The purpose of this CXTech Week 7 2024 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech?  The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.

You can sign up here to receive the CXTech News and Analysis by email or by my Substack. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.

Covered this week:

• 6G, Emergency Services, and Following in Fixed’s Footsteps
• Podcast 35: Truth in Telecoms, Good Grief Charlie Brown
• TADHack Open 2024 Resources
• Podcast 34: TADSummit Innovators, Pieter Luitjens, PrivateAI
• Trust in SMS?
• FCC Must Increase Accountability in Fight to End SIM Swap and Port-Out Fraud
• CPaaS is here to stay. Understand its full potential
• Malicious ‘SNS Sender’ Script Abuses AWS for Bulk Smishing Attacks
• A South Korean Chatbot Shows Just How Sloppy Tech Companies Can Be With User Data
• People, Gossip, and Frivolous Stuff

6G, Emergency Services, and Following in Fixed’s Footsteps

Will 6G be the point where the mobile industry looks over its shoulder to the fixed industry and sees its future? That is, offer a reliable broadband network, and let others focus on the services, with emergency services remaining a question mark.

Fixed has always led the way for the past 50 years:

• 1G made the proven analog fixed voice service mobile.
• 2G upgraded to digital voice of fixed.
• 3G delivered PSTN modem rate internet access, and by the time of HSDPA early DSL internet access.
• 4G delivered fixed broadband internet access of DSL, VDSL, and FTTH (2007 I had FTTH and been on the same plan since, 17 years).
• 5G repeated the 1 Gbps internet access option of fixed broadband and found 100-200 Mbps is good enough for most customers, 17 years in my case.
• So where are fixed networks now? Running fiber everywhere (coverage) and closing down the copper. So what about emergency services over 6G? Not heard a peep on that one.

Do fixed and mobile have a musical chairs battle on who gets left holding that emergency services? Most homes use mobile for emergency services as they’ve cut the PSTN cord. Looks like 6G should be worrying about that one. For 50 years mobile has followed in the footsteps of fixed, the question is does that continue for the next decade?

Podcast 35: Truth in Telecoms, Good Grief Charlie Brown

This week provided direct objective evidence that CPaaS is no longer the acronym to use with Wall Street. Twilio’s results exceeded most analysts’ expectations, but the outlook and Segment review sent the stock in decline, see below. Sinch who produced good results maintaining gross margin at 33.5% and revenue growth. Initially went up, and then down. Likely influenced by the leader in the category’s decline, Twilio.

Segment was expensive at $3.2B, but customer data platforms have become central to delivering accurate analytics, personalized customer experiences, and in training LLMs (Large Language Models) with accurate data, though as we learned in Podcast 34 with Pieter Luitjens of PrivateAI protecting PII (Personal Identifiable Information) is critical. The problem was the time to educate Twilio’s customers on the value of Segment and to build the business. At $290M in annual revenue Segment is a small part of Twilio’s business, so the review shouldn’t be that significant.

The decline was met with resistance as funds bought in while others sold, Anson bought in with $31M, Blackrock also bought in. Some funds see this as a buying opportunity.

In examining the results in a little more detail, after removing stock and intangibles expense, Twilio spent about $758M in real cash on marketing. But on what? There are no stadiums or Superbowl ads. Most of the Twilio advertising I see is online, and they’ve pulled back on that from my perspective. What is covered in this figure?

One interesting tidbit in their financial. There is a steady increase in “prepaid and other current assets” from $81M in 2020, to $186M in 2021, to $282M in 2022, to $329M in 2023. All of that (one third of a billion) needs to go into the P&L somewhere in the next 12 months. Twilio has no manufacturing or inventory. Even a massive Directors and Officers (D&O) insurance policy wouldn’t be that expensive!

This was giving Johnny flashbacks to Worldcom. Capitalize everything and bury it for later. Johnny asked some of the Wall Street experts to look into those figures and work out what the real gross margin could be.

Twilio is not going anywhere; and Microsoft, Amazon and Google can easily integrate Twilio’s dev community. So there still may be a surprise M&A, though I think unlikely it’s been such a surreal start to the year anything is possible.

