The dark side of VoIP block
Trevor Forrest, Guest Columnist
Over the past few weeks, there has been a lot of discussion about the actions of telecoms providers LIME and Digicel in blocking voice over Internet protocol (VoIP) applications on their mobile networks.
As it currently stands, the matter is now with the Office of Utilities Regulation as it continues discussions with the telecoms providers about the nature of and justification for their actions.
Why the block?
Digicel stated: "Unlicensed phone number-based VoIP operators such as Viber and Nimbuzz use telecoms networks to deliver their services, but do not pay the requisite money for the privilege. Digicel believes that this unauthorised use of its network amounts to illegal bypass activity." Digicel has gone on further to say: "With these unauthorised VoIP services putting enormous pressures on bandwidth - and customers' data usage experience being negatively impacted as a result - the company has been forced to take firm action." This was their stated justification for the blocks, and within a few days, LIME followed suit and began similar blockades.
The Illegal Bypass Argument
The providers' claim is that these VoIP applications and their creators are engaging in illegal bypass activity. The Telecoms Act actually defines what bypass is. It says: "'Bypass operation' means operations that circumvent the international network of a licensed international voice carrier in the provision of international voice services."
This is critical to understand because illegal bypass, by our laws, only applies to international voice operators, calls and services. So how could a telecoms provider legally block a service that I can use to make a LOCAL call from one phone to another? After all, if I wanted to use Viber to call someone in MoBay, there is nothing 'international' about that call, is there?
What about WhatsApp and other applications like Webex, Facetime, Lync and Skype? Will all of these applications soon be classed as illegal bypass culprits?
The Bandwidth Argument
The providers also state that these services are putting enormous pressures on bandwidth that will negatively affect data usage experience. REALLY! Customers pay for a data plan that gives them a fixed amount of bandwidth to use. Customers can use this bandwidth to do whatever they want: Surf the Internet, send emails, watch videos on YouTube, use Facebook, Instagram, and much more. Are the providers saying that voice calls over their networks consume more bandwidth than watching videos, sharing pictures and sending emails with attachments? I think not.
The claims made by the telecoms providers are fundamentally flawed, purely reactionary, and based on a prevailing reality that their current business models have not contemplated. Technology has outpaced their operating models, consumption models have changed, and over-the-top (OTT) services threaten to erode their voice-service cash cows. Sadly, consumers are being made to pay for the lack of planning and foresight of these providers. That can't be fair.
The real cause for concern, the elephant in the room, however, is being missed in much of the discourse. There are serious privacy implications associated with this VoIP blockage. Yes, privacy!
Have you ever wondered how a telecom operator can block a specific service over its networks? There is so much data traversing these networks. How are they able to single out Viber, or anything else for that matter?
Meet Deep Packet Inspection
This may get a little technical, so indulge me as I try to simplify. All data that travel over networks and the Internet do so in the form of 'packets'. These packets store the data being sent or received, source and destination information, application port numbers, and other information. Priority can be given to certain data packets, and certain data packets can be blocked by using tools and methods of inspection. These methods are called deep packet inspection (DPI).
Almost all modern data network equipment has DPI capabilities. All a service provider has to do is monitor the data packets traversing its network, identify a particular service or data, and take whatever action it deems necessary. This may seem reasonable enough because the provider is at all times trying to ensure that its network functions efficiently. BUT here is the big catch. This monitoring is done against ALL data traversing their network, emails, text messages, videos, etc. So to block these services, all data packets have to be viewed and analysed.
This is a huge problem, because if any entity can capture your data in this way, one has to question what can be done with it.
There are enormous privacy implications here, but there is currently no data-protection and privacy legislation in existence in Jamaica to treat with possible scenarios like this. What is the legal recourse for a citizen if he/she feels that any of the telecom providers are improperly treating with personal or confidential data as they travel across their networks?
Liberal use of data encryption can mitigate improper access to this personal and confidential information, but when was the last time you encrypted a text message or an email? It's not a common practice among the masses.
Some may argue that the Cyber Crimes Act would treat with this type of scenario, but I would argue that it does not. In my view, the actions of the telecoms providers and the methods used to achieve their end results teeter on invasion of privacy. Interestingly, the only way service providers can hope to monetise is through the use of DPI. This makes for an interesting conundrum.
The Government needs to take swift action and enact legislation to address this prevailing situation. It can get ugly in a hurry.
I am not happy with the fact that there are no protections for citizens when our right to privacy and protection of our data can be violated in this way. The privacy of citizens' data is a right, not a privilege.
Trevor Forrest is CEO of 876 Technology Solutions, a company specialising in website design, cloud hosting and document management. Email feedback to firstname.lastname@example.org and email@example.com.