DHS’s Science and Technology Directorate, through its PREDICT program, sponsored this report on ethics in Information and Communication Technology Research (ICTR). The culmination of a multi-year effort by network and security research stakeholders to lay out a guiding framework to identify, navigate, and resolve ethical issues in ICTR, this report is intended to be a dialogue launch point for the community of researchers, oversight entities, and policymakers to reflect on ethical issues in security and network research. Public comments are encouraged via the Federal Register through 27 February 2012. I’m pretty sure all comments are responded to and/or integrated into the next version of this report. Hopefully the report will also be the topic of discussion at some conferences and workshops this year, so that the community can get out ahead of these issues before we find ourselves facing legislative overreaction to catastrophe (or even perceived catastrophe). Please consider reading and submitting a comment.

Those familiar with the new emerging information-centric networking movement in the computer science research community will recognize NDN’s fundamental theme: replace the endpoint (identified by an IP address) as the fundamental anchor of the communications architecture with the data (identified by a name). To communicate in NDN, users post named interest(s) that propagate toward where the data resides (now relying on conventional routing protocols for the underlying routing fabric but eventually hopefully using previously developed revolutionary greedy routing mechanisms) and receives, from cryptographically vetted publishers, signed object(s) matching the requests. Conceptually simple, with many collateral benefits offered by the minimization of unnecessary layers. The application is much closer to the network. Mobility is inherent, since the notion of location has been removed as an architectural anchor.

While at least a dozen papers have resulted from this project thus far, even more tangible progress has occurred on the development and experimental deployment side. A key strength of this project (as mentioned previously) is a deployment path via a testbed overlay on the current Internet. Beichuan Zhang and Lan Wang have coordinated an OSPFN implementation that distributes name prefixes in OSPF and ccnd, and a ccnx-dhcp to help local bootstrapping, which will eventually include configuring default routes, local topology and hub discovery. Applications are already running on the NDN testbed including audio, video, and multi-user chat, which are being used by weekly project coordination calls; additional performance-related testing has been conducted using supercharged PlanetLab nodes.

In parallel, different teams are pursuing the various threads of research promised for the NSF project. Patrick Crowley is leading the investigation of how fast we can get NDN nodes to forward packets, and building traffic generators to evaluate and inform the protocol design. The security research team will present their first preliminary analysis of privacy, anonymization, and signature efficiency in NDN at this month’s NDSS conference. Edmund Yeh is creating a stochastic control and optimization framework to to formally (analytically) evaluate network performance, as well as coupling theoretical and experimental evaluation of joint forwarding and caching algorithms.

One of the next big R&D challenges is effective measurement techniques, not only for network management and performance evaluation — (“This node is being flooded with interests!”) — but also to support new types of network routing and application development and debugging (“Why is my application not getting the data?”).

We still need to study the impact of topology structure on network operations and management as we expand the set of external participants experimenting with the current platform and applications. We also still need core management functions such as methods to identify misbehaving nodes/apps, tools for debugging, log analysis, and traffic flow, the equivalents of chargen, traceroute, mechanisms for discovering one’s own local globally routable namespace (NDN prefix discovery) and other routing and institutional key information when joining a new network.

And of course, the eye of the volcano: the data namespace that NDN utlizes, including policy-relevant constraints that might determine what information should be exposed by the namespace structure. Because NDN object names may convey topological as well as content information, network elements could present treasures of performance, topology, and usage data that we can only dream about in the current architecture. But unlike today’s Internet, which convolves topological and organizational (peering) structure with the Autonomous System abstraction, the NDN architecture distinguishes these functions: signatures frame organizational/peer structure, while names frame the topological structure. There are obvious and not-so-obvious implications for privacy and attribution of communications, and we devoted an entire session to discussing social values that guide design decisions, with attorney Paul Ohm promising to help us assess the strength and form of expected tussles should an NDN architecture gain deployment traction.

Colorado State (home of PIs Dan Massey and Christos Papadopoulos) did a fantastic job of hosting the meeting, including a poster session and reception the evening of the first day. Several posters described undergraduate projects in Christos’ recent undergrad class on on NDN networking: running a traditional (modified) IP web traffic generator over the NDN testbed; repeating (and confirming) the 2009 CoNEXT paper experiment on PlanetLab); and a content caching study at CSU’s border router (estimating how much content is static (about half by requests) vs dynamic, and redundant request patterns). The second day included lots of discussion of what applications and supporting tools we should pursue next: including a graphical name space browser; graphical PIT viewer; a serverless Twitter-like application with scope control over message distribution; and a distributed, topic-based discussion board application to facilitate collaboration.

Toward the end of the meeting we discussed NSF’s request for thoughts about next steps after the FIA program currently funding this work (now half-way through its three-year budget). There are tremendous opportunities for synergy with other NSF-funded information science communities such as the Cyber-Physical Systems or the DataNets programs, to experimental deployment in production science settings such as the Open Science Grid (OSG), a national distributed computing grid for data-intensive research. Perhaps most exciting is the potential opportunity that Kevin Thompson (of NSF’s Office of Cyberinfrastructure) described at Internet2′s last Joint Techs meeting: in response to recently commissioned strategic advice, NSF wants to leverage successful R&D investments by transitioning them into campus environments on a broad scale, i.e., with a dedicated program. Since the NDN architecture was designed to solve many of the problems now being faced by campus networks (as well as the rest of the world), I’m optimistic that we could someday see an NDN-NSFNET. Lots of known unknowns and unknown unknowns along that path, but what an exciting path!

[Thanks to our lead PI Lixia Zhang of UCLA for help with this entry.]

Interestingly, at this meeting the FCC staff themselves presented some thoughts on the way forward for the PSTN, before the working group got to present, thus some redundancy ensued. Still no resolution on numbering, or its post-PSTN replacement “identification”. Several TAC members including Vint Cerf and Dan Reed emphasized the importance of naming conventions for an expansive set of services now displacing what we used to call voice. Furthermore, since most people still use mobile phones in the same small set of locations, the permanent connectivity or attachment of the phone number to the individual is even more fundamental to the architecture than constant mobility.

As the working group emphasized back in July, the PSTN transition is neither a TAC nor an FCC initiative — consumers are driving it, i.e., dropping their landlines with alacrity. There was rough consensus on the need to consider several technical and policy issues, including: promoting competition; universality and carrier of last resort (including USF and reciprocal compensation); transitioning services that depend on the PSTN; reliability, continuity, accessibiity, 911; homeland security/CALEA; and privacy/personal security. Open questions include those as mechanical as “What replaces RJ11?” and as economic as “What/Where are the most efficient points of interconnection?” (Well, both questions bear mechanical and economic considerations.) The industry still lack IP-based technical standards to ensure quality and reliability of voice, and the FCC’s regulatory posture carries an embedded assumption — understandable given its century of commissioned responsibility — that voice is something to specifically protect rather than treat as another bucket of data being transported across the network.

Tom Wheeler captured a less surprising industry opinion that unencumbering industry from the body of laws and court precedents based on the PSTN would facilitate the advance of market forces. Marvin Sirbu was worried we might be overestimating the speed at which citizens are really moving to VOIP. While there was disagreement over details, there was broad consensus that IP was going to be the mechanism for most end-to-end carriage.

Less time, about 15 minutes, was spent discussing the IPv6 working group’s results (a “benchmarking document”) and recommendations, mostly punting the problems to next year starting with a joint workshop with NTIA in February. There was only time for one comment, from Vint, before the FCC chairman spoke, after which we went on to the next topic. Vint had four rapid-fire points: (1) IPv6 is NOT a transition, but rather introduction of an additional capability; (2) there is a very real threat of a cascading NAT environment; (3) NIST should be involved in IPv6 measurement; (4) OMB should be involved in government procurement guidelines for IPv6 network services. I disagree with his first point, but the lack of government coordination and consistency is painfully clear. OMB already has an IPv6-related mandate, but there are no IPv6 support conditions on the broadband stimulus money or other sources of USG funding (IPv6 conditions on USF funding are being discussed). My bigger concern with benchmarking is that current IPv6 measurement activities send mixed signals to industry — customers are not planning since the best available data implies that carriers are not planning to deploy it in the next 18 months.

The best suggestion I have heard so far (from Geoff Huston) is for the FCC to ask of its own constituency to publish their 24-month IPv6 deployment objectives so that current and potential customers of their services are aware of their plans, and then in 18 months ask the same set of to folks publish their actual IPv6 deployment achievements and what their objectives are for the ensuing 24 months. This recommendation would be consistent with the FCC’s “transparency and disclosure” approach to other issues. But there was no time to discuss IPv6 at this meeting, maybe next time. Hopefully I will have some results to report from CAIDA’s IPv6 growth scenario computational modeling study.

We agreed to narrow the set of TAC study topics for 2012 to three: IPv6; the PSTN transition; and receiver standards to support sharing. Next meeting in March 2012.

On July 13, 2011, a workshop of economists was convened at the Federal Communications Commission to discuss certain economic issues of AT&T’s proposed acquisition of T-Mobile. The workshop was divided into two panels. The first, on Market Definition and Unilateral and Coordinated Effects, included the following panelists: representing the Applicants from Compass Lexecon, Dennis Carlton, Robert Willig, and Mark Israel. Representing Sprint from Charles River Associates were Steven Salop, Serge Moresi, and Craig Romaine.

Participating in the second panel, which discussed Efficiencies, the But-For World, and Exclusionary Effects/Raising Rivals’ Costs, were the following panelists: representing the Applicants from Compass Lexecon, Dennis Carlton, Robert Willig, and Mark Israel. Representing Sprint from Charles River Associates were Steven Salop, Stanley Besen, and John Woodbury.

When it is available, the transcript of the workshop will be provided for review by individuals with access to highly confidential and confidential information.

http://fjallfoss.fcc.gov/ecfs/document/view?id=7021692592

But equally eye-opening is the economic consulting firm AT&T is using — the same one ICANN used to “study” whether gTLD expansion would benefit consumers. Unlike this transcript, that study I was actually allowed to read, so I and many others learned how dishonest it was. It is not clear who will learn about “certain economic issues of AT&T’s proposed acquisition of T-Mobile”…

It strangely reminds me of CCIED’s spam value chain study which revealed “the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.” This shared-economist coincidence might be evidence of similar bottlenecks in economic policy development, due to too few neutral economists capable of generating sensible policy recommendations. Like most “independent” pharmaceutical researchers, most economists seem to be on the receiving end of funding from organizations who stand to gain financially from their research generating a certain result.

Policy making has become predominated by sponsored research, politics, campaign contributions and rhetoric. In light of an apparent disinterest for the facts it comes as no surprise that the network neutrality debate highlights opposing perceptions about the impact from changes in the next generation Internet. Regrettably no unbiased fact finding appears readily available, because politicization at the FCC prevents fair minded assessment by the Democratic and Republican Commissioners and heretofore the conflict has not generated a question of law or fact reviewable by a court.
— Rob Frieden: Internet 3.0: Identifying Problems and Solutions to the Network Neutrality Debate, 2007.

in June I participated on a panel on network neutrality hosted at the June cybersecurity meeting of the DHS/SRI Infosec Technology Transition Council (ITTC), where “experts and leaders from the government, private, financial, IT, venture capitalist, and academia and science sectors come together to address the problem of identity theft and related criminal activity on the Internet.” Here is a belated recap of my thoughts on that panel, including what network neutrality has to do with cybersecurity.

Many academics have gotten a lot of mileage (publications, funding, tenure) out of spreading the “network neutrality” meme since law professor Timothy Wu introduced the term in a 2003 paper in the University of Colorado’s law journal. I find the meme and its surrounding literature represent a weak substitute for public policy research based on real data from real networks. (An allegation that could equally be directed at other sub-disciplines of Internet science, and for the same reasons.)

The success of the meme is also symptomatic of a post-traumatic stress response to the death of a similar meme with far higher stature and longevity — common carriage, the demise of which Eli Noam predicted way back in 1994. His paper accurately predicted that the success and ubiquity of networks and the increasing convergence of communications and computing — and competition — would (did) lead to the death of common carriage in the industry.

There is plenty of blame to spread around. You can blame the government for improper oversight. You can blame the private sector for lobbying/bribing the government not to do proper oversight. You can blame failure of consumers to understand the issues. (Sound like the sub-prime mortgage crisis yet?) With enough money, you can, and many did, weight disproportionate attention to blaming various factors that are not you. But what is under the (generally proprietary) hood of all network neutrality controversy is simple: the economics of building and operating sustainable packet-switched networks in the 21st century. Not coincidentally, economic considerations are also at the root of most of our cybersecurity problems, or more precisely of our failures to make progress on them.

One point on which I disagreed with other panelists (and others who fondly recall when we had 3,000+ DSL providers in the early 90′s) was about whether network neutrality was merely about the lack of competition for broadband access. The history of common carriage, analyzed in detail by academic scholars Andrew Odlyzko and Susan Crawford, reveals that vertically integrated industries (i.e, a single company owns the infrastructure carries services on top of it) have tremendous incentives to discriminate, even when competition exists. For the Internet, the implication is that while re-establishing competitive access to fiber (layer one) is necessary, it is not sufficient — society still needs a mechanism (not just policy) to guarantee non-discriminatory access.

It used to be that non-discriminatory access to (what were termed) essential facilities was a universal good of any network intended for public use, not just communication networks: railroads, canals, roads — it goes way back. It was also a fundamental tenet of the 1996 Telecommunications Act, which although entertaining the notion that layer one (fiber, conduit, “tubes”, “facilities”) might not always be a natural monopoly, at least temporarily required non-discriminatory access to facilities, while facilities-based competition was (ostensibly expected) to develop. And indeed, for while in the early 90s we had (not facilities-based) competition.

But the 1996 Telecom Act was so poorly written that its only reliable ramification was wealth transfers to lawyers and lobbyists, as industry and government spent several years suing each other over its interpretation, and industry lobbyists spent many millions of dollars convincing receptive courts and the FCC to remove these obligations to provide non-discriminatory access. Although considered by many to be an inflection point, the Brand-X decision was more of an evolutionary step in the long trajectory away from open access to such essential facilities in the United States.

In essence, the [Federal Communications] Commission has shifted from the notion that non-discriminatory access to general-purpose communications networks is always necessary because of their public-ness and the spillover effects they create (non-discrimination presumption) to the idea that non-discriminatory requirements are only necessary where firms have monopoly power (discrimination presumption). It is on this “monopoly” rationale, and on the basis of its belief that the market for high-speed Internet access is competitive, that the Commission has gradually lifted non-discrimination obligations from providers of high-speed Internet access.
— Susan Crawford, Transporting Communications, 2009

So the FCC, and the surrounding regulatory apparatus, came to believe that non-discriminatory access was no longer a universal requirement, but only an issue in need of oversight in situations lacking competition. But it was exactly the non-discriminatory access requirement that enabled the competition in broadband access in the first place (and also enabled the Internet), and when the non-discriminatory access requirement went away, so did the competition. Unfortunately for consumers, for the rest of the decade the FCC also continued to embrace the belief that we had competition. Although they have recently recognized the need for a reality check on both of these beliefs, they have not yet outwardly admitted that they are simply not true. Instead their strategy seems to be to back themselves into a corner while struggling to operationalize this fundamentally broken network neutrality meme.

As in the financial (and many other IT-related sectors, which is most sectors by now) it is not too hard to convince congressmen that technology is moving so fast that the government could not possibly understand enough to design, implement and execute enlightened regulation of it. Ironically, the underlying network and routing protocols under the hood of the Internet have not fundamentally changed in decades.

My three concluding recommendations related to network neutrality were not original, and both also apply to persistently unsolvable cybersecurity problems, since what network neutrality and cybersecurity have most in common is the lack of available empirical data on operational networks driving policy discourse. First, as S&T Division Director Doug Maughan has long and tirelessly argued, we must educate the lawyers. (Former FCC chairman Michael Powell has also suggested restructuring the FCC to have a much smaller fraction of them..)

Second, as fellow panelist Rob Frieden has long argued, the FCC should require more meaningful disclosure related to network management practices, performance characteristics, and terms and conditions of their broadband services. The gaping and unavoidable loophole of the FCC’s proposed network neutrality framework is that differential treatment of traffic based on content must only be allowed for “reasonable network management”, which includes anything related to security, a blithely moving and necessarily subjective target.

But it is precisely because the government is in no position to define and enforce “reasonable network management”, that the endgame must be that carriers do not have financial interest in the content of what they’re carrying — the same conditions that made the Internet possible. So my third recommendation is also a prediction — we must replace this broken unit of policy discourse with a more demonstrably productive one. The network neutrality meme is in the process of costing us another decade of empirically grounded debate, and it will ultimately fail to accomplish its own objective: non-discriminatory access to the infrastructure. The real solution, as history repeatedly has taught us with other critical infrastructures, is to structure (architect, regulate) the industry to financially separate the pipe owner from the providers delivering services over it. Pipe owners must not be able to monetize the semantics of the bits by design As the other panelists and other realists would assure you, structural separation is unlikey to happen in this country in the foreseeable future. Even non-discriminatory (“open”) access requirements will be hard to recover, despite the fact that in all countries with much higher penetration or much higher bandwidth to the home, such open access requirements exist. The structural separation meme has not yet really begun to spread, but history suggests it is merely a matter of time.

As is well known to most CircleID readers — but importantly, not to most other Internet users — in March 2011, ICANN knowingly and purposefully embraced an unprecedented policy that will encourage filtering, blocking, and/or redirecting entire virtual neighborhoods, i.e., “top-level domains” (TLDs). Specifically, ICANN approved the creation of the “.XXX” suffix, intended for pornography websites. Although the owner of the new .XXX TLD deems a designated virtual enclave for morally controversial material to be socially beneficial for the Internet, this claim obfuscates the dangers such a policy creates under the hood.

Years of unequivocal and pervasive opposition from governments, businesses, and consumer groups shed doubt on ICANN’s plan to launch .XXX, and India has already announced plans to block reachability to XXX. Meanwhile, even ICANN acknowledges that it does not understand the economic and political consequences of legitimizing macroscopic blocking behavior.

In its 20-page defense of the decision, which anticipates defending lawsuits via financing set aside from .XXX registration fees, ICANN claimed there is no evidence that the result will be different from the blocking that already occurs. This assertion implies that ICANN has attempted to study who, what, where, and how domains are being blocked and what technical impacts are observable. This is simply not so.

Despite the explicit request for technical due diligence on the security and stability impacts of TLD blocking by its Government Advisory Committee (GAC) — a weak source of oversight and accountability — the ICANN board never consulted its own Security and Stability Advisory Committee (SSAC) before their decision. When asked by the GAC directly during the March 2011 ICANN meeting, SSAC pulled together a brief advisory just before the next meeting in June, acknowledging the lack of any data to make any judgments regarding blocking, but noting: “All approaches to blocking, and even more so attempts to circumvent it, will have some impact on the security and/or stability of users and applications, and on the coherency or universal resolvability of the namespace.” SSAC offered to investigate the issue further, and in the interim offered an ethical principle — “first do no harm” — to guide the development of blocking policies: “minimizing harm requires a concerted effort to not create circumstances where Internet users outside an organization’s policy domain are adversely affected by that organization’s policy or implementation.”

If ICANN had used such a principle to guide its .XXX decision, it would not have been approved. Putting .XXX into the root will likely lead to significant harms, including castrating free speech rights in countries with repressive regimes or agendas, and weakening Internet (i.e., DNS) security and stability as a result of attempts to both filter out and circumvent filtering of .XXX. This prediction draws support from the May 2011 publication of a paper by a group of leading DNS experts which foretold likely harms from DNS filtering requirements related to proposed U.S. legislation. The report echoed the admonition that filtering would threaten the long-run security, stability, and interoperability of the domain name system (DNS).

