Welcome to the March edition of E-News. In this issue we evaluate the prospects for Voice over Broadband and get up to date on the latest developments for fighting spam. Plus there’s our usual round-up of the latest news.

Voice over Broadband Goes Domestic

During the late 90s, IP telephony was widely regarded as little more than an interesting curiosity that allowed you to make long distance and international calls of variable quality over the Internet – often for free or at worst for the cost of a local call. Since then, the underlying technology has become a serious proposition for business systems where IP-based PBXs are now supplanting digital PBXs in the same way that digital previously supplanted analogue. In public voice networks too there are now huge savings to be made by combining voice and data onto one network and most telcos have now embarked on big change-outs.

The home environment, though, has been a tough challenge and has therefore lagged behind. Now this is beginning to change with Voice over Broadband (VoB) services becoming more widely offered. So, does VoB now represent a real threat to traditional telephony services?

Japan leading the charge

VoB implies the use of IP telephony technology to gain an extra telephone line (or possibly several lines) over a single domestic broadband connection. With the number of broadband connections to the home now growing rapidly across the world, it was only a matter of time before VoB came to centre stage as a new telephony offering.

Japan has shown an early lead in this. According to a recent report from Brunel University, one in four Japanese homes now have broadband connections compared with less than 10 percent of UK households. Furthermore, broadband connections there are typically 12Mbps as against only 512Kbps in the UK. Voice over IP has then been a major factor in the successful take-up of broadband in Japan, with the ability to make inexpensive or even free phone calls becoming something of a killer application that helps to pay for the overall connection cost. Other reports suggest that there are already over 5 million Internet telephony users in Asia.

The US is way behind these sorts of figures, with an estimated 150,000 Internet telephony users, but this is still comfortably ahead of the UK where such services are just getting going. In the UK there are several smaller players – such as Call UK, ET Phones, Mistral Internet and Telco Global – who collectively formed the Internet Telephony Service Provider Association (ITSPA) earlier this month, others like Skype, a London-based VOIP firm that recently raised new finance to develop its service, and BT.

Indeed BT has been quick to be in the front line of introducing such services in the UK, which begs the question of whether it sees such services as an opportunity or potential threat. Called Broadband Voice, BT’s service was launched last December and looks to be particularly aimed at the cable subscribers of NTL and Telewest, although it reportedly works just as well with an ADSL connection.

Getting connected

There are a number of different ways to install VoB in the home, depending on the type of broadband connection. In the UK, the typical method is to buy a box that plugs into an Ethernet router, modem or cable set-top box (depending on what is already there). A standard phone is then plugged into the box. Voice calls can then be sent via the Internet to a broadband voice switch that provides a bridge to the Public Telephone Network.

In BT’s case, the box costs in the region of £60. Users are charged £7.50 per month, plus 3p per minute for daytime landline calls. Evening and weekend calls are free for the first hour, then 1p per minute thereafter. This way, BT claims that users can save about £100 in the first year. The opportunity as far as BT is concerned is to gain a foothold in the cable companies’ installed base by offering an inexpensive second telephone line into the house that offers cheap calls. It will be interesting to see how this pans out.

Elsewhere in Europe, pan-European ISP Tiscali has also been active in this area. Last month it announced that it had partnered with NetCentrex to provide residential broadband telephony to its ADSL subscribers across Europe. This service should be up and running by the Autumn and clearly broadens Tiscali’s package of service offerings to include low cost telephony. Other ISPs offering ADSL are no doubt looking to do the same thing.

But is it a PATS?

This leads to the issue of regulation – and whether this should apply to VoB or not. In the UK, telecoms are regulated and in the past this meant obtaining a license from Oftel – now part of Ofcom. However, since the introduction of the Communications Act 2003 there is no need for a license.

There is a catch though. Anyone operating a telephone service has to meet 21 obligations of the Act which cover such things as Emergency services, lifeline support (for consumer services), itemized billing, directory enquiry services, facilities for people with disabilities and other administrative responsibilities. This includes VoB operators. Oftel’s position in the past has basically been that the technology used to transport the voice was not important, it was the voice services themselves that counted and this position has not substantially changed.

However, in the old switched environment everyone operated a Publicly Available Telephony System (PATS), with the ‘publicly available’ being the most important bit. This means that a home user should not lose the ability to make a phone call even if there is a power cut. Also, they should always be able to phone the emergency services - even if they have not paid their bills.

Also, when using a standard fixed telephone service for calling emergency services, the location of the user can be obtained easily from the phone number cross referenced to user name and address. This enables the call to be routed to a local emergency services base, and for the emergency services to know where the call originates from. These requirements may not practical for VoB, though.

Ofcom have taken the view that if VoB services are offered they should either be fully PATS compliant or they should be treated completely differently and should not be PATS compliant at all, with resilience to power cuts and emergency services specifically not being offered. Further, they need not then provide directory enquiry services, facilities for end-users with disabilities, itemized billing or operator assisted services. Their view is that VoB will actually be used as a second line and all the PATS services will in fact be provided over that primary line.

As part of this they have also proposed that all VoB services should be provided over a new number range beginning 056 rather than geographically based numbers (like 020 for London). The main reasons for this relate to difficulties of number allocation and the added complexities introduced to existing telephone systems that need to be programmed with all the different routes for numbers allocated geographically.

However, the newly formed ITSPA does not think much of these proposals, claiming that they could weaken the UK’s nascent voice over IP (VoIP) market and condemn it to be used only as a second line for ever. For example, allocating a non-geographic number such as 056 would make them hard to call from some foreign telecom networks, and even some UK networks. It also pretty much ensures that they could not be used for emergencies. On the other hand, of course, non-geographic numbering could provide advantages, with for example a user being able to move between London and Manchester and keep the same number.

Ofcom is currently conducting a consultation into how Internet telephony services should be offered and regulated, with recommendations later this year. In the meantime, it looks like VoB is here to stay and is likely to have an increasing impact on the fixed telephony market in future years.

Robin Duke-Woolley
e-principles
e-mail: robin@e-principles.com

Spam – Turning the Tide?

Despite a raft of anti-spam legislation in both the US and EU, the volume of spam clogging the Internet and users’ in-boxes continues to rise. E-mail security company Messagelabs reckons that last year the proportion of e-mail that was spam on the Internet rose from 9% in 2002 to 40% last year and will exceed 70% of all e-mail during 2004.

CAN-SPAM can’t can spam

Last year the US enacted the CAN-SPAM Act effectively making spam illegal, but this appears to have had little impact so far. It was only this month that lawsuits from AOL, Earthlink, Microsoft and Yahoo! were filed against six defendants accused of being the most prolific spammers in the US. Although these litigants are committed to removing the junk e-mailers “one spam kingpin at a time” it remains to be seen whether this high profile action has any effect on spam volumes in future.

So, other than continuing to rely on content filters, which are a blunt and rather uncertain instrument, is there any hope against the rising tide of spam? If the announcements made at the recent RSA Conference see the light of day, this may well be true. Spammers’ business models rely on a number of factors, including anonymity of the source of spam, the low marginal cost of sending e-mail (effectively zero), and the fact that a small number of people respond – enough to make a spam campaign worthwhile. While technology can’t change human behaviour, no matter how stupid, it can be applied to the first two factors.

Reveal your true identity

Anonymity has been the main focus to date. It’s very easy to send an e-mail purporting to be from someone else and spammers have been exploiting this ability to “spoof” e-mail addresses for years. Now the industry is proposing to do something about it. AOL, Microsoft and Yahoo! are all developing systems to authenticate the sources of e-mail and put an end to spoofing.

In his keynote address at the RSA Conference in February, Bill Gates described how Microsoft was working on a number of initiatives to eliminate spam, one of which was Caller ID for E-mail. This aims to help eliminate domain spoofing and improve the effectiveness of spam filters by verifying the domain that an e-mail comes from, in much the same way that caller ID in telephony displays the phone number of a caller. Caller ID for E-mail involves three steps to authenticate the sender of a message:-

• All e-mail senders publish the IP addresses of their e-mail servers in the Domain Name Systems (DNS) in a specified format which can be queried in the same way that domain names get resolved to IP addresses.
• E-mail systems receiving a message would query the header to determine the domain that purports to have sent the message.
• The recipient e-mail system would query the DNS for a list of outbound e-mail server IP addresses for the purported domain sending the message. These can be checked against the IP address on the message header. If they match, then the address is genuine and the e-mail can be accepted. If they don’t match then there is a high probability that the address has been spoofed and the message can be either rejected, or filtered into a spam folder.

Hotmail turns up the heat

Microsoft is implementing a pilot for Caller ID on its Hotmail service. It claims that it’s already publishing IP addresses for its outbound servers and will begin checking addresses for inbound e-mails in early in the summer. It’s also working with others in the industry to test the proposal including Amazon.com, and e-mail security specialists, Brightmail and Sendmail.

In January AOL began testing a system called Sender Policy Framework (SPF) which works in a similar way by checking that the IP address of the outbound e-mail server is authorised to send e-mail against that particular domain name. Unlike Caller ID, this system uses routing data associated with the e-mail header.

On the plus side, this is more efficient, since the recipient e-mail servers can reject a message before it gets into the system. On the downside however, SPF in its current form isn’t effective against “phishing” scams where users are duped into revealing sensitive information such as passwords and bank/credit card numbers. Microsoft’s approach offers some protection against this. Both systems won’t work with e-mail forwarding systems or the “send to a friend” features which enable Web pages to be forwarded on to friends and colleagues. Nevertheless, SPF has been submitted for review to the Internet Engineering Task Force (IETF), one of the main standards setting bodies, so we are likely to hear more about it in future.

PKI everywhere

Of the three methods backed by the Internet heavyweights, Yahoo! with its DomainKeys system is taking a slightly different approach to authentication. DomainKeys combines public-key cryptography with the DNS to ensure that e-mails are really from the domains listed in the sender field. Using this method, the sender and domain name owner uses their private key to generate a digital signature that’s added to the header of each message that goes out. The sender also places the corresponding public key on their server.

When the message is received, the recipient message server extracts the digital signature and details of the purported sending domain. It then fetches the public key from the domain name owner’s server and determines whether the signature was generated by the corresponding private key. If it does then the e-mail address is genuine, if not then it was probably spoofed. An advantage of this system is that it can also be used to check that the message content has not been altered and can be used with forwarding services as long as the forwarder doesn’t edit the message or add headers. However it is relatively complex to set up and will require additional resources built into mail servers to encrypt and decrypt signatures. There are some concerns too that this approach will be vulnerable to “signature theft”.

There are other similar initiatives based along similar lines. For example, Brightmail announced its Reputation Service last month as did IronPort Systems with SMTPi, an extension to the Simple Mail Transfer Protocol on which Internet e-mail is based, with identity features added.

Not all bulk commercial e-mail is spam

Authentication is one thing but what about the other economic pillar of spam – its low cost? Last month Microsoft announced its Coordinated Spam Reduction Initiative, which, apart from Caller ID, included two other proposals to tackle spam. One of these is aimed at genuine high volume mail senders such as banks, insurance companies and travel businesses which rely on e-mail to contact their customers. The idea is to develop “reasonable behaviour policies” for sending commercial e-mail, and for the implementation of these policies to be overseen by independent e-mail trust authorities, along the lines of TRUSTe which deals with online privacy.

