Written response to BEREC stakeholder dialogue with representatives of end-users/consumers and civil society

European Digital Rights

20 Rue Belliard,1040 Brussels

https://edri.org

twitter @edri

tel +32 (0) 2 274 2570

15 December 2015

(in cache)


Introduction............................................................................................................................3 

EDRi position on the questions asked by BEREC.................................................................4 

Topic 1 – Traffic management for Internet access services (IAS).................................................4 

a) “Categories of traffic” and similar terms.............................................................................4 

b) Reasonable traffic management (TM).................................................................................5 

c) TM going beyond reasonable TM......................................................................................10 

Topic 2 – Specialised services (SpS) vs. IAS................................................................................11 

a) SpS and necessity to meet requirements for a specific level of quality............................11 

b) SpS vs. content and applications provided over IAS..........................................................12 

c) SpS effect on innovation and openness of the Internet....................................................15 

Topic 3 – IAS quality and implications........................................................................................15 

a) Transparency regarding traffic management.....................................................................15 

b) IAS quality – speed.............................................................................................................16 

c) IAS quality – other parameters..........................................................................................16 

Topic 4 – Commercial practices/zero-rating and misc...............................................................17 

a) Commercial practices applied to the IAS offers.................................................................17

b) ISP practices limiting end users’ rights?............................................................................18 

c) Monitoring of traffic for the purpose of traffic management...........................................19 

Bibliography.........................................................................................................................20



EDRi position on the questions asked by BEREC

TOPIC 1 – TRAFFIC MANAGEMENT FOR INTERNET ACCESS SERVICES (IAS)

b) Reasonable traffic management (TM)


Allowing ISPs to treat categories differently should not result in them deliberately distorting competition9

If ISPs are free to define classes of applications, this leads to the risk that they will use this to discriminate against specific applications. It could be the case that an ISP offers low delay to gaming applications in order to appeal to potential gamers. But the ISP can also decide not to offer low delay to the class of Internet telephony applications, because these services compete with the ISPs' own telephony offering. Regardless of the sensitivity to delay both services, the flexibility in the text might lead ISPs to argue that there are technical differences which justify discrimination.

This leaves the regulator with the task of making a ruling on the basis of an assumption of the motivations of the provider. Any such determination by the regulator would be subject to legal challenge by the operator, leading to dissuasive costs for the NRA and delays in remedying the social and market problems caused by the provider's discrimination.


Class-based traffic management risks creating unintended damage to specific applications

Even in the absence of any intent on the part of ISPs, it is possible that traffic management technologies that distinguish between categories of applications can discriminate against certain applications, thereby undermining competition.

One well-known example of this is the throttling of peer-to-peer file sharing applications in response to network congestion. The defence for this behaviour is that such applications are not sensitive to delay. However, this causes major problems for online gaming, for example. Deep packet inspection (DPI) is used to try to identify such traffic, with significant privacy impacts, whose proportionality is unclear, particularly as it has proven very difficult to draw the line between gaming and file-sharing. As a result, online games either stop working completely or do not work properly. Standing committees involving stakeholders were set up in the UK in order to minimise the damage caused.

Such restrictions also impact innovation - any individual or company that would seek to create a new feature or service that relies on peer-to-peer data exchange needs to find the resources to work with ISPs and associated vendors in order to avoid being caught by this "non- discriminatory" traffic management. One of the biggest assets of the Internet as a space for communication and service provision is the "innovation without permission" principle, which is undermined by such problems.

A very similar, but even broader, problem was encountered in Canada, where DPI was used to throttle peer-to-peer traffic. In that case, a video streaming service called "Vuze", which also used peer-to-peer protocol, was restricted. In this case, a particularly time-sensitive service was brought to its knees by an apparently reasonable assumption that the protocol it used was particularly resistant to delays.


Traffic management of different classes of traffic risks discriminating against encrypted traffic

It is important to stress that encrypted traffic cannot reasonably be considered a category of "content, application or service". ANY content and practically any application or service can be inside an encrypted data stream. An ISP cannot know what the technical characteristics of the transmitted content, application or service are, even if it might be able to make a reasonable guess in relation to data from dominant/significant online sources (who would be able to be treated on the basis of their probable content).

Different categories of traffic are treated differently, based on what the provider knows - or believes that it knows - about the needs of the traffic in question. However, when traffic is encrypted, all the ISP knows is where the data comes from and that it is encrypted. The most likely response from ISPs will therefore be to put the data in the slow-lane, unless the data comes from a source that allows it to guess that it is, for example, video traffic. This creates two problems. Firstly, it creates an obvious barrier for new time-sensitive and encrypted services, as their service will not work unless they are permitted to be treated differently from other encrypted data. Secondly, it creates a disincentive to use encryption, which is used for a variety of valid reasons, such as to protect privacy, secure sensitive financial transactions, protect trade secrets or guard against surveillance.

Therefore, all application-specific forms of TM are not applicable to encrypted data traffic under the Regulation and only application-agnostic TM measures can be applied to such traffic.


Class-based traffic management stifles innovation and creates uncertainty

If different categories of data are treated differently and different ISPs have different approaches, it means that innovators cannot be certain if their new services will be able to get through to all users. Assuming good-will on the part of ISPs, it would still be necessary to contact all access providers and for all the providers to adjust their services for innovations that may not yet even have any users. If we assume that not all ISPs will act in good faith (and even if we assume that they will), we return to the problem that "innovation without permission" is undermined, as stated above.

Ultimately, this restriction on innovation and rollout of new services undermine user choice, undermining the fundamental rights of both innovators and users.


Class-based traffic management can harm individual users

TM measures that treat specific categories of traffic differently can harm end users' choice in various ways, even if the categories are based on the objectively different technical quality of service requirements of the traffic. The outcome would still be that ISPs are still allowed to give some applications an advantage over others. This, by definition will result in some users and some traffic becoming winners and some becoming losers, on the basis of the ISP's decisions.


On the other hand, treating different categories of data differently undermines the right of the user to use their connection according to their changing needs. The same user will, at different times need a low-delay service from Skype, less quality when talking to a friend, top quality when doing a job interview. Sometimes a file upload will not need particularly high speed or quality, however uploading a homework assignment, a response to a call for tenders or a newspaper article will be very time critical. The question is - who knows best? Should the individual be put in charge of their own connection or should the provider make "one-size-fits- all" guesses about how the service should be used? Guesses, being guesses, will never be 100% correct, leading to inevitable harms for individual users.


Class-based traffic creates regulatory overload

The "gaming" of regulatory processes is a very familiar phenomenon. If ISPs define categories of traffic in a discriminatory way, then regulators need to investigate, make decisions and, ultimately, defend them in court. It is not always certain that an NRA will have the human and financial resources to take cases against large, established access providers, in order to defend the rights of start-ups that may or may not survive until their legal rights have been upheld in a judicial process.


9 On the following six subsections, see Barbara van Schewick, Europe is about to adopt bad net neutrality rules. Here’s how to fix them, Medium, 21 October 2015, https://medium.com/@schewick/europe-is-about-to-adopt-bad-net-neutrality-rules-here-s- how-to-fix-them-bbfa4d5df0c8#.cpgb6q6gh. On the problems with class-based traffic management measures, see also Barbara van Schewick, Network Neutrality and Quality of Service, Stanford Law Review Volume 67, Issue 1, January 2015, Pages 105-124.