Do We Need to Police NG9-1-1?
For my first blog post, I’d like to talk about something that caught my attention at last week’s NENA Development Conference (NENA NDC). A substantial portion of this year’s agenda was dedicated to ”Devices and Sensors” (personal alarms, vehicle telemetry, and environmental monitors to name a few). These discussions centered on how “calls” from such devices will reach the PSAP, and attempted to inventory the impact this will have on PSAP operations.
As the discussions progressed, a number of questions were raised:
- How do we keep track of the emerging technologies and services?
- How will we handle “calls” initiated by these devices?
- Should devices be able to initiate calls directly, or should there be a human intermediary (similar to alarm central station monitoring)?
- Can any garage-tinkerer create a device which initiates a 9-1-1 call? How do we prevent abuse?
There was a natural gravitation to the idea of “certification”, whereby only devices which meet a set of criteria should be able to initiate an emergency call. The presumption being a certifying entity would be our “NG9-1-1 Cop”, ensuring:
- Public safety would only see calls from “certified” devices and services.
- Procedures for handling calls initiated by a particular device or service could be established in advance.
- Service providers, in addition to their devices, could be subject to certification, auditing compliance to a defined standard.
- Traceability back to a service provider and/or end user would greatly limit the likelihood of abuse.
Taken at face value, the concerns and proposed approach seem entirely reasonable. Now that I’ve had a few days to mull it over, I’ve started to question this path:
- I expect many (most?) of these devices to be mobile. A consistent standard must be applied across the country to prevent public confusion and create a regulatory landscape that encourages investment.
- I don’t know if any one entity has the authority to certify, and more importantly regulate and enforce the initiation of a 9-1-1 call by a particular device or service.
- Should a regulatory body be established, how would it be funded? Could such a body be “right-sized” to provide the necessary level of scrutiny, while still being able to certify devices in a timely fashion?
- Will the certification standards always lag technology, such that the certification process is outdated with the introduction of a new technology? Who decides to let a new technology in?
I think the only scalable approach is to address this problem via technical standards and functional validations built into the ESINet itself (a NG9-1-1 “Robo-Cop”?), rather than through a manual certification process. This approach would look something like this:
- The i3 specification (and referenced RFC’s), describe what a valid “call” looks like.
- Emerging standards for the passing of “Additional Data” (information about the Call, the Caller, and the Location of the Caller) define the kinds of information which can be made available to public safety.
Therefore, if a “call” has the minimum acceptable information to support the proper routing and handling of the request, AND the associated data passed with the call is in a format agreed upon by public safety, that the PSAP and first responders should be in a position to interpret and handle the call. Calls which do not meet these criteria should be “arrested” at the gate by our Robo-Cop.
For this to work, I believe we need one additional ingredient: traceability. The identity of the device’s Service Provider MUST be certified through a credentialing agency. Better yet, the identity of the device owner / user should be certified, even if only by the credentialed Service Provider. This ensures anyone using or deploying a device can be identified by public safety. A knee-jerk reaction would be to call this “big brother”, but it is in everyone’s best interest. Public safety works best where there is a baseline level of trust that running in both directions: you trust me because you know who I am, I trust you to come help me!
Testing this against our initial concerns, our Robo-Cop could create an environment where:
- Emerging technologies conform to pre-defined standards. When a new technology requires an extension to a dataset, one works with the standards organizations to affect the required change.
- Public safety can create the required operational procedures in advance, since all “calls” would confirm to pre-existing standards.
- Competition and innovation flourish as the only barrier to entry is standards conformance and registration of the service (the trusted identity).
- The incident of abuse is no worse than what is seen with landline and initialized post-paid mobile devices, as the identity of service providers and end users is known.
I’ve already been asked to bring this to the attention of NENA’s Additional Data Work Group, so I’d appreciate your thoughts