Schneier on Security
A blog covering security and security technology.
« Counterfeiting an Entire Company |
| Microsoft's BitLocker »
May 1, 2006
Priority Cell Phones for First Responders
Verizon has announced that is has activated the Access Overload Control (ACCOLC) system, allowing some cell phones to have priority access to the network, even when the network is overloaded.
If you are a first responder with a Verizon phone, please visit the government's WPS Requestor to provide the necessary information to have your handset activated.
Sounds like you're going to have to enter some sort of code into your handset. I wonder how long before someone hacks that system.
Posted on May 1, 2006 at 1:29 PM
• 52 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I used to work for a large Swedish cellular phone company. Our CDMA phones (Sprint, Verizon, Alltel) had a feature called "emergency numbers" where up to three numbers could be tagged as "emergency".
When calls were made to these numbers, a special bit was set in the over-the-air protocol between the phone and the tower. This is a standard feature of the CDMA protocol.
Depending on the way that the carrier had configured their network, you either [A] got connected to the local 911 dispatcher or [B] got a high-priority connection to the dialled number (meaning someone else's call might get dropped so that yours could go through).
We routinely tested this service on the live networks, but I'll never know if someone else's calls got dropped just so we could call home.
This feature is available through the normal configuration menus. No secret code required.
While prioritisation of cell phone users is kind of interesting (and not a bad idea, really), I find it amazing that proven bad ideas (in this case, apparently trusting that the code won't be known by unauthorised persons) are being repeated over and over again by multi-billion-dollar companies that, one would think, would have the wherwithal to hire someone who knows what they're doing.
Plus ca change...
And if I am a terrorist, I can triangulate on the location of the important people.
Hm. So everybody else is getting a second-class member.
Isn't that a reason to cancel your contract?
If everybody get's a first-class-account, the company needs premium accounts, which are able to even cancel first-class-calls, and golden accounts, which cancel the premiums, and platin-bizznezz-accounts to cancel the golden ones, and so on and so on.
This sounds like a valuable feature. If it is hacked, hopefully Verizon will be able at minimum to track unauthorized use and charge the offending subscribers with theft of services, interference with emergency services or some such offense.
you just spoiled the plot for next season of 24.
Why is non-neutrality ok for phones but not for the Internet?
LA DWP maintains its own fiber network, because they own a bunch of real estate and don't want to rely on telco companies for their own networking.
The idea can extend for emergency response. Rather than reserving part of a public network for emergency response (where the network is primarily built for commercial use), build a multi-purpose network (data and voice) that is designed to handle disaster conditions.
With newer broadband wireless technologies like 802.16(-2006), it is totally feasible to design and roll out an emergency responders network that can cover a large geographic area with high redundancy.
True, you have to build the infrastructure, but then you don't have to involve a telecommunications carrier and you have complete control of the network down to level 0.
Observation: You can always blacklist any abuser, because the cell phone system knows the users.
IMO, this seems a VERY good idea. These days, cell has become critical infrastructure, and prioritizing the calls for first-responders semes a natural "no duh", as it really can't be abused reliably (its easily detectible by the cell phone company) but offers substantial benefit.
WPS has been available from some other vendors for a while, and will eventually be available from all vendors. There is also a system for priority emergency routing through land lines (GETS) that, if you can get a dialtone, give you a very high probability of getting through the network. Neither of these preempts traffic, but gives you dibs on the next available channel. Telcos are required to support both WPS and GETS, and while GETS is fully active, WPS is still rolling out.
For WPS, the cellphone is registered in the telco database as being WPS capable with its priority level, the code is to request that the feature be used for that particular call. GETS is a special calling card. There is a setup cost, a monthly maintenance cost, and you have to pay by the minute as well. The government tracks usage as well, and you can get dropped from the program for misusing either system.
Both WPS and GETS require that the user have a documented role in disaster and emergency response. There are tiers of priority within the system, so that command/control priority is followed. Neither is that easy to get, they must be applied for by qualified organizations and not directly by the individuals who they are issued to, and WPS has a much higher standard of entry that GETS.
