Ransomware – Holding 911 Hostage

Security is one of the critical elements that anyone who operates a network should be concerned with. One industry, in particular, Public Safety, is often thought of as being safe and secure, but in reality, they are as susceptible as their weakest link. 911 center directors in public safety need to be especially concerned with DDoS and Ransomware attacks.  The information contained in their networks is very sensitive and if compromised cold create a national disaster.

In response to events seen this week in the commercial space, I sat down wits with the NENA Director of Public Safety and Government Affairs to discuss this issue. Trey Forgety.

Fletch: Trey, welcome back. Unfortunately, every time we get to talk it’s never good news.

Forgety: That’s right. Today as in the past we’re experiencing some really, really tough issues.

Fletch: this week we have a cyber attack going on, not necessarily a DDoS attack but a Ransomware attack that is affecting commercial businesses and could potentially affect public safety as well.

Forgety: That’s right. Unlike a DDoS attack where someone tries to flood a network with more traffic that it can handle, in a Ransomware attack, they’re trying to deny you access to a computer by encrypting all of the files on the machine’s drive. The attack that we’ve seen today is particularly pernicious because unlike many in the past this one actually doesn’t require anyone to click on a link.

Fletch: That’s a little scary because I can totally understand the “click bait” that’s out there. You’ve just inherited 20 million dollars, click here – and then they use social engineering to basically collect information. How do you execute an attack without getting the user to interact? That’s new.

Forgety: It is sort of new. In this case, a vulnerability and something called the Server Message Block or SMB protocol. It’s a file sharing protocol that’s commonly used by Windows computers. A vulnerability in older versions of SMB that are still enabled on a lot of systems was exposed that can allow attackers to remotely execute code. Now, the good news is that there are mitigations. If you have your machine attached to the networks with a firewall for example and you prevent off network SMB access that’s one way to hopefully shield your network from this type of attack.

Fletch: Now, is that something normal network administration, security administration would have enabled?

Forgety: One would hope so but it’s not the case everywhere. Looking at the networks that I administer personally it was only about a year or two ago that I got to looking at making sure regularly that things like SMB were explicitly blocked. A lot of folks try to fall back on a default deny rule so that everything I haven’t thought of will get denied. That works great but for a lot of things where you know there’s a vulnerability it’s also a good idea to go in and put in a hard rule so that if at some point in the future something changes, somebody changes the default rules or something, you know that that hard rule is always there to protect you. Now I make it a point of anything that doesn’t need to come into my networks from somewhere else in the world, I make sure to go ahead and explicitly block those things at my firewall.

Fletch:  You know, when you look at typical public safety IT department they have a lot of great policing and knowledge but they don’t always have the best IT staff nor do they have access to IT experts. I think that leaves a big chunk of our public safety kind of vulnerable, doesn’t it?

Forgety: You know, it absolutely does. We really have a workforce crisis in the public safety field on cyber security. That’s not unique to public safety, that workforce crisis exists across every sector of our economy. For us, it’s particularly acute because of the sensitivity of the public safety mission and its importance in safety of life. One of the things that I always tell folks is you’ve got to self-educate and you’ve got to get good at taking the basic steps that you can do without having an elite information security team on your side.

Fletch: NENA is very proactive with its member community. You’ve raised the awareness quite a bit over the past couple of years. There was an alert that went out late this afternoon to members letting them know. What did you announce there?

Forgety: First off, I appreciate your recognition because it really has been, both for NENA as an organization and for me personally, an important thing over the past few years to raise the profile of security issues. The step that we took today is sort of a new thing that we’re doing to try and be helpful when we do hear about a major new threat. We issued a memorable late this afternoon that described the type of attack in fairly plain terms and then went on a little bit to talk about what the vulnerability is. I think most importantly we provided our members with five concrete actions that they can take right away to help protect their networks.

Fletch:  What were those actions?

Forgety: The first thing is local PSAP or county IT administrators need to download the Microsoft patch for this vulnerability. They’re calling it MS17-010. You’re going to want an IT admin to test this patch to make sure you’re not breaking anything, knocking systems offline before you deploy it to everything. Nonetheless, it is something that needs to get patched in a very, very big hurry.

The second thing that we’re advising is that center managers should make sure that they check up on their backup process. They need to make sure that they have onsite and offsite and hopefully one of those is actually offline backups for all of their critical systems. Make sure those are routinely being maintained and periodically go in, verify and test restores for those backups. If you haven’t tested a backup you don’t know that it’s going to work and you can’t rely on it. We’ve seen that demonstrated rather dramatically just in the past year. We’ve seen some major software providers learn that three different backup systems weren’t working the way they thought and in fact, they were going to have to rebuild from scratch.

The third thing that we recommend is that PSAP IT departments consider permanently disabling the service message block or SMB 1.0 and 2.0 protocols along with CIFS or the common internet file system. Those are all sharing protocols that are commonly used on the window systems that have this vulnerability so SMB-1, SMB-2, and CIFS should all be turned off permanently. They still have SMB-3 as an option, that’s the version that is currently being maintained. More than anything, it will also give you higher speeds and better security going forward.

The fourth item, shift supervisors, and this is an important thing for us. A lot of our members are telecommunicators and dispatchers so we wanted to make sure that we have advice that shift supervisors can give to their frontline employees. Our advice is to make sure that front line employees are briefed to report any unusual computer behavior and to make sure they’re exercising added caution whenever they’re clicking links or entering credentials even in systems that they normally access. You want to just make sure that anything that your frontline employees touch from time to time they’re being a little bit extra careful about right now just to make sure you don’t accidentally leak credentials to a potential attacker.

Then the last thing we’re recommending is if you do fall victim to Ransomware whether it’s the current WannaCry attack or any subsequent attack, don’t pay. Don’t pay the ransom unless you absolutely have no other option for recovering your data. First, you should contact your local FBI field office and second notify the National Cyber Security and Communications Integration Center if an attack impacts your 911 service. I’ll give you their phone number here for your listeners. That’s 888-282-0870. Again 888-282-0870. Then as you do that make sure you’re taking steps to preserve log files and anything else that might be helpful in a forensic investigation.

Fletch: Now, fortunately, public safety is used to collecting evidence and documenting everything and that’s what’s really going to help to put an end to this. That’s what the FBI wants, all this detailed log data to help them trace back to the culprits.

Forgety: Absolutely. You know, the sad reality is that in any given case it’s unlikely that the FBI or anybody else is going to find the specific attacker and prosecute them for attacking you directly. But, taken together, correlated log files from across multiple attacks can allow agencies in law enforcement and intelligence to figure out where the attackers are coming from, find out what their common techniques are, and then ultimately go after those attackers where they live. For the long term that’s the most important thing.

Fletch: The obvious question here is, Next Generation-911 is going to provide a plethora of information but in that, you’re connecting with the internet of things. How do we do that in a secure environment to gain the benefits of NextGen without opening up the door to allow these types of attacks, happen more easily? It’s kind of a double-edged sword.

Forgety: It’s absolutely true and that’s something we’ve had to acknowledge from day one. As you move to modern internet era technologies … Just to be clear, we’re not talking about putting 911 on the internet, that’s not what Next Gen 911 is about. We do use common internet technologies. A result of that is that you will have different types of vulnerabilities than what you face today with the telephone system. The good news though is that in addition to having new kinds of vulnerabilities you get access to all sorts of new tools that simply don’t exist in the telephone world to combat those vulnerabilities. At NENA for example in the i3 standard and the NGSX standard, we’ve worked very hard with the vendor and public safety communities to make sure that security mechanisms to protect these life critical systems are built in from the ground up.

Fletch: You bring up a good point, NENA is a standard definition organization, an SDO.

Forgety: That’s right. We’ve actually been the recognized SDO in the public safety field since the early 90s for 911. Our standards are universally adopted for things like ANI and ALI, how that data is transferred, how PSAP transfers occur, and how PSAPs answer calls. Then in 2011, we went from being just the recognized standards body to being both recognized and accredited. NENA got their ANSI accreditation. All that means is that we ran our standards process by The American National Standards Institute and they signed off that that process met their requirements for the minimum due process.

Fletch: NENA and EENA, the European Emergency Number Association, recently issued a joint press release about Next Generation 911 Services. That was a big deal.

Forgety: It was a really big deal. One of the advantages that often goes overlooked of moving to Next Generation-911 is that it brings public safety systems into the global standards realm. The I3 standard for NG-911 was intentionally designed with that in mind. We’ve worked very closely with EENA over the years to make sure that their standards for Next Generation-112 are aligned. They won’t be exactly the same because how they do things in Europe is a little different but they’ll be very well aligned with the I3 standard. What we announced earlier this year was that we were going to renew that effort and work even harder to drive global standardization in the NG-911 world.

Fletch: You also recently had the Canadian CRTC adopt the NENA i3 standard as their direction forward as they build out Next Generation north of the border.

Forgety: That’s right. In Canada the CRTC has recognized i3 as the standard for NG-911.

Fletch: What about to the south? What’s happening in South and Central America? I haven’t really heard much about Next Generation. People ask about it, but I haven’t heard of any real standards work down there.

Forgety: We’re not aware of any separate standards work going on in Central and South America but we do make available our standards developers and our standards work on a relatively free basis for others to develop into compatible systems. When it comes time for Central and South America to start looking at NG-911 all of that existing body of work will be there so that they can bring themselves into harmony with the global standards process.

Fletch: Also the ASEAN market. I’ve talked to a few people, a great group of folks that are currently attending George Washington University that also attended the recent 911 Goes to Washington conference. They were very interested in rolling out multimedia services over in Thailand. What they said to me is why should I go reinvent the wheel? Which totally makes sense.

Forgety: Absolutely, that’s what we’re hoping everyone around the world will do and so far what they seem to be doing.

Fletch: You are the official NENA hacker, and you got to go present at the DEF CON conference this year.

Forgety: As a matter of fact attacks like this and denial of service and so forth came up quite a bit. In fact, we were … Well, not us directly but the Dark Tangent, a guy by the name of Jeff Moss, the founder of DEF CON tweeted out months before the conference last year that he wanted a position on NG-911. I think that is a testament to how much these systems are making it into the popular consciousness, both in public safety and in the information security community. We’re hopeful that with some renewed effort on our part that we can get NG-911 in front of the Infosec community even more frequently.

Fletch:  Again, it’s the security side of this because if you look at any network unprotected it scares the hell out of me and what could potentially happen. It’s not necessarily the use case of the network, I think that accentuates the importance of it but it’s the security blanket that you’re going to wrap around this. That’s where the work really needs to be put in. It’s great to see you raising awareness and getting the industry focused on wrapping that blanket around public safety. Multimedia, multimodal communications, hey, that’s what the world does today, right? My daughter just came home from college today. I talked to her all day long, not once did I speak to her on a phone. We chatted, we face timed, we did everything but make a phone call. I mean, that’s tomorrow, that’s what’s happening. You can’t ignore it any further. We’ve got to move public safety into that mode. Phone calls are going to go away, I believe.

Forgety: That’s absolutely right and as they do we’ve got to secure what comes next. We’re going to continue working very hard to do just that.

Listen to “NENA advises of Ransom-ware vulnerability for PSAPs” on Spreaker.https://widget.spreaker.com/widgets.js

If you are interested, a complete audio version of this interview in it’s entirety is available  here:  TiPS – NENA’s Trey Forgety on Ransomeware

When Alexa Calls 911 …

Excellent post by Bill regarding the pitfalls of technology.

the Chief Seattle Geek blog

alexa-call-911CES, formerly the Consumer Electronics Show, recently concluded in Las Vegas.  Alexa conquered the show (Wired), and seemed to be everywhere (Fast Company).  Alexa is, of course, the voice-activated digital assistant developed by Amazon, headquartered in Seattle.

Alexa has a long and growing list of commands ranging from “Alexa Shut Up” to “Alexa Give me a Game of Thrones Quote” to skills commands like “Alexa Ask Lyft for a Ride” which enables a specific skill written by Lyft to engage their car-sharing service.

Alexa is being married with a new generation of “smart devices”.   So if your light bulbs are smart enough, Alexa can control them (“Alexa, turn off the lights in the bedroom”).  If your garage door is smart enough, Alexa can open it.   Audio equipment.  Smart phones.  Even cars (Ford is building Alexa into its vehicles) will have Alexa controls.  Indeed, Shelly Palmer…

View original post 1,298 more words

What have YOU accomplished the last 1700 days at work?

Today, Commissioner Jessica Rosenworcel is leaving the Federal Communications Commission after a long and productive tenure in Washington DC. The last 1699 days she awoke as one of the 4 Commissioners charged with “bringing the connected future to all Americans”, and in my opinion, did a pretty damn good job. Tomorrow, she is back to being “Jessica”.

Always a passionate speaker, providing nothing less than inspiring insight into complex issues facing citizens of the new digital world, she always had a relevant opinion on the topic she was speaking about. With a particular passion for Public Safety and NG911,  I was fortunate to have the privilege and honor to meet with her several times working on these issues as well as those dealing with Disability Accessibility.

Fletch-Rosenworcel.jpg

One of my favorite memories was when I received the 2013 Industry/Technology Professional Private Sector Award from the NG911 Institute. Commissioner Rosenworcel attended a luncheon at Union Station, where I was able to spend a few hours discussing many different topics with her. I was always amazed by her wisdom, and passion for public safety, as well as her irresistible smile. Today she released the following statement of her accomplishments; each one of them a pertinent topic that deeply touches the way we communicate with our families, our friends, and our colleagues.

Today she released the following statement recapping her numerous accomplishments; each one of them a pertinent topic that deeply touches the way we communicate with our families, our friends, and our colleagues.

Thank You, Jessica for your service. You have left a long legacy of well thought-out policies and opinions that have improved the lives of many.

Fletch-Sig.png

STATEMENT OF
COMMISSIONER JESSICA ROSENWORCEL

FEDERAL COMMUNICATIONS COMMISSION

BRINGING THE CONNECTED FUTURE TO ALL AMERICANS

MAY 11, 2012 – JANUARY 3, 2017

             It has been an honor, a privilege, and a wild ride serving as Commissioner at the Federal Communications Commission.  It has provided me with a front row seat at the digital revolution.  Every day I have been able to see how communications technology is remaking every aspect of civic and commercial life.

This experience has convinced me—truly, madly, deeply—that the future belongs to the connected.  No matter who you are or where you live in this country, you need access to modern communications to have a fair shot at 21st-century success.

I am proud of the work I have done at the FCC to expand access to digital age opportunity.  I am proud that these efforts—described in more detail below—have laid the foundation for a more safe, prosperous, and connected future for all.

The future of public safety.  The very first sentence of the Communications Act directs the FCC to make available “to all the people of the United States . . . rapid, efficient, Nation-wide, and world-wide wire and radio communication service” in order to promote the “safety of life and property[.]”  Giving modern meaning to this decades-old public safety pronouncement is a challenge.  But I am proud to have been able to do so with my work addressing the future of 911.

You may only make one 911 call in your life, but it will be the most important call you ever make.  In my time at the FCC I visited two dozen 911 call centers across the country—from Alaska to Arkansas, California to Colorado, Nevada to New Jersey, Vermont to Virginia and many more in between.  They represent the front line of our nation’s public safety systems.  Before any police radio crackles, fire engine blares, or ambulance races—you need to reach a 911 operator.

The challenge for the future of 911 is one that is common to other areas of communications.  The ways we connect are changing at a blistering pace.  But by and large, our nation’s emergency systems were built for an earlier era.  In fact, they were developed and are still optimized for traditional landline phones.

This is a problem.  But during my tenure, I sought to draw attention to this issue—and develop solutions.[1]  As a result, public safety officials and carriers are on course to provide texting to 911.  They are also working together to provide dispatchable location technology so that for every wireless call to 911—indoors and outdoors—first responders can find you.[2]  This is a big and important update to 911 and I am proud that the solution I forged on this matter is a bipartisan one.  I also worked with public safety officials to highlight funding challenges—from the diversion of 911 fees for purposes unrelated to emergency communications[3] to the need for support programs for next generation 911 under the Middle-Class Tax Relief and Job Creation Act.[4]

The future of education technology.  E-Rate is the nation’s largest education technology program.  It provides support for Internet access in schools and libraries in every state.  But when I joined the agency this program—which should be a force to usher in the dynamic learning possibilities of the digital age—was frozen in the dial-up era.  Speeds were slow, bandwidth was limited, and its technology model was dated.  So I visited E-Rate beneficiaries from Florida to Alaska—and what I learned was striking.  At the time, roughly half of E-Rate schools were accessing the Internet at 3 Megabits or less—too slow for streaming high-definition video and not fast enough for the most innovative teaching tools.  Moreover, I found that with these bandwidth limitations only 5 percent of high schools were offering computer science courses.  As a policymaker—and a parent—this struck me as just wrong.

So I began a campaign for E-Rate 2.0[5] and led the charge for updating this program at the FCC.[6]  As a result, the program has been rebooted, reinvigorated, and recharged.  It now has clear capacity goals—with sights set on Gigabit speeds.  It has a modernized technology model, with a new premium on Wi-Fi to facilitate one-to-one learning environments.  It also has an updated budget—with an eye to the future of education.  These changes are expected to provide 20 million more students with high-speed service in their classrooms and libraries.  They will increase the odds that all Americans have the opportunity to gain the digital skills they need to compete, no matter who they are, where they live, or where they go to school.

As terrific as FCC progress on E-Rate was, I recognized that in a world where students rely on digital content in the classroom, they also need access to broadband when they go home.[7]

Today, seven in ten teachers assign homework that requires access to broadband.  But FCC data suggest that as many as one in three households do not subscribe to broadband service.  Where these numbers overlap is what I call the Homework Gap.

The Pew Research Center has demonstrated that the Homework Gap is real.  According to its research as many as 5 million households with school-aged children lack Internet access.  Being a student in one of these households makes it difficult to get basic schoolwork done. Applying for a scholarship is challenging.  And while low-income families are adopting smartphones with Internet access at high rates, small hand-held devices are not optimal for researching, typing a paper, applying for jobs, or for furthering your education.

I am proud to have drawn attention to this problem—because I think it’s the cruelest aspect of our new digital divide.[8]  But I am prouder still of the FCC efforts I championed to help bridge this gap and close this divide.[9]  In particular, the FCC modernized the Lifeline program.  This program has supported basic phone service in low-income households in every state for three decades.  But a program focused strictly on voice telephony is retrograde.  Data is the dial tone of the digital age.  So the FCC updated the Lifeline program and going forward beneficiaries will be able to choose broadband service.  This simple change will help bridge the digital divide—and close the Homework Gap.

More can be done to address the Homework Gap, however.  Carriers across the country are pitching in by making available low-cost broadband service.  Libraries in everywhere from Missouri to Maine are loaning out wireless hotspots—and letting students borrow connectivity for schoolwork.  Communities are mapping out where free online access is available for student use.  Rural school districts—like Coachella, California—are putting Wi-Fi on buses and turning ride time into connected time for homework.  I am proud to have called attention to these efforts[10]—and believe they deserve expansion.[11]  Moreover, providing more reliable and consistent broadband access for all students will help turn them from digital consumers into digital creators.  That’s vitally important for opportunity in the current economy and the coming age of artificial intelligence and automation.

The future of broadband.  Broadband is not just a technology, it’s a platform for opportunity.  Extending its reach across this country is our new manifest destiny because it is an essential part of modern economic and cultural life.  It is no longer a luxury—it is a necessity.

In order to build a bigger future for broadband, I am proud to have supported the effort to update our nation’s broadband definition from 4 Megabits to 25 Megabits.  But I continue to believe that it’s time to stop dreaming small.  We need to dream big and set audacious broadband goals.  I am proud I was the first to call for a new broadband standard of 100 Megabits.[12]  I think anything short of that shortchanges our children, our digital economy, and our future.

I am also proud to have been a consistent supporter of network neutrality.  Our Internet economy is the envy of the world.  What produced this dynamic engine of entrepreneurship and experimentation is a foundation of openness.  Sustaining the openness that has made us innovative, fierce, and creative is vitally important.  Moreover, I believe we have a duty to protect what has made the Internet the most dynamic platform for free speech ever invented.  That is why I supported network neutrality rules to prevent online blocking, throttling, and paid prioritization.

Though these policies were not without controversy, what is uncontroverted is that in response to our work on network neutrality, 4 million Americans wrote the FCC to make known their ideas, thoughts, and deeply-held opinions about Internet openness.  They lit up our phone lines, clogged our e-mail inboxes, and jammed our online comment system.  That might be messy, but whatever our disagreements on network neutrality, I hope we can agree that’s democracy in action and something we can all support.

During my tenure at the FCC, the agency took steps to accelerate the nationwide movement to high-capacity, fiber optic networks—and away from traditional copper phone systems.  This movement, better known as the transition to Internet Protocol, or IP transition, involves the update of essential broadband infrastructure across the country.  This is a good thing.  But it also poses some challenges.  For decades, communications policies have been tied to the provision of telephony.  Yet these old policies are not always a natural fit for a new broadband-centric world.  If we blindly migrate them to our new networks we may impede the very investment in modern infrastructure we seek to foster.  Rather than support a wholesale migration of old regulatory policies into the new world, I proposed a simple framework based on the enduring values in communications law.[13]  Specifically, I proposed that new deployment should be judged not through the prism of old, detailed regulations but instead through the four essential values that have always informed communications policy—public safety, universal access, competition, and consumer protection.  I am proud that these four guideposts have become the FCC framework for assessing network change[14]—and I believe they are a thoroughly modern way to support the deployment of infrastructure in the future.

While at the FCC, I saw up close the challenge of bringing broadband to our rural communities.  Financing, constructing, and operating these facilities in remote areas is not easy.  Tough terrain, trying weather, and limited populations make deployment harder than in more populated locales.  But I also saw the creative spark that high-speed service brings to rural communities.  In rural Montana and Tennessee, I saw how telemedicine not only saved lives, but kept communities intact by making it possible for elderly residents to age in place.  In rural Iowa, I saw a startup center with big bandwidth incubating ideas for the farming economy in its backyard.  As a result, I believe connectivity is critical today for rural America to thrive.  That is why I am proud to have pressed for the reform and update of our nation’s high-cost universal service fund—to facilitate broadband deployment in our most rural communities.[15]

The future of wireless policy.  Few of us go anywhere today without mobile devices in our palms, pockets, or purses.  But as commonplace as wireless service may feel in our lives now, the truth is we are just getting started.  Over the next few years, worldwide demand for mobile service is expected to grow by 10 times.  As the Internet of Things emerges, wireless functionality will become a part of everything in our economy—and everything we do.

During my time at the FCC, I have been able to witness this change up close.  I saw very clearly that the choices we make today about our airwaves are critical for the future.  Spectrum is the consummate scarce resource.  The way we zone our skies for its use is among the most important tasks entrusted to the FCC.

I have had the honor of working on traditional wireless auctions[16] at the agency as well as the unique experience of laying the groundwork for the world’s first spectrum incentive auction.[17]

It also has been a privilege to develop ideas about how the FCC—working with Congress—can build a better spectrum pipeline.  This is important because spectrum is the lifeblood of the new economy.  Ensuring the supply is reliable and consistent is essential to support technological innovation and growth.

To this end, during my time at the agency, I championed the notion that we need a federal spectrum policy based on carrots, rather than sticks.[18]  This is because federal authorities have extensive spectrum assignments.  They are used for critical missions throughout the government that are dependent on wireless services—like protecting us from attack, managing our air traffic, and monitoring our water supply.  But our traditional process of assessing the efficiency of these uses and reclaiming underutilized airwaves in an effort to repurpose them for auction and commercial service is slow and clunky.  It’s ill-suited for the pace at which data demands are growing on existing wireless facilities.  We need to replace it with a more modern system that ensures that federal authorities see gain—and not just loss—when their airwaves are reallocated for new mobile broadband use.

To do this, I proposed a variety of ideas,[19] including incentives that would provide federal authorities with a cut of the revenue from the commercial auction of the airwaves they clear.  These funds, in turn, could be used for relocation as well as projects lost to funding cuts.  I also proposed updating the Spectrum Relocation Fund to provide incentives for government authorities to share airwaves with agencies being relocated.  In addition, I recommended changes to the Miscellaneous Receipts Act, a law that has the perverse effect of preventing negotiations between federal agencies and winning bidders in wireless auctions.  This would allow the FCC to auction imperfect rights and permit winning bidders to negotiate directly with federal authorities remaining in the band in order to help meet their wireless needs.[20]  This could speed repurposing of our airwaves and provide commercial carriers with incentives to help update federal systems that are past their prime.  To facilitate these ideas, I encouraged the development of spectrum currency—a uniform system of valuation for federal spectrum assignments that could be overseen by the Office of Management and Budget in order to better understand incentives and the opportunity cost of continued federal use.

In addition to developing ideas for the spectrum pipeline, I am proud to have been the first to call for FCC action to develop 5G spectrum technologies.[21]  Though the United States has led the world in deployment of the current generation of wireless technology—known as 4G—I made clear we need to do more than rest on our laurels.[22]  I encouraged the exploration of millimeter wave band spectrum early[23] and enthusiastically supported FCC efforts to develop new possibilities in the 28 GHz, 37 GHz, 39 GHz, and 64-71 GHz bands.  This action puts the FCC in a position to lead the world in deploying millimeter wave band spectrum—and incorporating its use into 5G services.

I also strove to provide real-world examples of the possibilities forward-thinking spectrum policy can generate.  It’s easy to get lost in the wonkish details of wireless policy.  But I am proud to have repeatedly offered ideas and engaged in dialogue about how a more connected wireless future can help do things—like cut commute times with traffic sensors, improve public safety with video capability in the helmets of firefighters,[24] and monitor the health of our cities by helping improve garbage collection, prevent flash floods, and even reduce childhood asthma.[25]

The future of unlicensed spectrum and Wi-Fi.  I believe the future of spectrum policy requires a focus on not just licensed spectrum—but also unlicensed spectrum.  Unlicensed spectrum—like Wi-Fi—democratizes Internet access, encourages permissionless innovation in the Internet of Things, and contributes $140 billion in economic activity annually.  This is good stuff.  Nonetheless, historically the legislative process has overlooked the value of unlicensed spectrum because it gets low marks in the scoring process at the Congressional Budget Office.  But this dated accounting misses the mark—because the future benefits of unlicensed spectrum throughout the economy are so great.  Similarly, at the FCC, unlicensed spectrum has too often been an afterthought—when it deserves to be in policy primetime.

During my time at the agency, I am proud that I tirelessly called attention to the benefits of increasing opportunities for unlicensed spectrum.[26]  I believe good spectrum policy requires both licensed and unlicensed airwaves.[27]  Moreover, as any wireless user can attest to, the airwaves used for Wi-Fi today are getting crowded—putting a premium on identifying additional spectrum for unlicensed growth.  To this end, I am proud to have introduced the concept of the Wi-Fi dividend.[28]  This notion is simple but powerful: in any legislative or regulatory effort to increase the licensed spectrum pipeline there should be a cut for unlicensed, or the Wi-Fi dividend.[29]

I pressed the FCC to put the Wi-Fi dividend into practice.  I was an early advocate for expanded Wi-Fi in the lower 5 GHz band—and when the agency eventually put this in place, it doubled the airwaves available for unlicensed in this band virtually overnight.[30]  Consistent with the Middle-Class Tax Relief and Job Creation Act, I encouraged the FCC to lay the groundwork for unlicensed activity in guard bands in the re-imagined 600 MHz band.  In time, I believe this will create exciting new possibilities for unlicensed activity in low-band spectrum.  The FCC’s work on the 3.5 GHz band includes a Wi-Fi dividend, as part of a unique three-tiered system of access that mixes incumbent federal use with licensed and unlicensed use.[31]  In addition, the FCC’s millimeter wave spectrum efforts include a Wi-Fi dividend, with a swath of high-band spectrum at 64-71 GHz reserved for unlicensed use—meaning new and exciting possibilities for Wi-Gig innovation.[32]

I continue to believe that there are additional opportunities for unlicensed spectrum that we should seize.  This includes testing to see if increased Wi-Fi activity in the upper 5 GHz band can be made compatible with automobile systems that plan to use these airwaves for safety purposes.[33]  I am proud that I have worked in a bipartisan fashion to help spur this testing—and I am hopeful they will yield new Wi-Fi potential.[34]

The future of consumer protection.  Every year the FCC receives hundreds of thousands of consumer complaints and inquiries.  But when I arrived at the FCC, the intake process for these queries was clunky, hard-to-decipher, and brimming with the special online charm of the turn-of-the-millennium Internet.

This changed—for the better—during my time at the agency.  The FCC replaced its old complaint and inquiry process with a simple interface with better answers and real assistance for consumers.  But what lies ahead in the future is even better.  Over time the agency will be able to take the information gleaned from this new platform and use it to inform rulemaking activity.  I am proud that I saw these possibilities early and called for this change[35] because I believe that in a data-driven world we should always use the consumer facts we have on hand to inform and inspire FCC policy.  Moreover, over time I believe the agency should combine this consumer data platform with other public information it collects in machine-readable formats.  This will allow others to slice and dice our numbers and identify consumer trends that deserve attention.

With respect to more discrete issues, I am proud that I have been a critic of FCC decisions involving robocalls.[36]  During my time at the agency they represented the single largest category of complaints—and no excuses—it is time to fix this scourge.[37]  I am also proud to have been an advocate for rebates for cramming, which is when unwanted charges show up on your phone bill.  Cramming is digital age pick pocketing and when it happens consumers deserve their money back.  In addition, I am proud that I was the first to call out malicious and willful interference with Wi-Fi when hotels began to block guests from using their own connections under the guise of network security.[38]  This was not right or fair—and I am glad that the FCC eventually put a stop to it.

 The future of innovation.  The pace of technological change is dizzying.  In an instant, innovation can invert so much of what we think we know.  I believe this means policymakers should challenge themselves to come up with new ways to induce smart policy and not just rely on the same old regulatory crutches.  I am glad I was able to proffer some of my own during my time at the FCC.

I wrote extensively about government sandboxing.[39]  Software developers often code sandboxes into their programs.  This code allows others access to a portion of a program without harming the host platform.  This means developers can experiment within the four corners of this virtual sandbox, without risking damage at large scale.  It means that innovators no longer have to perfect new concepts in obscurity only to bet the farm on launches of large yet unproven ideas.  Instead, they can set up small experiments—sandboxes—to tinker with their projects and expose them to real-world conditions.

Sandboxing encourages entrepreneurial thinking and iterative learning.  It’s a philosophy that risk-averse Washington policymakers need to adopt.[40]  During my tenure at the FCC the agency embraced sandboxing in key proceedings—and has been learning from the results.[41]  It tested channel sharing with two broadcasting stations in California to prove that this could be technically feasible in the future 600 MHz band.  It also identified communities in Florida and Alabama where it would test policies related to the IP transition—rather than introducing them nationwide all at once.  In addition, changes made to the FCC’s experimental licensing process will create more dynamic sandboxes for wireless innovation.  As a result, more developers can test new services in research settings—impacting everything from rocket launching technologies to patient-monitoring systems.

I also called for regulators to make greater use of contests to foster new innovation.  Working with Marty Cooper, the father of the cell phone, I proposed Race to the Top, Spectrum Edition.[42]  With the demand on our airwaves growing, we developed a creative solution—beyond the usual calls for more spectrum in the pipeline.  Instead, we looked to technology itself to help manage accelerating demands on our airwaves.  Specifically, we called for Washington to issue a challenge and reward the first person to make spectrum use below 5 GHz as much as 100 times more efficient.  In return, they would receive their own small slice of airwaves for mobile broadband.[43]  This idea received legislative attention—and spurred fresh interest in technology investments that improve spectrum efficiency.

In addition, I called for adding contests to broaden Smart Cities initiatives.[44]  In short, the future of 5G technology depends on development both in our airwaves and on the ground.  But I think the latter gets too little attention.  So I proposed that we reward cities that put in place the next generation infrastructure necessary to make it happen, including dense networks of small cells with fiber backhaul.   On top of this, I proposed the broadband and wireless equivalent of LEED certification for next generation connected buildings, building on work first developed in New York.  I believe both efforts can inspire facilities deployments that will spur new wireless innovation.

I also proposed a new Honors Engineering program at the FCC to refresh our technical ranks and draw young engineers into public service.[45]  I am hopeful that this kind of innovative program will be put in place in the future.

The future of women and STEM.  It’s been said before but it’s true:  the number of women in technology is simply too few.  During my time at the FCC, both in Washington and on the road, this basic fact was apparent over and over and over again.  This is a problem.  Our new economy is built on communications technology.  In fact, science, technology, engineering, and math are the fastest growing fields in the new economy.  There are three times as many job opportunities in STEM fields than in any other field.  Yet the Bureau of Labor Statistics tells us what while women hold half the jobs in the country, they hold less than a quarter of jobs in STEM fields.

I’ve done the math.  This doesn’t compute well for the future—and it needs to be fixed—as a matter of equity, as an economic imperative, and simply because it’s the right thing to do.  I’m proud of my work to help remedy this situation in a variety of fora—including efforts with L’Oreal For Women in Science, Women in Consumer Electronics,[46] and Girls Who Code.  No matter where I go or what I do, it is something I will proudly continue.   As the mother of a little girl—and little boy—I believe this is a future worth fighting for.

***

Finally, I am grateful to my colleagues at the FCC—Chairman Tom Wheeler, Commissioner Mignon Clyburn, Commissioner Ajit Pai, Commissioner Michael O’Rielly, Chairman Julius Genachowski, and Commissioner Robert McDowell—for their friendship.  I am also thankful for their commitment to public service and dedication to thoughtful policymaking.  In addition, I am grateful to the staff of the agency, who are the real heroes of the FCC.  Their understanding of communications law is abundant, their knowledge of network engineering and economics is without equal, and their commitment to the public interest is deep and unyielding.  But above all, I am grateful to the American people who entrusted me with this extraordinary opportunity to participate in history and lay the groundwork for a more connected future.

[1] Jessica Rosenworcel, Bring Wireless 911 Up To Date, The Hill (Jan. 14, 2014), http://thehill.com/opinion/op-ed/195446-bring-wireless-911-up-to-date; Jessica Rosenworcel and Betty Wafer, Action Needed to Advance the Next Generation 911, The Hill (June 30, 2016), http://thehill.com/blogs/congress-blog/technology/285943-action-needed-to-advance-the-next-generation-911.

[2] Jessica Rosenworcel, Commissioner, FCC, Remarks at APCO Emerging Technologies Policy Conference (Dec. 4, 2013), https://apps.fcc.gov/edocs_public/attachmatch/DOC-324537A1.pdf; Statement of FCC Commissioner Jessica Rosenworcel, Wireless E911 Location Accuracy Requirements, Fourth Report and Order, PS Docket No. 07-114 (Jan. 29, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-331757A4.pdf.

[3] Jessica Rosenworcel and Lance Terry, Point of View: Moving Next Generation 911 Forward, The Oklahoman (Sept. 24, 2016), http://newsok.com/article/5519488.

[4] Rosenworcel & Wafer, supra note 1.

[5] Rep. Anna Eshoo and Jessica Rosenworcel, Transforming Education Digitally, Politico (June 3, 2013), http://www.politico.com/story/2013/06/fcc-classrooms-digital-school-future-092153; Julián Castro and Jessica Rosenworcel, High Speed Internet Access a Classroom Necessity, San Antonio Express News (June 25, 2013), http://www.mysanantonio.com/opinion/commentary/article/High-speed-Internet-access-a-classroom-necessity-4621487.php.

[6] Jessica Rosenworcel, Commissioner, FCC, Remarks at SXSW Edu Conference & Festival (March 6, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-325951A1.pdf.

[7] Jessica Rosenworcel, Commissioner, FCC, Remarks at Texas Computer Education Association (Feb. 4, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-331901A1.pdf; Jessica Rosenworcel, How to Close the ‘Homework Gap, Miami Herald (Dec. 5, 2014), http://www.miamiherald.com/opinion/op-ed/article4300806.html; Jessica Rosenworcel, Limited Internet Access a Challenge for Detroit Kids, Detroit Free Press (Mar. 17, 2015), http://www.freep.com/story/opinion/contributors/2015/03/16/internet-broadband-access/24849353/; Jessica Rosenworcel, The Cleveland Homework Gap, When There Is No Internet at Home, Cleveland.com (Apr. 22, 2016), http://www.cleveland.com/opinion/index.ssf/2016/04/the_cleveland_homework_gap_whe.html.

[8] See Cecilia Kang, Bridging a Digital Divide That Leaves Schoolchildren Behind, NY Times (Feb. 22, 2016), http://www.nytimes.com/2016/02/23/technology/fcc-internet-access-school.html?_r=0

[9] Jessica Rosenworcel, Commissioner, FCC, Remarks at Taking the Pulse of the High School Experience in America, Hispanic Heritage Foundation (Apr. 29, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-333274A1.pdf.

[10] Jessica Rosenworcel, Commissioner, FCC, Remarks at Broadband Imperative and the Homework Gap, State Education Technology Directors Association, (Sept. 8, 2016), https://apps.fcc.gov/edocs_public/attachmatch/DOC-341150A1.pdf.

[11] Sen. Tom Udall and Jessica Rosenworcel, ‘Homework Gap’ Hurts Poor, Rural Students, Las-Cruces Sun News (Oct. 22, 2016), http://www.lcsun-news.com/story/opinion/commentary/2016/10/22/homework-gap-hurts-poor-rural-students/92490198/.

[12] Statement of FCC Commissioner Jessica Rosenworcel, Inquiry Concerning the Deployment of Advanced Telecommunications Capability to All Americans, 2015 Broadband Progress Report, GN Docket No. 14-126 (Jan. 29, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-331760A4.pdf.

[13] Jessica Rosenworcel, Commissioner, FCC, Remarks at Practicing Law Institute, 30th Annual Telecommunications Policy and Regulation Institute (Dec. 13, 2012), https://apps.fcc.gov/edocs_public/attachmatch/DOC-317923A1.pdf (Rosenworcel PLI Remarks).

[14] Statement of FCC Commissioner Jessica Rosenworcel, Technology Transitions, GN Docket No. 13-5 et al., Order (Jan. 30, 2014), https://apps.fcc.gov/edocs_public/attachmatch/FCC-14-5A4.pdf.

[15] Statement of FCC Commissioner Jessica Rosenworcel, Connect America Fund, WC Docket No. 10-90 et al., Report and Order, Order and Order on Reconsideration, Order, and Further Notice of Proposed Rulemaking, (Mar. 23, 2016), https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-33A4.pdf.

[16] Statement of FCC Commissioner Jessica Rosenworcel on the AWS-3 Auction (Jan. 29, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-331773A1.pdf.

[17] Jessica Rosenworcel, Commissioner, FCC, Remarks at Silicon Flatirons: The Next Ten Years of Spectrum Policy (Nov. 13, 2012), https://apps.fcc.gov/edocs_public/attachmatch/DOC-317319A1.pdf.

[18] Jessica Rosenworcel, A Federal Wireless Policy Built on Carrots, Not Sticks, The Hill (June 27, 2013), http://thehill.com/blogs/congress-blog/technology/308011-a-federal-wireless-policy-built-on-carrots-not-sticks.

[19] Statement of FCC Commissioner Jessica Rosenworcel Before the United State Senate Committee on Commerce, Science & Transportation, “Wireless Broadband and the Future of Spectrum Policy” (July 29, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-334645A1.pdf.

[20] Jessica Rosenworcel, Commissioner, FCC, Remarks at GSMA: The Mobile 360 Series – North America (Sept. 22, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-329510A1.pdf.

[21] Jessica Rosenworcel, The Race to 5G Is On, recode (Oct. 27, 2014), http://www.recode.net/2014/10/27/11632314/the-race-to-5g-is-on.

[22] Jessica Rosenworcel, Commissioner, FCC, Remarks at 4G Americas Technology Briefing (Oct. 14, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-329909A1.pdf.

[23] Jessica Rosenworcel, Commissioner, FCC, Remarks at The Marconi Society Annual Symposium, National Academy of Sciences (Oct. 2, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-329734A1.pdf (Rosenworcel Marconi Symposium Remarks).

[24] Jessica Rosenworcel, Commissioner, FCC, “Five Ideas for the Road to 5G,” Remarks at Leadership Forum on 5G:  The Generation of Wireless (Feb. 9, 2016), https://apps.fcc.gov/edocs_public/attachmatch/DOC-337655A1.pdf.

[25] Jessica Rosenworcel, Commissioner, FCC, Remarks at Mobile World Congress (Feb. 22, 2016), https://apps.fcc.gov/edocs_public/attachmatch/DOC-337855A1.pdf. (Rosenworcel Mobile World Congress Remarks)

[26] Jessica Rosenworcel, Commissioner, FCC, Remarks at Moving Wi-Fi Forward, The Newseum (May 6, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-326941A1.pdf.

[27] Jessica Rosenworcel, Commissioner, FCC, Remarks at The Future of Unlicensed Spectrum, Computer History Museum (Sept. 11, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-329359A1.pdf.

[28] Jessica Rosenworcel, Commissioner, FCC, Remarks at SXSW Interactive (Mar. 16, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-332532A1.pdf.

[29] Jessica Rosenworcel, We Need More Wi-Fi, Morning Consult (June 20, 2016), https://morningconsult.com/opinions/need-wi-fi/.

[30] Jessica Rosenworcel, Commissioner, FCC, Remarks at Wi-Fi in the 5GHz Fast Lane, The National Press Club (Mar. 7, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-325938A1.pdf.

[31] Rosenworcel Mobile World Congress Remarks, supra note 25.

[32] Statement of FCC Commissioner Jessica Rosenworcel, Use of Spectrum Bands Above 24 GHz for Mobile Services, GN Docket No 14-177 et al., Report and Order and Further Notice of Proposed Rulemaking (July 14, 2016), https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-89A4.pdf. (Rosenworcel July 2016 5G Statement)

[33] Jessica Rosenworcel, Commissioner, FCC, Remarks at The Road to Giga-Bit Wi-Fi, New America Foundation (Jan. 12, 2016), https://apps.fcc.gov/edocs_public/attachmatch/DOC-337249A1.pdf.

[34] Michael O’Rielly and Jessica Rosenworcel, Driving Wi-Fi Ahead: the Upper 5 GHz Band (Feb. 23, 2015), https://www.fcc.gov/news-events/blog/2015/02/23/driving-wi-fi-ahead-upper-5-ghz-band.

[35] Rosenworcel PLI Remarks, supra note 13.

[36] Statement of FCC Commissioner Jessica Rosenworcel, Approving in Part, Dissenting in Part, Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, WC Docket No. 07-135, Declaratory Ruling and Order (June 18, 2015), https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-72A4.pdf.

[37] Jessica Rosenworcel, Commissioner, FCC, Remarks at Robocall Strike Force Meeting (Oct. 26, 2016), https://apps.fcc.gov/edocs_public/attachmatch/DOC-341920A1.pdf.

[38] Jessica Rosenworcel, Commissioner, FCC, Remarks at State of the Net Conference (Jan. 27, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-331702A1.pdf.

[39] Jessica Rosenworcel, Sandbox Thinking, Democracy Journal (Fall 2014), http://democracyjournal.org/magazine/34/sandbox-thinking/.

[40] Commissioner Jessica Rosenworcel, Commissioner, FCC, Remarks at IEEE Globecom 2013 (Dec. 11, 2013), https://apps.fcc.gov/edocs_public/attachmatch/DOC-324651A1.pdf (Rosenworcel 2013 IEEE Remarks).

[41] Jessica Rosenworcel, Commissioner, FCC, Remarks at Democracy Symposium (Sept. 30, 2014), https://apps.fcc.gov/edocs_public/attachmatch/DOC-329682A1.pdf.

[42] Jessica Rosenworcel and Marty Cooper, Here’s How to Expand Wireless Spectrum, The Mercury News (Sept. 24, 2014), http://www.mercurynews.com/2014/09/24/marty-cooper-and-jessica-rosenworcel-heres-how-to-expand-wireless-spectrum/.

[43] Rosenworcel Marconi Symposium Remarks, supra note 23.

