< Back to Main Site

EDUCAUSE review onlineEDUCAUSE review online

Do Emergency Text Messaging Systems Put Students in More Danger?

8 Comments

© 2008 John Bambenek and Agnieszka Klus. The text of this article is licensed under the Creative Commons Attribution 3.0 license (http://creativecommons.org/licenses/by/3.0/).
EDUCAUSE Quarterly, vol. 31, no. 3 (July–September 2008)
Current Issues
Do Emergency Text Messaging Systems Put Students in More Danger?
The rush to use text messaging as an emergency notification system fails to consider the weaknesses and potential hazards of this solution

Cell phones have become prevalent on college campuses. Most students use them as their primary phone to avoid changing phone service every year or dealing with university–based long-distance charges. In the wake of recent college shootings and threats of violence on campus, administrators have begun to deploy cell phone solutions to send emergency messages to students. Many believe that emergency text messaging systems will minimize the damage (specifically loss of life or injuries) in an emergency situation, including natural disasters.

Despite the speed with which such systems are being deployed (some even mandated by law), little attention has been given to the efficacy and implications of such technologies. Crisis communication services must demonstrate several characteristics to meet the requirements for emergency operation:

  • Extremely high reliability
  • Excellent access control
  • High-speed delivery

Does text messaging meet these requirements? No.

Short Message Service Text Messaging

Among different messaging options, short message service (SMS) has become very popular. A key design feature is its relative simplicity. The downside? The SMS protocol is not only insecure but can't be made secure. The protocol handles only the bare necessities of getting messages of no more than 160 characters from one device to another. Among the features SMS generally does not include are error checking, guaranteed delivery, and speed of delivery. In normal situations, this does not matter.

While e-mail and Internet services have defenses such as virus scanners to provide security against attacks, the SMS messaging protocol does not. Additionally, cell phones cannot perform the complex tasks of security and authentication. As a result, false messages to cell phones are extremely difficult to prevent, and more people are seeing spam SMS messages on their cell phones, especially as more services support the technology.

SMS messages do not require the sender to use a cell phone. Most cell phone providers offer an SMS gateway, however, so each phone has an e-mail address. For instance, a Verizon Wireless customer with a cell phone number of 312-555-1212 would have a phone e-mail address of 3125551212@vtext.com. Cellular providers also provide web interfaces so that individuals can send SMS messages using a web-based form. Both these tools allow people anywhere in the world to send an SMS message to any cell phone user without authenticating the sender.

An additional vulnerability with SMS messaging was recently discovered. Researchers from Pennsylvania State University demonstrated the possibility of overwhelming a cellular network by sending a flood of SMS messages to users in the same geographical area. A successful attack would effectively shut down not only the ability to send SMS messages but also the ability to make normal cell phone calls (denial of voice service, or DoVS).1

Clearly, SMS messaging lacks reliability, access control, and speed of delivery (when the number of messages is high). SMS messaging simply does not meet the requirements of crisis communications systems because it was never designed for high-stakes communication.

Emergency Text Messaging Services

The main driver for formal adoption of text messaging technology is its use in crisis situations. Even the label "emergency text messaging systems" presupposes and reinforces the idea that these systems primarily target emergencies. For instance, stated uses of the service at the University of Illinois at Urbana-Champaign include pandemics, floods, school closings, and active threats. The university answers the question "What is an active threat?" as follows:

An "active threat" is defined as any incident which by its deliberate nature creates an immediate threat or presents an imminent danger to the campus community. In addition to offenders armed with firearms (active shooters), obviously, it is possible for other types of weapons or instruments to be used by offenders who want to cause harm.2

Emergency text messaging services were being considered before the Virginia Tech shooting, but the move to adopt such systems took on much greater urgency after that event under the assumption that they could have reduced the loss of life. The accelerated adoption of text messaging technology for emergency communications unfortunately has limited consideration of its usefulness and weaknesses.

The service itself is straightforward. In most cases, students and staff register to participate in the system by giving the university their cell phone numbers. The emergency text messaging application converts the numbers to e-mail addresses and then applies standard bulk e-mailing techniques to send out a large body of SMS messages as quickly as possible.

