CaveBear Blog

Hackin' the SEC's Regulations

I see in the news that the SEC has picked up an idea I proposed way, way, way back in the 1970's when I was in law school, which was to express legal constructs using something resembling a programming language.

Now, back then I merely wanted the ability to write contracts using a structured language things like if-then-else clauses and subroutines with parameters - a kind of glorified templating language.

The SEC apparently has gone further and is considering expressing the dynamics of financial matters using the Python language in regulations.

That reminds me of something I came across a very long time ago:  Early Unix had a blackjack program.  It could be beaten 100% of the time by the simple technique of betting negative dollars and playing to lose.

Which is to say that unless the SEC is willing to engage in the very dark and arcane voodoo of program correctness, and even if it does, the SEC is going to find its regulations being hacked much as we hacked the blackjack game.

What's Wrong With The FCC's Consumer Broadband Test?

The FCC recently published some tools to let consumers measure some internet characteristics.

The context is the FCC's "National Broadband Plan".  I guess the FCC wants to gather data about the kind of internet users receive today so that the National Broadband Plan, whatever it may turn out to be, actually improves on the status quo.

The motivation is nice but the FCC's methodology is technically weak.

There are several goals to which the National Broadband Plan ought to aspire:

• That consumers have a subjective sense that their use of the internet is fast and without unacceptable delays.  I picked a subjective standard here for reasons to be discussed later in this note.
• That reliability of consumer access is high and that the time for providers to detect, diagnose, and repair problems is low (and not expensive to providers.)  It seems that these matters of reliability are routinely ignored, yet they are of paramount concern, particularly as the internet becomes more and more a part our health and safety systems; it will be a sorry day if someone picks up their internet based VoIP phone to call 911 and the link (or some necessary ancillary service, such as DNS) is down for an extended repair.
• That consumers' have a real foundation to believe that their use of the net is private and not being used either to generate marketing data about them.

This note will address only the first of these goals.

The first thing that is wrong is that the FCC's tools are not well focused with regard to exactly what parts of the internet they are measuring.  And second, the measurements that are taken are too vague to be of more than anecdotal value.

I've drawn up a simple diagram to illustrate.

This is a simplified diagram, it is intended to focus on that part of the net of concern to the National Broadband Plan.  In particular it looks at the part of the net that represents the "internet" product sold by today's Internet Service Providers (ISPs).  The arrows in this drawing are interfaces where these clouds join, they are not communications lines.

This diagram shows things as connected clouds because that more accurately represents the things that make up the way that user's connect to the internet.  The basic parts of the diagram are these:

• User Network: Many users today, and probably nearly all users in the future, will have networks, often wireless, within their homes.  The quality and traffic of those networks will have a substantial effect on consumer's perceptions of net quality (and ISPs will bear increasing non-reimbursed costs when their customers have troubles in his part of the net.)  However, except with regard to the maintenance issue, the user's home network cloud ought to be considered neither as part of either the National Broadband Plan or of the FCC's Consumer Broadband Test.
• User Access Link and User's ISP Cloud: I have shown the provider ISP's path as two parts.  First is the part that runs from the router of "modem" at the consumers home or office to the provider's first IP router.  The second part is the provider's internal "backhaul", i.e. the IP network inside the provider.  It is important to consider these two parts separately.
  • User Access Link: This is the part of that today's ISPs advertise to consumers; this is the part about which the claims of umpteen megabits/second download are made.  In general the User Access Link is the IP "hop" between the user's home modem or router and the first IP router within the ISP.  Often this "link" is composed of several communications technologies.  For example what appears to the consumer to be an Asymmetrical DSL link (ADSL) might be composed in full or in part of ATM or other non-IP switching technologies that exhibit many of the congestive and impairment behaviors found in IP networks.  There may be MPLS paths that simply do not show up in "traceroute".  Moreover, the User Access Link may have an IP Maximum Transmission Unit size that is less than the 1500 bytes that is presumed by a considerable amount of end-user network applications and protocol stacks; that difference can have a substantial negative impact on some forms of network traffic (video) and almost none on others (VoIP).  The User Access Link should not be considered as a private path that is not shared with other users' traffic.
  • User's ISP Cloud: This is that portion of the ISP that carries traffic to and from customers User Access Links.  Some resources that are critical to user perception of network speed may be located here, most particularly domain name system (DNS) resolvers, web caches, email servers, and the like.  For small ISPs the "ISP Cloud" might be as simple as a small Ethernet at the provider's facility; for larger ISPs the "ISP Cloud" might be an national or international network of substantial size and power.
• Internet: This is the vast landscape of the internet except for those content providers with which the ISP entered into special traffic exchange arrangements.
• Private Peering to large content providers: This is often where the largest of the large network traffic sources and sinks are to be found.  This is the land of Google/YouTube and of content distribution networks.  Content to/from users might be able to flow via the internet to those places but in order to provide faster access and to give the large content providers better control over the quality of their products both ISPs and large providers often prefer to create these kinds of special peering relationships.  This is a game for big players; small ISPs and smaller content providers are often not able to play at these tables.
  
  (Please note that I am using the word "peering" in a way that may be different from its use in settlement-free peering between ISPs.)

The portions of interest to the FCC's National Broadband Plan are the part between "A" and "B" and between "A" and "C".  These are shown inside the yellow box.

