Workshop Report 2009
Workshop Title: Network Neutrality
Workshop description and list of panelists:
The workshop discussed the accuracy of a very term of Network Neutrality in opposition to a term of Open Internet. It further discussed economics and engineering aspects of networks and how network management regulation might affect those investments. It also discussed the end-user perspective, need for transparency and a freedom of choice. As a cross-cutting issue, the implications to the digital divide and development were examined. Needs for policy and regulatory approaches towards network management were questioned and discussed, including analysing several experiences on national levels.
The workshop involved a variety of stakeholders presenting different perspectives to the audience and listening to their opinions. It aimed at listening to the interests and concerns of technical community, incumbents, Telcos and ISPs, service and content providers, civil society groups, users, government representatives and regulators, etc.
The workshop was structured in three parts with specific goals:
(1) Mapping the field:
– engineering aspect;
– economical aspect;
– socio-cultural aspect and end-user perspective;
– implications to a developing world;
– policy aspect.
Ultimately, outlining the areas of common agreement and putting in forefront the remaining confronting views of stakeholders involved.
(2) Identifying and understanding local or regional Internet substructures, threats and pressures faced: bringing in the security aspects of malicious data traversing the network and how organizations making up the Internet Substructure are impacted or may be able to have an impact on this debate.
(3) Discussing the basic principles:
– regulatory views and existing practices and case-studies (Egypt, Norway, Europe, Brazil);
– basic principles that all the stakeholders might sustain.
Vladimir Radunovic, Coordinator of Internet Governance Programmes, DiploFoundation
Ambassador David A. Gross, former U.S. Coordinator for International Communications and Information Policy at the U.S. Department of State
Chuck Kisselburg, Director of Strategic Partnerships, CommunityDNS
Robert Pepper, Vice President Global Technology Policy, CISCO
Thomas Lenard, President and Senior Fellow, Technology Policy Institute
Jacquelynn Ruff, Vice President International Public Policy and Regulatory Affairs, Verizon Communications
Ian Peter, Internet Governance Caucus
Nathaniel James, Executive Director, OneWebDay.org
Emmanuel Edet, National Information Technology Development Agency, Nigeria
Belhassen Zouari, CERT-Tunisia
Steve Purser, ENISA (European Network and Information Security Agency)
Chuck Kisselburg, CommunityDNS
Dr. Amr Badawi, CEO, NTRA Egypt
Willy Jensen, Director General, NPT Norway
Vanessa Copetti Cravo, University of Rio Grande do Sul – UFRGS
Parminder Jeet Singh, Internet Governance Caucus
Jake E. Jennings, Executive Director, International External and Regulatory Affairs, AT&T
Michael Truppe, Council of Europe and Federal Chancellery – Constitutional Service Media Affairs Coordination Information Society Austria
The actors involved in the field; various initiatives that people can connect with, and contacts for further information:
Internet Governance Caucus (www.igcaucus.org)
Technology Policy Institute (www.techpolicyinstitute.org)
The Domain Name System Infrastructure Resilience (DIR) Task Force (www.dir.org)
Internet Governance Project (www.internetgovernance.org)
Internet Rights and Principles Coalition (internetrightsandprinciples.org)
Norwegian Guidelines on Network Neutrality (http://www.telepriser.no/ikbViewer/Content/109604/Guidelines%20for%20network%20neutrality.pdf)
A brief substantive summary and the main issues that were identified:
MAPPING THE FIELD
The first part of the panel discussed core aspects of the debate, including the convenience of the very term of “Network Neutrality” and its essence and core principles. A discussion on appropriate network management was connected to the debate on rights of all parties involved. Concerns over approaches to regulation of Network neutrality brought into focus the aspects of investments, liability and innovations in network and applications as well as in economic models – including pros and cons of carriers charging content providers and models of packaging Internet offer. General consensus was achieved on several aspects, yet more clearly defining the remaining open issues.
The term “Network neutrality” was found by most speakers as potentially ambitious and misleading one, which should rather be replaced by “Policies for Open Internet”. Nevertheless, voices were heard also that the word “open” might be even more ambiguous than “neutrality”, and that one should rather keep the old term to better communicate the debate to wider range of users. Another term that was heard based on the discussions is “Appropriate Network Management”. The bottom line most agreed upon, however, is that one should focus on a concrete question – or a set of questions to be responded to – rather than on a phrase. In that sense the term used should provide a normative base for deciding what is appropriate practice and what is not.
