Speaking Engagements & Private Workshops - Get Dean Bubley to present or chair your event

Looking for a provocative & influential keynote speaker, an experienced moderator/chair, or an effective & diligent workshop facilitator? To discuss Dean Bubley's appearance at a specific event, contact information AT disruptive-analysis DOT com

Friday, November 26, 2010

Will advertisers be made to pay for mobile data use?

Here's a fun question for all the DPI and mobile optimisation vendors to try and answer....

What percentage of mobile data traffic is made up of adverts? And is it rising or falling?  And why isn't the implicit cost of transporting adverts being paid by their originators or agencies?

In the fixed world, the incremental amount of advertising traffic is probably relatively small, even including embedded Flash adverts in web pages, a few seconds of pre-roll video on some clips, banners, emails and so on. I'd be surprised if ADSL users get more than 1GB of ads per month, perhaps even just a small fraction of that. Set against a typical capped home broadband service with 20, 50, 100 or 250GB that's not really moving the needle.

But if you're using broadband on a USB modem with a 1GB or 3GB cap, I suspect that advert traffic starts to build up quite heavily as a component. And on a smartphone with 500MB a month, it's quite possible that advertising (across all inventory types) is 20%+ of total traffic, especially if you include email spam and browse "real Internet" web pages.

Some of the discussion last week at the Broadband Traffic Management event concerned whether (and when) it was appropriate or legal to optimise content, or even block applications or services. Would the user (or regulator) be irked if you compressed video streams, or changed the codec or frame rate? Highly contentious and a discussion for another post.

But it surprises me that the compression & optimisation specialists (Bytemobile, Openwave, Vantrix, Acision et al) don't target adverts and spam as "low hanging fruit". Ad-blocking as a service would reduce users' bills, speed up their browsing and could be configurable / opt-in like the PC browser add-ons.

Users would likely complain or churn if operators blocked or degraded YouTube or Facebook. But there's unlikely to be much of an outcry if intrusive adverts are binned by the network, as long as there was the equivalent of a "spam folder" to check there were no incidents of miscategorisation.

People might even pay for the service, if it improves overall QoE.

I bet that in some cases, the capex / opex savings on the network from lower traffic levels, would outweigh the telco's revenues generated from their own mobile advertising business. The poacher should turn into a gamekeeper. If the telcos don't do it, then third-party proxy services should offer it as a service, especially when the user is roaming. (Companies like Vircado already offer roaming optimisation).

I often get involved in research & consulting about the possibilities of telcos charging "upstream" content or application providers for access or QoS, notably through my work with Telco 2.0. It's often difficult to imagine Skype or YouTube or NetFlix paying "cold hard cash" - I generally think that business-focused cloud computing, or perhaps cloud gaming are the most likely to be prepared to pay. But actually, advertising agencies and ad-serving companies should probably go to the top of the list, as soft targets.

Neither the telco NOR the user wants (much of) their traffic clogging the network. It's also an area in which public attitudes to Net Neutrality could be swayed to see the positive aspects. There's is also the chance that Google ends up footing much of the bill. Where it will get much more difficult to enforce is around in-app advertising, though.

Ultimately, my belief is that the advertising industry has had a free rein for far too long. It's fat, lazy and complacent. Why should advertisers assume they have the rights to "use my retina for free"? Sure, there might be some brands or campaigns I'd want to opt-in to, but in an ideal world, we'd have digital contact lenses and advertisers would have to pay us cash to occupy parts of our field of view. And I'd gladly do a rev-share with a telco or other service provider who managed the billing & collection of fees on my behalf.

Sunday, November 21, 2010

The SIM card. The single point of failure for the mobile industry as we know it.

After writing my post about Apple, SIMs and NFC at the weekend, I've been having a look around at some of the other material that's been published recently about all this. Rudolf van der Berg, whom I met at the Telco 2.0 event the other week, has published a great article over at GigaOm (his normal blog is here, where he has written a lot about the need for a wholesale market in mobile numbering for M2M).