These systems aren't for normal use (although you are allowed to make limited test calls), but during a disaster, responders need to be able to make contact, get assignments, get gear, and get rolling.
Who cares if it's hacked? The few crackers will get nothing in normal circumstances, and priority access during emergencies -- which is bad, but as long as they don't force first responders off the network ...
And, curious: That's a poor analogy. The "bandwidth extortion" proposals aren't anything like this -- they're about telcos blackmailing Google. If Verizon were *selling* priority access, I'd be pissed. But the next time someone drops a plane on my city, I'm not going to care about non-neutrality -- I'm going to want first responders who are capable of responding adequately. I don't know if this is the right way of doing it, but it's a fine idea.
I think this is still another idea that falls into the category of "Just because we can do something neat/cool/different using new technology let's go ahead and do it!"
IMHO, you are just looking for trouble with this implementation along the lines of the recent hack of the traffic light "turn green" system also used by emergency responders.
I wonder how civilization managed to survive all these years without either of these new systems.
bob: You're a terrorist capable of triangulating an arbitrary cellphone number and you want to use it to kill ... EMTs?
@bob, if you are a terrorist with some pretty technical access to the cellphone network, then you can triangulate firemen, policemen, and paramedics. Or you could just call them at their special 9-1-1 number for free from any phone, (even one without a service plan) and ask them to come over.
because unlike phones, the internet isn't used to coordinate in the same tactical way, in real-time, during emergency situations. But don't ATM, and other similar schemes already give higher priority to real-time data like voice?
My understanding from a friend that works at Verizon (and Airtouch before that), and backed up by a couple of people who have worked at Cingular and Sprint, is that in a disaster, the cell networks have the ability to clear the networks of all but certain tagged phones belonging to key government agencies and those connected with emergency response. This setup may be different, though, in that it would allow everyone to potentially use the network but kick someone when a first responder made a call.
I believe ACCOLC has been available in the UK for some years, and was used during the July bombings.
Zapping the phone system there was afterwards deemed to have been a bad idea. Not all emergency services had enabled phones, and even if they had, there would have been other workers there who'd have needed enabled phones but didn't have them.
I THINK it's hackable, and IDing a hacked phone mightn't be easy, depending on how you're running the system. An ACCOLC system could be run on a scale of priorities (at least in theory, I think this is what we Brits do), so you might have quite a wide range of priority users. In which case, in an emergency you have to make challenging decisions about which grades of operators you need, but as it's an emergency you don't know yet.
And if you've got large numbers of users, most of them working in large organisations, you've got logistical problems figuring out who's legit and who's not. You might get close with a pretty sophisticated back end, but I don't think we have that.
So good idea, but it doesn't seem to work in practice, and switching off the phones is probably almost always a bad idea.
Personally, I think this is a bad idea. It presupposes that emergency responders should be using a public network and that they should have priority.
If they should have priority, they shouldn't be relying upon a public network (also, they currently *don't* -> I don't know of any emergency response service that doesn't have its own communications network of some sort.)
This is Verizon telling police/fire/emt/etc. departments, "Forget your expensive private radio network, just use our cell phone service... we have QoS now!" It's marketing, not public service. Cell phone providers are scared to death of new wireless technologies and want to get reliance before police departments set up their own networks (see http://www.southsiouxcity.org/news/... for an example)
If you have your own network, and don't rely on the public cap-"I" internet, you can have QoS without using ATM or frame relay on the back end.
Depending upon your agreement with your provider, you can have QoS in your entire network... it only breaks down when some of your communications need to pass "outside". In this case, though, it doesn't matter if your connection to your ISP is ATM or frame relay or T1 or whatever... the QoS stops when you hit the border of the service provider's network.
And you're incorrect, to some extent, that "the internet" isn't used to coordinate disaster response (it can be and is in some communities).
However, that depends on your definition of "internet" -> is it a small "i" internet (ethernet over a private network usually with QoS), or the cap "I" internet (ethernet over the public packet switched network with no QoS)?
One of the major differences between "the Internet" and "cell phones" is that "the Internet" has always been a public packet switched network with no QoS, whereas the telecommuncations network has historically had some QoS guarantees. Admittedly, cell phone service didn't have anything you'd call a real QoS agreement due to coverage situations, but most people think of their cell phone as an extension of their land line phone service.
Curious: the phone network is an application-layer network. It provides basically one service, namely telephone calls. The Internet is a transport-layer network. It provides "whatever service people care to invent, until the network operators decide to screw around with filtering".
There are exceptions and complexities, of course, but that's the basic difference that makes network neutrality more relevant for the Internet than for the phone network.
> switching off the phones is probably almost always a bad idea.
I agree switching off phones is a bad idea -- non-responders still need to call to report emergencies. But I don't get the impression this system would disable certain phones, only restrict them to a lower priority.
I hope Steve Bellovin gets some credit here. This is clearly derivative of his "Evil bit" idea from RFC 3514.
@Mary "Who cares if it's hacked? The few crackers will get nothing in normal circumstances, and priority access during emergencies -- which is bad, but as long as they don't force first responders off the network ..."
First off it would be possible to call for free, just like blueboxing, which can be done but requires enormous knowledge of the infrastructure and systems. In my country emergency numbers are free, but are limited to 1 or 2 numbers that can be called for free.I cannot see why hackers want to use more priority, that's plain silly. But sure it's sure it can be stressed for attack. And I don't think it's just a simple code combination that unlocks it, like to view your IMEI number.
Maybe the use of public and private keys would pay of the sollution to it?
"ACCOLC is indicated on the SIM card by a number in the range 1 - 15"
Which is the most disturbing issue.
Why are so many of you assuming that the Verizon plan would grant *free* access to first responders? While such a plan might be in place on other networks, I see no indication of this being the case here.
And why do some of you assume that an access code alone would grant priority access? Perhaps the access code will only be honored after a successful lookup on the backend of the unique ID of the phone making the request. Granted, this ID can be faked, too, but that's a much tougher undertaking that's not likely to be widely abused.
> If they should have priority, they shouldn't
> be relying upon a public network...I don't
> know of any emergency response service
> that doesn't have its own communications
> network of some sort.
These private networks often become quickly overloaded in an emergency. For example, I'm an amateur radio operator and I served as a communicator for the California Department of Forestry for a week following the Loma Prieta earthquake that struck the San Francisco Bay Area back in '89. The CDF fire station at which I was posted had two frequencies allocated to it, and these frequencies quickly became clogged with traffic from crews of firefighters coming in to assist from out of the area that were in need of directions (there was also a lot of idle chat, but that's another matter), rendering them essentially unusable for tactical communications. All tactical traffic was passed on the ham bands though volunteers like me for several days. (And BTW, hams are generally very good about steering clear of frequencies that have been declared to be in use for emergency communications.)
I don't know about Verizon but this has been in place for years. On landlines all the way back to the '40s. It simply is a way for a caller to identify themselves as a priority user. The access is approved by the government. I depends on you getting a dial tone though.
The problem in the wake of Katrina was 1. loss of towers, 2. network singlepoint failure. I know for a fact that T-Mobile numbers from the impacted area were unreachable regardless of where the phone was. Dial the number you got a message about the hurricane. I had a Mississippi number but was out of the impact area. I could dial out all I wanted but no one could call me. Even the customer service couldn't reach me. I surmise that to dial my number you had to hit a database local to the impact area. It means that the network didn't have redundancy or fallback for the local number databases. It seemed to be tied to GSM networks, Verizon users I know didn't have as much trouble.
The question to ask is, does your network have the ability to validate your number if their local area database is unreachable? Do they have rollover backup servers?
Pre-emption is a really good idea. Has it occured to anyone reading that there might be sudden value in turning off the mobile phone network selectively, so that oh for example, cell phone detonators will not work . . .but the Incident Command Post can still call out?
This system is for command and control functionality at major incidents and disasters, not for the poor paramedic in the field with a dying patient in his hands and no way to reach medical direction for orders. That level of functionality could be lifesaving under some conditions -- but I don't see anything in here that's going to bless paramedic cell phones, even though saving lives seems a much more urgent justification than bureaucracy.
Based on reading the sites linked, it seems to be far more important for the Federal government to talk to itself, than for the Feds to communicate with state and local authorities and responders. Hurricane Katrina, anyone?
@ Pat Cahalan
No responsible agency is going to rely on the cell phone network. Everyone has -- and needs -- their own radios.
ACCOLC is a feature from AMPS cellular. The idea was that if the access channel (reverse channel of the control channel) is overloaded, the base station can command the mobiles to take turns by broadcasting overhead messages with only some of the ACCOLC bits on (presumably test, emergency, and one of the normal groups). The ACCOLC for a normal station was supposed to be the bottom decimal digit of some identifier, allowing for 10 groups of normal mobiles. The ACCOLC field is 16 bits long, and a mobile is allowed to send an origination only if its bit was set in the most recent overhead messages. This sounds like the `number from 1 to 15' above.
The brochure at wps.ncs.gov includes the code to dial before the destination number, so presumably the network does some checking before granting priortiy access.
From my understanding, this system is only to prioritize calls made from official phones during a crisis when increased call volume will overwhelm the system. In that case then a few hackers figuring out how to make priority calls won't make much of a difference. Cell phone systems have much more capacity than would be used even if all official phones were in use simultaneously. The problem is when they have to compete with millions of non-emergency callers. Adding the traffic of a few hackers clever enough to get access won't add enough priority traffic to be a problem. You'd need a hell of a lot of hacked cell phones in use during an emergency for it to be a problem. For priority calling to work the security only needs to be good enough that most people won't be able to break it. At best a priority hacked phone would impact regular non-priority users.
One legitimate concern is if terrorists were able to priority hack their phones, in which case they could still coordinate freely even once the phone networks get bogged down. This won't prevent real priority users from getting through, so the primary objective of priority calling is preserved, but it would give a terrorist an advantage they wouldn't otherwise have, so that's a good reason to make sure the system is not abused.
In order to hack this system, you need to be able to test against it. If it's only activated during emergencies that flood the system with traffic, how will nefarious users manage to do that? Unless they are able to set up their own mini cell network using the same systems as Verizon, et al., they will get no feedback on whether their hack attempts have succeeded or failed until it's time to try it for real.
That sounds like a recipe for failure.
"We want you to hack this system. You get no feedback, positive or negative, on your attempts. The only time you'll know if you've used a successful technique will be under one-time actual conditions. Good luck."
today we're helping out first responders, but tomorrow we'll try to sell you **priority** service, and we're willing to degrade the level of service to current customers to do this!
if i'm talking to an interesting woman on my cellphone, i don't want my call dropped just because somebody flew a plane into a building.
It is pretty obvious to me that this priority system will be abused in order for the 'big shots' to call their family members during an emergency when the lines are overloaded.
Part of the registration process should require the authorized users to supply the phone numbers of their family members. Those family numbers would be blocked from receiving calls through the priority system.
Orange in the UK have had this feature for many years? and it is know as a "priority sim". This is allows VIPs to make calls when others (such as myself) would be unable to make a call due to "Network Busy" also this allows a call to be "dropped" and the VIP sim or "Priority Sim" to take that users place on the network to make their call. Quite a common feature really.
This reminds me of 1996 or so when I was living near Kansas City. I already knew about ACCOLC at the time, being one of those people who had to know absolutely everything about my phone. And of course I had programmed it into every handset I touched.
This, as it turns out, was just about the only way to make a cell phone call from downtown Kansas City during most of the business day, as the area seemed to have much less capacity than demand at the time, and the network busy signal was quite common.
A terrorist can simply slap together a powerful noise emitter at the cellphone frequencies and completely overwhelm cell phone network around the area of attack. Those puny 1 watt cellphone transmitters have no chance to get through an el-cheapo (few thousand $s) noise maker pumping few killowatts into the air.
A more tech-savvy terrorist could build a fake cell station - enough to confuse the hell out of the handsets.
If the goal is to create a radio network suitable for emergency responders in case of terrorist acts, one needs to use more appropriate technology - capable of evading narrow-spectrum malicious transmissions (i.e. UWB or SDR) and have enough reserve TX power in the end-user sets. Cell phones have hard time dealing with normal levels of EM noise, judging by the crappy service offered by the providers.
