May 31, 2011

What Your Wireless Carrier Knows About You


Operators can tell a lot about the devices, apps, and content you use. But they're far more interested in macro-level trends that show shifts in overall usage patterns as mobile broadband use continues to increase.


Like a lot of cell phone users, you may be wondering just what your wireless company knows about you. Can it see what kinds of apps you’re running on your phone and where you go online while you’re out and about? Can it tell what types of phones and tablets are connected to their networks, and how much data they consume? The answer to these questions is “yes.”
As mobile data usage has skyrocketed, wireless operators have built even more intelligence into their networks to help them can allocate network resources properly. For instance, if you download or upload moderate-size files from the Internet, your provider might label your task “low priority” and allocate more available bandwidth to the person across the street who is running a highly time-sensitive app like video chat.
In general terms, wireless operators capture three main kinds of information: information about the devices connected to the network, metadata about the packets of data that run through the network, and information about the content contained in the packets being downloaded or uploaded by the subscriber.
For the most part, the carrier sees this information in an aggregated form that is not directly associated with individual users. Operators spend most of their time looking at large trends in the usage patterns of large groups of users.


Hardware Connected to the Network

The network engineers who work in the network control centers in any cellular market have a surprisingly granular view of their networks in real time. If they wanted to, these engineers could detect a single device entering a specific cell and identify the type of device it is, its operating system (if it’s a smartphone, a tablet, or a laptop USB modem), its IP address, its bandwidth consumption, and even the apps it is running.
Wireless operators need to know about the devices on their network so that they can make assumptions about the sorts of content their customers are using and the amount of bandwidth they’ll need. For example, if the carrier knows that the smartphones it has detected typically have large screens, it can conclude that those devices will probably be consuming a relatively large amount of streaming video content, which requires a lot of bandwidth.
Similarly, carriers can detect smaller, less expensive phones that don’t run a real OS but do sport a full keyboard. The operator can deduce that these devices are specialized for social networking, which doesn't demand a lot of bandwidth but does require a lot of signaling in the network. The updates and uploads that originate from these phones may be just a few kilobytes in size, but they are likely to be numerous, and each one requires a number of “signals” to route them through the network correctly.
To manage the radios that sit on the cell towers throughout their markets, wireless operators rely on a special set of software tools and hardware boxes. They use the equipment (which Alcatel, among others, sells) to tune the radios and their antennas to provide the best connectivity possible to the majority of devices served in the cell.
The boxes, which live at the edges of the network, gauge the right direction to point the radio antennas in and the appropriate amount of power to supply to the signals they send out. To do this well, the equipment must be able to tell what devices are connecting to a radio in a cell, and how far from the radio the mobile devices in the cell are connecting.
McDonald stresses that mobile operators don’t use network intelligence equipment to determine various devices’ physical locations on a map. Instead, they focus on the position of mobile devices relative to the cell tower.

'Metadata' About Data Packets

To go one level deeper than the device level, wireless operators use network intelligence technology, such as Alcatel’s Wireless Network Guardian or Sandvine’s Network Analytics, to learn about the packets of data that mobile devices send and receive from the network.
Every data packet that flows through the network includes a “header” filled with ‘metadata’ about the packet. This ‘metadata’ includes details such as the origin and destination of the packet, the protocol (IP) used by the packet, whether or not the packet contains data from a real-time service like VoIP, and the amount of data in the packet. The header gives the operator a rough idea of what the content is for, without disclosing any actual details of the content itself.
The wireless operator can use this header data to help it tailor its service to suit the needs of various users. For instance, after detecting that a packet flow is a real-time app like VoIP, the operator might give priority to delivering those packets over delivering other, less time-sensitive packets in the network. Meanwhile, the operator might assign a lower priority to packets containing data from an MP3 file being uploaded to a server. The subscriber might be doing this in the background and consequently not be especially concerned about the speed of the upload.
Network intelligence data may also enable operators to identify specific cells in which extremely bandwidth-hungry applications are heavily used. For instance, if mobile video-chat becomes popular in the downtown area during business hours, the operator might increase the bandwidth available to the cell responsible for that area during that time period.
Wireless services also need to be able to detect high-demand ad hoc events, such as major sporting contests, that can put lots of stress on a certain cell in the network. The carriers know that there will be games at Yankee Stadium three times a week during baseball season, so they must take steps to ensure that all of the Yankee fans in attendance have data service and voice service (so they can call their friends in Boston and rub it in if they win).
Using network intelligence software, the operator can collect a lot of information about the cellular data needs of the fans at these games. It can detect how many are using smartphones, how many are streaming video of other major league baseball games, how many are using social networking apps, and how many are just placing voice calls.
Based on this information, the operator can tune its network in the area to accommodate the various user types in attendance. Since operators sometimes don’t use all of the wireless spectrum they own, they might divert some into service at the stadium to accommodate the larger-than-usual concentration of subscribers. They can move amplifiers or other infrastructure equipment into the cell, increase the density of cellular radios in the area, and create Wi-Fi hotspots in and around the stadium to offload some of the data traffic from the cellular network. Perhaps most importantly, they can better prioritize their handling of the various types of data requests coming from users in the stadium, to ensure that network resources are used in the best way possible.
Wireless services also use network intelligence software to help measure the broadband usage of subscribers who have metered data plans. The software informs the carrier’s billing system whenever a user goes over the allowable usage limit, triggering a schedule of overage charges.
Deep Packet Inspection
Illustration: Jeffrey Pelo
Deep Packet Inspection (DPI) software lets the operator identify the Websites that users are visiting and the Web services that they’re using. The software--or “middleware,” as it’s called--captures a few packets of data flowing to or from a device on the network, and then quickly analyses the details of the content contained in the packet. This content, called the “payload,” could be anything from inbound or outbound Skype videoconferencing data to an OnLive cloud gaming session to a Facebook update.
The carrier can use DPI intelligence to confirm delivery of a guaranteed quality-of-service level for a specific app, such as corporate-level videoconferencing. In this case the software identifies the packets coming from the app, and monitors the amount of time during a given interval that the network cannot convey all of the packets at the promised speed. If there is too much of this “down time,” the operator may compensate the customer in some predetermined way.
DPI intelligence can also help the carrier identify revenue opportunities in a given market. Dave Caputo, CEO of network intelligence software makerSandvine, gives the example of an operator in Latin America that used DPI data to discover that many of its subscribers were spending a lot of time onFacebook; in fact, they were using it more than they used YouTube (by bandwidth). The operator also learned that the subscribers were willing to pay for a higher-priced data plan if the service could guarantee them unlimited use of the Facebook service every month.
Caputo says that this situation is a win-win for the operator and the subscriber: The operator makes more money per subscriber, while the subscriber enjoys the certainty of not incurring overage charges. Alcatel-Lucent’s McDonald likens such a plan to a phone company plan that provides for unlimited night or weekend minutes.
On the dark side, carriers may use DPI software for "lawful interception"--that is, to capture data for law enforcement from the data streams of "persons of interest." Darker still, critics have cited DPI as a tool that operators may use to detect and then then inhibit or block certain kinds of content--a violation of the principals of network neutrality.

Large Trends, Not Single Users

Clearly wireless operators have a lot of visibility into their networks and into the devices connected to them. But Andrew McDonald, Alcatel-Lucent’s vice president of network and service management product unit, stresses that wireless carriers are far more interested in the habits of large groups of users than in those of single users. “Carriers need to understand the traffic load on all parts of the network now and in the future,” he says. “They are looking to see if something is changing in a bad way; they are looking for trends.”
Specifically, operators are concerned about correcting or preventing bandwidth shortfalls and about forecasting the amount of bandwidth that various parts of the network will need in the future, McDonald explains. McDonald says that mobile operators are not so much using network intelligence data to optimize networks around today’s usage patterns as using it to predict large shifts in bandwidth usage habits over time.
He gives the example of what mobile carriers used to call “the busy hour.” This was a high-usage time of day when people were heading home from downtown to the suburbs. It was a time of heavy traffic and also a time when users were passing from one cell to the next as they traveled homeward.
But usage patterns changed, and the so-called busy hour became much less pronounced as people began using their smartphones and apps throughout the workday, and from lots of different locations--including at home, where more and more people now spend their workdays.

TMI

Sandvine’s Caputo and Alcatel-Lucent’s McDonald agree that wireless carriers are acutely aware of the fact that too much information (TMI) can be a problem when it comes to detecting activity in the network. Carriers know that a subscriber may deem their monitoring of a single device and its browsing habits as an invasion of privacy. They also realize that you can’t learn much about usage demand by watching just one user.
Of course, there are exceptions to the rule. For billing or security reasons, carriers may associate the device with its owner through something called “IP to subscriber mapping.” This involves mapping the IP address of a device to the subscriber account that it’s registered under. Doing so can be necessary if, for instance, a connected device becomes infected with a virus and begins to abuse network resources so heavily that it begins to compromise other users' network performance. In that case, network engineers may detect the device running the bad app and either suspend or limit its access to the network until the device is fixed or the offending app terminated.
The operator can easily detect such problems at the level of a device, but isolating problems at the app level is a little more difficult, though still possible, McDonald says. He adds that carriers have detected apps from every major mobile OS that have abused network resources, and says that wireless carriers have been very active in minimizing the adverse effects of these flare-ups.