I've talked before about what I term the "Tyranny of the SIM card". While SIMs are absolutely invaluable for many mobile use cases, they are absolutely awful for others. The problem is shown up the acronym itself - Subscriber Identity Module. There are plenty of situations in mobile communications for which subscriptions are utterly inappropriate as a means of customer engagement.

This is something I've talked about before - the telecom industry's myopic belief that customers can have "service in any colour they like, as long as it's a subscription". Sure, there are many circumstances for which a monthly payment makes a lot of sense - and plenty more where it doesn't, especially as we move away from the phone as the favoured device of choice.

For a telephone, fixed or mobile, a subscription is a great model, as long as licenced service providers hold a monopoly on issuing numbers. Users want to keep the same number so that they can receive incoming calls and texts, so it makes absolute sense to have an ongoing relationship with the company that controls it.

But for other devices, there is much less requirement for an ongoing contractual relationship. The hypothetical M2M-connected toaster won't be receiving inbound calls: it's likely to be an uplink-only device (eg for maintenance or whatever) or at least one which will always be initiating any connection. Same deal for a PC - which is why you don't need a single permanent identity to use WiFi.

The problem is that the SIM enables operators to count - watch the headline 5 billion number carry on to 6 billion, despite the fact that many people now have 2, 3 or 8 SIM cards. But selling SIMs is easy to do, and easy to award sales targets and bonuses for. But how do you count temporary or transactional users? Or embedded devices which send a 100-byte message once a year? Much trickier, with fewer PR-worthy numbers. How many WiFi users are there on the planet? Nobody is really sure, and in any case the figure isn't really especially useful. The mobile industry doesn't really want to shift to counting sessions, or users, or something similarly intangible - even if it makes more sense.

But the real problem is around lock-in, and the fact that the operator retains ownership of the SIM, even when inserted into a device that users own outright. From a telco viewpoint, instantiating its control in such a tangible form is hugely powerful. But from a user or third-party vendor point of view (ie Apple) that control steps across a dividing line, when used to extend the operator's domain into new areas such as data or payments. As always, where the device is subsidised, the operator has more moral authority to tell the customer how it may be used. But if an individual (say) buys a smartphone for full retail cost, then tying certain features to the SIM [eg NFC payments] could be seen as unacceptable.

Even for voice, the writing on the wall has been visible for some time, especially for roaming. Various niche operators have been playing with multi-IMSI and downloadable-IMSI SIM cards for a while, notably Truphone's Local Anywhere service for voice anti-roaming. [Disclosure: they're a client]

Then, we've had the dual-SIM, even triple-SIM phones that are popular in Asia especially. Apple has been signalling its displeasure since 2007 with the hard-to-remove card in the iPhone needing a pin inserted to extract it. The utter failure of SIM-embedded laptops to gain meaningful market traction has been unsurprising - customers have preferred cheaper & more flexible USB dongles and MiFi's.

In my view, international data roaming is the straw that has broken the SIM camel's back. We have had an array of mobile operators and industry associations attempting to defend the indefensible. When you are travelling, there is absolutely no value or justification for routing all traffic back to the home network, and paying 10x or 100x the local price of Internet connectivity. I can concede an argument for a small premium, like using your ATM card in a foreign bank's machine. But a multiple, rather than a percentage is totally egregious.

We all know it. They all know it. The European Commission knows it. Operators have been making whining excuses about prices falling (from astronomical to merely stratospheric).

Yet to mix the metaphor, it is nevertheless a golden goose, laying charge-by-the-MB eggs. Nobody has been prepared to kill it. Instead, we've had half-hearted attempts to cap wholesale prices and instigate €50 thresholds, we've seen a few isolated examples of common sense such as the proposed Spain/Portugal free-roaming idea. And we've had operators and roaming hubs pretending to do their customers a favour with special bundles, which might only be 5x ripoffs rather than 50x.

I'll remind you of my own debacle with Vodafone's completely duplicitous approach to roaming pricing.

Ultimately, for all the convenience that SIM cards bring in basic phone services, they utterly relinquish that benefit, when it is set against the iron control (almost cartel-like extortion) they allow operators to exert over data.

