CXTech Week 31 2024 News and Analysis

The purpose of this CXTech Week 31 2024 newsletter is to highlight, with commentary, some of the news stories in CXTech this week. What is CXTech?  The C stands for Connectivity, Communications, Collaboration, Conversation, Customer; X for Experience because that’s what matters; and Tech because the focus is enablers.

You can sign up here to receive the CXTech News and Analysis by email or by my Substack. Please forward this on if you think someone should join the list. And please let me know any CXTech news I should include.

Covered this week:

  • Truth in A2P SMS Part 1 and Part 2
  • Why TADSummit Matters More than Ever
  • TADSummit 2024 Agenda
  • RTC Security Newsletter, July 2024
  • Podcast 81: TADSummit Innovators, Surbhi Rathore, Symbl.ai, Unified Compliance
  • “Long, drawn-out, lawless litigation.” said Judge Colleen McMahon
  • ClueCon Weekly with Alan Quayle [Ep. 46]
  • People, Gossip, and Frivolous Stuff

Truth in A2P SMS Part 1 and Part 2

In this series we will expose the reality of what’s happening in A2P SMS. We’ll review how the current situation can and will be solved, through mitigations the industry must adopt.

This series is based on extensive research through 2024, it is not a complete exposé. However, the main mechanisms and mitigations are covered. My ‘agenda’ is to expose the truth of what is happening because industry bodies are covering up what is happening.

As an industry we shouldn’t be in this situation, where an individual has to expose the reality of what is happening. It’s like the nonsense on network APIs (Camara).

We need to invest wisely. Robocalling and spam SMS are destroying the PSTN, which customers are still paying for in their monthly subscription fees. We need to focus on what matters to the customers.

In the beginning (1992-2000)

The first SMS (Short Message/Messaging Service) was an A2P (Application to Person) message sent in 1992. A Merry Christmas message sent over the Vodafone GSM network in the United Kingdom by Neil Papworth from Sema Group using a personal computer to Richard Jarvis of Vodafone using an Orbitel 901 handset.

Through the ’90s SMS grew slowly for consumers, telcos were slow to interconnect SMS within a country, and prepaid accounts were blocked from using SMS because of billing risks, so kids could not yet use SMS. The reason, it was possible to change the SMSC (Short Message Service Center) settings on individual handsets to use the SMSCs of other operators. 

It wasn’t until 1999 / 2000 most operators were interconnected, and the restrictions on prepaid accounts started being lifted as the billing issues were resolved. Then person to person (P2P) SMS began its rapid rise, and with that growth in popularity, businesses started to use A2P SMS through modems, and banks of modems.

There were some trail blazers in business applications, in 1996 Simon Woodhead founded eSMS / SIMWOOD, the first global SMS gateway between the Internet and mobile phones, a proto-SMS-aggregator. There were a couple of earlier country / region specific gateways, however, eSMS was global.

The unique feature of eSMS was e-mail<>SMS so someone would have an @esms.com address with delivery to their ordinary mobile phone. They could also reply directly as SMS and eSMS would send the email. Simon reverse engineered what turned out to be RFC822 (Standard for ARPA Internet Text Messages), though he was not aware of its existence.

And a shout out to that kid’s acumen, RFC822 is actually the email RFC, despite the title. Simon had to extract the plain text from the SMS encoding. Easy for mail clients written by people who’d read the RFC, a bit harder for a kid with reams of paper on his parents floor 

In the early days of eSMS, their community email lists would share information on bugs, features requests, advice, etc. It was essential for supporting a global service. It was like the early days of the internet and the web.

More broadly, technologists from around the world interested in SMS shared ideas and even code on websites, even on how to use foreign SMSCs to transmit and receive SMS between carriers within a country without being charged. Whether they worked or not was another matter. Remember the bulletin board days of hours-long downloads for in the end a corrupted *.exe or *.mp3.

Some in the early SMS application businesses took advantage of this ‘wild west’ between the mid to late nineties. The matrices were constantly evolving as carriers closed routes and improved billing. Businesses would hold their breath as they received van-loads of itemized bills each month that came to zero charge. Soon the gaps were filled, and those businesses evolved. Some of the early SMS movers then focused on the explosion happening on the web. Just like with AI today, it was a crazy, fast moving time.

There were lots of financial alerting and ticker services to your desktop email. eSMS delivered those emails to the phone using SMS, e.g. stock alerts to traders. I knew one of eSMS’s customers who lived close by in Ipswich and worked in the City of London. Those mobile alerts on the train to/from the City of London were invaluable when the train was delayed. 

The business model was a subscription service between eSMS and the bank or its employees. Also the Blackberry device entered the scene in 1999, so email could be received directly on that device, and within the control of the IT department. Blackberry had a good run until 2011, when the iPhone and Android-based smartphones took over, and mobile email became mass market.

But hidden underneath the big headlines, those technologists sharing SMS tips and tricks via websites or email distribution lists were continuing to evolve and focusing on opportunities within the emerging category of A2P SMS. eSMS / Simwood went on to focus on wholesale voice and value added services.

Premium SMS (2000-2010)

Short messages were used to deliver premium rate content services. Content such as news alerts, financial information, ringtones, games, and adult content / services. Between 2006-2008 mobile content was already in decline.  See source https://www.slideshare.net/slideshow/procontentru-andrew-bud-mblox-mef-presentation-at-vas-v-conference-presentation/.

See slide below from MEF; Mobile Entertainment Forum, now called Mobile Ecosystem Forum, or as I refer to them as the Mushroom Ecology Farm as their chairman instructs members to ignore my work, hence keeping themselves in the dark and fed BS.

A large AIT (Artificially Inflated Traffic) generator is one of the MEF’s sponsors. When I published some commentary on one of the generator’s posts about AIT, I received several comments from MEF members frustrated at the audacity of the AIT generator’s AIT posts.

MEF knows what the AIT generator does, yet takes his money. Just like they know about Bill Peters’ treatment. Bill’s arbitration is still ongoing, he was fired in 2022, and I think arbitration is now delayed until 2025. Arbitration is supposed to be fast, in practice it is not. If you’re employed in the US, I recommend you remove the arbitration clause from your employment contract, it’s not in your favor. Learn much more here.

Anyway back to the premium SMS story.

In 1998, the first premium-rate media content delivered via SMS was the world’s first paid downloadable ringing tones, as commercially launched by Saunalahti (later called the Jippii portal and closed down in 2010). Saunalahti was founded in 1996 when three mid-sized internet access providers merged.

Initially, only Nokia branded phones could use the portal. By 2002 the ringtone business globally had exceeded $1 billion of service revenues, and nearly US$5 billion by 2008, before its terminal decline. 

The service fee carriers charged for the premium SMS could be as high as 80% of the content fee (including carrier portal placement as that’s how content was discovered back then), 50% was more common.

Such high fees compared poorly to credit and debit cards with fees of a few % of the purchase price. The content industry moved away from carrier billing, and the Apple and Android ecosystems built out the gift card infrastructure, in addition to credit/debit card payments, to achieve global mass market adoption.

Premium SMS Fraud and Mitigation

A factor that led to the decline of premium SMS was fraud:

  • Recurring monthly / biweekly subscription charges made, when the transaction was only a one-off purchase; and
  • Inflated charges, that is the price quoted was before all the carriers’ fees, so the final charge on the bill was much higher, almost twice.

The carriers ended up dealing with many frustrated customers, so they added processes requiring the content providers to include their customer service number. Unfortunately the chances of that number being answered was low. Carriers also added features like “Purchase Blocker” which is still available today from AT&T.

There also emerged mobile payment providers that ‘managed’ the mobile content payments for carriers. But instead migrated mobile customers away from mobile payments onto credit/debit cards. Carriers were being fleeced from all sides.

The reputable content industry moved away from premium SMS, the lack of control and sky high fees made it a mess, plus the Apple and Android ecosystems built out their gift card infrastructure. Today carrier billing exists in a few countries where personal banking infrastructure remains immature.

I mention the premium SMS experience as it highlights two important aspects of A2P SMS history:

  • A 30 year history in lack of coordination / control from the industry, hence bad actors could make a buck and move on once the problem became significant enough to warrant carrier action; and
  • Fees out of step with more widely used mechanisms, e.g credit / debit / gift cards.

This all led to premium SMS’s demise as a content channel.

We see today price rises and lack of control / coordination in A2P SMS. Is the premium SMS story about to be repeated? The Camara project (Network APIs) is certainly repeating the OneAPI story. This does seem to be a recurring theme in mobile telecoms.

I finish on a quote on why this review of A2P SMS history is important.

Those who cannot remember the past are condemned to repeat it.

George Santayana, philosopher

In Part 3 we’ll get into SIM Farms, AA.19 and AA.60/63 agreements. Here’s the link to Truth in A2P SMS, Part 1 of 5 in the series.

Why TADSummit Matters More than Ever

TADSummit is the thought-leadership event in programmable communications / telecoms for over one decade.

Over ten years ago I pointed out that Telecom API standards (OneAPI) made no sense, that the approach being taken by the telecom industry was going to be unsuccessful. I was one of a few voices pointing this out, many telecom executives told me I was wrong.

History showed I was correct, all the companies using open source, using simple APIs focused on developer needs, and being lean were successful. Perhaps overly successful given what’s happening in SMS recently, and we’ll cover those issues at TADSummit, as well as in a 5 part series focused on A2P SMS through August. See first 2 entries above.

The telecoms industry is here again with Camara, the shills and sycophants are producing dross reports and events. Ignoring the failures of the past, the learning from fixed broadband, and what developers are saying. I know this sounds crazy, why would an industry repeat the same mistakes?

Simply, Ericsson, Nokia, and their friends (shills and sycophants) want telcos to spend billions between 5G and 6G on the broken Camara vision. It doesn’t need to be this way, The core PSTN products of calling and messaging have become almost unusable because of spam SMS and robocalling. Telcos must take control, and correct the current situation, TADSummit will show how.

At TADSummit you’ll meet loads of innovators, you’ll see where programmable telecoms / communications is going. You’ll meet the innovators creating the future that is not yet widely distributed. No other event or organization is frankly showing the future, the challenges and opportunities, and critically how to get there.

The TADSummit audience includes CxOs from many of the programmable communication companies, open source leaders, and telcos. It’s a strategy, technology, and reality focused event with no BS. Check out the preview for TADSummit 2024 here https://alanquayle.com/2024/05/tadsummit-tadhack-global-2024/ (10 minute read). You’ll hear presentations and analysis other industry bodies do not expose.

Some parts of programmable communications are exploding, e.g conversation intelligence. Check out all the TADSummit Innovators. While other parts are struggling with SMS spam and robocalling plaguing customers to the point they reuse email instead of SMS for customer communications.

In North America some CSPs (Campaign Service Providers) and Brands feel they are under attack. Costs are up, operational complexity has exploded, and volumes are down. Carrier access in messaging is predominantly controlled through one entity. 2024 has been tough, what’s going to happen in 2025? Can a new foreign owned business even enter the US market for messaging? TADSummit is the ONLY place you’re going to have a full and frank discussion

Core themes are:

Here is the TADSummit agenda, we have lots of world-class presenters to add. We’re a diverse group across all programmable telecoms / communications. Our objective is by sharing the reality of what is happening, not the marketing BS, you can be successful.

TADSummit 2024 Agenda

TADSummit is the thought-leadership event in programmable communications / telecoms for over ten years.

The audience includes CxOs from many of the programmable communication companies, open source leaders, and telcos. It’s a strategy, technology, and reality focused event with no BS. Check out the preview for TADSummit 2024 here https://alanquayle.com/2024/05/tadsummit-tadhack-global-2024/ (10 minute read). You’ll hear presentations and analysis others do not expose.

Some parts of programmable communications are exploding, e.g conversation intelligence. Check out all the TADSummit Innovators. While other parts are struggling with SMS spam and robocalling plaguing customers to the point they reuse email instead of SMS.

In North America some CSPs (Campaign Service Providers) and Brands feel they are under attack. Costs are up, operational complexity has exploded, and volumes are down. Carrier access in messaging is predominantly controlled through one entity. 2024 has been tough, what’s going to happen in 2025? Can a new foreign owned business even enter the US market for messaging? TADSummit is the ONLY place you’re going to have a full and frank discussion

Core themes are:

Check out the TADSummit agenda.

RTC Security Newsletter, July 2024

Last week we did a TADSummit Podcast with Sandro of Enable Security, check it out.

Covered this week in the RTC Security newsletter:

  • Much news from Enable Security, including a TADSummit podcast, pentesting, and OWASP (Open Web Application Security Project) ASVS (Application Security Verification Standard)
  • WebRTC project vulnerabilities that were previously hidden
  • Hardware phone security research and exploitation
  • Low-latency VoIP Security Analytics and Anonymization challenges and Twilio troubles

OWASP (Open Web Application Security Project) ASVS (Application Security Verification Standard)

Recognizing the growing importance of WebRTC in modern web applications, Enable Security are adding relevant entries specific to WebRTC security. Their contributions are based on their extensive experience in penetration testing, security research, and bug bounties within the WebRTC security domain.