To initiate an emergency message, a dispatcher or other authorized person enters a message within the 160-character limit and sends it off. The time it takes for messages to be received depends largely on the number of users in the list. Anecdotally, technologists who have tested the system for colleges and universities report a 15–60 minute range for receipt of messages. This delay is on top of the time it takes for a 911 call to be initiated, for a dispatcher to gather information, and for the appropriate decision maker to authorize sending the message.

Note that the DoVS vulnerability mentioned above would come into play here. A successful DoVS attack concentrates on victims who communicate through the same cellular tower. In this case, an emergency text message would be sent to users in a tightly defined geographic area (on and around the campus) and would likely be associated with the same few cellular towers. As a result, an emergency text message could interfere with normal voice communications. This is especially true during an "active threat" scenario when people are trying to ascertain if their loved ones are safe. Emergency text messages are thus a one-shot technology: Once a message has been sent, the cellular networks in the area become saturated, meaning it will be some time before a follow-on message could be sent.

In analyzing the efficacy of these systems, it is necessary to put oneself "in the moment" of an active threat. Hindsight is 20/20, and administrators do not have it when making emergency decisions. Using recent school shootings and threats as examples, we can analyze emergency text messaging in light of a school shooting or active threat.

Northern Illinois University Shooting

Shortly after 3 p.m. on February 14, 2008, Steven Kazmierczak emerged from behind a curtain in a Northern Illinois University lecture hall and fired over 30 rounds. Five people were killed and 18 wounded. The campus was ordered into lockdown very quickly, and emergency messages were posted on the main website about 20 minutes after the initial report of the shooting. The shooter did not roam through Cole Hall or the campus; he fired into the lecture hall and then killed himself.3

It took about 70 minutes for police to ascertain that the shooter was dead and the area was clear. It is important to ensure that a situation is secure before announcing it, but in a crisis, civilians tend not to communicate clearly, and even trained professionals can suffer from garbled communication. In this situation, those in danger knew what was happening before the police did. Because the shooter made no attempt to find more victims and the shooting was over rather quickly, messaging those outside the classroom would not have affected the outcome. Further, the information gaps combined with the time needed to send text message alerts made them infeasible.

Virginia Tech Shooting

The Virginia Tech shooting was the catalytic event for emergency text messaging systems. In this case, the timline4 of events on April 16, 2007, is important:

7:15 a.m.—Report of shooting in West Ambler Johnston Hall with two victims killed (male and female)

9:26 a.m.—University sends out e-mail notifying the campus of the shooting and urging caution

9:45 a.m.—Shooting at Norris Hall begins

11:53 a.m.—After several prior e-mails, another e-mail is sent saying the shooter "is in custody"

Roughly two and a half hours separated the first and second shootings. In theory, the university had time to send out an emergency text message and close down the campus. The question is whether that would have been prudent.

The belief among the authorities who responded to the 7:15 a.m. shooting was that they were dealing with an isolated incident, probably a domestic dispute. At the time, no descriptions of the shooter were available, although they had identified a "person of interest." They identified the female victim's boyfriend as the potential shooter and detained him around 9:24 a.m. that day. The reports after the fact concluded that this line of investigation was reasonable, albeit ultimately wrong.

At 9:45 a.m., reports of shootings were coming in to 911, and police responded to the event in Norris Hall. After initial difficultly gaining entrance to the building, they found the gunman had shot himself after killing 31 people. Later investigation found no connection between shooter Cho Seung-Hui and the individuals in West Ambler Johnston Hall or any indication that Cho had planned an attack on Norris Hall specifically.

The Virginia Tech Review Panel specifically cited the police as having erred in not considering other scenarios than a domestic dispute for the first shooting. This charge was repeated in the media and campus community. The problem with this line of thinking is that it assumes a finite number of possibilities. In reality, the Virginia Tech incident was unique in the sparse history of college campus shootings. At that moment, the police had no historical frame of reference to make the leap between a seemingly isolated shooting to a mass casualty incident.5

This analysis of incident response has important implications for emergency text messaging systems. Administrators in future will err on the side of extreme caution because "another Virginia Tech" may happen, and this mentality is also present among the staff and students of other universities. They insist on being notified of any violent incident or threat of a violent incident so that they can protect themselves. This all but ensures over-utilization of emergency communication systems in general. More importantly, it creates a cultural mindset that will respond immediately and unquestioningly to emergency text messages (or other emergency communication) as if another Virginia Tech–like incident were imminent. Fear-based responses make people more likely to trust authentic looking communication without analysis, a potential hazard discussed below.