[44] Rosenworcel July 2016 5G Statement, supra note 32.

[45] Rosenworcel 2013 IEEE Remarks, supra note 40.

[46] Jessica Rosenworcel, Commissioner, FCC, Remarks at Women in Consumer Electronics, Rubin Museum of Art (June 23, 2015), https://apps.fcc.gov/edocs_public/attachmatch/DOC-334094A1.pdf.

 Santa Reorganizes – The 12 Days of Christmas Cutbacks

 Many thanks to my dear Consultant friend from the Great White North, Roberta Fox, for sending this to me.

Effective immediately, the following economizing measures are being implemented in the “Twelve Days of Christmas” subsidiary:

The recent announcement that Donner and Blitzen have elected to take the early reindeer retirement package has triggered a good deal of concern about whether they will be replaced, and about other restructuring decisions at the North Pole.

Streamlining is due to the North Pole’s loss of dominance of the season’s gift distribution business. Home shopping channels and mail order catalogues have diminished Santa’s market share. He could not sit idly by and permit further erosion of the profit picture.

The reindeer downsizing was made possible through the purchase of a late model Japanese sled for the CEO’s annual trip. Improved productivity from Dasher and Dancer, who summered at the Harvard Business School, is anticipated. Reduction in reindeer will also lessen airborne environmental emissions for which the North Pole has received unfavourable press.

I am pleased to inform you that Rudolph’s role will not be disturbed. Tradition still counts for something at the North Pole. Management denies, in the strongest possible language, the earlier leak that Rudolph’s nose got that way, not from the cold, but from substance abuse. Calling Rudolph “a lush who was into the sauce and never did pull his share of the load” was an unfortunate comment, made by one of Santa’s helpers and taken out of context at a time of year when he is known to be under executive stress.

As a further restructuring, today’s global challenges require the North Pole to continue to look for better, more competitive steps. Effective immediately, the following economy measures are to take place in the “Twelve Days of Christmas” subsidiary:

1. The partridge will be retained, but the pear tree, which never produced the cash crop forecasted, will be replaced by a plastic hanging plant, providing considerable savings in maintenance;

2. Two turtle doves represent a redundancy that is simply not cost effective. In addition, their romance during working hours could not be condoned. The positions are, therefore, eliminated;

3. The three French hens will remain intact. After all, everyone loves the French;

4. The four calling birds will be replaced by an automated voice mail system, with a call waiting option. An analysis is underway to determine who the birds have been calling, how often and how long they talked;

5. The five golden rings have been put on hold by the Board of Directors. Maintaining a portfolio based on one commodity could have negative implications for institutional investors. Diversification into other precious metals, as well as a mix of T-Bills and high technology stocks, appear to be in order;

6. The six geese-a-laying constitutes a luxury which can no longer be afforded. It has long been felt that the production rate of one egg per goose per day was an example of the general decline in productivity. Three geese will be let go, and an upgrading in the selection procedure by personnel will assure management that, from now on, every goose it gets will be a good one;

7. The seven swans-a-swimming is obviously a number chosen in better times. The function is primarily decorative. Mechanical swans are on order. The current swans will be retrained to learn some new strokes, thereby enhancing their outplacement;

8. As you know, the eight maids-a-milking concept has been under heavy scrutiny by the EEOC. A male/female balance in the workforce is being sought. The more militant maids consider this a dead-end job with no upward mobility. Automation of the process may permit the maids to try a-mending, a-mentoring or a-mulching;

9. Nine ladies dancing has always been an odd number. This function will be phased out as these individuals grow older and can no longer do the steps;

10. Ten Lords-a-leaping is overkill. The high cost of Lords, plus the expense of international air travel, prompted the Compensation Committee to suggest replacing this group with ten out-of-work congressmen. While leaping ability may be somewhat sacrificed, the savings are significant as we expect an oversupply of unemployed congressmen this year;

11. Eleven pipers piping and twelve drummers drumming is a simple case of the band getting too big. A substitution with a string quartet, a cutback on new music, and no uniforms, will produce savings which will drop right to the bottom line;

We can expect a substantial reduction in assorted people, fowl, animals and other expenses. Though incomplete, studies indicate that stretching deliveries over twelve days is inefficient. If we can drop ship in one day, service levels will be improved.

Regarding the lawsuit filed by the attorney’s association seeking expansion to include the legal profession (“thirteen lawyers-a-suing”) action is pending.

Lastly, it is not beyond consideration that deeper cuts may be necessary in the future to stay competitive. Should that happen, the Board will request management to scrutinize the Snow White Division to see if seven dwarfs is the right number.

The Violet Slate / Purple Grey Theory

When the telephone system was designed, it was very much a point to point communications network. Each endpoint (telephone) had a unique identifier (phone number) and was connected back to the central office via a dedicated twisted-pair of wires. To keep the circuits separated and identifiable for troubleshooting, the Bell System needed a method that would be simple, easy to remember and expandable to service hundreds of thousands of customers. But, how could this possibly be done? Certainly, there were not enough colors in the spectrum to support this!

But the Bell System came to the rescue, born of innovation and engineering standards. They devised a way of using just 10 different colors in a unique combination, and likely had a 50-page document on why. In any case, they defined the colors into 2 groups.

Major Colors               Minor Colors

White                          Blue
Red                              Orange
Black                           Green
Yellow                         Brown
Violet                          Slate

The last 2 were Violet and Slate, and the ‘reason’ didn’t matter. It was just the way it was, and as apprentice learned from their mentor, these colors were passed down, generation to generation of telephone men. It was how I learned, it was how my partner who taught me learned, and it was how his mentor taught him. It was the ‘Bell Way’ and that is all we needed to know.

Fast forward in my career from ‘punch-jockey’ to PBX installer, to Systems Engineer and Technician, to Telecom Manager that was currently interviewing candidates for a position. I wanted someone that had been around. Someone that grew up with some of the old ‘Bell value standards’.

One of my questions on an interview was “What color is the 25th pair?” I quickly realized, the candidates that had been around, used the familiar Violet/Slate colors, and the greener candidates would name the pair as “Purple/Grey”. Upon questioning them, they knew Violet-Slate but were taught, Purple-Grey. Despite their ‘age’ or ‘experience in the industry’, it became quite clear that there were 2 distinct groups of candidates out there. The well-seasoned Violet Slate technicians, that would maintain a meticulous wire frame, used the right tools for the right job, and did things the ‘old-school way’.

These were the guys I wanted to do cabling, nd managing the wire plant, and building the physical side of my switch room. The Purple Greys were the other guys, newer to the industry, and innovative in their thinking. They all had laptops, were already on the internet, and used software tools like Excel.

Immediately, age didn’t matter. Their experience didn’t matter. I stumbled upon the ultimate litmus test to instantly define the right person for the right job based on experience! What a great find! From that day forward, everyone became a Violet Slate guy, like myself, and the good Purple Gray guys, like Matt Konwiser, recognized their doppelganger,  and more importantly the value of both of them teaching each other.

And so concludes the story and theory of Purple Grays and Violate Slates.  Which one are you?

There is no wrong answer.

 

FIXED: Cellular E911 Location

The two biggest issues with cellular emergency services:
Text to 911 and Cellular Location Accuracy

But the question is, how can this be so in today’s ultra-modern broadband connected world?

The answer, it turns out, is simple. The Emergency services network no matter where you are located is, for the most part, an analog-based legacy infrastructure with only the ability to convey VOICE calls and no data services. Because of this simple fact, we have pigeonholed ourselves into a quagmire of isolation from the modern communications capabilities that have become commonplace and inherent in the devices nearly all of us seem to be carrying.

How do we extract ourselves from this destitute pit of captivity? The answer is quite simple. We need a rope, and it just so happens that Google has decided to provide that lifeline, with of course a brand-new acronym; AML for Advanced Mobile Location.

Currently, on the network side AML is  only deployed in Estonia and in the United Kingdon however, the functionality (which has been code-named ‘Thunderbird’) is actually embedded in every current  Android device with operating systems from Gingerbread forward. To discuss the history of Thunderbird, and how it came to be, I sat down for a Podcast with European Emergency Number Association Executive Director, and colleague of many years, Gary Machado.

Listen to the Podcast here:


Fletch:
The big story in the news is location and emergencies in cellular phones, and you guys have really come up with something that’s pretty interesting over in Europe. Tell us about AML?


Gary:
Thank you, Fletch. Yes, we came up with AML, which stands for Advanced Mobile Location, a few years ago. Actually, the idea is not ours. The Advanced Mobile Location was created in the UK in 2014 by a guy named John Medland, who works for BT 999/112 emergency services.

He basically lost faith in the EU’s ability to regulate of the sector and to contribute to the improvement of caller location in Europe, so he decided to start talking with the handset manufacturers and the mobile operators here in Europe, what in the US you call I think carriers, and he came up with a simple idea: how can we find an easy way to retrieve the location data that is in the phone that we all use everyday to order pizza, to order Uber, et cetera, and how can we take this data and deliver it to the PSAPs as easily as possible?

That’s how the project started. John led the whole project in the UK. It started slowly in 2014 with AGC, the handset manufacturer, and one mobile operator named EE, and since then, AML has been very successful. We have about 85% of locations that are below 50 meters, within 50 meters, and AML has been extended to other handset manufacturers, namely Alcatel, Sony Mobile, Samsung devices, and extended also to other mobile operators in the UK.


Fletch:
I think the big thing was when Google jumped onboard. Google saw what John had proposed doing, and basically in a nutshell, the way I explain it to people is, when the carrier, when the mobile operator looks from the network towards the handset, it’s one view, but when the handset looks out towards the world, they can see much more. It’s like looking through a peephole on a hotel room door the wrong way, right?

From the carrier side, you get a very myopic view of where that device is, but the device can take advantage of cellular, it can take advantage of GPS, it can take advantage of WiFi signals that [can be seen], not necessarily connected to, but just seen, and then all of that information together [delivers] a much more accurate resolution. One number that I saw published was 4,000 times more accurate?


Gary:
Yes. Fletch, I want to say I love the way you describe it, which is exactly correct. What happens, we actually happened to meet Google at the right time, were starting to look into the project, they were wondering on how to get this information delivered to the PSAPs, and so we actually bridged between BT in the UK, Google and ourselves and we started to have about a conference call per week, basically, and we started to progress, let’s say, the Google way, which is very fast. Yes, as you said, Google wanted to benefit from the use of their Google fused location provider and have this accurate location information we use everyday installed on all Android devices in the world. That was what they were trying to achieve. Since they saw the success of the project in the UK, which was running on Android devices already, on Android-based smartphone manufacturers, they decided to work with us and

Since they saw the success of the project in the UK, which was running on Android devices already, on Android-based smartphone manufacturers, they decided to work with us and BT to, let’s say, upgrade all the devices in the world with this accurate location. Now, where are we right now? All Android devices in the world back to Gingerbread have been upgraded with Advanced Mobile Location, so it’s in every Android phone in the world, besides a few phones that haven’t been updated because they haven’t been charged or connected to the WiFi and didn’t get the update, of course, but otherwise it’s already

Now, where are we right now? All Android devices in the world back to Gingerbread have been upgraded with Advanced Mobile Location, so it’s in every Android phone in the world, besides a few phones that haven’t been updated because they haven’t been charged or connected to the WiFi and didn’t get the update, of course, but otherwise it’s already in your phone. If you have an Android phone, AML is there. You just have to check your phone, look for the Google Play Services, and if you have a version of Google Play Services which is something like 9.0+, then you have AML in your phone. AML

You just have to check your phone, look for the Google Play Services, and if you have a version of Google Play Services which is something like 9.0+, then you have AML in your phone. AML is deployed in two countries in Europe. It is fully deployed in the UK and Estonia.

That means that everyday, UK and Estonian emergency services receive extremely accurate location information, again, 85% at below 50 meters using GPS or WiFi location, and yes, when we look at the figure, it’s about 3,000 to 4,000 times more accurate than what we get in Europe currently, which is only the primarily cell ID.


Fletch:
Before everyone runs out and turns on AML and expects this incredible accuracy to be there, there is the other side of this, and that’s the 911 center, the emergency center, the PSAP has to be able to, or the network I should say, has to be able to receive this data. One of the pieces of AML is a destination for this information to be sent, so that’s got to be in place, too. Now that’s the carrier responsibility.


Gary:
Yes. I would say the beauty of this project is its simplicity. When you dial an emergency number, 112, 911, it will trigger AML in your phone if you’re in a country where the service has been activated; in other words, where PSAPs are able to receive the information. Once you dial this number, it triggers the AML for 20 seconds, collects the location information and sends it over to the PSAPs over a mobile network.

Now there are two ways of doing that. The first way is using SMS. There are two kinds of SMSs that are used. I will not get into the specificity of those, but these two SMSs are working. One of these two can be implemented in any country. Either the message can be sent to an SMS endpoint, which is what both BT, our organization, EENA, and Google recommends, because it works in most cases, SMS, and it’s actually extremely reliable. So it can be sent to an SMS endpoint or it can be sent over HTTPS to the emergency services. Emergency services are free to choose.

In Europe, we work at the country level. [Governments] are free to choose whether they want SMS or if they want HTTPS. For now, in Europe, we have SMS installations, but other countries are deploying an HTTPS endpoint to be able to receive the AML data.


Fletch:
I’m going to assume that when you bring your handset online and you get your configuration from the carrier that this AML destination would be part of that provisioning.


Gary:
Yes. Actually, it’s managed by Google. Google defines the emergency numbers that should activate the service in a country. If a country has several emergency numbers, those numbers will trigger the AML service, which will turn on for 20 seconds and collect the location data, and then send it over to this endpoint selected by a country or a region or a county. Basically, what’s to be done by the PSAPs, the authorities and/or the mobile operator or carrier in the US, it’s very simple. Google needs to know the endpoint to be able to deliver that message. They need to be provided by an endpoint. The carrier needs to, for instance, in case of an SMS, allow it to be free of charge, and that’s what we have in most countries in Europe already with SMS for the deaf and hard of hearing, and/or they need to provide for an HTTPS endpoint to be set up, which often in the US I believe has been at the carriers rather than in the PSAPs. In Europe, we have a different setup for these things.


Fletch:
The very first thing people are going to complain about it is, “Hey, wait a second, Gary, if this thing gets turned on, Google’s going to start tracking my location. It’s bad enough that they know every website I go to and they’re putting cookies all over my phone, now they’re going to be tracking my specific locations and what I’m doing. I’ve already got the NSA in the US doing that. I don’t need Google on top of that doing the same thing.” Is there going to be pushback?


Gary:
As you can guess, we get it over here in Europe even more than in North America. People are very, very concerned about it here. I can say I have myself a certain interest for these issues. I actually help some of the privacy activist organizations here in Brussels on my private time, let’s say, and I never switch on my location on my own, for instance, but in case of emergency service, I want to have my location turned on. The beauty of this project and working with Google for more than a year, they have been extremely cautious with that. The location just turns on for the time of triggering the AML and turns off after 20 seconds. Google does not store that location. Google doesn’t want to see that location. That location is retrieved and is sent over to the PSAPs in an SMS or HTTPS, and that’s it. Google doesn’t want to see that location. I think, honestly, no one is [inaudible 00:11:05]. Google has plenty of locations everyday. I don’t think they are looking for more of that project. That’s not what they are looking for.

The location just turns on for the time of triggering the AML and turns off after 20 seconds. Google does not store that location. Google doesn’t want to see that location. That location is retrieved and is sent over to the PSAPs in an SMS or HTTPS, and that’s it. Google doesn’t want to see that location. I think, honestly, no one is [inaudible 00:11:05]. Google has plenty of locations everyday. I don’t think they are looking for more of that project. That’s not what they are looking for.


Fletch:
So they never even get the data to be able to store it. It goes directly into the public safety networks.


Gary:
Exactly.


Fletch:
Let’s face it, if you’re having an emergency, your location is something that you probably want to share. 


Gary:
Yes, exactly. That’s the case, and I’m sure it’s the same in the US, but in Europe, we have the proper legislation for that, that in case of emergency call, caller location is authorized. Yes, that’s one of the very few times where you actually need and you want your location to be used.


Fletch:
I’ve got to tell you, when I first saw this back in 2014 over in Europe, I was a little hesitant. I was a little hesitant because it was operating system-specific. At that time it was carrier-specific and even handset-specific, and [I thought], interesting idea, but it’s going to be the adoption that really makes this happen, and although it’s taken a couple of years, it is actually a great idea. It’s very simple in its form, it’s very basic. It doesn’t require a big uplift in the network. It doesn’t require huge upgrades in the PSAPs. It’s just a simple activation of information that’s already there, and it’s information that most devices already have anyway. Again, like you said before, if I want to order a pizza or if I want to order an Uber, they know exactly where I am with incredible accuracy, so it’s just activating that function that’s already there and creating the mechanism to transport that over to the PSAP, the people that actually need to use that. Really kind of a brilliant idea and John, John’s a great guy and I’ve known John for many years over at BT. It really took a lot of stamina just to keep pounding his foot down and saying, “This will work,” and getting Google in there is a big deal. Obviously the big question, what about iOS and Apple and Microsoft? What’s happening with those guys? Have they mentioned anything about this?

It’s very simple in its form, it’s very basic. It doesn’t require a big uplift in the network. It doesn’t require huge upgrades in the PSAPs. It’s just a simple activation of information that’s already there, and it’s information that most devices already have anyway. Again, like you said before, if I want to order a pizza or if I want to order an Uber, they know exactly where I am with incredible accuracy, so it’s just activating that function that’s already there and creating the mechanism to transport that over to the PSAP, the people that actually need to use that. Really kind of a brilliant idea and John, John’s a great guy and I’ve known John for many years over at BT. It really took a lot of stamina just to keep pounding his foot down and saying, “This will work,” and getting Google in there is a big deal. Obviously the big question, what about iOS and Apple and Microsoft? What’s happening with those guys? Have they mentioned anything about this?

Really kind of a brilliant idea and John is a great guy.  I’ve known him for many years over at BT. It really took a lot of pounding his foot down and saying, “This will work,” and getting Google in there is a big deal. Obviously the big question, what about iOS and Apple and Microsoft? What’s happening with those guys? Have they mentioned anything about this?


Gary:
First, I want to join you here in saying I really admire what John has done. He’s taken this idea, he’s been fighting for it. He’s been going step by step. He’s very cautious. He wanted to validate every step of the project. We owe John a lot, as all in the public safety community, I believe. I also want to thank the guys at Google, of course, and also congrats to the Estonians. The Estonians implemented AML in less than six months with Google and they are one of the countries that are fully enabled right now. About Apple and Microsoft, we are in contact with Microsoft, trying to get some information, some progress on this. At this stage, we do not see a lot, but we are hopeful that it will progress. We are also trying to get in touch with Apple. We’ve informed Apple via many emails, conference calls and so on. We haven’t seen a lot back from Apple, though we actually discovered just by Googling one day that Apple has published a patent on the location topic, which seems to be rather an idea pretty similar to what we’ve just talked about during this podcast. Very interesting. Very interesting. We’re hopeful that Apple will join the project. We also started to see the first articles, one article in Estonia last week, clearly explain that they believe that Apple will start joining the

We haven’t seen a lot back from Apple, though we actually discovered just by Googling one day that Apple has published a patent on the location topic, which seems to be rather an idea pretty similar to what we’ve just talked about during this podcast. Very interesting. Very interesting. We’re hopeful that Apple will join the project. We also started to see the first articles, one article in Estonia last week, clearly explain that they believe that Apple will start joining the project, because people will think of Google’s Android phone as the safe phones. That was an opinion written in an Estonian article, which is in English.


Fletch:
I have to agree with that. If somebody’s going to make a telephone purchase and this one has got safety features that this one does not, that’s going to become a decision. If I’m going to buy a phone for my daughter who’s going off to college now, I’m going to make sure she’s got a phone that’s going to provide her with as much safety as possible. That’s going to bring the financial model into play and it’s not going to be long before somebody over in Cupertino says, “Hey, wait a second, sales are going down. We need to turn this on,” and Microsoft’s going to do the same.


Gary:
Let’s hope so. Apple Keynote is coming out soon, so, let’s wait.


Fletch:
Listen, Gary, it’s always a pleasure to talk to you. It’s been a while since we’ve chatted. I really appreciate you taking the time to talk about this. Tremendous progress on this. Congratulations to everybody over at EENA who drove this, and of course to John Medland over at BT, who had the brainchild and the fortitude to get this program moving.


Gary:
Thanks, Fletch. Bye-bye.

What you never knew about IoT – and were afraid to ask

Every year the IT industry has to come up with a new acronym for some new technology that technology writers expound upon. Clearly, the undisputed winner for 2016, has to be nothing other than, “IoT – the Internet of Things.”


AN AUDIO VERSION OF THIS BLOG IS AVAILABLE ON SoundCloud Here:

Forbes, an obvious reputable resource, defines IoT as, “connecting any device with an on and off switch to the Internet (and/or to each other)”, TechTarget basically agrees with Forbes, but puts their own spin by adding in animals or people as long as they have, “unique identifiers and the ability to transfer data over a network.” So, this means that my pet Bengal, Diego, could be an IoT device if he was on the net and by definition, I myself are an Internet of Thing device. That’s a scary thought.

Of course, for the real truth, we need to go to Wikipedia. Here we’ll find an answer that is somewhat in the middle, and in my opinion, correct. The great Wiki says the Internet of Things is, “the network of physical devices, vehicles, buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.”

Taking a step back from all of this, looking at commonality in the definitions we find the following criteria making up IoT:

  • Physical electronic device (potentially connected to an animal)
  • Connected to the network (ideally the Internet is assumed)
  • Communicates with neighboring devices (contributing and consuming information)

Assuming that basic premise is true and correct, what exactly does this mean for the enterprise IT professional? First and foremost, it means that anything and everything is going to be on the network. Initially this will create a massive drive towards IPv6, as a MAC address signifies the unique identifiers required in the basic networking communications architecture. One potential detour around the massive migration to IPv6 devices, would be to use a networking technology such as the Avaya Shortest Path Bridging fabric architecture to isolate islands of IPv4 devices, and segregate them from the public wide area network with an IPv6 to IPv4 Gateway device.

This is nothing new to IT professionals, and the construct has been used with public IP addresses versus private IP addresses in the past. Just think of how many consumer grade routers have been sold that handout 192.168.1.X addresses in our homes. Part of the job of the router is to segregate those IP addresses effectively hiding them from the WAN.

CONNECTIVITY

So we now know the devices are going to exist, and they’re going to show up on our networks. In fact, based on a recent report by research firm International Data Corporation (IDC), the spending on IoT in the U.S. alone is slated to grow at a 16.1% compound annual growth rate (CAGR) through 2019 reaching an estimated $357 billion, according to a recent article.

MANAGEMENT

With these devices now present on our network, they need to be managed. We need to understand where they are, what they are, what data they’re consuming, and what data they’re creating. Imagine, if every light switch in your facility suddenly became an Ethernet connected temperature sensor, the microbursts of data that 1000 devices may produce, could potentially cause traffic contention for critical data required to run your business. So, while it would be very convenient to know ambient temperatures in each individual room, as well as the status of the ambient lighting, possibly combined with measurements of the lumens in the room, that information can’t conflict with the credit card transactions or other sensitive information required to keep the doors open and customers happy.

We already see this today, with video networks. They have replaced the coaxial based camera network with IP Cat6 cabling, but it remains a completely separate infrastructure with home runs back to the video head-end. Why not put the cameras on the network? “It won’t handle the multicast traffic from the cameras, and the overall network would suffer,” is the most common answer. With the right network topology and architecture, this is no longer true, Avaya Fabric solved this issue years ago, as proven at InterOp.

SECURITY

With potentially tens of thousands of devices now present on your network, security remains as a number one concern, but that concern is exacerbated by the sheer number of additional “touch points” to your networking infrastructure. For example, take the breach that retail giant Target experienced when their HVAC system was compromised. This gave hackers a convenient on-ramp to the network, where they proceeded to gain access to information that was assumed to be secure. While several failures in security can be attributed to this, the primary cause was the Layer 1 physical access entry point that was compromised.

Security is driving new fundamental functions that were considered a “nice to have” at one point in time. In order to manage this perfect storm of device influx into the network, as well as the number of BYOD devices appearing every day, network connectivity, especially wireless connectivity, cannot be taken for granted. Even the smallest enterprise will need to consider Identity Engine functionality within their network to manage devices that show up, both expected and unexpectedly, and be able to detect and mitigate any rogue device presence that is perceived as a potential threat. For example, even though Target was compromised through the HVAC system, shouldn’t the network have noticed the thermostats talking to the secure customer information databases? That abnormal traffic flow should have been detected, and the questionable device should have been moved into a Virtual Service ID where it was isolated from other areas on the network. This would’ve allowed human intervention and approval or denial of the communications.

ANALYTICS

An area that needs to be improved upon within the enterprise corporate network is the analytics applied to the network performance. Once again, functions that were considered a “nice-to-have” at one point in time, are now critical to day-to-day operations. The sheer number of devices, the amount of big data that’s being produced, and information from the identity management system all need to be examined, historically catalogued, and then referenced during future operations. If a device or process falls out of the normal scope, where a device starts generating traffic flows that are in excess of what they are expected to be generating, various thresholds are exceeded, the device or process is isolated, and human intervention is applied either stopping the device, or verifying its purpose and  creating a new rule that allows the anticipated behavior.

CONCLUSION

I don’t believe there’s a single industry that is not affected by this new trend. Smartphones have become so ubiquitous; their level of connectivity has become persistent. As we roam around going about our daily business, we are constantly connecting, disconnecting, and reconnecting to various networks and hotspots. We often don’t pay attention to our online status, and honeypot phishing is at an all-time high. Like it or not, the devices we carry are part of the Internet of Things. Not only do the networks need to protect themselves from the multitude of devices touching them, consumers also need to be conscious of what their devices are touching!

“HEY! Get that network out of your mouth! You have no idea where it’s been!”

Follow me on Twitter @Fletch911
Read my other AVAYA CONNECTED Blogs

Mark J. Fletcher, ENP is the Chief Architect for Worldwide Public Safety Solutions at Avaya. As a seasoned professional with nearly 30 years of service, he directs the strategic roadmap for Next Generation Emergency Services in both the Enterprise and Government portfolios at Avaya. In 2014, Fletcher was made a member of the NENA Institute Board in the US, in 2014 – 2015 he served as co-chair of the EENA NG112 Committee in the European Union, providing valuable insight to State and Federal legislators globally driving forward both innovation and compliance.