United Kingdom Parliament
HOME
ABOUT
MEMBERS & STAFF
BUSINESS
PUBLICATIONS
A-Z INDEX
GLOSSARY
CONTACT
Publications & records
Advanced search
 HansardArchivesResearchHOC PublicationsHOL PublicationsCommittees
You are here: Publications and Records > Select Committees > Science and Technology > Science and Technology
Select Committee on Science and Technology Minutes of Evidence

Examination of Witnesses (Questions 779 - 792)

WEDNESDAY 14 MARCH 2007

KIM THESIGER

  Q779  Chairman: Lord Chelmsford, thank you very much for being here and I am sorry we have kept you waiting, we overran, but I think you have been in the room and seen what was going on.

  Kim Thesiger: Absolutely.

  Q780  Chairman: You understand this inquiry and what we are interested in so would you like for the record to please introduce yourself.

  Kim Thesiger: My name is Viscount Chelmsford. I go generally by my family name Kim Thesiger. I am the co-Chairman of ITSPA which is the Internet Telephony Service Providers' Association. I also represent on the regulatory front an ITSP called TruePhone which offers a Voice over IP over mobile phone service.

  Q781  Chairman: How many UK consumers are using Voice over IP systems and how rapidly is the market growing?

  Kim Thesiger: I think the market is growing very rapidly. As such, it is very difficult to calculate at any one time how many UK consumers there are. Ofcom did a survey last August which estimated the number of UK voice users at 1.8 million. We think it is probably significantly more than that by this point. I think it is worth saying that the total number of 1.8 million users in the UK is made up of three substantially different types of Voice over IP consumer. On the one hand you have the computer-based services such as Skype, MSN and those kinds of services which allow you to make PC-to-PC calls or indeed, with Skype, PC-to-land line calls. Then you have services that are offered by ISPs. Orange would be a good example of that and BT are also offering Voice over IP services over their broadband infrastructure. Often in those cases consumers are unaware they are using a Voice over IP service. All they are aware of is that if they take Orange as a service provider then they get much cheaper telephony as part of that service. The fact that that telephony service is delivered over voice over IP is often unimportant and irrelevant to many of the consumers. They would not realise that it is being delivered by Voice over IP. Then I suppose there is a third group of users who are using pure Voice over IP services, by which I mean they may be getting their Internet service provision from a completely separate company from where they are getting their Voice over IP service provision. These tend to be more sophisticated customers who are looking around for the best possible range of services and prices from a range of specialist Voice over IP providers. Mostly this would be relevant to companies and there are an increasing number of companies that are now having Voice over IP telephone systems within their businesses, but there is a small number of consumers who also go for specialist Voice over IP services as well.

  Chairman: Good, that is very useful. Lord Paul?

  Q782  Lord Paul: We understand that VoIP systems do not currently offer 999 services. Why is this? How much of a problem is compliance with the legislation and regulation in this area for the industry?

  Kim Thesiger: I do not know of a single ITSPA member who does not want to offer 999 services and would like to do so as soon as possible, but there are some significant regulatory and bureaucratic problems to actually offering 999 services for most of our members. I suppose the main issue for us is the linkage between the ability to offer 999 emergency service calls and having to be what is called a PATS provider. PATS is a particular type of regulation which has a more onerous level of regulatory hurdles that one must meet in order to comply fully with PATS. In principle, most ITSPA members do not have a problem with the idea of complying with PATS. However PATS is still very copper-centric and still includes a lot of regulation such as the requirement to offer customers printed phone directories and to offer operator services. It specifies a requirement to offer text services to disabled users which is based on the existing PSTN copper telephone service, for example. All of that we are in discussion with Ofcom about and we understand that Ofcom are looking at the exact PATS regulations and how those should be changed for a Voice over IP world and IP communication world. However, there is one overriding obligation within PATS that does cause us problems and that is the network integrity clause. In a copper-based PSTN world it was very clear what represented network integrity. In an IP-based world it is very unclear what represents network integrity, and the message that we are getting from Ofcom is you must decide yourselves whether you have network integrity or not. There are no guidelines to help us decide whether we have network integrity, so the situation at the moment is that we might decide okay, we think we have done enough that we have satisfied the network integrity clause but if at some point in the future there was a problem with the provision of, let us say, a 999 service Ofcom, could simply come back to us and say, "Actually you are wrong, we think that what you had was not network integrity and therefore you are in the wrong and therefore you are going to be a fined a great deal of money." So it is important for us that this network integrity clause is cleared up. I should say that although Ofcom's legal advice is that in order to offer 999 calls you must PATS-compliant, that is not the legal advice that ITSPA has been given by a number of its legal members, and indeed there are other EU countries that have decided that the ability to offer 999 calls is in the overriding interest to be offered and therefore they have decided that actually you do not have to be PATS compliant in order to offer 999 calls. ITSPA would very much like to have seen that position taken up by Ofcom. We continue to work very closely with Ofcom to try and make sure that we arrive at a position where all ITSPA members can offer 999 services as soon as possible.

  Q783  Lord Paul: Thank you. In the United States Voice over IP services are able to offer 911 services. What are the key differences between the regulatory regimes in the two countries that allow this? Has the provision of 911 services led to any problems in the United States? How reliable is the Voice over IP system and how often do the services break down?

  Kim Thesiger: In terms of the differences between the US 911 system and the UK 999 service, we are in a very advantageous position in the UK. 911 systems in the US are based either at the state level or often at the county level within each state and it is not unusual in the US for different counties within the same county to have different 911 procedures. So in the US it is a real minefield for Voice over IP providers and they have got to think about how they work literally not even in every state but how they work in several counties in that state. In the UK essentially we have two 999 providers—BT and what used to be Cable & Wireless—so we can provide all 999 services through to access points and, potentially, it is extremely easy for us to offer 999 services. There are ITSPA members who are already offering 999 services and so all of that is entirely possible to do. In terms of whether offering 999 services over Voice over IP is inherently less safe, clearly there are a number of our members who are reliant on the network that is carrying those Voice over IP calls. Some of our members both own the network and they own the Voice over IP customers. Other members own the Voice over IP customers and each of those customers is using a different Internet service provider. Generally these days the reliability of broadband services is becoming pretty high. I personally use what is now Virgin Media and I have never, certainly in the last seven years, had any problems at all in terms of service outage, but a 999 call delivered over Voice over IP can only be as reliable as the underlying network it is delivered on.

  Q784  Earl of Erroll: How secure is Voice over IP? When you dial a number will you definitely get through to the person you intended to?

  Kim Thesiger: In terms of the technology behind Voice over IP there is no absolutely no fundamental reason why you should not get through directly to the person that you are intending to get through to. SIP, which is the technology which underlies a lot of our members' infrastructure, is a well-developed dual technology and we do not see any problems with reliability in terms of connecting people to the right number. So from that point of view we think it is very reliable.

  Q785  Earl of Erroll: Your written evidence draws attention to the threat of CLI spoofing. How prevalent is this? Are you seeing a growth in this kind of fraud?

  Kim Thesiger: We are not, frankly, but we are very concerned about the possibility of CLI spoofing and we think that is a real and significant issue. We know of at least a couple of web sites which allow you to enter a number and send a call to another user who will be presented with a number which is absolutely not your number. You could choose any number to present. Clearly ITSPA members are absolutely banned from doing this. If we ever found a member doing this they would be kicked out of ITSPA. ITSPA members will allow customers to present a different CSL but only if there is direct proof that they own that number. A typical example might be that a company would want all of its employees to present the switchboard number rather than their individual numbers, so there are legitimate uses for presenting a different CLI from the telephone that you are physically calling from, but you have got to be able to prove legally that you own that number. In terms of the UK we would very much like to see the authorities going after anybody who is offering CLI spoofing. We think that it is something that is very dangerous. In terms of CLI from abroad, the vast majority of calls coming from abroad currently do not carry any CLI and I think we would have to be very certain that the network that was sending that call was a legitimate network before we were prepared to forward a CLI coming from outside the UK.

  Q786  Earl of Erroll: Although there is of course a terrible sanction of being thrown out of ITSPA, should there not in fact be more onerous sanctions because they can still continue in business but not as members of ITSPA.

  Kim Thesiger: Absolutely. We cannot see any reason why anybody would offer a service offering people to spoof a CLI number. We would like to see that illegal and we would like to see action taken against anybody who offers it. As far as I am aware, there is no legislation which would allow the police to act on such people at this time.

  Q787  Earl of Erroll: I know you were in the room when I asked that question about whether you could have combined man-in-the-middle attacks for phishing and vishing with the presence of VoIP so that in fact both channels of communication were compromised.

  Kim Thesiger: I think anything is possible but in terms of VoIP, vishing is something that is slightly different. Any technology can be compromised but if you take some security measures then you should be able to protect against something like phishing, and really it is more about protecting the ITSP's infrastructure than it is about protecting the customers' infrastructure, and any reputable ITSP in this country would have taken strong steps to protect their own infrastructure because their business depends on it.

  Q788  Chairman: Is Spam over Internet Telephony a problem? If it is, what is the industry doing about it?