Unsurprisingly, some of the technology industry's finest minds have been working flat-out to find ways to subvert this control. The much-rumoured iPhone embedded SIM is an example - but there have also been signs from Google as well: remember that patent from 2 years ago, for a system in which different operators would bid to carry each call? There was some speculation about a Google SIM for the Nexus One as well.

The risk now - and I think the operators and the GSMA are also waking up to this - is that the sheer blatant effrontery around roaming (and M2M network switching) is about to result in a shift in power. Apple and others are going to find a workaround - with billions of dollars to thrown at solutions if necessary.

And if solving the data and roaming problems for SIMs also impacts the basic voice & text business models, well..... that's just collateral damage. It's not as if this has come out of the blue.

The question is whether the industry's attempts to retain centralised control with the SIM has inadvertantly resulted in the creation of a single point of failure for the mobile operator ecosystem. In trying to win the battle to protect roaming and data revenues, the operators may well have Phyrrically lost the war.

And this is all happening at a critical point:
  • Android & Nokia & BlackBerry smartphones are almost cheap enough to buy without subsidy
  • Apple can do its own financing for people who want iPhones
  • Most people have alternative ID's that are better than phone numbers (Skype, Google, Facebook)
  • HSPA networks are often good enough for VoIP
  • Forthcoming LTE networks rely on data for VoIP
  • Voice usage is stagnating anyway, in favour of various forms of messaging
  • WiFi is everywhere and in all high-end devices
LTE is the killer here, to be honest. Stupidly, there is no SIM-free option for LTE data, something I've been advocating for a long time.

This means that if the operator strangehold on SIMs for data is broken by Apple or others, then they will probably lose voice on LTE as well. And you can certainly bet that any future Apple or Android voice service won't be based IMS or the I-SIM application on the UICC.

Now none of this affects the billions of ordinary mobile users, at least just yet. It will initially be confined to non-phone devices and a few top-end smartphones I expect. But I have a feeling that we're about to see the end of SIM Tyranny in one form or another.

There is a wider lesson here for the mobile industry - large pockets of profit that are based on control, rather than genuine innovation, are extremely tempting to outsiders. Almost without exception, they will be disrupted. If telcos want to retain and grow profitability, they need to invent new and valuable services and propositions continually - simply hiding ostrich-like in the sand, hoping that nobody notices areas of unrealistically high margins, is not a recipe for sustained success.

Saturday, November 20, 2010

Apple, embedded SIMs, NFC and mobile payments - some speculation

I wonder if I've just managed to join up the dots on something rather important:

- Recent reports suggest that Apple is intending to use NFC chips in iPhones
- Other recent reports suggest Apple wants to use an embedded SIM in iPhones

The NFC rumour tends to suggest that Apple is interested in mobile payments. However, that raises the question of whether the mobile operators are involved in the payment value chain, or if it is simply a secure extension of Apple's existing 100m+ credit card iTunes base out to the handset.

Presumably Apple has some pretty good relationships already with Visa, Mastercard, Amex et al, given iTunes $4bn run-rate. But that's not enough, on its own, to get those companies to push new card-reader equipment to thousands of retailers, that just support iPhone payments and nothing else. If they were going to go down the NFC path, they would probably wish the EPOS readers to work with a variety of NFC implementations and business models, not just one.

I've had a number of criticisms of NFC over the years - including the cost to the handset manufacturers, the unclear role of the mobile operators, the difficulty of getting merchants to adopt costly new readers, the willingness of consumers to entrust payments to new providers, whether customers actually need a new payment method to replace cash or existing cards, the unsuitability of charge-to-my-phonebill models, failure modes such as theft or handset crashing and so forth.

In short, I've been unconvinced by the "phone is your wallet" argument.

Now, there have been various approaches to NFC which have looked like cutting the operators out of the equation - most notably the NFC stickers that can be attached to the back of the phone. Other ideas have involved extending the role of not-quite-NFC contactless cards used in other applications such as London's Oyster, or Visa's PayWave.

But operators (and bodies such as ETSI and GSMA) have been pushing hard for the version of the NFC architecture which links the NFC chip to the SIM card [technically, it's called the UICC card], where the "secure element" of NFC is stored on the SIM itself, and accessed via the single-wire protocol (SWP).

