Tech Insight : ISDN To be Switched Of

With BT Openreach officially setting the timeframe for switching off PSTN/ISDN, we look at what this means for businesses.

ISDN an PSTN

Integrated Services Digital Network (ISDN), which really came into being in the 1990s, is a set of communication standards that are used for simultaneous digital transmission of voice, video, data, and other network services over the digitised circuits of the Public Switched Telephone Network (PSTN). The PSTN is a broad term for the world’s collection of interconnected, circuit-switched, voice-oriented, public telephone networks that (whether operated by national, regional, or local telephony operators) make up the infrastructure and services for public telecommunication.

Originally, ISDN offered the chance for digital services to operate through the same copper wire as the normal telephone system.  It became popular with businesses because it offered a faster Internet connection than dial-up. Fast-forwarding through different attempts to upgrade includes B-ISDN, transmitting data over fibre optic cable, and ISDN BRI (improving voice services), and the building of modern internet protocol (IP) based networks which can support both broadband and landline telephone services, and ISDN now seems to be only of real use for internet access in areas which haven’t yet been reached by broadband.

Also, as noted by Ofcom, the old PSTN is reaching the end of its life and is becoming increasingly difficult and costly to maintain, which is another reason why a switch-over to a better alternative is necessary.

What’s Happening With the Switch-Off?

BT Openreach have announced that starting from the end of this year and finishing in 2025, it will be “switching off the UK telephone network as we know it” by moving 15 million lines to a VoIP (Voice over Internet Protocol) based replacement telephone service. In essence, this means that the Internet (broadband) will be used to carry telephone calls rather than traditional copper wires.  Since ISDN used the copper wire phone network, this change marks the ISDN switch-off.

The Alternatives

With the now inevitable switch-off of ISDN, the main alternatives for businesses are:

– SIP, which uses virtual, cloud-based phone lines rather than physical lines. This may be more suitable for businesses with an on-premise phone system. Many existing phone systems are already compatible with SIP.

– Hosted VoIP/ a Hosted IP phone system may suit businesses that don’t want to commit or retain an on-premise phone system.  As this option uses the business’s internet lines, it essentially means that the business rents a phone system.

What Are The Advantages?

Broadly speaking, the switch to VoIP should bring many advantages, such as:

– A greater breadth of capabilities.

– Cost savings and fewer system failures and outages.

– Scalability and portability (VoIP phone systems can go wherever the company goes).

– Greater communications mobility, flexibility, and increased productivity and collaboration. The importance of this has been particularly well-illustrated with the need to use remote, cloud-based communications and collaborative working platforms during the pandemic.

– Better security that’s continuously updated.

– Greater reliability.

– Improved customer experiences.

– Clearer calls, making it easier to keep existing numbers, and the choice to have broadband provided separately from the telephone service.

– Better identification and prevention of nuisance calls, thereby saving businesses time and money and potentially protecting against scammers.

What Are The Disadvantages?

Some disadvantages of switching to VoIP could be:

– Potential problems with latency.

– Vulnerability to phone systems going down if there’s a broadband outage or if the electricity supply is interrupted.

Possible Impact Downstream

Both Ofcom and Openreach have acknowledged that the area of concern, if preparations are not made sufficiently in advance of the switch-over, is downstream services such as security and fire alarms, telecare devices, retail payment terminals, and equipment for monitoring and controlling networks.  These rely on some attributes of the PSTN that may not be fully replicated in VoIP-based platforms, hence the importance of adequate preparation.  This will require service providers to test their equipment to see if it will continue to function over IP and then replace, upgrade, or reconfigure it as appropriate. These service provider businesses will also need to ensure that customers (from residential users to large commercial and public sector entities) are made aware of the issue well in advance so that necessary steps can be taken to maintain service(s).

Ofcom has stated that the government will work with the sectors that use these downstream services (e.g. health, energy, transport, and business) so that they are aware of the change and can prepare in time.

What Does This Mean For Your Business?

Although the move is industry-led, there is little doubt that analogue and old, expensive to maintain copper wire phone systems will not be able to provide the scope, flexibility, speed, capacity, and economies of the digital alternative as businesses now rely heavily on the Internet. The switch-over will be spread over four years. Provided that there is adequate information and support given by the regulator and BT Openreach, and coordination among communications service providers (CSPs), and adequate advice and help for downstream providers, then change should be manageable, and disruption should be minimised.

