Sunday, February 12, 2006

Net Neutrality

Larry Lessig's blog has linked to an article by Bill Thompson on the BBC's website arguing for "net neutrality," a position that favors FCC regulations to prohibit providers from blocking access to competitors' services and (in some cases, as in Thompson's) prohibit them from charging content providers for access to different classes of service.

I agree that providers shouldn't be able to block access to competitors' services (except, e.g., when necessary for security reasons, or as part of a service like content filtering being provided to a customer who wants it--but see below for my opinion on putting the FCC in charge of enforcement), but I don't think I agree on the latter point. Thompson argues that classes of service beyond the distinctions which providers currently offer based on overall bandwidth are unnecessary. But he's clearly wrong on that point--as more and more services which are sensitive to latency are added to the network (like real-time voice and video), the argument for putting those services into a higher class of service becomes stronger. Given the fact that there are currently several million compromised machines which are regularly used to engage in denial of service attacks, it is trivial for ordinary Internet bandwidth to be saturated--taking anything riding over that bandwidth out of service.

More and more people are depending on Internet access for voice services, including emergency 911 service. If those services are set up without separating them from ordinary Internet traffic in some way, the risk is created that those services may be unavailable when critically needed. Throwing more bandwidth at the problem doesn't help when you're also throwing more bandwidth to that same set of compromised machines, which can multiply that added bandwidth in an attack. One way or another--and likely through a combination of methods, including better filtering mechanisms and separation of different kinds of services into separate virtual channels--action needs to be taken to protect critical services from such attacks.

One thing that tends to be glossed over by proponents of "Net Neutrality" is that the most likely way of the policy being enforced is through regulatory action by the FCC. That, I think, is a huge mistake--these are the same people who can't create regulations to enforce a relatively simple statute like the Telephone Consumer Protection Act (TCPA) without creating loopholes for telemarketers that are not permitted by the statute (e.g., allowing prerecorded or automated voice messages to deliver advertisements when there's an existing business relationship), and the same people who think it's more important to take action in response to carbon-copied indecency complaints from the Parents Television Council than to take action against telemarketers actively engaged in fraud.

Adam Thierer of the Cato Institute makes some excellent arguments against putting "Net Neutrality" into effect through FCC regulation. Part of the problem is the vagueness of what's being asked for. If it's going to be set in place through the law, I would strongly favor that it be done as simply as possible through a statute that gives a private right of action (through injunctive relief or civil penalties for each day that access to a service is blocked for illegitimate reasons) and leaves the FCC out of it. The worst possible thing that could happen would be for the FCC to be given authority to maintain standards of access and turn it into an authority to maintain standards of content--and if you look at who's running the Commission and how they deal and are planning to deal with content in other realms, you can see that this is a real concern.

Disclosure: I work in network security for a global telecommunications company--one which is not an RBOC or cable provider. Our network (like that, I suspect, of most major Internet backbone providers) uses classes of service internally to differentiate voice, video, IP-VPN, and ordinary IP traffic. If the network didn't use classes of service, the more sensitive classes of traffic would be vulnerable to periodic disruption by Internet denial of service attacks.

No comments: