DoxPara Research
14-May-2001 / Dan Kaminsky Deaf and Dumb: A Critique of Telephone Class Registration Systems

DEAF AND DUMB

One of the core laws of information transfer theory is as follows: Humans read faster than they can listen, but speak faster than they can write. Voice mail vs. E-Mail provides an excellent illustration of this asymmetry: It's quite a bit faster to send twenty voice mails than it is to type out twenty emails - but it's much faster to read twenty emails than to listen to twenty people's voice messages, especially if there's anything important in that message that needs to be subsequently written down.

Visually organized systems, such as documents and web pages, end up being more complex than a simple stream of spoken phrases to generate, but once generated can be skimmed quickly for areas of relevance to the reader which then may be focused on. Notably, the message is not time dependent-the words stay where they were as the reader moves onto another segment.

By sharp contrast, the spoken word is nothing more than a stream of vibrations in the air-the stream might be repeated, but it exists as an understandable entity only because of our short-term memories. As soon as a word is spoken, it disappears, and can only be retransmitted on demand, not simply referred back to with a jump of the eye.

Thus the prime flaw with Interactive Voice Response, or IVR: It must speak everything-slowly, linearly--and IVR is left struggling with a painfully slow method for providing feedback to its users.

And yet, Since telephones are built to carry speech, one might assume. But sound is only the most efficient input to information systems when our spur-of-the-moment phrasings of a specific request, or even our standardized vocalizations of a given demand, can be understood and interpreted among many other possibilities.

In other words, speech gets its efficacy from being able to refer to anything at anytime--in exactly the way the twelve touch-tones most IVR systems use to receive input from a user can't. Those twelve tones--zero through nine, pound, and star--can only carry a limited meaning at any given time, as the ephemeral nature of speech relies on little more than short term memory of the user to remember which buttons will do what.

Indeed, more than a few IVR systems at places degrade to a simple yes/no relationship: "Is this what you want? Press some key. Is this what you want? Press some other key." A user waiting for a final option may have to wait minutes before the last possibility sprouts up -- indeed, the slowness of providing information to the user slows down the ability for the user to provide information to the system!

A web-based system provides information visually; IVR requires it to be spoken slowly. A web based system, though not able to recieve information audibly, can at least provide a persistent visual list of messages (through "links") it can service in a compact and quickly parsed index known as a web page. An IVR system, in contrast, can only depend on the memory of its user to store which numbers link to which meanings -- and users can't remember much of anything.

Bottom line: A web based system is silent but deadly in its efficiency-- IVR is just deaf and dumb.

DEEP IMPACT

There are no clearer signs of the limitation of IVR systems than the fact that it is not a closed system. One cannot service their entire class needs through the telephone system; among other things, one cannot query the telephone system for available classes and their code numbers! Instead, one must receive a class schedule for a given quarter -- a difficult proposition when one is out of state or even out of country -- and using the numbers from that, register for classes.

If people were to use T-Reg for DISCOVERING classes, it'd be so slow that the entire system would bog down under the strain. Clearly, the carrying capacity of the system is limited if making it a complete solution for registration -- something you'd expect Telephone Registration to be -- would destroy it.

One of the primary reasons using T-Reg for class discovery would damage it so severely is that of limited resources. T-Reg uses circuit-based telephone technology, which must dedicate significant resources --one of sixteen telephone lines --, to any caller in the process of registering. Already, with students providing little more than class ID numbers, these sixteen lines are exhausted quickly, and access must be rationed out to prevent system overload. This rationing is not entirely effective, and busy signals from all circuits being busy are quite common.

In contrast, web based systems are packet switched and stateless. In plain english, this means that unless somebody is actively sending or recieving information, there is no live connection between them and the server. Even as much more information is sent visually to the user to read through, as the user is reading, the server is quite free to service another user using the same resources. It is thus much more difficult to overload such a system.

It is also much less expensive to increase or even maintain capacity for an web-based system. Phone lines for businesses are generally charged by the minute, on the concept that incoming calls generate revenue. Sixteen lines under constant use are not likely to be inexpensive. While data links for web services are not free either, the minimal amount of data flow inherent to a web-based registration system means that the cost of such a system -- both to establish and to expand -- is almost completely independent of its communications medium.

Web bits are cheap. Web servers are too -- but the custom hardware and software used for most IVR systems are not widely sold, which means economies of scale and competition have had little effect on them. Moving to a web based system may indeed save significant amounts of money in terms of simply limiting the need to upgrade the existing telephonic interface.

WEAKNESSES

There are some costs to a web based system that should be noted. Web systems do require more advanced resources from the client; while simple touch-tone systems are ubiquitous, fully web-enabled desktops are less common. It is therefore advisable to keep both systems available, with IVR being deprecated to a backup.

Security is also a threat: Web systems are much easier to manipulate than the telephone system, and the number of individuals with the means to attack a web-based registration system is far higher. This risk can be mitigated using generally available encryption and authentication techniques, and exposing servers to regular security examination. As with any expansion of user access, there is indeed risk that a non-user will assume control. The best one can do is mitigate that risk.

Access Archives
Mission
DoxPara Research exists as a repository for information security analysis, UI theory, and the miscellaneous writings of its founder, Dan Kaminsky.

Authorship

Writings
ZapMail Redux
RFID Security
The Absentee SIGGRAPH 2002 Review
Deaf and Dumb: A Critique
Speech Vs. Vision
Why Most Albums Suck
Tracing Smart Fridges
Password Rejected
Trinity Redux
Thoughts On Secure Deletion in 2001: Part 1
Thoughts On Secure Deletion in 2001: Part 2
On The Nature Of Data Shredding
Cryptography Doesn't Save Napster, and The War Over Parodies
Passfaces: An Intriguing Way To Authenticate
BugTRAQ-- Re: Security Hole in Win2K's FTP server

Security and Networking
Insecurity By Design: The Unforseen Consequences Of Login Script
TCP Chorusing in the Windows9x TCP/IP Stack
Vectorcast

Editorials
Core Competencies: Why Open Source Is The Optimum Economic Paradigm For Software
Mandatory Registration: Bad Business

User Interface Proposals
Analogous Key Arrays
Cluehunting