A good overview of the NFC/SIM/SWP approach is here . There's a diagram on page 10.

But a core problem is the lack of incentive for manufacturers to support the cost of putting the NFC hardware and software in the device, especially if it is based only on SWP use cases. This would essentially mean that the NFC chip would be useless without the SIM, and that therefore the operator could insert themselves in all possible applications, not just payment, unless the device vendor put a second non-SIM secure element somewhere else in the phone.

For the manufacturer, this adds to the bill of materials, increases testing complexity, risks support and return costs, may delay time-to-market, yet may not generate extra revenues either from customers directly, or operators via subsidy or some sort of revenue-share. Especially for markets which sell unsubsidised 'vanilla' phones which could end up with non-NFC supporting SIMs, why go to the cost of putting in an NFC chip, rather than say a better camera, or more memory?

Yet at the same time, the non-SIM/SWP implementations of NFC are looking even more tenuous in acceptability. Why bother with a sticker (or trust it) on the back of your phone?

So we have an impasse:

  • Handset vendors don't really want to be forced to support implementations of NFC where all the control and most of the value resides in the (operator-owned and issued) SIM card, even if they can put secondary applications onto it.
  • The non-SIM implementations of NFC will have problems scaling and getting publicity, especially given the operators' indifference to selling handsets supporting this, and the handset vendors' general lack of clout with the credit card companies.
  • End users seem (largely) indifferent to both a new form of payment, or all the other "near field" applications like waving your phone at a billboard. They also tend to push back against perceived operator lock-in.
  • The merchants don't want to buy new terminals, especially if it's unclear what the new payment value chain will look like.

Or maybe not....

Let's revisit the two phrases "technically it's called a UICC card" and "operator-owned and issued SIM card".

Now let's just be a bit clearer about the terms. From Wikipedia :

A Universal Subscriber Identity Module is an application for UMTS mobile telephony running on a UICC smart card which is inserted in a 3G mobile phone. There is a common misconception to call the UICC itself a USIM, but the USIM is merely a logical entity on the physical card.

And from Zahid Ghadialy's blog

The security model in the UICC has been improved to allow the hosting of confidential (e.g. third party) applications. This enhancement was necessary to support new business models arising in the marketplace, with third party MVNOs, M-Payment and Mobile TV applications. These new features notably enable UICC memory rental, remote secure management of this memory and its content by the third party vendor, and support new business models supported by the Trusted Service Manager concept.

Now... I am not currently an expert on the full inner workings of UICCs and SIM technology. I will read up when I get a chance. But I have a suspicion that this might sum up what's going on:

  • Today, operators issue (but still own) physical UICC cards, which include the SIM functionality for secure authentication to the radio network, and also other applications such as SIM Toolkit and the NFC secure-element functions. They can "rent space" to third parties for other applications, acting as a Trusted Services Manager.
  • Tomorrow, some other third parties may issue physical UICC cards, or embed them into devices rather than distributing them through retail stores. And then those third parties (Apple, for instance) can perhaps "rent space" to operators for applications such as "secure authentication to the radio network".
In other words, perhaps we move to a world in which the operators' SIM connectivity function becomes just software running on someone else's physical card. Whether that (removable or embedded) card is owned by the end-user or by the manufacturer is another question.

There are a couple of other angles to this as well, which seem to tie in:

  • The GSMA announced its "Embedded SIM Initiative" the other day. I don't actually think it's specifically Apple-driven, but is more about the general M2M market. There are plenty of new business models which could be enabled by this, as well as plenty of problems to solve. However, it is possible that the Apple discussion has brought the issue to a fore.
  • Various operators are reportedly throwing a strop about Apple's plans to allow users to provision and activate services remotely. They are (quite reasonably in my view) threatening to stop subsidising iPhones if this occurs.
But so what? Really, a subsidy is just a loan by another name, cunningly designed to make it look like the consumer isn't really taking on more debt. It's quite a *safe* loan, to be fair, as the phone is useless if the operator cancels your number and SIM, and so most people won't default on their monthly fees. But we already know that Apple is friendly with the credit card companies. It already offers finance plans for Macs and iPads. So why can't it also sell "free iPhones", backed up by its own subsidy / credit arrangement? Whether this is charged to your iTunes credit card, set up as a separate agreement or whatever is merely detail. Because if Apple also owns the UICC card, it has a built-in anti-default mechanism just as good as the operators'.

For years, we have had people advocating the "Soft SIM". Intel worked on a project called the "Identity Capable Platform" back in 2006-7 - I remember seeing presentations about it. The operators (and GSMA) have been fairly vociferous in their condemnation of the concept.

I'm wondering if Apple has done an end-run around this, aiming to own a separate but embedded hardware SIM - and acting as a Trusted Services Manager itself - provisioning the operator's credentials as software on it. Add this to a way to escape from the "subsidy trap" by doing handset financing without scaring investors with risks of default, and we potentially have another disruption from Jobs.

Now.... a disclaimer. I may well be adding 2+2 and getting 7.3 here. But I'd be very surprised if some elements of the recent Apple SIM and NFC stories don't blend together.

Friday, November 19, 2010

Enforcing traffic management transparency

I need to do a full write-up of this week's Traffic Management Conference, but one theme that came out loud and clear (especially from the regulator's panel) was that any non-neutral network policy management will need to be absolutely clear and explicit to the end user.

Although regulators have generally not had many official complaints, there have been many, many suggestions of illicit traffic-shaping or degradation. I had an IM chat last night about a particular operator's suspiciously-poor broadband performance with Skype, and how that might be proven or disproven as deliberate.

One of the slides in my presentation at the conference yesterday which gained the most attention was the one with the Monopoly-board image of "Go to jail". It's quite possible that telecom executives who allow broadband to be mis-sold may be legally liable, if it is found that secret policies are going to be applied.

I suggested that a certain company with millions of end-points, million of servers, and proven data analytics capabilities should be able to spot any suspicious anomalies in traffic patterns, latencies and so forth. Any "monkeying-about" should stick out like a sore thumb, similar to a bank's anti-fraud systems.

So it's interesting that the BBC is perhaps the first major content provider to specifically say that they were looking at software to help keep the network honest, and inform users about who is to blame if there are glitches.

Of course, if you've been a regular reader of this blog, and customer of Disruptive Analysis' research and advisory services, none of this will come as much of a surprise to you, as it's been on the cards for more than three years - and indeed the EFF has had a tool available for some time to spot miscreant ISPs.

Bottom line is that telcos in markets with liberal attitudes to neutrality will need to be 100% upfront to their customers about policy and optimisation techniques, or else they will get "outed" mercilessly - and perhaps prosecuted as well.

Thursday, November 18, 2010

Wallets don't crash

Yesterday evening, I exchanged a couple of debating points with some others in the industry, after one of them had reported hearing a at a conference that Nokia would include NFC chips, allegedly in all its smartphones, next year.

(I doubt that's accurate - if you're racing to the bottom vs Android on smartphone pricing in India, for example, you don't put a few $ of useless bill-of-materals in all your products, especially those sold in markets with no readers)

We've also heard a lot of hype in the past couple of weeks about NFC chips supposedly going to be in the next iPhone and also the next Gingerbread-powered iterations of Android. It's also worth noting that the "official" NFC may sometimes get confused with other short-range RFID solutions.

Anyway, all that is outside the point of this post, except as context. And irony, given what happened next:

In short, my phone spontaneously turned into a brick. One minute I was taking a photo at an interesting event last night, then switched it off. And it stayed off. Completely black - nothing happened holding the power button, the home button, nor trying the usual trick of physically hitting it against the table. [It was on about 85% battery]

This was at about 8pm, just before the start of the dinner & event I was attending.

Eventually when I got home, attached to my PC, looked up on the (PC!) web for help & support, and eventually reincarnated it by holding all the buttons down together for about 20 seconds.

I was very, very glad that it hadn't contained my wallet, my house-keys, or my Oyster London travelcard. Maybe an NFC chip might have worked with the phone dead. Maybe not. But would I have felt like taking a chance, and staying out until 11.30pm & having a really enjoyable evening, knowing I might need to call a locksmith when I got home? Or if I'd get home, if the tube ticket barriers rejected my defunct psuedo-Oyster?

