point where my wife asked me if I am unhappy with the present! After chuckling, I told her that I am happy now. But thinking about the future is a worthwhile effort when one is engaged in a technology-based industry. Everything I have read tells me that selling to residences is going to change a lot over the next few decades. And I believe that those who understand where the trends are taking us can begin preparing for that future today.

So what will the future residential customer want from a telecom company? Everything I have read tells me that traditional telephone service and cable TV service as we know it today will not be around. Voice will have become a total commodity. You will probably be able to put a phone in your house if you insist, but it will be an IP device and very few people will still have a traditional telephone.

Within twenty years voice will be a commodity for cellular service also and the cell phones we carry today will also be a thing of the past. There will be devices far smarter than our ‘smart’ phones. Many of these devices will be somehow integrated into our body and will be far more sophisticated than the first generation of Google glass. I am not enough of a futurist to predict the specific technology that will win the battle, but we will not be carrying around a device whose primary purpose is to talk to people.

Cable TV is headed down the same path and there will no longer be a subscription to hundreds of channels for a high price. Video will be available ubiquitously on any device you want to watch it on. People will subscribe to the programming they want and will not pay for what they don’t want.

But people will still want bandwidth at their homes – lots of bandwidth. As we move towards the Internet of Everything, where multitudes of devices will include cheap chips and will be networked together to make our lives easier, the average house will want a lot of bandwidth.

And there will be two kinds of bandwidth providers – dumb pipe providers and service providers. There are already dumb pipe providers today. I live in the country and I get my Internet access through a wireless link from a nearby tower. And that wireless link is all that my ISP sells. They don’t offer any other services over that link and I doubt I would buy them if they did. I have my smart phone to give me everything else.

Many of today’s networks will morph over time to become dumb pipe providers. They will raise the price of bandwidth until it is high enough to compensate them for their network. They will have much smaller staffs than today who will be needed just to install and maintain the network.

But there will be another kind of provider that I call a full-service provider. They will also deliver a bandwidth pipe to the house, but they will also provide a host of services. And mostly these services are going to look like a future version of today’s Geek Squad. These companies will send technicians into people’s houses to help them make everything work together. When there is an Internet of everything it is going to get complicated. People who are not very technological are going to want lots of help to customize the many options to get just what they want. And so when a technicians visits he might be asked to help a customer get a medical monitor working right, find some programming they had trouble locating, fiddle with the controls for the lighting, and put a different personality on the home AI. The service-oriented provider will build customer loyalty and will be perceived as something very different from the dumb pipe provider.

There is a lesson today from envisioning this future. Far too many service providers today sell products that they treat as commodities, and once they sell them they rarely talk to their customers unless there is a problem. Technology has already gotten complicated for the average household and I think there is already a market for sending technicians into homes to make things work together better. I have clients who do this and they say that changing to a service model is the best change they ever made. They generally sell something new every time a technician visits somebody’s home. But the vast majority of the telecom companies I know look a lot more like the dumb pipe provider. They may sell telephone and cable TV on their data pipes, but what are they going to be left with when those products turn into a commodities and then disappear into the cloud?

Open Access: Europe versus the US

Europe - Satellite image - PlanetObserver

When cities build fiber networks in the US, one question they always ask is if they can make their system open access. By this, they mean that they want to build a fiber network, but they prefer not to be in the telecom business and instead would prefer to attract multiple providers to the network to use the fiber and compete for customers. The cities just want big bandwidth for their citizens and most cities would prefer to not compete in the telecom business.

Open Access works well in Europe but has been a failure in the US. Why does it work there and not work here? The main reason it works in Europe is that a number of high-quality service providers are willing to use somebody else’s network, especially a fiber network, to provide service. In Europe ISPs are willing to compete side-by-side with other ISPs even though there is no inherent advantage of one service provider versus another when they are all on the same network.

A perfect example of a European open access network that attracted competition is the one built in Amsterdam. Much of the basic infrastructure has been built by the City, although there have been some private partners recently building some additions to the network. But all parts of the network are fully open access. There are thirteen major service providers offering services on the Amsterdam fiber network – Canal Digitaal, Concepts, KPN, Fype, Online NL, Ligbrandt, Scarlet, Tele2, Telfort, UPC, Vodafone, XS4ALL, and Ziggo. In addition there are around 25 other ISPs who serve smaller niches of customers, often with specialty products such as medical monitoring or small business service.

A few of these service providers are large incumbent providers that had monopolies in their own countries before the formation of the European Union. For example, KPN is the incumbent provider for the Netherlands. Vodafone was an incumbent provider in Germany.