Worse, there is no clear public interest case for the inclusion of .XXX in the DNS root database, but rather a few private beneficiaries. The adult content industry has spoken out loudly against it, as have most other communities from across the political spectrum. Who then, does support this policy? A tiny minority of private industry Internet insiders — DNS registries and registrars. ICANN admitted and the industry it regulates proclaimed loudly that ICANN could not let anything further delay its ambitious plans to sell up to 1500 new TLDs a year (launched in June) until something about the Internet observably breaks. Enter the real driver of this policy. We need only reflect on our mortgage crisis to understand how history begs to repeat itself. Picture a digital real estate bubble consisting of infinite character strings (.yournamehere), monetized at $185,000 each, issued under the guise of genuine public debate and transparent policy process, and inevitably resulting in intractable disputes over geographic TLD real estate (does Russia or Florida get .StPetersburg?) and extortion of registration fees to prevent someone else from registering your brand in a new TLD. All done without consideration of the collateral effects on the 6.5B people expected to use the naming system.

But it gets worse — ICANN even acknowledges that .XXX would not meet today’s criteria for a TLD due to the overwhelming community objections, including from the intergovernmental GAC. Rather, ICANN justified its decision to move forward on the platform of consistency of process, clinging to the criteria originally set in 2004 despite their self-contradicting implications. As dissenting ICANN board member George Sadowsky eloquently explained, “it was victory of compulsory adherence to process, rather than a serious discussion regarding ICANN’s responsibility for the future of the DNS and the Internet.” It was a victory of process over goals and of means over ends, where ensuing harm will be met by an ICANN defense of, “But we were only following the process.”

The approval of .XXX marks a historical inflection point, where ICANN’s board formally abandoned any responsibility to present an understanding of the ramifications of probable negative externalities (“harms”) in setting its policies. The most potent effect of creating .XXX on the Internet will be to give credence to the destabilizing concept of multiple namespaces, with political, sociological and economic ramifications that weaken security and stability, whether or not the blocking is even effective. This is not something Wall Street, K-Street, or Main Street will be able to invest, lobby, or vote its way out of.

ICANN’s current arrangement with the U.S. government that aims for transparency, accountability, and the global public interest amounts to little more than hand-waving given the lack of incentives, legal enforceability or other formal accountability to achieve those objectives. The success of ICANN is important, because there is no good alternative. But responsible stewardship of the Internet is more important, and requires earnest and transparent effort to develop policy in the public interest, not only in the financial interest of ICANN and the domain name industry it regulates.

ICANN had every public interest justification, including an obligation and an opportunity with .XXX to demonstrate accountable policy development, to delay the new generic TLD program until it was demonstrated by independent peer- reviewed research that this decision was not antagonistic to the technical and economic security and stability of the Internet. That ICANN chose to relinquish this responsibility puts the U.S. government in the awkward position of trying to tighten the few inadequate controls that remain over ICANN, and leaves individual and responsible corporate citizens in the unenviable yet familiar position of bracing for the consequences.

[Disclosure: Dr. Claffy leads Internet research projects funded by the Department of Homeland Security and the National Science Foundation. She also serves on two advisory committees to ICANN: the Security and Stability and Root Server System Advisory Committees. The opinions here reflect only hers.]

This article also appeared in ACM Sigcomm CCR October 2011.

In response to Question (5), Provision C.2.2.1.3.2 Responsibility and Respect for Stakeholders, the public comments posted so far (19:28PM 29 July 2011) demonstrate the need for language similar to that proposed. Several of the commenters, including the ccNSO, believe that “global consensus” and “public interest” are already in the evaluation criteria for new gTLDs, and so do not need to be called out explicitly in the IANA contract. Other commenters, including ICANN itself, insist that these are not requirements for a new gTLD, a damning admission given that the Affirmation of Commitments clearly states the commitment to: “(a) ensure that decisions made related to the global technical coordination of the DNS are made in the public interest and are accountable and transparent”.

That stakeholders do not even agree to what has been agreed is another symptom of failure of ICANN’s process. ICANN Board member George Sadowsky noted this failure in his dissent to ICANN’s gTLD expansion decision, acknowledging that ICANN never fulfilled its obligation to complete the multi-stakeholder deliberation process, choosing instead to unilaterally declare the process over, amidst a wide range of unresolved objections and concerns. This strategy is reminiscent of Kurt Pritz’s (ICANN’s top staffer on the gTLD launch) admission in 2010 that the “intensive bottom-up multistakeholder deliberation” really amounts to “a lot of comment and noise…we iterate.. and over time..we get to a place where there is either consensus or people are worn out and we launch.” This self-declared ICANN strategy is an offense to the spirit of the Affirmation of Commitments.

In response, Provision C.2.2.1.3.2 is a valiant attempt by NTIA to recover some oversight capability in the face of ICANN’s failure to meet this Commitment. ICANN had every public interest justification, including an obligation as well as opportunity with .XXX to demonstrate accountable policy development, to delay the new generic TLD program until many of these concerns were resolved, including independent peer-reviewed research demonstrating that it would not be antagonistic to the technical and economic security and stability of the Internet. That ICANN chose to relinquish this responsibility puts the U.S. government in the awkward position of trying to tighten the few inadequate controls that remain over ICANN. Use of the IANA contract for this purpose is admittedly awkward and marginal at best, as some have pointed out, but it is the best NTIA can do in the current circumstances. The public comments, aside from those written by stakeholders that stand to gain financially from ICANN’s haste (which includes ICANN itself and its recently departed Chairman) are dominated by concerns that NTIA is trying to address in this provision.

(The concern that the proposed provision might subject IANA to lobbyists trying to influence the process is particularly suspicious in light of the industry lobbying that caused the gTLD program to exist in the first place.)

In response to Question (9), Section C.4 on “Performance Standards Metric Requirements” could use more detail.

In C.4.2, what specifically is to be tracked by the “dashboard to track the process flow for root zone management”, and who is to have access, and how?

In C.4.3, there is some awkward sweeping wording. What “developed performance standards and metrics” are meant? Many provisions in C.2 do not have any “developed performance standards and metrics”, to my knowledge, so additional detail is needed. Discussion of metrics and measurements to gauge root zone integrity and performance has occurred in various workshop settings for a couple of years now, but little progress has been documented. Thus, this section of the SOW should include the capability to iterate reporting requirements each year based on formal structured feedback from the operations and research communities, e.g., dedicated annual workshops focused on the reports.

With respect to specific reporting on global IPv6 and DNSSEC deployment, these are important transitions that merit data collection and analysis, but IANA is not necessarily in the best position to measure them. IANA can measure some indications of these capabilities in root servers and TLDs, and should publish what they measure, but comprehensive tracking of IPv6 and DNSSEC evolution is likely going to have to be funded by interested governments.

[Disclosure: Dr. Claffy leads Internet research projects funded by the Department of Homeland Security and the National Science Foundation. She also serves on two advisory committees to ICANN: the Security and Stability and Root Server System Advisory Committees. These opinions are informed by her experiences serving on these committees, in particular by the committee's failed attempts to demonstrate that the proposed gTLD expansion would not be antagonistic to the technical and economic security and stability of the Internet. Her objection to the SSAC report on this issue is available in the blog entry "thoughts on ICANN’s plans to expand the DNS root zone by orders of magnitude" ]

The working group’s co-chair Adam Drobot emphasized that the specific date is a straw man — the important point is that we should advise the FCC to pick a date and begin the substantial preparation work required to ensure that alternatives are available. In particular, the proposal (slides 4-18) included adding a non-trivial set of critical-infrastructure features (emergency services, universal service, qos, metrics for performance, reliability, reachability) to the IP-based Internet and/or mobile/cellular systems, as well as synchronizing the National Broadband Plan’s universal coverage goal with the proposed sunset date for the copper-based phone system.

We then spent thirty minutes trying to understand exactly what was being proposed. The high order bit is that it is not really a choice, much less a radical one. With fewer and fewer subscribers willing to pay for land lines (cutting the cord is real), the PSTN has lost its required economy of scale. So we better find a way to more cost-effectively meet the needs of the remaining PSTN users.

The motivating objective of the industry is to remove as many regulations as possible and let the copper-based phone business fade away gracefully, rather than have government regulations try to prop up a dying industry. In other words, the U.S. regulatory framework should catch up with the reality that the Internet killed the phone business years ago, so the TAC ought to advise the FCC in the direction of stewarding a transition. ATT proposed to the FCC two years ago that carriers should not be legally required to provide copper-based phone service anymore. Still unknown is how much new regulation is required to bring the Internet and/or the wireless and mobile worlds up to the same public interest obligations as the PSTN. Or if it is possible to do at all.

Dale Hatfield pointed out that full deregulation at the highest level would leave market power issues at the layer below, so we have to clarify exactly what problem we’re trying to solve. Dave Clark echoed this sentiment, noting that what succeeds will depend on who invests in which outcome, so for example, streaming video will make more of a difference to the resulting architecture, because economic forces will drive it that way.

One of the recurrent questions was regarding the ramifications for the national and international telephone numbering system. The answers ranged from “We’re in the ITU, we’ll work it out.” to “Numbering systems abound in the marketplace; and table lookups are cheap; let the market work it out.” Walter Johnston of the FCC reminded us that phone numbers and IP addresses are not just integers, but tokens for a whole set of agreements (protocols and politics). Ironically, the next topic on this TAC meeting’s agenda was the IPv6 transition, where letting the market work it out has not been auspicious for Internet numbering systems.

Many have blogged about the inevitable PSTN demise, including Om Malik, Avaya, and Tom Evslin (member of the FCC WG proposing the transition) who has been thinking about it for a while and is also impressively capturing public reaction to the pre-proposal.

There were many open questions and requests for a more rigorous definition of the problem being solved, but no disagreement that we need to update the set of antiquated regulations covering what constitutes the future of our communications infrastructure. It seems a little soon for another Telecommunications Act, until I read parts of the 1996 (U.S. Telecom) act, at which point it seems way overdue. The Working Group committed to releasing its current draft proposal and to present the next round of thinking on this topic at the next FCC TAC meeting in September.

Just as exciting was the next topic: IPv6 (I am a member of this working group). John Brzozowski of Comcast presented (slides 19-37) background on IPv6, some information on the current state of IPv6 readiness, and some potential recommendations for setting national objectives, benchmarking standards, and other government policies to support the transition. Harold Teets of Time Warner Telecom offered a reality check by asking for clarification of actual IPv6 traffic numbers, to which John responded that traffic levels were “less than 1%, probably less than 0.5%”. (I found no more than 0.3% in a recent survey of published measurements. Still, basically zero, as many have been warning for years.)

Interestingly, in light of the previous PSTN discussion, we were immediately asked why we did not propose a specific government-led transition date at which the IPv6 Internet would be supported by all service providers. Several people clarified that it was not really the jurisdiction of the FCC to set a flag day (except for turning off the phone network, apparently), so the IPv6 transition would be more of an evolution than an event. Dave Clark again reminded us that the Internet is operating in an inherently international context (and with an unsatisfying “multi-stakeholder” substitute for accountable and transparent governance of naming and numbering), so it is not clear what such a flag day would mean without global coordination and support.

In the absence of government regulation, Peter Bloom of General Atlantic asked what the forcing function for IPv6 would be, where we would see a tipping point toward IPv6 deployment. John suggested that the obvious forcing function is economic — when it gets more expensive to support the alternative than (for Internet service providers) to switch over to IPv6. I disagreed — such an economic model would work if providers were all converting to independently functioning widgets, but that’s not the “alternative” available — the new widgets only work if everyone else converts. Incumbent service providers have two alternatives in the time horizons that frame their business decisions: (1) support a bunch of complex IPv4 plus NAT technology that vendors are already building; or (2) support a bunch of complex IPv4 plus NAT technology that vendors are already building and support IPv6, at considerable extra cost, for an indefinite period of time. What would you do?

It is not just that there is no forcing function, but we now have an actual counter-forcing function. The RIRs’ self-regulatory experiment in management of Internet numbering systems has recently driven off a cliff by sanctioning the purchase and sale of IPv4 addresses as if they were real estate. As an example, I mentioned that Microsoft paid millions of dollars (it turns out only $7.5M, or $11.25 per address) to acquire some IPv4 addresses in Nortel’s bankruptcy proceedings. Institutionalizing a valuable market in IPv4 addresses is a reliable recipe for removing any incentive for IPv4-holders to invest in upgrading to IPv6.

Then there was another lengthy discussion (slides 38-53), accompanied by a dense technical report that should be released soon, on optimizing shared access to spectrum. Potential recommendations including developing better metrics for technical efficiency of spectrum use, best practices for improving receiver standards, particularly in spectrum selectivity and sensitivity, identifying successful examples of spectrum sharing, encouraging small cell deployment, and eliminating barriers to infrastructure deployment.

Finally the Broadband Deployment working group reported briefly on its charter to improve the inconsistencies in state and local government permitting processes that pose obstacles and counter-incentives to infrastructure investment. We learned that there is already another FCC Intergovernmental Advisory Committee that might be instrumental to these objectives, so this thread only took a few minutes.

What was most astonishing was the matter-of-fact acknowledgment that our current Internet (IP) numbering resource allocation system has reached its architectural limits, with no current plan for overcoming the problem, sandwiched between a daunting admission that all communications infrastructure will be converging to IP and we had better hurry up and prepare for it, and an ambitious objective of dramatically improving the way we share spectrum resources. There seems to be some unconnected dots in this picture — a lack of recognition that IP addresses are the “spectrum” for the Internet, and their efficient and equitable allocation is yet another critical-infrastructure feature that will need integration into whatever kills the phone system. It is not a problem the FCC can solve on its own.

]]> http://blog.caida.org/best_available_data/2011/07/25/my-third-fcc-tac-meeting-the-most-exciting-yet/feed/ 2 http://blog.caida.org/best_available_data/2011/07/15/model-for-internet-evolution-predicts-consolidation-in-tier-1-transit-market/ http://blog.caida.org/best_available_data/2011/07/15/model-for-internet-evolution-predicts-consolidation-in-tier-1-transit-market/#comments Sat, 16 Jul 2011 01:24:51 +0000 amogh http://blog.caida.org/best_available_data/?p=1079 Although the outcome is not good news, it is gratifying to see the predictions of a model of the Internet ecosystem being validated by the real world. Specifically, the recent spate of ISP consolidations is precisely what our network formation model predicts. First, Level3 acquired Global Crossing in a deal valued at $3B. A few months later, Centurylink (QWEST) acquired Savvis for $2.5B. Our model predicts that this consolidation will continue unless ailing tier-1 providers find a new source of revenue to compensate for their losses on IP transit.

ITER, our agent-based computational model for interdomain network formation (joint work with Constantine Dovrolis at Georgia Tech) published at CoNEXT 2010, accounts for many real-world effects such as transit and peering prices, geography, interdomain traffic patterns, and provider/peer selection strategies used by networks. Given a set of input parameters — network population, traffic patterns, pricing/cost structures, geographic constraints — ITER computes an equilibrium, where each network connects to the best set of providers and peers according to its chosen interconnection strategy. We parameterized two instances of the model using recently reported trends in interdomain traffic patterns, geographic expansion by large content providers, and the peering openness of transit providers. We then computed the interdomain connectivity and fitness for both networked ecosystems at equilibrium, and compared their topologies, traffic flow, and profitability of different network types.

The first instance reflects a traditional (textbook) view of the Internet, where traffic originates at the edge of the Internet, passes “upstream” through one or more regional (tier-2 or tier-3) networks before reaching a tier-1 network backbone. These (approximately ten) tier-1 backbone networks exchange traffic as settlement-free peers (i.e., for free) across the globe, handing traffic off to regional providers for “downstream” delivery to its final destination. Conceptually, traffic flows hierarchically, from content providers or stub networks up to the tier-1s at the top of the hierarchy, and back down to the consumer.

The second instance reflects the emergence of large content providers like Google, Akamai and Facebook, companies that have taken advantage of lower bandwidth prices by building their own global private networks. Our ITER model predicts that as these large content providers expand their geographic scope and accessibility to possible network peers, traffic patterns will evolve to bypass tier-1 networks, instead flowing directly from the providers of content to its destination(s). Less traffic through tier-1 networks implies lower profits, eventually losses, and ultimately mergers, acquisitions, and/or bankruptcies.

Some large ISPs are in a position to save themselves from the unprofitable world of pure bit carriage by providing higher margin over-the-top services such as on-demand content, multi-site VPNs, and cloud/hosting/CDNs. As an example, Level3 has aggressively marketed a CDN offering, with Netflix as one of their recent high-profile customers. Similarly, most large transit providers such as AT&T, Verizon and Sprint have already begun vertical integration and bundling of residential broadband, wireless, and content services.

Our model also predicts that tier-1 providers can restore some of the revenue from lost transit traffic by entering into settlement-free peering agreements with large content providers, inducing additional traffic to their own customer networks where pricing by traffic volume tends to be standard. Such a move would require tier-1 ISPs to relax their traditionally restrictive peering policies — behavior that would be interesting to observe in publicly available BGP data over the next year.

Were the two recent acquisitions — CenturyLink and Savvis, and Level3 and GlobalCrossing — predictable based on publicly available financial and routing system data? We examined recent financial data reported by the companies in SEC filings, as well as publicly observable BGP peering data for the last 10 years (more about this data in our paper published at the IEEE/ACM Transactions on Networking). The graph below plots the revenue, profit, and number of (BGP-based estimated) AS customers of Level3 and Global Crossing over the last few years. While the customer bases of both networks have steadily grown over the last decade, revenue and net income numbers for both have been flat, particularly in the last 4-5 years. From a financial perspective, Level3′s acquisition of GlobalCrossing looks like a strange merger between two long-unprofitable companies.

The financials of the second deal, between Qwest (Centurylink) and Savvis, are more understandable. The graph below shows that Centurylink has been profitable over the last 5 years, with tremendous revenue jumps in the last two years, during which its BGP-observable customer base has slightly decreased. But SAVVIS’s customer base has been in steady decline since 2001, from around 800 AS customers in 2002 to about 400 in 2011. Even though revenue has been growing, the company has turned a profit only once in the last decade. Both the financial and routing data suggests that Centurylink’s acquisition of Savvis is a reasonable strategy.

Based on ITER’s prediction that tier-1 ISPs are in trouble, we can go a step further and examine trends in financial and routing data of some top 20 transit providers to predict which one might fall next. The graph below shows that Sprint has not been profitable since 2007. Moreover, while other large ISPs such as AT&T, Level3 and Cogent have been steadily acquiring AS customers over the last few years, Sprint’s AS customer count has slowly decreased from around 1500 in 2003 to about 1100 in 2011. AT&T’s proposed acquisition of T-mobile will further deplete Sprint’s revenues in the wireless market. Based on the publicly available financial and routing data, we believe Sprint will be the next tier-1 to go.

CAIDA will also continue to analyze traffic observations at the two OC-192 commercial backbone links, including samples during World IPv6 Day, and periodic samples (starting at midnight UTC on 8 June 2011) thereafter as disk space permits. We hope to analyze Internet2 IPv6 flow traffic statistics as they become available.

We are already collecting continous IPv4 and IPv6 Internet topology measurements using the Ark infrastructure, which we will use to provide as comprehensive a view as we can of the IPv6 topology from core to edge, including statistical differences in structure and evolution. We are working with Rob Beverly to design measurement primitives for adaptive and intelligent probing, crucial to the efficiency needed for IPv6-scale topology measurement.