INFRASTRUCTURES for VOICE and for DATA COMMUNICATIONS
19July2006; Rev 9Aug06; 27Sept06; 12Mar07
Minor edits/CDRs/ViralRouting 30Jul07; see bottom.
NSA's WIRETAP SYSTEM WORKS
you just want to know how it works and what it does, it's here.
In 2006, the George W. Bush administration went to great lengths to
avoid revealing how a secret warrantless wiretapping system worked.
I thought anyone with a good background in science
technology could explain it, so
I did. Abrupt and disruptive changes in
surveillance technology that we must deal with as a society
make more sense against the background of the nation's ongoing
transition into the digital age, so I have sketched that tumultuous
journey here in this backgrounder.
telephone calls out of the telephone system, and it
is possible to
limit surveillance to the specific "line" of a specific
number. As the nation moves from this legacy telephone system
the Internet, it becomes impossible to tap phone lines because there
aren't any. Surveillance of "only a phone call" or
email" requires retrieving
the packets performing multiple services for multiple users and parsing
out everything they do on line. A legal justification for one
a technical mandate for all.
Old laws cannot be "extended" to cover the new technologies.
technologies themselves are too different. Just as old
telecommunications technologies could not be extended and were
overthrown, so the nation will have to start over
with a new
approach to surveillance, oversight, and the laws that protect the
nation's values and Constitution.
Short of democracy itself, the Internet may be America's greatest gift
to the world. But like atomic power, cloning or stem cells,
great scientific advance bursts upon society showing its faces of good
and evil, demanding we choose between stunning Jekyll and
alternatives. Surveillance is the Internet's dark side.
good side is unprecedented wealth and creativity.
Internet succeeded where the centrally-controlled, "command economy" of
the telephone world failed because the Internet follows a design
philosophy of independence between its parts, possesses a culture of
openness, and grants political empowerment to its users who do not have
to ask anyone's permission to invent outrageously new and successful
than two decades have taken us through an upheaval in
telecommunications with multi-billion dollar mergers, multi-billion
dollar bankruptcies, and extremes in human miscalculation of how to
invest money or comply with legal and financial realities.
disruptive shift from a national telecommunications
infrastructure for voice
transport to a national telecommunications infrastructure
for data transport
threatens us with similar miscalculations and disastrous, unintended
consequences if we repeat our mistakes and mismanage
the political, legal, and regulatory responses to
technology. Uncomprehended power in computation, communication, and
the manipulation of
information now touches everyone's personal life and our
government's power to monitor it.
legacy national infrastructure for voice communications could not
be extended to serve the nation's data communications needs.
new data transport systems could not be piggybacked onto the legacy
voice transport system. Billions in
treasure and prestige were lost in the ensuing upheaval.
competitors scrambled as some of the finest technology in electronics
and photonics went on the block for pennies on the dollar.
Crossing's purchase by Singapore Technologies Telemedia Pte (STT) and
Hutchison-Wampoa (Hong Kong) could have passed the graphics files
loading into the guidance systems of cruise missiles and the real-time
battlefield images coming back from unpiloted drones over American
troops at war through Asian military powers not necessarily
well-aligned with our national interest. (Hutchison-Wampoa
withdrew; STT owns a 71% stake of Global Crossing.)
Another round of mis-steps
that later prove devastating for society are likely if
it is assumed that political and judicial safeguards developed for
the fading voice transport era can be extended to the domain of
Mis-steps are likely because society's political and legal response to
global telecommunications' upheaval will
be crafted by civic leaders who may understand both voice
and data systems even less well than did the now-fallen (e.g.,
convicted and sentenced) titans of those
understand the problems civic society faces in crafting a legal
framework for surveillance and for the preservation of
law as we move from one network to the other, it is necessary
understand the two networks. A signal that the
are not understood is the use of the word "extend". The call
"extend" a law
crafted for the dominant network of the last century to the
disruptively different network of today identifies someone who
This mini-tutorial is written for policy makers and lawyers not deeply
familiar with technologies that, like a hurricane over warm water, have
quickly grown to open new channels of power and
topple barriers we
thought protected us. By putting both old and new networks
the microscope, we also see at a glance what has made the Internet a
fountainhead of innovation, America's
greatest gift to the world
short of democratic government itself. Yet the
dark side of the same technology is surveillance. The new
national infrastructure for telecommunications -- the technology -- has
already been chosen by technologists, but a fork in the road has not
been chosen by society. The exuberance and renewal of civic
society are palpable on one side, and the sad faces of a surveilled
society illuminate the darkness on the other. The
systems could not be extended, and I urge you not to confirm
yourselves that the legal systems cannot be extended either.
Find out what drove the Internet to greatness and you can insure that
the Internet continues to drive society to greatness. A piecemeal approach to services
and civil liberties will not steer either a great technology or a great
society. Imposing the
technologies required for surveillance will redefine the Internet's
principles of operation. 20th century "tapping" of
century integrated services network does not draw off an innocent glass
of port, it poisons the barrel and the future.
If you wish to skip the mini-tutorial, the
bottom line is that
you can tap only one phone line, but on the Internet you can only tap
everything because there are no lines. Tapping VoIP
calls on the Internet ("Voice over Internet Protocol")
and technically compels us to extend surveillance to everything
everyone does on-line.
nation's legacy infrastructure could not make the transition to digital
communications. Meanwhile, advances in photonics
networks with greater capacity than all prior networks in history
combined. Unfortunately, new companies breaking old market
restrictions quickly created multiple such super
systems on land and sea and suffered the economic consequences.
The United States lacks an effective national communications
infrastructure today, and continues to fall behind other nations in
broadband usage. It is an odd societal outcome when so much
the technology originated here. (Marine
landing, Pirelli Systems.)
are now an honorary engineer and we are going to build a phone system.
With 20 million people in New York State and 34 million in
it would be nice to be able to connect even just a quarter-million of
once. The simplest way is a phone circuit from New
another circuit back. The circuit -- the same word as circle
pair of wires so that any current sent to California returns in a
system which remains in balance and free of electron pile-ups.
need 4 wires for each customer, or 1 million wires in all. Ignoring the
plastic insulation, and choosing thin 22 AWG wire (American Wire Gauge
22, a common size for phone wiring), this cable will
weigh 1,944 lbs/foot, a cool ton per foot, and there are 5,280
feet in each mile to California.
We have had our first hard lesson
in telecom: it is necessary to combine many -- thousands, millions --
of customer's traffic streams into one very high speed
link (mid-1900s) or glass fiber (Y2K). How to combine traffic
and sort them out later is the central question on which legacy voice
and ascendant data networks have made fundamentally different choices.
Like the egg's choice of an X- or a Y-bearing sperm, this
The combining of many customers' traffic streams is
called multiplexing; sorting them out later is demultiplexing ("mux"
COMPRESSING TIME: A simple trick makes
multiplexing possible: the fast squirt. Since the 1970s it
easy to record your telephone voice for an 8-thousandths of a second
and convert it to a digital stream that is easily stored and played
back. In the universe as we know it, the recording
of a second of your speech will always take an 8-thousandths of a
second. However, we can play the snippet of speech back
faster than we recorded it -- the fast squirt. And, as we
data bits (digitized voice) are easy to store, so we can
store the same
speech snippets from 32,256 paying customers and squirt them all into
our wire in the time it took to record a single one of them.
that's a good thing, because, as soon as that 8-thousandths of a second
is over, those 32,256 paying subscribers are ready as a group for
their next fast squirt. The next 32,256 samples are
and queued) and must be shipped out the door. Done!
Obviously we have
the start of a powerful multiplexing scheme here. Voice
these kinds of numbers were shipped out on a fiber optic cable
of MCI's long distance network in 1998, as last century's technology
neared its peak.
Looking ahead to the other end of the line,
your speech plays back smoothly. By the time we have (slowly)
one 8-thousandths of a second of your speech, the next 8-thousandths is
ready. The jagged and abrupt way in which we obtained each sample
remains unnoticed, provided we string the samples back together without
The number "8-thousandths" is
not interesting, provided every
country in the world agrees to build every piece of telecom gear with a
pacer that clocks in at this speed. They have. The other
more important because you pay for them. Many readers may
purchased a "T1" line or may have been told their Internet access has
"T1 speeds". Telecom multiplexing hierarchy level number one
was achieved in 1962, packing 24 phone calls (not 32,256)
onto a wire running at 1.544 megabits/sec or 1.544 megaHertz.
level multiplexed 672 phone calls into a wire running at 45
megabits/sec or 45 megaHertz. The frequency or
(1.544 or 45 megabits/sec) have survived in the marketplace even if the
cables now carry data, not voice calls. At higher levels of
multiplexing, the multiplexed signal is carried by a glass fiber.
129,024 phone calls per multiplexed channel is common; bragging rights
start at four times that (Optical Carrier Level 768), and after that
the telephone companies'
multiplexing game is over. The torch passes from electronics
photonics, to the trick of tuning 64 lasers to slightly
wavelengths ("colors" the journalists call them) and using optics to
the 64 channels at the other end.
TIME DIVIDED INTO FIXED SLOTS: Let us look more
closely at one 8-thousandths of a second. In this
paying subscribers are lined up to get their
second of speech shipped out before the clock ticks again.
crucial 8-thousandths of a second, each customer in turn gets exclusive
use of the entire optical cable, but only for 1/32,256 of that
8-thousandths of a second. In that time you get to transmit 8
bits (not 8 million for a photo, but eight, period). It is a
straight jacket: 8 thousand times a second you get exactly 8 bits,
never any more, and, even if you are not talking, never any less.
