Hosted Communications

The Great Debate over “Network Neutrality” really only started in 2005. That’s the year when the FCC (News - Alert) threw a huge monkey wrench into the subtly-balanced machinery that supported the public Internet. Since then, many individuals and organizations have been struggling to prevent widespread damage from resulting. Bills pop up in Congress, blogs fume with high dudgeon, and lobbyists for the telephone companies preach the imaginary virtues of imaginary “free markets”. It is all one big Freak Show. Everyone knows that there’s a problem but it is never framed consistently. Since the problem is fundamentally political, the side who frames it best has the advantage. Should the Internet be “saved” or should the government keep its “hands off”?

 

In the United States, the Internet has always been given the regulatory status of “information service” or its predecessor “enhanced service”. It isn’t “telecommunications service”, which is subject to stricter regulation, including virtually absolute content neutrality. This was not a problem in the past because by definition, information service ran atop telecommunications service, such as wholesale raw DSL, which was available as common carriage. Thus any number of ISPs could make use of the same telephone company DSL network in order to reach their customers. If an ISP misbehaved, another was always there to take over its customers.

 

What the current FCC changed was the treatment of that raw DSL pipe itself. The FCC invoked a rather curious logic by which it became information service because that’s what it carried. And since information service providers (including ISPs) don’t have to sell wholesale to their competitors, neither do phone companies – even though they are the custodians of the wire that they installed – as common carriers with monopoly protection.

 

The failure to distinguish between content and carriage is reminiscent of an old tale about the nature of the universe. As Steven Hawking retells it in A Brief History of Time, a “little old lady” responds to an astronomer’s lecture with disdain.

 

 

Contrary to popular belief, ISP services have never been entirely “neutral”. They do more than relay all packets the same way based solely on their IP addresses, the rule desired by some orthodox neutrality proponents. They can and do block suspected abuse, or even suspected channels of abuse. Consumer ISP services frequently restrict applications by blocking TCP port numbers. For instance, consumers are often not allowed to send e-mail using the standard port 25 (SMTP), except to the ISP’s mail relay, because virus-infected computers often run spam “bots” which send to port 25. Backbone ISPs also have the right to block packets from entire address blocks belonging to suspected spam-friendly ISPs. (That’s why you don’t find more spam-friendly ISPs, and spammers switched to botnets.) Some ISPs have even blocked entire countries, though that may be going a bit far. (When’s the last time you received non-spam e-mail from Korea?) Some ISPs even offer Web censorship as a value-added service, lest any member of your family be subjected to heterodoxy.

 

This has all been part of the Internet’s free market: When there’s no barrier to entry into a given industry, competition sets the bounds on what is and isn’t acceptable; if customers don’t like how their ISP operates, they have many others to choose from, and a new entrant can pop up to meet an unmet need. But in the world of stacked turtles, barriers to entry are high, and the ISP business usually becomes a duopoly of wire owners, the cable company and the phone company.

 

How was acceptable ISP behavior defined when competition was more open? Contractual Terms of Service set some of the rules, as did market expectations; only modest statutory protections applied. Your browsing habits, for instance, were probably not supposed to be made public, nor were the contents of your e-mails. Telecommunications companies were subject to even stricter rules; other than limited “service observation”, monitoring user communications constituted wiretapping, illegal except when done by law enforcement agencies under a valid warrant. (The law was ignored by the Bush administration and cooperative telephone companies, but that didn’t make it legal for everyone to wiretap everyone else.) Those rules too don’t apply when it’s turtles all the way down.

 

This raises an issue that’s far more important than “neutrality”, but one which subsumes it. A more appropriate requirement for ISPs to observe is network privacy. By properly defining bounds of what a network provider may and may not do with the information passing through its network, the most important goals of network neutrality can be achieved, along with other, even more critical ones. And there will still be a distinction between telecommunications and information.

 

To be sure, ordinary Internet management practices do dive deeper into packets than the IP layer header. But just how deeply one inspects the packets makes a big difference. For instance, port filtering in the TCP layer is commonplace. But that’s still part of the packet header, and while TCP is now treated as a separate layer from IP, its header is hardly private, and there are plenty of good technical reasons for networks to peek at the TCP layer.

 

ISPs run afoul of privacy when they start delving deep into the applications themselves. There are however many reasons for ISPs to delve into the application layer. As IP addresses become scarcer, more ISPs may need to perform Network Address Translation (NAT). Because many applications are defectively designed and put an IP address into the application layer itself, NAT has to peek into the application header to fix it. Another reason, a bit more controversial, is to look for applications that typically generate anomalously high levels of traffic, which are thus most likely to cause network congestion, but which may not stick to standard port numbers. That’s what Comcast was doing when it looked at BitTorrent (News - Alert) streams and injected reset packets into some of them. This isn’t quite neutral but its privacy impact is minimal. Information about individual user behavior is not stored, only certain traffic patterns are partially jammed.

 

But the real threat to privacy is in Deep Packet Inspection (DPI). This refers to systems that look into and beyond the application header, at the user data itself. DPI can be used for several purposes. One is pricing: DPI vendors have encouraged ISPs to charge for the value of the applications that the users run across the ISP network. Wireless companies (the main users of DPI today) charge a fee for each SMS or MMS e-mail sent. DPI can be used to charge by the message for SMTP e-mail sent between a subscriber’s computer and an outside mail server, thus making it less competitive with SMS. DPI can be used to block protocols, even if they masquerade behind an unidentified TCP port number. It can also be used to block or censor specific Web sites and network applications.

 

DPI can even be used to eviscerate the whole packet-switching concept behind TCP/IP, by turning the network into an application-layer relaying system. In that scheme, users are charged for the applications they run across the network. If the DPI doesn’t recognize or approve of the application, it can be blocked, charged for at a premium price, or downgraded to what one DPI evangelist calls “hobo class”. That’s why network neutrality advocates have a point about innovation: If the network doesn’t treat packets fairly, then new applications won’t have a chance. Are all packets assumed good unless proven bad, or vice-versa?

 

The mobile phone industry has developed an architectural concept called IP Multimedia Subsystem (News - Alert) (IMS). While originally designed for running voice and multimedia applications, like streaming audio, across mobile networks, IMS has since begun to spread to the wireline industry. It has spun off projects like IPsphere, which aim to use the technology to “monetize” IP applications (nicknamed “Internet Monetization System” by Martin Geddes). The IMS concept is to have the network be aware of all application-layer connections, with the IP layer itself hidden behind gateways which may use DPI to sort out traffic flows. IMS provides better than standard IP quality of service (low packet loss and jitter for selected applications) by regulating individual application flows. This basically requires severe limits on nonparticipating packets, lest they take up too many resources.

 

Another use of DPI is to extract value from network transactions. When you use a Visa card to purchase gasoline, the Visa network takes a cut of the action. Maybe your ISP would like a cut of your ecommerce transactions or electronic banking activities! AT&T’s CEO actually called for this a few years ago, long before a different AT&T CEO made the famously frank remarks that inflamed the neutrality debate. Why be just a highway when you can be a highwayman? Without open competition in the ISP business, the threat is very possible.

 

This not only eviscerates neutrality, but it clearly violates privacy, as it seeks to turn packet flows into billable events. This explains why many wireless “Internet” services fall far short of being a true ISP. While there’s nothing wrong with billing for telephone calls, the wireless industry is leading the way for expanding the use of IMS and application-layer relaying instead of offering ISP-style end-to-end packet relaying. It violates privacy as it delves into the application layer of what should be end-to-end data applications.

 

Another violation of network privacy comes from ISP-operated spyware. Companies such as Phorm (News - Alert) and NebuAd install systems at the ISP, which monitor and keep track of individual user activity. Then, when users surf the Web, these adware systems modify the Web pages and inject advertising onto them, based upon the subscriber’s surfing profile. So if perchance you are on the family computer some night and get curious enough to look at some “adult” pictures on, say, redhotpatooties.com, and your children use the computer the next day, they might be greeted with ads for, and pictures of, well, you can imagine! And if you “opt out”, they keep spying on your behavior; they just don’t inject the ads.

 

 

By the same perspective, there’s no violation of privacy if a network offers differentiated grades of service, such as a low-loss, low-jitter option for voice and a cheaper bulk-oriented grade for file transfer, based on header bits. However, there were be a violation of privacy if the network inferred the grade of service, or charged for the value of a “call”, by peering into the application itself. If someone wants to talk over low-priced data service, that’s their business. Telephony charges can be levied at the edge of the network, at PSTN gateways.

 

From an innovator’s point of view, network privacy guidelines provide plenty of room for new services to be created without asking ISPs for permission. Packets will still be carried from end to end without interference, unless some clear guideline (like spamming, or running an unauthorized server) is violated. From a user point of view, the ISP isn’t snooping on behavior, even if it keeps a count of bits flying by.

 

Some service providers currently disclaim privacy rights that users may expect still exist; for instance, some lawyers have noted that lawyer-client privilege may be jeopardized by some network providers via their terms of service. That violates network privacy. Networks should not be allowed to divulge the content of their users’ traffic, except of course for a valid subpoena. And indeed the threat of subpoena is one reason why network providers shouldn’t even store more subscriber information than necessary. That strikes to the heart of recent controversies such as Google (News - Alert) vs. Viacom.

 

The best way to bound “reasonable” network management is to simply require that privacy be respected at all times. If necessary, it should be possible to legislate or litigate privacy, without running into the same problems that necessary occur trying to legislate neutrality. Network privacy should be the rallying cry of those who want to save the spirit of the Internet.