Archive for June, 2005

I've been reading about the history of telephony.  There are lots of buffs out there..

Here's an excellent scary (very short) movie about the revenge of the PSTN on VoIP systems.

And from a Bell-System-lauding 1910 history:

In 1896 there came a most revolutionary change in switchboards. All things were made new. Instead of individual batteries, one at each telephone, a large common battery was installed in the exchange itself. This meant better signalling and better talking. It reduced the cost of batteries and put them in charge of experts. It established uniformity. It introduced the federal idea into the mechanism of a telephone system. Best of all, it saved four seconds on every call. The first of these centralizing switchboards was put in place at Philadelphia; and other cities followed suit as fast as they could afford the expense of rebuilding. Since then, there have come some switchboards that are wholly automatic. Few of these have been put into use, for the reason that a switchboard, like a human body, must be semi-automatic only. To give the most efficient service, there will always need to be an expert to stand between it and the public.

Whoof.  I'm not doing THAT again any time soon.  In case anyone saw the Lehrer segment, please read this:  Although the show mentioned an affiliation with CDT, I want to make absolutely clear that I never speak for CDT on any issue.  I'm just a loose cannon policy fellow.  It's very unfortunate that I caused that affiliation to be mentioned. 

The whole remote-TV setup is extremely alienating.  You can't see anyone, and you are in a tiny freezing room.  There's a earphone in your ear that is just about to fall out.  I'm staying inside, writing law review articles, from now on.

Jeff Jarvis does this so gracefully, so I'll take a page from him: 

I'm scheduled to appear on CNN's Lou Dobbs Tonight tonight at some (very brief) point between 6 and 7pm ET.  And I will also appear tonight on the Lehrer NewsHour, as part of the first segment (right after the opening).  The topic is electronic privacy.

The New York Times, the Washington Post, CNN, AP, ABC News, and innumerable other outlets are reporting breathlessly that credit card numbers belonging to 40 million people “may have been exposed to fraud.”

Why is this story is getting so much attention?

Look, I'm not in favor of identity fraud.  But as far as I can tell this particular breach doesn't raise the risk of true identity theft.  The card companies say that personally identifiable information (like SSN, address, etc.) wasn't stored in these exposed files.  And these kinds of breaches happen all the time.  The wheels of commerce continue to turn.  Harvard Business School continues to admit students.  The sun rises; the sun goes down; and if a US consumer has a false credit card charge, he/she can contest it and never lose more than $50.

In fact, my sense is that the card issuers are unbelievably good — maybe too good — at detecting fraudulent patterns of card usage.  After all, pattern detection led MasterCard to suspect its vendor of having a problem, according to this CNN story.  

And when I traveled to Africa in 2004, American Express promptly cancelled my card.  Why? Because I had charges coming from Africa.  And when I called to complain that my card number (memorized over 20 years of faithful use) had been cancelled, they said, “But we tried to call you.”

Me:  “I didn't get the message.  I was in Africa.”

Anyway, I wonder whether this story is getting so much play (warning, black helicopters pulsing overhead) because there's some deep legislative desire to have mandatory security standards for all internet transmissions/storage of sensitive information. After all, DOJ is rumored to be pushing for ISPs to keep their logfiles on file.  Maybe larger meddling is afoot.   

Or maybe 40 million is such a big number that editors figure it has to be meaningful.

As a law professor, my job is to write law review articles.  It takes a long time for one of these pieces to come into being.  Everyone else's articles are such things of beauty, and I want to do a good job and help the overall enterprise.  I enjoy the work a great deal.

But I have to say it was fun tonight to do something different — to have a single rehearsal with this amazing group of players and know that tomorrow we'll play for an audience.

It's going to be good — and it's only going to happen once.  No reprints, conferences, editorial suggestions, or power point presentations.

On Sunday I'll be back to law review production again.

In my earlier posts this week, I was trying to understand why the FCC would issue such a potentially broad, difficult to implement, and possibly illegitimate enhanced 911 order for certain IP-enabled services.

Having watched the webcast of the Commission's open meeting of May 19, I think I get it.  It's clear that the Chairman and at least two of the other commissioners put the staff under enormous pressure to produce a draft as quickly as humanly possible (and possibly even more quickly – references to 3am were made) because he thought he had to act on an emergency basis.  What a victims' panel.  Unbelievable. 

Three couples testified.  One of the couples' children had died, possibly because the mother had been unable to reach a working emergency number.  One couple had been assaulted by a man with a gun and had not been able to call 911.  Another had had a child pass out — and had been unable to reach an emergency operator.

This was disturbing testimony.  It was very clear, though, that each of the families had thought that the service provider SAID they had 911 service.  The parents of the dead child were particularly clear about this — the mother had set up a Vonage 911 service two months before her emergency happened, and had been completely panicked, frustrated, and surprised when she couldn't get through.

But this is a problem of deceptive advertising.  That's the issue.  If you lie to people (or at least mislead them) about whether or not you have a particular service, then you should be liable.  Commissioner Abernathy seemed in particular to be focused on this labeling/advertising issue, and I think she believed that the FCC's order would immediately (as in now, not 120 days from now) require VoIP providers to make very clear what emergency services they provided and what they didn't.

(Isn't going after deceptive advertising by online services what the FTC is supposed to do?  They've certainly been active in the past.)

Leaving aside for the moment who has jurisdiction over what, how do we get from a deceptive advertising problem to a broad, difficult-to-implement, and possibly-illegitimate order? I guess we get there because a child died.  Many statutes and rules are passed or adopted at times of high emotion and in the middle of the night that we later come to regret.

PS:  I've said in the past that SkypeOut could be covered by the FCC's order.  But I'm wrong about that — unless and until SkypeOut also allows people with traditional phones to call SkypeOut subscribers, it's not covered. For the moment.  The FCC is seeking comment on whether its initial order is sufficiently inclusive. The Commission is also planning to require automatic location information for all interconnected VoIP services.

I've been struggling to understand why the FCC thinks it has jurisdiction over any internet application that makes a deal to send and receive data from traditional telephone numbers.  Let's take SkypeOut.  (David Weinberger, among millions of other happy customers, loves SkypeOut.) [The following applies only if SkypeOut both allows calls in from and out to the traditional phone network, or (potentially) if different Skype services could be used together by customers to allow both in and out calls].

On SkypeOut's main web page, it says in bold type:

Skype is not a telephony replacement service and cannot be used for emergency dialing. (Thanks to commenter Frankenstein for pointing this out.)

But it doesn't matter what SkypeOut says.  Although the Commission has determined “that customers today lack any expectation that 911 will function for non-voice services like data services,” it's absolutely convinced that consumers expect 911 to work for voice services that allow calls to and from the traditional phone system.  (Voice is apparently hugely, clearly, distinguishably different from data.)

Having decided that consumers expect 911 to work for voice services that use traditional phone numbers, the Commission then elaborates on its sources of power. 

The abridged version:

1.  We have power to decide what entities should provide 911 services. (citing Title I; Section 251, which is FCC's numbering authority over common carriers; and a December 2003 order about various kinds of wireless services and their responsibility to provide 911 services)

2.  Congress is clearly worried about public safety, and so are we.  (citing 1999 wireless E911 act.)

3.  We have power under Title I to regulate all radio and wire communications worldwide. Here, “interconnected VoiP” applications are necessarily radio and wire communications.  And Congress has asked us to promote public safety (citing that 1999 wireless act again).

4.  Also, because these applications use traditional telephone numbers, we have authority over the entities that provide these services.

Ergo, we're in charge and SkypeOut has to provide enhanced 911 services — which means telling an emergency call center where the caller is.  (Result:  SkypeOut is crushed by the costs associated with determining that piece of information reliably; consumers, who never thought 911 was provided by SkypeOut in the first place, are up in arms about the privacy impacts involved; and the incumbents swoop in to maintain control.)

The problem with this argument is that it is both circular and unlimited — a sort of moebius strip of jurisdiction.  We have power because we say we do; we have power because Congress hasn't said we don't; we have power because wire and radio communications and transmissions are involved.  And, over and over again, we have power because Congress said we should have one 911 number for wireless services in 1999.  (The legislative history of that 1999 Act says nothing about VoIP or the internet.)

There's no limiting principle here.  There's no difference, really, between voice and data.  All online applications involve radio/wire communications.  And any of them, apparently, could be subjected to any rule that the FCC decided on. 

This is just the first “social policy” rule, this E911 step, coming out of the FCC's March 2004 IP-Enabled Services NPRM (the subject of Bellhead/Nethead nearly a year ago).  Also on the list of “social policies” the FCC is thinking of imposing on IP-enabled services under Title I:  CALEA, disabled access, universal service, consumer protection.  Stay tuned.

Dale Hatfield's 2002 report [pdf] on issues affecting implementation of wireless E911 is a precise and thoughtful piece.  It's astonishing that with that report in hand (and with knowledge of what VoIP service providers were working on themselves [VON Coalition 2005 white paper pdf]) an independent agency would demand that E911 be implemented by “interconnected VoIP” services in 120 days.

Translated:  Hatfield presented E911 for wireless carriers as an overwhelmingly complex undertaking.  He says, “I did not fully appreciate the complexity of the task facing the Nation until I undertook this inquiry.  There is complexity in every direction.”

Which directions was Hatfield talking about?  Well, there are thousands of emergency call centers (PSAPs).  The wireless carriers were using several different technologies across several generations of equipment and many different frequency bands.  The wireless industry was having a tough economic time.  And, perhaps most importantly, the PSAPs were underfunded and sometimes unsophisticated, and the local telephone companies were standing right in the middle between the PSAPs and the wireless carriers.  Standing there controlling access to relevant databases, equipment, routing decisions — and charging whatever they wanted for it all.

When you take all of that complexity, all of those thousands of inputs, and move it into the nomadic world of IP telephony, it has to be exponentially more complex to create a seamless 911 system for internet users. 

Hatfield, judging from his 2002 report, never expected such swift movement on mandatory VoIP 911.  He says:

Clearly, the long term network architecture and other issues associated with the movement towards VoIP could be addressed by the Advisory Committee or other entity with overall system engineering responsibilities that I recommended . . .   As I envision it, that entity would work with the Commission and the various wireless, wireline, and Internet standards groups to facilitate the necessary exchange of information to reach the necessary consensus to ensure a seamless E911 system in an increasingly IP-oriented national infrastructure.

As far as I can tell, there hasn't been time for this facilitation, information exchange, and consensus development to happen, and no one is telling the local telephone companies to charge reasonable rates or work more efficiently.  So we've got an overwhelming and unbelievably complex systems engineering problem for which the emotional stakes have been ratcheted up unbearably (“people will die if we don't mandate this“). 

Most attempts at solving most highly complex systems engineering problems fail dramatically, particularly where (as here) there is a broken legacy system in place.  The odds against anyone being able to comply with the FCC's order are steep indeed.

As Hatfield said, “There is complexity in every direction.”

I'm playing in a one-day new music festival here in NYC next Saturday, June 18.  It's called New Paths in Music.  The music director is David Alan Miller, who is well known both for his work with the Albany Symphony and as a champion of new music generally.  The festival is presenting works by living composers from Portugal, Australia, and Lithuania.

To get tickets (and please do get tickets), call 212-868-4444.  $30 for both performances (2pm and 8pm), at St. Peter's Church, 346 W. 20th St.  (My role is to play the viola in the last piece on the 8pm program.)

The FCC's recent “interconnected VoIP” order is a remarkable piece of drafting.  The order, in a nutshell,  requires “interconnected VoIP” providers to deliver their customers' 911 calls to a “local” emergency operator, and to provide that operator with the callback number and location information of the customer.

The Commission says it will decide later what its basis for jurisdiction is (while asserting strongly that it of course has jurisdiction over “interconnected VoIP” providers).  It says it won't shield “interconnected VoIP” providers from liability under state laws.  It doesn't set rates or otherwise control what the essential facility provider – the incumbent local telephone company — may do to hold up VoIP companies seeking  access to special emergency communications equipment.  The VoIP provider will need that access in order to meet the order's requirements.

What's “interconnected VoIP”?  Just four elements:  (1) the service enables real-time, two-way voice communications; (2) the service requires a broadband connection from the user’s location;(3) the service requires Internet Protocol-compatible equipment (a PC); and  (4) the service offering permits users generally to receive calls that originate on the traditional telephone network and to make calls to the traditional telephone network.

So, even if you're providing a free VoIP service, and even if you don't give your users a traditional telephone number, if you make it possible for your users to call traditional telephone numbers (and receive calls from that network), blam – you're covered.  The beloved SkypeOut may be covered if it allows calls both to and from traditional telephone numbers.  (Skype is rumored to be considering a merger with Yahoo!.)  Any IM service that uses traditional telephone numbers is covered.  No matter where your customers are — even if they're traveling at 90 mph down a lonely Montana freeway — you better be able to tell the right someone exactly where your customer is. 

Eventually, the FCC says, that location information will have to be automatically available.  For now, the customer will need to tell the provider where he/she is.  Which is unworkable and shows how silly the application of E911 requirements to nomadic VoIP is.

Most people seem to think that meeting the order's requirements in the required 120 days will be impossible for all VoIP companies other than Vonage.  VoIP providers in the US will have to negotiate separate contracts with 6000 emergency answering points, persuade the Bells to give them access to the necessary facilities at a sensible cost, and load up routers and databases with the right information.  And compliance will be sufficiently expensive to make it no longer worthwhile to do business — unless you're Vonage.

AOL, MSN, and Yahoo! are all offering or planning to offer various VoIP products, seamlessly integrated with their IM platforms.  If they've made deals to get calls to traditional phone numbers (and receive them), blam, they're covered by this scheme.

This seems to be an unprincipled and blatantly political order designed to protect the incumbents' ability to control the market for online voice services.  Although the Commission is coy about the basis for its jurisdiction (how strange is that?), to the extent it decides to lean on Title I the DC Circuit has already said harsh things about the FCC's overreaching in that statutory context.  It's a good bet that a good lawyer could attack jurisdiction effectively here.

No user of an IM client expects to be able to reach 911.  There, I've said it.  I don't, you don't — we just don't.  Even if we're calling familiar phone numbers.  These online offerings are just not substitutes for phone service.  They're much better.  And they shouldn't be saddled with impossible, fantastical emergency response requirements in the absence of a clear Congressional statement.  We should be very worried about a Congress that would be willing to make such a statement.