While the network has a fabulous 2.488 gigaHertz cable, you
get to put 8 bits onto it 8000 times a second -- 64 kilobits per second
in all. That is why dial-up modems never do better than 64
The slot assignments also never change. If you are
customer 32,156, you will be 32,156 on that telephone company switch
until you hang up the phone. Obviously we have the start of
powerful scheme for DEmultiplexing here. The
8-thousandths of a second
interval is rigidly divided into 32,256 "time slots" that never change,
and one slot is assigned to an individual customer, and for the
duration of his phone call, that assignment never changes either.
Asking for slot 32,156 gets you the smooth sound of one
TIME-DIVISION MULTIPLEXING: The
fixed-time-slot approach is called
Time-Division Multiplexing (TDM). The
slots into which we multiplex many customers are made by
instant in time that is 1/8,000th of a second, and is the same the
world over. Companies with equipment that divides faster can
slots and more money.
The choice of
Time-Division Multiplexing for the nation's telecom infrastructure had
tumultuous consequences for the phone companies
beginning in the 1990s, as the tide of data traffic rose and
fatal flaw of the nation's voice infrastructure emerged (the
customer never gets more than 64 kilobits per second and the phone
company has to tie up the infrastructure for that slot even when the
customer puts no traffic into it). The decision
to use Time Division Multiplexing is now having profound
the evolution of surveillance and constitutional law in civic society,
because it preserved the fiction of a phone "line" which could be
"tapped". ` Such virtual
"lines" are not hard to understand.
A RESERVATION: A quick phone call from New
York to LA finishes the
TDM mini-tutorial. We consider only the moment of silence
last digit you dial and the first response (ring or busy) you hear.
Within 18,000 feet of your house as the wire lies is a
company's central office building with a time-division
switch of the sort we have been examining. Your voice is
there and, as soon as the switch assigns you a slot, it lines
next switch, probably still in your city but no longer in your
neighborhood. That bigger switch may achieve more than 32,256
per cable and there's no telling what number your slot will be, but,
until all the switches from New York to LA have each committed a slot
to you, the call has not been placed (has not been set up;
must be torn down). It doesn't matter what the next slot
as long as you get one. Each switch on the route knows what
number to find you on in the incoming stream of traffic, and
next switch what slot number it has has put you on in its own
stream. The last switch on the route has an actual copper
line to the
party you are calling, connects electrically to it, and finds out that
it is either off the hook or ringable. Your call has gone
the switch in LA tells your local switch in NY what outcome it should
signal to you
(busy or ringing).
5ESS switch (right;
courtesy of SNiPLiNK, Pennsauken NJ)
A switch is just a computer system with hard drives and
a lot more input/output jacks than a single port for a printer.
One switch lines up the next to reserve a
new slot for a new phone call using Signaling System 7 (SS7).
a large set of commands that includes the ones NSA
uses to open a new
phone tap by remote control. A lot of the SS7 commands used
to be sent
with Touch-Tone sounds, one of which could be imitated by a child's
given away inside boxes of Cap'n Crunch cereal
By taking control of switch
reservation signaling, phone phreaks competed to get a call stitched
together around the world, as evidenced by the enormous delay required
for the winning phreak's voice to come out another phone in
the same room.
Today, SS7 signaling is not done with Touch-Tones, and is
carried on a separate, secure network used just for signaling.
CIRCUITS FOR PARTICULAR CALLS: Nothing more
changes after you have
your connection. The reserved slots remain the same and they
yours. The slot numbers and even the choice of cities in the
city-to-city hops may have been quasi-random choices, but, because they
are fixed and they are yours once chosen, we may say that each
subscriber of a completed connection owns a single, specifiable
"virtual circuit". It is not a physical circuit bolted down
current-carrying copper, but it is a stable, measurable piece of the
national telecommunications infrastructure that has been assigned
exclusively to a particular subscriber.
In the voice system, each
customer of a legacy Bell telephone company has a virtual
line that the National Security Agency can tap.
one needs to climb a phone pole. The idea of "tapping" (as in
a barrel to let some contents escape or touching copper wires to tap
off some current) is quaint. The National Security
Agency can signal the
switch -- typically the first one, the switch in your neighborhood --
to always make two (or more) "next switch" reservations for your slot.
One begins the chain of switches needed to build your virtual
to the number you dialed, and the other begins a chain of switches
leading to the National Security Agency's computer rooms in Fort Meade,
Maryland. Every call you make now goes to two places (or
NSA can also ask to share your Caller ID signaling so that its
sophisticated call-monitoring resources need only "listen to" (analyze)
your calls when certain people check in with you by phone.
hear nothing on your line, your calls will not take longer to
complete, and you won't be billed for the extra long distance
INTRODUCTION: The Call Detail
Record (CDR) is the written reservation for a single call.
Because little about Call Detail Records is generally known, a longer
treatment seemed in order. If you need to skip it, the bottom
line is that, as a call is begun (you lift the receiver) and "reserved"
(the call is set up after you dial the last number), a timestamp is
recorded for each step of the process, along with a record of both the
called and calling numbers, the billing number if different, the
long-distance carrier used by you the customer, additional items if you
put someone on hold and set up a three-way conference, and outcome
codes. If the call wasn't successfully answered, there will be no
bill later. Subtracting one timestamp from another gives
the duration needed for billing, so CDRs get run through lots of
"billing software" later to look for completion codes that mean
"success", to perform these subtractions and tally minutes. The
National Security Agency likes to get these CDRs plus all the incoming
and unsuccessful and non-billable (local) call CDRs as well -- extra
CDRs that phone companies have no business case (financial reason) to
archive and sometimes don't even generate. Congress has created
an incentive for NSA to flag phones as tapped because only tapped
phones generate all the extra CDRs, and once tapped, the phone companies are legally required to deliver all the calling records to the government. Now the details.
DETAILS ABOUT CALL DETAILS YOU NEVER WANTED TO KNOW:
The Call Detail Records (CDRs) that telephone companies generate for
commercial purposes on untapped phones (and then turn over to the
National Security Agency surreptitiously (USA Today 11 May 2006: http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm )
are very different from the CDRs that telephone companies generate on
phones that have had their taps turned on (which are then turned over
to the FBI openly, as required by Congressionally-mandated surveillance
rules stipulated in "CALEA", the Communications Assistance for Law
Enforcement Act, 1994). "Turned over openly" means the FBI does
not have to deny that it is doing what it is doing when it refuses to
tell you what it is doing.
For an introduction to CALEA, see: http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
For lawyers seeking the law itself, see:
For telco executives concerned they still haven't installed enough
spying technology, check with the FBI at their CALEA compliance
We consider the classic Call Detail Record first, from the days when
most phones were not tapped, and 90% of taps were for calling pattern
data (phone numbers) only, not the voices that NSA now analyzes with
voice recognition computers.
MAKING A CALL DETAIL RECORD:
Before your call's route to Los Angeles was reserved, the switch in
your local central office (the first in the chain), queried a database
to find out your personal choice of long distance carrier, and then
began the switch reservations accordingly. It also appended a new
record, the "Call Detail Record" (CDR), to a database on a different
server, and recorded the number you dialed
in LA, the long distance carrier specified, and the result of the
attempt, including the start and stop times (the timestamps) from which
your billable minutes will be derived if the result code is
"successful". In the old days, the switch itself stored and minded the database.
The switches at both ends of the call must communicate. LA
told NY whether to signal you "busy" or "ringing" at the outset of your
call (at the end of their reservation process), and, at the end of the
call, either party could hang up first, so either switch must be able
to initiate information exchange with the other to begin "call
tear-down". Because both switches are activated and each is
responsible for keeping track of charges to a paying customer, both
generate a Call Detail Record; thus, CDRs come in pairs. Because
the switches must communicate, each CDR can (and does) list both the
called and calling number.
THE STORAGE OF CALL DETAIL RECORDS:
In many independent phone companies, the Call Detail Records (CDRs) are
read off the switch that set up and tore down the calls. The CDRs
are read by bill extraction-and-presentment companies at least once a
month. Billing companies have codes to access the switches
remotely and request a dump of billing data. The phone company
(landline or cellular) that owns the switches eventually moves the CDRs
off the switches to make room for new ones.
Records are consolidated onto large, central databases and kept for
several years. Some companies keep the raw Call Detail Records;
others, the more compact billing records derived from them. The
derived billing records bear a one-to-one relationship with the full,
raw Call Detail Records -- each is a record of a single call. In
industry parlance, the derived billing records are often called "Call
Detail Records" insofar as each describes details of a single call
placed by a customer. However, the more compact, derived billing
records typically have no information about incoming calls, and
sometimes only the called number is listed and the identity of the
caller (the calling number) is implicit in the file name or document
title ("Services rendered to CustomerXYZ"). There is no
progression of time stamps as the call progresses through setup and
teardown, only the billable duration and start time.
MCI is famous for keeping all the raw Call Detail Record data and
mining it for marketing purposes -- customer leads; up-selling
active business customers; cross-selling consumers on novel
dialing plans such as "Friends and Family", and for corporate strategic
planning (infrastructure investment).
