Webinar Q/A: 911 & the Internet of Things

Published:

February 27, 2017

Updated:

April 4, 2023

On Wednesday, February 22, we hosted a webinar on 911 and the Internet of Things. Our audience members asked some great questions and we wanted to make the Q/A available to you. Feel free to ask additional questions in the comments.

1. To use these VoIP 911 services as an OTT app, do I need a VoIP call server in my solution?

That’s a good question. Often, folks think of telecommunications companies connecting to 911 and immediately think there’s a soft switch or a VoIP call server that is involved, but that’s not true. Smartphones are heavy enough processing engines now with good access to generalized SIP stacks and good quality data connections into the network, so provided you can integrate one of the stacks and launch a SIP invite and support the full session, you’re going to be fine and you don’t have the have a network-based call server or related piece of infrastructure.

2. I thought next generation 911 was required to provide these types of services. Are you saying that it’s not required?

That’s correct, but let’s refresh what Next Gen 911 is. Those selective routers and ALI databases were designed in the 1980s. They’re old and not necessarily as flexible as modern IP technology. Those are being replaced by all IP technology. That’s what Next Generation is. When you do all IP technology and you’re using things like Voice Over IP and SIP. Your session can be more than just voice- it can be text, it can be video. But the essence of the use cases we showed in this particular webinar do not require Next Generation 911- it’s nice to have, but it’s not required. What we’re talking about today is the hybridization of land line, wireless, VoIP – under an OTT app or under a telematics scenario where location becomes flexible and dynamic and that’s certainly here today.

From a regulatory perspective, even though it’s technically capable, it’s still a point of discussion from a best practices perspective. In fact, it is one of the things that the industry and the standards bodies – bodies like APCO and NENA, with their members, are trying to address regularly. The fact of the matter is that we have hybrid 911 networks that are changing. You have the ever increasing adoption of IEP networks and IEP services by service providers and their customers, but the 911 networks are slowly evolving in that direction, but are principally still premised in and around the PSTN at the end. So, trying to figure out how to integrate these new services into PSTN-based 911 networks as Next Gen networks become more common, there is a realization that they are not common in all respects and that they are effectively “hybrid” networks. Thus, people are working to figure out how you will be able to support 911 calling for innovative services without stopping innovation in the marketplace.

3. What’s the Bandwidth footprint with PSAPs? In other words, if an app wants to use your APIs for in app voice calls to 911, where in the country would it work or not work for connecting with the appropriate PSAP, based on user or incident location?

The rough statistics are that we cover 98.2% of the U.S population. There are approximately 5400 primary public safety answering points of which we deliver directly to the vast majority of them. There’s still a handful, probably less than 200, that are not enhanced and what I mean by that is that they either lack the desktop infrastructure or the database interconnection to fetch a location and display it to the screen. Excluding those couple hundred, the footprint you are looking for is 98.2% of the US population.

4. Right now, 911 will not take a call from anything non-human. So we need a secondary call center operation as an intermediary between the IOT and the PSAP. What do you see in terms of this barrier falling and the PSAPs accepting automated messages?

In general, 911 calls come from people because it’s human judgment if something requires a 911 response. However, lines get blurred when there is an emergency. If I subscribe to a service and I want to use my service to generate an emergency call, I may expect that I have the ability to do so. An example of this situation is a car crash and whether an airbag can automatically generate a call? The real question is whether there is an actual emergency and if it is a legitimate call for help or whether it’s some sort of a malicious call attempt. This distinction is where the rules historically have been aimed – i.e. at unwanted calls that are not legitimate emergencies.

5. What interfaces exist for provisioning to these 911 services?

That’s going to be vendor dependent. What Bandwidth does, is we have three provisioning interfaces. For an Over the Top app provider, the first one is not that interesting, which is bulk loading by flat files. Think in terms of a phones company that have hundreds of thousands of records that they want to onboard to a particular 911 service provider. We do that every day.

The more pertinent ones for OTT Apps are our RESTful, XML, or SOAP APIS for the provisioning of user identities whether that’s telephone numbers or URIs, and associated addresses. We also provide for smaller subscriber count clients. We have a portal product built on top of our own API, because sometimes you don’t want to code up to an API, you just want to be able to provision on a portal when you are starting out as a small business.

6. Is there a danger of low quality OTT apps failing in a mode that causes repeated 911 dialing and is there a way we can prevent that?

Any vendor community has a responsibility to contract with and hold their clients and customers accountable to a level of quality and we certainly do with ours. We have a sandbox where client applications can test and play before it is determined they are stable and robust enough for the mainstream. That’s just best industry practices. You might think 911 is incredibly special, but if you are building chemical equipment plants or electrical grids you’ve got an equal responsibility and there’s regulations around that.

There is risk – of that sort of mistake in deployment or lack of control or adequate controls that could have unintended or bad consequences on the emergency service community. It is important that you have experienced, knowledgeable people involved who are doing the necessary testing, who know how it all works, before things get launched into the wild and you run into those risks in a real world situation.

7. How do you protect a PSAP from a DDOS attack via an IOT device?

The PSAP has a certain number of trunks going into it and they can handle a certain level of calls simultaneously and the PSAP is limited physically by the number of seats that they have populated at any one time. A very rural PSAP might only have one or two seats and it’s not an uncommon event that two legitimate 911 calls come in at the same time and occupy both of those two seats and the remainder of 911 traffic, if some should arrive, is sitting in a queue. That is not uncommon at all and it occurs when there are low seat counts but some moderate call volume. A group of malicious callers could saturate a particular call center, they don’t need an IOT device to do so.

There’s a couple of natural choke points in the network that protects the PSAP from over-loading. For example, the Selective Router itself provides call volume overage control. Suppose you have telecom company A, telecom company B and telecom Company C that lets an OTT app onboard. They might lock up their couple of circuits because of their misbehaving OTT app, but telecom Company A and B still have their path through that selective router. You can’t think of this as an Internet where a Denial of Service attack affects everyone simultaneously.

We are focused on solutions to what is a very real risk and a very real concern in the emergency services space, and we work to avoid this in all cases that we can.

Bandwidth is a full telephone company. We are a wholesale CLEC with tens of millions of telephone numbers – and texting. So, we deal with spam, locking down bad behaviors on the network all the time. It’s not just a 911 thing. It’s a full telecom industry issue to deal with bad endpoints or bad behavior.

8. What’s ESGW?

“ESGW” stands for Emergency Services Gateway. This network component receives VOIP voice calls on one side and converts them to circuit-switch TDM calls on the other side. The ESGW stands between a VOIP-based telecommunications company and the Selective Router it needs to deliver 911 calls to.