A general feeling of the discussion was that Network Neutrality should not be about the regulatory mechanism but about the principles instead. Consensus existed on basic principles:
– Rights of users to access any content, application or service
– Transparent and non-discriminatory network management.
The way the principles should be enforced was yet a separate discussion. It was also mentioned that core principles should be followed by content and service providers, not only the carriers, since growingly the access to information and content rely on them as well. In essence, it was suggested, principles of Network Neutrality should ensure equality of opportunities for everyone.
One of the foci of the global debate – the concept of network management – was not objected by any speaker: it was understood that network management is needed to improve performances and bring innovations, and especially to prevent congestion, latency and jitter. While the principle of traffic management as such was acknowledged, the practice of traffic management was disputed by some speakers, as it gives space for interest-based interventions by providers or governments, and may result with breaching the principle of access rights of users. To that end transparency was a principle generally agreed upon, while a clear question was set forwards for future debates: what is appropriate network management?
“Rights” was an important word of the debate. On the end-user side it was repeated that users have rights to access any kind of content, services or applications from any networks, without barriers and intervention from carriers or governments or third parties. Besides, rights of users to be able to switch providers easily were mentioned.
Finally, it was emphasised the users should have a final say. On the other hand, the rights of carriers to manage traffic and offer managed network services to customers were outlined as well.
From the perspective of developing countries a principle of knowledge economy was understood as the underpinning one for further development: in order to compete equally with developed world, the developing world needs to be allowed to access the (online) knowledge equally, as well as to be able to compete on equal bases. Emerging content and service providers bringing innovations at network ends – especially those from developing countries – should not be prevented from competing due to their low initial market power. Non-commercial and non-competing producers of online content and services should as well have the equal rights to broadcast through any carrier to reach any interested user. Special concern was made on the rights of marginalised groups – people with disabilities being among those – to use content, services and applications (including high-bandwidth-demand ones) of their needs without any limits whatsoever.
As expected, a very important thread of the debate was on the need and level of regulations in broadband market when it comes to Network Neutrality. It was acknowledged that a high level competition is welcomed and would leave more choice for users. A self-regulation based on the competition only was, however, questioned by some speakers, on several bases:
– Internet should be user-cantered; while business generally cares about satisfying users’ needs for greater value of its offer and a comparative advantage on the market, it has own benefits as a primary goal, rather than the end-user needs.
– The rights of carriers are based on owning the infrastructure, but not owning the Internet, standards or services; greater values and user-rights should be safeguarded more firmly by authorities, especially in case of emerging telecom-related monopolies or oligopolies.
– The crash of an open-market economic system in the past years has raised fears that competition-based regulation might not be sufficient.
– The hierarchical (tier-based) Internet infrastructure influences business relations, creates dependence on the decisions of the top-level carriers and impacts the competitiveness of ISP at on the ground levels.
On the other side, a need for a more firm involvement of regulators and governments was disputed by several speakers on following bases:
– Broadband is a capital investment industry, and the regulatory interventions may increase risks.
– Rules should not preclude innovations in either technology or business models to run and be tested; it is likely the market-driven innovations would bring benefits for users as well (greater choice, lower prices, better quality)
– Governments’ interference would as well endanger neutrality of the net.
A general zone of consent of all speakers was that a collaborative multistakeholder work should be done towards establishing principles and norms that actors – especially carriers – should follow (including transparency and non-discrimination). It was discussed that the regulators should embrace such principles and should act as mere safeguards, taking the enforcement action only if a problem occurs. A question was also raised if the regulators can use the existing authorities to intervene when needed, or if new regulations are needed to provide such authorities.
Economic models were another important thread of the debate. Statistics of global use presented suggested that the common users currently subsidise power users; instead, it should be that the entry level users are able to afford entry level, while power users pay for their power use. Two possible models were discussed to overcome the drawbacks of the current “all you can eat” model:
A) “Volume charging” approach within which power users would pay more. While this approach (typical for electricity or water pricing) might be the fairest one, charging consumers would result with higher prices for some.
