Security – A Teachable Moment?

The recent headlines about the NSA capturing data related to phone calls brings up a familiar topic – security. I’ve been managing a session border controller product for the past year and I’ve often been asked if the product supports security. This can be a frustrating question for a product manager, since security is a blanket term that can cover so many areas and this kind of naive question means that the discussion needs to start at a pretty basic level. However, the question can be turned around. One logical response is to ask what kind of security the person wants to know about. An even better response is to get back to basics and ask what are they — typically a customer — trying to protect. In other words, what are the threats?

In the world of international telecom standards, the definition of security starts with the analysis of threats. The National Standards Institute (NIST) wrote a fine paper on security for Voice over IP networks which can be found here. The authors analyzed potential threats to such networks and then proposed solutions. This is preferable to the approach that is often taken of prescribing a security solution before understanding what the goals of the security solution are.

Returning to the topic of the NSA, the President offered a response to critics saying that NSA was not recording phone calls, as if that was the only issue in play here. But if we look at this from a threats perspective, if you are an individual subscriber of phone services, you might want assurances from the service provider of privacy protecting both the content of your communications and the records of who you are talking to. We’ve all seen television shows where the police get a warrant to dump the cell phone records of a potential suspect and just by analyzing the call patterns, are able to figure out who they were calling, when and for how long. This kind of information is often called “traffic analysis” and it can be very revealing. If your company is discussing a merger deal with another company, getting access to these kinds of phone records might reveal the potential merger participants in advance of any public announcement. So is there an incentive for businesses and individuals to protect against people who want to do traffic analysis on their voice (or other) communications? You bet.

I’ve been hearing that argument that if people participate on Facebook and Twitter their public activities are an open book for anybody with Internet access. Sure, that’s true to an extent, though there are battles going on between Facebook and their members about where the privacy lines get drawn. However, I think most phone subscribers, be they individuals or businesses, expect that their private communications will remain so.

On the technical side, this story boils down to a question of where to draw the lines between security and privacy. If this story and the resulting publicity causes individuals and businesses to consider what information they’d like to remain private and which data is considered “fair use” by the government and under what guidelines, then maybe we can have a useful public debate on these matters and not “leave it to the experts.”

Advertisements

Communications Advisor: Starting Up

I’ve decided to begin a new blog to talk about trends in communications technology.  During the nineties, my company Human Communications offered innovative advice, consulting services, a newsletter and training to a broad roster of clients around the world.  I also wrote, edited and managed communication standards in several standards groups including the Internet Engineering Task Force, the International Telecommunications Union and participated in a variety of other industry consortia exploring related matters.  I’m still active in the IETF in areas such as SIP and WebRTC, and my background in fax technology still comes into play sometimes when I attend industry conferences such as the recent SIPNOC. 

As I transition out of my current role as a director of product management for Dialogic, I’m exploring a wide variety of possibilities for what’s next, but I retain my interest in the future of communications technology. 

I’ve also recently gotten excited about the innovations in social media as it applies to marketing.  Back when I attended graduate school at Rensselaer, the management engineering curriculum had a very analytical slant.  I loved digging into statistics and putting together computer simulations using queuing theory, but my first corporate job was mostly about applying computers for business applications and all of the fancy math stuff I’d been learning in school didn’t really come into play.  

Fast forward to the world of marketing today and the analytical approaches I learned back in school are an important part of the trend known as inbound marketing.  

I’m not sure what the future will bring, but I’m confident that communication technologies will continue to evolve and new applications will surprise us all.  In a similar manner, social media is rapidly infusing the business world and opening up new ways to communicate with customers.  My goal will be to talk about these trends and cite the work of others who are leading the charge.  

I will also continue to write posts to my other blog — Writer’s Notebook — but my focus there will be on my throughts and experiences about writing, travel and the use of personal technology.   

The opinions expressed here will be my own, unless I’m citing the work of others.   

That’s all for now. I look forward to hearing your feedback and comments as the blog evolves.