Telecom

End ringtones -- bluetooth "personal vibrator" watch.

No, not the sexual kind of personal vibrator. Today we regularly hear reminders to put phones on vibrate, and they are often ignored. The world is becoming rapidly swamped with loud, deliberately destracting cell phone ringtones. (The ringtones themselves are a business.)

I remember visiting Hong Kong 10 years ago, and a business lunch was a serious cacaphony of pagers in a crowded restaurant. They were going off ever few seconds, and this was acceptable there. I don't know how much worse it has gotten. I was on the train today and since that's a place people actually expect to take calls, ringing was quite regular.

Perhaps it's time to declare that cell phones should no longer ring at all, except in certain special circumstances. That the very idea of a ringer should be viewed as rude and pointless and in fact an invasion of your own privacy. Why should the world know you are getting a call?

To make this happen, I propose bluetooth based personal devices to be worn on the body. The most obvious one would be your watch. However, bluetooth based vibrating devices could be placed in glasses, belts, shoes, shirt collars or wallets. Anything the always-available wear on their body. Shoes and belts have the most potential for long battery life. Yes, you would have to charge your device once a week.

The vibrators would have a temperature transducer to know if they are indeed on the body. If that goes cold, a slowly rising ring could be issued from the device or the phone. The phone could also ring if the vibrating sensor is off or not connected to the phone. Or if the phone detects it is in a private car and plugged into car power, though frankly by this time we should all have cars with bluetooth handsfree anyway.

The phone itself, using temperature and other metrics, can also figure out if it is in a pocket, though this works mostly for men. Women tend to keep phones in purses.

Next step -- your cell phone should warn you when you are yelling. It knows if it is getting a good audio signal from you compared to ambient noise. As you probably know, people tend to talk loudly on cell phones if they are having trouble hearing the other party. Your phone should notice this, and give you some subtle "be quieter" tones. If you are using a headset yourself, the phone display could run a VU meter for constant reminder.

(Unfortunately most phones today shut down the backlight and even the processor in the phone during a call to save power, making this harder.)

Here's to a more peaceful public world.

Why isn't my cell phone a bluetooth GPS

GPS receivers with bluetooth are growing in popularity, and it makes sense. I want my digital camera to have bluetooth as well so it can record where each picture is taken.

But as I was drivng from the airport last night, I realized that my cell phone has location awareness in it (for dialing 911 and location aware apps) and my laptop has bluetooth in it, and mapping software if connected to a GPS — so why couldn’t my cell phone be talking to my laptop to give it my location for the mapping software? Or ideed, why won’t it tell a digital camera that info as well?

Are people making cell phones that can be told to transmit their position to a local device that wants such data?

Update: My Sprint Mogul, whose GPS is enabled by the latest firmware update, is able to act as a bluetooth GPS using a free GPS2Blue program.

Wiretaps beget wiretaps -- I don't hate that much to say I told you so.

For some time in my talks on CALEA and VoIP I’ve pointed out that because the U.S. government is mandating a wiretap backdoor into all telephony equipment, the vendors putting in these backdoors to sell to the U.S. market, and then selling the same backdoors all over the world. Even if you trust the USGov not to run around randomly wiretapping people without warrants, since that would never happen, there are a lot of governments and phone companies in other countries who can’t be trusted but whom we’re enabling. All to catch the 3 stupid criminals who use VoIP and don’t use an encrypted system like Skype.

Recently this story about a wiretap on the Greek PM’s phone was forwarded to me by John Gilmore. Ericsson says that they installed wiretap backdoors to allow legal wiretaps, and this system was abused because Vodaphone didn’t protect it very well — a claim they deny. As a result there was tapping of the phone of the prime minister for months, as well as foreign dignitaries and a U.S. Embassy phone. Well, there’s irony.

We’re hearing about this because there is accountability in Greece. But I have to assume it’s going to happen a lot in countries where we will never hear about it. If you build the apparatus of the surveillance society, even with the best of intentions, it will get used that way, either here, or in less savoury places.

It would be nice if U.S. companies would at least refuse to sell the wiretap functions, or charge a fortune for them, to countries without legal requirements for them like the USA. Of course, soon that won’t be very many, thanks to the US lead, and the companies will have to include the backdoors to do business in all those nations. Will U.S. companies have the guts to say, “Sorry China, Saudi Arabia, et al. — no wiretap backdoors in our product, law or not. Add it yourself if you can figure it out.”