Particular attention clearly needs to be paid to those sectors and organisations (many of which are vital to UK business and infrastructure) that still rely on some attributes of the PSTN that may not yet look as though they can be fully replicated in VoIP-based platforms. With this already being acknowledged and working groups already planned to tackle the issue, a smooth transition looks more likely.

The pandemic has increased the digital transformation of many businesses and the advantages of the switch to VoIP and digital appear to be in-keeping with this, and look likely to benefit businesses going forward. 

More information about the switch and what to do about the migration can be found here: https://www.bttcomms.com/phasing-out-and-switch-off-of-isdn/.  Also, Ofcom provides some useful information about its plans for the switch-over here: https://www.ofcom.org.uk/__data/assets/pdf_file/0032/137966/future-fixed-telephone-services.pdf.

Featured Article – How To Browse Privately

This article takes a brief look at what private browsing actually means with popular browsers and software, and how genuinely private browsing could be achieved.

Why Browse Privately?

Over 80 percent of websites use one or more tracking tools (Epic) and reasons for private browsing may be to avoid having your browsing history recorded, perhaps being on a shared or public computer (to avoid being tracked by your browser), or to avoid downloading cookies (to avoid being tracked by websites), or to be able to sign into multiple accounts simultaneously.

Tracking

The different ways that you can be tracked include:

– IP address. This string of numbers, set by the ISP, is a way for each computer using the Internet Protocol to communicate over a network. The IP address is necessary for accessing the Internet so that web servers know where to send the information that’s being requested.

– Cookies. These are text files loaded into a folder on the user’s web browser by the sites they visit. Cookies record details such as users’ preferences, and the last time they visited the website. Session cookies are used when a person is actively navigating a website but tracking cookies can be used to create long-term records of multiple visits to the same site. From the user point of view, cookies can serve a useful purpose (e.g. for logins) or can be used for targeted advertising.  Google recently announced an end to its third-party (tracking) cookies within 2 years for its Chrome browser following similar, earlier announcements by Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.

– Signed-in accounts. The accounts a user is signed-in to (e.g. Google or Facebook) can also track what a user has viewed, liked and more.

– Agent strings. When a user sends a request to a webserver to view a website, the request comes with information about the user attached to the User-Agent HTTP header.  This ‘agent string’ contains information such as the browser (type and version) and operating system being used.

Browsers – Private Browsing / Incognito Mode

Different browsers have different names for private browsing mode, e.g. InPrivate browsing (Edge), ‘Private’ for Firefox (Mozilla) and Safari, and Incognito for Google Chrome. 

Switching to this browser mode loads a news private window. This means that the new window is not signed to any accounts so can’t be tracked by them, cookies are not used, and any browsing is not added to the browser history. In this mode, however, the user’s IP address can still be tracked.

Do Not Track

‘Do Not Track’ (DNT) is a web browser setting that requests/asks that a web application to disable its tracking of an individual user. For example, switching the ‘do no’ track’ setting sends a signal to websites, analytics companies, ad networks, plug-in providers, and other services a user encounters while browsing.  However, due to a lack of consensus (or enforcement) most sites still track users despite the request not to.

Extensions For Browsers

Another option for users to try and maintain private browsing is to use an additional private browsing extension/add-on.  Examples include:

– Privacy Badger. This is a free extension that gradually learns to block invisible trackers.

– Ghostery. This is a free, open-source privacy and security-related browser extension and mobile browser app that blocks ads and stops trackers.

– Cookie AutoDelete.  This is an extension for erasing cookies for a browser tab when it closes.

– HTTPS Everywhere.  This free, open-source browser extension automatically switches thousands of sites from “http” to secure “https” thereby protecting the user from many different types of tracking/surveillance and account hijacking.

Whole Private Browsers/Search Engines

Users can opt for a whole browser that’s designed to be private, anonymous and to guard against tracking. Popular examples include:

– DuckDuckGo. This search engine, which is also available as a Chrome extension, doesn’t save the user’s browser history, forces sites to use encrypted connections, blocks cookies and trackers, and stops a user’s searches being sold to third parties for profiling and advertising.

– Epic Privacy Browser.  This is a secure web browser that blocks ads, trackers, fingerprinting, crypto mining, ultrasound, signalling, and offers free VPN (servers in 8 countries).

– Tor.  This browser uses a distributed network (randomly selected nodes) to anonymise the user’s IP address. Tor also encrypts traffic.  This makes it incredibly difficult for a user’s web traffic to be traced and very difficult for users to be tracked unless they reveal their IP address by enabling some browser plugins, downloading torrents, or opening documents downloaded using Tor.

– Brave. This is a free, open-source web browser, based on Chromium that blocks ads and trackers and allows users to use a Tor in a tab to hide history, and mask location from the sites a user visits by routing a user’s browsing through several servers before it reaches its destination.

VPNs

Many users now opt for a virtual private network (VPN) to allow them to make a secure connection to another network over the Internet, encrypt traffic, and hide their IP address. Since a VPN routes a user’s internet through another computer, where many other users of the VPN are using the same IP address, tracking is made very difficult. VPNs, however, don’t protect a user from being tracked, from cookies, from user-agent strings, or through the accounts they’re logged in to (e.g. Google), or from any VPN’s that keep logs of user activity and could sell those logs to third parties. Also, some services discourage the use of a certain VPN, and VPNs can slow down the user’s Internet connection dues to the re-routing and encrypting through the VPN server.

What Does This Mean For Your Business?

What this all means depends upon what level of privacy, for what purpose, and when users require it.  For most daily use, Private/Incognito browsing functions provide a fast way to access a reasonable amount of protection from normal tracking. Additional extensions /add-ons may add a convenient route to greater privacy. For times when users may feel that more security is needed, they may decide to opt for a VPN or for a more complete private browsing solution such as the Tor browser. It may also be the case that some business users, as a matter of preference and security, may choose to only use the private services (e.g. DuckDuckGo, Brave, or Tor), thereby always working with a privacy level that they feel comfortable with.  For many businesses, it’s more likely to be a case of a combination of privacy solutions used as and when required in a way that is compatible with daily working practices, authorised, approved, and recommended by the company and other relevant stakeholders. With popular browsers now stopping tracking cookies and news that the next Apple iPhone software update, iOS 14.5 will include an AppTrackingTransparency requirement where whereby all apps will need to request permission to track a user’s activities across other companies’ apps, pressure is now mounting on advertisers to come up with other ways to track and target users and maintain revenue streams.

Tech News : EU To Ban “Unacceptable” Use of AI

Following last week’s leak of proposed new rules about the use of AI systems, The European Commission looks likely to ban some “unacceptable” usage of AI in Europe.

The Leak and the Letter

This latest announcement that the European Commission aims to ban “AI systems considered a clear threat to the safety, livelihoods and rights of people” (and thereby “unacceptable”) follows the ‘leak’ last week of the proposed new rules to govern the use of AI (particularly for biometric surveillance) and a letter for 40 MEPs calling for a ban on the use of facial recognition and other types of biometric surveillance in public places.

Latest

This latest round of announcements about the proposed new AI rules by the EC highlights how the rules will follow a risk-based approach, will apply across all EU Member States, and are based on a future-proof definition of AI.

Risk-Based

The European Commission’s new rules will class “unacceptable” risk as “AI systems considered a clear threat to the safety, livelihoods and rights of people”. Examples of unacceptable risks include “AI systems or applications that manipulate human behaviour to circumvent users’ free will (e.g. toys using voice assistance encouraging dangerous behaviour of minors) and systems that allow ‘social scoring’ by governments.”

High Risk – Remote Biometric Identification Systems

According to the new proposed rules, high-risk AI systems include law enforcement, critical infrastructures and migration, asylum, and border control management.  The EC says that these (and other high-risk AI systems) will be subject to strict obligations, especially “all remote biometric identification systems” which will only have “narrow exceptions” including searching for a missing child, preventing an imminent terrorist threat, or finding and identifying a perpetrator or suspect of a serious criminal offence.

Other Risk Categories

The other risk categories for citizens covered in the proposed new EC AI rules include limited risk (chatbots), and minimal risk (AI-enabled video games or spam filters).

Governance

Supervision of the new rules looks likely to be the responsibility of whichever market surveillance authority each nation sees as competent enough, and a European Artificial Intelligence Board will be set up to facilitate their implementation and drive the development of standards for AI.

It is understood that the rules will apply both inside and outside the EU if an AI system is available in the EU or if its use affects people who are located in the EU.

What Does This Mean For Your Business?

AI is now being incorporated in so many systems and services across Europe that there is clearly a need for rules and legislation to keep up with technology rollout to protect citizens from its risks and threats. Mass, public biometric surveillance such as facial recognition systems is an obvious area of concern, as highlighted by its monitoring by privacy groups (e.g. Big Brother Watch) and by the recent letter calling for a ban by 40 MEPs. These proposed new rules, however, are designed to cover the many different uses of AI including low and minimal risk uses with the stated intention of making Europe a “global hub for trustworthy Artificial Intelligence (AI)”. If the rules can be enforced successfully, this will not only provide some protection for citizens but will also help businesses and their customers by providing guidance to ensure that any AI-based systems are used in a responsible and compliant way.