It’s easy to contrast this with the US. There have been a number of cities that have built open access networks in the US and who then tried to lure ISPs to serve in the networks. Some of the open access networks include Tacoma, Provo, Utopia (small towns in Utah), Chelan PUD and a number of other smaller PUDs in Washington state. In none of these cases did a large or incumbent cable provider or telephone company agree to bring service to these fiber networks. In every case the cities that built the networks had to scramble to find local ISPs who were willing to tackle the business. And in almost all cases the Cities had to give a lot of help to these local ISPs in the early days to help them succeed. The ISPs that have operated on US open access networks are generally small, local and under-capitalized. None of the US competitors are of the size or strength of the competitors in Europe.

Why do the big telcos and cable companies in Europe step up and compete against each other while the ones in the US do not? On the European side of the equation, the competitive attitude goes back to the beginning of the European Union. The European Union built slowly since the early 1970’s, but it took on most of its current membership by the early 1990’s. In the mid-90’s there were various treaties signed which opened the borders between European nations, both physically and in terms of commerce. Before that time almost every European country had a monopoly telecom provider. But when the gates were opened to competition, a few of them crossed borders to compete and soon everybody jumped into the competitive fray.

But in the US I can’t find one example of an incumbent cable company competing against another incumbent cable provider. And the large telephone companies barely compete against each other. They fight hard for things like the contract to serve the US government, but overall they barely compete in each other’s territory. And even in most of the US where there are two providers, a telco and cable company, for the most part both parties charge high prices and do not compete heavily with each other. The system in the US is referred to in economic terms as an oligopoly, where a few large providers have divvied up the market to mutual benefit. While there is competition, it is nothing like the real competition seen in Europe.

But I must grant that it probably would be difficult for a large US telephone or cable company to provide service on somebody else’s network. These companies are highly decentralized and it often requires groups from many states to come together to provide service to a new customer. The processes used by the large incumbents are so specific to the way they do things on their network that it might just be too costly for them to modify those processes to serve on a different network.

But whatever the reasons, Europe enjoys tremendous competition for customers, particularly where somebody has built a fiber network. But in the US no such competition exists, other than in metro areas where CLECs still vigorously compete for large business customers in highrises.

Choosing the Lesser of Two Evils?

FTTH fiber-to-the-home

FTTH fiber-to-the-home (Photo credit: dvanzuijlekom)

Today our guest blogger is Ron Isaacson, a former employee and still a good friend of CCG’s.

A number of years ago, the large ILEC in our area installed fiber optic lines in our neighborhood and soon started offering their FTTH product line in the area. The cable provider had already been in the neighborhood for a while and was already fiercely pushing their bundled service packages. We finally were going to have the competitive market version of a boxing match. SWEET!!

Our family had “Dish” TV service, satellite access that worked most of the time – except when bad weather interrupted the signal. We had dial-up Internet through a local ISP, back when the bandwidth offered on dial-up was still relatively decent, and we had our telephone service through a local CLEC. Being a telecom consultant I liked splitting services between the different vendors because no one monopolist had their claws fully in my back pocket. I might have been paying a little more for this split service, but it made sense to me.

However, the FTTH offerings changed the whole equation. Cable offered a full package too, so we had a choice.

Having had previous horrendous customer service experiences with both the ILEC and the cable company we were at a quandary as to which 21st Century telecom service to commit to, so I decided to take a poll: I asked a bunch of my neighbors which service they subscribed to and why, and how were the services provided?

The results were a classic case of monopolistic bad reputations! Either a family absolutely hated the ILEC and had signed up with cable, or they absolutely hated the cable company and had signed up with the ILEC. Apparently, no one truly loved either telecom provider and they just chose the company that they hated the least. (It’s been a few years, hopefully this has changed!) I couldn’t help but thinking that both companies are as bad as the worst of the stories about the airlines!

We chose the ILEC, but the notorious nature of the story was just getting started. Our telephone number, which we had for over 25 years, was an exchange-level “FX” number, meaning that all of the customers with that exchange were billed as if the service was down-county, closer to the metro-area. The rep advised that this was not a problem, that they could still do the switch.

Once the FTTH was installed, the Internet and TV service worked beautifully, but it took another 35 days for the phone service to be re-connected because, and this is a quote, “The fiber can’t handle the FX line.” At this point I laughed and replied, “I beg to differ. The fiber doesn’t know the difference, and doesn’t care….it is your systems that are messed up!”

After 35 days, they decided to run the telephone service over the old copper pair, and bill it as if it was on the fiber. This actually proved to be a good thing when the electric power went out due to an electric utility that also possessed byzantine customer service skills.

Years later the ILEC came back and reconfigured the FTTH to include the telephone service on the fiber. Incredibly, the telecom service that was the most troublesome for the telephone company to install….who knew?

Years later, this experience still shades my view of the ILEC, the gang that proved to me beyond a shadow of a doubt that they can and will shoot themselves in both feet.

Thinking of my installation experience with fiber made me think back to something that had happened to me earlier. Many years ago, in the hay-day of the long distance marketplace during a customer service training seminar, the class discussed the results of a poll showing the reasons that customers cancel their service with carriers. A couple of facts stuck with me: First, 3% of customers die and there’s not much one can do about that. Additionally, about 5 to 10% of customers move, or otherwise change locations. Again, not much (at that time) that could be done about that.

However, over 50% of customers cancel because of rudeness or indifference from customer service personnel in reference to a given incident. There were reasons filling in the rest of the 100%, but those three points stuck out to me – two that you can’t do anything about and one that we definitely can.

The bottom line I took away from that training, and my experience with the telephone company is to be sure that every customer is treated as if their service matters, as if their patronage is appreciated.

Data Mining – It’s Not What Customers Think

I know that when the public hears that their ISP is engaging in data mining that they assume this means that the ISP is reading their emails and monitoring their website viewing. And ISPs do have the ability to do those things although I don’t know any who spy on their customers in that way.

I can certainly understand why data mining scares the average consumer. Supermarkets get you to sign up for their loyalty programs so that they know everything you buy from them. And I know I get a spooky feeling when I express an interest about some product in one place on the Internet and then see ads for that product pop up on Facebook or my Google search.

But data mining is a valuable tool and every ISP should be using it – just not in the same way that the supermarkets and Facebook do it. In fact, we probably need to come up with a better terminology for doing the things I am suggesting below.

There are a number of tools around that let you look at data about customer usage and these tools allow an ISP to do the following:

  • Spambots. There is a wide array of spambots and other malware on the web that can infect customers’ computers. The worst of these, from a network perspective are spambots, which take over your customer’s computers and use it to send out spam. Most ISPs monitor email usage from their own domain and can spot when one of their users has been taken over by a spambot. But most customers these days do not use the email names and domains assigned by their ISP. Instead they web email addresses such as gmail or even the older AOL. And some spambots create new email addresses that the customer doesn’t even know about. And so data mining can be used to look for customers with unusual upload traffic. No customer is going to be offended if you ask them if they are uploading traffic 24 hours per day if in the process you help eliminate Trojan horses and spambots from their computer.
118 - Another File Sharing Session

118 – Another File Sharing Session (Photo credit: erickespinosa)

  • Web servers. Most ISPs do not want a customer to be using a residential ISP account to run a commercial web server. A web server is a device that is being used to run a website or service that drives a large amount of download traffic. Such a website might be used for e-commerce for example. But far too often web servers are used to run porn sites. ISPs are not against web servers, but they do expect people who operate them to buy the proper business level service. A web server can be full 24-hours per day, and that is generally not the level of service that is intended for a shared residential product. Data mining can be used to identify web servers and the customer can be directed to a more appropriate (and appropriately priced) service.
  • Data Caps. Most ISPs have set some cap on the amount of usage that a customer can download in a month. And these caps do not have to be small. I have one client that has a 2 terabyte cap each month for residential downloads. But there is no sense in having a data cap if you can’t actually measure how much bandwidth each customer is using. Data mining tools are the way to measure customers’ usage.
  • File sharing. Most ISPs have terms of service that prohibit customers from sharing copyrighted materials with others. But realistically an ISP is not going to know what customers are sharing with each other unless you get a complaint from a copyright holder. But many ISPs still like to get a handle on file-sharing because such traffic can eat up a lot of system bandwidth. Data mining can help you identify customers who are probably involved in one of the common file sharing programs.  An awful lot of file sharing is done by teenagers. I have clients who send out friendly reminders to customers who they think are file sharing that say something like: “We notice by your internet usage that you are probably running a file sharing program. We would just like to remind you that it is illegal to share copyrighted material and that there have been cases where copyright owners have gotten significant settlements by suing people who were sharing their property.” Such notices cut down on a lot of file sharing traffic as parent pressure kids into doing the right thing.

So you should be data mining. But perhaps the things I have described could all better be classified as network management, a term that would not dismay your customers.