Policy making has become predominated by sponsored research, politics, campaign contributions and rhetoric. In light of an apparent disinterest for the facts it comes as no surprise that the network neutrality debate highlights opposing perceptions about the impact from changes in the next generation Internet. Regrettably no unbiased fact finding appears readily available, because politicization at the FCC prevents fair minded assessment by the Democratic and Republican Commissioners and heretofore the conflict has not generated a question of law or fact reviewable by a court.
— Rob Frieden: Internet 3.0: Identifying Problems and Solutions to the Network Neutrality Debate, 2007.
in June I participated on a panel on network neutrality hosted at the June cybersecurity meeting of the DHS/SRI Infosec Technology Transition Council (ITTC), where “experts and leaders from the government, private, financial, IT, venture capitalist, and academia and science sectors come together to address the problem of identity theft and related criminal activity on the Internet.” Here is a belated recap of my thoughts on that panel, including what network neutrality has to do with cybersecurity.
Many academics have gotten a lot of mileage (publications, funding, tenure) out of spreading the “network neutrality” meme since law professor Timothy Wu introduced the term in a 2003 paper in the University of Colorado’s law journal. I find the meme and its surrounding literature represent a weak substitute for public policy research based on real data from real networks. (An allegation that could equally be directed at other sub-disciplines of Internet science, and for the same reasons.)
The success of the meme is also symptomatic of a post-traumatic stress response to the death of a similar meme with far higher stature and longevity — common carriage, the demise of which Eli Noam predicted way back in 1994. His paper accurately predicted that the success and ubiquity of networks and the increasing convergence of communications and computing — and competition — would (did) lead to the death of common carriage in the industry.
There is plenty of blame to spread around. You can blame the government for improper oversight. You can blame the private sector for lobbying/bribing the government not to do proper oversight. You can blame failure of consumers to understand the issues. (Sound like the sub-prime mortgage crisis yet?) With enough money, you can, and many did, weight disproportionate attention to blaming various factors that are not you. But what is under the (generally proprietary) hood of all network neutrality controversy is simple: the economics of building and operating sustainable packet-switched networks in the 21st century. Not coincidentally, economic considerations are also at the root of most of our cybersecurity problems, or more precisely of our failures to make progress on them.
One point on which I disagreed with other panelists (and others who fondly recall when we had 3,000+ DSL providers in the early 90′s) was about whether network neutrality was merely about the lack of competition for broadband access. The history of common carriage, analyzed in detail by academic scholars Andrew Odlyzko and Susan Crawford, reveals that vertically integrated industries (i.e, a single company owns the infrastructure carries services on top of it) have tremendous incentives to discriminate, even when competition exists. For the Internet, the implication is that while re-establishing competitive access to fiber (layer one) is necessary, it is not sufficient — society still needs a mechanism (not just policy) to guarantee non-discriminatory access.
It used to be that non-discriminatory access to (what were termed) essential facilities was a universal good of any network intended for public use, not just communication networks: railroads, canals, roads — it goes way back. It was also a fundamental tenet of the 1996 Telecommunications Act, which although entertaining the notion that layer one (fiber, conduit, “tubes”, “facilities”) might not always be a natural monopoly, at least temporarily required non-discriminatory access to facilities, while facilities-based competition was (ostensibly expected) to develop. And indeed, for while in the early 90s we had (not facilities-based) competition.
But the 1996 Telecom Act was so poorly written that its only reliable ramification was wealth transfers to lawyers and lobbyists, as industry and government spent several years suing each other over its interpretation, and industry lobbyists spent many millions of dollars convincing receptive courts and the FCC to remove these obligations to provide non-discriminatory access. Although considered by many to be an inflection point, the Brand-X decision was more of an evolutionary step in the long trajectory away from open access to such essential facilities in the United States.
In essence, the [Federal Communications] Commission has shifted from the notion that non-discriminatory access to general-purpose communications networks is always necessary because of their public-ness and the spillover effects they create (non-discrimination presumption) to the idea that non-discriminatory requirements are only necessary where firms have monopoly power (discrimination presumption). It is on this “monopoly” rationale, and on the basis of its belief that the market for high-speed Internet access is competitive, that the Commission has gradually lifted non-discrimination obligations from providers of high-speed Internet access.
— Susan Crawford, Transporting Communications, 2009
So the FCC, and the surrounding regulatory apparatus, came to believe that non-discriminatory access was no longer a universal requirement, but only an issue in need of oversight in situations lacking competition. But it was exactly the non-discriminatory access requirement that enabled the competition in broadband access in the first place (and also enabled the Internet), and when the non-discriminatory access requirement went away, so did the competition. Unfortunately for consumers, for the rest of the decade the FCC also continued to embrace the belief that we had competition. Although they have recently recognized the need for a reality check on both of these beliefs, they have not yet outwardly admitted that they are simply not true. Instead their strategy seems to be to back themselves into a corner while struggling to operationalize this fundamentally broken network neutrality meme.
As in the financial (and many other IT-related sectors, which is most sectors by now) it is not too hard to convince congressmen that technology is moving so fast that the government could not possibly understand enough to design, implement and execute enlightened regulation of it. Ironically, the underlying network and routing protocols under the hood of the Internet have not fundamentally changed in decades.
My three concluding recommendations related to network neutrality were not original, and both also apply to persistently unsolvable cybersecurity problems, since what network neutrality and cybersecurity have most in common is the lack of available empirical data on operational networks driving policy discourse. First, as S&T Division Director Doug Maughan has long and tirelessly argued, we must educate the lawyers. (Former FCC chairman Michael Powell has also suggested restructuring the FCC to have a much smaller fraction of them..)
Second, as fellow panelist Rob Frieden has long argued, the FCC should require more meaningful disclosure related to network management practices, performance characteristics, and terms and conditions of their broadband services. The gaping and unavoidable loophole of the FCC’s proposed network neutrality framework is that differential treatment of traffic based on content must only be allowed for “reasonable network management”, which includes anything related to security, a blithely moving and necessarily subjective target.
But it is precisely because the government is in no position to define and enforce “reasonable network management”, that the endgame must be that carriers do not have financial interest in the content of what they’re carrying — the same conditions that made the Internet possible. So my third recommendation is also a prediction — we must replace this broken unit of policy discourse with a more demonstrably productive one. The network neutrality meme is in the process of costing us another decade of empirically grounded debate, and it will ultimately fail to accomplish its own objective: non-discriminatory access to the infrastructure. The real solution, as history repeatedly has taught us with other critical infrastructures, is to structure (architect, regulate) the industry to financially separate the pipe owner from the providers delivering services over it. Pipe owners must not be able to monetize the semantics of the bits by design As the other panelists and other realists would assure you, structural separation is unlikey to happen in this country in the foreseeable future. Even non-discriminatory (“open”) access requirements will be hard to recover, despite the fact that in all countries with much higher penetration or much higher bandwidth to the home, such open access requirements exist. The structural separation meme has not yet really begun to spread, but history suggests it is merely a matter of time.