I note that Feedburner is creating a service to intermediate RSS feeds (hat tip: Marc Canter). This service takes your existing RSS feed, and re-purposes it by gathering various statistics and modifying it in prescribed ways.
Perhaps we're seeing the slow return of the smart network. Just this time it comes as a pick-your-own form, where you select the chain of clever things to be done with your bitstream. Indeed, maybe the whole "smart" vs "stupid" is barking up the wrong tree. The only thing that matters is whether you are free and unconstrained in your choice of services and intermediaries; or shackled and forced to pay perpetual tributes to your connectivity provider.
As a thought experiment, imagine a world of routers where you could run your own software agents at every node. This would be a very "smart" network, but a totally uncontrolled one by the node operator. What does this do to the end-to-end argument? Answers of the back of an RSS feed, please.
Gregory Narain summarizes at Corante the arguments why pull-based publish/subscribe messaging will supercede push-based email.
To me, there's an interesting follow-on from this. We're seeing the further elimination of the middleman from your communications system. Up until now you've had to rely on an ISP's mail server or service provider's IM system to relay your messages for you. Your pipe provider may even ruthlessly block ports and impose contract terms to force you through their SMTP service.
Updating a RSS feed is no more complex than an file transfer. The data needs to be stored somewhere in a data center, because your laptop goes on and off-line all the time. The storage for that file could be anywhere; it doesn't need to be bonded to your connectivity provider. The "store" is being separated from the "forward". Maybe we need a new metaphor? "Stash and squirt"!
Separating storing from forwarding certainly fits with a general pattern of the communications industry being re-formed from vertical integration into thin, loosely-coupled horizontal layers. I wonder if rather than enless polling of RSS feeds we will see the signal "you have new mail" becoming an intermediary function of its own. That's the bit you will pay for -- the notification of a change out there in the cloud.
It's almost as if there's a general principle forming. In a world of optically-switched fiber and multi-terabyte hard drives, there's no money in storing or forwarding. You can't ask for rent for a product that isn't scarce. But there is money in doing the "dy/dx" on all this and telling people when something has been stored or forwarded.
This "nth-order derivative" principle might have some legs. Consider IBM's On Demand initiative. Ignoring the marketing warmfuzzies they are trying to incite, there's some real substance behind this. One is "scalability on demand". Imagine you have a sudden and unexpected increase in the rate of growth of your business. That's the third derivative (rate of change of acceleration) of "store, process and forward data".
So if you're having trouble making money with your current business model, just do some calculus on it and take the next derivative. No money in retailing fashion clothes? Then try telling people how fashions are changing. No money in that? Which fashions have the greatest rate of change. And so on.
All rather bizarre.
Today's sermon is about customer relationship management. Or more accurately, the lack of it in most corporations, especially telcos. So that's the vicar's punchline. Now on to the interminable joke.
All corporations maintain relationships with their stakeholders.
The first is with their financial stakeholders. Until you have liquid capital, you can't hire any employees, buy production equipment, or acquire inventory for sale. Those financiers may be shareholders, bondholders, or other creditors. As a society, we've created a special technology to manage this task, called double-entry bookkeeping. This bean tracking helps us answer an important question: is this company profitable, and therefore deserving of further capital? We've also created a priesthood to manage that accounting technology, and established a lot of complex rules about what can and can't be placed in the asset and liability columns. The priests live in a monastery called the Finance department.
For the hard of thinking, I'll spell it out again. We have created a specialized function for managing the relationship between a company and its money. Every company of any size has a dedicated organization to the operation of this technology. But that function is just a service role. Another part of the company, the Sales & Marketing team, is typically carrying the can for actual profit and loss. If the figure at the bottom of the annual report summary page comes in parentheses, the head of Finance generally keeps her job as long as the loss is reported accurately.
Once you've acquired some capital, you need some people to do things with it. You lure in employees, contractors, serfs and slaves with wild promises of reward, freedom and weekly foosball championships. These people need contracts of employment, relocation packages, and purging of individual identity (a.k.a. "induction training"). The managers who make the hiring and firing decisions don't want to do all that messy admin work. And they particularly don't want to deal the subsequent police work of tormenting wayward employees with formal reprimands. Even worse is the execution of waves of random headcount reduction to get rid of the people you just hired. So along with the Finance priests, we have the Human Resources department. Think of it as the people equivalent of the sewage system. Clean stuff comes in, nasty stuff goes out, someone else lets you pretend you don't know how these two things are connected.
