Mark Goldberg

Fox Group Dispatch

Don’t it always seem to go?

Does Huawei represent a national security threat or is its success driving political efforts to stave off a highly visible symbol of the potential of China’s nascent economy?

For the past few years, I have entitled my year end wrap up with a line from Joni Mitchell’s Circle Game. Today, I am using another of her lyrics, from Big Yellow Taxi. Let me start with a bit of a warning. My son likes my blog posts that reminisce about the olden days. So I may take a little time getting to the point in today’s post. Here is the ‘too long; didn’t read’ extract: North America lost its telecom giants and the major suppliers are all based off-shore. “Don’t it always seem to go, that you don’t know what you’ve got ’til it’s gone.”

I got into the telecom business just about 40 years ago, working as a summer management intern between my undergrad and graduate studies. I had landed a job at “the Bell” as it was known.

That was an interesting time of transition for the sector in Canada. The first interconnection decision was released, CRTC 79-11, enabling limited forms of competition. The first DMS-100 digital switches were rolling off the assembly lines from Northern Telecom (which had just recently been renamed from Northern Electric). Northern Telecom (known widely as ‘Nortel’ even before it formally changed its name) was still majority owned by Bell Canada, and it was competing against its former US parent, Western Electric, which was still a part of AT&T. I remember feeling in those days that the Nortel salesman was more of an order taker than an actual sales person. We only had one supplier at that time. Indeed, I recall causing a bit of a stir after Bell bought an independent phone company operating in the Kingston area that had a couple fairly new Automatic Electric C1-EAX switches, built by a Nortel competitor. The central office engineer wanted to pay Nortel to scrap the equipment when installing replacement digital switches. He was forced to put the equipment on the second-hand market when I offered to personally buy the switches for $5 each under the company’s employee purchase of surplus equipment program. Sorry, I digressed – we’ll save that story for another day. The bottom line: the close symbiotic relationship virtually guaranteed Nortel a market for its emerging innovations and enabled Bell to shape the development of products.*

Fast forward to the mid-80’s and I spent time at Bell Labs in New Jersey, primarily working on new capabilities for AT&T Communications, the post-divestiture long distance company. However, we also did some systems engineering work with our colleagues at Western Electric, which was still part of AT&T at the time. I loved that job, working with incredibly bright people at a legendary institution and I got to lead work on a some significant projects. It would be another decade before AT&T spun out the equipment business to what became Lucent, which later merged with Alcatel and before becoming part of Nokia.

Without a doubt, both companies, Nortel and Western Electric (Lucent), delivered world leading innovations, arguably thanks in part to the tight corporate linkages with having an operating services company as a parent. To what extent were Nortel and Lucent victims of their growth and independence, unable to survive without their anchor customers? These are the kinds of questions that might be interesting academic research projects.

Don’t it always seem to go that you don’t know what you’ve got ’til it’s gone.

There is no longer a “home town” champion supplying the major network elements in North America’s communications networks. In the end, North American communications service providers are dependent on foreign suppliers for much of the network infrastructure. That said, all of the major suppliers, including Huawei, have made substantial research and development investments in Canada, with labs and significant levels of funding toward university partnerships. There are large numbers of Canadians – employees and students – involved in all of the major suppliers.

Communications gear features sophisticated software so complex that one must question if it is possible to completely test performance, let alone detect and isolate malignant code. With distributed architectures inherent in 5G networks, to what extent have we become dependent ultimately on trust in our networks’ suppliers?

The government has been slow to respond to pressures seeking to restrict Canadian carriers from deploying Chinese technology, stating that it “is a serious decision and we will make it in a serious and conscientious way.”

Indeed, it is a very serious decision. Removing any supplier from the marketplace could raise carrier costs (and consumer prices) and reduce access to innovative features. Huawei’s annual global revenues, in the order of US$100B are nearly double the combined revenues for Nokia and Ericsson.

Statements by the US President must give rise to questions about whether security concerns are being intermingled with industrial and trade policy. Are we reminiscing about the good old days in the late 1980’s and early 1990’s, when domestic icons like Nortel and Lucent were among the gold standards in building the foundations for our information age? That time is gone.

Don’t it always seem to go that you don’t know what you’ve got ’til it’s gone.

How do we measure trust in our network suppliers? Has any other communications equipment supplier undergone the rigorous level of security scrutiny as Huawei? In a country like Canada, with our commitment to diversity and principles over politics, how do we ensure that we objectively quantify trust, free of xenophobia and racism?

As an aside, I actually built up a Nortel pension when I was with Bell Canada International based in the US, and then added to it while working for Bell Northern Research. The US Government backstopped that pension plan when Nortel went under. My understanding is that I will be eligible for enough to buy a grande latte each month in just a few more years.

A Canadian Moderation Standards Council

A recent article calls for the creation of a “Moderation Standards Council” to address how social media platforms deal with and moderate what is termed as “harmful content.” I am concerned about the proposal for such a body.

Writing in Policy Options for the Institute for Research on Public Policy, Fenwick McKelvey, Heidi Tworek, and Chris Tenove say that “no concrete regulatory action has yet been taken that addresses how large social media platforms deal with harmful content.” As a result, they assert that Canada needs to create “an institution for content moderation.”

One bold path forward would be to have the CRTC mandate companies to create this council, a co-regulation approach similar to the Broadcasting Standards Council. The CRTC would mandate the work of the standards council, and set specific binding commitments to improve the transparency and accountability of content moderation.

There are a number of problems with this. Let’s start with jurisdiction. Unlike broadcasters that require a CRTC license to operate, social media platforms are unlicensed and unregulated. The CRTC has no authority to ‘mandate companies to create this council.’

Then we need to take a look at whether a democratic country like Canada should be or even could be involved in creating a legislative framework to assert such authority over what might be termed ‘merely’ harmful content, as distinguished from illegal content. Canada’s Charter of Rights and Freedoms “guarantees the rights and freedoms set out in it subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society.”

2. Everyone has the following fundamental freedoms: …

    1. freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication;

As frequent readers know, I often write about the need for increased focus on digital literacy and fully endorse the government’s role in teaching people how to engage online with a more critical eye. That is very different from a government agency policing what is said and involvement in a council to “help leaders, civil society and governments decide how to establish fines or other penalties for platforms that do not meet expectations.”

The academics write “Poor moderation of speech that someone deems harmful can undermine opportunities for free, full and fair participation in online debates by all Canadians.” We have set a very high bar in defining what forms of speech are illegal, as contrasted with speech that someone deems harmful. As Aaron Sorkin wrote in An American President:

You want free speech? Let’s see you acknowledge a man whose words make your blood boil, who’s standing center stage and advocating at the top of his lungs that which you would spend a lifetime opposing at the top of yours.

Networking for network workers

The 2019 Canadian Telecom Summit is the 18th annual gathering of the most influential leadership of Canada’s communications sector. This year, the event will take place June 3-5 at Toronto’s International Centre, near Pearson Airport.

With a review underway of the legislative framework governing telecommunications, broadcasting and radiocommunications, regulatory issues are certain to be top of mind this year. Participation is already confirmed for CRTC Chair Ian Scott and Legislative Review panel Chair Janet Yale. In addition, the Regulatory Blockbuster will feature leaders from Bell, Rogers and TELUS as well as Iristel/ICE Wireless, Teksavvy and Xplornet.

Panel discussions will cover issues such as:

  • Customer Experience Management
  • Cyber Security: Protection, Pre-emption and Privacy in the Age of Bad Actors
  • Network Innovation: Transforming networks for nextgen services – SDN, Network Virtualization and more
  • 5G: Evolution or Revolution
  • Artificial Intelligence: debating human autonomy vs human innovation
  • The Innovation Economy: the ongoing journey to digitize our lives

Early Bird savings are available now until the end of February. Register now and save up to $700.

Why I went quiet this week

Sorry to have been off the air for most of this week. As many of my regular readers know, family comes first for me and I needed some time to focus on priorities.

Thanks. I needed that. Everyone is fine, now.

I hope to be back next week, with a blog post or two, and my usual snappy observations on Twitter.

What is the “standard of care” for our personal data?

How do we ensure our private information is being properly safeguarded?

Every week, there seems to be news of another breech where a government agency or company loses control of personal information being held about their clients. We have seen lost health records, stolen financial data, hacked personal mail, travel plans, stolen photos, eavesdropping on conversations.

In some cases, data was lost due to negligence and sloppy handling. In other cases, criminal organizations exploited system vulnerabilities.

What is the appropriate standard of care that an organization should exercise when handling personal data? How should organizations respond when any kind of data loss is detected?

Those questions were the subject of a recent breakfast discussion I had with a colleague who tolerates me eating fried kippers for breakfast. I will note as an aside that Kiva’s Bagel Bakery Restaurant & Appetizer is one of the few remaining places I know of that has kippers available for breakfast every day. And they make a respectable bagel (for a Toronto bagel). Every so often, my colleague – let’s call him Brian (since that is his name) – and I get together at Kiva’s to try to resolve many of the world’s problems. For a few weeks, we have been looking at the issue of data breeches and wondering how we can get organizations in government and the private sector to take them more seriously.

Brian suggested massive fines and penalties for data losses in order to make sure the companies and government agencies take these losses seriously. I cautioned that an unintended consequence of Brian’s suggestion is that organizations might have a greater incentive to hide a loss, so there needs to be an element of balance in the compensation and penalties to be paid.

How do we assess blame? If you leave your keys inside an unlocked and running car, I don’t think you can claim you exercised a reasonable standard of care when it is stolen. Most of us could appreciate that we failed to reasonably secure the car and anything inside it.

Similarly, shouldn’t we expect reasonable safeguards for our information? How does a Chief Security Officer and Chief Privacy Officer attest to the Board of Directors, to Shareholders and to clients that their organization is securing customer records?

What is the “standard of care” that we should demand from organizations that hold our personal information?

Perhaps part of the annual audit process should certify that organizations are a step ahead, not a step behind, in safeguarding personal information.

The 2019 Canadian Telecom Summit, June 3-5 in Toronto, will have a session examining “Cyber Security: Protection, Pre-emption & privacy in the Age of Bad Actors” moderated by Christine Dobby of the Globe and Mail and including noted privacy expert Ann Cavoukian. Early bird prices are available for the next 4 weeks. Save by registering before Feb 28.