Encryption, The End of Privacy, Sensors, Australian Internet Services in 2024, the Role of Dark Fibre

In this issue we continue with our inaugural Future Tech 2024 interview — speaking with John Lindsay — one of the Australian telecom industry’s most prominent technologists.

Part 1 of the interview covered broadband in 2024, shifting usage patterns, cloud services, privacy and data harvesting.

John started his first ISP in the early 90s, was a founder of iiNet South Australia, general manager of Chariot Internet, Network Operations Manager for iiNet Ltd, Carrier and Regulatory Manager and later CTO for Internode before being appointed Chief Technology Officer for iiNet Ltd after the sale of Internode to iiNet in 2011. John is now helping early and growth stage technology and Internet businesses survive, grow and thrive in his new company Lindsay Strategic Advisory.

Encryption

Shara Evans (SE): So fast-forward 10 years, do you think everything will be encrypted?

John Lindsay (JL):  I think that it will become something which is expected, and if it isn’t it will be seen as a defect. I think that over the next 10 years, people are going to care about privacy a whole lot more because they will have had an experience, or a close family member or a close friend will have had an experience, where the breach of their privacy has actually impacted their lives.

SE:  Maybe like draining their bank account or putting things that they don’t want in the public domain public

JL:  All of those things — stealing their personal financial records, particularly fraud.

In the course of the last decade, I have been through five different credit card accounts. Each time because somebody on the other side of the planet has somehow put together the combination of credit card numbers and expiry date needed to start passing transactions.

Largely this is caused by the United States holding itself to a ridiculously low standard for the security of credit card data and transaction processing. Businesses in Australia are held to the payment card industry standards, PCI, which are remarkably strong and quite rigid about how businesses that transact on the Internet and even via mail order and so forth, how they handle credit cards. The goal was to try and make sure that credit card numbers don’t actually move around in clear text so that it can’t be scraped out of memory from servers. You really want to make sure that credit card data is protected, and, where possible, that you as a merchant don’t even know what that number is. You don’t need to know what that number is. What you need to know is that somebody has actually paid you a sum of money and the transaction was successful.

SE:  That’s where services like, say, PayPal come in because the merchant that you’re buying from doesn’t need your credit card number. You don’t have to have a PayPal account, but you can actually use your credit card through what is in effect a banking-type institution to be able to transact random ad hoc services with different merchants.

JL:  Well, I certainly know that the big banks in Australia all now offer their credit card processing as a service, whatever that acronym works out to, but they removed the requirement for an online commerce operator to achieve this level of security by ensuring that the credit card numbers are never in that retailer’s server in the first place, which then avoids the kind of disaster that Target had in the US where tens of millions of credit card numbers have gone out into the wild.

The End of Privacy?

SE:  Yes, and that’s a huge liability. What about social media data? So many people put too many aspects of their private life in the public domain. They might even mark it with some sort of privacy marking, but then a company like Facebook, for instance, changes its privacy policy, and what happens to that metadata that tagged a picture for my close friends only or particular people only? In 10 years’ time, is it even reasonable to expect that that privacy tag or allowed-viewing tag will even still be affiliated with that image, which will probably live on the net forever?

JL:  In 10 years’ time, what would the resolution of the photograph that the satellite that’s passing overhead be taking? Just what is privacy? What is the privacy of your own backyard in 10 years’ time? I heard that there’s a satellite photography service going live at the moment where the smallest feature that it can resolve is 25 centimetres across.

SE:  Wow. From a satellite?

JL:  From a satellite.

SE:  So I suppose if you’re outdoors, be aware! They haven’t developed Superman X-ray vision yet to see what you’re doing inside the building… at least I don’t think so.

JL:  But, yes, privacy is something which governments have been routinely ignoring forever, where a reasonable person forms an opinion early in their life that privacy is created by pulling down the curtain or the blind and closing the door, and that the stuff of spy stories of the last few decades have been all about how that isn’t actually private. Now with the revelations of people like Snowden and WikiLeaks in general, the truth of what you can do with a bit of storage and a bit of networking and the ability to watch data going by is now much more in the open.

It’s a requirement — it has been since the years of the Clinton administration in the US — that network equipment that is sold to Internet Service Providers and telcos is capable of supporting interception for law enforcement. The act that it is done under is known as CALEA. It means that telco networks all around the planet are trivially easy to implement interception on, and that’s being done in pursuit of law enforcement or national objectives.

