Finally, a process we started almost three years ago has reached a milestone: the first public draft of The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research and its Companion Report were posted on the DHS and SRI web sites (respectively) last month.

DHS’s Science and Technology Directorate, through its PREDICT program, sponsored this report on ethics in Information and Communication Technology Research (ICTR). The culmination of a multi-year effort by network and security research stakeholders to lay out a guiding framework to identify, navigate, and resolve ethical issues in ICTR, this report is intended to be a dialogue launch point for the community of researchers, oversight entities, and policymakers to reflect on ethical issues in security and network research. Public comments are encouraged via the Federal Register through 27 February 2012. I’m pretty sure all comments are responded to and/or integrated into the next version of this report. Hopefully the report will also be the topic of discussion at some conferences and workshops this year, so that the community can get out ahead of these issues before we find ourselves facing legislative overreaction to catastrophe (or even perceived catastrophe). Please consider reading and submitting a comment.

I kicked off 2012 with a visit to Colorado State University in Fort Collins, CO to attend the principal investigators (PI) retreat for the Named Data Networking Project, one of four projects funded under NSF’s “Future Internet Architecture” (FIA) program. Impressive progress since the first FIA meeting, with substantial development and coordination of the NDN Testbed connecting the initial participating institutions, including network status reporting, state of (phase-one) OSPF routing, and testbed status pages. This two-day meeting packed in a wide range of collaborative discussions of architecture and implementation issues, including: topology and namespace structure and constraints; organizational structure and network management; routing and forwarding strategy; security issues such as attribution and privacy; early experiences with application development; evaluation and measurement; social and ethical values in technology design; and educational outreach (classes teaching NDN concepts). We also discussed how to dispel the misconception that NDN is simply collaborative web caching. (The caching is essential but the most revolutionary piece of this new communication model is retrieving data by names.)

Those familiar with the new emerging information-centric networking movement in the computer science research community will recognize NDN’s fundamental theme: replace the endpoint (identified by an IP address) as the fundamental anchor of the communications architecture with the data (identified by a name). To communicate in NDN, users post named interest(s) that propagate toward where the data resides (now relying on conventional routing protocols for the underlying routing fabric but eventually hopefully using previously developed revolutionary greedy routing mechanisms) and receives, from cryptographically vetted publishers, signed object(s) matching the requests. Conceptually simple, with many collateral benefits offered by the minimization of unnecessary layers. The application is much closer to the network. Mobility is inherent, since the notion of location has been removed as an architectural anchor.

While at least a dozen papers have resulted from this project thus far, even more tangible progress has occurred on the development and experimental deployment side. A key strength of this project (as mentioned previously) is a deployment path via a testbed overlay on the current Internet. Beichuan Zhang and Lan Wang have coordinated an OSPFN implementation that distributes name prefixes in OSPF and ccnd, and a ccnx-dhcp to help local bootstrapping, which will eventually include configuring default routes, local topology and hub discovery. Applications are already running on the NDN testbed including audio, video, and multi-user chat, which are being used by weekly project coordination calls; additional performance-related testing has been conducted using supercharged PlanetLab nodes.

In parallel, different teams are pursuing the various threads of research promised for the NSF project. Patrick Crowley is leading the investigation of how fast we can get NDN nodes to forward packets, and building traffic generators to evaluate and inform the protocol design. The security research team will present their first preliminary analysis of privacy, anonymization, and signature efficiency in NDN at this month’s NDSS conference. Edmund Yeh is creating a stochastic control and optimization framework to to formally (analytically) evaluate network performance, as well as coupling theoretical and experimental evaluation of joint forwarding and caching algorithms.

One of the next big R&D challenges is effective measurement techniques, not only for network management and performance evaluation — (“This node is being flooded with interests!”) — but also to support new types of network routing and application development and debugging (“Why is my application not getting the data?”).

We still need to study the impact of topology structure on network operations and management as we expand the set of external participants experimenting with the current platform and applications. We also still need core management functions such as methods to identify misbehaving nodes/apps, tools for debugging, log analysis, and traffic flow, the equivalents of chargen, traceroute, mechanisms for discovering one’s own local globally routable namespace (NDN prefix discovery) and other routing and institutional key information when joining a new network.