Organisations complying with these policies would be identified on white lists or could issue digital certificates which would be recognised by both end users and filtering software. IronPort Systems has already developed a programme for this, called Bonded Seller which commercial e-mailers can buy into and is administered by TRUSTe. Under this programme, mailers post a bond which is debited $10 every time a recipient complains of receiving spam from that source. IronPort claims that, to date, no money has had to be paid out under this scheme.

Rowland Hill revived

This is OK for the big guys but what about smaller organisations sending occasional bulk e-mail such as newsletters? Programmes like Bonded Seller are likely to be too expensive or unwieldy for small businesses and individuals. Well, Microsoft has come up with an ingenious proposal for these called the Penny Black project, named after the early stamps introduced by the British Postal service. Penny Black would require e-mail software to process a complex computational calculation each time an e-mail is sent. Proof that the calculation had been performed could be provided to the recipient in a number of ways – by tying the calculation to a message, providing the answer in response to a challenge from the recipient, or linked to a ticket which pre-authorises the message.

Now burning a few CPU cycles for each e-mail is not a big deal for an individual or business sending a few hundred e-mails. However it would add significant cost and considerably undermine the economics for spammers who would have to invest in huge amounts of hardware in order to process the millions of messages they send. Having researched the technical viability of various approaches, Microsoft is now looking at how this can be brought to commercial reality.

These proposals, together with SPF, are likely to be submitted to the IETF for ratification and may well form the platform for an anti-spam offensive in the near future. So does this mean the end for spam? Most likely not, though maybe it’s the beginning of an effective technical and economic fight-back.

Richard Ryan
Revelation Research
e-mail: richard.ryan@revresearch.co.uk

In the news this month

European regulators ruled that Microsoft broke antitrust law, levied a record fine of 497.2 million euros and ordered the company to stop illegally crushing software rivals. The Commission ordered the software giant to offer a version of its Windows operating system without Windows Media Player within 90 days. It also ordered Microsoft to disclose enough material to rival makers of work group servers so their products can have full interoperability with Windows personal computers and servers. Microsoft has 120 days to fulfil this condition.

"We are simply assuring that anyone who develops new software has a fair opportunity to compete in the marketplace," said EU Competition Commissioner Mario Monti. Other views are that the fine represents only small change for Microsoft but that it would appeal anyway and aim to stall action on the order, perhaps for years. "We believe we have excellent arguments about how this would cause consumer confusion and disrupt the industry” said Microsoft’s General Counsel.

The online music download business is beginning to look a little crowded. This month further entries to the business were kicked off by Virgin Digital, which announced it is developing its own digital jukebox and online music store with music delivery company MusicNet that will be available by the end of August. The newly-launched Virgin Digital, with offices in Los Angeles and London, is part of Virgin Group. Ultimately, the plan is for Virgin Digital to work on mobile phones, handheld devices and other consumer electronics gear and the product will include a jukebox, the ability to burn, rip and encode songs onto CDs, access to Virgin's digital music club and its Radio Free Virgin Internet radio stations.

This was followed by US retail giant Wal-Mart Stores, which officially launched its online music store with an expanded roster of artists, and kept the price at the same 88 cents per song that it offered during a three-month test. That is 11 cents less than major competitors like Apple Computer’s iTunes and Roxio’s Napster. The store also expanded its catalogue of artists by 50 percent, including exclusive songs from the likes of Jessica Simpson, 3 Doors Down, Shania Twain and others.

Sony announced in January that it would launch its own online music store Sony Connect this spring offering some 500,000 songs for download at 99 cents per tune. This month the company announced it is working out a deal to promote the upcoming launch through fast-food chain McDonald's. Reports suggest that McDonald's is expected to commit about $30 million in advertising to the partnership in exchange for unspecified discounts to license some songs from Sony Connect. Those songs would then be offered to McDonald's patrons for free with the purchase of certain menu items, with customers receiving codes they can use online for the downloads.

Having pioneered portable music with the Walkman, Sony is hoping to use Connect to help spur sales of its new generation of digital music players, in order to reclaim lost market share from Apple's market leading iPod.

