Re: [Geopriv] Winterbottom-ecrit-direct considered harmful, at least given our current experiences

[Brian Rosen <br at brianrosen.net>]

There is no doubt that "out of area" service providers are a problem.  Long
term, we hope we can establish enough transitive trust relationships to
address the majority of the issue, but we're never going to cover all the
bases.

However, that doesn't lead to saying that because a small number of calls
will come from service providers who are not local to the emergency service,
we should promote the notion that more calls should come direct with no
service provider.

Pay phones have always been a problem, and the emergency service guys are
happy to see them fade away.

The emergency service folks don't want devices that are not subscribed to a
service to be able to make emergency calls.  Just the opposite: if the
device can't make "regular" calls, then it SHOULD NOT be able to make
emergency calls. 

I'm repeating myself, but there so many instances of anonymous access
network connections that depending on them to provide the level of
authentication that we get from a service provider is just not realistic.

You are also making the job of deploying harder.  We understand that leaning
on access networks to provide location is a large barrier to deployment, and
probably will require regulation.  To also shift the identity burden to them
makes it even more difficult.


On 10/26/09 8:21 PM, "James Winterbottom" <James.Winterbottom at andrew.com>
wrote:

> Thanks Brian, comments below.
> 
> Cheers
> James
> 
>> -----Original Message-----
>> From: geopriv-bounces at ietf.org [mailto:geopriv-bounces at ietf.org] On Behalf
>> Of Rosen, Brian
>> Sent: Tuesday, 27 October 2009 8:10 AM
>> To: geopriv at ietf.org
>> Subject: [Geopriv] Winterbottom-ecrit-direct considered harmful, at least
>> given our current experiences
>> 
>> The notion behind -direct is to not use a service provider to place an
>> emergency call.  Instead, the device registers with an Emergency Services
>> Routing Proxy immediately before the call and the call is routed directly
>> from the device to the ESRP.
>> 
>> At least at the moment, this is an exceedingly bad idea.
>> 
>> Emergency calling authorities like service providers, a lot.  They like
>> them
>> because they can hold them accountable, and the service providers don't
>> like
>> theft of service, which is something the emergency call guys have an
>> analog
>> to.
> 
> [AJW] After a number of discussions that I have just had internationally the
> starting statement is not true. It is not true because when the VSP is not in
> the same jurisdiction as the PASP or caller the emergency guys cannot hold the
> VSP accountable.
> 
> The accountable entity in the ECRIT Direct model is the access provider. This
> is in fact the accountable entity in the PSTN in most places too, since it is
> the access provider that directs the circuits to the PSAP.
> 
>> 
>> The facts are that where unaccountable access to emergency calling is
>> allowed, huge numbers of false calls occur, with no way to stop them, and
>> no
>> way to tell the good ones from the bad ones.  This has been seen multiple
>> times where so called "simless" or "unauthenticated" calls are allowed.
>> 
> 
> [AJW] How do you figure that this unaccountable? The owner of the access
> service is most definitely known, and the location of the caller is known.
> This seems pretty accountable to me, and is certainly no worse than pay phones
> today. 
> 
>> -direct precisely duplicates simless calling.  The only "registration" is
>> an
>> emergency registration, only emergency calls are allowed, any device can
>> make an emergency call if all it has is a (radio) connection to any
>> network.
>> We can predict, with a very high degree of certainty, that the feature
>> will
>> be horribly abused: for example to test that a phone without a service
>> plan
>> works.
> 
> [AJW] I am beginning to think that you didn't read the draft. SIMless test
> calls, as you describe them, occur because there is no other facility for
> testing a phone without a SIM in it. This draft explicitly introduces a test
> feature to reduce this problem
> 
>> 
>> There have been studies which show tens of thousands of bad calls with
>> zero
>> good ones.  Nearly every authority I know where the regulator has insisted
>> on simless calling wants it repealed.  There is one counter example I know
>> where the fact that they got a couple, literally, of good calls among the
>> tens of thousands of bad calls was considered enough reason to put up with
>> the problem.
> 
> [AJW] I think several issues are being confused here. This is not the same as
> SIMless. In SIMless the phone does not have any legitimate connectivity at
> all, in ECRIT direct the device requires legitimate access to an IP network,
> it just doesn't require a voice subscription.
> 
>> 
>> Service providers give us information that may be useful: a subscriber
>> name
>> and address for example, which is not spoofable by the caller.  They have
>> ways to trace callers, especially bad callers.  They don't want their
>> systems abused any more than the emergency calling authorities do.
>> 
>> This is a bad idea.  A very bad idea.  Please stop it.
>> 
> [AJW] Thanks for your opinion, I don't share it. ECRIT Direct ensures that the
> caller and PSAP are in the same jurisdiction, and it provides the emergency
> network with the tools it requires to determine where a call is coming from,
> and who owns the service. This is a better option than a service provider
> solution where the service provider can be anywhere on Earth. Prolonging the
> fallacy that VSPs are essential to emergency calling make any solution more
> brittle, more expensive, less available to people that need it, and finally
> puts a burden on VSPs that don't necessarily want the responsibility of
> delivering emergency calls.
> 
>> Someday, we may have better ways to prevent abuse. Until we do, service
>> providers are a good thing on an emergency call.  We don't want them cut
>> out.
>> 
> [AJW] I disagree, and where the service provider is outside the jurisdiction
> of the PSAP regulation cannot be enforced making the whole solution precarious
> at best. The benefits proposed by the VSP in the emergency calling scenario
> are artificial, and are circumvented in a large number countries by class 2
> VoIP out-only services anyway. It is not difficult at all to make the ECRIT
> direct solution work to address these. I understand your arguments against
> this Brian, I don't agree with them, using a VSP in a foreign country as a
> "call buffer" to an local emergency service is far more risky that restricting
> the access networks that can direct traffic to a particular ESRP.
> 
> 
> 
>  
>> Brian
>> 
>> _______________________________________________
>> Geopriv mailing list
>> Geopriv at ietf.org
>> https://www.ietf.org/mailman/listinfo/geopriv
> 
> _______________________________________________
> Geopriv mailing list
> Geopriv at ietf.org
> https://www.ietf.org/mailman/listinfo/geopriv