The Bell System has more capital equipment than independent telcos
do. An accounting system (computer server running a database
management system) may be set up separately from the calling system
(5ESS electronic switch). The data for all successful
outgoing billable calls are transferred to the accounting server as
they occur, and the urgency for bill extraction companies to harvest
(empty) the switch before it overflows disappears. In large
cities, citizens whose phones are currently flagged for tapping get
their call data placed on a separate server, not necessarily because
there are so many people in this group, but because the machine holding
these people's information needs to be networked into government
computers. Phone companies would rather build and interface
special systems with government systems than contend with
government browsing of their entire infrastructure.
of legacy Bell telephone companies generate a history of all people who
called them, and whom they called or even just attempted to call, in Call Detail Records
that are accumulated in searchable databases in either raw or reduced
form. These databases can be shared
with the National Security Agency.
DETAIL RECORD (CDR) for ONE PHONE CALL
called the "Correlation Group"
or international, 14- or 24-bit SS7 point codes (addresses)?
on Protocol ID field
an 8-byte timestamp & a 2-byte message
Point Code (of SS7 signaling chnl + hdw controlling the call)
ID Code; your long distance provider
command ended call?
(ended under what conditions?)
- No Error
1 - Timeout
2 - Sequencing error
3 - Reset Circuit (backhoe?)
||Initial Address Message
ID for IAM
||Address Complete Message
ID for ACM
"bkwds" to certify
virtual ckt is complete.
||ISUP ANswer Message
ID for ANM
called pty switch;
ID for REL
ID for RLC
"normal" or "busy" and
1. This basic CDR is about 150 bytes long.
is a computer log file whose length can grow. Pressing HOLD
adding a 3rd party to your call lengthens your call's data
2. CDRs record the steps taken by the telephone switch in your
neighborhood Central Office to create and end one phone call for
you. Major phone companies generate between 150 terabytes and
petabyte each of CDRs per year (2005).
3. CDRs are written in pairs to disk drives in the switch setting up the
call and in the switch serving the called party. Phone
avoid CDR duplication, but FCC survey data for the nation as a whole
can be off by a factor approaching 2x.
4. Each of the messages whose occurrence is time-stamped here is itself
a multi-byte entity of rigidly-specified format. The
specifications as a whole are said to fill a 1.5 cu.ft. carton and the
mostly C-language Signaling System 7 (SS7) program that executes them
is about 10 million lines of code, but most are concerned with graceful
recovery from exceptions.
5. Additional signaling to support 800 number translation, 911 calls,
caller ID etc.generates additional messages not time-stamped in the
6. "ISUP" (ISDN User Part) is a collective name for commands used to
set up subscriber requested trunk calls & has nothing
particular to do with the "Integrated Services Digital
Corrections/additions welcome at jerry-va curlysign speakeasy dot net.
Jerry Nelson Sept 2006
This work is licensed under a Creative
Commons Attribution-ShareAlike 2.5 License.
TENSIONS BETWEEN COMMERCIAL vs. SURVEILLANCE NEEDS for CDRs: The
Call Detail Record (CDR) databases change rapidly, and would have
to be shared with the NSA on an on-going contractual basis. MCI
alone adds 90 terabytes of customer records per month (2005) -- mostly
Call Detail Records. This is roughly a petabyte (1,000 terabytes)
per year, requiring a new, $4 million EMC Symmetrix DMX-3 storage
system each year (9 cabinets, 2,400 disk drives). With some
companies flushing their switches' calling data into other servers as
they arise while others leave Call Detail Records on their
switches for a month,
it is technically feasible but administratively all but impossible for
the NSA to collect Call Detail Records from the nation's 25,000 voice
switches by itself. The NSA is all but forced to let each phone
company consolidate its data first, and then ship it on an ongoing,
contractual basis to the National Security Agency.
There are tensions between market and government needs.
Commercially, only (potentially) billable calls merit creation of Call
Detail Records and, until CALEA was passed in 1994, telephone companies
did not create or keep Call Detail Records for non-toll calls within
Local Access and Transport Areas (roughly, within one area code) even
though the switches could generate them. Bill
extraction-and-presentment companies do not care about incoming calls
and sometimes the phone companies do not store that information either,
but the NSA wants it. Frantic attempts of one person to reach
another by phone at critical times are of interest to NSA even if the
call was never answered or even completed, cannot be billed, and CDR timestamps would not normally be
stored. The NSA would prefer to have the richer information of
the true Call Detail Records as written by the switches, not the
reduced version produced for billing purposes that is cheaper to
archive. Phone companies would want to be well-compensated for
any effort, expense, and work not justified commercially.
THE AT&T "DAYTONA" DATABASE of CDRs:
Long distance companies are in a much stronger position than the
local phone companies to give NSA everything it wants. Because a
long distance company has no local lines, it must pay other companies
to deliver (complete) their calls for them. Call completion
incurs "settlement charges" owed to (potentially) any extant local
phone company in the country. A central database is needed to
generate and control settlement charges. These databases are
usually kept in a central part of the country (Kansas for AT&T), so
the NSA's national data collection-and-consolidation problem is
solved. Better still, AT&T updates their database in realtime.
If the long distance provider you signed up with is AT&T, then, 5
seconds after you hang up with Grandma your call information is in
Kansas, and, by evening, your information is on an NSA computer in Fort
Meade, MD (see the Electronic Frontier Foundation lawsuit filed 31 Jan
). In a more transparent society, citizens could insist
that, with a budget of $4 to $5 billion a year not counting satellite
costs, the National Security Agency should perform their updates in
real-time just like the phone company. Then, since government
computers are far more secure than AT&T's, the NSA should charge
AT&T to access the government for data on their customers and save taxpayers some money.
A TAPPED PHONE GIVES NSA EVERYTHING IT WANTS:
If you have "call waiting" or "caller ID" service, appropriate flags
are set in your "service profile" at your neighborhood Central
Office. You are billed for it. If your phone is tapped,
another flag in the same service profile is set, and the rest is automatic. The
good news is
that, as far as we know, the phone company has never made a mistake on
a customer's bill and charged him for the added service of tapping his
When a phone is flagged to be tapped, the phone company, seemingly out
of the goodness of its heart and with no compensation from the
government, voluntarily saves to its billing database information -- additional information which
generates no billing and is normally discarded, including:
Normally, local calls would be neither recorded (switch
doesn't waste time generating a CDR), nor saved for later billing
(perform transactions with a database server and take up space on its
storage drives). Setting the
wiretapping services flag "ON" creates a lot of unbillable "billing
data". These are the most complete Call Detail Records in the business.
- all incoming calls, answered or not
- all outgoing calls, whether successful or not
- all local calls, both incoming and outgoing, successful or not
Bell companies typically set up a separate database server to keep all
the data for all their customers who are currently under
The database server dedicated to the calling records of a telephone
company's government-surveilled customers places a call of its own, and
then uploads this data into the FBI's or the National
Security Agency's databases.
It pays the NSA to set the phone tap flag to "ON". Problems and
shortcomings arise when the National Security Agency must obtain
Call Detail Record databases retroactively, instead of on-line as they are created. The
problem is that the NSA must go in secret to a public corporation, and the
shortcoming is that not all the CDRs are there. It is easier and
less unpleasant for everyone concerned when the phones are flagged
to be tapped. If the service flag for "wiretapping services" is
set "ON", not only are all Call Detail Records saved, but your local
Central Office switch will now be set (automatically re-programmed) to generate CDRs that were never
even generated before, such as records of your failed, incoming and local calls.
Finally, the NSA's need for secret meetings to pressure senior
management to turn over data evaporates, because Federal
law (CALEA, 1994) makes it not only legal, but legally required that
the phone company export the data directly into law enforcement
These differences in CDR generation (more complete) and delivery (they
do it for you) are an incentive to NSA to tap phones. Congress forced the telecommunications industry to install phone
tapping technology for law enforcement agencies (the CALEA Act, 1994, "Communications Assistance for Law Enforcement").
Today, it is likely that NSA plows
through the nation's phone books, setting service profile flags for
tapping services to "ON". Lost in the shuffle is the fact
National Security Agency is not a law enforcement agency, and that the
phone taps are not authorized by any warrant. CALEA was a strong
foundation. A technological edifice has been built on it.
In Silicon Valley, they laugh at the saying, "Build it and they will
come" because everyone knows that great technology often requires
great marketing to achieve success. Government is
different. CALEA was a strong foundation, and a technological edifice evolved on top of it. With the CALEA law enforcement act, Congress
made it possible for a gumshoe to log onto a computer system and turn
on a phone tap without a lot of back-and-forth correspondence with
telephone company employees. The guy is overworked, it was nice
to help him out. The NSA came in and drove the system with
computers to thousands of taps an hour based on billions of phone
records a year.
The "give an inch, take a mile" pattern is now repeating itself with
geolocation. Congress required the telecommunications industry to
put Global Positioning Satellite chips or other position triangulation
technology into every cellphone so that a dazed or crazed caller would
not have to describe her position on a 911 emergency call. Nice
to help her out. This real-time data is also stored with
cellphone Call Detail Records. The government won a lawsuit to gain nearly unfettered access to databases recording every citizen's physical location for every cellphone call
they make, not just 911 calls. Since your physical tracking data
was stored on the billing database, the court's argument was that
tracking was only billing data.