Some key areas of focus on include:

  • Robust signalling that withstands Denial of Service attacks
  • Handling media attacks
  • TURN server vulnerabilities
  • Best practices for implementing WebRTC securely

Twilio Authy API Vulnerabilities and Open AWS S3 Buckets

Recent news has highlighted incidents of information disclosure involving Twilio, as reported on Alan Quayle’s CXTech newsletter and blog. There were two main incidents:

  1. Twilio Authy API Vulnerability (CVE-2024-39891):
    • A vulnerability in Twilio’s Authy API was found, where an unauthenticated endpoint provided access to certain phone-number data. This issue affected Authy Android versions before 25.1.0 and Authy iOS versions before 26.1.0.
    • Exploited in the wild in June 2024, this vulnerability allowed attackers to send a stream of requests containing phone numbers and receive information about whether each phone number was registered with Authy.
    • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidence.
    • Twilio has addressed this issue and provided details in their Changelog.
  2. Open AWS S3 Bucket Incident:
    • Twilio notified customers about an incident where an AWS S3 bucket containing SMS-related data was publicly accessible. This bucket belonged to IdentifyMobile, a downstream carrier of Twilio’s backup carrier, iBasis.

Podcast 81: TADSummit Innovators, Surbhi Rathore, Symbl.ai, Unified Compliance

Surbhi Rathore is the founder / CEO of Symbl.ai, a 6 year old start-up focused on conversation AI. Surbhi and her team are TADSummit and TADHack regulars, with past presentations:

We’re excited that Surbhi will be joining us in 2024 to present on “Unified compliance for human and AI agents with Call Score.” This podcast is a preview of what will be presented in October.

Last week Symbl.ai announced new customized scoring features to their Call Score API, delivering unified compliance for human and AI agents. In this podcast Surbhi give a quick demo of part of the API, to whet everyone’s appetite for TADSummit.

AI agents are augmenting and in some cases replacing human agents, ensuring quality is key to achieving better customer experiences (CX). There have been multiple incidents of voice agents hallucinating while interacting with customers, thereby negatively impacting customer trust. Call Score provides the qualitative measured to monitor a hybrid workforce.

With ‘Custom Criteria’ & ‘Scorecards’, businesses can define evaluation criteria, build different scoring logic for their human & AI agents and directly integrate call scores into their CRM, BI tools or custom applications – all with a single API.

Surbhi ran through a demo of call score, focusing on a human agent’s Question Handling, Energy, and Confidence. Call Score produced a report, which can be evaluated against customer feedback for that specific call, so the qualitative analysis can also be quantified across the business’s customers over time.

These insights are examples of metadata that would be added to the vCon (Virtual Conversation) for a specific customer conversation. STROLID is a sponsor of TADSummit, and provides the vCon technology.

“Long, drawn-out, lawless litigation.” said Judge Colleen McMahon

I wanted to share an update on Bill Peters’ case and why you need to check your employment contract. If it has an arbitration clause, you may want to change that given Bill’s experience and Judge Colleen McMahon opinion.

Timeline

On dates so you understand the context of Judge Colleen McMahon judgment with respect to Bill Peters’ arbitration:

  • 1 Oct 2018. Bill signs an employment contract with Buc Mobile, this includes an arbitration clause in Delaware.
  • 16 Feb 2023. Bill files a demand for arbitration, after he was fired without cause. You can read more on that in Bill’s complaint filed last year (2023). A year went by with little progress. This backs up the Judge Colleen McMahon’s opinion of commercial arbitrations.
  • 22 Feb 2024. TCR has the arbiters file a subpoena for files allegedly in Johnny and my possession. There are no files in our possession about recorded conversations between carriers and TCR. Bill did not send us anything. As far as we know those recordings remain in the TCR. I did not know Bill during his employment at Buc Mobile / TCR. Johnny and I are non-parties to the employment arbitration, we should not be involved. This is an example of “lawless litigation” referred to by Judge Colleen McMahon.
  • 24 March. TCR petitioned the court to enforce the subpoena.
  • 30 May. Judge Colleen McMahon, and the lawyers meet to discuss the case. In that meeting the judge refers to commercial arbitrations as “long, drawn-out, lawless litigation”. She is a new eloquent hero of mine!
  • 24 June. Judge Colleen McMahon rejects TCR’s motion. 
  • Now Bill’s arbitration has been pushed out to 2025.

