What about security?

One reason for having the VOIP phones on a separate VLAN is we firewall it. It turns out all these phones have Web servers -- not browsers -- in them and one way to configure them is to talk directly to the phone. All you need is the phone admin password, which is the same one in every phone and it's in the manual, so we don't let Web connections get to the VOIP phones, so security is at that level. I would love it if the phones would encrypt the voice stream. They don't do that today and there's nothing I can do about it except indicate to the vendors that I really want that feature and hope we'll even get it. It's a concern. But so are cell phones. If there hadn't been cell phones I'd be much more worried. We don't want to go overboard on something that's not a real threat yet.

If I put my IETF hat back on, VOIP security in general has been a real disaster. Like everyone who does technology, the VOIP vendors don't want to think of security when they're designing, and they aren't convinced the bad guys are really out there just because they're not attacking yet (and of course they won't attack until you have 100 million handsets out there to make it worth their while). The other problem with VOIP is that there have been a lot of Bellheads involved and they have a security model that's completely whacked -- the "trust the network" model. In the Internet space you don't trust anybody, particularly the network. You better do end-to-end security if you care.

Then there's the whole damn government. I don't know this but I suspect if the Polycoms and Ciscos of the world had had these phones do end-to- end encryption on Day 1, then the U.S. government probably would have come in and tried to stop it. They want to maintain the ability to do surveillance even if we all have to walk around naked.

OK, on to project No. 2. What's MIT doing to become a regional optical network player?

Through an arrangement with Internet2 and their FiberCo arrangement we have a pair of fibres from Boston down through Rhode Island, Connecticut and eventually terminating at 32 Avenue of the Americas in New York City, and a redundant pair up the Hudson River and that cuts across Massachusetts. We got it at a price we could afford, so we went for it. We're lighting it up with optical gear that will give us 72 10G waves. This means in New York City we can peer with CERN and with a lot of the major players. The contract for our fibre wasn't 24 hours old when through the grapevine our researchers found out about it and were enthused about using it for high-speed access to various national and international assets.

MIT doesn't already have access to high-speed links for research through Internet2 or other networks?

Internet 2 backbone now is 10G I think, and links to this part of country are around 1G. Our researchers want 10G to CERN and now we can give them that. We also did this before Internet2 announced its new network [which had gone by the working name NewNet and boasts 10G lambdas].

I'm very annoyed about the competition that emerged between Internet2 and the National LambdaRail network people. It was a national embarrassment that literally got down to name calling. The networks were going to merge but turned out to be like water and oil, so now they're competing. A side effect was that the Internet2 people didn't talk to us before they announced one of their NewNet nodes would be in Boston, so now we're in the same facility as them. Even so, we're still getting a better deal on price to get to New York City. Meanwhile, we have a history of cooperation in the Boston area with other schools, such as Boston University and Harvard, such as through the Northern Crossroads facilities. Some asked why we didn't buy the new fiber under Northern Crossroads, but it was just a timing issue: We had the money and couldn't wait for approvals from the others.

This all sounds too easy ...

It wasn't. It's amazingly complicated. First the IRU [Indefeasible Right to Use] agreements, and it's Level 3 fibre, so we have to sign agreements with them. And it's not just the fibre, you have to get space in huts along the fiber path to put in regeneration and optical amplification equipment [Nortel installs most of the equipment]. It turns out there's paperwork to be done for each of those sites, plus lots of legal contracts. And we're a nonprofit organization, so we need to file paperwork in every single township along the way to demonstrate this.