One of the biggest gripes about cellular service in the US is that the carriers’ year-long and longer contracts give the customer no way out if the service is less than adequate — say, as is often the case, beset by frequent outages.

The Federal Communications Commission (FCC) can go a long way to helping consumers make an educated decision before they agree to a long-term contract. But it refuses to do so.

MSNBC’s Bob Sullivan reports that the FCC has maintained a detailed database of cell phone service provider outages since 2004, but the agency refuses to make the data public.

MSNBC’s Freedom of Information Act request for the data was rejected by the FCC, Sullivan reports, because “(r)elease of the information could help terrorists plan attacks against the United States, and it would harm the companies involved.”

Let’s look at each of these.

Sullivan writes that the “aiding terrorist” line comes to the FCC from the Department of Homeland Security (DHS), which decided that the “same outage data that can be so useful … to identify and remedy critical vulnerabilities and make the network infrastructure stronger can, in hostile hands, be used to exploit those vulnerabilities to undermine or attack networks.”

To the DHS, it appears, allowing consumers to know whether their cell phone will work when they need it is a greater terrorist threat than potential attacks on America’s public transportation systems and its ports, neither of which the agency has done much to secure. Terrorism analysts quoted by Sullivan think the DHS’ concern is bunk, and couldn’t come up with a single scenario where service outage reports would be useful to terrorists.

The second reason stated by the FCC, about harming the companies involved, is, in fact, an ironic and honest description of the FCC today — which is little more than a virtual rubber stamp for the nation’s major telecommunications providers.

The FCC’s argument boils down to this: Truth hurts.

A customer who knows that a certain cell provider experiences significant service outages is less likely to sign up, which, of course, would “harm the companies involved.”

Yes, truth hurts. And the truth is that it’s time to show the FCC’s Martin and his toadies the door.

The news that CNET editor James Kim was found dead among the icy peaks of southern Oregon hit hard today.

James Kim

I followed Kim’s video and written coverage of new multimedia technologies for the pioneering San Francisco-based CNET because, in many ways, it was among few shining exceptions to the lack of basic journalism in the online media.

Kim reported on his topics with relish, without bias, and rarely using the words “I” or “me,” understanding what many of those play-acting on Movable Type don’t seem to grasp: the more the writer/producer is part of the story, the less value the story topic has.

But even more saddening is the fact that Kim died while trying to save his family. The fact that his wife and two daughters were rescued, partly as a result of a short and fortunate ping of connectivity from his wife’s cell phone, does not make Kim any less a hero.

James Kim will, of course, be missed. But more importantly, he’ll be remembered.

CNET has put together a memorial section where you may leave thoughts and condolences for James Kim’s family.

Jeff Pulver, the closest thing VoIP has to a founding father, took a good long look at the US election results from Tuesday and concluded that, on balance, the country’s political change of course is potentially good news for internet and communications innovators.

Pulver’s optimism is qualified, though, in that he does not expect Democrats, the party which, today, officially gained control of both houses when Congress reconvenes in January, “will be any less paternalistic than their Republican corollaries” on issues such as emergency calling services, government phone surveillance, indecency statutes and internet regulation.

But the new national political reality, Pulver predicts, may:

• Shift the debate over “net-neutrality” more in the favor of internet innovators and away from the carriers;
• Create a counterbalance to the RBOC-friendly Kevin Martin-chaired FCC;
• Potentially slow down the competition-stifling mega-merger between AT&T and Bell South;
• Probably make Rep. Ed Markey (D.-MA), who Pulver says is “instrumental . . . in holding the line and defending the Internet and communications innovators and enthusiasts”, chair of the House Telecom and Internet Subcommittee.

In fitting irony, Pulver notes how VoIP was extensively used in turning out voters to defeat Rep. Gil Gutknecht (R.-MN), who has proposed new access charges and stifling rules on VoIP usage.

Pulver admits he has paid much less attention to the needs of internet communications on the political front, partly because he “had given up on America and the prospect that it would develop a regulatory framework that might enable Internet entrepreneurs.”

Now he’s gearing up for new challenges in a more promising environment and stresses that, ultimately, the responsibility is in the hands of “the emerging entrepreneurs, innovators, and potential thought-leaders.”

“I know most of us are pretty green in political and lobbying circles,” writes Pulver, “but as Congress, regulators, and governments around the globe place their critical gaze on us as we revolutionize the ways in which the Internet is used to deliver communications and entertainment, we had better start to care and engage and be proactive with government.”

How very true.

The AT&Ts and Verizons of the world have lots of political dough to sprinkle about, lots of K Street suits on the payroll to help them get their way, and many politicians still to willing to do their bidding, no questions asked.

But, if there is anything to be learned from this past election its that it’s still possible for those with little money but great ideas to make themselves heard.

Wednesday morning was a bright new day for the moribund Democratic Party in America. And it’s a bright new day for innovation and entrepeneurship in the internet communcations space.

Now we have to take advantage of it. It’s good to see Pulver energized again. I am.

NextAlarm, the innovative home and office alarm company that works over the internet and is popular among many VoIP users, is changing the way the security industry works.

The company today began offering free alarm monitoring to anyone in the US and Canada who signs up. The catch? When an alarm event is triggered, the customer is notified only by email, and it’s up to the customer to decide whether to call police or fire authorities.

According to Alex Elliot, NextAlarm CEO, the company will monetize the new service by presenting advertisements on the web pages used by its customers to configure and monitor the service.

“Eliminating the intervention by call center personnel significantly reduces our costs,” Elliot said. “It’s not a true replacement for our standard dispatch service, but it is a good alternative for many.”

NextAlarm’s standard service, which uses a modified Linksys analog telephone adaptor to communicate alarm events to a central dispatch center using the internet protocol costs $11.95 a month. The service has been pitched, primarily, as a method for providing home and office alarm systems where no PSTN telephone lines, the transport used by the bulk of alarm companies, exists.

Now the company is moving rapidly to take advantage of the innovation made possible by using the internet and expand its user base far beyond the VoIP crowd.

“I’ve been in this business for 28 years, and one of the complaints I hear most often is that alarm service companies contact the authorities, such as the police when the system has been violated, if the customer is not reachable by phone,” Elliot said. “With this plan, it leaves the decision as to whether to contact the police in the customer’s hands.”

Elliot pointed out that, in many areas around North America, alarm company customers are saddled with “large bills from their municipalities as a result of excessive false alarm contacts” with local police and fire officials.

“By giving the customer the choice about when the authorities are dispatched,” Elliot said, “the risk of false alarm bills is minimized.”

NextAlarm’s free plan includes up to three detailed messages sent to a single email address per day in the case of an alarm event. After the first three, email messages will not include details about the alarm zone that has been triggered, nor any user information.

An alarm event includes shattered glass, a broken in door or arming and disarming the system. NextAlarm also offers a “latch key” provision, that, for example, allows parents to monitor the comings and goings of their children.

“You set an alarm event for, say 3:15, when your son or daughter should be home from school,” Elliot said. “If the alarm is not disarmed by 3:15, an email is sent to the parents.”

The company is also offering a premium plan, at $5 a month, that allows email to be sent to an unlimited number of accounts, provides more detailed information in the case of an alarm event, and allows for an unlimited number of events per day.

Both NextAlarm’s free and premium plans allow for an unlimited number of alarm zones on the customer premise. The company sells complete alarm kits both through it’s web site and the Voxilla Store.

A column I wrote here caused a bit of a stir over the past few days.

Here’s a brief recap:

Andy Abramson opined that Fonality, a Southern California-based developer of PBXes built on top of the open-source Asterisk PBX, is “better poised” to move Asterisk into the large enterprise world than Digium, the Alabama-based company that developed and maintains Asterisk.

I wrote that it’s hard to disagree with that assessment because Fonality does “an exceptional job of marketing” and I don’t predict well. But I expressed concerns about security issues inherently related to Fonality’s approach, which puts much of the product’s front-end functionality on Fonality’s servers, requiring a Virtual Private Network (VPN) connection between the customer’s premises and Fonality in order to access much of that functionality.

There’s no question that Fonality’s approach makes Asterisk easier to install and use, but the trade-offs related to security — namely, that, in most office networks (specifically, those that do not put the PBX on a separate subnet) the solution requires a potentially risky VPN connection back to Fonality, and that Fonality has access to call detail records and chat logs that a business may want to keep secret.

In fairness, there are two things I should correct from my initial post:

First, I wrote that “all chats are logged by the central server. Any sensitive IM information within and outside the office through the local box is available to Fonality.” This is not technically correct. Chats are logged on the local premises computer. However, such logs are accessible, therefore available, to Fonality through the VPN.

Second, I regret writing that “. . . Digium doesn’t require an outside computer to be listening in . . . ” Though not written with that intent, I can see how this can be construed as implying that Fonality has access to actual phone conversations, which it does not.

These two slight corrections notwithstanding, I stand by the conclusion that “Fonality may very well be a good solution for some businesses. But those concerned about keeping company secrets are probably better served by Digium’s offering.”

The issues raised in the mini-uproar that followed my column, can be summarized as follows:

1. The Voxilla Store carries “a number of PBXs, none of which are from Fonality.” (Fonality CEO Chris Lyman on VoIPSupply’s Garrett Smith’s blog, also reprinted in entirety in the comments section of my original post.).

2. A Fonality customer can disconnect and reconnect the VPN at will (Lyman on Smith’s blog).

3. “[E]very phone company in the world” keeps call detail records (CDRs) (Lyman on Smith’s blog).

4. Fonality needs the call detail records because the company’s “high-end reporting functionality,” if run on underpowered customer premises computers, “would spike those CPUs into a coma, effecting audio quality. Remember, these premise boxes are designed to pass great audio, not crunch thousands of call records in under a second.” (Lyman on Smith’s blog);

5. The differences between Fonality’s products and a stock Asterisk installation is that Fonality is a partially hosted solution. “All hosted services have to deal with the issues raised by Marcelo . . . ” but “[m]ost premises based services don’t have all the benefits hosted models offer, and may be less cost effective, but deliver greater control of customer data.” (Alec Saunders). Along similar lines, Dameon Welch-Abernathy wrote that “as an IT person, it is your job to do your ‘due diligence’ to find out exactly how any software you deploy might ‘phone home’ or do anything you don’t like.”

There were a few others, but ultimately void of original material: I sell Fonality and disagree with “with most of what Marcelo had to say” because I agree with Lyman. (VoIPSupply’s Garret Smith). And Marcelo’s portrayal is “inaccurate . . . [but] I’m going to stay out of that battle” and point you to Chris Lyman’s point-by-point rebuttal to Marcelo’s assertions.” (Tom Keating, in a fawning review of Fonality’s most recent offering, PBXtra Professional Edition).

As they don’t add much to the discourse, I’ll pass on Smith and Keating. I will take a stab at the others.

1. The Voxilla Store carries an internet communications server (email, IM, contacts, calendar and PBX) developed by Communigate Systems. The Voxilla Store also carries the Linksys SPA9000, a PBX-key system hybrid limited to a maximum of 16 extensions that does not include voice mail capability. Neither of these products is based on Asterisk, and the Voxilla Store does not carry a single item from Digium. The point of my column was that Digium may present a more secure option to business than Fonality. Pointing out that we carry other PBXes on the Voxilla Store is a thinly veiled accusation of self-interested bias, even though Voxilla has nothing to gain when I compare two products we do not carry .

2. Of course, as Lyman writes, a Fonality customer can shut down the VPN, enabling it only when a PBX configuration change is needed. Such steps add a layer of complexity and essentially cripple much of Fonality’s usefulness. And they do not eliminate the security issues raised. A VPN connection is still required to make configuration changes, which then opens up the on-premises computer (call logs, chat logs, etc.) and the network within which it resides. And whenever the VPN connects the local network to Fonality’s, the local network is only as secure as Fonality’s. For some businesses, this may not be an issue, but I suspect that, for many, it’s an important consideration.

3. Yes, phone companies keep call detail records, but Fonality is a PBX company, not a phone company. When I make a cell phone call over the Cingular network, I am aware that Cingular is keeping a record of that call. But phone companies like Cingular (and AT&T, Verizon, etc.) are regulated, both at the federal and state levels. A PBX company is not regulated. The only protection a Fonality customer has is the company’s rather weak Privacy Policy. It states: “records may be viewed if required so by law, or if there is a suspected Terms of Use violation.” Only Fonality, not its customers, determine if there is a “suspected Terms of Use violation.”

4. The argument that Fonality needs to keep CDRs on its servers because on-premise computers are potentially too underpowered to parse them is just false. A record for a single call on an Asterisk PBX is about 200 bytes in length. In its press releases, Fonality claims the company currently services 1,300 customers with a total of 18,000 users. That’s an average of about 14 users per installation. Let’s exaggerate and say that, on average, each of those users makes and takes 1,000 calls (or about 40 a day). For any given month, then, the total size of the call detail logs for an average Fonality customer is about 7 megabytes, which any computer manufactured in the past 5 years can search and output results from in milliseconds.

5. In essence, Saunders and Welch-Abernathy are suggesting the same thing I originally wrote, though Saunders considers himself “an unabashed fan of hosted models.” As I wrote, and Saunders reiterated, the hosted approach has some advantages, including “ease of use.” But it does come with trade-offs.

I pointed out those trade-offs, Fonality CEO Chris Lyman chose to respond by asserting that what I wrote is “inaccurate” (and, on one count — in relation to where chat logs are stored — he is technically correct, though the security concern I raised still exists).

In the end, Lyman’s argument can be boiled down to this: What we do is no different than what the phone company does and “Fonality’s employees pride themselves on their ethics and it is an important part of our corporate culture.”

I have no reason to question Fonality’s ethics and nothing I wrote was meant to besmirch either Lyman or his employees. But Fonality’s offering is, in its very essence, a hosted PBX. In as much, it comes with certain risks that a business deciding between Fonality’s version of Asterisk and Digium’s version of Asterisk should be aware of.