Menu

Skip to content
  • Home
  • Blog
  • About
  • Reports
  • Contact

Alan Quayle Business and Service Development

Insights on the telecom industry

CXTech Week 9 2023 News and Analysis

The purpose of this CXTech Week 9 2023 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech?  The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.

You can sign up here to receive the CXTech News and Analysis by email. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.

Covered this week:

  • Howard Watson, BT’s chief tech exec, is growing tired of the Gs
  • OneAPI 2.0, GSMA’s Open Gateway initiative
  • Fair Share: the definitive guide
  • ChatGPT Review
  • Meta unveils a new large language, LLaMA-13B reportedly outperforms ChatGPT-like tech despite being 10x smaller
  • RTC Security Newsletter: February
  • Paris IMSI-Catcher Mistaken for Bomb
  • Signal would ‘walk’ from UK if Online Safety Bill undermined encryption
  • Why all the Hype? Blame Marketing.
  • People, Gossip, and Frivolous Stuff

Howard Watson, BT’s chief tech exec, is growing tired of the Gs

Once a senior telecoms exec starts talking sense on technology, you know they’ll be retiring soon. I remember when now retired Hugh Bradlow (Telstra CTO) was pointing out some of the inadequacies in IMS.

For Howard, 6G will not be the massive investment of 5G, rather something more incremental, the same air interface with some millimeter wave hotspots. 5G needs to start generating a return before there’s a move to 6G.

And if being sensible on 5G/6G was not enough. On fair share, Howard pointed out operators could work together with games and video-streaming companies on storing content closer to customers (caching). Like they’ve been doing with Netflix and Akamai for almost a decade.

This is going to be a theme through this article, industry politics creating silly distractions from solving the hard problems – finding a role beyond internet access.

OneAPI 2.0, GSMA’s Open Gateway initiative

Here is another example of politics overriding common sense. To bolster their case for ‘fair-share’ telcos need to show they’re engaged with developers. Hence OneAPI 2.0, aka the GSMA’s Open Gateway Initiative. The GSMA really needs to cede any web stuff to an organization that understands the web, like W3C. TADHack is the largest global hackathon focused on programmable telecoms for over a decade. If they were really wanting to engage developers, you’d think they’d get involved with the largest community of telecom application developers?

Plus there’s a product sale linked to this. CAMARA is being used to justify telcos spending too much money on a NEF project (Network Exposure Function, think Parlay Gateway 2.0), plus all the marketing and travel expenses these projects seem to require. Hence many telcos will not adopt OGI, federation will only ever by partial. And the practical realities can not be solved through an API, see my discussion below on SIM swap.

Given all the many technical, operational and contractual differences between the telcos; the different regulatory regimes and compliance requirements. A business entity is required between the telco industry and developers. That’s why Syniverse, Sinch, Infobip, Telesign, Kaleyra, etc exist for over a decade. Imagine the scandal when a Chinese app developer using the GSMA’s OGI SIM swap API discovers members of the US Congress SIM swapping – you know the ones likely to be doing that 😉

OGI launches with eight universal network APIs: SIM Swap, QoD, Device Status (connected or roaming status), Number Verify, Edge Site Selection and Routing, Number Verification (SMS 2FA), Carrier Billing – Check Out, and Device Location (verify location). Additional APIs are set to be launched this year.

The APIs are defined, developed and published in CAMARA, the open-source project for developers to access network capabilities that is backed by the Linux Foundation in collaboration with the GSMA. “Working in CAMARA, APIs between telcos and developers can be delivered quickly, using developer-friendly tools and software code.”

Dean posted on this, see below, and I added some comments on the real-word issues.

Most of the CAMARA capabilities are not new. Location, phone ID / status, and 2FA are solved problems.

Taking SIM swap as a specific example. A company worried about SIM swap needs to worry about the phone number being ported-out or call-forwarded. Plus the identity / device could be connected via WiFi, not just the mobile network. Fraud detection and identity management is a complex problem, multiple data sources are required, potentially hundreds.

