Last week, UK mobile network operator O2 left millions of customers unable to get online as its 4G data services went down due to an expired security certificate.
According to Bluzelle Networks CTO Neeraj Murarka, a specialist in blockchains and decentralized technology, the outage brings to light the risks of failing to implement a comprehensive security certificate management plan, and the general problem for operators relying on a single provider of proprietary software.
Murarka offers a warning to global mobile carriers:
“The bigger issue here is that mobile carriers all over the world, including in Great Britain and in Japan are all running some of the software in question, with control over maintenance of this proprietary software completely in the hands of a single vendor, in this case Ericsson.
Indeed, if it was just human error, it is understandable and a statistical reality. But this very fact is precisely what makes such dependence so vulnerable.
The software is likely not open source, therefore, nobody other than Ericsson themselves was likely to be aware of it. This, combined with a failure to update the software has resulted in misery for millions of people and huge costs to O2 as a result.
Yet again, this is another example where a more decentralized approach should be adopted. For example, if the software in question had been deployed by the carriers themselves, who took open source software, customized it to their needs, audited it and then deployed it, the carriers would have had the foresight to anticipate this and avoid these losses.
Additionally, another form of decentralization that I expect to see introduced in the near future is the use of mesh networks, where mobile phone users no longer directly depend on a centralized carrier.
Rather, mesh network technology will allow users to collaborate to share connections to the Internet such that dependencies such as those we see now, are minimized or eliminated altogether.
It is imperative that dependence on centralized owners of code (proprietary software) is reduced over time to give the public an opportunity to contribute to this code and catch problems long before they happen, and for the provision of services to move from large, oligopolistic providers to decentralized approaches that we see the beginnings of with the likes of RightMesh, Orchid, Bluzelle, etc.”