B) “Two-Side Market” models within which carriers would charge content and service providers for their access to consumers. While these models (innovative on the Internet) may lower connection prices to end-users and potentially enlarge the pool of accessible and affordable applications, they might likely heavily impact core principles of access rights of users and might lead towards packaging the Internet offers.
A caveat was brought up by representatives of developing countries that the western (especially US) economic models may not be easily implemented globe-wide – in developing countries competition is weaker – if any, governments’ relation to open-market is commonly different, and there are many “cultural specificities”.
The debate over whether it should be allowed for carriers to charge content and service providers was particularly rich. On principal bases several speakers emphasised that any innovative economic model like this should not be legally precluded but rather given an opportunity for market to shape it in convenient way beneficial to all. Justifying such approach they outlined that the content and service providers do already pay to carriers for their high bandwidth connections but not to the access to consumers. In such a two-side market approach, they argued, the business would pay more, instead of the users – which might bring great benefits especially to developing countries, enabling greater accessibility and more users.
This model was strongly disputed by other speakers, arguing that it would not be practically feasible without endangering rights of users to access any content, application or service. Charging content providers would lead to a “pay more and you get the job” approach, possibly leaving out of a carriers offer those not willing to pay (enough), which would in return lead towards creating packages of offered services by carriers, directly influences the choice of end-users. A cable-TV was taken as example, extrapolating it to cases of packages offering Facebook but not MySpace, Bing but not Google, in-house VoIP but not Skype, and alike. Further, it was said, charging content and service providers might endanger innovation and diversity: even if a carrier would be price-sensible towards emerging and small service providers – it is in its interest not to reduce the value of its network by reducing choice – those that would not like to pay would probably be off the carrier’s net. In order to preserve openness and diversity zero-prices would be needed for non-commercial groups, informal online learning platforms, presentations and broadcasts of cultural content – including music, arts or languages. This might have considerable impact on innovations and access in developing countries, and might result in requiring them to pay even more on the top of what they are already paying – subsidising the global net by being at the end of the economic chain.
Common view was taken that innovations on both infrastructure and applications side should be promoted. Different perspective existed, however, on how the basic principles of Network Neutrality impact innovations, and vice-versa. Having the emerging needs and habits of users, a “fit-for-purpose” Internet based on the applications was suggested. Concerns were raised, nevertheless, that such a concept might lead towards packaging the offer and limiting access rights of the users. Besides, innovations in services should not hamper innovations on the network ends (including open source) due to unfair payment models; also, innovation in developing world should not be hampered by models from developed world. A general impression emerged that no innovation – be it a technological or an economical one – should be initially precluded as long as it does not harm the core principles of Network Neutrality.
Lastly, a link between Network Neutrality and liability of carriers for illegal content was made. It was noted that, if carriers are to provide transparent and non-discriminatory traffic management, providers should be “reasonably free from liability of transmitting content and applications deemed illegal or undesired by third parties”. It was also noted that no protocol or application should be banned on bases of what some people might use it for (as happened with P2P applications).
The malicious community, global in nature, has become organized, committing various acts of cyber crime. While the basis of most criminal activity is financial there are other aspects that deal with revenge, some form of espionage or simple form of rivalry. Through such levels of organization and financial backing the malicious community has become more sophisticated with how they are able to launch and be successful with their attacks.
DNS providers are not affected by the Net Neutrality debate as their responsibility is to help Internet users connect with their application(s) of choice. As such DNS providers, by nature of their technical responsibility, are neither for nor against Net Neutrality.
Network infrastructure, however, is directly impacted by cyber criminals. From a DNS perspective cyber criminals affect network infrastructure by either attacking DNS directly or by using DNS to launch their malicious attacks.
If DNS is attacked directly the resiliency of the internet may suffer as DNS may be taken off-line in some areas of the globe, thus creating outages for initial routing. Such disruptions in, or attacks to Internet resiliency decrease confidence in Internet use by its user-base.