  Kim Thesiger: There has been a lot of the talk about Spam over Internet Telephony and there have been a lot of media reports about Spam over Internet Telephony. I would have to say at this time we have not seen any examples of it. We actually believe that because the cost of calling a telephone number over the ordinary PSTN is so low now that actually there is no greater threat for Voice over IP customers receiving unsolicited calls than there is for ordinary telephone customers receiving unsolicited calls. Voice over IP however does present a real concern in terms of unsolicited calls and tele-marketers, et cetera, and that is less that it enables them to make more calls more cheaply to customers but rather that it enables unscrupulous tele-marketers to set up and operate much more cheaply than they used to be able to do. If you look at the situation five or ten years ago, it would cost a tele-marketer tens of thousands of pounds to set up in business and get the correct machinery to enable them to use multiple ISDN lines, et cetera, to operate as a tele-marketer. What used to cost tens of thousands of pounds barely costs hundreds of pounds today. Somebody could set up in their back bedroom with a broadband connection and become a tele-marketer. We see that as really being the danger that Voice over IP brings to the unsolicited calls market. Obviously we are concerned about customers receiving tele-marketing calls or unsolicited calls but at the same time we think that the focus needs to be on stopping illegal tele-marketing calls from leaving our networks in the first place, and that is where we are putting the effort at the moment. There are certain customers that ITSPA members have which are legitimate and responsible tele-marketers. Equally, we are looking at solutions for them in which we can automatically check outgoing calls from those customers against the telephone preference list and make sure that they are not by mistake making any calls to a number that is on the telephone preference list. So we see really Voice over IP as posing an issue more to the generation of unsolicited calls rather than the reception of unsolicited calls.

  Q789  Chairman: Getting back to vishing but also considering this SPIT problem, clearly your motivation in ITSPA is the correct one. You are paying attention to the benefits of the technology but do you think that customers will really get what they need? In other words, will the companies not just deliver the minimum level of security that they can get away with?

  Kim Thesiger: Clearly there is that kind of concern, but we are a new industry and we realise that there is an awful lot of publicity about this industry and, if anything, ITSPA members have tended to be over-cautious. I suppose one of the things that really gives me a lot of hope for the future is that for a very new industry ITSPA was started up at the very beginning of that industry. I guess of the actual specific Voice over IP services rather than the PC-to-PC and PC-to-PSTN services like Skype and MSN we represent probably 80% or more of all the providers in this country who are offering Voice over IP services directly. The members have been very proactive about getting together, we have a very energetic technical working group who look at these exact kinds of problems and look at the solutions that we can apply to them. So I think we are only too aware of the reports in the media about the potential of vishing and SPIT, et cetera, and we are very, very keen to combat that and make sure that that does not become something that can be used against us in terms of the services that we are offering.

  Q790  Chairman: A final question: what impact is ENUM going to have on personal privacy and security?

  Kim Thesiger: We think ENUM has the potential to offer some issues in terms of privacy, but we also think it is very early days. There is still a lot of discussion that needs to take place in terms of ENUM. Many ITSPA members use ENUM but only on an internal basis within their networks where it does not have any implication whatsoever. We really believe proper public ENUM to be quite a long way off. We conceive of there being an awful lot of discussion before proper public ENUM is actually introduced. Clearly there are privacy issues and those privacy issues have already been an important consideration in the DTI's discussions about the future of ENUM, so one of the things that must be introduced in order for public ENUM to be introduced and to gain any sort of popularity will need to be for example protection against number redirection. Another thing that will clearly need to be introduced is to make sure that you cannot simply deduce all sorts of other information from an ENUM number. We actually think that even today it is difficult to deduce much from an ENUM number that you could not deduce from somebody's e-mail address. Somebody's e-mail address can often tell you which ISP they belong to, et cetera. So, yes, ENUM offers the potential for issues but there is a long way to go and a lot of discussions to be had before it becomes a real issue and we will certainly be wanting to make sure in those discussions that the privacy issues and the redirection issues are addressed.

  Q791  Earl of Erroll: Will not ENUM be quite useful for getting through to people, so it would be sad to knock it on the head because we are over-concerned?

  Kim Thesiger: Absolutely. Potentially ENUM is a very interesting and powerful tool which allows you to be contacted where you want to be contacted. The concern is that it is quite a top-down proposal and that the introduction of ENUM is likely to be quite slow and take quite a long time. Many ITSPA members are already offering the kind of benefits that ENUM could offer but within their own networks so, yes, we are engaged with ENUM, yes, we want to make sure the consumer is protected, but in fact there are other ways we can already offer some of the benefits that ENUM will offer through our own networks.

  Q792  Chairman: Lord Chelmsford, thank you very much. That was clear and concise evidence and very useful to us.

  Kim Thesiger: You are welcome, thank you very much.





 
previous page contents

House of Lords home page Parliament home page House of Commons home page search page enquiries index
© Parliamentary copyright 2007