Border Gateway Protocol has served the internet well for decades. But when it goes wrong, you notice it. From a report: In a weeks-long stretch in 2014, hackers stole thousands of dollars a day in cryptocurrency from owners. In 2017, internet outages cropped up around the United States for hours. Last year, Google Cloud suffered hours of disruptions. Earlier this month, a large swath of European mobile data was rerouted through the state-backed China Telecom. And on Monday, websites and services around the world -- including the internet infrastructure firm Cloudflare -- experienced hours of outages. These incidents may sound different, but they actually all resulted from problems -- some accidental, some malicious -- with a fundamental internet routing system called the Border Gateway Protocol. The web is distributed, but it's also interconnected. It needs to be so that data can move around worldwide without all being controlled by a single entity. So every time you load a website or send an email, BGP is the system responsible for optimizing the route that data takes across these sprawling, intertwined networks. And when it goes wrong, the whole internet feels it.

Originally conceived in 1989 (on two napkins), the version of BGP used today remains largely unchanged since 1994. And though BGP has scaled surprisingly well, there's no denying that the internet is very different than it was 25 years ago. In fact, the way BGP was designed introduces risk of outages, manipulations, and data interception -- all of which have come to pass. The internet's backbone routers -- massive industrial nodes usually run by internet service providers, not the Linksys at your house -- each control a set of IP addresses and routes. ISPs and other large organizations use BGP to announce these routes to the world and calculate paths. Think of it like planning a cross-country drive: You need to know the different route options in each area, so you can stop at all the right corn mazes and the world's largest rocking chair without adding too much extra driving each day. But if your GPS is outdated, you could wind up at a dead end or on a new road that totally bypasses the salt flats.

Ericsson announced its plans to build a 5G factory in the U.S. sometime early next year. "The factory will be the Swedish telco equipment maker's first fully-automated factory, the company said, and will be used to produce 5G radios designed for urban areas," reports ZDNet. "It will also make Advanced Antenna System radios that it said are components for large-scale deployments of 4G and 5G networks for both rural and urban coverage." From the report: Ericsson did not provide details about where the factory will be located, but the company has plans to initially employ around 100 people at the factory, which will have "highly automated operations." Ericsson is currently signed on by T-Mobile, Verizon, Sprint, AT&T, US Cellular, and GCI to help build out their respective 5G mobile networks. According to the Ericsson's latest mobility report, North America is expected to lead in the adoption of 5G, with the company predicting that 63% of North American mobile subscriptions will be 5G-based in 2024. Fierce Wireless says the company has made a direct investment of about $100 million, "which will kick in during the third quarter of this year."

The FCC has granted Verizon a partial waiver to start SIM locking new handsets to its network for 60 days. "This news out of the FCC is the response to Verizon requesting back in February that it be allowed to lock devices to help deter fraud and theft," reports Droid Life. From the report: Why did they need to ask the FCC about locking? As we have explained a couple of times now, Verizon agreed to specific usage terms when it licensed 700MHz C Block spectrum for its LTE network years ago. One of the individual terms concerned handset locking, where Verizon had to acknowledge that it would leave its phones open for use on other networks at all times. Unlike AT&T or T-Mobile phones, where you have to fulfill a number of criteria in order to get either to unlock a phone for use elsewhere, Verizon's phones were to remain unlocked.

The FCC's partial waiver permits Verizon to lock a customer's handset for 60 days from the date someone activates it on Verizon's network. Once the 60 days are up, this is what should happen: "After the expiration of the 60-day period, Verizon must automatically unlock the handsets at issue here regardless of whether: (1) the customer asks for the handset to be unlocked, or (2) the handset is fully paid off. Thus, at the end of the initial 60 days, the unlocking rule will operate just as it does now, and Verizon's customers will be able to use their unlocked handsets on other technologically compatible networks." The only exception is for fraud. "Verizon will not have to automatically unlock handsets that it determines within the 60-day period to have been purchased through fraud," the FCC says. Verizon has since issued a statement thanking the FCC and confirming that this new 60-day lock policy will go live "very soon."

Cloudflare issued a blog post explaining how Verizon sent a large chunk of the internet offline this morning after it wrongly accepted a network misconfiguration from a small ISP in Pennsylvania. The outages affected Cloudflare, Facebook, Amazon, and others. The Register reports: For nearly three hours, network traffic that was supposed to go to some of the biggest online names was instead accidentally rerouted through a steel giant based in Pittsburgh. More than 20,000 prefixes -- roughly two per cent of the internet -- were wrongly announced by regional U.S. ISP DQE Communications: this announcement informed the sprawling internet's backbone equipment to thread netizens' traffic through one of DQE's clients, steel giant Allegheny Technologies, a rerouting that was then, mindbogglingly, accepted and passed on to the world by Verizon, a trusted major authority on the internet's highways and byways. And so, systems around the planet automatically updated, and connections destined for Facebook, Cloudflare, and others, ended up going to Allegheny, which black holed the traffic.

Internet engineers suspect that a piece of automated networking software -- a BGP optimizer called Noction -- used by DQE was to blame for the problem. But even though these kinds of misconfigurations happen every day, there is significant frustration and even disbelief that a U.S. telco as large as Verizon would pass on this amount of incorrect routing information. The sudden, wrong, change should have been caught by filters and never accepted. [...] One key industry group called Mutually Agreed Norms for Routing Security (MANRS) has four main recommendations: two technical and two cultural for fixing the problem. The two technical approaches are filtering and anti-spoofing, which basically check announcements from other network operators to see if they are legitimate and remove any that aren't; and the cultural fixes are coordination and global validation -- which encourage operators to talk more to one another and work together to flag and remove any suspicious looking BGP changes. Verizon is not a member of MANRS.

hackingbear writes: While intellectual property violation is a major accusation against China in the on-going US-China trade war, U.S. Senator Marco Rubio filed legislation on Monday that would prevent Huawei from seeking damages in U.S. patent courts, after the Chinese firm demanded that Verizon Communications pay $1 billion to license the rights to patented technology. Under the amendment -- seen by Reuters -- companies on certain U.S. government watch lists, which would include Huawei, would not be allowed to seek relief under U.S. law with respect to U.S. patents, including bringing legal action over patent infringement.

hackingbear writes: Huawei has told Verizon that the U.S. carrier should pay licensing fees for more than 230 of the Chinese telecoms equipment maker's patents and in aggregate is seeking more than $1 billion, a person briefed on the matter said on Wednesday. Verizon should pay to "solve the patent licensing issue," a Huawei intellectual property licensing executive wrote in February, the Wall Street Journal reported earlier. The patents cover network equipment for more than 20 of the company's vendors including major U.S. tech firms but those vendors would indemnify Verizon, the person said. Some of those firms have been approached directly by Huawei, the person said. The patents in question range from core network equipment, wireline infrastructure to internet-of-things technology, the Journal reported. The licensing fees for the more than 230 patents sought is more than $1 billion, the person said. Huawei has been battling the U.S. government for more than a year. National security experts worry that "back doors" in routers, switches and other Huawei equipment could allow China to spy on U.S. communications. Huawei has denied that it would help China spy.

Salesforce on Monday decided to buy big data firm Tableau Software for $15.3 billion, marking the biggest acquisition in the company's history as it looks to offer more data insights to its clients. From a report: Seattle-based Tableau has more than 86,000 customers, including tech heavyweights such as Verizon and Netflix. As part of the all-stock deal, Tableau shareholders will get 1.103 Salesforce shares, valuing the offer at $177.88 per share, representing a premium of 42% to Tableau's Friday closing price. Salesforce's deal comes days after Alphabet's Google big-data analytics company Looker for $2.6 billion and surpasses the $5.9 billion that the cloud-based software company paid to buy U.S. software maker MuleSoft in 2018.

Verizon has avoided paying local taxes on telecom equipment in many New Jersey municipalities over the past decade, but a proposed state law would force the company to pay back taxes for all the payments it didn't make. Ars Technica reports: The bill, filed on May 23 by Assemblyman John Burzichelli (D. Paulsboro), "would force Verizon to pay local taxes on telephone poles, lines, land, and other equipment that the telecom giant has refused to fork over in an increasing number of New Jersey municipalities, starving them of tens of millions of dollars a year in tax revenue," The Philadelphia Inquirer reported. As of 2015, Verizon had reportedly stopped paying the tax in more than 150 of the 565 municipalities in New Jersey.