Let's see neighbourhood fiber lan

The phone companies failed at the fiber to the curb promise in most of the USA and many other places. (I have had fiber to the curb at my house since 1992 but all it provides is Comcast cable.)

But fiber is cheap now, and getting cheaper, and unlike wires it presents no electrical dangers. I propose a market in gear for neighbourhoods setting up a fast NLAN, by running a small fiber bundle through their backyards (or, in urban row housing, possibly over their roofs.) Small fiber conduits could be buried in soil more easily than watering hoses, or run along fences. Then both ends, meeting the larger street or another NLAN, could join up for super-high connectivity.

I would join both ends because then breaks in this amateur-installed line don’t shut it down. The other end need not be at super-speed, just enough so phones work etc. until a temporary above-ground patch can be run above the break.

Of course, you would need consent of all the people on the block (though at the back property line you only need the consent of one of the two sides at any given point.) Municipal regulations could also give neighbours access to the poles though they would probably have to pay a licenced installer.

An additional product to sell would be a neighbourhood server kit, to provide offsite backup for members and video storage. Depending on legal changes, it could be possible to have a block cable company handling the over-the-air DTV stations, saving the need to put up antennas. Deals could be cut with the satellite companies to place a single dish with fancy digital decoder in one house. The cable companies would hate this but the satellite companies might love it.

Of course there does need to be something to connect to at the end of the street for most of these apps, though not all of them. After all, fiber is not that much better than a bundle of copper wires over the short haul of a neighbourhood. But if there were a market, I bet it would come, either with fiber down main streets, fixed wireless or aggregated copper.

Commercial I would like to see

Tom Selleck narrates:

Have you ever arranged a wiretap in Las Vegas without leaving your office in Fort Meade?

Or listened in on a mother tucking in her baby from a phone booth, all without the bother of a warrant?

Or data mined the call records of millions of Americans with no oversight?

You will.

And the company that will bring it to you… AT&T

EFF sues AT&T for giving access to your data without warrants

A big announcement today from those of us at the EFF regarding the NSA illegal wiretap scandal. We have filed a class-action lawsuit against AT&T because we have reason to believe they have provided the NSA and possibly other agencies with access to not only their lines but also their “Daytona” database, which contains the call and internet records of AT&T customers, and probably the customers of other carriers who outsource database services to Daytona.

AT&T, we allege, gave access to this database when it should have told the federal agents to come back with a warrant. This is the communications records of not just people phoning Al-Qaida. It’s the records of millions of ordinary Americans.

Allowing access to these records without a warrant is both a violation of the law and a violation of their duties to protect the privacy of their customers. Worse, we believe AT&T may still be doing it.

We’re asking the court to make AT&T stop giving the NSA or others access without proper warrants, and to exact penalties for having done so. The potential penalties are very, very large. We want to send a message to carriers and operators like AT&T that they have a duty to follow the law and protect their customers.

You can read more at our AT&T wiretap lawsuit page.

MP3 Podcast of my talk at Emerging Telephony on how to love CALEA

Last week I spoke at O’Reilly’s Emerging Telephony (ETEL) conference about CALEA and other telecom regulations that are coming to VoIP. CALEA is a law requiring telecom equipment to have digital wiretap hooks, so police (with a warrant, in theory) can come and request a user’s audio streams. It’s their attempt to bring alligator clips into the digital world.

Recently the FCC issued notice that they would apply CALEA to interconnected VoIP providers and broadband providers. They don’t have that power, and the EFF and several other groups filed suit last week to block this order.

In my talk, however, I decided to turn the tables. My “evil twin” gave a talk addressed at incumbent carriers (the Bells, etc.) and big equipment vendors as to why they should love CALEA, Universal Service and the E911 regulations.

A podcaster recorded it and here’s the blue box security podcast with that recording or you can go directly to the mp3 of my talk. I start 3 minutes into the recording, and it’s a 15 minute session. It was well received, at least based on the bloggers who covered it. You may not hear the audience laughter too well, but they got it, and came to understand just how bad these laws can be for the small innovator moving in on the incumbent’s cash cows.

Indeed, I like the “evil twin” so much that he’ll be back, and I’ll try to write up my talk as text some day if I get the time. When bad things happen, it’s useful to understand why some people might push for them.