Maybe this will clear up any doubts:
FREQUENTLY ASKED QUESTIONS ON ACCOLC REGISTRATION
1. What is ACCOLC?
ACCOLC is a control programme which the cellular radio network providers have agreed
to implement at the request of the Police or Cabinet Office to ensure that, in an
emergency, the public safety services and other relevant authorities will have priority
access to cellular radio systems which might otherwise become congested by nonessential
users. The capacity of cellular systems is now such that ACCOLC is rarely
needed but some rural areas only have a limited number of channels and consequently the
number of authorised users is strictly limited.
2. Who has authority to invoke ACCOLC.
The Police Incident Commander is normally the only authority permitted to invoke
ACCOLC. Exceptionally, the Cabinet Office may assume this responsibility if the
magnitude of the crisis demands central government intervention.
3. Does ACCOLC give any priority on the mobile phone network when the system is
No. All mobile phone calls are treated with equal priority. ACCOLC is designed only to
support the emergency services at the scene of an incident. The facility lies dormant on
the network unless invoked at the request of the Police.
4. As a NHS Hospital Trust can we register our mobile phones for ACCOLC as a
contingency communications network in the event of a failure of our PABX or the
Public Switched Telephone Network?
Note. ACCOLC is designed only to support the emergency services at the scene of a
5. Does ACCOLC registration guarantee that an emergency call from the scene of an
incident will reach its destination quickly?
No. ACCOLC only permits access to the network by registered users at the scene of the
incident. Once the call is routed outside the incident area by the telephone network, it is
treated as a normal call.
@mary (and others): Absolutely. If I am a terrorist, I want to kill first responders. EMTs, cops, national guard. Anybody who might be decreasing the chaos (notice I didnt mention mayors). If they are dead, then the body count goes way up and the news coverage goes on much longer which is my primary goal to get people talking about me and my attack.
"Sounds like you're going to have to enter some sort of code into your handset."
These things are typically done within the network. Something like a short list of SIM ID's that each switch can store, giving priority to handsets with that ID in times of network congestion. Interestingly there is no priority scheme for the control channel (otherwise newly-appearing handsets could never get their requests in).
To rebut a few points:
This isn't meant in any way to replace other communication systems, but to augment it. Off-duty firefighters, EMTs, utility workers don't usually carry their radios. Sometimes the primary comm system is overloaded or unavailable. Other organizations that qualify may not even have other comm systems or sufficient capacity. Interagency communication is frequently a problem even in fairly small responses. Responders frequently need to have direct contact to people who aren't on their local comm system -- state and national HAZMAT contacts, the shipper of the hazardous material, etc.
Since the features are managed in the network, not the cellphone, the risk of hacking is fairly low, and telephone companies already watch the basket of eggs carefully to minimize theft-of-service.
While Verizon's press release makes it look like they are doing something wonderful, there is a federal mandate for WPS. They aren't even an early implementer of the system. Turning it into a broader sellable feature would be difficult, and in the cases where WPS is meant to be used, might not even work since those calls would still have lower priority than the WPS calls.
Blocking calls to responders' homes would be counterproductive -- knowing that your loved ones are safe means that you can concentrate on the problem at hand. Even in formal medical triage situations, special consideration for family and friends involved in the incident is designed into the process -- it doesn't help to have a responder distracted by conflicting values.
There are costs to the system WPS (the cellphone bit) has setup, monthly, and usage chages. GETS (which give you priority throught the telephone network) has usage charges.
@ Andrew, Todd, John
re: emergency network overload
Sure, this can happen, and does. But the right way to solve this problem is not to failover to the public cellular network, but to build the emergency responder network correctly in the first place (here's an actual good use of DHS funds, yes?) Build one that works across state agencies and borders. Solve the inter-agency communications problem by designing an emergency network. Non-queued (ie, radio) communications, queued communications, email, instant messaging, all of this can be carried on some licensed and reserved part(s) of the RF band, cutting down on interference. One device can do it all.