We have looked at calling histories. The routing of phone call voice traffic
to NSA voice recognition computers was not covered; in effect, it is
just a 3-way conference call. The investment and specialized
knowledge needed to change the SS7-related firmware of an 5ESS switch,
and the history of unwanted consequences from software changes, suggest
that Call Detail Record time stamps for connections to the National
Security Agency were never falsified and still exist for all Americans
whose phone conversations were forwarded to the government as they were
placed. There will be smaller phone companies serving cities with
Arab-American immigrant communities whose Call Detail Records document
This review of Call Detail Records completes our portrait of the legacy
phone system in its full maturity, and we turn to the new kid on the block, the Internet.
This is the Mini-Tutorial on Telecom Networks & the Internet.
As the last century ended, the nation that gave the world the Internet
now created the search engine, the eBay auction, on-line
music, as well as experiments that failed in the dot-com bust of
2001. More is coming. The legacy telecommunications
infrastructure could not accompany the nation on its new
adventure. Such innovation, such change! What were the
voice networks missing that the data networks had?
NATION'S NEED FOR NEW DATA NETWORKS
earlier in our country than in the rest of the world. We
the isolated transistor; we invented the integrated circuit and the
semiconductor industry that learned to put thousands and millions of
transistors on one integrated circuit chip; we used the chips to invent
the PC, and we put a PC on every desk.
on every desktop made a communications revolution necessary, but
companies in the Bell System would rent only empty lines,
corporations to turn elsewhere for equipment to provision
data router was invented, new companies like Cisco were born, and the
United States owned the data equipment industry even before the
Internet became prominent. Single corporations built data
whose geographical reach and capacity exceeded the national telephone
infrastructure of entire nations. The invention of the World
(1991; brought under the aegis of the World Wide Web
1994) made data networks valuable to consumers, who helped
World Wide Web from 2,000 sites in 1994 to 20 million 6 years later.
As data traffic grew both at home and at
emerged in a national telecom infrastructure based on voice transport. The
legacy voice operators offered data services that
were mostly forgettable: DDS
(Dataphone Digital Service, 1974) for
example, and SMDS (Switched Multimegabit Data Service). Something
The nation's telecommunications infrastructure could never make the
transition from voice to data. It failed by design.
1. RESERVED BANDWIDTH HURTS TELECOM PROVIDERS and THEIR
a spoken conversation would occur, it was reasonable to reserve a
small, fixed amount of bandwidth for it. But computers demand enormously
more bandwidth than many phone circuits one instant and none the
next. The telephone system could neither satisfy bursts in
demand nor staunch
the waste when waiting in silence.
design, the legacy telecommunications infrastructure could not morph
into a broadband network for data. Men leading an industry
in local and $80B in long-distance telephone revenues
other men were building new networks that had greater capacity than
theirs, indeed greater capacity than all prior networks built in
history. The growing volumes of data traffic and data
other networks would trivialize cash flows derived from voice.
was no time for the technological response needed to give the nation
a broad-band infrastructure designed from the ground up for
system corporations turned increasingly to legislative and legal moves
against purveyors of change. With the fiber optic "champions of change"
fielding networks with greater capacity than all prior networks in
history, this group soon found itself in financial troubles as existentially threatening as the technical troubles then devastating their legacy competitors. The nation as a whole floundered.
2. CENTRALIZED CONTROL & COMPLEXITY RAISE COSTS
Lockheed Martin's F-35 needs 1.1 million lines of code for flight
control (5.6 million lines for the whole plane), but a it takes 18
million lines of code to run a Bell System 5ESS switch. The Bell
reservations on the next switch with an equally complex SS7 signaling
and control language. No inventor can expect a corporation
such a network to "just try something."
There are custodians
of the code (Bellcore, now Telcordia, manages 100 million lines of
software instructions for use by telecom companies), but problems still
arise. Companies have their own separate systems, one each for billing, for customer
relationship management, operations, administration, maintenance and
service provisioning. Companies are acquired; employees leave.
operating companies running on over 200 million lines of code
there is no one left who can understand, maintain or modify large
sections of it.
switch crashed on 15 January 1990 and faithfully sent an
notice to its neighboring switches so that they would know to make
reservations (place calls) around it. When it turned out that trying to
an out-of-service notice would itself cause a switch to fail, the
ripple of failure did not stop spreading outward until 60
subscribers had dead phones and 70 million incoming calls were never
completed. In June and July of 1991, major failures occurred
Baltimore (spreading to Washington DC and Northern Virginia),
in LA, and
in Pittsburgh, where 1 million customers were affected for 6
error in the SS7 signaling software caused the lines over which one
switch requests a reservation from another to become jammed.
months later, a hardware failure took out service to 10 million
customers in New York City--and three airports--at 10:10 AM.
A comedy of
errors prevented power restoration until evening. The airports did not
clear until midnight, and many passengers could not call out to report
The legacy voice network lacks powerful
principles of separation permitting one domain of the
national infrastructure to be enhanced without unintended side effects
on others. (There are similar issues in the national infrastructure for AC power distribution.) Anyone
inside or outside the telephone system wishing to make changes
confronts many millions of lines of computer code that is
proprietary, locked inside corporations, and itself so
that a small change one place can produce disasters in another.
Again: no entrepreneur ever asked the custodians of such a
to "just try something" and got "Yes" for an answer.
4. INNOVATION FAILED
The reality of this complexity has resulted in a cautious
approach to innovation.
years after the first primitive 911 service was launched in
Haleyville, Alabama in January 1968, the development of today's modern
911 system was complete and one system went on the air (Orange County,
Florida, January 1980). The President signed a bill
911 should be available nationwide in 1999. Rural counties
working to implement the complete feature set today, 39 years later (2007).
citizens can use the Internet to create new services (eBay,
PayPal), but only
authorized phone technicians can get their hands on the phone
What new businesses or innovations have those technicians created?
There is Speed
Dialing, where you can dial [star] 7 5 [2-digit
of a 7-digit number ($4/month). You must contact a technician
enter your list of numbers into the system for you. You
save the company and yourself money by using a Website to print and
maintain your list at your convenience.
When counting the number of new commands that the phone system has
added, remember that it takes one command (dial a special
then a special 2-digit code) to turn on a distinctive
ring if Grandma ever remembers to use the special number you gave her,
another command to cancel the service, and a third command for people
who can't remember the first two and would prefer a single command that
just toggles the service on and off. Wake Up Calls
each and $4
for business accounts, so don't sleep over on the office couch, it's
Another new service of the Advanced Intelligent
Network (AIN) is "Call Trace (Customer Originated)". Ordinary
may automatically trace their last incoming call.
You just dial *57, listen to
the message and then dial 1. If the call could be traced, you
hear a message that it has been traced. Traced call information is
provided upon subpoena to law enforcement officials, but
not to the
customer. (Citel, Inc.; see also Verizon.)
In contrast to the national telecommunications infrastructure for
voice, the World
Wide Web was invented by a single individual in 1991, standardized by
users -- not service providers -- and grew to 88 million
the world and 25 billion pages indexed by Google in 15 years.
in 100 years of voice telephony matches this record of success.
5. STILL ANALOG AFTER ALL THESE YEARS
sign up subscribers and drive revenue, a telephone company must
multiplex. To multiplex, the telephone company must digitize.
national telecommunications infrastructure began digitizing
the 1970s, following the start of T1 trunk multiplexing in 1962.
years later, the corporation is digital but the customer has been left
with analog access. Customers do digital things like use PCs
faxes. The fax machine's digital scan of every page must be
analog sounds to go over a voice channel. At the first
company switch it hits (the 5ESS switch in your neighborhood), the
machine's voice sounds are digitized. We
digitize the analog encoding of a signal that was digital to
with. At the last telephone switch on the journey to the
destination, the digital signal is converted back to analog sounds to
go over the phone line into which the destination fax machine is
plugged. The fax machine makes the final analog to digital
conversion, and puts pixels on the page.
Faxes are digital, and, to send one, we as a nation make four
digital/analog conversions, all of them unnecessary. Digital
communications between computers (e.g., an e-mail) are scarcely
different. The game is digital to analog to digital to analog
digital. The score is: Conversions, 4; National
Infrastructure, 0. A national telecommunications
for digital communications has never been completed.
chain is only as strong as its weakest link, and a system is only as
its slowest component. The analog connection between a
customer’s home computer
equipment and the telephone company’s Central Office is the
slowest component of the nation’s entire telecommunications
modems and dial-up modems both make the same conversions that
machines do. The only difference is that, after hitting the
central office, much of the subsequent long-distance journey is taken
off the national voice infrastructure, whose switches are designed to
make fixed bandwidth reservations that are too expensive and
inefficient for data transport. Data transport is performed
companies less well known to the public, such as Broadwing or Level(3) (now merged),
since the networks of phone companies have lacked the national
footprint and/or sufficient capacity for data traffic. Data
traffic surpassed voice traffic sometime in 2000/2001, roaring past at
an annual growth rate approaching 100% a year and, by 2005, was about 4
greater than the voice traffic volumes for which the networks of the nation's telephone companies
were designed and built.
Internet users are politically
empowered to innovate. Traffic explodes for them, not voice.
BIG SHIPS TURN SLOWLY
legacy voice industry made one more move as the data revolution
matured: ISDN, the Integrated Services Digital Network. The Time-Division Multiplexed,
was digitized, instantly rendering the analog phones on everyone's
table obsolete without offering enough or the right kind of bandwidth
for digital devices that might have compensated for the expense of replacing all those phones. Europe pressed on, but the
U.S. deployment of
ISDN was stillborn after much
hope and hard work going back to the 1960s.
telecoms fail with new technology because it isn't new by the time they
finish testing and procurement procedures designed to prevent failure.
As with ISDN, the Bell System invented the DSL modem
(Bellcore, 1988), then failed to
deploy it before faster "cable modems" from the cable TV industry began
to close their window of opportunity.
cultural problem of the American telephone industry is an inability to
understand blatant shifts in their own industry,
voice to data,
- from analog to digital,
- from switched circuits to routed packets, and
- from electronics to photonics.
slipped away on slow shifts of complete predictability:
- new physical principles emerge
from basic research and advancing theory
- technologies emerge to harness the
new physical effects
- products and capital-backed
companies emerge to commercialize
technologies are flowing out of basic research laboratories in the
(thank you, Federal government, for the grants) and into products and
commercial opportunities (thank you, venture capitalists).
Lobbying, legal challenges and regulatory
dilly-dallying are not going to uncork any new technologies. The
nation's established telecommunications infrastructure could not make
the transition from voice to data. Its design ordained its
failure. The telecommunications industry's initial response
changed from denial (rent a line, let somebody else develop digital
transport technology) to failures of imagination: too little, too late.
The nation itself had no industrial policy, no forum for choice.
The free market ran its course (creative destruction, boom & bust),
NATURE OF NEW DATA NETWORKS
networks are the alternative to time-division-multiplexed networks, and
the Internet has become the ascendant packet network. Here
are some of the major technological differences between them.
MUST SINK OR SWIM: Packets lead a
rough-and-tumble existence, dumped
into a network where usually no reservations have been made for them.
It may take 1,000 packets to get a long e-mail from Bob to
These packets may take different routes, arrive out
of order, get
lost and never get to their destination. Nor can any packet
mill around forever. Just as
its telomere gives a dividing cell only but so many divisions in life,
so an Internet packet's "Time To Live" parameter eventually ends any
doomed struggle to reach the destination. It's tough.
A packet's salvation is its header. Each packet is labeled
with its origin, its destination,
and the service or computer application it supports (e.g., e-mail vs.
Web page browsing). Should a switch mis-direct the packet,
switch it encounters can read its intended destination and perhaps save
day. If Bob's packet never arrives, Mary's communications
can ask that it be re-transmitted. Knowing they could arrive
order, Bob's communications technology numbered each packet
consecutively as it went out. Retransmission requests go out
communications technology tries to reassemble the original e-mail,
lines all received packets up in their original order, and sees gaps
needing re-transmission requests.
The chaotic nature of packet
transmission of data
makes more sense when one recalls that the
Department of Defense's Advanced Research Projects Agency (DARPA)
request for proposals to build a network able to withstand nuclear
attack. Information would continue to flow from Bob
to Mary even if several
major American cities were obliterated between them.
was meant to survive atomic bombing, but a bomb never hit the Internet;
the Internet itself was the bomb that hit the entire nation's
In sum, packets have no circuit reserved for them, no path
pre-arranged to take them to their destination. The packets
themselves each say where they need to go. Packets are like
unaccompanied children with their destination address pinned to them,
turned over bright and smiling to the airlines system.
last century's phone networks, you can tap only one phone line, but on
Internet you can only tap everything because there are no lines.
National Security Agency will find no Internet "circuits"
subscriber's phone calls, no path reserved for e-mails.
packets carrying all activities for all users are mixed together, the
National Security Agency will have to tap all activities for all users
when it is authorized to tap "just" a phone call or "just" an
e-mail sent over the Internet.
supports all forms of contact with others, which is to say all
social activity in personal, civic, professional and commercial life,
the Internet offers unprecedented opportunities for surveillance.
DISCOVER ROUTES: A packet network requires switches that can read the
addresses pinned to packets. Then what? Instead of commanding other
switches to make reservations, each switch was designed to ask any switch
within listening distance to identify itself. Each switch taught itself
the topology of the network around itself and made its own decisions about how
to route packets once it had peeked inside at the destination address.
Because the switches' key function is making routing decisions, packet
switches are called routers.
The first router was an innovative software program running
on a general-purpose computer in a university research laboratory. Specialized hardware followed later when
the boy & girl programmers in the San FranCISCO area founded the first – or at
least the first commercially successful – router company, Cisco.
To clinch your grasp
of routing, remember that each router has several lines plugged into
it. The request for other routers within listening distance
identify themselves is broadcast separately on each line, and responses
are tabulated separately. The decision of how to route a
packet after peeking at its address means deciding which line to ship
the packet out again on, given that switches with similar addresses
have announced themselves from somewhere down that line but not the
Routing a packet requires looking only at the destination
address, which is available early in the header pinned to the packet.
Doing more means looking deeper. Decoding (demultiplexing)
the Internet to separate from a deluge of packets the individual “applications streams”
(phone, email, Web browsing) requires
looking at header items like computer port address numbers. These
identify and distinguish phone application programs
from e-mail or Web-browsing applications. Distinguishing privileged
customers and interesting message senders from others requires looking at the
origin address. Some issues can only be settled by looking beyond the
header at the message itself.
National Security Agency must push the telecommunications industry to
develop and install routers that look beyond every packet's destination
address to read who sent the packet, and to sort out what ongoing
application flow each packet supports (a long e-mail message, an
ongoing telephone-over-Internet call, a visit to a particular Website,
etc). Reading more than the destination address is termed
packet inspection". Machines capable of performing deep
inspection are only now coming out of labs and onto the market.
Once deep packet inspection has identified a
targeted individual and a targeted activity, sending
the stream to
multiple places for surveillance is trivial. Until routers
performing deep packet inspection become universal, the NSA has had to
install specialized equipment from Narus in the rooms where it taps the
asserts that their "Lawful Intercept module is compliant with CALEA
[the Communications Assistance for Law Enforcement Act]. .
.[and] enables packet-level, flow-level, and
usage information [to be] captured and analyzed as well as [capturing
the] raw ... packets [themselves], for
analysis, surveillance or in satisfying regulatory compliance for
DEFINE WHAT TO DO WITH PACKETS. The rules which govern what information has
to go into a header and how a header has to be laid out, bit by bit and byte by
byte, is called a communications "protocol". The headers we are
discussing are the "IP" headers governed by the "Internet
Protocol". The “IP” protocol is a
low-level protocol that is concerned with moving bits through routed networks,
just as the “Ethernet protocol” family is concerned with moving bits through
the shared Local Area Networks found in offices and, increasingly, homes. Higher level protocols (Simple Mail Transfer
Protocol, Trivial File Transfer Protocol, or Transmission Control Protocol, the
“TCP” in “TCP/IP”) might assume the bits and bytes were OK, and specify what to
do when a packet failed to arrive within time X.
WHY NOT HELP SOMEONE
ELSE WITH **HER** PACKETS? The devices we connect to our
networks – cellphones, PCs – are powerful enough to perform their own routing,
yet the country adheres to a hub-and-spoke architecture for all its
communications infrastructures. The
free-wheeling, high-growth and rapid-innovation alternative is termed a
“fully-meshed, viral network.”
Today we attach each
customer separately and make them pay separately. But customers could
act collectively. By helping one another, users create their own
laptop computer has two-way wireless
connectivity built in ("Wi-Fi). The self-discovery power of
networks means that, by running routing software on laptops or
cellphones, laptops or cellphones will
quickly learn how to pass other people's packets onward. Recall
that is is how Cisco started -- Cisco Systems Inc. was founded on
success with a general-purpose computer programmed
to act like a multi-protocol router.
or cellphones-cum-routers create a self-organizing,
"mesh" network to serve other users. WAN (Internet)
access, "seeded" to some users, can quickly spread to many.
concentrations of users demanding service create even greater supplies
connectivity to serve that demand, as the pool of machines supporting
rises. More brings more. Mesh networks are”viral"
laptop drawn to it helps enlarge the network.
A viral network is self-extensible without the injection of capital or
infrastructure other than by users themselves.
Next, why can changes which would crash the national
phone system be done so often and so successfully on the Internet?
The emergence of viral mesh networks http://en.fon.com/ http://meraki.net/ has added impetus to cellphone and telephone
companies' moves to limit cities' abilities to create municipal Wi-Fi networks
for their citizens. The mesh would extend the municipality's scattered
telephone-pole transmitters and enhance, rather than overload, service wherever
people gather. Although empowered users have most often created
applications (eBay), often in their college dorm rooms (Yahoo,
Napster, Google), mesh networks are an example of empowered users
creating -- or at least extending -- the network itself.
is not always well-served by the response of its corporations to change. Cellphone companies’ restrictions on the
bandwidth, functionality and devices which can be used on their networks has
been linked to the United State’s failure to lead the world’s
cellphone industry (Tim Wu, “Wireless Net Neutrality: Cellular Carterfone on
Mobile Networks”, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=962027). Google has lobbied
to lift the restrictions on bandwidth, functionality and devices which
can be connected to any wireless networks set up in the 700 MHz bands
slated for auction in January, 2008. By permitting different
devices from different manufacturers to use the network, or permitting
new software to be loaded onto existing devices, Google opens the door
to virally (contagiously) extensible networks acting collectively to
displace legacy cellphone architectures. This is not a fight
between Company "A" vs. Company "B". It is a fight over the
country's choice to sit still or regain world leadership.
BANDWIDTH COMES FROM STATISTICAL MULTIPLEXING:
With packets streaming through routers, where is the bandwidth?