The review panel also found miscommunications during the response to the shooting that could have complicated an effective response. The first problem was that when the initial call to 911 came in, the dispatcher had a difficult time understanding exactly where the shooting was taking place.6 It takes time to communicate a report to police so that they have enough information to respond.

The shooting in Norris Hall lasted approximately 11 minutes. Given the time it took to communicate to dispatchers the location of the shooting, an emergency text message would have started being received minutes after the shooting ended. This delay further encourages administrators to warn the campus community and lock down the campus at the first indication of trouble—and the campus communities demand as much.

St. Xavier University Closing

The presumed purpose of a text messaging system is to alert individuals to an active threat. The institution thus obligates itself to send SMS alerts over any significant act of violence, regardless of circumstances. In many cases, this would result in a lockdown of the campus.

With such a low threshold for sending out alerts, the probability that people will recklessly abuse the system and cause a lockdown rises. In the cases of Oakland University7 and St. Xavier University,8 threatening graffiti in campus buildings forced the schools to shut down completely. In the case of St. Xavier, four schools surrounding the university were closed as well.

St. Xavier remained closed for eight days while the threat was investigated. Because only graffiti was involved, the forensic evidence available was minimal. With such a low threshold to shut down not only a college but also surrounding institutions, it is entirely plausible that a student who wants to shut down a campus might turn to graffiti or other pranks.

While this scenario does not directly bear on emergency text messages, it does illustrate a sociological consequence of adopting such systems; namely, administrators must respond as if they were facing the absolute worst-case scenario. The cultural reaction to alerting systems all but forces their overuse by administrators and unquestioning compliance with emergency instructions by recipients.

Leading Victims to the Threat

While the possibility of using false text messages is not inconsequential, there is a more significant risk: A hostile entity could use a forged emergency text message to lead victims to the threat instead of away from it. This scenario is not hard to imagine—it has happened before.

In 1998, the Real IRA (an Irish Republican Army splinter group) phoned in a bomb threat indicating a courthouse in Omagh, Northern Ireland, was the target. There is some debate whether the confusion was intended or accidental. Unfortunately, the lack of prosecution of those responsible means we may never know.

The car bomb was not at the courthouse, however, but in the city center. As part of the standard bomb threat response procedures in Northern Ireland, the area around the courthouse was secured and bystanders were moved to the city center—a safe distance. The city center and the associated businesses stayed open while police investigated the threat. The bomb in the city center exploded, killing dozens of people. The destruction and loss of life was more severe because of the confusion over the actual target.

With the deployment of emergency text messaging systems using an insecure protocol, it becomes possible for a malicious individual to use such technology to achieve the same result. Any notification system could be misused this way, but emergency text messaging systems are particularly vulnerable and easier to exploit.

False Text Messaging

Every moment, thousands of spam e-mail messages clog inboxes and mail servers. Most of these messages are forged to varying extents. More malicious e-mails, such as phishing attacks, purposely try to appear as if they come from legitimate sources. The more legitimate looking the e-mail, the more likely a phishing attack will succeed.

Because emergency text messaging systems often rely on e-mail to deliver messages, a malicious individual halfway around the world could send a fake emergency text message without difficulty. The method for sending forged e-mail is well known and trivial—every e-mail client can be set to send e-mail that appears to come from someone else. While any communication system can be compromised, e-mail is inherently insecure and easy to forge.

The example in Figure 1 shows it only takes a few keystrokes and no real technological effort to send a fake emergency text message. The recipient of the message will see a message similar to Figure 2, which proves how hard it is to distinguish a real alert from a falsified one.

Figure 1


Click image for larger view.

Figure 2


Click image for larger view.

With e-mail, an experienced system administrator has a variety of tools and information to discern real messages from forged ones. No such information is available with text messages to make a determination, even for experienced technologists. Unfortunately, the source e-mail address is often published on campus websites discussing the university's emergency text messaging system. The purpose, of course, is to help people recognize emergency messages. The consequence is that an attacker has almost all the information needed to send a false text message. All that's missing is target phone numbers.

Unfortunately, many campuses publish student phone numbers on the web. Additionally, many people put their phone numbers on social networking pages such as Facebook or MySpace. Spidering these websites takes some effort, but tools already exist that can accomplish the task in an automated fashion. Or, an attacker could use the area code and the first three numbers of the exchange of cellular providers in a given area. For a ten-digit phone number, the first three numbers are the area code (publicly known), the next three are the "exchange" (unique by carrier and geographical area, usually city), and the last four are unique to create an individual number. An attacker could simply send text messages to every number in a relevant area code and exchange. All that's necessary is to get one or two students in every classroom and you've got a campus population following the same instructions.

The danger is that people will immediately and unquestioningly obey the instructions provided in a forged emergency text message. Calls to 911 will start coming in, with nervous individuals looking for clarification or administrators wanting to know what is going on. Discovering that an unauthorized text message went out takes little time; sending a follow-up corrective text message would still have a 15–60 minute delay at best.

The lack of authentication seriously undermines the system. A malicious individual who wanted to cause a mass panic from halfway around the globe could fairly easily send false text messages to a good portion of a campus and accomplish that goal. Even worse, an attacker (or group of attackers) could plan an Omagh-style attack to lead students and staff out of buildings and direct them toward a threat. In the case of explosions, walls and the building structure absorb some energy from a blast. In the open, people have no protection, and it is easier to pack more people in a smaller space.

Other methods of attack could exploit the ability to lead victims to a target area. Falsifying an emergency message is possible in any type of emergency communication. Text messaging systems, however, make it absolutely trivial to send a false message with no physical connection and little forensic evidence to track afterwards. If an attack is timed carefully, it will cause a far greater casualty count than would be possible otherwise. Administrators would simply have no time to countermand a false message to prevent it.

Conclusion

The question remains, can text messaging systems protect a campus population? Or do they put people at more risk? Any emergency communication system must be reliable, with controlled access and fast delivery. Not only does text messaging fall short in all three areas, recent campus shooting incidents demonstrate that these systems would not have helped during the emergencies, only supporting supplemental crowd control afterwards.

Any form of communication has benefits and costs. Despite the apparent advantages of text messaging as an emergency service, opportunities abound for overuse, and the possible hazards are exacerbated by the common willingness of people to comply promptly with emergency messages. In addition, the potential for abuse is high, especially since trivial incidents can lock down an institution. The use of such systems would all but paralyze normal voice communications, increasing anxiety—and perhaps danger—in a heightened threat environment. Finally, because of the triviality of sending a fake text message, the sender could not only shut down a campus but actually lead students and staff toward a threat instead of away from one.

Emergency text messaging can be useful in announcing school closings or facilitating crowd control. Given the sociological context in which these systems are implemented and the perceptions surrounding them, however, it is possible to manipulate a campus population for malicious purposes from anywhere in the world. We can only conclude that the use of text messaging tools is woefully insufficient and dangerous for use in emergencies.

Endnotes
1. William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta, "Exploiting Open Functionality in SMS-Capable Cellular Networks," presented at the 12th ACM Conference on Computer and Communications Security 2005, Alexandria, Virginia, November 8–10, 2005, http://www.smsanalysis.org/smsanalysis.pdf.
2. "Active Threat Information," Division of Public Safety, University of Illinois at Urbana-Champaign, http://www.dps.uiuc.edu/activethreat.htm.
3. See the news story "6 Shot Dead, Including Gunman, at Northern Illinois University," CNN, February 14, 2008, http://edition.cnn.com/2008/US/02/14/university.shooting.
4. See the news story "Virginia Tech Shootings Timeline," CNN, April 17, 2007, http://edition.cnn.com/2007/US/04/17/timeline.text/index.html.
5. Virginia Tech Review Panel, "Report of the Review Panel," August 2007, http://www.governor.virginia.gov/TempContent/techpanelreport.cfm
6. Ibid.
7. Jesse Dunsmore, "Multiple Threats Close Campus," The Oakland Post, April 16, 2008, http://www.oaklandpostonline.com/read_article.php?id=297.
8. CBS News, "4 Local Schools Close Due to Threats at St. Xavier," CBS 2 Chicago, April 14, 2008, http://cbs2chicago.com/local/saint.xavier.threats.2.699041.html.
John Bambenek (bambenek@control.csl.uiuc.edu) is a Research Programmer and Agnieszka Klus (aklus2@csl.uiuc.edu) is a graduate student in Accounting at the University of Illinois at Urbana-Champaign.
 

8 Comments

Response to "Errors"

An attacker doesn't need *your* list... they need to have *a* list, and I mentioned how (a couple of ways actually) in very generic terms of how to generate one.

 

Posted by: bambenek on August 17, 2008

errors in article

" The emergency text messaging application converts the numbers to e-mail addresses and then applies standard bulk e-mailing techniques to send out a large body of SMS messages as quickly as possible."

Any text messaging service that ask you to provide the carrier does indeed do this becuase they are using SMTP. Providers that use SMPP do not need this and will not ask you for the carrier. You fail to mention this. I feel this omissionin and of itself leads you to come to an incorrect conclusion. You also need the list of niumbers, something we keep confidential.

SMPP, while not perfect, is a good first strike tool in many situations. I will also state that I epxreience a ot of problems before we reached a level of acceptable performance.

I feel as if you failed to properly research the matter before leaping to a conclusion that I believe is incorrect.

 

 

 

 

 

 

 

Posted by: jmlalley3 on August 13, 2008

The more I think about this...

One comment you made, "While text alerting is far from perfect, and was admittedly not designed for emergency notification", I think sums it up.  We more or less agree there are technical problems... we agree that they aren't permanent... but my position is that if we are going to trust a technology to be used in life or death situations, the technology needs to be solid, not have the potential to be solid some day.  If you want to use text messages to announce say, school closings (if you can deal with the scale problem) fine.  But we're talking about giving instructions out when seconds matter and while people are dying.  It's simply not there yet and putting on the rose colored classes in such cases is simply bad policy.

Posted by: bambenek on August 11, 2008

Article based on false assumptions

First of all let me fully disclose that I am responsible for Engineering and Operations for Rave Wireless, an emergency alerting provider.  While I feel that this is a very important discussion to have, I feel that stating that text messaging systems put students in "more danger" is very misleading and based on some erroneous information about how these systems work.

SMS messaging is NOT 100% reliable and was not designed for emergency notification, those are facts.  Looking at the authors' criteria for emergency notification:

 

  • Extremely high reliability
  • Excellent access control
  • High-speed delivery

     

    I would contend that the following requirements were excluded:

    • Ease of access (i.e. if you're walking around campus how easy is it to get the message?)
    • Proactive notification (i.e. how are you notified that you have a new message?)

    Taking these 5 criteria together, there is really NO solution available today that meets all of them for mobile users (people away from their home).

    SMS while far from perfect is the best available means for reaching students in the event of an emergency, better than voice only because SMS is sent on a dedicated "control channel" that does not get overwhelmed as easily as the mobile voice channels because the data volumes are far less.

    "When disaster strikes, SMS has a major advantage over cellular voice calls and wireless e-mail devices. Text messages do not rely on voice channels for transmission, and they don’t piggyback on enterprise e-mail servers. Instead, SMS messages travel as small packets of data on a wireless carrier’s control channel, the same portion of the spectrum that keeps a cellular network apprised of a particular phone’s location and status.

    Because SMS messages are isolated in the control channel and are often unfazed by heavy traffic or adverse conditions that can overwhelm wireless networks, text messages can get through when most other methods of communication fail. Hence, some government officials are beginning to build SMS use into disaster planning exercises. "

    (From http://www.fcw.com/print/12_11/news/92790-1.html)

    The authors' article makes an argument that using text alert notification as a form of emergency communication does more harm than good. Regrettably, the authors hinge much of their argument on a series of inaccuracies and bad assumptions. To help set the record straight, here are some claims from the article along with “Mythbuster” type responses.

    It is our opinion and that of most practitioners that text messaging, while not perfect by any means, is an appropriate and effective component of any multi-modal emergency communications plan.

    Article claim:

    "SMS messages do not require the sender to use a cell phone. Most cell phone providers offer an SMS gateway, however, so each phone has an e-mail address. For instance, a Verizon Wireless customer with a cell phone number of 312-555-1212 would have a phone e-mail address of 3125551212@vtext.com. Cellular providers also provide web interfaces so that individuals can send SMS messages using a web-based form. Both these tools allow people anywhere in the world to send an SMS message to any cell phone user without authenticating the sender."

    Fact:

    While it is true that one can send a text message to a mobile phone using this email approach (generally referred to as SMTP messaging), there are two practical barriers to a malicious user sending a mass text message to a campus community through this method.

    •  The user would ostensibly need to know the tricky combination of mobile phone number and carrier (Verizon, AT&T, etc.), for every member of the campus community, or at least some significant number of community members. As a practical matter, this information is not easy to obtain.  There are no public phone number to carrier lookup resources available.
    • Later in the article, a scripting-type method is suggested as a way around this practical barrier. That is, to send an automated bulk email to every possible phone number combination within the area code(s) and exchange(s) that are especially prevalent on campus – for example, common local numbers. The problem with this approach is that all major mobile carriers implement measures to prevent against this type of abuse. As many institutions that have tried to use lower-end alerting platforms are painfully aware, most carriers cut off the flow of such inbound mass emails to their sms gateways after a relatively small number –sometimes 50 users. So a “carpet-bomb” sms spam attack through email is unlikely to succeed on any broad scale. If you’re wondering how quality alerting platforms accommodate for this limitation to effectively send mass alerts, see the next response…
    • Most reputable SMS alerting providers do NOT send notifications via SMTP, they send them via the SMPP protocol using a "shortcode".  A shortcode is a 5 or 6 digit "phone number" that institutions can use to send and receive SMS.  Since shortcodes cost on the order of $2500 per quarter, it is unlikely that a malicious party would lease one to use in a spoofing attack.  Therefore, students are able to authenticate the sender to some degree by considering who the message came from, ideally comparing the sender to the expected shortcode.  If your alerting provider uses SMTP exlusively, it's time to select another provider.

    Article claim:

    "The service itself is straightforward. In most cases, students and staff register to participate in the system by giving the university their cell phone numbers. The emergency text messaging application converts the numbers to e-mail addresses and then applies standard bulk e-mailing techniques to send out a large body of SMS messages as quickly as possible."

    Fact:

    Any quality alert platform does NOT send all of its mobile alerts through the SMTP or email method as the article suggests. Rather, systems such as Rave Alert send alerts through a series of multiple, redundant SMPP aggregators that send SMS messages directly through carrier systems, bypassing the carriers’ SMTP e-mail gateways. All the major carriers have direct SMPP messaging capabilities and entities such as SMPP aggregators and vendors need to complete stringent application processes to gain access to these systems. Quality systems like Rave Alert only send alerts through the lower-priority SMTP channel when the user has a phone on one of the handful of very small mobile carriers that do not provide SMPP access. This represents less than 5% of the U.S. mobile user population. Any alerting vendor worth its salt has multiple SMPP aggregators aligned through multiple data centers with systems in place to effectively manage a high volume throughput of text messages to end users.

    Furthermore, all of the carriers employ "SPAM filters" on their SMTP-gateways to protect their subscribers from unwanted SMS traffic.  A broadcast alert sent to thousands of subscribers within a period of a few minutes would almost certainly be shut down by the carrier SPAM filter if this approach were attempted.

    Article claim:

    "Anecdotally, technologists who have tested the system for colleges and universities report a 15–60 minute range for receipt of messages."

    Fact:

    A reliable alerting platform should perform better than this. It is true that there are many variables that affect the real delivery and receipt times of text notifications, including the number of users on the list, network congestion, and simple issues like whether or not a given user’s phone is turned on. However, the experience of clients on the Rave Alert platform is that messages are delivered much more quickly. In the University of Wyoming's campus-wide test of the Rave Alert system, nearly 7,000 students, faculty and staff members received a text message on their cell phones. Delivery of the text messages was fast and reliable. Of the students polled, 90 percent reported receiving the text messages within one minute; the longest reporting four minutes to receive the message.

    A 15 - 60 minute delivery time for a text alert would indicate that a grossly inadequate alerting provider is being used.  Unfortunately, sending SMS quickly and reliably is more involved than many buyers realize, and many made the mistake of choosing the cheapest provider possible, including free providers under the false assumption that all vendors are equal.  Rave Wireless offers the "Rave Alert Challenge" whereby any qualified potential customer can trial our system for free in a head-to-head comparison as we are confident that we can out-perform any system in the market.

    Article claim:

    "We can only conclude that the use of text messaging tools is woefully insufficient and dangerous for use in emergencies."

    Our position:

    Text alerting, while not infallible, is an excellent way to quickly reach a large number of on-the-go community members. Any responsible emergency communications professional will recognize that the key to disseminating emergency notification is to use many different channels together to reach users.

    On a college campus, this multi-modal mix can often include text messaging, email, recorded voice alerts, loudspeakers, digital signage systems, and even the ultra low-tech approach of sending people designated as “runners” to spread the word to areas of high population density (although this approach may not be safe in something like an active shooter scenario).

    There is a good reason that so many colleges, universities and other organizations are incorporating text messaging into their mass notification mix. The critical thing is for alerting system buyers to be educated and aware shoppers, as not all alerting platforms are created equal. Performance and reliably varies greatly.

    While text alerting is far from perfect, and was admittedly not designed for emergency notification, it is the best available method for contacting large numbers of individuals quickly regardless of their location, offering better reliability and throughput than voice, and better convenience and accessibility than e-mail. 

    The pending WARN act is designed to create a system that will more closely fulfill the authors' criteria for an excellent emergency notification system.  Until those recommendations and technologies are implemented (which will certainly take several years), practioners are restricted to leveraging the best available tools at their disposal.  

    While SMS is not sufficient as a "stand alone" solution, it should certainly be incorporated in a responsible multi-modal solution.  We cannot accept that it puts students in more danger.

    Peter Troost
    VP Engineering
    Rave Wireless

  • Posted by: ptroost@ravewir... on August 8, 2008

    Response

    To your first point, about spoofing messages... you assume a very simple method of spamming, one that hasn't been used in years.  Sure, I would imagine it would be easy to pick out one sender who is sending 10,000 messages, but it is easy enough to have many machines all over the world do it and your 50 message threshold is irrelevant.  If commercial e-mail providers can't figure out how to stop spam, how can you claim you've figured it out?

    As far as SMPP versus SMTP, many of the websites I've surveyed of institutions speak of using e-mail alerts with some e-mail address to "authenticate".  This is easily spoofed, and I've shown how. As far as a directory of cell phones for a campus, sure, one does exist... it's called facebook.  And even if your brute force, there are websites that list cellular providers by area code and exchange and by SMS email domain.  For instance, Verizon uses @vtext.com.  If you know an exchange is Verizon, you know the domain and that's that.  It isn't complicated, tedious yes, but a script is technologically trivial to create.  Wireless number portability muddies the water a bit, but I've also explained why you don't need 100% success, the same reason why Universities say they don't need 100% notification.  They don't need to notify everyone, just one person in a room.  Same approach.

    At one point you start a fact by saying, "A reliable alerting platform should perform better than this."  I agree with the opinion but "shoulds" aren't statements of fact.  The estimate was based on real-life circumstances, including at NIU.  The numbers are preliminary, sure.  And they can be improved upon easily... increase the capacity of control channels.  It's not a permanent problem, but a problem that can and should be addressed.

    But you focus greatly on performance issues, which I agree, can be improved upon.  Those aren't permanent problems, but the SMS protocol has no ability for authentication, at all.  It simply was not designed for messages that you REALLY need to be sure who they come from.  Can we improve upon it or develop a new protocol, of course.  Does that protocol exist today? No.

    And while you claim it is the "best available technology" I disagree and showed a few scenarios (NIU and Va. Tech, the impetus for emergency SMS) where it wouldn't have helped.  It's a cost/benefit tradeoff, I see more costs right now.  Some benefits, sure, but not worth the risks.

    Notifying people for non time-critical information, sure.  Notifying people of things they need to know **right now**... not so much.  For school shootings, the people in harms way already know. 

    Posted by: bambenek on August 8, 2008

    Response

    I guess I'm confused why you're arguing that SMS notification systems "put students in more danger".  If your argument is that they're in more danger because SMS can be "spoofed" you obviously realize the same thing is true of e-mail, voice calls, web sites, printed signs, letters on university letter head, etc.  Even electronic signage systems can be hacked to display an illicit message.  Are you also arguing that those systems put students in more danger?  Why single out SMS?