If you're in the business of emergency response, by definition your communications network should be able to handle disaster scenarios. If you're failing over to the public telecommunications network, you now have two sets of emergency responders communicating on two different networks, which must make it difficult to coordinate properly. I can't imagine that the dispatch staff can deal well with phone calls and radio messages simultaneously.
Note -> I have no objection, per se, to establishing this sort of "solution" as a temporal band-aid. But really, adding a network is a bad idea.
> Off-duty firefighters, EMTs, utility workers don't usually carry their radios.
Off duty cops used to have to carry their identification and firearm (I'm assuming this is still the case, although it may not be). Off duty EMTs (at least all the ones I know) usually have a decent first aid kit in their trunk - they see enough accidents to get paranoid about that sort of thing. Off duty doctors usually have to carry a pager. Why not have a communications device required?
Already exists, no problems, not really a story. Telephone Preference (before the phrase was transferred to a scheme to get rid of nuisance callers) in the UK PSTN allowed for the government to deprovision between 1% and 10% of calls in order to prioritise official traffic.
@Ralph: no, the control channel can't be prioritised - the SS7 signalling already is superpriority.
> ...the right way to solve this problem is not to failover to the public
> cellular network, but to build the emergency responder network
> correctly in the first place (here's an actual good use of DHS funds, yes?)
Why is building a duplicate infrastructure the right thing? If this system even works a little, it's a great improvement over what we currently have. Also, if you build a duplicate system, do you then make all first responders carry a second voice communications device all the time? THe beauty of this is that it works with people's existing cellphones, which are ubiquitous.
A friend of mine who works in disaster relied was giving a talk in NYC when the big blackout happened a few years ago. Everyone there (all senior people at disaster relief organizations) reached for their cellphones. Wouldn't it be cool if all their phones just worked?
This seems like a really good idea to me. I'd have three tiers - emergency personnel, then people like the ones I mentioned above who are better placed to do something useful than the average Joe, then the unwashed masses. If even 90% of the regular folks didn't hack into the system (and I suspect that the actual number would be more than 99%), then their 1 and tier 2 would have full access to the cellphone network in an emergency.
> Why is building a duplicate infrastructure the right thing?
You're not building a duplicate infrastructure. Cell phone communications infrastructure was/is built by for profit companies to provide for-charge service to commercial and residential grade customers. Emergency response shouldn't rely upon this network -> it's designed from the ground up for a different use case.
> If this system even works a little, it's a great improvement over
> what we currently have.
Absolutely agree. But this is a stop-gap measure (IMO). Long term plans should be to move emergency response into its own ubiquitous communications network, hardened to work in disaster conditions.
> Do you then make all first responders carry a second voice communications device all the time?
Tangent -> You're presupposing the device is just voice. Maybe it's voice/data/video. There are lots of different ways to communicate.
But to answer your question, absolutely. Cell phones aren't waterproof, are susceptible to rf interference from other devices on the same frequency (and cell phones are *popular*), don't handle shock well, etc. Why is access to a particular communications device a burden? Most emergency responders need access to some level of equipment to actually *be* an effective emergency responder (first aid kit, AED, firefighting equipment, firearms, riot gear, whatever). They already carry a communications device for this purpose. Why not make the communications device more robust and feature-full and make the back end network more reliable?
Hell, if two devices is such a burdent, there is no reason you can't make the ER comm device SIM card aware and let emergency responders ALSO use the device as their cell phone (then they don't have to carry two pieces of gear).
> Wouldn't it be cool if all their phones just worked [during a blackout]
Sure, that would be cool. But optimally their communications network would work in lots of scenarios that cell phones don't need to operate.
> I'd have three tiers
And how do you manage this, from an access standpoint? How does someone qualify as being "not-unwashed"? Are they tested somehow? Certified? Who maintains all that information?
Moving emergency response to its own network eliminates a lot of these problems. Some HAM radio operator wants to be a volunteer? They're now opt-in to the new network, that's easy enough to arrange.
The government does fund communications programs for disaster response other than these. Statewide interoperable radio systems for fire/police for example. The cost of building what would be essensially an independent cellphone system would be prohibitive, especially when you can piggyback on the existing infrastructure for cheap. EMTs in smaller communities do have radios with them, because they may be responding directly from home or their "day job", but the cost of radios for everyone is way too high, and then you have to get the people to carry them (in addition to the cell phone). Alot of the people you need in certain disasters are not normally emergency responders, and can't be expected to carry gear just in case (think linemen, excavation equipment operators, tree surgeons).
We do have multiple other methods of communication that we can use if needs be. Ham radio operators frequently behave wonderfully in big events (for 9-11 they were a large part of the communications solution since NYC lost a lot of its responder radio systems in the attack). These guys show up with their own gear, and impressive skills for getting messages through -- they understand propagation and interference issues as well as appropriate radio protocols for passing message traffic -- locally and cross country.
There are satellite phones spread around (the Iridium system was saved because of its mililtary and disaster usefullness) and satellite data connections that can be deployed pretty quickly. The military has comm systems that can be deployed for disaster response as well.
While access to WPS is more restrictive than GETS, both of these can and are used by qualified workers for NGOs and utilities and even some private companies (industrial HAZMAT workers, wildfire support companies).
A similar prioritization feature has been available for many years on PBX systems sold to US Gov't customers (it is a required feature) and is used, say at military installations. It guarantees dial tone to an outbound trunk when a base commander (or other suitably configured phone number at the PBX) picks up their desk set phone. If all trunks are in use, someone gets dropped. I do not believe it does anything regarding inbound call completion.
Presumably, there are not a whole lot of phone numbers configured to use this feature (or else its value is diminished).
At the PBX level, it cannot guarantee anything more then an outbound trunk; i.e., it cannot guarantee call completion over the SP network.
> The cost of building [snip] would be prohibitive.
Not necessarily. It certainly wouldn't be cheap, but the Internet is full of stories regarding odd grant awards from DHS, and this seems to be something that would have tangible long term benefits.
Remember that you don't have to provide coverage for every citizen. There's a big difference between the coverage requirements for cellular towers (density per sq. mile) and something like this.
> Alot of the people you need in certain disasters are not normally emergency
> responders, and can't be expected to carry gear just in case
Absolutely. But if you have the same equipment standard nationwide, it's easy to have deployable reserves for user equipment. Need to include a couple hundred construction workers? Pass out the devices (they're not properly first responders, they're early responders in this case). Wildfires in California and Arizona? South Dakota can ship their 100 spares south. Blizzard in New York? California can ship its thousand spares back east. Hurricane in Fl? (you get the idea).
Moreover, if you're clever about how you design the backend, you can build in modularity. You could build an entire network on 802.16 or 802.20 standards (for example), using a licensed band and have actual "ready to roll out" emergency mesh networks to provide coverage in the event a substantial portion of the network goes down due to disaster. There could be established standards for integration into existing city infrastructure networks for backhaul in the event of emergency.
> We do have multiple other methods of communication that we can use if needs be.
I agree here too, and those resources should never be overlooked... but each communications network that you add to the disaster response scenario is going to add overall complexity. There will be inter-network bottlenecks and dropped information. Coordination of emergency response is something that needs to be handled efficiently.
There are national standards for interoperability in the process of being implemented, but radio frequency coordination is one of the harder pieces because of how public service allocations were handed out and implemented. A large part of the NIMS (National Incident Management System) is about standardizing and cataloging resources. Your suggestion of a field deployable mesh network sounds interesting, but you'd probably need to do a proof of concept before applying for a grant. Two days out isn't where the bottleneck usually is, the problem is in the first hours and out-of-area resources don't get to come into play much. In two days, cellphone infrastructure is coming back online, the hams have arrived and are running managed and tracked message systems NTS (the National Traffic System) has been around forever, and is still quite useful for getting logged and tracked messages around, formal traffic "nets" on ham and public service radio frequencies are up and running from very early on to handle tactical traffic.
New devices means training people when you really need them doing other things. The cost for an ubiquitous new system would still be very high. But new things are tried and implemented all the time. The Red Cross had a single relay station in the basement in Washington handling relay traffic and emergencies from several radio sites on the LA coastline after Katrina.
But right now, nearly everybody is already carrying a cellphone.
I think some are missing the point of what the system really is about. ACCOLC requires modification to your cellphone, also the SIM is being replaced with one that can get priority access_only_in case of emergency, and then has to be activated by the police. Otherwise the system is dormant and_cannot_be used. The system can only be accessed in a determent "hotspot" where a major accident is taking place. If you walk out of it, ACCOLC will not be accessable anymore and your cal will we routed like a normal call. So useless thing for anyone, except those who need it.
I see no reason why they would hack it. I think tapping ATM's would be more worthy.
"Zapping the phone system there was afterwards deemed to have been a bad idea."
Key response staff I've spoken to would strongly agree with you. But there were other unforeseen problems with 'mobes' which limited their usefulness in a large emergency.
The noise from police helicopters and vehicle sirens drove callers indoors to use land lines and also badly hindered roll calls. Switching the prole's mobile phones off then meant that key staff wasted time trying to check up on their employees and created a lot of unnecessary anxiety. In other circumstances it may have actually jeopardised lives.
Its a testimony to the thorough plans and practice that these were incidental to the recovery plans and that London's prime asset, its trading, was uninterrupted in spite of the closure of most of London's infrastructure that day.
If "cellular is now considered critical infrastructure," why aren't cell sites required to have backup power supplies as landline exchanges are? My cellular always goes out when the power does (and I'd be very surprised if California's greyouts are permanently over -- we need massive construction of new generators, which simply hasn't happened yet).
An awful lot of heat for a really simple system...
All phones are programmed with a value. If the value is not sufficiently high, the phone doesn't get access to the network. Check the Motorola Bible or Phrack for historical information on Analog phones. The actual levels had "standard" recommendations, but different carriers followed them to different degrees.Verizon is simply agreeing to provision some phones with a higher number.
On a daily basis, it won't matter if you "Hack" the phone. It might get you into a non-optimized site, or force you on to a test system, so it might actually hurt your wireless experience.
There's other reasons why cutting off access to family members for priority callers is a bad idea. Here's just a few situations where someone would make a non-personal call home:
1) More than one first responders live in the same household.
2) A first responder needs a family member to look up a phone number in the home office.
3) The first responder has some necessary equipment at home that needs to be prepared for quick pickup.
These do not seem like they would be terribly unusual situations.
First responders getting special treatment from cell phone providers is nothing new, but it's definitely not a bad idea. Police, firefighters, and ambulance get special cell phone packages that include phones in bulk with special technology that allows them to access GSM, digital, and analog services from the same phone. Their large contracts earn them boost-tech car chargers that charge phones in fifteen minutes. The technology has been available for the last couple of years, but is so far only being marketed to commercial and international users. But, when you're buying five hundred to a thousand phones, as is the case with many precints--or taking on the largest communication contracts in history, as has been the case with the Federal Emergency Management Agency--over the last eighteen months--they can afford to share their best technology, as a means of ensuring these lucrative contracts continue to re-emerge. Giving them priority access to the network is the latest in a long list of benefits to these multi-million dollar customers--although I hear emergency responders can't get detailed monthly billing--since they pay in three month increments at a flat fee.
-Mason Hodges, Cellular Solutions, Inc.
I can not confirm but I have heard from reliably sources that all the major providers not only give priority for first responders(as they should.) But that it is common practice to set priority levels for all customers for thimes of network congestion. If you live in a major city and it seems that you are constanly not get through or having dropped calls it may not be your phone or the network. It may be that you have a low priority level. Large corporate accounts are gennerally given prioty above consumer accounts. High volumn callers are all give priority for retention reasons. I had both a verizon prepaid and a contract account for years. I used several different phone on these two accounts The contract account always had fewer dropped calls and more consistant call completion on first try. I believe this phone had a higher priority. If anyone out there thinks the providors will admit this practice. It will not happen. This sort of information is kept top secret.
p.s. repeated number portabilty and provider changes will not help out. Putting your contract in a company name will. If you are a high volume caller and spend on things like 411 and other added charge features this may get you higher priority over time.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.