A more muffled version including audience can be found via Skype Journal.

Curses on you, bluetooth

Well, I am going to get a bluetooth cell phone shortly and so I got a headset and dongle to use on my laptop, where I also make VoIP calls.

I was shocked, flabbergasted to find that the bluetooth headset profile only transmits audio at telephone quality 8khz sampling rate. So even plugged into my laptop for hifi (didn't think I
would ever need to use that term again) recording, it sounds like a telephone, and likewise for
playback.

Why? Why? Why?

This makes all the typical bluetooth headsets a terrible choice for Skype or other hifi voip, no good as voice recorders, terrible for listening to ordinary quality audio and effectively useless for anything but toll-quality phone calls.

It would have been so simple to have allowed the headset profile to support higher quality, or to simply have it always do high quality and let the cell phones do the trivial downsampling. I realize that an earpiece is not going to provide headphone quality but there's no reason it should always sound like crap.

Bluetooth includes a "headphone" profile that does CD quality digital audio, and that profile can in theory have microphone to make a hifi headset, but that's not what everybody is buying these days, so no point in making sofware products (such as VoIP tools) that use a bluetooth headset and want higher quality.

Perhaps a few years down the road it will be common to have headphone profile headsets but we are now a long way away from this.

What a stupid mistake. Sorry, but I just have to rant.

Reinventing the phone call -- demos for team members for re-startup this week

This week I will be doing some demos of Voxable, my system that combines VoIP, presence and all sorts of cool stuff I won’t be writing about in the public blog to create a new user interface for the phone that is both as modern and internet as it can get while also being a reflection of the ancient interface for the phone that was lost.

This project underwent development a couple of years ago, but was put on hold after investment in telecom became a dirty word. Suddenly, with the $3 billion purchase of Skype, the excitement about a Vonage IPO and other hot deals, new tech in telecom is attracting investor attention. I have the software (not shippable) but to get funding I need to expand the team. I’m seeking hotshot programmers. (the current work is in Java, the web interfaces will be in javascript/ajax, and the windows client is in C++/win32 but truth is, if you’re the type of programmer I like, the language isn’t crucial.) Later I’ll be seeking other folks in marketing and bizdev when there is significant work for them to do.

Anyway, if this space interests you, contact me (btm@templetons.com) to try to attend one of the demos. They will be Wednesday the 11th in Sunnyvale, CA at 1:30 pm and Thursday the 12th in the financial district of San Francisco, 1pm. For the right folks, and for potential investors, demos can be arranged at other times, even remotely. (Though I tend to reserve telecommuting to those I’ve worked with and know have the discipline for it.) This is pre-funding startup mode — which means working or moonlighting for lottery tickets (options) with at most survival salary — until the funding arrives. People I know are Ok with frieNDA, for strangers a two paragraph written NDA will be appreciated. Coders should send me an ASCII resume in advance.

While most of the action in new telephony up to now has been in the “how” and “what” — infrastructure and PSTN replacements, I believe the user experience is where the value will truly lie. And he who owns the user experience will own the user, something a lot of companies are very keen to do in the telecom world. That’s why I’ve invested and coded in this area and why you might be too.

As blog readers will know, I’ve been in the innovation seat before, beginning as the first employee of the first major PC applications software company (VisiCorp), then creating many innovative and award winning programming tools, then founding the world’s first dot-com (ClariNet) and next there will be Voxable.

Smarter headsets, smarter headset jacks

Millions now use PCs for VoIP and online audio chat, and you soon realize the quality is vastly better if everybody uses a headset.

But there’s a problem on PCs. If you plug in headphones, it usually disables the regular speakers, often in hardware. So if you leave a headset connected, the system can’t play a ring sound when somebody calls you.

So time to rethink the design of the headset jacks, and the headsets themselves. Instead of disabling the main speakers, the presence of a plug in the jack should just be a software signal. Both the jack, and the speakers/speaker jack should be independent software-selectable outputs in the sound driver. Plugging in a headset should just change the default output. VoIP software, however, should be aware of this and know to send call audio to the headset, and ringing sounds to the speakers.

However, it could be even smarter than this. It might change its mind if it knows you are at the computer, or at least change the volume of the ringing on the speakers if you are at the computer. And make it louder if you haven’t touched the computer in a while.