Bandwidth can be delivered because there are no fixed reservations.
At the edge of the network where customers line up for access
services, many will be connected to a single router, and the router in
turn connects to network trunks with greater capacity than any
customer's PC demands. If a customer is impatient to send a
photo to a
friend, the router can pass his packets out as fast as he can deliver
them. Traffic jams are brief because the network is
packetized. Packets can wait in a buffer or leave with
incredible speed, to exploit every available opportunity for transport
which comes up in the network. There is no fixed
"eight-thousandths-of-a-second" rule as with telephony's TDM
network core, after
all the customers lined up in many different geographical locations
have all been served and all their
traffic has been combined, there is only a steady drone. The
combined traffic of millions of customers drones through large routers
at the network core much as
in any other network's core.
Multiplexing is any service provider's road
to revenue growth, but this irregular or "statistical"
new. The bandwidth advantages of statistical multiplexing are
at the network's edge, where the United States has little new
infrastructure to take advantage of it.
National Security Agency must initially place routers performing "deep
packet inspection" in every neighborhood Central Office or, in the case
companies, in the "head end" location. In
our communities at the edge of the network,
speeds are slow enough to inspect every packet lined up in a buffer
before it is shipped out. As technology improves, surveillance can move
away from insecure neighborhood locations to more secret central data
Example: Edge routers aggregate subscribers onto
an OC-12 line running at 622 Megabits/sec. This line (and hence the
router) takes 1/622 millionths of a second to get out one bit by
definition, and 3.2 millionths of a second to get out a packet that is 2000
bits long (a plausible length). We all have PCs running at a
Gigahertz or better, so we can run a program for 3,200 clock pulses as we
try to inspect the packet before it must ship out. Two
hundred lines of assembly code (at 16 clock cycles/instruction) is
enough to inspect sender and receiver addresses. Modern pipelining architectures bring us close to 1600 instructions/sec, but in practice, specialized hardware, not general-purpose PCs, is used for packet inspection.
deep enough to begin to look at
the contents itself (what you said in e-mails) is possible at line
speeds today, provided the machines are installed at the slower network
edge (2.5 or 10 GHz), not yet the core (40 GHz).
An example is the Biscayne chip from Bay Microsystems, "a programmable
classification processor that can parse, classify and police packets
and cells at rates up to 16 Gbps, at minimum packet size, regardless of
traffic patterns." An inspection performed “at line
speed” delays nothing and no one using the network will be aware of it.
FOR THE NEW DATA TRAFFIC: Where are the
country's great and not
great networks to carry this traffic? After long sanctioning
construction of only a single
network with a national footprint by only a single player
the nation came to have four networks by 1990. They were AT&T,
and Williams, an energy company with the bright idea of blowing fiber
optic strands down old pipelines for natural gas, producing
mile fiber network, later increased to 26,000 route miles and today
perhaps the world's only terrestrial network that almost never gets cut
backhoe. (Most of Williams' original network was acquired by
WorldCom/MCI and passed ultimately (2006) to Verizon. By
however, Williams had duplicated it with better, more modern fiber.)
the nation's more limited networks. For example, as data
and other new
traffic arrived, Sprint's network lacked the capacity the company
by a factor of four, a factor of 16, a factor of 32.
was maxed out -- you can't line up any more slots for any more
subscribers, because no electronics can squirt out what is already
there any faster than it already is. With little juice
left to squeeze from their electronics, Sprint was saved by advances in
photonics, which permitted first four, then 16, then 32 different
channels to be crammed onto a single maxed-out fiber. This
is DWDM technology, "Dense Wave-Division Multiplexing", a name
derived from the different wavelengths
of the 32 discriminably different lasers all shining into a single fiber.
possessed by these early players is already obsolescent. With
the electronics maxed out a decade ago, they now find their photonics
is maxing out as well. New
players can exploit newer photonics and avoid costly electronics more
Fiber technology changes. The most
valuable asset to own is not the fiber but the hole in the middle of an empty
plastic conduit where new fiber technology can be blown through cheaply and
faster than any "dig first" competitor. Unlike passive copper
wires, fibers exhibit large interactions between electromagnetic radiation
(the light) and solid matter (the glass). In fiber optics, the glass
is "doped" with controlled impurities, as transistors are,
producing ever-new ways to exploit these interactions. In new photonic
crystal fibers, we are learning to manipulate the quantum physics of the
light-glass interactions with nanotechnology. Most of us think of
fibers as wires. But fibers are an active component in a system
that exploits solid-state physics in ever-emerging ways. While
stockholders may think that once all their fiber is laid, the company in which
they have invested is "done", others might say it's done for. The
company best prepared to benefit from continuous advances in optical fiber
physics is Level(3), under the leadership of Jim Crowe.
Meanwhile, the 22 local Bell
operating companies that consolidated first into seven Regional Bell
Operating Companies (RBOCs) have now consolidated essentially back into the
original AT&T plus Verizon. These players had no national
network to begin with. They were the nation's local phone
companies. The cable TV industry was born as CATV, "Community
Antenna Television," in which Mom and Pop put an antenna up on the
mountain and brought the signal down into homes in the valley. CATV
operations consolidated into MSOs, "Metropolitan Systems Operators"
who now covered entire metropolitan areas. But these
players possessed no national network either. They are access-at-the-edge
players running legacy technology.
And so it comes to pass that the
nation waits for a modern national telecommunications infrastructure on a
duopoly that has never built one.
WITH BURSTY DATA -- NOW WHAT?
Data compiled by
International Telecommunications Union (ITU),
See also Consumers Union & Consumer Federation of America at
The decline of the USA will accelerate, as other countries
already have technologies in place
offering more bandwidth at lower cost
than our legacy duopolists, the
telco and CATVcorporations.
saw how, with
everyone's needs "chunked" into packets, it is easy to share the
network among many users, one chunk at the time, without hogging.
Bandwidth is flexible -- no router was ever forced into a
round-robin of servicing 32,256 slots even if most were silent (no one
talking). If few people are lined up for service, the router
pass a whole string of your packets out as fast as they come in -- a
welcome burst of
good service, and a far cry from waiting an immutably long time to get
your 8 bits out. Statistical multiplexing handles the bursty PC
data that was the downfall of legacy voice networks. Beneath
these technical advantages lies a lot of complexity that few understand
and most insiders do not want to acknowledge. We will do better.
We will acknowledge the Internet's complexity and then figure out
why the Internet has been so successful anyway, so explosively
innovative despite its complexity.
EFFICIENCY IS NOT BETTER EVEN THOUGH EVERYONE SAYS SO: Packet-based data networks
are not more efficient than legacy voice networks in the sense of being able to
run their trunks closer to full capacity by selling reserved slots to all the
space in advance. People speak of packet networks’ “efficiency”, but in fact
packet networks like the Internet are designed to be less efficient in their
use of cable capacity. The
truth is that
the capacities of new-technology networks have grown so fast that old
utilization rules are not high on everyone's business plan
anymore. Serving enough users and purposes so that traffic evens
out is called "statistical multiplexing". If your service is global,
even the day/night cycle evens out.
Statistical multiplexing is favored by those
with new, high-capacity networks while those with more limited legacy networks
favor schemes for controlling access to networks, favor limiting the
permitted uses of networks, favor charging fees to limit traffic growth
instead of expanding the use of transport services, and favor schemes to
"improve" the Internet's packet-routing technology by adding
the centralized control and complexity that is such a notable feature of our
legacy voice infrastructure.
IS NOT BETTER EVEN THOUGH EVERYONE SAYS SO:
Operating System" used by operators to configure and control Cisco
routers is said to have 15 million lines of code. The
software embedded in a core router adds up to about 8 million lines of
code. That's a lot. In the legacy
voice network, the comparable 5ESS switch has 10 to 18 million lines of
code. This switch bears the brunt
of setting up (reserving) calls and providing customer billing and
the core, where traffic aggregation has already long since been done,
transport is the order the day, and transport voice switches
on only about 3
million lines of code. Simplicity of one box vs another is
the key to understanding where the Internet's success came from.
So far, the Internet has prospered despite growing
complexity of edge and core routers. Any FCC or Congressional mandate for
routers to support “fast lane” customers or to support homeland surveillance will
make them more complicated.
In sum, the Internet has roared to greater success
than any previous network without either greater simplicity of the
computer code used to direct traffic, or greater ability to get
any pipe 100% filled with traffic ("efficiency"). The
actual technical advantages of the Internet are two:
1. BURSTY DATA IS HANDLED WELL:
The best parts of the nation's telecommunications
infrastructure are all-digital, not analog; they increasingly integrate
cheap photonics and expel expensive electronics; and they are designed
for data not voice because they are packetized, not Time-Division
Multiplexed. A packetized data infrastructure (Internet
Protocol or "IP" packets, Ethernet packets) can handle the sudden
bursts in demand for transport -- and the long silences afterwards --
that distinguish data from voice traffic. Internet transport is built
on this packetized infrastructure; the Internet's ability to handle
bursty data is its key technical advantage. If no one else is
the user can get an entire fiber (an entire router port) leading
out of the central office, not a slice of it, and finish her
2. USERS DO NOT NEED PHONE BOOKS: It is also pleasant
to have free "411"
service built into the Internet in the form of the Domain Name Service
(DNS). Both contacting a Websites (to have a look at it) and sending
e-mail require you to go to a particular computer with a particular numerical address.