    I have never seen an instance of wide-scale SMS spoofing, I think it's harder than you suggest.  The impact of number porting on mapping exchanges to carriers has not been trivial.  Plus, you have MVNO's, or "virtual carriers" like Virgin Mobile, Tracfone, Net10, etc that run on top of an underlying carrier network but may have a different SMTP domain.  SMS is also subject to the same laws as "junk fax" since the recipient incurs a message charge.  I'm sure that someone wanting to harm students would not be deterred by that, but it does discourage experimentation.

    Finally, to set the record straight per your comment above, our reliable alerting system DOES perform an order of magnitude better than the statistics quoted in your article, and that is a statement of fact.

    My mobile number starts with 508-904 -- who is my carrier?

    Posted by: ptroost@ravewir... on August 13, 2008

    Effectiveness

    I agree, let's have a debate on the issue and this piece is a component of that debate.  I'm not sure someone is going to read an article in EQ and then declare no more discussion is allowed.  But we did base our opinion and findings and the discussion above and the criteria that should be present in an emergency communications system.  For instance, a 911 system is simple, easy to understand and very difficult to hijack in most cases.  It takes a good deal of skill for someone to hijack a 911 call, for instance.  That simply is not present in e-mail stripped of every security feature as implemented in SMS.

    We only cited a few past cases because there are only a few past cases.  Virginia Tech and NIU is about it for "true emergencies".  Other uses have been employed but not in emergency situations.  But in those two cases, significant weaknesses can be shown and we've illustrated them.  Can the be addressed?  Sure.  There are other ways to handle emergency messaging and if we really, as a society, want to use text messaging as emergency communications we really need to beef up our cellular network.  However, the status quo as it stands today, leaves people less safe than where we were before.

    Does that mean always and for all time SMS messaging is a failure?  Of course not.  But we don't move to a more secure system by overlooking the significant short-comings either.

    Posted by: bambenek on August 6, 2008

    Emergency Text Messaging Systems - not necessarily dangerous

    A few interesting points, but I found the article quite one-sided.  I'm not sure the role the authors play in emergency communications.  There were no quotes from, or interviews with, people in the industry.

    Citing a few past cases as proof that emergency text messaging is not effective seems erroneous.  It is merely proof that it is not ALWAYS effective.

    The worst-case scenarios are no different from the risks in many other technologies or processes.  By their criteria in the cases mentioned, 911 didn't save lives and is therefore ineffective.

    Finally, I thought it quite unprofessional for the authors to declare definitively: "We can only conclude that the use of text messagin tools is woefully insufficient and dangerous for use in emergencies."  That reads like a bias and an attempt to convince and close the conversation, not an attempt to expand the conversation and lead to a "sifting and winnowing" of ideas.  I'd love to see these issues researched and debated on all their merits and lackings.

    Posted by: mayville on August 6, 2008

     

    Log in to comment

    Most Popular

    Stay Up-to-Date

    RSS Email Twitter

    Share Your Work and Ideas

    Issues coming up will focus on administrative computing, designing the future of higher ed, digital engagement, and new business models. Share your work and ideas with EDUCAUSE Review Online.

    E-mail us >

    Purchase

    EDUCAUSE Members: $4.00
    Non-Members: $4.00
    Close
    Close


    Annual Conference
    September 29–October 2
    Register Now!

    Events for all Levels and Interests

    Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

    Close

    Digital Badges
    Member recognition effort
    Earn yours >

    Career Center


    Leadership and Management Programs

    EDUCAUSE Institute
    Project Management

     

     

    Jump Start Your Career Growth

    Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

     

    Close
    EDUCAUSE organizes its efforts around three IT Focus Areas

     

     

    Join These Programs If Your Focus Is

    Close

    Get on the Higher Ed IT Map

    Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
     

     

    Close

    2014 Strategic Priorities

    • Building the Profession
    • IT as a Game Changer
    • Foundations


    Learn More >

    Uncommon Thinking for the Common Good™

    EDUCAUSE is the foremost community of higher education IT leaders and professionals.