Hutchison’s 3 UK mobile service was in the news again, launching a new pre-pay service. The company said it was aiming for the heavy user end of the existing pre-pay market - people who spend over £15 a month at rival operators. Called ThreePay, 3 UK's pre-pay service hopes to lure customers by doing away with what it says are complicated tariff packages offered by rival mobile networks. Customers will be offered the same tariffs, irrespective of the time a call is made or to which network it is made. 3 UK will also charge pre-pay customers the same as it charges customers on annual contracts, unlike the usual practice of differential tariffs followed by rival operators. This initiative comes after 3 UK failed to meet its expected take-up of subscribers in 2003 by a wide margin, much of which was attributable to major delays in receiving handsets from its suppliers.

Meanwhile, Japan’s DoCoMo was reported to be close to agreeing the sale of its 20% stake in 3 UK to Hutchison, leaving Hutchison with full ownership of 3 UK since the departure last year of Dutch KPN. DoCoMo is believed to be ending its ties with 3 UK because it never delivered on spreading its i-mode technology in the UK. At the same time, however, Hutchison also announced that it plans to repay outstanding bank loans of £1.5 billion ($2.77 billion) at 3 UK ahead of schedule. "We have a lot of cash on hand and the UK loan is rather expensive, so we wrote to the banks and asked whether they would be interested in selling the loan back to us," a company spokeswoman said. In fact, Hutchison had total cash and liquid investments of US$21.15 billion at the end of June last year, so it is certainly not short of cash.

Deutsche Telekom said it would take a charge of 440 million euros ($549 million) in the fourth quarter from the badly-delayed GPS/GSM-based Toll Collect road toll system it is developing with DaimlerChrysler and others. The losses have been forced on it by the German Government, which expected the system to be up and running and gaining revenue during last year. One part of the charge, 210 million euros, is Deutsche Telekom's share of the operating losses at Toll Collect, in which Telekom owns 45 percent. Additionally, the carrier will book provisions for future losses of around 232 million euros in the quarter. This then prompted the resignation of the board member most closely involved in the project. Meanwhile DaimlerChrysler, which also has a 45 percent stake, last month took a 241 million euro charge from Toll Collect and said the negative impact could increase as it and the other owners are now required to fund Toll Collect. The automaker said then that on top of operational losses, it had written down the value of Toll Collect to zero and made a 100 million euro provision for the risk of future losses.

In connection with this, it is interesting to note that this month a consortium led by Taiwan's Far EasTone Telecommunications – Taiwan’s third largest mobile carrier – beat a group led by the island's top personal computer firm Acer to win a government tender to build an electronic toll system for the island's highways. One hopes it does not suffer from the same difficulties as the German system.

Other news in brief . . .

London Underground is holding talks with the UK's four main mobile phone operators about installing technology to enable passengers to talk whilst underground. London Underground claims that public opinion is moving in favour of mobile phone access on platforms and in public areas, but not on the actual trains.

Spanish telco Telefonica secured a $5.85 billion cash-and-debt deal to buy the Latin American assets of US carrier BellSouth and become the leading mobile operator in the fast-growing market. Telefonica said buying BellSouth out of Latin America would boost its mobile subscribers in the region to 40.8 million based on 2003 figures, just ahead of previous market leader America Movil. The deal allows BellSouth to focus at home after a joint $41 billion bid with its partner SBC Communications for mobile rival AT&T Wireless, which outbid the UK’s Vodafone last month to make its joint venture Cingular the largest US mobile operator by subscriber numbers.

Finally, in spite of its rocky start, it looks like use of WAP on mobile phones is now gaining momentum. The total number of WAP page impressions viewed in the UK in January reached 1.2 billion, according to new figures released by the Mobile Data Association (MDA). The new monthly figure is the highest ever recorded by the MDA and represents an increase of 200 million pages compared with December's figure.

Interested in M2M? Then check out the free newsletter from our M2M information site M2M Focus. The March issue is now online here.