MetroFi was one of the three most prominent pure play metro-scale Wi-Fi firms, if you count EarthLink's municipal wireless division as a separate operation, and Kite Networks, which was a subsidiary of a larger telecom firm. Each company had made a unique network hardware choice--MetroFi, SkyPilot; Kite, Strix; and EarthLink Tropos plus Motorola--and each had a sort of specialty. Interestingly, a fifth firm, BelAir powers Toronto (a small but super-fast Wi-Fi network) and Minneapolis (the only putatively completed large-city Wi-Fi network), and will be behind Cablevision's nearly $350m New York Wi-Fi plan.

MetroFi was the only major firm to back ad-supported no-fee access, coupled with paid, no-ads service, and higher tiered commercial offerings. They built mostly smaller cities, with Portland being their only real big city win. The firm began with the notion of building Wi-Fi out gradually as a way to provide broadband in communities that lacked service, with no municipal involvement. That plan required sparser networks and typically a home signal booster designed by SkyPilot. (Kite mostly focused on the Southwest; EarthLink on big cities.)

EarthLink was in many ways largely responsible for the mess that all Wi-Fi providers found themselves in last year by offering to build Philadelphia's network back in 2005 at no cost to the city--in fact, paying the city and the local utility fees. That set the stage for nearly all the RFPs that followed where, if EarthLink were a bidder or the city was aware of the alternatives, the notion was that no city dollars would be spent, even if taxpayer money wasn't "at risk"--that is, even if a city could save money by switching current line items in their telecom and data budget to a wireless network.

Haas noted via email that MetroFi has been working towards anchor commitments by cities for nearly two years, but the inertia of those early networks led municipalities to reject those options. In Toledo, where MetroFi had negotiated an anchor commitment, a change in administration led a new mayor to retreat from the plan.

Is there a future for metro-scale Wi-Fi? Yes. With thoughtfully constructed, outdoor-focused deployments centered on municipal purposes, with public access a secondary issue, it seems like these networks could still provide an inexpensive way for relatively high bandwidth compared to the alternative of cell data networks.

However, that advantage is likely short lived in larger markets. The near-future certainty now that there will be multiple provides offering wired broadband speed service starting later this year with Sprint/Clearwire's WiMax, and continuing through into 2012 with significant network buildout by Verizon and AT&T in several bands (including their new 700 MHz holdings).

While Sprint/Clearwire is talking about 120m to 140m homes passed by 2010 with their network, obviously focusing only on major markets, many of the 700 MHz licenses purchased by AT&T and Verizon carry buildout requirements with penalties. So cities outside the top 100 population markets and rural areas will still see some benefit. In those mid-tier markets, there's also the 3.65 GHz band for shared licensed use, which is a model that Azulstar is pursuing with new WiMax deployments, as I wrote about recently.

Competition will likely push the cost of mobile broadband far below its $60 per month 2-year contract rate of today, which then would beg the question why a city or county with good commercial coverage would need to build its own Wi-Fi network. There are still plenty of reasons to build dedicated, first-responder 4.9 GHz public safety networks, of course.

I've always described Wi-Fi on a metropolitan scale as the best, worst technology. The best, because everyone has Wi-Fi in their laptops and increasingly in handhelds and gadgets. The worst, because the technology is absolutely not designed for the purpose, unlike CDMA and GSM evolved cell standards and mobile WiMax.

It's possible that in the long term, looking five years out, that Wi-Fi on a metro-scale will only be needed in small towns, odd markets, and for highly particular purposes. Or, perhaps in a bit of irony, where companies like Cablevision feel Wi-Fi is necessary to retain the loyalty of their highly wired customer base.

The company plans to pull all its gear from the poles starting 12-June-2008. The company's press release said it offered to give the network at no cost to an unnamed non-profit, as well as to the city, but claimed that "unresolved issues" led to the effort falling apart. EarthLink offered cash and more equipment, as well, in undisclosed quantities. Wireless Philadelphia, the non-profit in charge of managing the network provider and administering digital divide programs, was apparently not the non-profit mentioned.

EarthLink filed a lawsuit to allow it to remove its Wi-Fi nodes and cap its liability at $1m. That's a pretty hostile move, given that the city would have been the more likely party to feel aggrieved and file suit against EarthLink for failing to live up to the terms of their agreement.

EarthLink's claims of offering the network to "a non-profit" or the city for free skirts the issue that EarthLink may have certain liabilities for electrical power and other fees that haven't yet been paid; Wireless Philadelphia had agreed to pick up or defer certain charges as part of the deal that brought the network provider in. But without a completed network, and the contract therefore perhaps susceptible to being declared in default in court, it's unlikely that this will play out nicely.

And I'll say bluntly: If someone offered you $17m of outdated equipment on a network that never worked to specification that wasn't completed, and that already had known high annual costs, and which a private firm gave up as a bad job that they couldn't turn a dime on--would you take that deal? No. EarthLink will ultimately have to pay much more than $1m, I predict, and I suspect some of the settlement will leave gear in selected neighborhoods behind for more modest networking purposes. It's not going to be as easy as releasing a press release, although I haven't read the contract's provisions for this set of circumstances, and I'm not a lawyer.

The failure in Philadelphia, and EarthLink's exiting the entire muni-Fi business, represents the end of a bad model in which a company agreed to assume all risk and costs associated with building a public access network. When the assumptions were that networks would be cheaper and easier to build in 2005, and that citizens in many larger cities had few affordable broadband options, it made some sense to build a network on spec.

Three years into this, however, it's clear that that capital investment is 2 to 3 times higher than what was anticipated to reach a level of service quality that people will expect; that, when presented with potential competition, DSL and cable operators will slash prices and offer cheap 1-year or "lifetime" rates with long-term contracts; and that wireless broadband delivered via Wi-Fi isn't the best of ideas for indoor service.

Minneapolis may wind up being the only large city, if the network quality and subscriber rates play out, that has a public access network that works and produces a return.

I know, I know- it’s late- but better late than never, right?

I really tried my best to take photos as much as possible. A quick note on the photography- because of the size of the rooms, it didn’t make sense to have the flash on, unfortunately it slowed the shutter speed, making some images blurry (sorry).

So Day 2 already felt like day 5 somehow. I had flown in early to be a tourist for a day or so but caught up with partners and other event-goers early, making it an especially long week. Wednesday was an eventful day. I have a great  Sins of Our Fathers session to share with you, a day with the Enigmas, and the Security Bloggers Party.

The highlight of the day’s sessions had to be the ‘Sins of Our Fathers’ breakout with an amazingly hilarious geek-filled panel including Daniel Houser, Ben Jun and Hugh Thompson. (Hugh unquestionably won the Most Entertaining Geek Award for the day). I was tweeting live from the session and took some photos of the interactive polls they intertwined in the discussion. They drew some interesting correlations between current security issues, such as SQL injections an ‘previous sins’, likening it to phone whistling. There were random notes about the inherent security risk of mixing data and coding together. View photos from session.

Then they talked about using good technology in a way that made it vulnerable. Examples, the Enigma code machines from WWII. (It was actually broken by the known plain-text gathered from repetition in contact initiation, and the mis-use of one-time-pads). They drew the line from Enigma to WEP and other algorithms that were okay, but mis-implemented.

There were a variety of other anecdotes, accompanied by audience-wide snickers, snorts and laughter. One story of tape backups, encrypted, with the key dutifully stick-noted to the case. Another of the secretary who type-writered all the 5.25” floppies. The story of the unmanned Predator aircraft flying unattended for about 5 minutes during a PC reboot. They were all tied into the topic nicely, and the guys did an outstanding job interacting and playing off one another.

One a more serious note- well, sorta- Hugh showed a clip from his participation in the documentary “Hacking Democracy” about the lack of security of electronic voting.

Here was something amusing… Their crypto list of
If you hear any of these, RUN!

1. Cryptography is expensive.
2. We have this guy that’s reallllly smart…
3. Wired EQUIVALENT encryption… . 
4. It’s “proprietary” security
5. It’s revolutionary NEW cryptography technology!
6. It uses DES- so its FIPS 140 compliant 

Some of the sins from the session…

• Engineering, Development & Management sins
• Using a good technology in a bad implementation
• Lack of metrics to indicate misuse
• Feature/mission creep - using item A for solution B
• Not teaching people how to use security
• Teaching them, but teaching bad habits
• Normalization of deviancy

I’ve spent long enough on that, there’s plenty more to share, but that session was so good, I thought it deserved some special attention. I did stay for the Cyber Storm II Panel, but that left more than ‘a little’ to be desired. I would have liked more anecdotal stories and a little more personality. The panel participants were knowledgeable, and I’m sure they were doing what they had been told, but it made for a very dry session, little content of interest, and much repetition. There’s a little live Tweeting from that session too.

Playing with the Enigma
At the Sins of Our Fathers sessions, I believe it was Ben that mentioned we had at our disposal not one- but TWO Enigma machines on the expo floor here are RSA. And BOTH were for our playing! They had it set so we could set the key and encode a message at the NSA booth, then take the encrypted message to the Cryptographic Research booth and use that Enigma to decypher the message. HOLY COW!!!!!! If their session hadn’t been so great I would have left right then. The only time I’ve seen these beautiful little pieces of crypto history, they’ve been fully encased in glass, and not for the touching. They actually let you set the rotors and punch the code in yourself so my buddy Eric and I ran right over to take full geek advantage of the situation. 

YES, that’s me with an Enigma, and I have more photos of the two Engimas.

The big highlight of the evening? The Security Bloggers Party of course! You get a whole post just for this topic, so stay tuned for that. I didn’t take photos here, because I felt pretty sure someone would be walking around with a camera. I need to find @ajolly (Apneet Jolly) and see if he has any- he’s usually fully equipped with a very nice camera…

# # #