Juicy Quotes

There was a meeting on May 30th between the judge and lawyers. The text is available here. There are quite a few choice quotes in that document. Its a fun read.

The judge’s decision can be found here in summary, unless you have a subscription, and here in full, or search “Case 1:24-cv-02314-CM Document 44 Filed 06/24/24.” 

For me, Judge Colleen McMahon’s quote on arbitration is both important, powerful, and every employee of an American company should take note.

“I don’t approve of arbitration. I will tell you that right off the bat. I don’t approve of arbitration at all. And I particularly don’t approve of commercial arbitrations like this because they’re not really arbitrations, they’re litigations. Arbitration is something that’s supposed to happen snap, snap, snap, snap, quickly, to resolve disputes. That’s not what happens in commercial arbitration these days. It’s just long, drawn-out, lawless litigation.”

Judge Colleen McMahon

If you have arbitration as the method in your employment contract, I’d recommend you get that changed. Cite Bill Peters’ experience and Judge Colleen McMahon opinion as the reasons. Bill is a straight-up guy, if it can happen to him, it can happen to anyone. Check with your lawyer on what should be put in its place.

You can read in the documents the silliness over changing the location from Delaware to New York, and how ill-prepared the Littler lawyer was. I love this quote from the judge: 

“Never come to court without the papers the subject of the underlying motion you’re going to be arguing. It’s a really, really bad idea.”

Judge Colleen McMahon

What does this mean to you?

What happens next? I think Bill’s arbitration has been pushed out to 2025. As Judge Colleen McMahon stated, “Arbitration is something that’s supposed to happen snap, snap, snap, snap, quickly, to resolve disputes. That’s not what happens in commercial arbitration these days. It’s just long, drawn-out, lawless litigation.”

Note Tata Communications, Kaleyra, and TCR (The Campaign Registry) are the group paying for this lawless litigation. All three should be ashamed of themselves as I am a non-party to the employment arbitration, and did not known Bill when he was employed by Buc Mobile / TCR. Its frivolous litigation.

As a side note, Tata Communications, Kaleyra, and TCR (The Campaign Registry) must have spent millions with their lawyers on this. All that is at stake is Bill’s severance, 1 year’s salary. In my opinion, something else is being hidden by this lawfare, and Bill’s complaint filed last year may point to that.

Check your employment contract! Arbitration in not snap, snap, snap, snap.

ClueCon Weekly with Alan Quayle [Ep. 46]

Thank you Luca Pradovera for a fun #podcast.

We covered so much, TADSummit and TADHack remain critically important to programmable telecoms / communications. The no BS policy is critical. We show the future that is not yet widely distributed. We bring fresh blood into the industry.

Thank you to Strolid, Inc. (#vCon) and TSG Global, Inc. (#identity) for sponsoring. We will announce soon another sponsor.

The TADSummit agenda is packed: https://blog.tadsummit.com/2024/07/26/tadsummit-2024-agenda/

TADHack website is coming together and the resources should be available soon.

People, Gossip, and Frivolous Stuff

Patrice Crutel shared, I’ve been in the position of Senior Director 5G & Mission Critical Services Strategy for some time at Capgemini Invent, but I wanted to share this news with everyone. Patrice and I have known each other for many years.

Mario Bodemann is now Android Developer Advocate at Yubico. Mario was involved in TADHack over the years. Here is a hack from Mario from 2022 using the 5G APIs.

Paul Barowsky is now Americas Geo Lead, Industrial IoT at Cisco.

Arjun Roychowdhury is now Vice President, Card Technology at Capital One. I’ve known Arjun for over one decade, since his time at Hughes.

Kelemen Papp is now Partner at Alloy Technology Partners. I’ve known Kelemen for one decade, since his time at Rutberg.

Hantzley Tauckoor is now Head of Business Development – AppMod/Containers at Amazon Web Services (AWS). I’ve known Hantzley since his time with Cisco.

Howard Steen is now Co-Founder and Strategy Director at EMEA-HUB LIMITED.

Fahad AL-Qaramseh has a new role at Verint as a Director of Strategic partnerships in the Middle East market. I’ve known Fahad since his time at Unifonic

Raja Mansukhani is now Senior Vice President – Customer Success at Comviva. I’ve known Raja since his time at Boost Connect.

Satish Mohan is now Founder & CEO at Dhiway. I’ve known Satish for over one decade, through his time at Red Hat.

You can sign up here to receive the CXTech News and Analysis by email or by my Substack.

Leave a Reply

Your email address will not be published. Required fields are marked *