Beyond that, we could make headsets smarter. They should be able to easily know if you have them on, due to tension in the headband or ear-strap. Earbuds could use a small temperature sensor to know if they are on. This could also effect where we direct sounds. Of course, this involves either a new headset jack, or perhaps more cleverly, a small and inaudible data protocol (or even something as simple as a click protocol) over the existing plugs. Many cell phones use a non-standard headset jack to include extra wires for button signals (such as to answer the phone. This should be formalized.

Of course, with bluetooth headsets and USB headsets, you have the potential for all sorts of additional communication with no change to the jack. A bluetooth headset should be able to tell, via temperature and pressure, if it is on the ear or not. It can even tell quite readily if you’re speaking or have spoken recently. Though I doubt most of the world is ready to wear their bluetooth headset all the time, though I do see people doing this more and more.

Free incoming vs. pools of cellular minutes

As noted, in Australia, I picked up a SIM at the airport for my unlocked phone. Australia, like Europe and most other places outside North America, uses a system where incoming calls to cell phones are paid by the caller, and are free to the mobile owner. As you may know, in North America and a small number of other countries, the mobile owner pays for airtime on incoming calls, and they look like ordinary landline calls to the caller.

In fact, in North America, there’s no easy way for an ordinary consumer to even know a number is a mobile, since you can port landline numbers to cell phones. In Australia, cell phones have their own state-code, so you know when you are calling them, and with a bit of memorizing, you also know which mobile company they belong to, which turns out to be important — because many mobile companies offer cheap or free calling between two phones on the same carrier (in both systems.) Some mobile companies have cross deals and offer cheap/free calling to any other mobile phone.

The cost to call these caller-pays phones is quite high, anywhere from 20 to 30 cents per minute. In fact, today, these caller-pays cell phones are the most expensive phones in the developed world to call. From here in California, using VoIP, I can call Australian land lines for 2 cents/minute, while it’s 22 cents/minute to call a mobile.

So which is better? Europeans argued that because incoming calls are free, people were less afraid to give out mobile numbers, and that spurred the faster deployment of cellular. But in the USA and Canada, people buy giant bundles of minutes that have gotten so cheap they tend to not care that much about the cost of the incoming calls or outgoing ones. When you do care, however (especially with some of the high per minute costs) the free-incoming argument is that you should not have to pay for a call you didn’t necessarily choose to have happen.

Since I was just there for a few weeks, I did not buy a plan with tons of minutes. So I definitely noticed my own sense about calling out vs. receiving. Most people don’t seem too bothered by calling a mobile. It depends on how much you notice phone costs. It is useful to know that you are calling a mobile, not simply for cost, but because you want to know if you’re interrupting somebody. However, that stands in the way of highly useful number portability.

(In my expected future where the phone number goes away, number portability becomes less important. Each person’s name/number might have a standard suffix for home, mobile, work, pager, fax etc.)

The arguments are present for both sides, but the big issue I see is that there is no competition in the cost of calls to mobiles. Even though the carriers are happily selling mobile to mobile minutes for near-free, the ability to bill the caller for incoming calls is a cash cow they have no incentive to reduce. As I indicated earlier, there were carriers advertising they would rebate customers some of the money paid in these heavy charges to landline callers. One could imagine a phone that is free, as long as you get enough incoming minutes to pay for your outgoing ones. Hardly fair.

Carriers might, in a more complex regime, be able to charge less to landline callers calling mobiles, but it’s hard to say if this would be a big competitive advantage, so has anybody done it? So what can bring the price down as the cost dwindles the way it has?

If you can’t tell that you’re calling a mobile (as in the USA) then the US model is really the only choice. You don’t want to see yourself dinged high fees for what you thought was a local call. The US model was that since I decided to have an expensive cell phone, the airtime was my problem. This model has lead to lots of competition on pricing for airtime in general. Now monthly plans with less than 300 minutes are rare, and they’re under 10 cents — well under in the larger plans, and often unlimited in off-peak periods.

Which system do you like better?

Button on cell phone to answer and play pre-recorded message

Of course, if you don't answer your cell phone it goes to voice mail and plays your pre-recorded message.

But what we need are phones which can answer and play a pre-recorded message for a short time. In particular a message of the form, "Hold on, I'm in a meeting and must keep silent. However, I'm walking out of the meeting right now while you hear this recording, and in a few seconds I'll be able to talk to you. Hold on... Still walking..."