Instead, I was just mildly grumpy I'd have to reorder another phone and I'd lost a few weeks' of photos, phone numbers and other stuff, since I'd last backed up.

[Sidenote: would I pay for a network backup service even after this experience? No, probably not. But I am glad I've got the phone from an operator, on a subsidy, with a warranty, who I could have harassed for a replacement. And I will be syncing it with my PC more often]

Yes, I know that NFC is supposed to work when the battery is dead. But in this case the kicker was that it wasn't dead.... there was *something* going on in the phone, as when I breathed life back into it, it had dropped to 32% battery, and still felt slightly warm 5 minutes after I'd taken it out of my pocket. Will NFC work when the OS is stuck in a loop or some other software / firmware Hades?

Will any phone company want to take the risk that crashed phones render m-wallets and m-keys useless? What's the support cost of that? Could I have charged the locksmith to my telco, if I'd bought its phone-lock service? Or will they try and bill you extra for insurance?

The bottom line: I'm very glad that my phone isn't a "single point of failure for my life". Ironic that I had a wake-up call just after a discussion about NFC.

Tuesday, November 16, 2010

Three new white papers on Mobile Broadband Traffic Management

A very quick heads-up, as I'm at the Informa Broadband Traffic Management conference today & for Weds and Thurs. Very busy here - about 250 people or so.

I've just published a series of three white papers on next-gen "holistic" traffic management, along with an introductory paper. These look beyond the simplistic early approaches to DPI, policy, optimisation and offload, many of which have been arbitrary and often user-unfriendly.

The papers have been kindly sponsored by the folks at Continuous Computing, who have given me a completely free rein to write about topics that are interesting, and which hopefully push forward the industry thinking about how better to control & monetise mobile data.

[EDIT - for downloads, please see the links embedded in this page]

In a nutshell, my belief is that any future implementations of mobile broadband traffic management will need to be:

  • Device-aware: not just what brand and model, but over time much more granular detail about OS version, firmware, connection managers, security, power management and the ability to communicate about network status and policy with the user. Increasingly, network vendors and operators will need to link network infrastructure boxes to on-device clients. This also ties in with application awareness - particularly around dealing with mashups, VPNs and so forth.
  • Bearer-aware: the policy infrastructure will need to be much more informed about the status of the radio connections(s) - what technology, femto vs. macro cells, whether Wifi is available and suitable, what is happening with signalling load, whether congestion is actually occurring at a given time/cell and so on.
  • Offload-aware: whether data is being (or should be) routed via WiFi, femtocells, RAN offload and so on - and whether this should be managed or unmanaged. There are many variables here, and many use cases, such as the ability to use multiple networks simultaneously, "selective offload" (SIPTO / LIPA) and so on.
Many regulators seem to be moving towards policies on traffic management & Net Neutrality along the lines of "minimum necessary" or "reasonable" control of traffic by operators. This means that any policy enforcement will need to be proportionate and context-specific. Arguably, there is no justification for unnecessary throttling or compression at quiet times / cells, unless you live on a Pacific island and IP transit is expensive. There is certainly not likely to be justification for much arbitrary discrimination between websites or applications, especially if this is not done with full transparency.

Each of these issues is covered in a separate white paper, plus there is an overview introduction.

[For downloads, please see the links embedded in this page]

This is an area I cover in a lot of depth. If you are interested in an internal workshop, advisory consulting project, or need an external speaker for an event, please get in touch at information AT disruptive-analysis DOT com

Saturday, November 13, 2010

Part of Nokia's problem - making Ovi compelling

I've got a Nokia Ovi account somewhere. Signed up for it ages ago, to play around with the Ovi Store when I had an N97 to play with, back when the store was a real exercise in frustration. Since then, my only interaction with it has been spam SMS (with no STOP opt-out) exhorting me to try other features, when I've put that SIM card into other phones.

In other words, I've not exactly had a compelling experience, and the SMS spam is a complete and utter red flag for any business. (I've stopped using Virgin Airlines whenever possible because of text spam - losing them maybe £50-100k lifetime value)

I don't know anyone who uses Ovi either, among friends or family. I never see @ovi.com email addresses, and none of my acquaintances has ever mentioned it, linked to its site from Facebook, or otherwise brought it to my attention.