I think that ordinary citizens are going to increasingly form the opinion that they don’t want everyone from government agents through to their life insurance provider and their credit card issuer…

SE:  Or healthcare insurance provider.

JL:  Yes. Monitoring every aspect of their life, and will in fact, firstly, start encrypting data; secondly, only acquiring services that will encrypt and protect their data; thirdly, that they will stop sharing nearly as much data on third-party platforms.

We may actually see a world where the likes of Facebook ‎are essentially metadata hosts but the actual data itself is something that individuals control more directly, although once the packet is sent, you have to assume that everybody in the planet can read it.

SE:  Yes, unless you both have encryption devices; you both have the key; and nobody else in the middle can descramble what it is you’ve sent.

JL:  But then you have to trust that the person you sent it to who has decrypted it doesn’t do something else with it.

SE: Yes… yet another attack vector.

JL:  I note that my kids are highly aware and quite cynical about what they put on the Internet, that they already understand at quite a young age that everything that they put on the Internet is out there and could be seen by anybody forever.

SE:  That’s interesting, but I think a lot of people haven’t quite cottoned on to it like your kids have

JL:  But I think also that we form habits over a lifetime. Young people today are forming different habits from their life experience than those of us who are a lot older have managed to form. There is an assumption and presumption of privacy and security and duty of care and so forth, which the modern world is not actually delivering.

Sensors

SE: That brings me to another subject I wanted to ask you about: sensors. Certainly in the research labs, we’re seeing sensors deployed for healthcare, for agriculture, for aquaculture, for home automation, for a whole range of different things. In fact I read something the other day about a little sensor that was in a pill to help monitor a particular healthcare condition, so you actually are swallowing a little sensor. It’s inside your body. It doesn’t get much more personal than that. All of these devices are communicating a wide array of information. Some of it will be business related, like in the agriculture case, looking at irrigation and soil levels, but when you start talking about pills that you swallow that have little tiny sensors in them, that’s very private information. How does an individual control the use of that kind of information?

JL:  And, again, we’re back to this thing where we presume that the people who are providing us with services have all of our best interests first and foremost in their mind constantly. So when you go the doctor and they refer you to have an X-ray, you pay the bill, but all the medical professionals guard this data, this image of your insides; they all guard it most closely and they really get quite snooty about the patient, the source of this image, having access to the actual image. You would assume that if you have a heart pacemaker that can be reprogrammed electromagnetically, that there’d be some kind of security around that, but there rarely is. You’d think that if you swallowed a camera and bio-monitor that the data that was going to be transmitted by that — you’d really hope that it would in some way be encrypted.

SE:  You would hope.

JL:  You would hope that your Internet-controlled light bulbs were actually only controlled by you over the Internet and not by Yevgeny from Kiev, as a random source of Friday night entertainment.

SE:  And that they really didn’t have cameras in them as well.

JL:  Well, you know, there’s Google acquiring Nest, the thermostat that looks ever so like a HAL 9000 eye.

SE:  That’s pretty scary.

JL:  I haven’t pulled a Nest thermostat apart, but I know they have what is described as an optical motion sensor.

You know, in the telecommunication industry, we like to talk about the free space optical infrared transmission system because when you call it a “laser,” everybody has images of deep-fried birds —but you know, they don’t deep-fry birds. They’re actually remarkably safe. It’s all in the branding and the labelling. Google is now in a position to know that you’re home, and to know what temperature you like the room. It has a pretty good idea of how many of you are home. It knows when you’ve arrived, and next time you leave it’s going to know that you’ve left.

SE:  Well, you would hope cat burglars don’t have access to that information, too.

JL:  Well, what was the bicycle riding — it’s one of those like MapMyRun ‎ things. It’s an application that all of those lycra-clad middle-aged blokes with expensive racing cycles use to track their bicycle rides, and one of the larger demographics among the user community is that of bicycle thieves who now know exactly where your expensive racing bike is. And they’ll know which ones are the good ones too, because they know that you have a particularly good time getting to the top of this particular hill. They know that you’ve got there, and they know that you’re in the coffee shop, so they come by and they steal your bike.

Australian Internet Services 2024

SE: So if I had to just ask you to summarise: what do you think a typical Internet day would be in the year 2024 in Australia?