The time for a carrier to respond to a SIM swap request can be beyond what is reasonable API response time. Its a BOSS (Business and Operational Support) issue not an API issue. Hence why a multi network / database approach using WiFi / IP / IMEI (International Mobile Station Equipment Identity) data to red-flag (score) an interaction is critical. WiFi / IP / IMEI data can probably indicate fraud without the delayed SIM swap data.

Check out Telesign, https://www.telesign.com/products/phone-id, and Prove (who presented at TADSummit) https://blog.tadsummit.com/2023/01/11/telcos-and-programmable-communications/ (last presentation in article). There are many more providers, identity management and fraud detection is an old industry.

Telcos are already working with Telsign and Prove, the CAMARA API may be useful to them (I doubt it), but telcos sorting out the internal BOSS to be real-time would benefit the ecosystem more. Unless a telco buys Telesign or Prove, CAMARA is unlikely to offer a SIM swap solution that meets the needs of banks or big web brands. A CAMARA API does not come close to be relevant to a developer, see Sam Machin’s comments below for further endorsement. At the end of the article I have a piece on hype and the problem with technology marketing. The focus on an API, rather than the service, is an example of the problem caused by marketing.

Why not focus on something meaningful and beneficial to everyone like getting SNA (Silent Network Authentication) solved across all carriers? Do not know what SNA is? At TADSummit Special 21-23 March, Eric Nadalin of tru.ID will be talking about SNA, https://blog.tadsummit.com/2023/02/16/tadsummit-special/.

The GSMA’s OGI is yet another politically motivated distraction. There are lots of other opportunities telcos could address without repeating the mistakes of OneAPI.

After my comments in Dean Bubley’s post I received the usual mix of DMs. From the corporate mind-control police: “you were wrong on IMS, it happened, you’re wrong here.” Dunno why they think I said IMS would not happen, I predicted accurately the deployment timeline for IMS, yet I’m considered by some an IMS heretic for pointing out its inadequacies. It’s just a pity open source telecom app servers were not adopted like the rest of programmable communications.

Other DM’s were more perplexed: “but why would the GSMA repeat such an obvious mistake?” The answer is politics. It’s related to the silliness of “fair share.” Telcos need to be seen to be active with developers to lessen the claims of the web companies on Fair Share. So this is positioned as engaging developers. It will not, partners yes, but the value add there is small.

While we’re on industry politics, the energy debate is lip service only. If they meant to do something, 5G standardization was the time for action. Also moving the towers with their energy hungry RAN equipment off the books, along with some of their data centers to the cloud providers ensures on paper Telcos look good for energy consumption. However, it only takes a little bit of digging to work out the total energy consumption for a network, including all its subcontractors.

P.S. Sam Machin, Head of Developer Platform and Experience at Stacuity (thanks to a connection made at TADSummit 2022) added some excellent points to the discussion on the irrelevance of telco’s APIs for most developers.

The fundamental thing that all the various telco API initiatives have overlooked in the past is segmentation.

As an application developer I’m only interested in a solution that I can implement for either all my customers or an existing segment of my customers.

As far as I’m concerned which carrier they use is not a segment on my radar, Common segments are;
1) iOS / Android – Because I’m already likely maintaining 2 codebases and delivering the application via 2 different channels,
2) Country – Because of the nature of my product, billing, marketing & regulatory limits.

I’m not interested in creating further segmentation unless it delivers HUGE business value, unless you have 100% availability to one of those existing segments then stop wasting my time, that means ALL carriers in a given country.

Carriers (& Industry groups) totally overlook this, they have an outside-in view of the user-base where *their* customers are the only customers. And lets not even get started on how irrelevant the various carriers “global” footprints are outside of 18th century colonialism, they’re rarely even the same network, the only commonality is that they all use the same logo.

Sam Machin, Head of Developer Platform and Experience at Stacuity

Fair Share: the definitive guide

It’s a reasonably accessible summary on some of ‘fair share’ issues for the layperson. There are many more published works that go into much more detail on the telcos’ finances. Industry insiders will see this as biased. The quote from the document sums things up quite nicely.

It is interesting to see how the concept “you must co-finance my business without any legal basis” and “I don’t want my customers to pay a fair price for the product they purchase” has  degenerated into and been labeled with the euphemism “fair“.