This could be a special answer button on a phone (with the carrier doing nothing) or you could just press a number button (DTMF) or other button right after answer and the cell carrier could receive that and start playing the audio to the caller until you press another button or simply start speaking at full volume into the mic. This latter system would work with any phone, and you could choose from several options to play, including "Hold on, I'm actively driving" and so on.

At a recent conference they asked people not just to put phones on vibrate, but to turn them off unless you're a doctor-on-call. They declared that people getting up (and often briefly talking) was becoming too much of a disruption in meetings. A feature like this could be some of a stopgap.

It could also be implemented in a headset, particularly a bluetooth one, so you could use it with multiple phones.

End the Universal Service Fund

Recently I attended a panel that covered, among other things the universal service fund. This fund, which you usually see as an add-on on your phone bill, taxes urban phone users (through their interstate carriers) to subsidize local phone service for the poor, the rural, schools and health care. Sounds noble, but it collected over 5 billion dollars in 2002, and now the question has come about how to apply it to the internet now that people are making phone calls over the internet.

The panel was asked to explain the purpose of the fund, and they cited the various reasons above. There are people who live very far from cities to whom it would not be economical to run phone wires to at their real cost, etc. I suggested the purpose of the USF was to transfer money to the states of senators who support it from the states of senators who don’t.

Established telcos, who pay into the USF (though often also get paid out of it) are pushing to apply it to VoIP telcos. They want barriers to entry against the upstart competitors.

Why the cynical view? As I noted previously in the blog, friends and I decided last month to bring internet and phone service to Burning Man, in the Black Rock desert, which is about as rural and remote as it gets in the lower 48 states. We did it just for a lark, on the budget of just a few private individuals — admittedly richer than average individuals, but nowhere near corporate budgets.

We were able to do that through the use of the tons of revolutionary low cost technologies that have appeared due to the deregulation of unlicenced spectrum and VoIP. And the cost of that is just getting lower every day.

The truth is, today you can provide phone service to the poor, and schools, and hospitals, and a great deal of the rural, for a lower price than the urban people were getting “cheap” phone service when it was decided to tax it. And that trend is going to continue, especially if more spectrum is opened up to unlicenced use or cognitive radio use.

I conceive of a relatively cheap solar powered box with motorized directional antennas which could be dropped by helicopter on ridgetops for about $3,000 (and falling.) Somebody on the ground would aim the antennas to build a redundant mesh, and data/phone could reach just about anywhere cheaply, except the most remote corners of Alaska and a few other places. This is just one plan. The reality is that the exponential progress of bandwidth and radio technologies will provide others. Instead of taxing the new technologies and those deploying them, free them to get real results.

Mesh network of cell phones when the towers go down

Klein Gilhousen, one of the founders of Qualcomm, proposed this evening at Gilder’s Telecosm that cell phones be modified, if an emergency shuts down the towers, to do some basic mesh networking, not so much for voice, but for text messaging and perhaps pust-to-talk voice packets, as well as location information from their internal GPS if present.

Thus, in New Orleans, everybody would have been able to text in and out, at a battery cost to those who relay the messages to the working cell towers. Texting doesn’t require continuous connectivity. In time, of course, towers would be repaired or they could be flow in on blimps or choppers.

I suggested that in fact this could be a commercially viable service, allowing people to text who are beyond the range of cell towers, possibly quite a bit beyond the range. Operators could still charge for this. (Others, more cynical, felt operators would never want stuff in phones that made them usable without the carrier.)

He also suggested some simple improvements. During Katrina, people who did get their cell phones out of town could not make calls because the databases that let them roam were “under water.” The databases need to be backed up, or more simply during an emergency, switch so that unknown phones are allowed to make calls if their home system does not respond, rather than blocking them.

This requires hardware mods, unfortunately (phones today can’t transmit and receive on the same bands) but otherwise is easy and could keep comms up in an emergency. A number of other cheap devices can keep power to phones.

Another person suggested phones have an ELT-like mode, where a person can enter a text message of the SOS form. Messages might indicate if the person is just advertising their location, or needs urgent help. Helicopters flying overhead could identify the phones, triangulate on them and locate all mobile owners who need rescue.

Why the high price for Skype

The reason that eBay paid such a huge price for Skype has now become clear. There were several companies competing to buy Skype, and just before the bidding closed, eBay decided the best way to win was to place a giant bid just a few seconds before the end. (This might be known as bid skyping.)

