Do you ever share files for work? Most of us do, and most of us find it can be an annoyingly convoluted process. You might try to email the files, but discover that no amount of zipping will pack them small enough. I know of one technology firm in our sector that is too devoted to Microsoft, with the result that every time they email me an attachment, my Mac receives a useless winmail.dat file instead. To send large files, we could use FTP, but only a minority of telco employees will have FTP clients installed on their work computer (or know how to use them). Some of us sign up with internet middlemen like Dropbox, even though we know that any free service will eventually start asking for money. Google like to keep their services free, but if you try to share files using Google Docs, you discover that some people do not want to set up a Google account, whilst others are using browsers that are too old for Google’s interface to work properly. In the end, many resort to using a USB stick and carrying it from one computer to another – even though USB sticks are a proven security risk. What an extraordinarily bad advert this is for telecoms. We work in the telecoms sector, but we struggle with a basic and regular necessity – sending a file from one person to another.
So what is the way forward? Well, the answer is pretty straightforward, and the fact we struggle to find it tells us something about what is wrong with the business of electronic communication. My computer is on the internet. Your computer is on the internet. How hard can it be, to implement a method for the two computers to talk to each securely, just to send a file? It is not hard at all. The problem was a lack of motivation. The open source community has stepped up to fill the gap, like they so often do. OnionShare is a peer-to-peer (P2P) tool to share files of any size. It supports encryption, and because it runs over the Tor network, the people who send and receive files will remain anonymous even if somebody was trying to spy on them.
I suppose that last part also contributes to the problem. On the one hand, we want people to be able to communicate privately. On the other hand, we do not. The telecoms industry is torn. Large groups like Vodafone are taking a lead by disclosing how they try to protect human rights, whilst doing what is legally required to support surveillance. But telcos suffer a lot of government scrutiny on a lot of fronts; challenging a government’s snooping might lead to adverse government decisions when it comes to taxes, or price controls, or a hundred other areas where governments can mess with telecoms businesses and tilt the competitive playing field. And telco ‘partners’ might not like privacy for their own reasons. The music industry have nothing to gain from people being able to share files – which might be music files – without anyone being able to monitor who is sending what. P2P is far more problematic for media businesses than centralized services like YouTube, because it is easier to impose control over a service that has a centre and which is run for profit.
Should business assurance practitioners care? I suspect many would think not. The temptation is to think in terms of operations, rather than of the corporate strategy. Herein lies the major difficulty as some business assurance people seek to bridge the gap to risk management. If they cannot become more strategic in focus, they will fail. Trying to deliver effective assurance by solely managing operational risks is like installing better brakes, better seat belts, better bumpers, and better airbags in your motor car, and then handing the keys to a driver whose strategy is to run the car over a cliff. Whatever you were trying to accomplish at the operational level can be rendered insanely redundant by what occurs at the strategic level. Of course, the people who sell the brakes, seat belts, bumpers and airbags might not care that your efforts are doomed, which is why they will happily take over a strategic role and use it to define your job as purely operational in scope. They have nothing to lose by taking this approach. In contrast, you might lose your job, when a risk takes you over the cliff edge. In fact, if you go over a big enough cliff, everyone in your business might lose their job. The telco’s relationship to the government, to its customers, to its partners, and the proliferation of free software that encourages network traffic are all factors that will influence profits. If we are not gathering and understanding the data about aspects of ordinary routine communications activities – like sharing a file – then we are not really assuring anything. We are like passengers who assure the car is travelling within the speed limit, whilst failing to notice the wild-eyed stare of the driver, and how he has just turned the car off-road…
P2P traffic is both a source of profit and loss for telcos like ISPs. The desire to connect one computer to another computer will motivate customers to sign up with ISPs. On the other hand, the heaviest P2P users dominate the narrow band of customers whose bandwidth consumption is far greater than all other customers put together. Understanding how P2P services compete with other kinds of services is hence a factor in the setting of tariffs, monitoring usage limits, and planning for future network traffic. It would be better to anticipate changes in customer behaviour, rather than merely reacting to changes after we see them. More than this, P2P might be a competitor to services offered by our competitors, by our partners, and even by our own business. Telcos keep talking about moving up the value chain, and the dreaded fear of becoming ‘just’ a dumb bitpipe. OTT players may be our enemies, unless we try to partner with them. And whether we are doing it as a partnership, or by mimicking their offerings with a service created in-house, we also have an interest in network usage which competes with the value-added services being offered. Dropbox is a business. Netflix is a business. There are many business models threatened by the adoption of free P2P services, lawful or otherwise. Should telcos intervene in the flow of traffic over a network, in order to protect its own revenue streams, and those of other businesses which run services over the top of our networks? This leads us to the sticky subject of net neutrality. And it also begs a question: if P2P services are the enemy of the OTT business, and the OTT business is the enemy of my telco, then should I count my enemy’s enemy as a friend?
If my telco is able to charge for use in such a way that heavy exploitation of P2P is financially rewarding, and not a burden, there is no good reason for telcos to want to limit P2P traffic. P2P services are used by the consumer free of charge, except for the price levied by the network provider. In contrast, if the network is carrying the traffic of an OTT service, the consumer must pay for both the OTT provider and for the network use, suggesting the telco will receive a smaller share of revenues generated by a smaller volume of traffic. One solution to this latter problem is that the network provider seeks revenues from the OTT business – but is this likely to be as beneficial as preferring P2P to OTT traffic? Furthermore, the relative success of P2P makes the customer more reliant on one relationship with one supplier: the network provider. Trying to make money from OTT implies the network has already become dependent on a business that sits between the telco and the end consumers who ultimately pay for everything. Why would telcos want to encourage the emergence of large, powerful businesses that can exercise significant bargaining power to drive down the price charged for network use? By its nature, P2P services cut out the middlemen. As a result, P2P spares networks from the headache of having to recover some of its shortfall in revenues by trying to obtain money from a business which is motivated to drive up telecoms costs (by driving up network traffic) whilst sharing the least revenue possible with the network provider.
And this is before I mention compliance with government diktats, and the costs of compliance. People say there is a lot of money to be made from data, but data leads to a lot of costs too. We should avoid behaving like bankers: they took the money up front, and relied on taxpayers to cover the costs which came later. If telcos get themselves in a bad situation, there might not be a bailout for a second catastrophe caused by the misadventures of big business. Of course, a lot of bankers behaved well, which is why it is wrong to generalize. But if some telcos – or some OTT providers, whether in cooperation with telcos or independently of them – go too far with exploiting customer data, then all might suffer the backlash. And this is before I mention the risks that governments are also drawn to data, for reasons which might be moral and justified, or might not. Though there may be less revenue to be made from traffic which is distributed, encrypted, and secure – just like a lot of P2P traffic is – there will also be less cost, and less risk, because there will be less reason to engage in various kinds of data gathering and surveillance. Some will argue that centralized control is preferable, because it makes it easier to counter the worst abuses, including the transmission of child pornography and the coordination of terrorist activity. However, my observation would be that criminals and terrorists will choose to utilize P2P anyway, as will journalists reporting from inside repressive countries, and freedom fighters who want to counter official propaganda. There is a deep flaw in any logic which says we should push most ordinary people to use centralized modes of communication as a way to detect and control the activities of extremists. And so telcos need to be rational, and strategic, in deciding how best to encourage P2P traffic as a means to disrupt the business models of our competitors, whilst maximizing the revenues and minimizing the costs created by the network traffic.
One possible future involves business assurance becoming more forward-looking, and shifting the emphasis from detection of historic faults towards analysing data in order to accurately predict network use, customer behaviours etc. This creates the opportunity to increase revenues whilst being more efficient with expenditure. But you cannot predict the future without first constructing theories for how the future might play out, and understanding how you want it to play out. We are in danger of becoming like very clever car mechanics, sitting blindfold in the passenger seat: we know the engine is in perfect working order, but have no idea if the driver is going in the right direction. We risk becoming what the Germans would call a fachidiot; our narrow view allows us to absorb lots of data, but we cannot see anything else that is happening in the world. And so the implications of a simple task that many of us perform routinely – like how to get a file from one place to another, with all the consequences for cost, security, efficiency etc – is lost to us, even though the data travels over our own networks. I must admit that I was blind to this too, until somebody pointed me toward OnionShare, and by implication, everything I had been missing with how people could and should transmit files.
With the rise of Big Data, we should soon be in a position to know if a telco is better off having customers that provide for their own needs via freebie P2P technology, or customers whose needs are satisfied by OTT businesses. Answering the question, with all it entails, will still involve a lot of hard work. But the hardest job is identifying which questions should be asked, and why. Those teams that ask the right questions will find how effective machines can be, when they work for people. Those which ask the wrong questions, or who ask none, will be like my metaphorical car mechanic: possibly highly-skilled, but employed to service machines.