We continue to be restricted on YouTube, it’s been 2 weeks of back and forth with no resolution on what’s going on.

We reviewed the amazing run of podcasts we’ve had over the past couple of weeks, heralding the future of programmable communications and showing robo-calling and SPAM SMS can be stopped using SSI (Self Sovereign Identity).

TADHack Open 2024 Resources

Please register for TADHack Open, thanks. The TADHack Open 2024 resources are nearly there, check out STROLID‘s and SignalWire‘s. I’m really excited for what STROLID and SignalWire have put together. Whether you’re a hardcore programmer, a cut-and-paster like me, or have no programming skills there’s something for you.

STROLID vCon Resources

STROLID’s resources are almost there, here’s a great video with Thomas Howe, the vConfather  STROLID set challenges and have resources for you to play with:

• Best Redaction: Take the series of vCons we give you, and remove all the personal identifiable information (PII). Extra points for delivering it in the form of a conserver link. 
• Best Detection: Take the series of vCons we give you, and list all the personal identifiable information. Extra points for delivering it in the form of a conserver link. 

Here’s a hint to make your entry really competitive, we did an interview with the co-founder and CTO of PrivateAI, Pieter Luitjens, a data redaction company and in there he talks about quasi-PII, see time code 13:30. I know I’m making Thomas’s judging job even harder. But redaction and AI training have become critically important. This is important for your business in remaining compliant with privacy regulations and helps you develop highly marketable AI skills.

SignalWire AI Agent Resources

SignalWire’s resources will be ready soon, I’m impressed with what they’re putting together. As soon as they’re ready I’ll let you know. SignalWire would like developers to focus on building an AI agent, think digital employee. Here are their resources and here are a couple of excellent examples: Bobby’s table and FlosFlowers. FlosFlowers is a low-code / no-code implementation so its really easy to get started and build from there. The resources link is being updated over the coming weeks so keep an eye out for lots more helpful guides and walk-throughs.

Enterprise Connect Attendees and Cloud Communications Alliance Members should also take part

And as we covered on Technology Reseller News podcast, TADHack Open is a chance for anyone attending Enterprise Connect or members of the Cloud Communication Alliance to submit a showcase (video with an idea on how you can use the sponsors’ technologies) and given how easy STROLID and SignalWire have made using their platforms, have a go at a hack, not just share an idea, make it real!

Podcast 34: TADSummit Innovators, Pieter Luitjens, PrivateAI

Pieter Luitjens, is the co-Founder and CTO at Private AI. He took part in the TADSummit panel session, AI and Video applications, here’s the Video of the panel.

As I got to understand PrivateAI I realized the importance of what they do, all the conversations recorded across programmable communications are now fed into LLMs (Large Language Models), identification of PII (Personal Identifiable Information) and its redaction are critical. And critically are generally NOT being performed.

On April 28th 2021, the South Korean Personal Information Protection Commission (PIPC) imposed sanctions and a fine of KRW 103.3 million (USD 92,900) on ScatterLab, Inc., developer of the chatbot “Iruda,” for eight violations of the Personal Information Protection Act (PIPA). 

PIPC’s investigation found that ScatterLab used KakaoTalk, a popular South Korean messaging app, messages collected by its apps “Text At” and “Science of Love” between February 2020 to January 2021 to develop and operate its AI chatbot “Iruda.” 

Data exposed included 1,431 KakaoTalk messages revealing 22 names (excluding last names), 34 locations (excluding districts and neighborhoods), gender, and relationships (friends or romantic partners) of users. There have been many other embarrassing cases, there’s lots of advice on what NOT to share with ChatGPT.

PrivateAI provides a solution enterprises can self-host to identify and then redact customer PII, not just for LLM training, but also across all data within the company’s data lake. PII includes the obvious data such as name, address, account numbers but also preferences, hobbies, location data, known as quasi PII.

Private AI then fills the redacted data with dummy data, so the data is good for the LLM, yet preserves privacy. They cover 50 languages across text, PDFs, images, and audio. ASR (Automatic Speech Recognition) companies extensively use their services. Competitors include AWS Comprehend, Microsoft Presidio, and Google DLP.