So what does all of this have to do with the National Broadband Plan in general and the FCC's Consumer Broadband test in particular?

First of all, we must recognize that a user's perception of network quality and speed is a complex function that involves the entire path between the user and the remote service.

Many protocol stacks and applications can degrade badly even if one seemingly small aspect changes.  For example, the speed with which domain name system (DNS) queries are answered is often a major, or even the dominant, component of how quickly web pages are fetched and rendered.  Indeed with the increasing number of "analytics" web bugs and links to "share" content the number of DNS queries involved in a page fetch can be quite surprising.  And DNS responsivity is a matter that involves more than mere bandwidth.

Other applications degrade for other reasons.  VoIP is often made incomprehensible by even small amounts of packet reordering, something that can occur quite often as a result of certain wireless technologies, load-balanced pathways, or routing behavior.  And applications that use large packets, applications such as high quality video, can be badly affected by fragmentation of packets due to link MTU values of less than about 1500 bytes.

There are many characteristics that play a part.  Among these are Quality of Service (QoS) handling, queuing disciplines and drop policies in routers, and congestion handling in protocol stacks.  Moreover there are an increasing number of protocol "accelerators" that try to obtain better user performance by abandoning the protocol etiquette algorithms that are built into well implemented TCP stacks.  Those accelerators may create local benefits to their users, as long as the number of such users is small, but they damage the experience of other users.

The National Broadband Plan tends to be involved only with the "User Access Link" part of my drawing.  Yet the FCC's tests tend to lump all the parts of the drawing into one number thus masking the contribution of each part.

A national broadband build-out that does not deal with the entire system will be a waste of time and money.  A user whose ISP has a magnificent broadband User Access Link but inadequate backhaul and connectivity to the internet at large is a user who is going to be dissatisfied.

Thus for the FCC's tests to be meaningful they need to do two things:

• They need to isolate and separately report the attributes of the User Network, the User Access Link, the User's ISP Cloud, and the degree of private peering to large content providers.
• The attributes that are measured need to be much deeper than "bandwidth" and "latency" and "jitter".  I would recommend that the FCC look at the way that tools like PathChar and Pchar construct a detailed hop-by-hop analysis of network paths.  Those tools require many thousands of packets over many tens of minutes for each hop in a path.  In my own work I began (but never completed) a project to design a protocol to enable the fast and inexpensive measure of paths characteristics for proposed packet flows.  That work is visible on the net at http://www.cavebear.com/archive/fpcp/fpcp-sept-19-2000.html.

Network Neutrality, UPS, and FedEx

I buy a lot of things that are delivered by UPS or FedEx.  And I kinda like to watch the progress of the shipments.

Now we all know that UPS and FedEx have different grades of service - Overnight, Two Day, Three Day, etc.  And faster deliver costs more.

Several years ago UPS and FedEx would frequently deliver a Two Day package the next day, i.e. they would effectively elevate the class of service.  A lot of us took advantage of that by sending almost everything using the lesser grade (and price) and often winning a higher grade (and price) delivery.

I am sure that that that did not please the bean counters at the shipping companies.

Today, with better tracking systems UPS and FedEx almost never deliver a package in advance of the delivery time for the paid class of service.  They will hold packages in their warehouses in order to make this so.  Today, if you want a given class of service you can get it only by paying for it; the old gambling trick no longer works.  I am sure that this has increased UPS' and FedEx' revenue.

The thing to note here is that UPS and FedEx can carry packages Overnight, but that they impose a delay, often an artificial delay, on packages that aren't paying the premium Overnight tariff.

So what has this got to do with Network Neutrality?

Consider an ISP that adopts the UPS/FedEx model.  In particular let's say that this ISP decides to impose a delay of 100 milliseconds on all standard class packets and does so in a way that is completly neutral as to source, destination, or protocol.  On a 10gigabit link that means holding about 125megabytes of traffic, in each direction, in a delay queue - that's a number readily within the range of today's technology.

Then that ISP could offer premium, i.e. more expensive, grades of service that bypass some or all of that 100 millisecond delay.

I have never heard anyone claim that either UPS or FedEx is not acting with neutrality.  It would seem that an ISP that acts as I have described would also be able to claim that it is just as neutral as UPS and FedEx.

I did not pick 100 milliseconds out of the air - rather I picked it because it can have a pernicious effect on VoIP. The ITU publishes 150ms as the time limit beyond which the users of a VoIP call to go into "walkie-talkie" mode.  100ms, one way, does not reach that amount, but it is close enough that other network delays could easily push the connection over the edge; and round trip time will certainly exceed the threshold.  In other words, a completely neutral application of 100ms to all packets, VoIP or not, will force VoIP users to upgrade to a premium service.

Other network activities would be impaired.  Domain name transactions would slow down causing user perceptions of sloggish service.

Bulk data transfers, such as web downloads of images, would only be marginally effected once TCP adapts to the round trip time.  But ISP's could "fix" that by adding some packet loss and some delay jitter to their "standard" quality.

The point of this exercise is to suggest that ISPs have a well stocked bag of tricks to induce users to pay more for what we used to get for free from "best effort" services on the internet.

Internet Epitaphs

Some ideas for epitaphs for the internet era:

• