Oddly enough, I'm on an information-disclosure kick this week. -rick
Is Network Outage Information a Terror Threat? October 4, 2004 By Caron Carlson http://www.eweek.com/print_article/0,1761,a=136322,00.asp Before negotiating telecommunications contracts for clients out West, Bill Harris made a habit of reviewing network outage reports filed with the Federal Communications Commission, scanning for clues that carriers had laid fiber on open ground in areas prone to wildfires. "It's not something a typical customer would think of, but if I'm in California, would it be important? Absolutely," said Harris, a partner with CCS Partners LLC, in Louisville, Ky. "You may negotiate on a certain point, and [the account team] would look at you as though to say, 'That will never happen.' Then you pull out the outage report and show them." By knowing where carriers had experienced problems, Harris said he was better prepared to discuss SLAs (service-level agreements) and to procure redundant services where necessary. But he's now lost that advantage. After more than a decade of making such carrier outage reports available to the public, the FCC in August ruled that the information will be kept secret, lest it fall into the hands of terrorists. At the same time, the FCC has ordered more carriers, including wireless and satellite operators, to begin turning over more-detailed data about a broader variety of network outages. The policy reversal reflects a larger practice in post-9/11 Washington of demanding an ever-increasing amount of data from corporate America while holding back information from the public. The government will know what's happening in the networks, but for businesses seeking to compare network performance and service availability, there no longer will be objective data to consult. "Before, you could tell which carriers were strong in what areas. I think this decision puts users in a weakened position," Harris said. "With that information going dark, you really don't have any information you can rely upon. You're going to be relying on marketing information." PointerCheck out eWEEK.com's Infrastructure Center at http://infrastructure.eweek.com for the latest news, views and analysis on servers, switches and networking outages. In addition to giving customers a clearer picture of the performance history of the carriers they negotiate with, the public availability of outage data had prompted service providers to improve standards and practices, said Brian Moir, a lawyer who represents the eCommerce & Telecommunications User Group, in Washington. "We've made significant progress over the last decade getting carriers to address basic operational issues like best practices. There weren't any best practices until we started pressing for that data," Moir said. Many outages affecting large numbers of customers are caused by storms and accidental wire cuts, but a fair number are caused by seemingly avoidable problems, such as technicians' failure to follow standard procedures, inadequate safety precautions, maintenance troubles and even theft , past outage records show. Next Page: Leaky water and fiber cut by vandals. For example, in January, Verizon Communications Inc. experienced an outage in Virginia that lasted 2 hours and 41 minutes when water leaked from the plumbing in a third-floor bathroom onto a first-floor switch. In September 2003, Qwest Communications International Inc. service was out for 4 hours and 38 minutes after vandals cut fiber-optic cables in Bellingham, Wash. As recently as last summer, the FCC championed the marketplace benefits of making outage data available to the public. In a July 2003 letter to Comcast Phone of Massachusetts Inc., the FCC denied the carrier's request to keep an outage report confidential, stating the long-standing policy that "the public is entitled to full and forthcoming explanations" for outages because they "have been of enormous public concern, in part because they have such a widespread public impact." This summer's about-face by the FCC was driven by changed circumstances, according to the commission's Report and Order, released in August. First, the competitive landscape changed, and disclosing outage data now could cause competitive harm to carriers and to equipment manufacturers. Second, the post-9/11 fear of terrorism heightened the critical nature of the networks, in the government's view. Voting for the order, FCC Chairman Michael Powell said the commission "recognizes that much of the information provided in these reports will contain sensitive homeland security information. In order to prevent this information from falling into hostile hands, the Commission has created appropriate protections for this data." The order states that the "national defense and public safety goals that we seek to achieve by requiring these outage reports would be seriously undermined if we were to permit these reports to fall into the hands of terrorists who seek to cripple the nation's communications infrastructure." Critics of the new rules, however, complain that the FCC's decision lacks specific justification for granting the carriers something they had long desired. Well before the commission began considering a reversal of policy in February of this year�and even before the terrorist attacks of Sept. 11, 2001�it was pressing for more information from carriers, which simultaneously lobbied to restrict the information. Until August, the FCC remained steadfastly committed to open records. "Why was [disclosure of] a leaky pipe in the public interest a year ago, and now it's an Osama bin Laden issue?" Moir asked, questioning the stated reasons for the policy change. "This was clearly a political decision driven at the [commissioners' level]. This was just a quid pro quo side deal with carriers." Officials in the FCC's Office of Engineering and Technology�which handled the proceeding�maintain that changed circumstances alone guided the new rules, which apply only to new outage reports. But outside OET, agency employees acknowledged that the commission, pressed by the Department of Homeland Security, was eager to begin collecting more data from carriers. "They wanted to get this information, and the industry was raising a big stink about giving it to them," said an agency employee who asked not to be named. "They wanted to get this thing going as soon as possible and liberalize later." Next Page: How far is too far? How far to go? The fcc did not go so far as to prohibit all network vulnerability data from reaching the public�only that the information won't reach the public via the FCC. Despite the stated fears about terrorism, the decision has no impact on what carriers can tell their customers�or anyone else. Typically, per contract terms, network operators inform enterprise users about the nature and circumstances surrounding service outages, and spokespeople for Verizon, Qwest, AT&T Corp. and Sprint Corp. said the FCC's new policy will not affect that outreach. "The public and the FCC are very different from the enterprise customer," said John Polivka, a Sprint spokesperson in Dallas, adding that "due diligence" requires Sprint to inform customers of the circumstances surrounding an outage, including the cause, if available. "They're sitting on top of the IT network already," Polivka said. As for AT&T, "the new FCC reporting rules don't change our customer notification process," said Andy Backover, a spokesperson in Bedminster, N.J., confirming that his company provides enterprises with the cause of outages. "If we shared information with customers, it's not like they're going to share that information with others." Lawyers who negotiate contracts for large enterprises agreed carriers that face meaningful competition will not be inclined to stop providing relevant data, including the cause of outages, to enterprises. Some said that even where competition is not robust, carriers have an interest in being candid with their largest customers. "We may not be able to satisfy every customer's innate curiosity about the cause of an outage," said Jim Blaszak, a partner in the Washington firm of Levine, Blaszak, Block & Boothby LLP. "But if public disclosure would increase the odds of terrorist attacks on the telecom infrastructure, I don't think the enterprise would be happy about that." For smaller enterprises that don't wield as much leverage, the hope remains that the government will rediscover the benefit of making at least some outage data available. "I still think the country's reeling from 9/11. Hopefully, over time, we can bring that pendulum back a little bit to get a little balance," CCS' Harris said. "I'm grateful to the FCC and the [DHS] for protecting us from the terrorists. I'm looking for a little protection from the carriers as well." Copyright (c) 2004 Ziff Davis Media Inc. All Rights Reserved. -- You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
