Net Neutrality traffic management rules need to have strong definitions

Net neutrality rules need to enforce “application agnostic” rules, that is, internet providers should not discriminate against entire classes of services, like email or streaming video, Stanford law professor Barbara van Schewick wrote in her filing and countercomment to the TRAI. In contrast, Reliance Jio and Airtel have argued that slowing down certain types of data on the internet during congestion time should be allowed.

Van Schewick cautioned against letting operators manage their networks that way. TRAI is seeking views from stakeholders on what a committee to enforce net neutrality should look like in India. It is also looking into issues related to traffic management practices as these could affect net neutrality.

Van Schewick has over a decade of experience in net neutrality, and her work has influenced many jurisdictions’ regulations on the subject, including India’s. TRAI’s discriminatory pricing ban on telcos in 2016 cites her research.

Traffic management shouldn’t discriminate

Even during congestion time, van Schewick said, managing traffic in an application-agnostic way is a “critical part of leading net neutrality legislation around the world”. TRAI’s 2017 Net Neutrality recommendations already required this kind of classification, she argued. Key points made in her filing:

Discriminating between data types would harm user experience: She cautioned that discriminating between types of data might harm user experience, because urgency and contexts vary, and are situation dependent. It wouldn’t be possible for ISPs to determine context when discriminating. “For example, Internet telephony applications like Skype benefit from low delay, so ISPs may opt to give them low-delay service. That’s great if you are doing a job interview, where you want the best quality possible. But if you are talking with a friend, you don’t need crystal clear quality over Skype, so low-delay service might not be necessary. File uploads are generally considered not to be sensitive to delay. If you are uploading your hard disk to the cloud to do a backup, you will not mind that ISPs give file uploads lower priority. But if you are a student uploading homework right before it’s due, or a lawyer filing a brief before the deadline, or an architect submitting a bid, then the speed of this upload is your highest priority.”
Individual services may still be affected when discriminating based on data types: Even if traffic management is done with types of service as opposed to individual ones, that can still be harmful, Van Schewick wrote. “Whenever an ISP has the power to speed up certain applications or slow down others, it might use this power to give certain applications an advantage over others. … [T]his kind of class-based discriminatory network management still allows ISPs to give some applications an advantage over others, whether intentionally or inadvertently. It distorts competition, slows all encrypted traffic, harms individual users, stifles innovation, and creates high costs of regulation.” This could lead to anti-competitive behaviour, van Schewick argued.
Citing an example of individual harm due to class-level throttling, she added “[U]ntil 2010, many ISPs in Canada used deep packet inspection technology to single out all peer-to-peer file sharing applications and limit the amount of bandwidth available to them from 5pm to midnight. … [T]here was an application called Vuze that used peer-to-peer file sharing protocols to stream video in real time. Real-time video is highly sensitive to delay, so the performance of Vuze suffered in the evening, when everybody wants to use the Internet.”
Traffic management has social costs: Services that encrypt all their data, such as VPNs, may be hurt by class-specific traffic management, van Schewick argued. “Class-based network management has the potential to create enormous social costs, even if it is based on the traffic’s objective different technical requirements. Such traffic management practices still allow ISPs to distort competition, stifles innovation, harms users, and hurts providers who encrypt traffic by putting all encrypted traffic in the slow lane.”
Unintended consequences: Even if internet providers target only specific applications, that doesn’t necessarily mean that those are the only ones degraded: “Discriminatory network management also creates considerable collateral damage. In the UK, application-specific traffic management not only negatively affected targeted applications, but also interfered with applications like online gaming that the Internet service providers did not intend to target. This created considerable performance problems for affected applications.”
Gaming traffic management: If traffic management practices start affecting certain classes of services, developers could find creative ways to get ahead that might hurt the whole network: “Network management practices that single out specific applications or classes of applications for special treatment often motivate application developers to masquerade their applications to evade performance-reducing practices targeting their applications or to take advantage of performance-enhancing treatment provided to other applications, resulting in a cat-and-mouse game between network providers on the one hand and application developers and users on the other hand.”
Innovation harm: Van Schewick pointed out that some entrepreneurs might rely heavily on a type of service that may get throttled in congestion times. This could, she argued, lead to a situation where ISPs discriminate against those use cases because of their traffic management techniques. “Entrepreneurs should be able to get the kind of Internet service their application needs without having to seek ISPs’ permission.” She brought up an example of how hard a small company may have to work to reach ISPs; AudioMack, a music app, tried to enrol on 16 zero-rating plans in Europe, but was only able to get onto one. Apple Music, meanwhile, was on all of them.
Expensive to regulate: Van Schewick also pointed out that giving internet providers the freedom to decide what’s fair or unfair traffic management could make regulating them burdensome. This same observation is why she argued for a “bright line” regulation in the past, which led to the ban on discriminatory data pricing in 2016 by TRAI. “If ISPs get to define classes of applications, the only way to challenge these definitions is to complain to regulatory agencies. The agency would need to determine whether kinds of traffic are similar enough to be treated in the same way, a messy and costly process that would involve lots of lawyers and expert witnesses. This not only creates high costs of regulation, but also tilts the playing field against anybody — users, start-ups, small businesses, low-cost speakers — who doesn’t have the money to engage in long and costly proceedings before a regulator.”