These machines are the Web serving computer that
pages you wish to see, or to the e-mail serving computer that holds the
e-mail account of the person you wish to reach. Yet we all
address each other by our
(not numbers), and no one has to type in 22.214.171.124 -- oops, changed to 126.96.36.199) in order to get
a Web browser to go to "google.com" (although if you do, it
will). Before a new Web page comes up on your screen, your PC
already asked for and received the needed address number from a Domain
Name Server with a "telephone book" of human-meaningful domain names.
SOMETHING ELSE IS GOING ON. WHAT IS IT? But this is not enough. The
success of the Internet
cannot be deduced from technology as certainly as the failure
voice infrastructure was pre-ordained by it -- the eclipse and
X.25 packet networks, Fidonet, Bulletin Board
Systems, Frame Relay
networks, Asynchronous Transfer Mode mini-packet networks,
Integrated Services Digital Networks, the Bell System itself, wires,
switches and all. You, poor reader, have endured a long
Mini-Tutorial for seemingly little reward, since its underlying telecom
technology no longer drives the Internet's future. Because
technology no longer drives the Internet's success, technology cannot
prevent the Internet's failure. And that, dear reader, is why we
are here. We are here to pass the baton. Success of the
Internet Age, born with the new century, depends on Internet
philosophies (of design), cultures (of large social communities
developing/maintaining technologies) and political empowerments (of
users creating new things for networks to do).
end with a look at two changes in what the Internet could do (or what
users could suddenly do with the Internet) that were stunning in their
unimagined novelty and breathtaking in their swift ascent. Why does
this keep happening on the Internet but yet it never happened once on
nation's prior, ascendant national
infrastructure, the phone system?
Why does it keep happening? The Internet's future depends
on the willingness of society to find and to accept the answer to this
NEW APPLICATIONS RIDE THE NEW NETWORKS
changes in Internet technology that we will take as case studies are
Napster and BitTorrent.
ORIGINAL NAPSTER: After graduating from Harwich
High School in
Shawn Fanning enrolled at Northeastern University. His freshman
roommate complained that there was no easy way to find MP3s on the Net.
Search engines were often out of date, leaving dead links where the
music had been. Shawn surmised there could be a way to
breadth of search engines with the "presence awareness" of systems like
instant messaging (IM), that tell you who on your "buddy
list" is signed on at any given
time. The link would not be dead if you knew the person was
The new system wouldn't incur high bandwidth costs.
users to store their music on their own computers, the new
could just connect a pair of people and then drop
and go away. Shawn solicited his friends for
1999), including Sean Parker (also 19 at the time; met him online),
Evan Brewer (ran the first server holding the new application)
and Jordan Ritter (took over development of the server half of the software).
people did most of the work of creating the new technology.
new system was put up in the Spring of 1999. It had
registered users and a lawsuit by the Recording Industry Association of
American (RIAA) in less than a near. On Sunday, 11 February
observed 1,768,458 files available for download, representing 7.5
terabytes of data. Out of bits and pieces of hard drives on
around the world, the Internet had synthesized a 7.5 terabyte
distributed storage system--a capacity that would have
million to buy as a big cabinet less than 10 years earlier.
a matter of policy, Napster only reported the portion of their system
being handled by whatever particular server a user like myself had
landed on that day in February. The total size of
community frequently reached one million concurrent users (November
2000), not the 8,981 shared libraries I saw. Multiply my
numbers by 100.
individual conceived, developed
BitTorrent, making fast file transfer on slow networks possible.
Files transferred faster than before can be bigger than before.
BitTorrent users began exchanging movies in a nation still
mailing red Netflix envelopes.
was new? When Bob sends a long e-mail to Mary, Internet IP
"protocols" govern cutting the mail up into packets, and the
TCP rules or protocol dictate how software anyone writes is supposed to
count the packets and do something if one of them never makes
stop at Bob and Mary? Bram Cohen, BitTorrent's
software that broke any long file into jumbo-sized packets
that he controlled. Many Internet Protocol (IP) packets are
encapsulated inside one Bram Cohen BitTorrent packet. The
Internet's TCP/IP protocols take care of delivering everything in one
jumbo-packet. Bram Cohen's BitTorrent software keeps track of all
the jumbo packets of a given file. The jumbo packets come to be
owned by users all around the world. If you want a particular
file, dozens of people around the world can contribute simultaneously
to getting it to you. When delivery streaming in on a
globally-based torrent is complete, Bram Cohen's software checks the
final file's integrity. It's not Bob and Mary's email anymore.
added a social insight to this technical innovation. A movie
might be 1,000 jumbo packets long. Cohen's social insight was to
every user to upload his packets to other users even if she only had
of them, as a pre-condition to downloading any of the thousand
additional packets she might still need and be impatient to
receive. The specification for BitTorrent --
what the sources (hosts) have to do, what clients do to start
receiving, the checks and messaging -- was placed in the public domain. Every
different computer needs a different version of this complex software
(Apple, Linux, Windows), different users prefer different clients
(small and simple, complex and capable), and all clients on all operating systems
will have to be taken through bug fixes and their own evolutionary
growth. Given technology made public to begin with, the user
community did all of these things.
The program had
explosive success. The resulting traffic increase was
detectable all across the Internet, from
the access ramps of university campuses and ISPs at the network edge ( http://www.wired.com/techbiz/media/news/2005/04/67202
), to the network core (harder to measure).
BitTorrent has cut a deal with Warner Bros. to distribute their movies.
at the interplay of technologies here. You and I each
BitTorrent program (the "client") to make
non-standard jumbo packets that are pretty long because we're
files that are pretty long. Our BitTorrent client insists that we
share a jumbo packet, so we begin sending out the many conventional IP
packets which the jumbo packet embraces. Our computer's
conventional software follows
internationally agreed upon rules -- not Bram Cohen's -- for making IP
packets and using TCP procedures to throttle traffic, detect
no-shows and request re-transmissions if necessary. It is
immaterial that TCP/IP will only
one pair of computers at a time, that it breaks each of our jumbo
because it prefers chunks 21 times smaller, or that it adds (and strips
away again at the destination) all kinds of origin,
packet information even though our BitTorrent software has already
added our own destination and packet number information to each jumbo
The key lesson here is "layer
-- you can do anything you want in your part of the
Internet as long as you don't change how you look to others.
BitTorrent's request is no different from Bob and Mary's.
Bob and Mary's little IP packets get strung together into one
e-mail and they are happy. We use the same little IP packets,
but, from them, our technology creates and manages jumbo-sized packets
that become movies, as BitTorrent continues to scour
the Internet, looking for our "wares" and trying to strike more
The battle cry is just deliver the
It is no matter that at the other end a program will
convert one stream into an email and another program will convert
other stream into a movie, music library, or major software release.
It is no matter than one program, like the telegraph before it,
like the phone system before it, is a message between two users, while
the other's functional architecture is a revolutionary many-to-one
traffic flow. The TCP/IP service provider companies will
perform the delivery according to TCP/IP rules regardless of whether
transport providers in turn use fiber optic or microwave
as the physical signals. Bram Cohen does not care if he has
packets only to have the TCP/IP guys chop them up again their way, as
long as his stuff is put back together again at the other end. Just
deliver the bits. Similarly, the TCP/IP guys do not care if the fiber and
laser guys in the layer below them are rebels with a radically new photonics technology and so they
are not running the Dense Wave Division Multiplexing on the standard
wavelengths officially sanctioned by the International Telecommunications
Union. Just deliver the bits. Leave the layers independent.
SUCCESS AT INNOVATION is
the GREATEST SUCCESS OF ALL
terms of millions of lines of code in switches or routers, the Internet
is no simpler than the legacy voice infrastructure. Yet how is it that
outsider has ever made a contribution to the nation's voice
infrastructure, while 19 year olds are walking out of their dorm rooms,
signing up users by the millions, and changing the
entertainment industry forever?
The innovation of people like Tim Berners-Lee (invented the
World Wide Web), Shawn Fanning (Napster) and Bram Cohen (BitTorrent) does
have its parallel in the voice world. In the 1980s, PCs appeared on thousands of
desks, and were joined in hundreds of departmental LANs and drove corporations
to seek data transport to scattered branch offices. In the 1980s, the voice-services
Bell System essentially walked away from the data business.
Bells sold private lines from point "A" to "B" and left it
to the corporations to figure out what to connect to them. The United
States became the
fountainhead of digital innovation as hubs (stackable, switching, remotely
manageable) and ever-faster routers were invented and improved. Startups
swarmed to the Internet, reached billions in market capitalization on sales of
real products available nowhere else in the world, and made the NASDAQ the
“technology index” it is today. The
innovation took place because the innovators did not have to learn the millions
of lines of code in the difficult and risky-to-change SS7 signaling language
and ESS5 switches. They were outside the system.
Internet innovators are in a similar but far superior position to
corporations 25 years ago. Someone creating the World Wide Web, Napster
BitTorrent does not have to know the millions of lines of code that
packet routers work, nor guarantee the integrity of the Domain Name
(DNS, the Internet's "411" service for looking up numbers), let alone
ask for favors from the fibers and photonics crowd. So, yes,
there is that point of similarity between U.S. corporations forced to
invent data networking when the giants of voice networking
turned their backs on them. They, too, had to do things
that had never been done before, invent equipment, create the tools to
build a different world. But there is one overwhelming
difference. That difference has made the Internet a globe-turning
event, and left the legacy voice infrastructure unable to meet the
Unlike the corporations of the 1980s
forced to invent data networking by an indifferent Bell System, today's
Internet entrepreneur holds an Internet connection to the world in
his hands. Instant global markets of millions have turned
twenty-somethings into multi-millionaires before capital investments in
factories, before human resources and ID badges, before a global sales
force of feet on the street, before they are thirty. Is this the
Yankee can-do spirit
at its finest, or what?