On a serious note, it has long been eBay policy, it is reported, to not want to facilitate communications between buyers and sellers, because they will just arrange to avoid eBay fees by selling outside eBay. Either this has changed, or the “obvious” parts of the plan — Skype presence on eBay auctions, “Skype the seller” buttons and so on, are not part of the value for eBay.

A change in the demographics of your life due to IM

When I left high school, I didn’t look back. I have a few friends from HS, but mostly I found many more like minded people in university. That seems to be a male trait, in that more women seem to keep a circle of friends from HS than men do, but for those that find themselves at university, this is where the social circle that may stay with us our entire lives is formed.

However, today, university frosh, both male and female, and keeping in constant touch with their HS friends via instant messaging and VoIP. They don’t remove you from their buddy list because you went to different schools. This means they are keeping more and closer friends from their HS days and also are more in touch with life at other universities.

I expect this will have far reaching consequences, not all predictable today. To how people live their lives, how they socialize and go on vacations, and how aware they are of the world outside their new university life. With buddy list presence, these remote friends are gaining an intimacy in some ways higher that we used to give to local friends.

The phone number is dead

Here at the VON conference, there’s lots of talk about numbering. While SIP had a dream of calling people using an E-mail address, the market has delivered devices with numeric keypads only, particularly in the mobile space. So nobody uses SIP URLs or domain names of any kind, and everybody worries about mapping to and from numbers. (Another thing Skype mostly ignored.) The regulators try to regulate VoIP by claiming they have the power when it makes calls to and from the legacy PSTN with its numbers.

But here’s something I learned putting out my free phone at Burning Man. Most of the people said, “I don’t know any of my friends’ numbers!” They did not have their cell phones or PDAs on them. The new generation of phone users is treating numbers as a one-time thing, to enter into the speed dial and forget. They know their own number, and perhaps a few other people, as well as their parents.

However, they do know how to TXT on a numeric keypad. So it makes me wonder, at least for the new generation, if the fuss about numbers is worth anything. What if we did switch back to names or SIP URLs (with short domains) and expected people to use various accelerated typing systems to enter numbers for the first time, and then have the phone remember after that.

One could easily create a service with an 800 number that let people dial it and then use digits to type in a SIP URL or e-mail address and connect to that person when not on their main phone. This is actually better, since even though it’s longer to type, it’s possible to remember it. On VOIP phones and Cell phones and smarter PSTN phones, people would switch to the names or speed dial. And the phone number would die the death it deserves.

More from VON later. VoIP is beyond heating up. As one speaker indicated, it’s past the tipping point. Its dominance over the PSTN is now assured. The only question is when it flips. People say things like, “And when the PSTN dies” here and nobody blinks. Though the regulators, pushed by the legacy lobby, still say things that make me throw my hands up in disgust. I asked Senator Sununu today if Congress had ever looked back and said, “I wish we had protected the legacy systems more?” To be fair, he’s one of the better members of congress on these issues.

Follow-up: Later at the conference, during the concert by Huey Lewis & the News, I thought it would be a nice romantic gesture to call home during his song “The Power of Love.” I suggested that to a friend whose cell phone battery had died and said she could use my phone. “I don’t know my boyfriend’s number. I am not even sure of the area code,” she said. Meanwhile others took cameraphone pictures of the performance and send them along with texted captions in similar romantic gestures. Mr. Lewis even took a cell phone from the audience and sang into it for whoever was on the other end.

Playa phone at Burning Man

If you noticed a long break in the blogging, it’s because I was at Burning Man. And while people do blog from Burning Man, it’s not what you want to spend your time doing. I will have more entries in the future, but let me relate some stories of the network and the phone booth first.

Last year, we erected a free phone booth in the desert to great results. This year, it was going to be even better because of a plan for a new internet connection. In the past, John Gilmore had brought his satellite dish, which had all the latency and bandwidth limits of satellite. This year he splurged on getting a microwave link in, which will be even faster next year. Sadly, much of that money was wasted because we never got the “first mile” — the on-playa 802.11 network — operating at a satisfactory level. There was huge packet loss and jitter in most places, when it was up at all. Next time some of the money will go into better equipment and planning for the local network.