Again, the HR department doesn't really carry the can for poorly performing teams and bad hiring decisions. The managers of those hiring business units are in the firing line (if you'll excuse the pun).
The malcontent employees need some soulless work environment in which to fail to thrive. Something that keeps the rain off, the heat in, and the bugs out. So we create a Facilities department. Whether any productive work occurs in a building won't affect the VP of Facilities' annual bonus. He just needs to demonstrate he's paying a few cents less than the competition for floor space, and that no employees were allowed to evade the cube police and take control over their work environment.
So now we have legions of warm, deliriously happy and well-paid people. They just need to do something useful, like create a product or a service. Now they need some PCs to surf the web with, and advanced phones with spiffy voicemail features to screen out all contact with customers. Plus a raft of expensive and poorly-written business applications, and a bit of network string to hold it all together. Guess what. We have a dedicated function for this evil technology stuff. The IT department has all the grease monkeys of the server room supplied with freshly piped code to install and break.
But the IT department doesn't directly bear responsibility for the technical performance of the product. Instead the Product Development, Product Management and Project Pipeline folks specify features and then track product operational metrics. If a product is sick and doesn't get better, the Pipeline team aren't allocating the money to the right get-well activities. The VP of Everything To Do With Products gets the chop when the products are bought by customers in droves and then fail to work.
Of course, those products don't just appear out of thin air. The IT people need software and servers to support their creation and operation. The bits of the product need to be sourced from somewhere before being assembled and retailed. This means spending money on supplies. You can see what's coming. We've got a team to do this, Supply Chain Management. They're the conservationists of the enterprise, preventing the premature logging of the money groves. But it's the head of Product, IT, Production, Logisitcs or Retail that gets the pink slip if the wrong stuff is asked for and bought.
I hope by now you've seen the pattern. (If not, you should be smarter. Sorry. Can't help you.) We've looked at key relationships of a corporation: with its financiers, employees, physical capital, technology, and suppliers. In each case we found a specialist function that manages that relationship and acts as an internal supplier. Finance, HR, Facilities, IT, and Supply Chain Management are never profit centers. You go to jail for trying to change this. In each case there were accountable business units calling on these services.
We have, of course, missed something. Just a teeny, weeny oversight. Those belligerent, money-pinching customers. They're stakeholders in the business too. Who looks after technical execution of that relationship?
Oh dear. Perhaps Fred does in Finance. Or Mary in Marketing. Didn't Carol in Customer Care run the CRM project? But Steve in Sales is jealous of that project. Paula in Product has her concerns too.
We've got a mess. The management of the most important relationship is scattered all over the place. Fred wants to consolidate his credit management across all the accounts each customer has. Mary wants to understand the customer's needs at the household level, not just the individual subscriber. Carol wants to know if this is the same person who called in with a complaint on their other account last week. Steve is desperate to stop sending round multiple salespeople making duplicate sales calls for each product line. Paula's afraid of all those passwords the customers have to remember. Will anyone be able to get past the login screen to the new product?
Funnily enough, these issues have a common cause, and it's already a recognized (if still emerging) discipline. Identity Management. In a way, it's just how you answer a really simple question: who is this person? That's it. Unfortunately, a world of pain and complexity awaits those who enter. Identity Management is the Fermat's Last Theorem of business. Easy to pose. Fiendish to solve.
The four key axes are as follows:
1. How do we locate this customer? You don't know someone unless you can ask for data that uniquely differentiates them from everyone else. This includes the obvious things like account numbers and login user names. It also includes those profile fields that you use to search for individual customers: name, address, social security number, etc.
2. How do we authenticate this customer? You don't know them if someone else can act as an impostor.
3. What are they authorized to do? You don't know someone unless you place appropriate bounds on their capabilities. (Is it safe to give someone a pair of scissors? Only if you know they aren't a young child or a psychopath.) You can't protect your customer's privacy either unless you constrain what other customers can see and do.