SUMMING UP SUCCESS
1. LAYER INDEPENDENCE
independence" summarizes the idea of being able to create something new
under the sun without having to master other parts of the
without having to get permission from other people running
of the system.
The opposite of layer independence is a
transport operator claiming the right to refuse service to some
applications, to refuse connection to some devices (the Deutsche Bundespost and modems) or
claiming the right to make some applications run slower than
others after everyone has paid his access fees and climbed aboard.
transport the bits" reply critics, who say data transport, like rail
transport in another century, is a national infrastructure that should
be treated as a common carrier with publicly posted tariffs.
pay the tariff, you can ride the system. Anything else
stifles the nation's rush to a brighter future. Just deliver the bits.
inventors sit "on top of the stack", with no one in a higher layer
assuming everything below will work. But some
changes to deeper layers. They, too, depend on those
handle their traffic as long as they pay for it, but now obligations to
those above arise as well. The startup Fonera, offering
software to convert any laptop into a router, is creating a TCP/IP
network on a physical medium (wireless) and in geographical
where one never existed before. It's their router and it does
to master or mimic the 8 million lines of code in a big Cisco core
router, but it certainly must conform to the TCP/IP rules for handling
the packets of others (other applications like Bob and Mary's email). Conforming to rules is easier
rules are public within all of civic society and available on
Internet, rather than deemed proprietary and thus sequestered
intellectual property under corporate ownership. The
Internet in its early successful growth phase was just such an open community.
2. OPEN COMMUNITY, OPEN SOURCE
infrastructure has been a stunning success compared to
the lack of innovation in the older voice infrastructure because all standards are
public, and much software
is provided to civic society as open source technology.
Who supports this technology?
legacy voice network employed about 1 million people at its peak to
keep it going. Currently, Telcordia (formerly Bellcore)
professionals to maintain over 100 million lines of
billing, provisioning and other support systems for the nation's voice
infrastructure. The Internet is supported by volunteers
and able to survive as peers in a community of experts.
The Bell System
had one million employees. The Internet is supported by
volunteers. I think we need to look at this more closely.
The Internet has a process for proposing drafts and bringing
them to RFCs (Request
for Comments). Servers run mailing lists and you (Seriously!
subscribe to RFC lists and discuss arcana with wonks. RFCs, when done, are in effect standards
for the Internet. RFCs are passed (become network
standards) or rejected by rough consensus by
joined the open mailing list of experts. Internet technology creates Internet technology: Internet technology
like the mailing list is used to support
collaboration and create a virtual community of experts who sometimes
even meet face to face under the auspices of the Internet Engineering
Task Force (IETF) https://datatracker.ietf.org/public/meeting_materials.cgi?meeting_num=66
like the IETF and the World Wide Web Consortium are more responsive to
public needs and more inclusive of civic input than formal industrial
standards organizations like the International
Union ITU-T (formerly CCITT, Comité consultatif
télégraphique), and have done well in guiding
changing technologies that have a big impact on private and
commercial life. To change the world, consult it first.
professor Dave Clark, a graduate student of Jerry Saltzer at MIT and now himself
the grand guys of the Internet, may have unintentionally
written the IETF anthem in his A
Cloudy Crystal Ball/Apocalypse Now
presentation at the 24th annual July 1992 IETF conference. Today, it's
immortalized on T-shirts: "We reject: kings, presidents, and voting. We
believe in: rough consensus and running code." Which might translate
to, "In the IETF, we don't allow caucusing, lobbying, and charismatic
leaders to chart our path, but when something out on the Net really
seems to work and makes sense to most of us, that's the path we'll
If only they knew more technology, this is the heaven that every
Congressman would want to enter.
individuals creating a new Internet application (e.g., BitTorrent)
pursue the same open
approach as the Internet itself. By spelling out how his
), many third parties are encouraged and
enabled to support the innovator's new initiative. Others
applications that are "aware of" and use his new way of using
the Internet, and Internet
technology is extended to many countries and millions of lives.
students study the difference between the unique and uniquely American
Internet Engineering Task Force and
industrial standards organizations such as the
Telecommunications Union and the International
3. USER EMPOWERMENT
38 years the 911 emergency calling system is still not fully
implemented but innovation continues to accelerate on the Internet.
individuals have had a global impact. World-beating
from politically empowered users. An Internet user who wants to try
something new does not have to ask permission.
One network stifled American inventiveness,
the other propelled it and us beyond anything the world had seen
before. For what kind of person is this a hard choice?
Success at innovation has been the greatest success of all. The
idea of building a single-purposed national infrastructure
over and over, one for telephones, one for television, one for Internet
browsing and email, another for movie viewing -- all that is archaic. We are innovating our way towards
national telecommunications infrastructure that is a platform for
endless innovation, not a way of serving needs passed and increasingly
forgotten, not just for "seeing what's on TV". The future
"telephone industry." The future holds no "cable TV industry".
Thank you for completing the Mini-Tutorial, doubly so if
you made it despite scant love of tedious technology.
This backgrounder should convince anyone now striving to extend constitutional law and public policy (the
to the nation's new digital
infrastructures that the creativity demanded of civic engineers today
exceeds the demands on the people who created the networks in the first
place. We technologists of the information revolution stand
the shoulders of those who made revolutions in chips and computer
electronics, in photonics and communications networks. We
you a revolution of such impact on the daily lives of social creatures
that it is now a social revolution, not a technical one. As a
social revolution, it is up to people who understand civic policy and
culture to guide it.
for the declining voice providers. The technology of Time
Division Multiplexing set the industry's fate long in advance,
though there was no national recognition of the obvious, even though
there was no
national plan for a replacement infrastructure, no national industrial
policy in a nation used to getting everything and making few choices.
central office switches are worth about $250 billion (some
say $500 billion). Perhaps some of the rest can
used. Man can never read the writing on the wall until his back
is up against it.
cannot guarantee the success of the packet-based Internet even
technology did forecast the failure of the nation's voice
The Internet's success comes from
Of course, if
independence of layers is maintained, the only thing that can happen to
operators of other (transport) layers from an explosion of innovation
and creativity in the user community is greater revenues and
-- new applications attract more business, create new markets, and
people to live, play and work in ways that used to be impossible (but
which now require buying more network transport service ! ).
What kind of person is uncomfortable with such a future?
- a philosophy
of independence between operating layers,
- a culture
of openness -- not copyright, not corporate ownership, but openness for
standards & specifications ("protocols") and even source code,
which lets users create new applications to run on the applications
layer of the network without
having to get permission from service
providers who operate other layers of the network.
success of the Internet comes less from the use of a particular
technology ("packet", "router") and more from a broad philosophy
design, from a
culture of openness, and from political empowerment of
users, a technologist like me cannot promise you
the Internet's continued
a technological success it is. A technology that enriches entertainment,
contact, and everyone's access to the cultural triumphs of their
civilization can renew civic society and American geopolitical power in
the 21st century. But the Internet success story is
that can only be sustained by a civic society that understands it.
The nation can walk away from the culture and values that made the Internet a success.
At some point, the people in a technological civilization must
understand their technology or lose their civilization.
I hope this quick tour of a tumultuous time encourages you to embrace
the Internet's philosophy, embrace its culture, and
empowerment of users. Empowered users have innovated
centrally-managed, "command economy" of the voice network stagnated.
The Internet is an American success story, Department of Defense,
National Science Foundation, volunteers and all. But alas, " ...the Internet and e-mail are
the most surveillance-friendly media ever devised."
--M.A. Caloyannides, Mitretek
Systems, writing in IEEE SPECTRUM, May 2000 p. 47.
("IEEE" is a
professional society of engineers, the Institute for Electrical and
Analog or digital?
Time Division Multiplex
switches or packet routers? Electronic or photonic?
choices have all been made, but civic society has not yet chosen
between surveillance and free innovation. Surveillance
is the dark side of the
Internet. The risk is that the United States will get the
surveillance as the rest of the world gets the innovation. Others
will enjoy the innovation that once made us proud, and others will
capture the prosperous growth that once made us the envy of the world.
Jerry Nelson, Ph.D.
Institute for Electrical and Electronic Engineers
Society for Neuroscience
Optical Society of America
jerry-va removethistext at speakeasy.net
was written as a
backgrounder for those trying to understand the warrantless wiretapping
program run by the National Security Agency (NSA) in secret, and in
contravention of the Foreign Intelligence Surveillance Act passed by
NSA's system works and what it does
is easier to fathom than society's inability to respond to
information on the Foreign Intelligence Surveillance
Act itself, the court that administers it, and many related links, see
Federation of American Scientists:
To look up technical terms, enter requests like these into your search engine:
look up any Representative in the House of Representatives ("The
House") or any Senator in the Senate:
define teraflops, or
supercomputer glossary or, supercomputer ~glossary
http://senate.gov/ - the "Senators" link lists them.
To find your particular Representative and two Senators:
This is the Mini-Tutorial on telecom networks and the Internet.