The tax Verizon has avoided ranges from $15,000 to more than $1 million a year for each municipality, taking revenue away from local budgets or forcing residents and other businesses to cover the shortfalls. Despite not paying tax in many cities and towns, local officials point out that Verizon "continues to benefit from the use of municipalities' poles, utility lines, and switching facilities even when it no longer pays taxes," a 2015 Inquirer article said. "The tax dispute centers on a 1997 amendment to state tax law that required 'business personal property' payments from landline phone companies that provide 'dial tone and access to 51 percent of a local telephone exchange,'" the report adds. Verizon said in 2008 that it would stop paying the tax because it said its market share had dropped below the 51 percent threshold. In reality, Verizon's share was closer to 90 percent.

In his TechCrunch column, software engineer/journalist Jon Evans writes that last month "marked a victory for sanity and pragmatism over irrational paranoia." I'm talking about Microsoft finally -- finally! but credit to them for doing this nonetheless! -- removing the password expiration policies from their Windows 10 security baseline... Many enterprise-scale organizations (including TechCrunch's owner Verizon) require their users to change their passwords regularly. This is a spectacularly counterproductive policy.

To quote Microsoft: "Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives... If a password is never stolen, there's no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem... If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration? And if they haven't implemented modern mitigations, how much protection will they really gain from password expiration...?"

Perfect security doesn't exist. World-class security is hard. But decent security is generally quite accessible, if you faithfully follow some basic rules. In order to do so, it's best to keep those rules to a minimum, and get rid of the ones that don't make sense. Password expiration is one of those. Goodbye to it, and good riddance.
Instead the column recommends password managing software to avoid password re-use across sites, as well as two-factor authentication. "And please, if you work with code or data repositories, stop checking your passwords and API keys into your repos."

But if your company still has a password expiration policy, he suggests mailing Microsoft's blog post to your sys-admin. "They will ignore you at first, of course, because that's what enterprise administrators do, and because information security (like transportation security) is too often an irrational one-way ratchet because our culture of fear incentivizes security theater rather than actual security -- but they may grudgingly begin to accept that the world has moved on."

Bloomberg remembers the launch of Bing ten years ago -- "It was all a little sad". There was even a jingle-writing contest in which song-a-day writer Jonathan Mann won a $500 gift card for his song "Bing Goes the Internet". (After TechCrunch called it "awful" and compared it to the sound of dying cows, the songwriter released a second song which consisted of nothing but the text of TechCrunch's article.)

Now Bloomberg asks, "How did Bing go from a joke to generating nearly three times the advertising revenue of Twitter?" What seemed like a typical Microsoft reaction to fear of Google has become -- with the help of blood, sweat, tears and the Nadellaissance -- a nice business. Microsoft now generates about $7.5 billion in annual revenue from web search advertising. That is a pipsqueak compared with Google's $120 billion in ad sales over the last 12 months. But it's more revenue brought in by either Microsoft's LinkedIn professional network or the company's line of Surface computers and other hardware...

Microsoft in recent years outsourced chunks of its advertising business and stuck Bing in spots that Microsoft controls or that Google couldn't grab. Importantly, Microsoft made Bing front and center for people using search boxes on Windows computers and Office software, practically guaranteeing that a healthy share of PC owners would wittingly or unwittingly use the "decision engine." Research firm comScore estimates Microsoft accounts for a little under one-quarter of U.S. web searches conducted on desktop computers. Microsoft's market share is far smaller outside the U.S. and practically nonexistent on smartphones... [T]his year it struck a deal to handle searches and ads tied to searches on Yahoo, AOL and other Verizon Communications Inc. internet properties. Those aren't glamorous corners of the internet, but they have a lot of traffic and therefore a lot of people searching for running shoes and local dentists. All that helps use of Bing and lifts the ad revenue that flows through Microsoft's accounts.

Microsoft has also pared costs to the point where Bing stopped bleeding red ink... Bing at least stands on its own two feet, and company executives have said that Microsoft has learned from the search business how to run big data-collecting and crunching technologies.
The article argues that Bing's success has been good for Google, since it keeps them from looking like a monopoly.

Motorola's $500 Moto Z4 is finally official, bringing an updated design with a near-notchless 6.4-inch OLED display, headphone jack, and support for the company's Moto Mods. Other specs include a Qualcomm Snapdragon 675 processor, 4GB of RAM with 128GB of storage (expandable via microSD to 2TB) and Android 9.0 Pie, with Motorola promising an update to Q in the future. CNET reports: To improve photography Motorola has added what it calls "Quad Pixel technology," which uses pixel-binning to allow for 48-megapixel shots with the rear lens, following a trend of other recent higher-end midrange phones including OnePlus' 7 Pro. Around front is a 25-megapixel shooter which takes advantage of the same "Quad Pixel" tech. Motorola says both sensors should offer improved details and colors as well as better low-light performance. The company has even added its own rival to the Pixel 3's Night Sight called Night Vision.

In some brief hands-on time with the phone, the phone feels more premium than the rival cheaper Pixel 3a, which starts at $399. Videos looked sharp on the OLED display and the Night Vision did a solid job of enhancing images taken in a dark room. Whether the Z4 can rival the Pixel 3A's camera or if its cheaper price can top the value of $669 OnePlus 7 Pro's performance remains to be seen. An optical fingerprint sensor is built into the display, similar to the technology used on OnePlus' 6T and 7 Pro. As with the OnePlus phones, setup was seamless and unlocking was responsive during our brief use of the phone. Wireless charging isn't present nor is IP-rated water resistance (Motorola says the phone can withstand spills and rain). The phone will be available from Verizon on June 13, and will support the carrier's 5G network via the 5G Moto Mod (sold separately).

T-Mobile and Sprint submitted a new plan for their proposed $26 billion merger to the FCC -- including enhanced 5G buildout commitments and an agreement to spin off Sprint's Boost Mobile -- which got the nod from Federal Communications Commission Chairman Ajit Pai. From a report: T-Mobile and Sprint first announced their plans to merge in April 2018, looking to combine forces to take on the two industry leaders -- AT&T and Verizon. To clear regulatory hurdles, the companies have been forced to make additional guarantees. Those include a commitment to deploying a 5G network that would cover 97% of the U.S. population within three years of the closing of the merger and 99% within six years. In addition, the revised T-Mobile/Sprint plan guarantees that their 5G network would reach deep into rural areas, with 85% of rural Americans covered within three years and 90% covered within six years. T-Mobile and Sprint also have promised that 90% of Americans would have access to mobile broadband service at speeds of at least 100 megabits per second and 99% would have access to speeds of at least 50 Mbps.

A month ago, Verizon's 5G coverage in Chicago was exceedingly difficult to find and the speeds were only noticeably faster than LTE. Now, Chris Welch from The Verge says the company "has ramped things up." While coverage "remains extremely limited" and "varies widely block by block," the speed is lightning fast. From the report: I just ran a speed test that crossed 1Gbps, and my mind is frankly a little blown. This is in the real world, where my iPhone XS Max is barely hitting 20Mbps in the same spot. Download speeds on Verizon's 5G network now feel like a proper next-gen leap over current LTE performance. Going over 700Mbps is very typical, and crossing that gigabit marker can happen regularly if you're standing near one of the carrier's 5G nodes, which utilize millimeter wave technology to achieve the faster download rates.

I'm still walking around Chicago and testing things out, but here are a few quick tests I ran: The pilot episode of The Office downloaded from Netflix at "high" quality in eight seconds. That's not a typo. I pulled down Marvel's Iron Man 2 from the Amazon Prime Video app at "best" quality in 90 seconds. Welch balances his excitement by saying that "indoor coverage on Verizon's 5G network is basically nonexistent." Also, "uploads are still limited to LTE on Verizons 5G network" and "tethering with the Galaxy S10 5G isn't yet supported (at 5G speeds)."

Another thing to think about is the fact that barely anyone is on Verizon's 5G network right now. When people actually start buying 5G devices, the 1Gbps speeds will surely drop.

In a collection of letters published by FCC Commissioner Jessica Rosenworcel on Thursday, representatives of T-Mobile, AT&T, Sprint, and Verizon all said they had ceased or significantly curtailed the sale of their customers' location data to companies whose shady practices brought to light triggered alarms among privacy advocates and lawmakers on Capitol Hill. From a report: The companies were responding to questions from Rosenworcel prompted by news reports that location data originating with America's largest telecoms was being acquired and sold downstream by bounty hunters and others without the consent of the companies themselves or their customers. The New York Times, for instance, reported last year that law enforcement officials had also purchased access to location data, circumvented the usual need for a warrant. On Wednesday, House lawmakers grilled the FCC's chairman, Ajit Pai, for details about the status of the commission's nearly year-long investigation into the malpractice. After two hours, it adjourned with no new information.

In a May 15 letter, AT&T said that as of March 29 it was no longer sharing its customers' data with location aggregators. Sprint said in its letter that it is now only sharing location data with one location aggregator and two customers "with a public interest," a roadside assistance company and another that facilities compliance with state lottery requirements. T-Mobile said that, as of February 8, it had "terminated all service provider access to location data" under its aggregator program, and that, as of March 9, it had terminated all existing aggregator contracts. "Except for four roadside assistance companies," Verizon terminated its location aggregator program as of November 2018, the company said. It added that the four remaining contracts were terminated by the end of March.

An anonymous reader quotes a report from Ars Technica: The four major U.S. wireless carriers are facing proposed class-action lawsuits accusing them of violating federal law by selling their customers' real-time location data to third parties. The complaints seeking class action status and financial damages were filed last week against AT&T, Verizon, T-Mobile, and Sprint in U.S. District Court for the District of Maryland. The four suits, filed on behalf of customers by lawyers from the Z Law firm in Maryland, all begin with text nearly identical to this intro found in the suit against AT&T: "This action arises out of Defendant's collection of geolocation data and the unauthorized dissemination to third-parties of the geolocation data collected from its users' cell phones. AT&T admittedly sells customer geolocation data to third-parties, including but not limited to data aggregators, who in turn, are able to use or resell the geolocation data with little or no oversight by AT&T. This is an action seeking damages for AT&T gross failure to safeguard highly personal and private consumer geolocation data in violation of federal law."

The proposed classes would include all of the four carriers' customers in the U.S. between 2015 and 2019. In all, that would be 300 million or more customers, as the lawsuits say the proposed classes consist of at least 100 million customers each for AT&T and Verizon and at least 50 million each for Sprint and T-Mobile. Each lawsuit seeks damages for consumers "in an amount to be proven at trial." In June 2018, the four major U.S. carriers promised to stop selling their mobile customers' location info to third-party data brokers after a security problem leaked the real-time location of U.S. cellphone users. Despite the carriers' promises, a Motherboard investigation found in January 2019 that they were still selling access to their customers' location data.

"The lawsuits accuse the carriers of violating Section 222 of the U.S. Communications Act, which says that carriers may not use or disclose location information 'without the express prior authorization of the customer,'" reports Ars Technica. "The lawsuits also say that each carrier failed to follow its own privacy policy and 'profited from the sale and unauthorized dissemination of Plaintiff and Class Members' [private data].'"

Long-time Slashdot reader AmiMoJo quotes the Verge: Verizon is seeking a buyer for Tumblr, the blogging platform it acquired along with other Yahoo assets in 2017... The platform hosts 465.4 million blogs and 172 billion posts, according to its about page... On Thursday evening, Pornhub VP Corey Price claimed in a statement to BuzzFeed News that his company is "extremely interested" in buying Tumblr and "very much looking forward to one day restoring it to its former glory with NSFW content..."

Price is referring to a major change implemented late last year, when Tumblr took the controversial step of banning porn on its platform. The company has been using AI to detect and automatically block images and videos that contain certain adult content. Existing posts containing porn were made private and are no longer publicly accessible.
Both Fortune and TechCrunch warned the acquisition might actually have bad consequences for adult content producers, since PornHub's owner MindGeek has been accused of ignoring piracy on its streaming sites, "a significant factor in the deflation of salaries for performers in the industry."

In a thread on Twitter, Engadget's senior news editor added "I guess the good news is that things PornHub announces as a publicity stunt don't usually happen, so..."

On Wednesday, Federal Communications Commission (FCC) Commissioner Jessica Rosenworcel demanded answers from AT&T, T-Mobile, Sprint, and Verizon on their sale of customers' phone location information to data aggregators. From a report: As Motherboard has shown in multiple investigations, this data, which sometimes included highly precise assisted-GPS data, ended up in the hands of bounty hunters, bail bondsmen, or private investigators. The demands are the latest move to pressure telecom companies, who said they would stop the sale of location data to third parties after Motherboard's coverage. AT&T and T-Mobile previously told Motherboard that sale has ended, and Sprint said it would stop at the end of May. But there are still serious concerns about how that data may have been stored and accessed. The letters from Commissioner Rosenworcel to the heads of each telco asked that the companies clarify whether data aggregators or others were allowed to save phone location data they received, and what steps the telcos are going to take to ensure the deletion of any shared data.

