To Read a Copy in Word Executive Memorandum The Future Telecom Policy Issues of Disaster---Capacity, Portability, Redundancy, and Security (CPRS) and the Calculus of Time & Money. It is virtually impossible to plan for a disaster, much less a terrorist act. As we are seeing, it can happen in likely and unlikely places and can do terrible damage to life and property. However, using this last round of heinous acts as a guide, it is clear that we need to improve the way American telecom, broadband, cable/TV services, wireless and Internet services are able to react and perform in emergency circumstances This is not to say that workers at all of the phone companies, Internet companies, TV and cable companies haven't done their best at fixing the problems and we applaud their hard work. Many staffers have been doing double-time, and this, arguably was one the worst disasters in US history We believe it is time to evaluate the problems through the meta issues of CPRS --- Capacity, Portability, Redundancy, and Security --- It will help save lives and make America more secure. The Scene from New York City, the Week of the Disaster. In many parts of New York City (based on interviews)---Local services were busied out, long distance networks were busied out, cellular services were busied out--- and this lasted for days, though sometimes connections were made. In cases near the World Trade Center, some companies still don't have the services routed to other numbers or voicemail, Also, unfortunately, our ISP had services that used the downtown networks, and so, even some dial-up had problems for days --- sometimes from busy-outs. And we are all aware of the problems that the stock market had in getting back to some semblance of normal. Also, each location had differing impacts, both nationwide and even within the city. For example, calling to someone's wireless service in Washington was constantly busy, while in neighboring New Jersey, though some people had Long Distance problems reaching New York, they had little problems contacting the rest of America. Web sites were busied out, even internationally. According to Reuters "some of the best-known sites, including BBC.com, run by the British Broadcasting Corp. and the news section on the British portal, Yahoo.co.uk sustained a series of outages as traffic peaked in afternoon hours. (Reuters, Sept. 11th, 2001) In New York, one user wrote: :Email became stressed but got through. On my Sprint PCS phone I was shocked to see that while I couldn't get a voice circuit at all, I could do AOL Instant Messaging via Wireless on Wednesday the 12th! We also need to stress that it is not always obvious if the problems are from the local, long distance, wireless, Internet or other companies and carriers. The most important media to the public coverage has been the cable/TV companies, and it seemed that most people used this as the media of choice to follow the story. However, over 1.5 million cable customers lost service in New York, (according to CNN, 9/19/01) Meanwhile, those without cable had many of their regular TV channels disrupted, or they were informed that there were technical difficulties, and this lasted for days. Of course, netizens will argue that the web was the major network, but in reality, less than 50% of households have net services, and net-text-based materials as compared to full motion -TV and Cable, while good for overall communications, did have the same coverage as watching it on TV/cable. Telecom and other communications/media are a vital part of both good times as well as times of turmoil, and in this new climate, the country needs to consider the next steps it will take to make sure that if something happens, we can handle it without such disruptions of service. We suggest that there are four 'meta' conditions of service that need to be examined: · Capacity (bandwidth) · Portability · Redundancy · Security Let's go through each of these items. Portability Portability should be the ability to move a customer's services to another place without disruption to them. On America's phonebills there is a charge we all pay called "portability", which is allow a customer to keep their phone number when the switch to a competitor. It is not, as one would think, to be able to take your phone number with you when you move. We have been a proponent of having full number portability for over a decade. --- Full number portability would be the ability to take your phone number, including the local number and the area code, when you move. Our reasoning is based on the customer's perspective. Approximately 15% of the population (households and businesses) move from their current location annually. Therefore, taking your phone number would stop the current situation of having to redo all marketing materials to having friends and relatives not have to remember yet another new number. Also, the fixes for wanting to take your phone number can be extensive. One Verizon customer was quoted $558. for a one time fee, then $95 per month-- even though they were moving about 15 blocks in Manhattan NYC. Secondly, we also have proposed that no one should have to have new area codes imposed on them. This practice of having to learn a new area code is a serious disruption to all concerned. However, it is now apparent that portability may not be a luxury, but a necessity. Portability in disasters would alleviate serious problems. For example, many companies who are located near the World Trade Center still have messages when you call their phone service stating "Due to telecom facility trouble, your call can not be completed at this time". In fact, just the title of the Wall Street Journal's article "Most-Wished-For Commodity for Many: Phones", that appeared September 26th, 2001, 2 weeks after the event, says it all. With full number portability, the movement of phone numbers should be computer commands that would move the companies' business to another physical location and thus they would be able to continue to function within hours, not weeks of the disaster. Rerouting of phone services is imperative if a central office or other large facility is damaged, such as the case in this disaster when the Verizon building on West Street became inoperable. (A central office, CO, is a building where all of the local phonelines in a neighborhood are aggregated.) There are many obvious issues around portability. For example, with DSL today, the person's phoneline is attached to a piece of equipment called a "D-Slam". This device is not in all central offices and in all locations. So, even though the phone number may be portable, the related equipment for broadband may be required, but unavailable. Also, in the case of full number portability, the local phone number as well as the local and long distance services for that number would also have to be moved as a bundle or service would be disrupted. However, the bottom line is that today, we are ill-equipped to do any moving of phone numbers and phone services in the manner that would be important if some other disaster happened. Capacity Capacity--- The telephone networks were not designed to handle massive spikes in volume. The standard has been that 10% of the lines for residential customer and 20% sometimes as high as 30% of the business lines could be used simultaneously without serious choke points. As one Telecom network specialist states, the networks today are designed for only 30% of the population calling at once. However, though expensive, these networks could be redesigned to handle a great deal more. "It has long been established that if 30% of all users picked up the phone at the same time, the system would experience delayed dialtone or no dialtone. The real constraint in the circuit switched voice world is time slots and touch tone receivers. A carefully engineered CO switch could actually be designed to be non blocking just as an engineer a PBX (the equipment that routes calls in a company) to be non blocking. This has a big price tag because you cannot build out the hardware capacities which can easily create a time slot shortage issue." There are also protective measures that were taken overseas to make sure that the entire network didn't get clogged. (Newsbytes, 9/12/01) "Because of the tidal wave of people attempting to call the U.S., BT implemented its call-gapping system on U.S.-bound traffic around 3 p.m. local time, and continued the protective system until midnight. "Call-gapping involves intercepting call traffic at the local switch, usually before the full number has been dialed. By quickly returning a busy tone to such calls, they are prevented from leaving the local switch and overloading the national and international network." These measures were taken because there was no more capacity for the eastern part of the US "The BT spokesperson said that, although the carrier was able to bring extra Europe-to-U.S. circuits to handle some of the extra calls, there was still a significant bottleneck on the eastern seaboard of the U.S. Basically, there were only so many circuits in the New York area available after the attacks, so we had to balance our call traffic loading into the area very carefully," he said. The issues of capacity are also numerous. For example, many recent studies show that the current Verizon network was never adequately upgraded. The networks are 100 years old, and based on copper, and in some areas it can not handle even simple things such as supplying second lines of additional services in buildings. Numerous accounts, including a report by the Communications Workers of America (CWA) discuss the "deteriorating network" as a serious problem, and that the company has not been investing in adding additional plant.. This would also mean upgrades of the Central Offices. So, it seems that there is not enough current network capacity to supply current services, much less be able to handle increased loads of calls in emergencies. Fiber-optic Capacity vs Copper Capacity --- The Bells also had stated many times that they were upgrading their networks with fiber-optics, which has 40-200 times more capacity for local customers. If the networks had been upgraded as stated, then the capacity for local phone calling would have been increased so as to be able to handle more calls -- thus less local phone busies. Blocking Capacity---- Many of the current broadband services are limited in capacity or allowing for alternative services. For example, the current ADSL offered by the Bells blocks "Voice-over-IP" calling, which can have calls travel over the internet networks -- and not the phone networks. In fact, the original Internet plans, funded by the Department of Defense (DARPA), was also to be able to supply voice phone calls over different networks -- the data networks, and thus give voice calling a second path to reach the party Capacity is also an issue in the cellular and long distance calling as well. . VOIP could alleviate some 'capacity'; problems for the other industries, such as the wireless and long distance calls if Voice over IP was implemented properly, then there would be ancillary networks to route overflow traffic. However, today, there is little concern of overflow traffic in Long distance or Wireless, and this is because these are private concerns who have not been required to consider the overflow issues. Distributed Capacity --- Some have argued that that "telecommuting" is a way to alleviate the traffic jams of capacity, especially in cities where everyone goes to one building -- thus making the telecom services vulnerable in one place. Chris Savage wrote: (9/18/01) "If big buildings and concentrations of people are attractive terrorist targets, perhaps we should be communicating the notion that it is somehow callous or un-American to presume that your people should have to endure a major commuting hassle and increased personal risk when a $50-per-month DSL line or cable modem connection would allow the work to get done, without either." Savage also suggests that commuting from home would require more local capacity -- i.e., Broadband. He wrote: (9/18/01) "I submit that the more rapidly we can provide widespread broadband connectivity to people's homes, and to smaller communities as well as urban areas -- along with adequate upstream capacity from concentration nodes (COs or head-ends) to one or more Internet backbones -- the more people will be able to engage in economically productive activity without being physically concentrated. Less physical concentration means less vulnerability to terrorism. Think telecommuting on steroids." Staff Capacity. --- While the physical networks are of course important, there is another resource that is equally important --- telco staff to handle the networks and emergencies. Since the Bells' creation, there has been an enormous drop, approximately 50+%, in employees-per-line, the staff to handle customers and networks. This has lead to many complaints as well as even penalties against the Bell companies for failure to meet current customer service needs. In a disaster, this gets multiplied because of the demand put on staffers. According to Tom Allibone, president of LTC Consulting and network expert, the shortage of staff required pulling workers from across the Verizon territories, and it effected many related states. "This is an interesting phenomenon because the regional Bell's are robbing Peter to pay Paul. The New York disaster has resulted in service requests in other states to be delayed because personnel are being put on special assignment. The Verizon business offices are designed to handle calls on an overflow basis when the primary business office is busy. Many of the CO's are unmanned and rely on alarms being generated and sent to a central site. There have been times when the alarms were never sent or failed causing severe damage to the central office and extended customer downtime." Prioritize Capacity --- Eli Noam, Columbia professor and a former NY Public Service Commissioner, in his New York Times article "Testing the Communications Network" 9/24/01) makes the case for possibly prioritizing the network's traffic in times of disaster. He writes. "No network can be economically designed for extreme load spikes. Nor would it be conceivable to jack up prices in the midst of a tragedy to ration existing capacity, when callers are least sensitive to economic signals. The better alternative for sudden spikes is to rank the priorities of various types of traffic and divert the lowest-priority communication to other networks. For example, voice calls that cannot get through could be replaced by voicemail messages that could be converted to compressed digital files and delivered as conditions allow. " In short, the current networks do not have the capacity to handle emergencies and this needs to be addressed. Redundancy Redundancy ---- the ability to have more than one way to make calls, get online, view cable/tv information. etc. The basic issue of redundancy is simple --- if one component of the network goes out of service or is full, what other options, if any, are there. While some may think of redundancy as overbuilding, in this new millennium, it may become more of a necessity than simply a nicety. For example, if someone has a wireline phone and it goes out, they'll most likely use their wireless service, if they have one. In this simple case, under normal circumstances this may work fine. But what happens in the case of the a disaster? In the case of phone services, the local networks were unable to keep up with demand, and the wireless capacity was also above peak. So, there was no truly redundant choice. In the case of TV and cable services, many TV channels went out because the major antennas were located at the top of the World Trade Center. There was little back up to handle regular TV programming and after a week some channels are still having problems. Also, about 30% of all households do not subscribe to cable, and the number of businesses who do not have cable is even higher. Robust Competition Would Help Redundancy The Washington Post on Friday, September 14th, 2001 ran a story about how Internet technology worked even in the face of the public phone network's failure. The writer's point was that e-mail worked even when one couldn't get phone service to NYC. (except for those out of the West street Central Office) Therefore, the proliferation of network equipment because of independent ISPs increases the chance for survivability rather than relaying on the local monopoly. This is also the case with other Competitive Local Phone Companies (CLECs) who have developed fiber-optic rings around cities, thus bypassing some of the local phone networks. Therefore, it is vital to have robust competitive offerings, not only to give customer's choice, but also to make sure that if one service goes down, there are backups for connectivity. We bring this point up because the Bell companies have done virtually everything in their power to block competition. If redundancy is a primary goal of the future, then we must make sure that these independent companies thrive. Backup Plans For Data and Databases. For anyone who has lost data due to a computer hard drive crash, the tech edict "always back up your work" has been a mantra since the dawn of the PC. On a larger scale, one of the more fortunate parts of this experience was the realization that many of the financial service companies in New York had already made other plans to locate back up facilities in New Jersey. In the telecom world, this also means a back up for all data, computer databases and other critical information that is used as part of the networks' running. To date, this would also mean that there needs to be an audit of current facilities to ensure adequate back up safeguards are in plans. Security The buzz-words are many ----Security, privacy, eavesdropping, wiretapping, back-doors, viruses, encryption, hackers, From the paranoid to those in control of national security, privacy and security have been a ping-pong game of needs Over the decade there have been this struggle of the rights of the individual vs the rights of the nation, and never before has it been discussed or argued as it is at this time. It is obvious that we need to have secure phone and data networks so that there isn't a disaster that hits America's communications directly. And it is becoming equally obvious that the attacks may not only to the networks,. but, as with the case of computer viruses, also effect the individuals and companies that use these networks. The World Trade Center is a serious wake up call that will take us from talk to implementation or new, hopefully not Orwellian, solutions. Security of the Phone Networks. In the 1970's,. groups of college students were able to make simple devices that would allow them access into all of the phone networks for free calls. In fact, the infamous "Captain Crunch" found that a toy whistle in that breakfast food had the right tone for phone hacking, In the 1980's a group of high-schoolers, with their home computers, could create havoc over the phone networks, and today, even savvy teenagers can create simple 'viruses" that cause nationwide harm over the internet and data networks. According to Business Week (online, 9/18/01) today, phone networks and other utilities are not secure from attacks. "Who's protecting our infrastructure? No one. Computer security standard that would thwart hacker terrorism against utility, telecom, health-care 0or power systems don't exist. " The article also quotes Chris Wyseopal,. a computer security expert, who states that even minimal security is missing. "Much of the work remains to be done. While some critical 8infrasturucutre providers have rock solid protections, all too many have neglected even the basic steps of encrypting databases, auditing their networks, and patching security holes on all their servers. When it comes to network security, "there needs to be minimum requirements" says Wyseopal. "There are none now". Cable Modem Gaps One of the other areas that is also wide open and little known has been the gaping security holes with cable modem services.. Since the service is always on, unless the customer have invested in a "firewall", a piece of software that protects the users machine from spying eyes, anyone on the network can examine the contents of the person's computer. Privacy of the individual vs the government. As we enter the new world of terrorist acts as part of the fabric of telecom, the main issues of privacy of the individual vs the extent to which the government can protect it's citizens returns to the limelight. In the 1980's, the original cell phones were so "open" that anyone with a cheap scanner could listen into phone calls. Today, wireless phones and many networks use "encryption", which is a mathematical safety that blocks entry into a service or network. The issue is ---- should the government have "keys" that are built into encrypted systems -- also known as 'back-doors", that would give specific people/the government full access. Over the last decade, there have been numerous schemes, including the infamous "Clipper" chip, which would encode the data, but would, if the government got it way, had the password to allow it to enter the service or eavesdrop on a call. Digital Identities ---- The government may also be the least of the problems for customers. Stories abound on the problems with identify theft --- i.e., a person's social security number, credit card, or some other string of numbers having been used by an unauthorized party -- or just out and out theft of the person's identity. As we enter the new realm of security, the ability to make sure that the person is who they say they are is very important. Peter Cattaneo, Director of Business Development for Sun Microsystems states: "If you want to have a secure digital online identity, then you need a physically secure "token" also known as a "computing partition". This digital identity may have to be some secure, upgraded yearly, encrypted piece of information that a customer can have renewed, placed on a smart card. It can incorporate other information, such as the social security number, but it is unique. It could be that as we move into a more secure world, people will be assigned 'National ID" cards that goes way beyond the simple credit card number with you birth date." Security Conjoined with Redundancy ---- As we move forward to make our networks more secure, the issue also becomes having security as part of the networks' redundancy. Mark Plakias, Senior VP of Communications & Infrastructure for The Kelsey Group believes that the networks basic components and security are intertwined to protect from disasters, thus giving the network more flexibility. "What I'm thinking of is that conjoined with the concept of redundancy is how the instantiation of network elements that 'broker' not just bandwidth but applications and media resources on a virtual level -- in ways that can respond to trauma. These softswitches, (network switches that are done in the software, not just hardware) and associated applications and media servers start to take on a new look -- not just cheap, flexible enhanced services engines on a low-cost IP alternative, but components of a survivable network.". "Technologies relating to security now take on new lustre, including voice verification, and electronic identity cards riding not just in your wallet but in your handset (GSM w/SIM been there for years, of course)". The Calculus of Time and Money. In all of these issues -- capacity, portability, redundancy and security, there is a new calculus that must be applied to future of the telecom networks. In all of these cases, we must now weigh and calculate the harm caused if we do not have a better plan for making sure that our phone, cable and internet services remain secure and continuously provided, both in terms of the regular usage, as well as a plan for any disaster that may harm this continuity. And in calculating this new math, we must also address the issues --- what is the trade offs that we are willing to accept in terms of the current costs for doing this next generation of network development vs the harm that will occur if we have to say, leave America vulnerable to more attacks. In terms of some of the actual costs for these continued upgrades, NNI has written extensively about the topics of broadband deployment and phone number portability. As we documented, we believe that the Bell companies have already collected funds for many of these projects, but instead the Bell companies never delivered and kept these excess funds --- funds show up on phone customer's bills in the form of higher prices for services. In the case of portability, while everyone has been paying a "portability" fee, there is a question---is that money being spent wisely -- or is it simply more money/profits for the companies to collect? And in the case of the broadband digital future, we contend that over $50 billion has been already collected -- and America has nothing to show for it except higher phone rates. This money would go a long way into protecting America's Digital Future. However, these funds are only a start to determining how America must deal with future developments in order to function in the new millennium, and we must now reevaluate the new dynamics of potential threats to out telecommunications and broadband networks. The meta issues of Capacity, Portability, Redundancy and Security, and all of the other technological changes that are necessary to protect America's communications networks will be a series of evolutionary changes that will have lasting impacts in the way America makes a call, uses the internet, or watches their cable and TV --- and how well our communications and media can handle the unimaginable.   Bruce Kushnick New Networks Institute