Tech News : MI5 ‘Think before You Link’ Campaign Warning To Staff

MI5 is using a ‘Think before You Link’ campaign to warn its workers about the growing threat of being targeted for information by actors for hostile states using fake profiles on platforms such as LinkedIn.

Think before You Link

It has been reported that MI5 believes that more than 10,000 British nationals have been targeted online in the past five years by hostile states.  With this in mind, the UK’s Centre for the Protection of National Infrastructure (CPNI), an offshoot of MI5, has launched a ‘Think before You Link’ campaign. The idea of the campaign is to provide practical advice on how to identify, respond to, and minimise the risk of being targeted by criminals and hostile actors who may act anonymously or dishonestly online in an attempt to connect with people who have access to valuable and sensitive information.  

LinkedIn?

Although LinkedIn has not been explicitly named as a platform that is being used/could be used, LinkedIn has said in a statement published on its news page that “We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom”. The statement goes on to say that “We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors in order to protect our members” highlighting how it has a “Threat Intelligence team” to remove fake accounts.

Who?

The campaign is aimed at those who “Identify as an employee or member of HMG or Civil Service” or “Identify as working in the private sector or academia with access to classified or commercially sensitive technology or research”.  These could include (among others) retired civil servants with access to technology relating to defence/defence equipment.

What?

CPNI (MI5) suggests that once links are made online with fake profiles (e.g. with LinkedIn), social manipulation could occur as business proposals/propositions could be made that require information to be given that could be of use to criminal actors/hostile states. For example, this could take the form of an invitation (paid) to speak at a conference/event as an expert, which could involve linking online with relevant people, submitting a CV and background information. This could also lead to bribery or blackmail.

Damage

According to CPNI, the risk of engaging with such profiles is ‘damage’ to individual careers, damage to the interests of the person’s organisation, and damage to the interests of UK national security and prosperity. This appears to be a way of warning those with national security-related work roles not to unwittingly put themselves in a position where they may give away secrets of valuable (to other states) information online.

Campaign Materials

The ‘Think before You Link’ campaign is using guidance for staff and organisations, flyers, poster sets, and videos to explain and illustrate the risks and what to do to minimise them.

What Does This Mean For Your Business?

With current difficult relations between the UK, the U.S. (and all the Five Eyes) and what are now seen as hostile or potentially hostile states (e.g. Russia and China), trade wars (US and China), cyberattacks on state agencies and big businesses as well as to get vaccine secrets, online interference in elections, and chemical weapon usage (poisonings) have all contributed to the apparent need to warn of approaches by hostile actors via social media. Remote working and physical separation during the pandemic have also made the need for this warning more urgent as the numbers of targeted social manipulation attempts have grown over the last year. Businesses with access to classified or commercially sensitive technology or research, or who have working relationships with academia, or with experts in certain fields (e.g. defence), may need to be particularly cautious when it comes to approaches by new or little-known friends and connections on social media.

Tech Tip – Receive Only Your Important Notifications in Outlook

If you would like to save time by configuring Outlook to only send you alerts when important emails arrive, here’s how:

This involves setting up custom alert rules for specific people whose emails are particularly important to you e.g., the boss and other colleagues. To set up a custom alerting rule for a specific person:

– Open Outlook, find an email from someone for whom you want an alert.

– Right-click the email (or go to the Home tab of the ribbon at the top).

– Select Rules > Create Rule.

– Switch on the checkbox by the sender’s name.

– Choose “Display In The New Item Alert Window” and/or “Play A Selected Sound”.

– Choose the sound file to play for the alert. You can use the play button in the “Create Rule” window to hear the sound before making your choice.

– Click ‘OK’ to set the rule.

– Repeat the process for the other contacts you would like to receive alerts for.

To set up a custom rule for a whole domain:

– In the Home tab, click on Rules > Manage Rules & Alerts.

– Click “New Rule.”

– Select “Apply Rule On Messages I Receive” and click the “Next” button.

– Scroll down and select “With Specific Words In The Sender’s Address”.

– Click the underlined “Specific Words” (bottom panel).

– Add the domain you need to receive alerts for (@therequireddomain.co.uk) and click OK. The domain will replace “Specific Words”. Then click “Next”.

– Choose whether you require a sound played, an alert displayed, or both, and then click “Finish.”

– In “Rules and Alerts”, click “Apply” to turn on the rule.