Application agnostic management isn’t just possible, but better

Van Schewick argues that application agnostic methods of managing traffic are not only better for users, they are also a better and more achievable for ISPs. The EU and Canada, she pointed out, have settled for regulatory regimes that prioritise application-agnosticism.

The Comcast example: After a 2008 FCC order, and a Canadian communications regulator’s ruling around the same time, ISPs in North America started managing their traffic agnostically, and it actually worked for them. “These ISPs were lauding the benefits of these practices in technical groups like the Internet Engineering Task Force, which develops the standards for the Internet,” van Schewick pointed out. Comcast said that its trials on application-agnostic traffic management “ensures a quality online experience for all of” their users.
Non-agnostic methods may violate privacy: Figuring out the classes of service internet users are on may require techniques like Deep Packet Inspection, which can violate user privacy, van Schewick argues. She pointed out that the EU has banned DPI-based network management in its Net Neutrality regulations. In any case, doing this is becoming harder for ISPs too: “[S]ince the internet is now HTTPS and encryption by default, routers cannot look deeply into a packet to determine what it is. Remaining workarounds like DNS-snooping are closing.”
Heavy users: Van Schewick pointed out that at times of congestion, it may be better to uniformly limit the entire bandwidth of the most heavy users, whose usage may be coming at the cost of others, to “enforce fairness”: “A network provider could give one person a larger share of the available bandwidth than another, for example, because this person has used the Internet less over a certain period of time.”
Hierarchy of management: While all management should be as application agnostic as possible, if it cannot, then this four step hierarchy should be followed, per van Schewick: a) Be as agnostic as possible to applications; if not, b) use “objective technical requirements” to distinguish between different classes of traffic; and then c) make distinctions among “classes of services”; and at worst d) “make distinctions among individual applications.
All traffic management should be transient: Any traffic management technique that seeks to manage congestion should only last as long as the congestion lasts. Van Schewick said TRAI should enforce this recommendation explicitly in its recommendations.
5G will not need application-specific discrimination: Van Schewick points out that nearly everything will have lower latency and higher speeds in 5G, with very limited use cases like telesurgery that will need prioritisation. “While 5G technology makes it easier for ISPs to differentiate, the explosion in capacity reduces the need to do so.” She added, “The advent of 5G does not change this fundamental trade-off. Just because 5G technology makes creating specialized services easier, that does not mean we should build a new, less open world out of them.”
Specialised services: Exemptions for “specialized services” exist not for higher quality versions of things that already exist on the public internet, she argued, like better video or calling, but for services that are impossible to run on a regular web connection. In cases like the telesurgery mentioned above, van Schewick said, the general internet cannot offer an alternative, so running these as a specialised service is acceptable. Regulators should verify that specialised services aren’t being used to create fast lanes, van Schewick cautioned.
Multistakeholder body should be representative: van Schewick cautioned against a Net Neutrality committee suffering “potential capture” if telcos get their way and get to have majority membership (as Airtel suggested). Instead, she said, civil society and other stakeholders should be uniformly represented, without a membership fee that might otherwise reduce access. In the end, van Schewick said, “the decision over the reasonableness of traffic management measures should remain the sole prerogative of TRAI or DoT.”