JL: I think the foundation device in 10 years’ time is going to be something that looks more or less like a handheld telephone. That’s a convenient way to carry around a lot of processing power, a lot of storage, and a mechanism to wirelessly access the Internet. The wireless technologies that the device will support wherever WiFi has gone from where it is now. The entry level will probably be 802.11ac because that’s just out now and people are still using 802.11b which is about 10 years old now.

SE:  What kind of speeds does 802.11ac support?

JL:  802.11ac in the 5.8 GHz band supports hundreds of Mbps, even a Gbps, so, yes, it’s a nice starting point. There’ll almost certainly still be Bluetooth because Bluetooth is a really good way of letting hands-free systems in cars talk with telephones. There will be something that might be based on the WiFi and IP packets — or it might be based on something else equivalent to HDMI over wireless — that will allow the device to talk to screens. The copyright protection industry has a particular affection for HDMI because, with it, the device that’s playing the movie and the device that is displaying and communicating with each other and essentially convince each other that they’re trustworthy.

SE:  That’s interesting.

JL:  This is why, if you have an old television that doesn’t have an HDMI input and uses a converter cable to, say, your Blu-ray player, your Blu-ray player will refuse to show the high-definition version of the movie because it can’t confirm with the television, that the television is a trustworthy device. It’s why, today, if you go and buy a Fetch TV box, it doesn’t have component video outputs because that’s a trivial path to video piracy, so there’s a composite video output, which is kind of muddy, low-resolution DVD-grade output that they’re not overly concerned by, but you won’t find RGB component video out on a modern device.

So if a handheld device is the kind of basic thing that everybody has that serves the function of a phone, and it has the storage of a laptop and you can plug it in or set up next to a generic screen and keyboard, if you want to have the big screen and keyboard experience — there’s a huge amount of data that you’ll be able to carry around in your hand, or in your pocket, without really noticing that it has any weight or any inconvenience, and the convenience of carrying that around will be huge.

SE:  Well, the inconvenience or tragedy of losing it might also be just as huge.

JL:  So, today, if you have an iPhone and you pay an only modestly extortionate price to Apple for iCloud with enough gigabytes of storage, you can keep your iDevice backed up to iCloud, and I expect that we will see that scaled up as concept.

SE:  Always backing up…

JL:  That’s going to become really, really ubiquitous.

SE:  But it would have to be a trusted provider, and you’d have to make sure that it’s encrypted if you’re going to put everything there.

JL:  Yes, you would really hope so. There are people out there who’ve been trying to make backup as a service work commercially. There are some really interesting guys in Adelaide who’ve been trying to do it. I think the challenge they’ve had to really get this to take off commercially has been that back-channel bandwidth is just too expensive and not sufficiently widely available, but when it is it will become more attractive.

I think it’s worth appreciating that radio-based comms have improved linearly over time; whereas copper-based services have improved exponentially over time.

SE:  Yes, and fibre-based speeds will just keep going through the roof.

JL:  Yes, fibre provides essentially infinite bandwidth. Certainly, I think that we’ll, probably in a decade, be watching a fairly bitter debate about direct access to fibre, the fibre owned by NBN Co, or whatever NBN Co morphs into, where service providers basically say, “Well, in order to deliver the 10 Gbps connections that consumers want, we need direct access to the fibre and that managed service model is just going to be…”

It’s all about Dark Fibre

SE:  So you’re talking dark fibre.

JL:  Yes, absolutely.

SE:  That’s what all the ISPs are doing now for their connections for their own backhaul and also for their corporate customers.

JL:  Absolutely. You know, dark fibre for service providers is something that is just really quite essential. And if you don’t own any or if you don’t have access to it, somebody else essentially has a knob that controls the profits of your business. It is that simple, that they can constrain your ability to grow. They can say, “Well, we’re really interested in how much you’re growing and how your revenues are growing, and we’re just going to take some of it,” and your ability to stop them is just non-existent.

SE:  And I think that’s part of the driver behind the industry consolidation that we’re seeing. A lot of it is, in my view, infrastructure plays, where companies look at the bits and pieces on the competitive playing table and they say, “That one fits an area where we have a gap and it may be that we don’t have fibre, and let’s slot in something to fill that gap.”

JL:  I suspect that the thing that justified the valuation TPG placed on AAPT was their inter-capital dark fibre.

SE:  I would agree.

John, thank you so very much for your time and your insights. It’s been great chatting with you, and I hope everyone reading this has enjoyed our discussion.