Sunday, January 18, 2004

Telirati Newsletter #33

Here is a blast from the pre-9/11 past. In this newsletter I proposed that secure communication could be the killer app for IP telephony gear. Now that we have entered an era of surveillance society, such an idea seems impossible, even if it isn't yet illegal. Still there is plenty of reason telecom gear should enable secure communication. Many parts of the world are unfree and suffer from official corruption. Businesses and individuals should still be interested in securing their communications from these threats.

Telirati Newsletter #33: Privacy as the norm

Recently, the President of the United States was reported to have mused to one Monica Lewinsky that a foreign government might be listening to their calls.

This has all kinds of interesting implications, but the one I would like to focus on is that is the guy who can command billion-dollar spy satellites cannot routinely secure his less momentous communications.

There are serious national security implications to this, but my point is more modest: If the President cannot be sure of privacy in his use of the public switched telephone network, who can be?

Recently, an assistant to an editor at a publishing house asked for my social security number in order to pay me for the review of some book proposals. The total amount at issue is less than a few hundred dollars. In order to get paid, without making a big deal of it, I had to send my social security number in an unsecured e-mail. I know some people who are paranoid enough not to have done so. I did, but it made me feel decidedly vulnerable, the way I feel turning over my car to some guy in a red vest standing outside a restaurant.

Why should anyone feel so exposed? With the end of the Cold War, the reasons for keeping citizens away from a completely inoffensive means of securing their privacy has diminished. And the tools for implementing security and privacy have become inexpensive enough that businesses have very few excuses not to use them. It is as if otherwise sensible businessmen were leaving sensitive documents lying around in the airport, or leaving the doors of their businesses unlocked at night.

We may be comfortable with the laws and systems in place to prevent corrupt officials from tampering with communications in industrialized countries, but who in this age limits their business to industrialized countries? All the big growth potential is out at the boundaries, where there is what is politely referred to as “insufficient institutional development.” Which is to say that the Prime Minister’s son-in-law runs the local outfit competing with you, and can access the mechanisms of security and intelligence to his advantage. It is na├»ve and irresponsible not to take some simple measures to minimize the damage that can be done to your business in these circumstances.

Which brings us to a solution to another problem. Over recent years, the margins on business telephone equipment have been eroding. Fancy speakerphones, LCD displays, arrays of buttons, headset ports, etc. have faded in their ability to impress customers who are jaded by the spectacular price erosion of computer power, and expect the same from other electronics on their desks. What can CPE vendors do about this?

Sell security. Security is a high value item. The cost of providing security has dropped to the point where you don’t have to gouge the customer to make a buck. Which opens an opportunity: security has to be present at both ends of the conversation. If it isn’t cheap enough to make it standard, it won’t fly. Security, therefore, should be used system-wide, across the product line, and be the default condition under which a call takes place. Price-wise, security should be used to bolster a market position above commodity vendors, and to differentiate products for “serious” customers from those low priced competitors only uninformed dilettantes would buy. Security can replace the old tools of differentiation that have succumbed to price erosion.

Who can benefit most? Makers of telephony servers. To this point, this is the typical position of a telephony server vendor: NT-based product, integrates IP telephony and wireline telephony, integrates unified messaging, costs about twice as much as a conventional PBX and conventional voice mail. The retort to the price issue is that the telephony server provides high-end features at a lower cost. This is correct: the telephony server provides IP telephony and unified messaging for about half what it would cost to provide the same with a conventional PBX plus IP telephony gateway, plus unified messaging. The trouble is that the market penetration of unified messaging is stubbornly low. IP telephony is a better star to which to hitch one’s wagon, but it too is in market penetration infancy.

Telephony server makers need to identify a feature, identify a market segment that will pay for that feature, and focus their efforts in order to win that first slice of the market. Currently the typical business plan of telephony server makers is fairly modest: a few hundred to a few thousand units, a few million dollars, and based on a modest market penetration rate for new systems in segments ranging from middle to large size key systems to small and medium size PBXs. Some server makers are targeting vertical markets. Good, but so have been vendors of unified messaging systems, with little effect.

The question is: what will connect these products to end-user purchases? What will transform the business of telephony servers from guesses at plausible numbers to a steady stream of purchases from identifiable types of customers? There is no guarantee that security and privacy are the killer apps, but there are proxies that indicate this might be the case: Customers pay for Internet security. Customers pay for call logging systems for sensitive operations. Customers pay for fraud detection systems. These proxies provide a basis for market research, and a source of leads among existing customers for these other products. This is what real money-making businesses are built on.

Furthermore, there is a fundamental idea on which this all rests: Privacy as the normal condition under which people communicate. You should not have to worry about the sneaky competitor, the corrupt banana republic, or the bureaucrat with an axe to grind. And you should not expose your business to these risks. So privacy and security are not just a wedge to crack open the market. Privacy and security can drive turnover in CPE and market penetration for vendors that provide them as a standard feature.

Copyright 1998 Zigurd Mednieks.