Network Neutrality and Privacy
By: Greg Hagen
September 19, 2006
Privacy and network neutrality are not usually discussed in the same context but the two are related. Network neutrality is concerned, at a minimum, with the ability of internet users to communicate amongst themselves without their communication being unjustifiably blocked or degraded. As Tim Berners-Lee has described the concept, “[The internet] must not discriminate against particular hardware, software, underlying network, language, culture, disability, or against particular types of data.” Network neutrality can include other conditions as well.
The debate regarding the extent to which network neutrality is justified usually revolves around economic concerns, such as whether abandoning network neutrality will hamper innovation on the internet platform. The purpose of this note is to emphasize that, independently of economic considerations, the discriminatory behaviour mentioned by Berners-Lee has implications for personal privacy which must also be assessed. The basic point is that in order to block, degrade or otherwise shape certain kinds of traffic an ISP must identify the nature of that traffic through inspection of packets of private communications. The deeper the inspection, the more potentially privacy-invasive.
Some examples will help illustrate the kind of activities that are of concern. A well known Canadian example of blocking occurred when Telus blocked a website operated by members of the Telecommunications Workers Union which was on strike.
Another example concerns the potential for an ISP to degrade the service of a third party, say Skype, that uses the ISPs network when the ISP itself offers competing voice services, or has contracted with, say, Yahoo to deliver priority voice services. The Telus wireless Hotspot webpage notes:
You cannot use a TELUS Mobility Hotspot to send or receive a VoIP call because VoIP calls could disrupt or interfere with the Hotspot service.
The webpage does not elaborate on how VoIP could interfere with the wireless service. Hotspot subscribers are left to wonder whether there is some technical foundation for this claim or whether Telus is simply attempting to prevent the use competitive voice services such as Skype. The author has not encountered any problems in using Skype at a Telus Hotspot.
A trickier example occurs when a cable company provides a higher quality of service for its VoIP service than a competing VoIP service which uses that cable company as an internet access provider, degrading the competitors’ services by implication. For example, Shaw uses only its private network for its digital phone on the basis that time-sensitive voice packets need the bandwidth provided by its network that otherwise might be dropped if the bandwidth was shared with the public internet. Daniel J. Weitzner has argued that this may be the kind of case where network neutrality requires Shaw to offer the use of its private network to competing VoIP services. Yet, when Shaw provided a $10 quality of service enhancement for its subscribers using other VoIP services, Vonage Canada complained that the surcharge was a thinly veiled tax and "Shaw's VoIP tax is an unfair attempt to drive up the price of competing VoIP services to protect its own high-priced service…." Evaluating Vonage’s claim depends upon the proper valuation of the quality of service enhancement, a difficult task for consumers.
Vint Cerf, one of the inventors of the internet offered comments in November 2005 to a proposed draft U.S. Bill to Create a Statutory Framework For Internet Protocol and Broadband Services that nicely explains some motivations behind network neutrality:
The remarkable social impact and economic success of the Internet is in many ways directly attributable to the architectural characteristics that were part of its design. The Internet was designed with no gatekeepers over new content or services. The Internet is based on a layered, end-to-end model that allows people at each level of the network to innovate free of any central control. By placing intelligence at the edges rather than control in the middle of the network, the Internet has created a platform for innovation. This has led to an explosion of offerings – from VOIP to 802.11x wi-fi to blogging – that might never have evolved had central control of the network been required by design.
My fear is that, as written, this bill would do great damage to the Internet as we know it. Enshrining a rule that broadly permits network operators to discriminate in favor of certain kinds of services and to potentially interfere with others would place broadband operators in control of online activity. Allowing broadband providers to segment their IP offerings and reserve huge amounts of bandwidth for their own services will not give consumers the broadband Internet our country and economy need. Many people will have little or no choice among broadband operators for the foreseeable future, implying that such operators will have the power to exercise a great deal of control over any applications placed on the network.
Similarly, Tim Berners Lee commented on video and on a blog that: “[w]hen I invented the Web, I didn't have to ask anyone's permission. Now, hundreds of millions of people are using it freely. I am worried that that is going to end in the USA.”
It would end if some ISPs had their way. For example, Ed Whitacre, CEO of AT&T in the U.S., declared:
Now what [Google. MSN, Vonage and others] would like to do is use my pipes free, but I ain't going to let them do that because we have spent this capital and we have to have a return on it. So there's going to have to be some mechanism for these people who use these pipes to pay for the portion they're using. Why should they be allowed to use my pipes? The Internet can't be free in that sense, because we and the cable companies have made an investment and for a Google or Yahoo! or Vonage or anybody to expect to use these pipes [for] free is nuts!
The U.S. telecommunications company, Verizon, has made much the same complaint.
How has this state of affairs come about? The recent Canadian Telecommunications Review Panel Report rightly pointed out that
…the separation between the applications and content layers of telecommunications services, as well as between these layers and the underlying network layers that provide physical connections and transport services result in a fundamental change in the structure of the telecommunications industry. Content providers do not need to be applications or network providers and applications providers no longer need to be network providers.
ISPs are now attempting to regain control over access to content and applications that they lost as a result of the separation of layers on the internet. “Access providers thus leverage their market power in the Internet access market to try to extract more profit, either directly or in partnership with a preferred third party, in the applications market.”
The CBC recently noted that, although “Internet video provides a natural opportunity for a public broadcaster such as CBC/Radio-Canada to significantly extend the reach of its video services and thereby make high quality Canadian video programming available on a national and global basis,” “[t]he business case analysis for Internet video is complicated by the fact that suppliers of broadband connections may also have incentives to control the bandwidth available for Internet video.” It explains:
Canadian cable companies engage in "bandwidth shaping" which allocates different levels of transmission capacity to different services according to the operational preferences of the cable company. This type of bandwidth shaping can ensure efficient use of transmission capacity. It can also ensure that Internet video by third parties does not become a threat to the business of the cable company, whether it be the delivery of traditional television programming to cable subscribers, VOD or the distribution of cable company-owned Internet video services.
As a result of the kind of problems described above, the Report of the Telecommunications Review Panel recently recommended amending the Telecommunications Act “to confirm and protect the right of Canadian consumers to access publicly available Internet applications and content of their choice by means of all public telecommunications networks providing access to the Internet” Of course, this is subject to reasonable exceptions. Given the difficulty of enacting network neutrality legislation in the U.S., the susceptibility of the Canadian government to industry lobbying (as evidenced in the case of copyright reform) and the perceived bias of some Canadian legislators, such an amendment might be difficult to achieve.
A complementary approach to the network neutrality issue is to emphasize the privacy implications of abandoning network neutrality. Unfortunately, on the rare occasion that privacy implications are recognized, they are usually shunted aside. For example, at a discussion of the Internet2 Consortium’s QoS Working Group on implementing traffic shaping at its 208 member Universities, the question “Wouldn’t shaping traffic somehow be an invasion of user privacy?” was raised. The privacy concern was dismissed rather quickly.
First, few schools explicitly guarantee users any formal level of privacy. Second, shaping traffic is a non-intrusive intervention relative to many other options, such as turning copyright infringers over to the authorities. Third, traffic shaping can be done via technical means and on an aggregated/ anonymous basis, if privacy is an issue.
Even Universal Music, in a discussion of its automated notice and taken down system appears to recognize that packet inspection has privacy implications but prefers to place those issues at the doorstep of Universities who would use their software.
In general, the more specific the blocking rule is, the greater the privacy implications. Each university deploying ATS must decide the appropriate balance between privacy and blocking for their application.
Of course there are legitimate reasons to monitor packets. The post office would not know where to send your mail unless they could read the address on the envelope and the same goes for packets over the internet. Other legitimate non-commercial reasons for monitoring content could concern, for example, national security and lawful investigations of criminal activity where there is a warrant.
Nevertheless, traffic shaping could be privacy – intrusive, especially if it required deep inspection of packets, even if done on an aggregated and anonymous basis. For example, Allot’s deep packet inspection technology allows ISPs to identify and classify data packets to know usage patterns concerning P2P, VoIP, online games, email, video and so on, potentially violating the privacy of persons. The conception of privacy that is needed to protect us from such intrusions has a closer relationship to the conceptions of privacy protected by criminal law, the tort of breach of privacy, the Charter of Rights and Freedoms and international human rights instruments than to the protection of personal information required by PIPEDA.
While this approach emphasizes the protection of a form of privacy other than the unauthorized use of personal information as regulated under PIPEDA, the CRTC is in a position to regulate such intrusions into private communications. Under Section 7 of the Canadian Telecommunications Act, one of the objectives of telecommunications policy is contributing to the protection of the privacy of persons. The CRTC already has jurisdiction over privacy issues related to the operation of telecommunications networks. (The Panel has further recommended that the CRTC be empowered to directly regulate all telecommunications service providers to the extent necessary to implement the Canadian telecommunications policy objectives.)
On its own view, as stated in Telecom Decision CRTC 2003-33 [Reference: 8665-C12-14/01 and 8665-B20-01/00. Confidentiality provisions of Canadian Carriers] the Commission said at paragraph 23, that “… its jurisdiction in this matter [of privacy] stems not from the PIPED Act, but from the Telecommunications Act, and that in exercising its discretionary powers pursuant to the Telecommunications Act, it may apply different standards than those contemplated by the PIPED Act.” Although the Federal Court of Appeal considered the potential of varied standards startling, it would allow the CRTC to deal with privacy issues not covered by the information privacy approach embodied in PIPEDA but well-recognized in other areas of law.
In short, it would be useful for the CRTC to consider how it might further the objective of the protection of personal privacy in the context of packet inspection and traffic shaping with the result that it assists in preserving network neutrality.
Greg Hagen is an Assistant Professor of Law at the University of Calgary.