4. How else do we know this customer? Your customer may subscribe to multiple products that you offer. You don't know your customer until you get a complete picture of their portfolio of relationships with you.
None of these activities is trivial. Coordination of the policies on data collection procedures and storage formats is a lot of effort. Federated authentication is not easy to retro-fit into an operating company; too many legacy IT systems and incompatible security profiles. Getting the permission of customers to do things is a pain. Accurately matching multiple customer records is really hard.
This sounds at least as difficult as double-entry bookkeeping. Harder than leasing a new office. As tough as hiring and firing.
So here's my prediction. In ten to twenty years from now, every large corporation will have an extra VP. This person will be tasked with the technical execution of the customer relationship. They won't be responsible for P&L, product performance, sales targets, or IT system uptime. Just for knowing the customer, and enabling business units to build sales from that relationship. And any corporation that gets there early will have a large lead over its competitors. Particularly in an industry where product differentiation disappears and outstanding service execution is the new strategic imperative.
Welcome the VP of Identity Management.
Over at Kuro5hin there's the prospect that the US public will be inundated with junk faxes again, due to some corrupt legislation. (That's corrupt in this sense, not that sense.)
I'm also receiving unwanted telephony, again. No caller ID, silent, drops after 10 seconds. Every afternoon.
Clearly, this is a network with sociability problems.
The wireline PSTN (as originally designed) assumes totally dumb devices attached to a smart network. When extended to wireless phones, the telephony aspects of the smart device remain under carrier control. You and I aren't supposed to be rolling our own telephony. The system also came wired up with the naming system of telephone numbers, and assumes these are issued to paying account holders who can be easily traced. Because the network is smart and inflexible, telephone numbers are the only identifier it will ever support.
When you attach a smart device to a socially naive smart network, and that device is owned by a malicious third party, you get problems. These junk faxes and multi-number autodial telemarketing calls undermine the assumptions of the original PSTN design. Firstly, a human would dial each number. That rate-limits the abuse. Secondly, all end points are good and trusted, and thus every call should be relayed without any questions asked. Since everyone is a goody-goody, it's OK to withhold their ID if they don't want to, as nobody does anything naughty. And even if they did you can always complain to your carrier (hoho). You, the callee, don't really need to know who is trying to interrupt you.
To put it another way, there isn't any abuse, but if happened there won't be much of it, and if there is some it isn't a problem, and if it becomes a problem we know who to kick off the network. These are all false.
The root issue is a rupture in the trust model. You can either have a controlled environment where abuse is limited by design of a smart dedicated-purpose network. SMS is sort-of in this camp, although a bit leaky. Instant messaging is a better example. Yahoo! doesn't need to know who I really am to stop mass chaos on their IM network. The other destination is where you have an uncontrolled open environment where anything goes but there is some traceability to an abuser. A very savvy but inflexibile network with a weak ID system, or flexibility and a strong ID system.
Unfortunately, we don't have either today. On one hand we have a naive and inflexible telephone network with a moderately strong but rapidly degrading public identity system. On the other, we have a scintillating Internet which is a cess pit of abuse due to the absence of a decent identity infrastructure. And having spent half this last weekend expunging spyware and trojan dialers from my parents' PC, I should know.
The smart devices attached to the idiot savant PSTN network come in two flavors. The first are the telemarketing and junk fax services that use traditional circuit switching. These are amenable to regulation because circuits are naturally traceable. They're part of the closed PSTN ecosystem. Intermediaries record each circuit that is established, including the upstream and downstream physical links. There's an audit trail for abuse. Even if you spoof your caller ID, your service provider keeps a record. All you need are rules to make the abuse legally as well as socially unacceptable.
The second form of smart device is attached to an IP network which then has a gateway to the PSTN. As I've written before, these pose a threat to the existence of the PSTN. You are attaching to the PSTN devices that bridge to the Internet. The PSTN assumes the edges are benign. The edges of the Internet are anything but benign. Malevolent intent is a cross-border contaminant. A widespread bug in a PC telephony application or analog telephone adapter could result in millions of zombie autodialers. The PSTN could collapse. It collapses without much prodding today -- just think of any large-scale public disaster that prompts everyone to reach for their cell phone to check their friends and family are OK. Even if technical collapse is averted, the loss of confidence from having your phone endlessly ring without control could be fatal. VoIP that interconnects with and imitates the PSTN may become a parasite that kills its host.