Compare that to the number of times I have heard the words "Gmail", "iTunes" or "BBM".

Now, certainly agree that a lot of people buy smartphones for their standalone capabilities (eg a good voice phone, great camera, browser and so on). Certain people buy phones for apps - although I'm unconvinced that's as important as many seem to think.

But a lot of people get swayed in their decisions because of something server-side or cloud-related. Historically, BlackBerry grew because it was the best way to hook into Microsoft Exchange for businesses.

Now, we see other hooks:

  • If you've got a lot of music on iTunes, you'll want an iPhone
  • If you've got a lot of friends on BBM, you'll want a BlackBerry
  • If you're a heavy user of Gmail & other properties, you'll increasingly want an Android, although it's not quite there yet, as obviously you can get G-services on other phones too.
Nokia doesn't have a story here, certainly in the developed world, and I have seen little evidence of imminent viral explosion. Palm never had a server-side lock-in either

In fact, it wouldn't surprise me if Microsoft was the next one to make the connection work, perhaps to Xbox or Kinect, as well as its corporate services and Azure cloud.

Maybe Nokia should swallow a bitter pill, and for developed markets drop Ovi services entirely and act as an ODM partner (or dual-brand supplier) to Facebook?

Thursday, November 11, 2010

Will there be legal pitfalls of policy management?

It's a common enough theme that you should never post anything on a social network or web forum, that you couldn't deal with being openly available. We all know that security breaks down, APIs are opened up, privacy rules change.

But do people take that seriously enough in the offline world? Increasingly, secrets and dubious behaviour get revealed. The UK government suffered a huge scandal over the leaking of questionable MP's expenses claims last year. It resulted in resignations, arrests and helped to put the last administration out of power. A number of parliamentarians are now facing criminal charges.

Various other examples abound of businesses wilfully hiding the true facts behind their actions, mis-selling products or actually committing fraud. The true facts might come out years later, but authorities are often prepared to find the executives responsible. US companies' chiefs are bound by Sarbanes-Oxley rules as well.

So the question I have is whether all those tasked with implementing network policies really think through the ramifications of their actions? Are all decisions cross-checked with what has actually been sold to customers, or how it was marketed? Yes, there are often woolly clauses in contracts about operators being able to do necessary management... but would these stand up in court, if some actions appear to go beyond what is strictly "necessary"?

And at what point do any "secret" policies (eg degrading a competitor's services or applications) step over the line to being anti-competitive or fraudulent? Forget about simple abuse of Net Neutrality laws, which can obviously be debated & appealed until we're blue in the face. This is about actually lying to customers: hard-and-fast concerns in terms of consumer protection, for which the law tends to have big & pointy teeth.

I'm not a lawyer, so I don't really have a clear view. But then neither are many of the people actually *implementing* the business rules and policies at a network level.

I've never met anyone with a business card title of "Network policy manager", who understands everything from the operations of the network, to the customer's viewpoint, to the nitty-gritty of sales and marketing, to various angles of regulation, to competition and contract law.

If telcos or their vendors think they can "get away with" dubious policies that are not made transparent, they may get a nasty surprise some time in the future. Sooner or later policies will get leaked, or reverse engineered. Normal ups & downs of network performance will look like "white noise". Any unnatural patterns (by user, by app, by location, by time, by device, by OS etc) will stand out a mile, correlated with the right software and enough processing clout. Then someone will do a compare & contrast with the details of what they've been sold - and if there are material differences, trouble is likely.

Bottom line: don't enforce any network policies you wouldn't like to see published on the web tomorrow.

Tuesday, November 09, 2010

Mobile operators have lost their chance at owning the social graph

I'm at the Telco 2.0 event in London today. We just saw the results of a live survey of the delegates on a range of questions, asking whether telcos were "in control" of particular areas of the industry - and if so, whether that control was a solid grip, or ephemeral and likely to be weakened over the next few years.

One question stuck out to me - whether telcos still "own" the user's addressbook and process of initiation of personal communications. The consensus in the room was that operators still have a couple of years' window, before they risk losing control of the much-discussed "social graph". (I actually hate the term, but agree with the general idea that it's valuable to understand an individual's affiliations and personal universe).

By coincidence, I happened to read this article about youths' behaviours on Facebook this morning. This paragraph leapt out to me:

I asked Shamika why she bothered with Facebook in the first place, given that she sent over 1200 text messages a day. Once again, she looked at me incredulously, pointing out that there’s no way that she’d give just anyone her cell phone number. Texting was for close friends that respected her while Facebook was necessary to be a part of her school social life. And besides, she liked being able to touch base with people from her former schools or reach out to someone from school that she didn’t know well.

This actually tallies with my own use of social networks - I've only got a small fraction of my Facebook and LinkedIn affiliations in my mobile phone's addressbook. And I wouldn't want the others included - especially those affiliations which are not people (events, groups, fan pages, things I "like" and so on).

Even if I had some telco-based cloud addressbook, it would only reach a fraction of my personal or business universe. An increasing percentage of my communications are conducted "off-phonebook", especially on Facebook or Skype, but also via Twitter and various email accounts. As I've written before, I have no need for some sort of converged addressbook, especially one controlled by a gatekeeper who wants to charge me for the privilege, and use its bottleneck position to stop me churning when I want in future. The notion that this is somehow going to be solved by clunky centralised solutions like IMS and RCS is an exercise somewhere between self-delusion and wishful thinking.

I notice that Telco 2.0 has also published this post on the role of operators in understanding and monetising personal information. My view is that they have three uphill challenges:
  • The growing fraction of personal communications & data that it invisible to the operators
  • The general happiness of end-users with fragmentation of their contacts / affiliations and communication channels. The "convergence layer" is in the brain, not the phone or the network. As increasingly multi-tasking capable users, this is not a problem to many of us.
  • The poor structuring and accessibility of the data that they *do* possess, spread across multiple databases and repositories.
Some of the "old school mobile" pundits are still clinging to the idea that mobile operators "know everything" about you. Nothing could be further from the truth, especially as growing numbers of people have multiple (unlinked) accounts, devices and SIMs from a range of operators.

If the semi-mythical "social graph" does turn out to exist, it's more likely to be Facebook, Google or Apple that owns it, at least in the developed and Internet/smartphone-centric world.

Saturday, November 06, 2010

What impact will security worries have on WiFi offload?

I'm not normally too paranoid about WiFi security - although to be honest, I probably should be, given the amount of time I spend in weird countries using public hotspots, as well as an hour or two a day working cafes in London. I take what I feel are sensible precautions, but I'm still aware that I could probably be more careful.

But what has scared me recently has been the fuss around FireSheep. To the uninitated, I suggest a quick read-up on it. Basically it allows the easy hacking of someone's web access, especially when using popular websites like Facebook, when using ordinary HTTP rather than the encrypted HTTPS option. Specifically, FireSheep enables people to snoop on their neighbours' access to various web services when using shared, open WiFi networks.

This post is not about the controversy, or the various software countermeasures to force more traffic to secure access paths, or squash the capability of the hacking tool to operate effectively.

I'm more thinking about what this does to mobile operators' 3G data offload strategies - specifically using public WiFi hotspots. There are various implications:
  • Legal folks at telcos probably want to have a good think about liability issues if their software forces (or automates) WiFi access, without at least warning users about the risks.
  • There is an opportunity for operators to differentiate and add value by putting VPN or other capabilities in their connection manager clients, or custom browser variants.
  • Some end-users are going to switch off WiFi or be hesitant about using it, and just stay on 3G
  • Public / hotspot femtos are going to start looking more attractive
  • UMA-style WiFi, or I-WLAN, which hooks back to the operator's core network via an IPsec tunnel, is going to look more attractive again
  • More WiFi APs in public hotspots will probably shift to WEP/WPA encryption, making logon and authentication more of a pain (expect more support calls from confused customers)
Overall, I think these issues have not yet filtered through to the telecoms community as quickly as might be expected. A quick Google search doesn't show much for firesheep+offload.

This is too important to overlook, I think.