Thursday, 28 October 2010

How regulator's and Telco's are holding up the Internet of Things

Well, I got quite a few reactions on my work on Machine to Machine communications. Some of it was critical and deserves a reaction. Many people however are also very positive. Bill St. Arnaud has referred to me multiple times now on his blog. Telco2 has invited me to speak in London on November 9-10. The Apple and Gemalto rumor stimulated me quite a bit more to finish the piece below. BTW I think Steve should talk to me.

I'll go through the criticism point by point. It starts of with that M2M is overrated and who really wants this. The next section is, that I misunderstood technology or misidentified solutions. Then a short intermezzo to explain that even if technology was a solution, it wouldn't solve all and then I lay all the blame on regulators. To get some background, flip through the presentation

BTW the spicy title is because it seems I get better response to spicy titles than to none spicy titles. Fear sells and I happen to know some regulators read this blog, so this may give them reason to forward the blog.

Where do we use M2M?
There are many ways of doing machine to machine communication. Much of it is already done in Scada systems and generally uses wired networks. One of these may be analysis systems for hundreds of thousands of sensors in chemical plants. All of this is wired communication. However unlike chemical plants most systems don't sit nicely in one place, they either move or are too distributed.

  • When going outside of individual sites like chemical plants, fields with windturbines etc and going into the general society there are still a gazillion machines that could benefit from a communication module. Such machines are:
  • beer ceggs in bars, to check on quality and beerlevels. 
  • trains to check on seat availability, roundness of the wheels, info displays etc. The average Dutch train now has 4-5 communications devices
  • sewage pumps
  • water pressurizers in high rises
  • fire extinguishers of various kinds, sprinklers, but also gas (require specially trained personel for access)
  • streetlighting: A colleague is working on LED streetlights that are more energy efficient change color and intensity based on the situation. ie presence of people or to warn people of oncoming ambulances or to guide people to and from a concert.
  • smart meters: two types are available. Those for residential use are mostly in a pilot fase. Those for high use customers send values every few minutes to allow for peak shaving and real time trading. 
  • consumer electronics, like the 1.4 million devices TomTom now has that are equipped with real time traffic data, or the Amazon Kindle 3G or the Kindle DX, but also other devices like digital photo frames. 
  • Transport applications: Like eCall, OnStar, monitoring by lease and rental companies etc. Cooperative Vehicle Information Systems (CVIS) etc. 
Roughly anywhere and everywhere, where there is a device that can measure something for us, do something for us, or that we want a status of.

What networking technology to use in non-fixed sites?
Having done some architectural analysis for these kinds of systems, the general conclusions on what network to choose are as follows:

For fixed locations:
  • Plain Old Telephone System: Always worth a look at. Not fast at 56k6, but it will be around for a while. Bad is the dependence on the owner of the location, certainly with the 20% who are mobile only now, the possible presence of ISDN or the lack of it. 
  • piggy backing some broadband network: Relies on the owner of the building having broadband and the broadband provider allowing some easy hookup. Not useful for critical systems like smart metering or health. 
  • Wifi: Essentially means piggy backing someone's broadband connection. Unfortunately there is no uniform standard to establish the piggy back or just to hook up to a WPA2 encrypted access point.  Also in less densely build areas the coverage of wifi may be too little to find a working node
  • Powerline Communications: Only possible if you are the electricity company. And even then it is unfit for loading data every few minutes, ie for peak shaving. Most PLC nodes can only handle a couple of hundred hours at once every 24 hours. The fact that it uses mesh sounds cool until you actually look at what is a self organizing mesh network. This also means it only works if an entire neighbourhood is fitted with PLC. 

For mobile and dispersed locations:
  • CDMA450: Hardly supported in Europe, but KPN has decided to build an M2M network on it. 
  • GSM-family: Global coverage, though for 2G and 3G limited in North America and Japan. Coverage is almost universal. 
  • Satellite: Only if you have line of sight. Which you always have everywhere, except where you're at. Also not capable of holding large numbers of users and expensive too. 
  • Wifi: No handover capabilities at all, no coverage outside the front lawn or backyard. 

 Notably absent:
Wimax: huh, what?

So, I hope this does away with some of the criticism on why I'm looking at GSM-family only. CDMA450 is a possibility, though architecturally it is so similar to GSM that even the SIM-card is included these days and it makes use of IMSI's too. If you know of any other technology that would work, please tell me. I have major energy networks who would love to talk to you as they have tried every version of the technology listed above. 

Are there really any problems with the combination of GSM and M2M?
Some people say there isn't a problem and I've got a solution looking for a problem. Yes, there are problems. Don't trust me, trust the GSMA, ETSI and 3GPP who have published on the issues that come from the use of the GSM family for M2M.

The biggest business problems have to do with the whole lifecycle of the device. What makes M2M different from consumer communications, is the lack of the consumer. The consumer can be trusted upon to change handsets every couple of years and to do all the practical work, like switching SIM-cards, choosing operators etc. Unfortunately M2M devices have to function for 30 years in the field without tender loving care. Some examples of problems identified:

1.      The costs of roaming: One of the big problems, certainly for consumer electronics, but also for other devices is, that you never know where they will be used. An Italian may buy a GPRS equipped TomTom or Kindle in Amsterdam and use it Croatia. The device has to work everywhere and preferably also with the lowest roaming rate available. Working everywhere isn't a big problem with the coverage GSM offers. Getting an efficient roaming rate is however very hard. I've heard it to be compared to Sudoku multivariate analysis. No matter who you choose, if they are the cheapest in Scandinavia, they are the most expensive one in Southern Europe and if they are cheap in Eastern Europe, it's expensive in Western Europe. At the end of the analysis, all networks cost exactly the same per month The reason for this is that no network is truly global and the other networks have no reason to play nice. They just see a device that belongs to a foreign competitor, so there is no reason to drop prices. For all they know and care it's a consumer, who will be fleeced by it's home network for using data roaming abroad. The solution may be to use different devices for different countries, but then the Italian guy can't buy a TomTom in Amsterdam and use it in Croatia. Furthermore retailers don't like devices that are country specific. They want the flexibility to buy one device and distribute according to need across Europe. Producers preferably want one device for the global market. The only market that is a bit exempt of this is North America, only a few networks and continent wide coverage of some sorts. 
2.      Getting full coverage in a country. Unfortunately most fixed applications and some mobile applications suffer from the fact that perfect wireless coverage is almost impossible. If the telco changes antenna orientation or someone parks a truck or builds a building in the line of sight, signals can get lost. This happened for instance to a municipality who had equipped some traffic lights with GPRS to allow them to coordinate the flow of traffic, then one day the orientation of the antenna changed and service was lost to two traffic lights, gone too was a perfectly managed traffic flow and back were the traffic jams. Really bad is it that in most cases the competing networks still have perfect coverage. So how do you get a device to use the network that is available, regardless of whose it is. 
3.      Switching mobile operators: There are a myriad of reasons why a large scale end-user may want to switch part or all of the M2M devices from one network to another. Some of them include; switching supplier of network, merger with another company, selling of part of the M2M devices to some other company etc. Just imagine what happens if Sony would sell its eReader business to Amazon. Amazon may not want to stick with Sony's mobile network provider. Another example that got me involved in this discussion.  A customer was faced with a European procurement procedure for mobile communications services and wanted to know how it could prevent future SIM-swaps as these were getting costly for their 10k devices (which most likely would grow substantially in the coming years). The costs are in the either logistical chain. First of all getting the right SIM to the right person, managing who uses what and where. Do you switch during regular maintenance or when the SIM-switch is. Regular maintenance can be once every 5 years or never in case of smart meters. All of this is problematic, difficult and often underestimated at first. So it costs serious money to fix.
4.      Lack of innovation: It’s quite possible to use SIM-cards to authenticate over other networks than just the GSM network. One could think of automatic authentication on wifi-networks for instance. Unfortunately telco’s are currently blocking much  of the needed innovation, because of a fear it would cannibalize their revenue in data sales.
So yes, these are some pretty big issues

Is there really no technical fix for the three issues?
People have suggested I didn't look to closely at the technical solutions, so I'll review those that have been suggested to me. Do understand that on the SIM-card there is a unique IMSI that is tied to an operator and operator specific encryption. The first six digits of an IMSI-number are used to find the network that the device belongs to and authenticate it:
  1. Multi-SIM devices. Why not stick a SIM-card of every operator you want to deal with in the device and you're done. This solution has some appeal and may work for fixed locations. Most countries have only 4-5 physical networks. So if you disregard the MVNO's, then putting 4-5 SIM-cards in a device should do the trick. Of course when working on an international or global scale this fails quickly; there just isn't any space in the device for all the SIM-cards. Furthermore even mobile markets change, in NL alone in the last couple of years 2 networks stopped operating, when bought by competitors and likely 2 new one's will start in the coming years, when the spectrum is auctioned. So Multi-SIM is rather static. Furthermore, SIM's often carry a monthly charge regardless of them being used. This is because telco's often pay per 'activated' device to their suppliers, so this solution increases costs. 
  2. Multi-IMSI devices: Why bother with physical SIM's if you can put multiple IMSI's and associated crypto-keys on to one SIM. This might be a solution, However, telco's hate the security implications of it. There is also a question whose SIM-card it will be if all those IMSI's are present. At the moment the SIM-card is owned by one network. And it's a terrible waste of IMSI's, you need one IMSI per operator that could possibly be used. Assuming global coverage, that's more than 800 not counting MVNO's. Multi-IMSI is used sometimes, but mostly by operators with for instance a European footprint who load their IMSI's unto the SIM-card to allow for local coverage. Vodafone NL does this by loading a German IMSI unto phones of Dutch customers who want to be able to call, should the Vodafone network go down. The phone then switching to the German IMSI, which does allow for roaming anywhere in the Netherlands. 
  3. Over the Air provisioning: This has been extensively researched by the security working group of the 3GPP. They have some interesting solutions, which are described in my report. However, the mobile telco's hate it. The GSMA who represents them has said twice that it hates any form of over the air updating of SIM-cards. It sees it as an abomination. So unless they change their mind, it's a definite no no for this solution. 
  4. IP-adresses will fix this: sorry, but unfortunately being tied to a mobile operator happens at a layer below the IP-adress. So it may well be that a company can span it's corporate IP-adresses all the way to M2M devices. They may also be able to use different IP-adresses, but this doesn't fix the problem. Changing mobile operators requires that different IMSI's are used and you can't change IMSI's over IP.
So there you have it... technology doesn't save the day. Not the on the technological side and as we will see, not on the business side either.

Business problems not fixed by technology 
Even if we would be able to use a technical fix, unfortunately it won’t fix all business issues. These two below are the most impartant ones.
·       The price of roaming is fixed by the telco whose network you aren’t roaming on.: The biggest problem for a large scale M2M user is that he is completely dependent upon his mobile telco. The M2M user can only do what his telco allows him to do. This is true for the choice in technology, but even more so for the choice of roaming partners. The way roaming works is that telco's charge eachother a wholesale price for roaming. This wholesale price X is secret. The retail price that the large scale M2M user pays is X plus something Y. But because X is secret, Y is unkown too. So the customer only knows he's paying X+Y. It is impossible to verify if X or Y went up or both if the rates change. Also for the networks that the customer is roaming on, it's impossible to distinguish the customer based on IMSI-number. How would they know for sure that a specific IMSI belongs to that specific M2M application. All they see is that it belongs to Vodafone UK or T-Mobile NL. It might as well be a consumer. Now you might be able to bypass that with Over The Air updates, but which telco is going to allow his customer to change IMSI’s so that they can quickly hop over to another network.
·       The lack of competition: Another problem, closely related, is the lack of competition for an M2M end-users business when roaming. In most countries there are 4-5 mobile operators. All of whom would love the M2M business of 50,000 foreigners roaming in their country with cars, eReaders etc. However generally all of them are contracted by the home network of the M2M user. So there are no competitive prices for the user. What the M2M user would like to do is choose 1 or 2 of those 5 networks to roam on. the cheapest ones preferably. 

So why is the regulator holding up the future of the Internet of Things?
Well, as stated in the study, if large scale end-users could use their own IMSI's, then all these problems would be solved. Devices could have national and international roaming There would be competition to offer roaming. One device could be sold globally. All of this controlled by the large scale M2M user.

However regulators have created a world where it isn't easy to get access to IMSI-numbers. Only public networks can get them and public is a vague term. Changing the rules to allow private networks access to these numbers is however scary because of unfounded fears:

  1. IMSI number scarcity: The current design of IMSI numbers allows for one million ranges to be issued. Well over half of that range hasn't been allocated to countries yet. 
  2. 3 digit MNC’s:In Europe all the regulators hand out 5 digits of an IMSI to the mobile operatos as the identification of their mobile network. The standard allows for 6. Some people worry that stuff may break if we move to 6. However some parts of the rest of the world use 3 digits too. Most notably North-America. The technical people tell me it shouldn’t be a problem. 
  3. Unfair competition: If private networks could connect, they could compete with public networks in an unfair way, because they don’t have to abide by the same rules. This is completely wrong. A private network implies it’s private and therefore not directly competing with a telco in the market. It just means a company decided to take matters into it’s own hand 
  4. ITU rules or European law isn’t up to it. In my opinion it wouldn’t break European law, just bend it a little, the same with the ITU. 
  5.  Etc. 
  6.  The scariest thing may be that it creates a world where the regulator is less relevant at first sight. It cannot determine anymore the right to participate in the market place up front. It may find out that private networks also will call upon the regulator for its services or to have disputes settled. All of this is scary on an institutional level. Instead of the usual 10-20 people that alway show up at the regulator’s office to represent the telecom industry and 1 or 2 to represent the users, things might change drastically. 
  7. Lastly it’s scary, because it’s the internet way of doing things. All the internet cares about is whether there is a network that needs interconnection. RIPE, ARIN, LACNIC, AFRINIC and APNIC have proven with AS-numbers and Provider independent AS-numbers, that they can efficiently run a numbering space that allows everyone access and creates a dynamic and highly competitive market for interconnection that hardly needs any regulation. If we use the same rules to give access to E.164 and E.212, the telephony world would be way more competitive then it now is, with less regulator involvement. 
So please, if you know a regulator, ask them to consider this. Thousands of companies and consumers will thank you later on. 

No comments:

Post a Comment

Note: only a member of this blog may post a comment.