And of course, the eye of the volcano: the data namespace that NDN utlizes, including policy-relevant constraints that might determine what information should be exposed by the namespace structure. Because NDN object names may convey topological as well as content information, network elements could present treasures of performance, topology, and usage data that we can only dream about in the current architecture. But unlike today’s Internet, which convolves topological and organizational (peering) structure with the Autonomous System abstraction, the NDN architecture distinguishes these functions: signatures frame organizational/peer structure, while names frame the topological structure. There are obvious and not-so-obvious implications for privacy and attribution of communications, and we devoted an entire session to discussing social values that guide design decisions, with attorney Paul Ohm promising to help us assess the strength and form of expected tussles should an NDN architecture gain deployment traction.

Colorado State (home of PIs Dan Massey and Christos Papadopoulos) did a fantastic job of hosting the meeting, including a poster session and reception the evening of the first day. Several posters described undergraduate projects in Christos’ recent undergrad class on on NDN networking: running a traditional (modified) IP web traffic generator over the NDN testbed; repeating (and confirming) the 2009 CoNEXT paper experiment on PlanetLab); and a content caching study at CSU’s border router (estimating how much content is static (about half by requests) vs dynamic, and redundant request patterns). The second day included lots of discussion of what applications and supporting tools we should pursue next: including a graphical name space browser; graphical PIT viewer; a serverless Twitter-like application with scope control over message distribution; and a distributed, topic-based discussion board application to facilitate collaboration.

Toward the end of the meeting we discussed NSF’s request for thoughts about next steps after the FIA program currently funding this work (now half-way through its three-year budget). There are tremendous opportunities for synergy with other NSF-funded information science communities such as the Cyber-Physical Systems or the DataNets programs, to experimental deployment in production science settings such as the Open Science Grid (OSG), a national distributed computing grid for data-intensive research. Perhaps most exciting is the potential opportunity that Kevin Thompson (of NSF’s Office of Cyberinfrastructure) described at Internet2′s last Joint Techs meeting: in response to recently commissioned strategic advice, NSF wants to leverage successful R&D investments by transitioning them into campus environments on a broad scale, i.e., with a dedicated program. Since the NDN architecture was designed to solve many of the problems now being faced by campus networks (as well as the rest of the world), I’m optimistic that we could someday see an NDN-NSFNET. Lots of known unknowns and unknown unknowns along that path, but what an exciting path!

[Thanks to our lead PI Lixia Zhang of UCLA for help with this entry.]

I ended 2011 with a short (20 December) visit to a pleasantly warm Washington, D.C. for my 5th FCC Technical Advisory Council meeting. Some of the discussions from the third meeting were extended, others cut off for lack of time. We spent over an hour on the suggestion made by the Legacy Transition working group two meetings ago to advise the FCC to move forward in sunsetting (although we shunned that term at this meeting — “It’s a new beginning, not an end!”) the public-switched telephone network (PSTN). Many questions have arisen repeatedly in the discussions over the course of the last two meetings (and two FCC workshops in between), notably, “What happens to the telephony numbering system?” The initial strategy was imprecise, “The numbering plan will continue to exist but governance and allocation process needs to be considered.” Another repeated question has been “What exactly do we mean by PSTN?”

Interestingly, at this meeting the FCC staff themselves presented some thoughts on the way forward for the PSTN, before the working group got to present, thus some redundancy ensued. Still no resolution on numbering, or its post-PSTN replacement “identification”. Several TAC members including Vint Cerf and Dan Reed emphasized the importance of naming conventions for an expansive set of services now displacing what we used to call voice. Furthermore, since most people still use mobile phones in the same small set of locations, the permanent connectivity or attachment of the phone number to the individual is even more fundamental to the architecture than constant mobility.

As the working group emphasized back in July, the PSTN transition is neither a TAC nor an FCC initiative — consumers are driving it, i.e., dropping their landlines with alacrity. There was rough consensus on the need to consider several technical and policy issues, including: promoting competition; universality and carrier of last resort (including USF and reciprocal compensation); transitioning services that depend on the PSTN; reliability, continuity, accessibiity, 911; homeland security/CALEA; and privacy/personal security. Open questions include those as mechanical as “What replaces RJ11?” and as economic as “What/Where are the most efficient points of interconnection?” (Well, both questions bear mechanical and economic considerations.) The industry still lack IP-based technical standards to ensure quality and reliability of voice, and the FCC’s regulatory posture carries an embedded assumption — understandable given its century of commissioned responsibility — that voice is something to specifically protect rather than treat as another bucket of data being transported across the network.

Tom Wheeler captured a less surprising industry opinion that unencumbering industry from the body of laws and court precedents based on the PSTN would facilitate the advance of market forces. Marvin Sirbu was worried we might be overestimating the speed at which citizens are really moving to VOIP. While there was disagreement over details, there was broad consensus that IP was going to be the mechanism for most end-to-end carriage.

Less time, about 15 minutes, was spent discussing the IPv6 working group’s results (a “benchmarking document”) and recommendations, mostly punting the problems to next year starting with a joint workshop with NTIA in February. There was only time for one comment, from Vint, before the FCC chairman spoke, after which we went on to the next topic. Vint had four rapid-fire points: (1) IPv6 is NOT a transition, but rather introduction of an additional capability; (2) there is a very real threat of a cascading NAT environment; (3) NIST should be involved in IPv6 measurement; (4) OMB should be involved in government procurement guidelines for IPv6 network services. I disagree with his first point, but the lack of government coordination and consistency is painfully clear. OMB already has an IPv6-related mandate, but there are no IPv6 support conditions on the broadband stimulus money or other sources of USG funding (IPv6 conditions on USF funding are being discussed). My bigger concern with benchmarking is that current IPv6 measurement activities send mixed signals to industry — customers are not planning since the best available data implies that carriers are not planning to deploy it in the next 18 months.

The best suggestion I have heard so far (from Geoff Huston) is for the FCC to ask of its own constituency to publish their 24-month IPv6 deployment objectives so that current and potential customers of their services are aware of their plans, and then in 18 months ask the same set of to folks publish their actual IPv6 deployment achievements and what their objectives are for the ensuing 24 months. This recommendation would be consistent with the FCC’s “transparency and disclosure” approach to other issues. But there was no time to discuss IPv6 at this meeting, maybe next time. Hopefully I will have some results to report from CAIDA’s IPv6 growth scenario computational modeling study.

We agreed to narrow the set of TAC study topics for 2012 to three: IPv6; the PSTN transition; and receiver standards to support sharing. Next meeting in March 2012.

The last line of this FCC announcement is ominous enough:

(more…)

Policy making has become predominated by sponsored research, politics, campaign contributions and rhetoric. In light of an apparent disinterest for the facts it comes as no surprise that the network neutrality debate highlights opposing perceptions about the impact from changes in the next generation Internet. Regrettably no unbiased fact finding appears readily available, because politicization at the FCC prevents fair minded assessment by the Democratic and Republican Commissioners and heretofore the conflict has not generated a question of law or fact reviewable by a court.
— Rob Frieden: Internet 3.0: Identifying Problems and Solutions to the Network Neutrality Debate, 2007.

in June I participated on a panel on network neutrality hosted at the June cybersecurity meeting of the DHS/SRI Infosec Technology Transition Council (ITTC), where “experts and leaders from the government, private, financial, IT, venture capitalist, and academia and science sectors come together to address the problem of identity theft and related criminal activity on the Internet.” Here is a belated recap of my thoughts on that panel, including what network neutrality has to do with cybersecurity.

Many academics have gotten a lot of mileage (publications, funding, tenure) out of spreading the “network neutrality” meme since law professor Timothy Wu introduced the term in a 2003 paper in the University of Colorado’s law journal. I find the meme and its surrounding literature represent a weak substitute for public policy research based on real data from real networks. (An allegation that could equally be directed at other sub-disciplines of Internet science, and for the same reasons.)

The success of the meme is also symptomatic of a post-traumatic stress response to the death of a similar meme with far higher stature and longevity — common carriage, the demise of which Eli Noam predicted way back in 1994. His paper accurately predicted that the success and ubiquity of networks and the increasing convergence of communications and computing — and competition — would (did) lead to the death of common carriage in the industry.

There is plenty of blame to spread around. You can blame the government for improper oversight. You can blame the private sector for lobbying/bribing the government not to do proper oversight. You can blame failure of consumers to understand the issues. (Sound like the sub-prime mortgage crisis yet?) With enough money, you can, and many did, weight disproportionate attention to blaming various factors that are not you. But what is under the (generally proprietary) hood of all network neutrality controversy is simple: the economics of building and operating sustainable packet-switched networks in the 21st century. Not coincidentally, economic considerations are also at the root of most of our cybersecurity problems, or more precisely of our failures to make progress on them.

One point on which I disagreed with other panelists (and others who fondly recall when we had 3,000+ DSL providers in the early 90′s) was about whether network neutrality was merely about the lack of competition for broadband access. The history of common carriage, analyzed in detail by academic scholars Andrew Odlyzko and Susan Crawford, reveals that vertically integrated industries (i.e, a single company owns the infrastructure carries services on top of it) have tremendous incentives to discriminate, even when competition exists. For the Internet, the implication is that while re-establishing competitive access to fiber (layer one) is necessary, it is not sufficient — society still needs a mechanism (not just policy) to guarantee non-discriminatory access.

It used to be that non-discriminatory access to (what were termed) essential facilities was a universal good of any network intended for public use, not just communication networks: railroads, canals, roads — it goes way back. It was also a fundamental tenet of the 1996 Telecommunications Act, which although entertaining the notion that layer one (fiber, conduit, “tubes”, “facilities”) might not always be a natural monopoly, at least temporarily required non-discriminatory access to facilities, while facilities-based competition was (ostensibly expected) to develop. And indeed, for while in the early 90s we had (not facilities-based) competition.

But the 1996 Telecom Act was so poorly written that its only reliable ramification was wealth transfers to lawyers and lobbyists, as industry and government spent several years suing each other over its interpretation, and industry lobbyists spent many millions of dollars convincing receptive courts and the FCC to remove these obligations to provide non-discriminatory access. Although considered by many to be an inflection point, the Brand-X decision was more of an evolutionary step in the long trajectory away from open access to such essential facilities in the United States.

In essence, the [Federal Communications] Commission has shifted from the notion that non-discriminatory access to general-purpose communications networks is always necessary because of their public-ness and the spillover effects they create (non-discrimination presumption) to the idea that non-discriminatory requirements are only necessary where firms have monopoly power (discrimination presumption). It is on this “monopoly” rationale, and on the basis of its belief that the market for high-speed Internet access is competitive, that the Commission has gradually lifted non-discrimination obligations from providers of high-speed Internet access.
— Susan Crawford, Transporting Communications, 2009

So the FCC, and the surrounding regulatory apparatus, came to believe that non-discriminatory access was no longer a universal requirement, but only an issue in need of oversight in situations lacking competition. But it was exactly the non-discriminatory access requirement that enabled the competition in broadband access in the first place (and also enabled the Internet), and when the non-discriminatory access requirement went away, so did the competition. Unfortunately for consumers, for the rest of the decade the FCC also continued to embrace the belief that we had competition. Although they have recently recognized the need for a reality check on both of these beliefs, they have not yet outwardly admitted that they are simply not true. Instead their strategy seems to be to back themselves into a corner while struggling to operationalize this fundamentally broken network neutrality meme.

As in the financial (and many other IT-related sectors, which is most sectors by now) it is not too hard to convince congressmen that technology is moving so fast that the government could not possibly understand enough to design, implement and execute enlightened regulation of it. Ironically, the underlying network and routing protocols under the hood of the Internet have not fundamentally changed in decades.

My three concluding recommendations related to network neutrality were not original, and both also apply to persistently unsolvable cybersecurity problems, since what network neutrality and cybersecurity have most in common is the lack of available empirical data on operational networks driving policy discourse. First, as S&T Division Director Doug Maughan has long and tirelessly argued, we must educate the lawyers. (Former FCC chairman Michael Powell has also suggested restructuring the FCC to have a much smaller fraction of them..)

Second, as fellow panelist Rob Frieden has long argued, the FCC should require more meaningful disclosure related to network management practices, performance characteristics, and terms and conditions of their broadband services. The gaping and unavoidable loophole of the FCC’s proposed network neutrality framework is that differential treatment of traffic based on content must only be allowed for “reasonable network management”, which includes anything related to security, a blithely moving and necessarily subjective target.

But it is precisely because the government is in no position to define and enforce “reasonable network management”, that the endgame must be that carriers do not have financial interest in the content of what they’re carrying — the same conditions that made the Internet possible. So my third recommendation is also a prediction — we must replace this broken unit of policy discourse with a more demonstrably productive one. The network neutrality meme is in the process of costing us another decade of empirically grounded debate, and it will ultimately fail to accomplish its own objective: non-discriminatory access to the infrastructure. The real solution, as history repeatedly has taught us with other critical infrastructures, is to structure (architect, regulate) the industry to financially separate the pipe owner from the providers delivering services over it. Pipe owners must not be able to monetize the semantics of the bits by design As the other panelists and other realists would assure you, structural separation is unlikey to happen in this country in the foreseeable future. Even non-discriminatory (“open”) access requirements will be hard to recover, despite the fact that in all countries with much higher penetration or much higher bandwidth to the home, such open access requirements exist. The structural separation meme has not yet really begun to spread, but history suggests it is merely a matter of time.

[I posted the following on CircleID today:]

As is well known to most CircleID readers — but importantly, not to most other Internet users — in March 2011, ICANN knowingly and purposefully embraced an unprecedented policy that will encourage filtering, blocking, and/or redirecting entire virtual neighborhoods, i.e., “top-level domains” (TLDs). Specifically, ICANN approved the creation of the “.XXX” suffix, intended for pornography websites. Although the owner of the new .XXX TLD deems a designated virtual enclave for morally controversial material to be socially beneficial for the Internet, this claim obfuscates the dangers such a policy creates under the hood.

(more…)

In response to the U.S. National Telecommunications and Information Administration’s recent Further Notice of Inquiry on the Internet Assigned Names and Numbers Authority (IANA) Functions [Docket No. 110207099-1319-0], I submitted the following comment:

(more…)

My third FCC Technical Advisory Council meeting (3-hr. video archive here) was the most exciting yet. The TAC’s Critical Legacy Transition working group, studying the legacy public switched telephone network, recommended that the Council advise the FCC to set a concrete date to sunset (shut down) the Public Switched Telephone Network (PSTN). (!) The working group recommended the year 2018 as a starting point for lively discussion.

(more…)

Although the outcome is not good news, it is gratifying to see the predictions of a model of the Internet ecosystem being validated by the real world. Specifically, the recent spate of ISP consolidations is precisely what our network formation model predicts. First, Level3 acquired Global Crossing in a deal valued at $3B. A few months later, Centurylink (QWEST) acquired Savvis for $2.5B. Our model predicts that this consolidation will continue unless ailing tier-1 providers find a new source of revenue to compensate for their losses on IP transit.

(more…)

On June 8 2011 a group of content providers, including Google, Yahoo and Facebook, are going to dual-stack their content, in an event called World IPv6 Day. This trial will enable content providers to gain experience with increased levels of IPv6 traffic and gauge the extent and effect of broken dual-stack end-users. CAIDA is cooperating with RIPE NCC’s measurements on this day, providing a dozen Ark monitors to increase the number of vantage points from which RIPE will actively test a set of dual-stacked websites for levels of IPv6 support: existence of AAAA records; ping/ping6 response; traceroute/traceroute6; and HTTP reachability.

(more…)