If DNS is used to launch attacks DNS may be indirectly affected by the increased volume of traffic. Such increases in traffic may flood some DNS providers, thus regionally impacting a DNS provider’s ability to provide DNS services for areas experiencing the largest levels of criminal traffic. DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks are the main culprit of increased levels of traffic. DoS or DDoS attacks are where specific websites are targeted with a flood of data packets. The sudden flood of packets is too much for the sites to handle, essentially taking the site off-line. Not only will cyber criminals use DNS to carry out their attacks, the shear volume of traffic generated by such attacks can impact DNS providers with the unintended consequence of appearing to be in the midst of a regional outage. Such DoS or DDoS attacks are aimed at organizations in order for cyber criminals to inflict financial harm on the organization they are attacking, to gain superiority over the organization they are attacking, or hold the organization hostage until they pay to have the attack stopped. At any given time there can be close to 1,000 DoS or DDoS attacks happening around the globe. As such network providers have to handle all of the traffic associated with such malicious, criminal activity.
Another form of Internet traffic generated from the malicious community deals with spam, or unsolicited e-mails. In many cases such spam has lead unsuspecting users to sites with malicious intent. Such intent can result in the computers of such unsuspecting users to become infected with computer viruses. It is from these infected computers that cyber criminals are able to launch DoS or DDoS attacks. It is from such infected computers that cyber criminals are also able to launch additional spam campaigns. With regards to spam over 90% of all e-mails is spam.
With all of the traffic, or data traversing the Internet associated with the malicious community, how might this impact organizations within the Internet Substructure? Might organizations within the Internet Substructure be able to help?
Education is the biggest defence against cyber criminals or members of the malicious community. CERTs (Computer Emergency Response Teams) help identify items that can have a negative impact to users of the Internet. Such items can be alerting users to bugs in software that may be exploited by organized cyber criminals. CERTs can also provide members of the Internet community with information on how to prevent computer infections and attacks from the malicious community. CERTs are being established in various countries around the globe. In Europe there is the desire to have a CERT in each of the EU Member States. Other countries may have multiple CERTs, where there may be a CERT for each of the country’s industry sectors. CERTs serve as an excellent platform from which education can be launched. Such educational efforts will be used not only for Internet users of a specific country, but also to help other organizations within the country’s respective Internet Substructure (such as ISPs), educate their customers on how to curb activity from the malicious community. By helping to educate a country’s populace on how to curb the Internet’s malicious community they are also playing a leadership role for those countries that do not have any rules, or framework regarding Net Neutrality.
Within developing nations infrastructure may be limited. Such countries may also have a limited or incomplete number of organizations to help form a healthy Internet Substructure. Where countries have one, or a very limited number of ISPs, an ISP’s greatest challenge is to secure funding to provide bandwidth for its uses. Until secure in its funding a struggling ISP may have to operate based upon the wishes of its major funding providers, thus not able to implement an “equal access for all” policy as found with one part of the Net Neutrality debate. Under such circumstances a CERT, through its educational efforts in curbing malicious Internet activity, can have a positive affect on yielding additional bandwidth normally cluttered by cyber criminals.
Cyber criminals also gravitate towards countries that are considered weak in regards to its cyber image; meaning citizens or companies do little to implement standards used to fight cyber crime. Such weakness allows them to launch and maintain their attacks with least resistance. An effective CERT can discourage cyber criminals from conducting their attacks from what might be considered a cyber-weak nation.
Today’s Internet is cluttered with packets from the malicious community. Having a cleaner Internet should free up bandwidth to carry traffic for new applications. We are already seeing needs for increased traffic that cross traditional boarder, cultural and sector boundaries. For example EID, or Electronic ID, censors have the capability of transmitting their information via the Internet as containers they are connected to are shipped to their final destination. As we see the emergence of smart technologies, such as smart electric grids or microchips residing in home appliances, all devices serve as a source for communication across the Internet. Such technologies, however, can be targeted by organized cyber crime. Through modification of the Lisbon Treaty we will soon see communication, once reserved among those within identified sectors, to occur among those across sectors. Social networks and blogs continue to proliferate and in some cases such blogging and social networking efforts are pushing cultural boundaries. As we saw with the recent election in Iran while some technologies were blocked other technologies emerged allowing information to flow across the Internet from Iranian citizens.
Cross border, or the international aspects of ensuring Net Neutrality can be difficult to enforce for multiple reasons.
1) Countries or regions (such as the EU) can have different rules or interpretations of what Net Neutrality means. Some countries, particularly emerging countries, have no rules or guidelines regarding Net Neutrality. In the EU, for example, the Telecommunications bill was recently modified to make it easier to ensure everyone has full access to all applications across the Internet. This loosens the power existing “3-Strikes” laws have within EU countries. “3-Strikes” laws were designed to curb the downloading of illegal content by threatening users with disconnection from the Internet. Finland has gone as far as declaring access to the Internet as a “Civil Right”.
2) Based upon culture some countries will deem some data to be off limits to Internet users within their respective country. Such countries are, or have introduced filtering of specific sites based on content.
3) There has already been a court case, launched in Australia, to have content removed from a website located in the US. While the case lost it points to an example of how cross-boarder disputes may arise based upon content or applications that may exist legally in one country but may be counter to laws or culture of other countries.
Such instances have a direct impact on organizations that form the Internet Substructure as countries look to organizations within the Internet Substructure to provide such filtering. In other cases organizations within the Substructure are taking it upon themselves to address issues related to cyber crime. Examples include:
• Australia, through the Australia Internet security initiative (AISI), is asking ISPs to provide filtering to curb botnets.
• Australia, through its government-sponsored filtering program, is wishing to implement filtering through its ISPs using a government created filtered list of what is considered “undesirable”.
• German government passed a law empowering the German police to issue a daily filter file to German-based ISPs. The focus of the list deals with filtering child pornography site.
• Dutch ISPs have come together to form a treaty to help fight botnets.
• DNS providers, such a CommunityDNS, have the capability of identifying sites which are used by the malicious community. Viruses on infected computers need to contact their respective control centres. In this case the DNS provider can help ISPs identify which computers on their network are infected.
• Georgia Tech recently received a grant to develop technology on how to thwart malicious activity within cellular networks.
While the debate on Net Neutrality continues on whether providers should or should not have the ability to prioritize data, cyber criminals are flooding our networks with spam and attacks. Such efforts undermine the resiliency of the Internet. Through education and common-sense security efforts people, governments and organizations can work together to curb criminal activity. Organizations forming the Internet’s Substructure can work to provide the education and technology necessary for combating malicious activity, thus raising confidence in Internet usage as well as a country’s cyber image. The question raised in this debate is from the security perspective should members of the Internet Substructure be able to drive intelligence into the Substructure to combat cyber crime?
BASIC PRINCIPLES AND REGULATORY INVOLVEMENT
Third part of the panel aimed at bringing in the regulatory perspectives of the Network Neutrality debate. The regulators expressed the view that the Internet has become a public sphere, and that their role is to safeguard the interests of all players, keep the market balanced and assure it is fair for all users. To that end the opinion was heard that all traffic should be treated equally in a value sense – though of course not identically. As an ultimate goal the principles of neutrality should assure the equality of opportunities for all.
While a broader view of the Network Neutrality principles encompassed anything related to free access to information, end user choice and access to services, transparent and non-discriminatory traffic management was reiterated as common ground by all speakers. For developing countries with limited infrastructure and thus bandwidths, such as Egypt, a fair usage policy is considered to be an important principle on users’ side to avoid congestion – affordable prices and fair access to all are protected also by the OECD bit-cap scheme (bandwidth drops to 128kbps or so after a certain download limit of a flat-rate has been crossed). The importance of neutrality on international level was also emphasised – that the traffic from all countries should be treated the same way, with no preferences based on termination costs, which might otherwise disadvantage developing countries.
In some countries such as Brazil, discrimination of packages is not allowed except for technical and ethical aspect. Judging on the justification, nevertheless, has to be done on case by case bases, yet certain core principles would be of a great help not only for the regulators but also for the juridical authorities if needed. It was noted, however, that the very understanding of “ethical aspect” when it comes to preventing “objectionable” and even illegal content (except in case of child pornography) varies dramatically across the globe, and so does the understanding of the concept of Network Neutrality. Link back to a discussion on liability of providers was made again.
Norwegian principles – reflecting the approaches of European Union, United States and Japan mainly – were discussed as a solid base for possible international principles:
1) Transparency principle: users are entitled for the Internet connection with a predefined capacity and quality of service.
2) Non-blocking principle: users are entitled for the Internet connection that enables them to send and receive content of their choice, use services and run applications of their choice, to connect hardware and use software of their choice that do not harm the network.
3) Non-discrimination principle: users are entitled for the Internet connection that is free of discrimination with regards to type of application, type of service, type of content, or based on sender or receiver address.
