Governments vs Blackberry – what’s it all about?

Originally posted on 13Aug10 to IBM Developerworks (19,781 Views)

Over the past few weeks, I have been watching what seems to be a snowballing issue of governments spying on their citizens in the name of protection from terrorism.  First cab off the rank was India a couple of years ago asking Research In Motion (RIM) for access to the data stream for Indian Blackberry users, then asking for the encryption keys.  That went quiet until recently (1Jul10), the Indian Government again asked RIM for access to the Blackberry traffic and gave RIM 15 days to comply (See this post in Indian govt gives RIM, Skype 15 days notice, warns Google – Telecompaper).  That has passed and the Indian government yesterday gave RIM a new deadline of 31Aug10 (See Indian govt gives 31 August deadline for BlackBerry solution – Telecompaper). In parallel, a number of other nations have asked their CSPs or RIM for access to the data sent via Blackberry devices. 

First, was the United Arab Emirates (UAE) who will put a ban on Blackberry devices in place which will force the local Communications Service Providers (CSPs) to halt the service from 11Oct10.  RIM are meeting with the UAE government, but who knows where that will lead with the Canadian government stepping in to defend it’s Golden Hair Child – RIM.  Following the UAE ban, Saudi Arabia, Lebanon and more recently Indonesia have all said they will also consider a ban on RIM devices. As an interesting aside, I read an article a week ago (See UAE cellular carrier rolls out spyware as a 3G “update”) that suggested that the UAE government sent all Etisalat Blackberry subscribers an email advising them to update their devices with a ‘special update’ – it turns out that the update was just a Trojan which in fact delivered a spyware application to the Blackberry devices to allow the government to monitor all the traffic! (wow!)

Much of the hubbub seems to be around the use of Blackberry Messenger, an Instant Messaging function similar to Lotus Sametime Mobile, but hosted by RIM themselves which allows all Blackberry users (even on different networks and telcos) to chat to each other via their devices.

I guess at this stage, it might be helpful to describe how RIM’s service works.  From a historical point of view, RIM were a pager company.  Pagers need a Network Operations Centre (NOC) to act as a single point from which to send all the messages out to the pagers.  That’s where all the RIM contact centre staff sat and answered phones, typed messages into their internal systems and sent the messages out to the subscribers.  RIM had the brilliant idea to make their pagers two way so that the person being paged could respond initially with just an acknowledgement that they had read the message, and then later with full text messages.  That’s the point at which the pagers gained QWERTY keyboards. From there, RIM made the leap in functionality to support emails as well as pager messages, after all, they had a full keyboard now, a well established NOC based delivery system and a return path via the NOC for messages sent from the device.  The only thing that remained was a link into an enterprise email system.  That’s where the Blackberry Enterprise Server (BES) comes in.  The BES sites inside the Enterprise network and connects to the Lotus Domino or MS Exchange servers and acts as a connection to the NOC in Canada (the home of RIM and the location of the RIm NOC).  The connection from the device to the NOC is encrypted and from the NOC to the BES is encrypted.  Because of that encryption, there is no way for a government such as India, UAE, Indonesia, Saudi Arabia or other to intercept the traffic over either of the links (to or from the NOC)

Blackberry Topology

Last time I spoke to someone at RIM about this topology, they told me that RIM did not support putting the BES in the DMZ (where I would have put it) – since then, this situation may have changed.

Blackberry messenger traffic doesn’t get to the BES, but instead it goes from the device up to the NOC and then back to the second Blackberry which means that non-enterprise subscribers also have access to the messenger service and this appears to be the crux of what the various governments are concerned about.  Anybody, including a terrorist could buy a Blackberry phone and have access to the encrypted Blackberry messenger service without needing to connect up their device to a BES which explains why they don’t seem to be chasing after the other VPN vendors (including IBM with Lotus Mobile Connect) to get access to the encrypted traffic between the device and the enterprise VPN server.  Importantly, other VPN vendors typically don’t have a NOC in the mix (apart from the USA based Good who have a very similar model to RIM).  I guess the governments don’t see the threat from the enterprise customers, but rather the individuals who buy Blackberry devices.

To illustrate how a VPN like Lotus Mobile Connect differs from the Blackberry topology above, have a look at the diagram below:

Lotus Mobile Connect topology

If we extend that thought a little more, a terrorist cell could set them selves up as a pseudo enterprise by deploying a traditional VPN solution in conjunction with an enterprise type instant messaging server and therefore avoid the ban on Blackberries.  the VPN server and IM server could even be located in another country which would avoid the possibility of the government easily getting a court order to intercept traffic within the enterprise environment (on the other end of the VPN).  It will be interesting to see if those governments try to extend the reach of their prying to this type of IM strategy…

iPhone 4 Facetime standards

Originally posted on 15Jun10 to IBM Developerworks (11,653 Views)

Nokia e71 making a video call

Since I penned my last post, I have done some more reading on Facetime and watch Steve Job’s launch of Facetime.  While I will happily admit that Apple have in fact used some standards within their Facetime Technology (Jobs lists H.264AACSIPSTUNTURNICERTPSRTP as all being used), I am somewhat bemused by the “standards” discussion that most of the media seem to be focusing on with regard to Facetime.  Almost everyone that refers to compliance with standards is talking about interoperability with current PC based video chat capabilities – from the likes of Skype, MS Messenger, GTalk and others.  Am I the only one that has noticed the iPhone 4 is not a PC and is in fact a mobile phone?  Why is it that no one else is questioning interoperability with existing video chat capable mobile phones?

After thinking on this for a little while, I guess it might be that most of the media coverage about the iPhone 4 is coming from the USA – where is was launched.  It’s only natural.  The problem with the US telecoms market is that it is not representative of the rest of the world – who has had video calling for ages and don’t really use it.  Perhaps it was the overflowing Apple coolaid fountain in the iPhone 4 launch that got the audience clapping when Jobs placed a video call, or perhaps it was just that they had never seen a video call before – I wasn’t there so I cant be sure.  Right now, the Facetime capability on the iPhone 4 is only for WiFi connections – which makes it pretty limiting.  Apparently, there is no setup required, no buddylist, you just use the phone number to make a video call – which is the way video calling already works (see the screen dump of my phone to the right and the short video below), but the WiFi limitation on the iPhone 4 will mean that you have to guess when the recipient is WiFi connected.  At least with the standard 3GPP video call, the networks are ubiquitous enough to pretty much guarantee that if the recipient is connected to a network, they can receive a video or at least a phone call.  Job’s didn’t explain what would happen if the recipient was not WiFi connected – does it just make a voice call instead?  I hope so.

(Note: the original post had a flash video of a video call conducted from my Nokia e71 phone – I’m trying to find the original recording of the call (3GVideoCall/3GVideoCall_controller.swf) and I’ll update this post if I can find it)

If you look at the pixelation and general poor quality of the video call, consider that I am in a UMTS coverage area, not HSPA (the phone would indicate 3.5G if I were), so this is what was available more than seven years ago in Australia, longer in other countries. If I was in a HSDPA coverage area, I would expect the video call to be higher quality due to the increase bandwidth available.

I recall in 2003, Hutchison 3 launched their 3G network in Australia with much fan-fair.  Video calls was a key part of the 3G launch in Australia for all of the telcos.  This article from the 14Apr03 Sydney Morning Herald (on day before the first official 3G network in Australia) illustrates what I am talking about.  The authors say that the network’s “…main feature is that it makes video calling possible via mobile phone.”  Think about it for a second.  That’s from more than seven years ago and Australia was far from the first country to get a 3G network.  A lifetime in today’s technology evolution.  Still the crowds clapped and cheered as Jobs made a Video call.  If I had have been in the audience, I think I would have yawned at that point.

The other interesting thing that I noticed in job’s speech as his swipe at the Telcos.  He implied that they needed to get their networks in order to support video calls.  Evidence from the rest of the world would suggest that is not the case – perhaps it is in the USA, or perhaps he is trying to deflect blame for not allowing Facetime over 3G connections away from Apple and back to the likes of AT&T who have copped a lot of flack over their alleged influence on Apple’s Application store policies involving applications that could be seen to be competitive with services from AT&T.  I am not sure how much stick AT&T deserve on that front, but it’s pretty obvious from job’s comment that he is not in love with carriers – and certainly from what I’ve seen, carriers are not in love with Apple.  It might be interesting to see how long the relationship lasts.  My guess is that as long as Apple devices continue to be popular, both parties will be forced to share the same bed.

On another related point, I have been searching the Internet to find what standards body Apple submitted Facetime to for certification – Jobs says in the launch that it will be done “tomorrow”  – this could be marketing speak for ‘in the future’ or it could literally mean the day after he launched the iPhone 4.  If anyone knows please let me know – I want to have a look into the way Facetime works.

Thanks very much to my colleague Geoff Nicholls for taking the Video Call in the video above.

Quality, Speed, Price: Pick two

Originally posted on 02Feb10 to IBM Developerworks where it got 15,259 Views

On the Wednesday of the week before last (the week before my leave) at about 1am my time, I got an urgent request for a RFI response to be presented back to the customer at Friday noon (GMT+8 – 3pm for me – 2.5 business days for the locals in that timezone).  This RFI  was asking lots of hypothetical questions about what this particular telco might do with their Service Delivery Platform (SDP).  It had plenty of requirements like “Email service” or “App Store Service” and so on.  These ‘use cases’ made up 25% of the overall score, but did not have any more detail than I have quoted here.  Two to four words for each use case.  Crazy!  If I am responding to this, such loose scope means I can interpret the use cases any way that I want.  It also means that to meet all the use cases (14 in all) ranging from ‘Instance Messaging Presence Service (IMPS)’ to ‘Media Content and Management Service’ to ‘Next-Generation Network Convergence innovative services’  the proposal and the system would have to be a monster with lots of components.  The real problem with such vague requirements is that vendors will answer the way they think the customer wants them to, rather than the customer telling them what they want to see in the response.  The result will be six or eight different responses that vary so much that they cannot be compared which is the whole point of running the RFI process – to compare vendors and ultimately select one to grant the project to.

On top of the poor quality of the RFI itself, the lack of time to respond creates great difficulties for the people responding.  ‘So what, I don’t care, it’s there job’ you might expect them to say and to an extent you are correct, but think about it like this:  A short timeframe to respond means that the vendor has to find whoever they can internally to respond – they don’t have time to find the best person.  A short timeframe means that the customer is more likely to get a cookie cutter solution (one that the vendor has done before) rather than a solution that is designed to meet their actual needs. A short timeframe means that the vendor may not have enough time to do a proper risk assessment and quality assurance on the proposal – both of which will increase the cost quoted on the proposal.

All of these factors should be of interest to the Telco that is asking for the proposal because they all have a direct effect on the quality and price of the project and ultimately the success of the project. 

I know this problem is not unique to the Telecom industry, but of all the industries I have worked with in my IT career, the Telcos seem to do it more often.  I could go on and on quoting examples of ultra short lead times to write proposals – sometimes as little as 24 hours (to answer 600 questions in that case), but all it would do is get me riled up thinking about them.

The whole subject reminds me of what my boss in a photolab (long before my IT career began) would say “Quality, Speed, Price: Pick two”.  Think about it – it rings true doesn’t it?