An anonymous reader quotes a report from Ars Technica: The U.S. mobile industry's top lobbying group is opposing a proposed California state law that would prohibit throttling of fire departments and other public safety agencies during emergencies. As reported yesterday by StateScoop, wireless industry lobby group CTIA last week wrote to lawmakers to oppose the bill as currently written. CTIA said the bill's prohibition on throttling is too vague and that it should apply only when the U.S. president or California governor declares emergencies and not when local governments declare emergencies.

The group's letter also suggested that the industry would sue the state if the bill is passed in its current form, saying the bill would result in "serious unintended consequences, including needless litigation." "[T]he bill's vague mandates, problematic emergency trigger requirement, and failure to include notification requirements could work to impede activities by first responders during disasters," CTIA wrote. The group said that it "must oppose AB 1699 unless it is amended to address the foregoing concerns." CTIA represents Verizon, AT&T, T-Mobile, Sprint, and other carriers. Despite CTIA's opposition, the bill proposed by State Assemblymember Marc Levine (D-Marin County) sailed through an Assembly committee yesterday. The Committee on Communications and Conveyance voted 12-0 to advance the bill, Levine's chief of staff, Terry Schanz, told Ars today. A committee analysis of the bill says that CTIA was the only organization to register opposition. The next stop for the bill is an April 30 hearing with the Assembly Privacy and Consumer Protection Committee. It is in response to Verizon throttling an "unlimited" data plan used by Santa Clara firefighters last year during the state's largest-ever wildfire.

Apple allegedly wanted to hurt Qualcomm before it ever filed suit against the company, according to documents obtained by Qualcomm as the two companies prepared to meet in court. CNET reports on what has been made public: In September 2014, a document from Apple titled "QCOM - Future scenarios" detailed ways the company could exert pressure on Qualcomm, including by working with Intel on 4G modems for the iPhone. Apple and its manufacturing partners didn't actually file suit against Qualcomm until more than two years later. A second page of that document, titled "QCM - Options and recommendations (2/2)" revealed that Apple considered it "beneficial to wait to provoke a patent fight until after the end of 2016," when its contracts with Qualcomm would expire. "They were plotting it for two years," Qualcomm attorney Evan Chesler, of the firm Cravath, Swaine & Moore, said during his opening arguments last week. "It was all planned in advance. Every bit of it."

The unknown Apple team behind the September 2014 document recommended applying "commercial pressure against Qualcomm" by switching to Intel modems in iPhones. Apple ultimately started using Intel modems in about half of its iPhones with devices that came out in 2016. In the US, it embedded Intel modems in AT&T and T-Mobile models of the iPhone 7 and 7 Plus, but it still used Qualcomm in versions for Verizon and Sprint. Qualcomm, for its part, knew by June 2014 about Apple's plans to use Intel chips in 2016, according to an internal email from its president, Cristiano Amon, that was displayed during opening arguments. "Decision already has been made and beyond the point of no return on the 2nd source (Intel) for the 2016 premium tier," Amon wrote to CEO Steve Mollenkopf, CTO Jim Thompson, General Counsel Don Rosenberg and then-licensing chief Derek Aberle.

Apple "said that as a result of our policies, other chip companies can't compete with us," Chesler said during his opening arguments. "Where did Intel get the chips from? From god? They made them using our technology." Another Apple internal document from June 2016 said the company wanted to "create leverage by building pressure three ways," according to a slide shown in court. The internal document said, in part, that Apple wanted to "hurt Qualcomm financially" and "put Qualcomm's business model at risk."

An anonymous reader quotes a report from Bloomberg: Wireless customers are hanging on to their old phones longer than ever. That's the message from Verizon, which said its upgrade rate fell to a record low last quarter -- a harbinger of tough times ahead for the iPhone and other devices. Faced with $1,000 price tags on moderately improved phones, consumers may be waiting to hear more about new 5G networks before committing to new models. The faster, more advanced services won't roll out in earnest until 2020. "Incremental changes from one model the the next, hasn't been that great, and it hasn't been enough of an incentive," Verizon Chief Financial Officer Matt Ellis said in an interview Tuesday after the company reported fewer-than-expected new customers for the first quarter. He expects replacement rates to be down for the year.