Being on-premise is important to many businesses, especially in Healthcare, Insurance and Finance. Keeping customer data away from the cloud matters. Across programmable communications, e.g. UCaaS, CCaaS, collaboration, voice, messaging, video, wherever communications is recorded and then fed into a LLM, redaction is critical.

We then discussed the relationship between privacy preserving tools like PrivateAI and SSI (Self Sovereign ID). You can imagine a setting where permission is given to use your conversation data for training purposes but ONLY if PII is redacted. At TADHack Open in March, the challenge from STROLID (creator of vCon, the PDF for conversations) is focused on PII identification and redaction. This space is moving fast, and thanks to Pieter for opening our eyes to its importance.

Trust in SMS?

XConnect and MobileSquared interviewed 59 Communications Platform as a Service (CPaaS) providers and found they are losing trust in SMS, dropping by 24.9% between 2023 and 2025. As many companies that claim the outdated CPaaS acronym (see Robert Vis ‘CPaaS is done’ from Podcast 30 and Anthony Minessale ‘CPast’ from Podcast 32) are SMS aggregators it’s a little surprising their distrust is growing, and that they are so vocal in distrust for their core product.

To be profitable in A2P SMS requires all the tricks be used, SIM farms, grey routes, AIT, etc. Simply, if everyone in the A2P SMS business was white, profitability would be an issue. And to those that claim to be white, monitor all your traffic, you may not be generating, but you’re likely carrying it.

The real purpose of the survey was to push RCS as the solution. The report claimed trust in Rich Communication Services (RCS) is predicted to leap to 75.1% and to 41.7% in WhatsApp over the same period. The interviews were across SMS, WhatsApp, email, RCS, and voice.

I received my first RCS SPAM message this week. Google Messages SPAM folder filtered it. Given Google is running the RCS servers for many carriers, rather than decades of legacy software, I can see how trust can be greater. However, let’s see how quickly the necessary habits of SMS move over to RCS.

FCC Must Increase Accountability in Fight to End SIM Swap and Port-Out Fraud

The National Consumer Law Center (NCLC) and the Electronic Privacy Information Center (EPIC), along with Consumer Action, Consumer Federation of America, National Association of Consumer Advocates, National Consumers League, Public Knowledge, and U.S. Public Interest Research Group, filed reply comments yesterday with the Federal Communications Commission (FCC) calling for substantially stronger rules to protect cell phone users from SIM swap and port-out frauds.

These types of fraud occur when scammers who target data and personal information covertly swap a cell phone’s SIM card or port a phone number to a new carrier – actions they can carry out without ever gaining physical control of a consumer’s phone.

“The FCC must make clear that carriers, which are the only parties in these frauds with the means to protect consumers from losses, are liable in SIM swap and port-out fraud cases,” said Margot Saunders, senior attorney at the National Consumer Law Center. “The threat of individual, occasional enforcement actions from the Commission is not sufficient to compel carriers to protect consumers. Otherwise, these problems would not be so severe today.”

Yet again telcos are not held to account by the FCC.

CPaaS is here to stay. Understand its full potential

Robert Vis ‘CPaaS is done’ from Podcast 30 and Anthony Minessale ‘CPast’ from Podcast 32 clearly disagree with this statement. I’ve been pointing this out for several years.

The claim is omnichannel communications have become the standard. Robert Vis has a nice quote that omnichannel is the great white lie of the CPaaS industry, its disparate platforms.

The examples are all related to customer experience, CCaaS does customer experience management, the conversational AI (Cognigy, Yellow.ai) space does that across multiple channels including voice and messaging. UCaaS also offers CCaaS and APIs, RingCentral is an example. CX Management platforms (Sprinklr), etc. CPaaS is moving into a crowded space, with lots of adept competitors.

CPaaS when applied to customer experience has become a segment of programmable comms where the customer does not want or already has or has but its legacy / expensive UCaaS or CCaaS, and is looking for a solution to fill a workflow gap. It’s a segment defined by the customers’ situation, and is being squeeze on all sides, particularly from the conversational AI companies who use a wholesale aggregator and increasingly IP Messaging.

UCaaS, CCaaS, CPaaS, are all built on the same technology, telecom app server, FreeSWITCH is an example. CPaaS will remain a dumba$$ term as its marketing not technology, e.g. SMS aggregators trying to be more than an aggregator or companies pretending to be a mini-Twilio. Aggregators will continue to exist, but trust remains an issue, see above article, ‘Trust in SMS?’ A question is whether CPaaS will merge into the other XaaS? However, the core technology is the same, it’s really about those carrier relation deals.

Malicious ‘SNS Sender’ Script Abuses AWS for Bulk Smishing Attacks

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS).

The SMS phishing messages are designed to propagate malicious links that are designed to capture victims’ personally identifiable information (PII) and payment card details, SentinelOne said in a new report, attributing it to a threat actor named ARDUINO_DAS.

“The smishing scams often take the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery,” security researcher Alex Delamotte said.

SNS Sender is also the first tool observed in the wild that leverages AWS SNS to conduct SMS spamming attacks. SentinelOne said that it identified links between ARDUINO_DAS and more than 150 phishing kits offered for sale.

The malware requires a list of phishing links stored in a file named links.txt in its working directory, in addition to a list of AWS access keys, the phone numbers to target, the sender ID (aka display name), and the content of the message.

Phishing is getting ever more automated. The only defense is zero trust, see Paul Walsh’s commentary.

A South Korean Chatbot Shows Just How Sloppy Tech Companies Can Be With User Data

South Korean A.I. company ScatterLab launched Science of Love in 2016 and promoted it as a “scientific and data-driven” app that predicts the degree of affection in relationships. One of the most popular services of the app was using machine learning to determine whether someone likes you by analyzing messenger conversations from KakaoTalk, South Korea’s No. 1 messenger app, which about 90 percent of the population uses.

Users paid around $4.50 per analysis. Science of Love users would download their conversation logs using KakaoTalk’s backup function and submit them for analysis. Then, the app went through the messenger conversations and provided a report on whether the counterpart had romantic feelings toward the user based on statistics such as the average response time, the number of times each person texts first, and the kinds of phrases and emojis used.

On Dec. 23, 2020, ScatterLab introduced an A.I. chatbot service named Lee-Luda, promoting it to be trained on more than 10 billion conversation logs from Science of Love. The target audience of this chatbot service was teenagers and young adults. Designed as a 20-year-old female that wants to become a true friend to everyone, chatbot Lee-Luda quickly gained popularity and held conversations with more than 750,000 users in its first couple of weeks. The CEO stated that the company’s aim was to create “an A.I. chatbot that people prefer as a conversation partner over a person.”

It also soon became clear that the huge training dataset included personal and sensitive information. This revelation emerged when the chatbot began exposing people’s names, nicknames, and home addresses in its responses. The company admitted that its developers “failed to remove some personal information depending on the context,” but still claimed that the dataset used to train chatbot Lee-Luda “did not include names, phone numbers, addresses, and emails that could be used to verify an individual.” However, A.I. developers in South Korea rebutted the company’s statement, asserting that Lee-Luda could not have learned how to include such personal information in its responses unless they existed in the training dataset. A.I. researchers have also pointed out that it is possible to recover the training dataset from the AI chatbot. So, if personal information existed in the training dataset, it can be extracted by querying the chatbot.

Bottom line – if you’re using AI in your business, you’d better make sure the training data has all PII and quasi-PII removed. See Podcast 34: TADSummit Innovators, Pieter Luitjens, PrivateAI, to learn more.

People, Gossip, and Frivolous Stuff

Rizwan Jaffer is now Founder at 15768659 Canada Inc. I’ve known Rizwan since he was the with Aepona, 15 years ago.

Sassan Saedi is now VP of Marketing at Vave. We first met 10 years ago when he was with Nexmo.

You can sign up here to receive the CXTech News and Analysis by email or by my Substack.