Saturday, July 29, 2017

Web Security Action Plan for Artists and Activists Under Siege (part 1)

By: Candace Williams Head of Community Operations by day. Poet by night (and subway ride). Forever @TeacherC.

It’s imperative that folks under siege (POC, LGBTQ+, Indigenous folks, immigrants, Muslims, folks with disabilities, etc), especially artists and activists, take steps to protect their data and privacy online.

These are just suggestions This list is not exhaustive or the only way to secure your data.
Web security is like a tree. A young tree can be snapped by a fist. As trees grow layers and roots, they require knowledge, equipment, and energy to cut down. I’m trying to help you add layers of security to your daily routines. I don’t like the words “secure” or “safe” because nothing fits into those categories. The only thing we can do is become safer and more secure. Each bullet point is a layer, a step another person or agency has to take, to access and trade your information. I’ve tried to choose the layers that have the highest return on your investment in time and money. Think about your situation and resources and create your own action plan.

Identifying assumptions that underlie this article:
  • Taking a small, first step lowers your mental barriers.
  • Changing workflows is hard and takes practice. Go at your own pace and be easy on yourself.
  • COINTELPRO (and similar programs) didn’t just “happen”. It’s been happening and will ramp up.
  • Government and non-governmental bodies already have you on their radar: They know you disagree with some element of the status quo and that you’re a person under siege (black, POC, Muslim, queer, a person with physical or intellectual disabilities, a recent immigrant, indigenous, etc).
  • Many of your private communications are sitting on the email accounts and devices of your friends and family.
  • Surveillance capitalism is dangerous. We don’t know the implications of how tech companies extract value from their customers’ data. Most people don’t understand what corporations like Facebook and Google know about them, how the data is used/bought/traded/aggregated/sold/deployed, and if corporations have already handed over information to government groups. 
  • Lack of transparency + colonialism/capitalism + technological supremacy = STRANGER DANGER.
SOLUTIONS
  • Withdraw $10–$40 of cash from your bank.
  • Buy a Starbucks gift card with the cash.
  • Use the gift card to purchase 1 month to 1 year of VPN access on https://www.privateinternetaccess.com (or a comparable service of your choosing. Ask around or read online reviews. Make sure the service doesn’t keep logs of your activity). Keep in mind: It’s better to purchase VPN with a credit/debit card than to purchase none at all. Furthermore, this is just a small layer and it’s still possible to figure out which VPN service you’re using.
  • Download and start to use Tor as your primary browser. Be sure to follow the instructions and security warnings here: https://www.torproject.org/download/download-easy.html.en#warning
  • Since it’s impossible to follow all of the warnings and there are limitations to Tor, it’s a good idea to also use a VPN. If you don’t use a VPN, using Tor + Chrome/Firefox with the HTTPS Everywhere extension is a good start.
  • Download Signal on your phone and encourage all folks you communicate with privately to use it as well. Use it instead of iMessage, SMS, WhatsApp, Facebook Message, etc. You can also make calls. The desktop version can be used in lieu of Skype, Slack, etc.
  • Enable 2 Factor Authentication on all email, financial, etc services.
  • Do an info security audit — Begin to brainstorm how you use social media, email, mobile devices, and cloud storage. How do you use these services? Which communications need to be moved to secure channels? Are sensitive documents saved in the cloud? Can you quit Facebook, Twitter, Google, and Amazon altogether?
  • Choose strong and distinct passphrases. The Intercept has a handy guide here: https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
  • @AllBetzAreOff recommends using non-cloud-based password manager to generate and secure your passwords. More info here: https://securityinabox.org/en/guide/keepassx/windows
  • It’s important to turn on software auto-updates so you’re protected from known software vulnerabilities. (Thanks to Dan Sullivan, Ph.D. for this advice! Check out his excellent comment for more information.)
  • Encrypt your mobile devices. iPhones are automatically encrypted but many use access codes that are inadequate. Reset your code to a long, random string of numbers (make sure you write this down while you’re committing it to memory). Android users can enable encryption in the Settings app.
  • Encrypt your computer using BitLocker (Windows) or FileVault (Mac).
  • If you have (or want) a website, database, or app, join an encrypted hosting service like MayFirst.
  • Purchase a physical safe (like the SentrySafe SFW123DSB) for your important documents, hard drives/USB keys, and artwork. You can split this cost with folks who live nearby. If your artwork is larger than a common household safe, and you’re interested in chatting, ping me. We need to brainstorm how to help artists under siege keep their art safe from destruction. Research the safe to make sure electronics won’t oxidize or buy Silica Gel Dehumidifier Desiccant packets/special sleeves.
  • Purchase a hard drive that can store your digital files. Encrypt it. In the future, consider purchasing multiple drives and keeping your most valuable information in multiple places. If you bought a safe, keep your hard drive there. You should also prepare for a time when Internet access or your information stored online is completely unavailable to you.
  • Audit your cloud storage. Where are you files stored? What kind of information is stored? Where’s the most sensitive information?
  • Begin to break your dependence on cloud storage (when possible): iPhoto, Google Photos, Google Drive, DropBox, etc. Structure your filesystems in ways that are easy to navigate without Google’s search capabilities.
  • See if you can minimize your use of Chrome/Firefox/Safari/etc by the end of the month. Dennis Cahillane says:
NOTES:, Using a Firefox add-on you install yourself is not recommended. Recommend downloading the Tor Browser bundle directly from the Tor Project here https://www.torproject.org/download/download Using the Tor Browser bundle is easy for non-technical users, but you will quickly become frustrated by its limitations. When you aren’t using Tor, Also recommend Firefox or Chrome with the following add-ons: HTTPS Everywhere, uBlock Origin.”
  • Download all of your files to your computer + external hard drive. This might take awhile so you can do a batch a day. Start with the most sensitive information. (This is just a start. There are ways to have access to encrypted cloud storage, I think folks can consider this after the New Year after they’ve done the initial transfer and have broken their dependence on easy to use cloud services).
  • If you’d like, choose an activist email provider you’ll use instead of Gmail (or a service like ProtonMail). You’ll also need to loop in your friends and family. Jamie McClelland, Co-Founder of MayFirst/PeopleLink says:
NOTES: “Using Gmail is definitely a bad idea. Under Obama we had a huge
expansion in the federal government spying infrastructure and they
definitely target the big corporate providers — either by compromising
them or simply sending them a subpoena. And now all of that will belong
to Trump.


For email, stick with activist providers. And *everyone* has to do it.
If you are having a group conversation and just one person is on gmail,
then everything goes to gmail.


If everyone is on MF/PL, then it never leaves our servers and it is far
more difficult to intercept. If some people are on Riseup and some are
on MF/PL it’s also good — since MF/PL and Riseup will encrypt messages
between servers.


However… even with all of these protections, I would advise against
relying on email for anything sensitive.


If you haven’t already, I would suggest replacing whatever program you
use to send SMS messages with Signal (https://whispersystems.org/). It’s
on both iPhone and Android. It’s easy to use and it’s very secure.
I would also suggest using Jabber (see the MF/PL page here:
https://support.mayfirst.org/wiki/how-to/jabber).



Both signal and jabber work on your phone and provide much better
encryption and privacy than email ever will.


A note about email: Dan Sullivan, Ph.D. left a relevant criticism of activist email accounts in the comments:

Also, infosec is largely a battle of technical skills and resources. Google has more of both than any email or other cloud provider I know of. I use Gmail with two factor authentication and will stick with it. Sure, an agency may get a warrant for emails at Google but there is less chance of successfully hacking the Google infrastructure to get those emails than hacking another provider with fewer resources.

Response::
Email seems impossible to secure. I’m already starting to drift away from email as my primary means of communication. Although I might use an end-to-end encrypted service, PGP, etc. 95% of my contacts do not have access to this technology. So the question is: where do I want my unencrypted emails and metadata to sit? Who do I trust more — Google or activist groups? Although activist groups draw attention to themselves, I trust Riseup and MayFirst’s track record of resisting subpoenas from US grand juries, US agencies, and many other governments/legal systems around the world. Because of the identity and ideologies of dissident artists, the government already knows we’re activists. I’d rather collaborate with groups that have been working on this issue for quite some time. I’m also leery of surveillance capitalism because it goes hand in hand with the surveillance state. COINTELPRO and other surveillance projects that impacted POC-led movements is in the back of my mind as I make these decisions. Google has the money and the know-how but they don’t give a shit about me or my struggle. They aren’t going to go to the mattresses for me. I don’t like the demographic and psychometric data providers like Google and Facebook gather (and the lack of transparency for how that information is used). I’m a dissident artist who is willing to spend the effort to divest as much as I can and become a contributing member in political tech groups.
Here’s a short clip of a training given at at Eyebeam about email encryption.
There are a countless number of situations where Tails could be an invaluable tool for your privacy. Activists looking to organize in spite of government surveillance can use Tails to effectively communicate. People being tracked by predatory abusers can use Tails to access the internet without risking their physical location or data. Someone that wants to utilize public computers or internet networks can do so while still having their privacy protected. Any time you want to be maximally private in your activity and your data, Tails is an incredible tool to have at your disposal!





Friday, July 28, 2017

Throttling on Mobile Networks Is a Sign of Things to Come, Unless We Save Net Neutrality Now

July 27, 2017
Major mobile carriers are slowing down video streams, a net neutrality violation that heralds things to come if they get their way and roll back legal protections against data discrimination.
Recent reports on Reddit from Verizon Wireless customers have drawn attention to video streams being throttled, which Verizon claimed were caused by a temporary test of a new video “optimization” system. If that sounds familiar, it's because it's not the first time a carrier has throttled certain content sources while claiming to optimize them.
We’ve previously reported on how T-Mobile tried to pass off throttling as optimization with their Binge On “feature.” T-Mobile’s Binge On has evolved since we last wrote about it, but hasn’t abandoned throttling: it now throttles video for customers on their unlimited plan, and charges them extra to not be throttled, which is also against the principles of net neutrality.
Similarly, AT&T makes use of a “just-in-time” delivery technique (aka “Buffer Tuning”) for video streams. The carrier explains that with just-in-time, “a sufficient amount of video is delivered to the device so that the user can start viewing the video, and the remainder of the video is delivered just in time to the device as needed for uninterrupted viewing.” But using just-in-time means the video will stop playing more quickly if you lose reception, rather than larger portions being buffered in advance as they would on a neutral network that wasn’t observing and throttling your traffic. Although AT&T claims that just-in-time delivery helps customers by stopping them from paying for data they don’t actually use, it doesn’t give customers the choice to disable this “feature.” Sprint also makes use of the neutrality-violating just-in-time technique.
Right now, these throttling technologies seem to be used to slow down video data generally, rather than to favor the ISP’s content over competitors, but it is a trivial matter to flip that switch and make the net neutrality violation more serious, and more harmful to competition and speech.
Net neutrality allows carriers to engage in “reasonable network management,” but throttling a class of traffic does not satisfy this standard. A more reasonable technique (that Sprint also employs) is transcoding, a technique where the quality of the stream is modified in real time to match the network’s condition. For example, if the network slows down, the video quality decreases so as to still be able to deliver video at the same rate, and vice versa.
We’ve reached out to Verizon asking for more details about the “optimization” tests it’s running. Since optimization is a technical term which implies attempting to tune a system to maximize or minimize specific measurable criteria, we’re wondering what those criteria are and if Verizon will share them with the subjects of its tests. Also, given that mobile carriers have historically had trouble differentiating between streaming video traffic and other uses of their networks, we’re curious what technical means Verizon is using to identify video, and what steps it’s taken to make sure other uses aren’t affected.
Rolling back net neutrality rules could open the door to many unfair practices like site blocking and throttling. While we can't predict exactly what changes carriers will make, it’s alarming to see them already rolling out throttling infrastructure. Without net neutrality protections, little will stop them from using that same infrastructure to discriminate against competitors, speech they dislike, or your favorite app.

Friday, February 24, 2017

When Phone Encryption Blocks Justice




The NY Times The Opinion Pages | Op-Ed Contributors
By CYRUS R. VANCE Jr., FRANÇOIS MOLINS, ADRIAN LEPPARD and JAVIER ZARAGOZAAUG. 11, 2015

"In June, 2015, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.

With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple’s iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google’s Android operating system. Both devices were passcode protected.

An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user’s passcode.

The homicide remains unsolved. The killer remains at large.

Until very recently, this situation would not have occurred.

Last September, Apple and Google, whose operating systems are used in 96 percent of smartphones worldwide, announced that they had re-engineered their software with “full-disk” encryption, and could no longer unlock their own products as a result.

According to Apple’s website: “On devices running iOS 8.0 … Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.”

A Google spokeswoman said, “Keys are not stored off of the device, so they cannot be shared with law enforcement.”

Now, on behalf of crime victims the world over, we are asking whether this encryption is truly worth the cost.

Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney’s office — despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.

Criminal defendants have caught on. Recently, a suspect in a Manhattan felony, speaking on a recorded jailhouse call, noted that “Apple and Google came out with these softwares” that the police cannot easily unlock.

Apple, Google and other proponents of full-disk encryption have offered several rationales for this new encryption technology. They have portrayed the new policy as a response to the concerns raised by Edward J. Snowden about data collection by the National Security Agency. They say full-disk encryption makes devices generally more secure from cybercrime. And they assert that, if the companies had master encryption keys, then repressive governments could exploit the keys.

These reasons should not be accepted at face value. The new Apple encryption would not have prevented the N.S.A.’s mass collection of phone-call data or the interception of telecommunications, as revealed by Mr. Snowden. There is no evidence that it would address institutional data breaches or the use of malware. And we are not talking about violating civil liberties — we are talking about the ability to unlock phones pursuant to lawful, transparent judicial orders.

In the United States, Britain, France, Spain and other democratic societies, the legal system gives local law enforcement agencies access to places where criminals hide evidence, including their homes, car trunks, storage facilities, computers and digital networks.

Carved into the bedrock of each of these laws is a balance between the privacy rights of individuals and the public safety rights of their communities. For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists. None of our agencies engage in bulk data collection or other secretive practices. We engage in targeted requests for information, authorized after an impartial, judicial determination of good cause, in which both proportionality and necessity are tested.

It is this workable balance that proscribes the operations of local law enforcement in our cities, and guides our residents in developing their expectations of privacy. But in the absence of laws that keep pace with technology, we have enabled two Silicon Valley technology companies to upset that balance fundamentally.

The Evanston case is just one example. In France, smartphone data was vital to the swift investigation of the Charlie Hebdo terrorist attacks in January, and the deadly attack on a gas facility at Saint-Quentin-Fallavier, near Lyon, in June. And on a daily basis, our agencies rely on evidence lawfully retrieved from smartphones to fight sex crimes, child abuse, cybercrime, robberies or homicides.

Full-disk encryption significantly limits our capacity to investigate these crimes and severely undermines our efficiency in the fight against terrorism. Why should we permit criminal activity to thrive in a medium unavailable to law enforcement? To investigate these cases without smartphone data is to proceed with one hand tied behind our backs.

The new encryption policies of Apple and Google have made it harder to protect people from crime. We support the privacy rights of individuals. But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes. The safety of our communities depends on it."
______________________________________________________________________________
Cyrus R. Vance Jr. is the Manhattan district attorney. François Molins is the Paris chief prosecutor. Adrian Leppard is the commissioner of the City of London Police. Javier Zaragoza is the chief prosecutor of the High Court of Spain.

Monday, June 1, 2015

Why more businesses are choosing independent agents instead of direct representatives to acquire telecommunications services

NEW BREED TELECOM
……telecom made easy

Why more businesses are choosing independent agents instead of direct representatives to acquire telecommunications services

Mergers and Acquisitions - Sales is a high turnover profession. Mergers and acquisitions make it highly unlikely that your original direct sales rep will still be there to assist you within a year. By using an Independent Telecom Agent, you can be sure that, regardless of continued merger activity or bankruptcies, your Agent will not be laid off or fired and will continue to have the same contact phone number and email address. They will continue to supply all of the options you need.

Single Point of Contact Single Point of Contact – SAVE TIME. Whether your Independent Telecom Agent recommends a single carrier solution or a multi-carrier solution, you still have a single point of contact to deal with who knows your account best. The number of appointments with different carriers you have to schedule could easily reach up to a dozen before an educated decision is made for your telecom solutions. A qualified Independent Telecom Agent can evaluate your company’s needs in a single meeting.

Person who understands your company Your Independent Telecom Agent acts as an assistant buyer once he/she understands your business needs and preferences.

 You get to hear the truth! When you use an experienced Independent Telecom Agent, you tap into the wealth of knowledge and experience of someone who has been in the field for many years, working with multiple carriers.  Your agent can tell you how the carriers really perform - who has the most reliable network - which has billing problems - who is going bankrupt and who can make the desired install date? Why would you want to repeat that process every couple of years?

Unbiased opinion of multiple carriers and their product lines    Since most carriers have gone to term agreements, it's key to get set up with a carrier that can move with your needs. Do they have MPLS? Do they do SIP trunking? Can they offer an IP-VPN solution for your remote sites? Your Independent Telecom Agent knows the carriers' products and limitations, and can put you in the right solution.

Agents are invested in your success long term. Independent Telecom Agents are commission only, and residual based, earning a small percentage of the monthly bill. There is no motivation for a direct representative to speak to you again after you sign. You are directed to deal with the carriers call center. However Independent Telecom Agent’s goal is to build a book of business of satisfied customers with minimal issues. They have EVERY motivation to assist you in solving any service issues that you may ever have. A good Independent Telecom Agent becomes part of your team, allowing you to take care of your business.

They don't have a quota. It is very common for Independent Telecom Agents to uncover up to 10-20% of pure fluff on your bill during the auditing process. Direct representatives have a quota to make and will often sell you what is good for them, not what is good for you. Top Independent Telecom Agents, almost without exception; do not carry quotas and tend to be “solutions oriented” rather than to be motivated only by quotas.

Extra Incentives and Promotions.  Independent Telecom Agents are typically more knowledgeable, better trained, and set proper expectations with the clients. Agent channels often have promotions or incentives for the customer that the direct agent hasn’t been given. If the direct representatives have promotions available, they are often compensated extra if they do not use them. Their clients tend to remain clients longer, and it is more cost effective for the carriers to deal with Agents.

Same Standard Pricing is used in the Agent Channel and the direct channel. For large projects, special pricing is available to both Agent and direct channels at the same amounts. It's an incredible model that helps the customer and agent win, and insures all clients are treated equally.

Next Generation Technology Independent Telecom Agents will typically be better versed in MPLS, IP-VPN, VOIP, hosted solutions, call center applications, and SIP technologies since they need to understand multiple carriers' offerings and have attended their trainings. Direct representatives may not have the overall understanding of all that is coming with new technology.

Content copyright 2009. New Breed Telecom. All rights reserved.

Thursday, May 21, 2015

10 REASONS WHY BUSINESS TELECOM INSTALLATIONS FAIL



WELCOME TO OUR NEW AND UPDATED BLOG. OUR PROVIDER DISAPPEARED OUR OLD ONE SO WE'RE REPRINTING SOME OLDER BLOGS TO GET STARTED.

10 REASONS WHY BUSINESS TELECOM INSTALLATIONS FAIL


FACILITIES ISSUES:
Every voice and data circuit requires an available facility (actual physical line conditioned for the service) in order to deliver services. If all the existing facilities in the customer's local CO are in use, the phone company may need to install additional lines in order to complete the installation. This can cause long delays and additional expense. Carriers want to replace copper with fiber because copper is expensive to maintain, requires equipment that must also be maintained and is less efficient than fiber. Therefore carriers aren't looking to invest in new copper build-outs creating a shortage. Whenever the installation milestone says: "facilities issues" it can mean almost anything. Worst case: Construction build-out may be required or permits needed.

LINES NOT TAGGED OR MIS-TAGGED BY THE LEC
There can be hundreds of lines in a phone closet. If a phone company tech activates a group of lines but doesn’t “tag” or identify them properly, it's extremely difficult for your vendor to locate them to complete the installation. Getting a phone company technician back out to the site is difficult and adds time to the installation process. This could delay your order for hours or days and adds unnecessary expense. The customer still has to pay their phone vendor to wait for the phone company tech to come back and identify the lines they installed earlier.

LOCAL LOOP INSTALLATION FAILS
Even if competitive Local Exchange Carrier is providing the service, the local phone company (LEC) installs the local loop. An order cannot be completed until the local loop is completed, tested and accepted. Customers often turn away the LEC thinking that there has been a mistake. Rescheduling this is necessary and causes a time consuming and costly delay.

PORTING ISSUES
Incumbent carrier rejects port-numbers request - or ports wrong numbers - or ports early:
Rejecting a port request is often is an underhanded attempt by the telecom company losing the business to sabotage an order. They can reject a phone number porting request for many reasons such as;
* Your business name is slightly different than what appears on their bill,
* All the phone numbers aren’t accounted for or a myriad of other minor details.
Typically, each time a porting request is rejected, the order is delayed 10 business days and causes the customer to reschedule their phone and IT vendors. If this continues for too long, customers tend to have a knee jerk reaction and cancel the whole deal out of sheer frustration - thereby shooting themselves in the foot.

If numbers are accidentally ported early, the customer can be left with no services until the issue is resolved.

PIC CODE ISN'T ADDED TO LINE OR MULTIPLE LINES
Every phone line is assigned a Primary Interlata Carrier (PIC) code. Without PIC Code, long distance calls on the line will be subject to Casual Billing which is a much more expensive rate. It's not uncommon to miss a few lines on an account with many lines. This usually happens during the switchover from one carrier to another.

TECH DOESN'T SHOW UP OR ARRIVES EARLY OR LATE
If the customer outsources phone and IT work to vendors, the vendors are required to be on site for the installation. If the phone company tech is late, the customer may have to pay their vendors to wait. If the phone company tech is early, there won’t be a handoff and their vendors will have issues completing their work. Unfortunately everyone is at the mercy of the LEC first to deliver the local loop in a timely fashion. But stuff happens, especially in big cities. Things can get really out of hand if there is a storm, a visit by the President, a flood, transit strike ....whatever. Local events and weather do affect the telcos ability to maintain their already overburdened schedules.

WRONG SERVICE IS INSTALLED
Example: Customer's phone system may require analog phone lines but digital lines were ordered. Or, a VPN between two locations requires a specific router configuration which wasn't communicated. These are design issues and can be tracked by a competent project manager. If these details aren’t properly monitored and coordinated the installation will be delayed and corrections will need to be made. Worse, your services won’t function properly until the necessary adjustments are made, requiring additional expense for customer's phone and/or IT vendors.

DEFECTIVE EQUIPMENT (Router or switch):
Occasionally, new services don’t work properly or customers experience repeated outages with new services. It's natural to assume that it’s the quality of the new carrier. Typically, after initiating a trouble ticket triggering additional testing, a technician will figure out that a router or other equipment isn't performing properly or mis-configured. Easy - but inconvenient.

RISER CABLES NOT AVAILABLE:
In a high rise, telecom services are usually delivered in the basemen to a telco room. The lines rise vertically in the building via a wire riser or elevator shaft. They then are delivered to another phone closet on the customer’s floor.

Total of 4 connections are required:
* connection to the primary phone closet
* connection to the riser cable
* connection to the local phone closet
* connection to business suite.

Every element of the installation must be completed and all the parties work coordinated or the service won’t be available at the time of installation

AFTER-HOURS ONLY, OR NO ACCESS TO PHONE CLOSET
Either the phone closet is locked and property management unavailable to provide access. Sometimes the phone closet is located in an inconvenient location. There are many reasons why access to the phone closet may be restricted. It may be in another tenant’s suite. An installation may have to be scheduled after business hours requiring the customer to arrange for their phone and IT vendors and employee to be present.