IP communications need a new digital social infrastructure to succeed.
My prediction is that the telephone numbering system will be quietly abandoned over a period of 10-15 years. By the end of next year it is easy to imagine services like Skype, that have their own identity namespace, scale to huge numbers of call minutes. Just ten million active users running up a thousand minutes of use each a year would make Skype bigger than many carriers. Buy yourself a Skype phone with an LCD display, select someone from your address book, and who cares if it is a phone number or a SIP URL you're contacting. On the corporate side, Microsoft will help enterprises federate their Exchange and Live Communications servers to stay ahead of open source commoditization, and VoIP over VPNs will become the norm for enterprise telephony. Your Windows logon and email address will be your ID. It won't be possible to have telephone numbers without the baggage of the telephone system, so we'll just have to ditch it.
(Telcos underestimate the threat from VoIP precisely because it has no revenue associated with it. How do you size a revenueless competitor? Stuart Henshall discusses this in more detail.)
With the stupid network, you need an identity infrastructure where digital identities (like a caller ID) can ultimately be tracked to physical people that are to be punished for misdeeds. We don't have that today. That's one reason we have an e-mail spam problem on the Internet. Social infrastructure takes decades or generations to introduce. It took fifty years from Benz introducing the motor car to having universal compulsory driver licensing in the UK. IP addresses are issued to anyone, and AOL make a feature of "no credit card required" (and thus no identity collateral). People happily host open WiFi access points, and run the risk of criminal activity being perpetrated by unknown passers-by which gets traced back to them. This is the era of the unlocked car being parked outside the unlocked house -- the 1950s of electronic communications. Enjoy it while it lasts.
The traceability doesn't need to be automatic, or a single step. You might have multiple avatars, and third party guardians of reputation through which to lodge a complaint that eventually reflects against the Real You. Privacy will still exist.
And being stupid means the network itself may or may not have an identity infrastructure associated with it. Perhaps IP address governance needs to change, but it isn't necessary. Multiple competing solutions may co-exist at the application layer. Indeed, I believe that the recent announcements of IM interoperability are being misunderstood. It isn't the IM that's being made interoperable, as such, but the identity spaces. (For some passionate reporting on what could be a very dry topic, I can strongly recommend Digital ID World magazine.)
Issuance of secure digital identities today is a remote island -- a tiny outcrop thousands of miles from mainstream commercial and govermental identity issuers. Ownership of a bank account and passport can't yet be transferred into your digital trustworthiness. It may not happen until today's digital children become tomorrow's presidents and prime ministers. We've already seen plenty of examples of disastrously misguided social regulation of the digital economy by analog-era political leaders. Issuance of digitally encoded citizen identity cards, whilst a done deal in a few countries, is a hot political potato in others. Being able to use that data outside of interactions with government bodies is not common anywhere. Telcos may have retail outlets that physical customers visit to get service. They may offer up signatures and other biometrics. Telcos routinely perform identity and credit checks. None of that data is hooked back into their products.
As an aside, consider George Gilder's vision of a move from the "stupid network" of electronically switched IP to the "cretinous network" of optically switched fiber. Data in the stupid network is processed, modified, fragmented, disassembed, reassembled, munged and redirected en-route. The cretinous network simply bends light down different bits of glass depending on it having a unique wavelength. In the (as yet largely theoretical) ultimate version, no electrical processing occurs anywhere on the way.
Should such a change happen, it would have an extremely interesting side-effect. You can spoof an IP address. Spoofing can only be combated via governance rules (like the anti-junk fax legislation). You you can't fake a wavelength. There's no optical equivalent of "caller ID unknown". The move from logical routing to physical addressing would increase the accountability of the system.
So what does the future of telephony look like? Firstly, a high-revenue but profitless connectivity business. Then a low-revenue and modestly profitable routing function. This might be done using DNS/ENUM or via private and proprietary presence and naming systems. Companies like NeuStar are in that space today. Thirdly, a whole bunch of presence, store-and-forward, and other value-add application services. Finally, you will see the emergence of a highly profitable and physical ID business. And I already have the evidence.
Amazon want to be your personal preferred supplier of everything that can be delivered by a UPS truck. To do this they aim to have an exceptional customer experience. They also act as your trusted advisor in making purchases. Maybe you would consider this other product? Recommendations are a key part. (Remember my trusted introducer post the other day? Go read.) For this to work, you need to know that the guy recommending the book isn't the author shilling his own work. Thus they've introduced Real Names. Your reviewer name is corroborated by your credit card purchase details. You still don't know whether the guy is the author's best friend, but it's a start.
eBay's control of Paypal adds friction to your ability to create personae at will. There's only so many Paypal accounts you can open, since each needs to be backed by a real bank account to be useful. eBay without Paypal is not very useful to most people.
While writing this article someone emailed me. The person is a stranger. My first reaction? Google him. Google is our stand-in for a proper digital ID system. And that's scary. (I won't compromise his privacy by mentioning his name or the search results, but if you're a homeopathic revolutionary thespian, yes, it's you!)
Amazon, eBay, Google. Parts of the future identity puzzle. None of them are telcos. And the telcos have no clue that they're competing against them for the digital identity dollar.
From Forbes:
A proposal backed by a coalition of telephone carriers would cut billions of dollars in fees owed by long-distance companies to regional phone giants but would allow the regional companies to make up some of the difference by raising monthly phone bills for millions of consumers. [...]
At the heart of the proposal is a plan to do away with billions of dollars in so-called access charges, which long-distance companies such as MCI must pay regional companies such as Verizon to connect their customers to the local network. In return for giving up those payments from long-distance companies, the regional phone companies will be allowed to raise basic phone rates over the next several years.
From Dictionary.com:
cartel n. A combination of independent business organizations formed to regulate production, pricing, and marketing of goods by the members.
Just a quick personal note to y'all. I'm planning on executing my own version of the end-to-end priciple by relocating from one end of the world to the other ... preferably with the minimum of filtering, re-routing and overpriced value-add by the transport en route. Yes, I'm leaving the unmentioned large telco in Overland Park, KS for old familiar places.
Although I'm planning on working on a personal project in the near term, I'm open to offers to do anything stimulating anywhere interesting. Short term and longer engagements considered. Contact details here, tedious life story available on request.
I was wondering. Maybe I should. Maybe I shoudn't. It's a bit expensive, after all. Perhaps I should give them a treat. After all, the Nine Zero seems like a decent hotel, and Boston is a pricey city. You can even get special deals. But in the end my parents will just have to put up with whatever Priceline deals them when they come over.
Anyway, enough of Nine Zero, and onto Zero Nines. Arrigo Triulzi over at the exceedingly illuminating CircleID is fretting that the move to VoIP will result in low quality of service and susceptibility to denial of service attacks.
Surely that's a pretty impressive record if, over the space of approximately 15 years I can recall each [circuit-switched network] outage with precision.
Where does one start with IP outages? From the DSLAM mis-configurations which plague my current "el-cheapo" provider and the upstream monopoly wholesaler, or to the frequent routing hiccups, or the DNS timeouts?
... People expect a phone to work at any time of the day or night and this is simply not the case with IP. There are too many variables: routers, IP routing tables, proper working of QoS settings are just a sample. Can we really trust IP routers as much as we trust switchboards? I think not.
What Arrigo forgets is that the rigidity of the circuit network comes at a terrible cost. He gets zero nines availability for all applications other than traditional voice calls. No webcams, email, web, IM, chat, P2P music, etc. The ultimate service not available tone. A pancosmic 404 error.
Let's also contemplate for a moment a real, conceivable disaster. One that consumes millions of lives, and where a robust communications network can save many of those lives. Hmm. How about a giant tsunami that crashes on the shores of the North Atlantic?
Want to notify a few hundred million people of the imminent danger? Everyone abuzz following the huge waves that hit Africa? Circuit network immediately dies. Packet network gracefully degrades under load. Bandwidth-hungry services get starved. Cheap text messages get through.
So if you're in a nice place on the east coast of the USA, and value your long-term security, I'd suggest you bet your life on a packet-switched network, not a circuit-switched one.
Om Malik reminds me to get off my chest my thinking of why TiVo won't exist for much longer. Or, to put it another way, why the cablecos are positioned to crush TiVo and the telcos won't do well at TV either.
Money arrives in the video entertainment business in two buckets. The customers directly pay for content that satisfies their desire for televisual narcosis. And advertisers pay to insert marketing messages to suggestible semi-hypnotized viewers. That's all.
Now, let's look at the economics in more detail. You can only increase the amount people pay directly by extending the duration and intensity of their narcosis. The scope for improvement is baselined by the current depth of their TV trance. Before multi-channel cable and satellite, you couldn't get a good fix on four or so terrestial channels. But given some non-stop movies, sport and cartoons, and you were off. Hence the cable and satellite TV companies made a bucket load satisfying an unmet need.
A TV channel is essentially a bundled product, in the classic marketing sense. TiVo enables you to create your own bundle. (I'm assuming that the pause-and rewind features of TiVo are so obvious and unprotectable that there is no sustainable differentiation and economic advantage in them. The only bit that counts in dynamic programming.) But the incremental improvement from TiVo is relatively small. Why? Because if you didn't like the bundle you were just watching, you can easily switch to another one. And they're conveniently labelled for you to make an instant judgement on how likely you are to want that new bundle. The substitute product for TiVo is the raw remote control handset.
Think of it this way. Terrestial TV is like a nice cup of tea. Multi-channel TV is cocaine. Video-on-demand is methamphetamine. TiVo is just washing your meth down with a stiff espresso.
On the other side of the equation are the adverts. This market is essentially bounded by the cost of marketing of All Things Sold Everywhere. Since All Things Sold Everywhere is a Very Huge Number, a small proportion of this is dedicated to marketing is still a Very Big Number. Furthermore, the lower bound of TV marketing effectiveness has been dropping like a stone. Highly fragmented audiences don't make good targets for mass market adverts. The ad agencies have been going through the business cycle equivalent of a nuclear winter.
So whilst the remote lets you adapt the primary content to your personal tastes, you're stuck with whatever irrelevant junk they choose to insert in the ad breaks. So there's a large and growing opportunity to fix the broken ad business. And that's why TiVo is screwed. The fixed the wrong problem. The issue isn't getting people to see the right programs. It's getting them to see the right ads. They screwed up so big, they even gave you a feature to skip the ads. On their epitaph is will say "TiVo. Forgot where the money came from".
It's kind of paradoxical, because TiVo is a smart device at the end of a dumb network. By default, you would have thought that a recipe for success. But good technology alignment is no guide to quality of business model.
Some telecom lessons?
Firstly, voice and data telcos that try to get into video distribution are likely to get rapidly incinerated. They've no clue as to what makes the content distribution work. Their DNA only understand communications (and is not very adept at that, either). "Never ask a dinosaur to cook a souffle."
The cable companies are in a good position. The two-way nature of the Internet is lethal to the voice telephony companies. Perfect disintermediation. But it's almost irrelevant to the cablecos. TV viewers aren't interactive, they're passive. The cablecos only run networks because they can't rely on third party pipes giving them a route to market, particularly when the telcos have such strong political influence.
They really are just content distributors, with their core value being marketing bundled content to customers, relationship management and billing, and supply management from content companies and ad agencies. They orchestrate the value chain already. The Internet is just another distribution network.
And being two-way means they get to collect the valuable data that the ad agencies and marketers needs. Who switched channel as a result of what ads? Who watched longer with a smarter ad mix? Who matches in real time the demographics of the audience to the possible ads?
The cablecos are positioned to make a killing as intermediaries in the intelligent ad business. Buy cableco stock. Sell telco stock. Short the telco stock if you've run out.
We can also see why interactive TV is a dud. You're trying to use TV to get into a trance that isolates you from present reality. In a sense, it's the ultimate in "presence" -- you mentally leave this world and reconstitute yourself as a fly on the wall in the home makeover show. That newscaster is looking directly at you, only ten feet away. Your mind's eye is in the studio, not in your living room. Interactivity with objects in you living room detracts from the trance. It breaks the continuity of presence to pop up a menu. Interactivity = dispresence. The two-way interactivity only needs penetrate as far as the set-top box in the home that acts as a content distribution hub. No further.
Another irony of all this is the pandemonium of the content businesses about copyright and peer-to-peer distribution on the Internet. But the content that the industry wants distributed and viewed -- the ads -- isn't easily available. Why aren't all the ads on web servers market up with target market segment metadata? Why isn't every DVR busy downloading ads and swapping them into the video stream of regular TV? Why isn't video on demand aimed at the ads that pay for the whole system?
What a crazy, messed-up business.
I won't be the first or last to comment on this week's FCC preliminary ruling that VoIP and push-to-talk services are to be subject to US wiretap laws.
Now, as many have pointed out elsewhere, some of this is a bit silly. A SIP session as part of PSTN-style VoIP call is to be wiretapped. But if I create an address book entry in my instant messenger with a single data field of your phone number, hook up to an ENUM server, and make a SIP call, we're in the clear to talk about drug deals and car hijackings. Each time it's select number, make call, talk. Crazy.
But here's the real probem. Tapping the wire is history. It's an obsolete metaphor, just like "dialling" a number is. Unfortunately, the legacy language we use can mislead our ability to reason. When the action has moved from the middle of the network to the edge, there's little advantage to tracking encrypted packets whizzing through the middle. Intercept of the media channel, the "conversation", is going to be history at some point within 10-20 years. You're going to have to revert to old-fashioned analog eavesdropping of people's homes and cars, and secretly modify their PCs to capture the keystrokes.
But you shouldn't care, because that's not the important bit. The state's monopoly on the legal use of violence ensures there will be ways and means of forcing physical intercept. Here's what really matters. Before you want to know what the baddies said, you want to know who they are and where they are. And that's a more tractable problem. Fortunately, even the bad guys have a weak spot. They need to find each other first. And to do that they need to use public network services as well as public networks.
There are three core services that they can and must access. What's the physical network address of the other guy (directory services), what's his availability to communicate (presence) and is this really the person I think it is calling me (identity services).
Take these public network functions away from the mix and the bad guys have a problem. They need to create their own, private application-layer communications networks. When you can't use the Skype authentication server, Yahoo presence server or AOL directory, you've got a problem. Many won't have the technical ability, and those that do will be severely constrained. The bigger the "secret" network, the less secret it becomes. Newbies need to be configured. Contacts who get whacked or jailed need credentials revoked. It's like your worst nightmares of running a PKI server, factorial exponential.
The way out from the conumdrum of whether to wiretap VoIP is to understand it's the wrong question. There's a paradox at the heart of the wiretap concept. Wiretapping is aimed at real-time communications. These are connection-oriented; there is a session in place. But session encryption is (now) easy. Store-and-forward data encryption is hard, because you need to involve all sorts of third party key management and directory services. The very data you want to intercept is the least likely to be interceptable on an Internet-style network.
Any real-time communication that isn't stored gets encrypted end-to-end before being viewed and discarded. That's the reality within the lifetime of the laws and regulations being enacted. It's the reality today for most voice conversations between members of my family. Only the chronically inept will get caught from an old-fashioned wiretap.
So we'll see a shift in focus from the real-time intercept of transient data on the fly, to after-the-event recovery of transaction data. The real questions are do we force all intermediary application services to retain and hand over copies of stored messages and transactions? And if not, is there a well-defined subset of those service capabilities that should be intercepted? My take is "maybe" and "yes".
Ultimately there's little in principle to choose between a Patriot Act request today for the library book transactions, and a future request for your history of ENUM lookups. We're already heading to the point of law enforcement being able to "intercept at the edges" and request any stored application data. The clear danger is that this leaves the citizen with few protections against an overbearing state. It's like the right to bear arms being anulled in cyberspace. No citizen may ever have a secret information resource in their posession that poses a threat to the power of the state.
As our current enemies are demonstrating, the real war is one for mindshare and morale, and it's one fought primarily with (dis)information. The expenditure of airplanes, explosives and bullets are the "content" for the formation of public opinion. So I'd personally rather we demonstrated our commitment to freedom by not readily forcing the exposure of every thought ever captured electronically. We're trying to sell the prospect of a free society to those who currently lack one. Is surveillance by default of all stored data compatible with that?
That said the core routing services -- directory, presence and identity -- are clearly defineable and limited in scope. A reasonable trade-off is to make it easy for the state to know who is associating with whom, even if the state has no knowledge of the purpose of the interaction.
At the very least, I'd feel more secure if we didn't pretend the most dangerous terrorists and criminals were incapable of deploying the same strong encryption my mother uses to talk to me.
I've just been installing on my laptop the de-scummed version of Real Player that the BBC offers to it's public service listeners. At the end of the install it asks what file types I want to associate with the player.
You might think this is a good thing. Hey! At least it didn't just over-write his current settings.
I think it's awful. And here's why.
Installing third party software is a form of transaction. (At least, if modern operating systems were designed better, it would be in the technical sense). I want to be able to repudiate any or all of this transaction, since the hardware is 100% mine to control. But to repudiate the over-writing of my file type preferences, I have to do one of three things.
I can ask the very application that installed it to undo the mess. This is a totally broken trust model.
I can hope there is a UI in Windows to undo it. Good luck in finding it, and knowing what changed so you can reverse the damage.
Or I can edit the Windows registry. This is the modern equivalent of programming a computer with a 5V battery and piece of wire. Entertaining for very limited periods.
What should happen is that Real Player should just go ahead and make the change. Shazaam. But Windows should intercept the request, and pop up a standard dialog box to ask me if I want this change to happen. Because Windows is representing me (hoho) this won't be in light-grey on white in 6 point font below three layers of navigation.
But Windows is dumb. It believes that the job of the computer is to execute programs. It isn't. The job of the computer is to server the user. These aren't congruent. Any program the user didn't write (i.e. virtually all of them) may not represent the user's best interests.
Many of the problems with Windows come from a "trust everything the program tells you to do" model. All those browser bugs where a scripted page can email spam to your address book contacts come from the broken security model of Windows. Next time you hear "security bug in Internet Explorer" think "design flaw in Windows trust model". It just did whatever the (faulty) application asked, without stopping to ask you if that's what you want.
Ah! The irony of it. The biggest failure of Windows is it's reluctance to present the user with windows.
The telecom angle is that trust requires active middlemen. You're increasingly putting a general-purpose computing device with a radio and TCP/IP stack in user's hands. It's like handing our razor blades in the school playground. Some people are going to get cut. And unless you've got an airtight monopoly, your operator brand is going to get trashed in the process. Every time a mobile application is about to do anything that might be contentious in the user's eyes, it's imperative that your application environment intercepts the request. Seek user permission, and make that act of authorization reek of your brand.
The end-to-end principle for network design says that the default place for intelligence is at the edge, and the middle shouldn't mediate the flow in any way. But within the edge, the bit flow should and must be mediated. The job of an operating system is to act as guardian to the computing and information resources of a computer. The job of any carrier with ambitions beyond connectivity is to act as guardian to the user's privacy and security.
UPDATE: See this. Why doesn't your phone ask your permission before autodialing a premium service?
I've been reading over dinner my most recent copy of the cerebrally invigorating VON Magazine. Its tagline is "Voice on the Net". It's clearly the best of the bunch in terms of tracking the disintegration and reformation of what was once upon known as the telephony industry.
Anyhow, what strikes me is that there are only two basic stories that ever seem to appear.
The Type A story lists some visionary who early on decided that IP was going to win the networking war over the evil and deranged forces of ATM and frame relay. And wow, isn't this IP stuff just the most splendid way of building a smart network. It all plumbs together so well. We're off into the nirvana of a Next Generation Voice Network. Even better, we've set up a money pump to drain the PSTN revenue pool and divert some of that lucre into our new all-IP world. Invest in us! We're the future!
The Type B story is normally relegated to one of the usual suspects' opinion columns. Whilst there may be some passing focus on the arbitrage opportunities of the writhing carcass of traditional voice, that's not the main issue. The Type B story is where the functionality has truly dispersed to the edges of the network. The uprising of the edge against the center is complete.
I often see a confusion in my own work between "packet-based" and "architected for the stupid network". I see architectures and products based on the belief that deploying the technology of the future automatically associates you with the successful business models of the future. Sorry, no banana.
The Type A/Type B is a bit like the difference between those who merely went on the IP jihad, versus those who actually became martyrs.
I'll leave you to decide whether that's an apt metaphor or not.