I look at this very simply. The industry has spent hundreds of billions on 5G, for no significant new revenues, because 4G is good enough. Unlike 4G there are no new revenues on the horizon, e.g. mobile internet access. By 2025 things are going to get a little heated in telcos’ boardrooms as the institutional shareholders express their dissatisfaction with the situation, heads will start to roll and activist shareholders will take advantage of the situation. Hence the desperate search for new revenues one way or another.

We live in a world where there is no shame in politics, politicians make factually incorrect statements to justify their argument, and there’s no mea culpa anymore. Fair Share is industry politics.

ChatGPT Review

This MIT Review article explains the origins of ChatGPT, a timeline of its development, and its use in various applications. ChatGPT was trained on a massive dataset of text to understand and generate human-like language. The model has been used for chatbots, virtual assistants, and creative writing. The article discusses the challenges and ethical concerns associated with the use of language models like ChatGPT. Yes, I used ChatGPT to produce this summary, which I subsequently edited.

In my opinion DALL·E 2 is more impressive than ChatGPT. In CXTech Week 23 2022 I reviewed the Delft Blue Stormtroopers. It’s great for ideation. But the content is rarely ‘finished’. You still need a graphic designer / artist to bring it to fruition.

DALL·E 2 is a fun tool, I asked for “a Dutch man being dutch at the seaside.” The results were funny to a Brit, and of course the Dutch person I sent it too responded with “a British man being British in a speedo at the seaside.” Another friend was having their bathroom renovated, I asked for “a partially destroyed high-end bathroom with leaking faucets and missing tiles, photo realistic.” So when I asked how the renovation was going, I had a picture.

ChatGPT feels like an intern has done a web search on your question, and produced a ‘good enough’ summary with errors, sometimes significant errors as it lacks context to know what content is more accurate. I’ve seen people using it for many practical use cases. All of which a web search would reveal, and the great thing with a web search is you can differentiate between sources. I think part of the popularity is people like being told one definitive answer.

Take the origins of COVID as an example. It really does not matter if it was the live market or the lab leak, we’ll never know for sure. However, based on the collective peer reviewed scientific opinion, the live market is more likely, but that does not rule out a lab leak. This simple fact seems hard for people to accept, they want definitive answers. And that is why ChatGPT can be dangerous.

I’ve discussed how to use ChatGPT in CXTech Week 6 2023, What can GPT do for your business right now? Train it on your data only.

Meta unveils a new large language, LLaMA-13B reportedly outperforms ChatGPT-like tech despite being 10x smaller

This is one of those articles that initially attracted my interest, then on further reading left me disappointed:

  • It’s not open source (at least for commercial use); and
  • It can run on a pc but from what I understand it doesn’t provide ‘production’ like perf and I am not clear what you need to get those (inference time, latency, etc…)

RTC Security Newsletter: February

As always a great review of the latest in RTC Security from Sandro. Covering security reports involving FreePBX, FreeSWITCH, Chromium, BIG-IP and Oracle’s WebRTC session controller. And his highlights from FOSDEM, including:

Modernizing Authentication and Authorization in XMPP

This presentation by Matthew Wild covers XMPP authentication, starting with a great introduction to the topic in general. Then he describes the new authentication mechanism for XMPP called FAST, which stands for Fast Authentication Streamlining Tokens. This allows the use of things like WebAuthn, FIDO2 and Passkeys for authenticating to your XMPP account, bringing XMPP authentication up to date.

Watch the presentation: https://fosdem.org/2023/schedule/event/modern_xmpp_auth/

Secure payments over VoIP calls in the cloud

This is a talk by Nuno M Reis on how Talkdesk achieved PCI compliance with Open Source VoIP software – Kamailio and RTPEngine. He talked about how the proprietary solutions were difficult to work with, in contrast to using Open Source. This is an excellent presentation about designing and hardening a VoIP solution and limiting its security exposure. What I like about this is that, by choosing the right software and architecture, they seem to have obtained the level of control that was needed to certify their VoIP platform.

The last slide in this presentation was about the certification audit results which said pentests passed flawlessly; this of course made me smile. He did explain that while with the previous proprietary solution had various open issues (vulnerabilities), with the open-source solution this was no longer a problem.