As such, the phone booth, located in our camp on 7:30, only worked intermittently and rarely with great voice quality. We eventually decided to sacrifice the aesthetic purity of a booth sitting in the desert, connected to nothing, and moved it on its wagon by trike to the center camp, home of the incoming microwave link. The we set it up on the street, with an ethernet wire snaking in. We were no longer wireless, but the voice quality was top notch. I wasn’t able to spend much time with it but reports were that the line got very long at times.

In our own camp, you could tell if it was working or not based on whether there was a line. Even waiting for it to work was better than the 2-3 hour time investment of taking the bus to the phone booth in Gerlach.

Last year, I recounted the emotional experience people had using an unexpected and impossible phone to hear the voices of loved ones. This year, this was magnified by Katrina. I learned of Katrina, in fact, when people came to ask to use the phone to contact their relatives in NOLA. (Read on…)  read more »

Is strong crypto worse than weaker crypto? Lessons from Skype

A mantra in the security community, at least among some, has been that crypto that isn’t really strong is worse than having no crypto at all. The feeling is that a false sense of security can be worse than having no security as long as you know you have none. The bad examples include of course truly weak systems (like 40 bit SSL and even DES), systems that appear strong but have not been independently verified, and perhaps the greatest villian, “security through obscurity” where the details of the security are kept secret — and thus unverified by 3rd parties — in a hope that might make them safer from attack.

On the surface, all of these arguments are valid. From a cryptographer’s standpoint, since we know how to design good cryptography, why would we use anything less?

However, the problem is more complex than that, for it is not simply a problem of cryptography, but of business models, user interface and deployment. I fear that the attitude of “do it perfectly or not at all” has left the public with “not at all” far more than it should have.

An interesting illustration of the conflict is Skype. Skype encrypts all its calls as a matter of course. The user is unaware it’s even happening, and does nothing to turn it on. It just works. However, Skype is proprietary. They have not allowed independent parties to study the quality of their encryption. They advertise they use AES-256, which is a well trusted cypher, but they haven’t let people see if they’ve made mistakes in how they set it up.

This has caused criticism from the security community. And again, there is nothing wrong with the criticism in an academic sense. It certainly would be better if Skype laid bare their protocol and let people verify it. You could trust it more. Read on…  read more »

DHCP Option for street address, PSAP for VoIP E911

While for various reasons I believe that the efforts to enforce E911 requirements on Voice over IP phones are bogus and largely designed to make it harder for smaller players to compete with established companies, there is a legitimate need for ways to give your location to emergency services.

To protect privacy, I suggest that this be done in the endpoints. To assist this, I would propose a set of option extensions to the DHCP protocol to tell an endpoint what the server knows about its location, including address, zip and even what emergency contact center to use. This would start with RFC3825 for geolocation, and move on to other features. The endpoint device, when calling 911 or other emergency services, could include this information in the SIP invite, or provide it on request.

For those who don't know, DHCP is the system which lets a computer connect to an ethernet and ask for an IP address as well as important local network information (such as the addresses of routers, name servers, domain names etc.) Some DHCP servers know exactly who the client device is and effectively act as the client's memory. Some just give the next available address and return information about the local network area.

For example, most people with home networks, and almost all of them who use Voice over IP services like Vonage have a local network with its own DHCP server, built into the home-router they use. That home router could be told the address of the home, and all devices, including VoIP phones, could learn it. For companies, it is the same.

DHCP is also used for ISPs to give addresses to DSL and Cable modem customers who hook up to the internet without a home gateway because they have only one computer. That's pretty rare for VoIP users. In these cases they may or may not know the street address of the computer. DHCP is also very common for people who connect to wireless access points. The AP in a Starbucks could easily tell your device the address of the Starbucks.

As noted, we could start by the device fetching this address and forwarding it on with emergency calls, but not doing so for regular calls. This puts privacy control in the hands of the user, where it should be.

However, we could do even more than just give location as in rfc3825. The DHCP server could publish the direct contact information for the local area for police, fire, ambulance or general emergencies. They could simply include the contact number of a PSAP (Public Service Access Point, the gateway to emergency services) for the location, or in a corporate setting, might direct emergency calls to the corporate security desk, with the PSAP/911 as a fall-back. (There should be laws however about use of such features and protection of privacy. Network owners can already reroute any traffic but we want it to be clear how this might be done.)  read more »

Syndicate content