Geddes on net neutrality

Martin Geddes has a nice commentary on the vagueness of "net neutrality" and its implications (I previously commented on the subject here). He divides net neutrality advocates into bottoms, middles, and tops (based on layers, not giving vs. receiving). "Bottomistas" want neutrality on offered underlying protocols and aren't happy just getting IPv4 (or just IPv6), and at the extreme would want a choice between ATM, Ethernet, their own Layer 2 protocol. The "middlemen" distinguish "raw IP" (which backbones carry, or perhaps which ISPs use internally) from "retail IP" (what the end user customer gets), and endorse neutrality on the latter. The "top" are comfortable with the kind of filtering done by many retail ISPs (e.g., port 25 filtering), but oppose filtering directed at particular service providers or applications.

Geddes argues that the Internet isn't really a thing, but a set of agreements between different entities that are each doing their own thing with their own property--and that "Internet Governance" itself doesn't make much sense outside of IP address allocation and routing.

He raises a host of interesting questions, like:

Is neutrality a wholesale or a retail problem? What if the access infrastructure owner offers “neutral” IP connectivity, but no retail provider chooses to pass that on directly to the public without layering on some filtering and price discrimination?

and

Oh, and what’s so special about the Internet? Do other IP-based networks need neutrality principles? Do any networks? Should more network industries be forced to forego “winner takes all” rewards? Google looks awfully dominant at adverts, doesn’t it… I wonder if that ad network needs a bit of “neutrality”?

These are the sorts of issues that need to be considered in formulating any kind of "net neutrality" that can actually be put into a statute or regulatory framework, and it doesn't seem likely to me that it will be easy to come up with one that has broad appeal and doesn't trample on private contract and property rights. I think Geddes may be right when he says neutrality is "an output, not an input."

His post is well worth reading, as is the commentary from Brett Watson.

UPDATE: Geddes has more at Telepocalypse.

Net Neutrality

Larry Lessig's blog has linked to an article by Bill Thompson on the BBC's website arguing for "net neutrality," a position that favors FCC regulations to prohibit providers from blocking access to competitors' services and (in some cases, as in Thompson's) prohibit them from charging content providers for access to different classes of service.

I agree that providers shouldn't be able to block access to competitors' services (except, e.g., when necessary for security reasons, or as part of a service like content filtering being provided to a customer who wants it--but see below for my opinion on putting the FCC in charge of enforcement), but I don't think I agree on the latter point. Thompson argues that classes of service beyond the distinctions which providers currently offer based on overall bandwidth are unnecessary. But he's clearly wrong on that point--as more and more services which are sensitive to latency are added to the network (like real-time voice and video), the argument for putting those services into a higher class of service becomes stronger. Given the fact that there are currently several million compromised machines which are regularly used to engage in denial of service attacks, it is trivial for ordinary Internet bandwidth to be saturated--taking anything riding over that bandwidth out of service.

More and more people are depending on Internet access for voice services, including emergency 911 service. If those services are set up without separating them from ordinary Internet traffic in some way, the risk is created that those services may be unavailable when critically needed. Throwing more bandwidth at the problem doesn't help when you're also throwing more bandwidth to that same set of compromised machines, which can multiply that added bandwidth in an attack. One way or another--and likely through a combination of methods, including better filtering mechanisms and separation of different kinds of services into separate virtual channels--action needs to be taken to protect critical services from such attacks.

One thing that tends to be glossed over by proponents of "Net Neutrality" is that the most likely way of the policy being enforced is through regulatory action by the FCC. That, I think, is a huge mistake--these are the same people who can't create regulations to enforce a relatively simple statute like the Telephone Consumer Protection Act (TCPA) without creating loopholes for telemarketers that are not permitted by the statute (e.g., allowing prerecorded or automated voice messages to deliver advertisements when there's an existing business relationship), and the same people who think it's more important to take action in response to carbon-copied indecency complaints from the Parents Television Council than to take action against telemarketers actively engaged in fraud.

Adam Thierer of the Cato Institute makes some excellent arguments against putting "Net Neutrality" into effect through FCC regulation. Part of the problem is the vagueness of what's being asked for. If it's going to be set in place through the law, I would strongly favor that it be done as simply as possible through a statute that gives a private right of action (through injunctive relief or civil penalties for each day that access to a service is blocked for illegitimate reasons) and leaves the FCC out of it. The worst possible thing that could happen would be for the FCC to be given authority to maintain standards of access and turn it into an authority to maintain standards of content--and if you look at who's running the Commission and how they deal and are planning to deal with content in other realms, you can see that this is a real concern.

Disclosure: I work in network security for a global telecommunications company--one which is not an RBOC or cable provider. Our network (like that, I suspect, of most major Internet backbone providers) uses classes of service internally to differentiate voice, video, IP-VPN, and ordinary IP traffic. If the network didn't use classes of service, the more sensitive classes of traffic would be vulnerable to periodic disruption by Internet denial of service attacks.