This reflects our own personal experience where we were for some time testing the security of a proprietary VoiceXML solution that was meant to be PCI complaint. This had major security issues such as default passwords on administrative interfaces, and keeping such a system up to date with the latest security patches was described as a nightmare by the engineers!

One thing that I should mention is that PCI Penetration Testing is often extremely limited in scope and most security testers doing PCI pentesting are likely to simply look for vulnerabilities that are either detected by vulnerability scanners or web application security issues. Thus they are likely to miss VoIP-specific vulnerabilities through this approach.

Watch the presentation: https://fosdem.org/2023/schedule/event/secure_voip_payments/

Paris IMSI-Catcher Mistaken for Bomb

I’m not going to name names on who supplies these IMSI catchers, they’re positioned for security / defense use cases. In the Paris situation is was being used for a health insurance smishing scam.

On December 30 the French police executed a controlled explosion on a device found in the back of a car, believing it to be a bomb, they subsequently identified it was an IMSI-catcher.

In another IMSI-catcher incident, an investigation by the Paris judicial police and COMCyberGEND, the cybercrime division of the Gendarmerie that was founded just two years ago. This investigation led to the identification, arrest and indictment of five men aged between 22 and 31. Five men were indicted on Thursday February 16 in Île-de-France for fraud in an organized gang after sending large-scale fraudulent SMS, franceinfo learned on Saturday from a judicial source.

They are suspected of having sent more than 400,000 bogus SMS messages linking to a health insurance website, according to a source familiar with the matter. To steal the phone numbers, the suspects relied on technology usually used by intelligence services and the fight against organized crime.

Their car carried an “IMSI-catcher”. This surveillance device, contained in a small suitcase, is capable of intercepting mobile communications by taking the place of a neighboring relay antenna. Their “IMSI-catcher” thus stole mobile phone numbers, and potentially data belonging to neighboring motorists.

Signal would ‘walk’ from UK if Online Safety Bill undermined encryption

The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption.

If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation “would absolutely, 100% walk” Signal president Meredith Whittaker told the BBC.

Element (Matrix.org), a UK company whose customers include the Ministry of Defence, told the BBC the plan would cost it clients.

Matthew Hodgson chief executive of Element, a British secure communications company, said the threat of mandated scanning alone would cost him clients.

He argued that customers would assume any secure communication product that came out of the UK would “necessarily have to have backdoors in order to allow for illegal content to be scanned”.

It could also result in “a very surreal situation” where a government bill might undermine security guarantees given to customers at the MoD and other sensitive areas of government, he added.

Why all the Hype? Blame Marketing.

Tobias and I were having a discussion on Hype, is it inevitable? I decided to take an absolutist position of blame marketing and we need to rebuild technology marketing. Here are some great companies that do very little marketing – and I love some of these brands for that. I see many mistakes made by companies because they believed marketing, the mis-focus on APIs for the GSMA’s OGI, that adversely impacts their customers. Something needs to change in my opinion with respect to technology marketing.

People, Gossip, and Frivolous Stuff

Hugh Goldstein is available, previously with Sangoma, Subspace, Ecosmob / didXL, VoIP Innovations, Voxbone. And a great supporter of TADHack and TADSummit.

Mitch Lieberman is now Squad Leader at Fidelity Investments.

Francicso Camejo is now Chief Technology Officer (CTO) at FrigoSalto. Francisco was one of the winners at TADHack Uruguay.

Sam Kasimalla is now a Senior Solutions Engineer at JFrog.

Eric Priezkalns has added: Presenter, The Communications Risk Show at Risk & Assurance Group. You’ll see I reference quite a few of his articles on Commsrisk.

Oliver Schlögl is now Head of Sales bei Sipfront.

Edo Segal has left Amdocs.

Sven Grube is now Chief Revenue Officer (CRO) at NOUMENA DIGITAL AG.

Ilia Smolin is Senior Engagement Manager at Predica, a SoftwareOne company.

You can sign up here to receive the CXTech News and Analysis by email.

This entry was posted in CXTech News and tagged 5G, 6G, BIG-IP, BOSS, Business and Operational Support Systems, CAMARA, ChatGPT, Chromium, COMCyberGEND, CXTech Week 9 2023, DALL·E 2, dean bubley, Edo Segal, Element, eric nadalin, Eric Priezkalns, Fair Share, FIDO2, Francisco Camejo, FreePBX, freeswitch, GSMA, Howard Watson, Hugh Bradlow, Hugh Goldstein, hype, Ilia Smolin, IMS, IMSI catcher, Infobip, Kaleyra, LLaMA-13B, marketing, Matrix.org, Matthew Hodgson, Meta, Mitch Lieberman, Network Exposure Function, Nuno Reis, OGI, Oliver Schlögl, OneAPI 2.0, Open Gateway Initiative, Oracle’s WebRTC session controller, Parlay Gateway 2.0, Passkeys, Prove, RTCSec newsletter, rtpengine, Sam Kasimalla, sam machin, Sandro Gauci, signal, Silent Network Authentication, sim swap, Sinch, SNA, Stacuity, Sven Grube, syniverse, TADHack, TADSummit, TADSummit Special, Talkdesk, technology marketing, telesign, Tobias Goebel, tru.ID, UK, VoIP, W3C, WebAuthn, XMPP on March 2, 2023 by Alan Quayle.

Post navigation

← Programmable Communications and CPaaS are Different CXTech Week 10 2023 News and Analysis →

Recent Posts

  • The Great LATAM A2P SMS Robbery
  • CXTech Week 41 2024 News and Analysis
  • CXTech Week 40 2024 News and Analysis
  • CXTech Week 39 2024 News and Analysis
  • CXTech Week 38 2024 News and Analysis

Categories

  • Announcements
  • API
  • Bill Peters
  • BOSS
  • Broadband
  • Broadband Access
  • Cloud Computing / Virtualization
  • Conferences
  • Customer Experience
  • CXTech News
  • Data and Analytics
  • Devices
  • Enterprise Services
  • Fixed Mobile Convergence
  • Innovation
  • Interactive TV
  • IT
  • Location Based Services
  • Mobile Data
  • Mobile Industry General
  • Open Source
  • Policy Control
  • Programmable Communications
  • Rich Mobile Applications
  • Service Platforms
  • Startups to Watch
  • TADS
  • TADSummit Podcast
  • Uncategorized
  • Unified Communications
  • Web / Voice / Telco 2.0
  • WebRTC

Recent Comments

  • TADSummit and TADHack's Secret Sauce: Truth and Integrity. - Blog @ Telecom Application Developer Summit (TADS) on The Great LATAM A2P SMS Robbery
  • By The Numbers, The Honest CPaaS Review - Blog @ Telecom Application Developer Summit (TADS) on The Problem with some industry fora
  • By The Numbers, The Honest CPaaS Review - Blog @ Telecom Application Developer Summit (TADS) on “Long, drawn-out, lawless litigation.” said Judge Colleen McMahon
  • Alan Quayle on The Problem with some industry fora
  • Rianne on The Problem with some industry fora

Archives

  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • October 2018
  • September 2018
  • July 2018
  • June 2018
  • March 2018
  • February 2018
  • January 2018
  • November 2017
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007

Tags

  • Amazon
  • API
  • apidaze
  • Apple
  • AT&T
  • Avaya
  • BT
  • ccaas
  • Cisco
  • cPaaS
  • Ericsson
  • Facebook
  • Google
  • hSenid Mobile
  • Huawei
  • IMS
  • jambonz
  • Microsoft
  • Oracle
  • Radisys
  • RCS
  • Ringcentral
  • SDP
  • Simwood
  • Sinch
  • SMS
  • STROLID
  • syniverse
  • T-Mobile
  • TADHack
  • tadhack global
  • TADSummit
  • telesign
  • Telestax
  • telnyx
  • Tropo
  • Twilio
  • tyntec
  • UCaaS
  • Verizon
  • Vodafone
  • Vonage
  • WebRTC
  • Whatsapp
  • Zoom
Copyright © Alan Quayle, CEng, MBA, MEng, MIET, MIEE. All Rights Reserved.