It was stressed jointly that regulators do have a role to play in the telecom market and services, though only as safeguards from a possible market failure, which might lead to harming the access rights of users and their choice. Besides, the regulators found themselves responsible to act in cases of network congestion, illegal conducts, security threats or breaches of user rights. In order to protect the interests of users and citizens, but also of service and content providers, it was explained, the regulators should bring up a lawful scene that would establish and promote competition on one hand but also put up the provisions for consumer protection on the other.
Discussing the ways regulators should act, the speakers have however not taken hard regulation and legislation as a most favourite way – on contrary, they esteemed legal procedures as too harsh and expensive. Instead, they invited for a multistakeholder-based approach to designing soft co-regulations, to re-assure consumers and business that market can be regulated without hard law. These co-regulations would nevertheless be binding agreements around core principles (such as the Norwegian ones). Any breach of the agreement and the principles within would firstly be put through a “name-blame-shame” pattern, encouraging self-corrective measures; ultimately, further absence of respect for the principles might be a trigger for turning the agreement into legislation. It was a general atmosphere throughout the panel that none would really embrace hard law.
Further discussions are needed on defining the appropriate network management, based on existing commonly acknowledged principles. Council of Europe has started working on developing guidelines and principles in form of practical tools for Internet Service Providers for network management. This initiative along with the work of the Norwegian authority were offered as examples of the inclusive and transparent processes leading to very concrete and useful documents ensuring equality of opportunities for all.
Conclusions and further comments:
The workshop clarified a general consensus on the basic principles related to Network Neutrality – rights of users to access any content, application or service, and transparent and non-discriminatory network management, as well as the right of carriers to manage the traffic in accordance to these principles. A straight-forward challenge was posed for future discussions: defining appropriate network management.
A shift was suggested in terminology: using “Policies for Open Internet” instead of “Network Neutrality”, yet was not unanimous. It was agreed that the term should reflect a normative base of deciding what appropriate traffic management is. It should also be able to convey the essence of the debate to the wider audience. While there is space for more deliberation on the term, it is likely both terms will be used equally in future.
Innovations were jointly supported as long as these do not endanger core principles and do not hamper other innovations. The innovations in economic models were carefully debated, while the model of carriers charging content and service providers came into forefront of discussions and will need further analysis and debates.
More should be explored on how each of these discussions impact developing countries. Besides, the impact of emerging trends – such as mobile services and cloud computing – on Network Neutrality should be analysed.
A key challenge that emerged from the workshop and that might present a basis for future debates is:
What would be the right ecosystem that would respect core principles while also encouraging innovation and investments, mainly based on the competition?
While the debate on Net Neutrality continues on whether providers should or should not have the ability to prioritize data, cyber criminals are flooding our networks with spam and attacks. Such efforts undermine the resiliency of the Internet. Through education and common-sense security efforts people, governments and organizations can work together to curb criminal activity.
Organizations forming the Internet’s Substructure can work to provide the education and technology necessary for combating malicious activity, thus raising confidence in Internet usage as well as a country’s cyber image.
The question raised in this debate is from the security perspective should members of the Internet Substructure be able to drive intelligence into the Substructure to combat cyber crime?
While different views existed on the level of involvement of regulatory authorities within broadband policy maters, a common standing was expressed that a collaborative multistakeholder work should be done towards establishing global principles and norms that actors should follow. These principles should be shaped through soft co-regulations, such as agreements, that would initially use “name-blame-shame” mechanism to protect the principles; though neither regulators nor business would have interest to see it, these might ultimately be transformed into a hard legislation if not respected by the actors.
Norway guidelines might be taken as a starting point for an agreement of a more global scale. Council of Europe recent initiative on producing practical tools for carriers and service providers may present a good global working framework.
Further panels and debates should be organised within the IGF process – on global, regional and national levels – to raise awareness of all aspects of the debate to various stakeholders, to reach consensus on certain core global principles but also define eventual culturally-varying aspects, to analyse possible new economic models and their relations to core principles, to discuss emerging trends (cloud computing, oligopolies and service providers, search engines, Internet of things and NGNs, etc) and the implications to Network Neutrality principles – especially to developing countries.
Formatted final report, link to video coverage, and links to other documents and materials related to Network Neutrality debate will be available at: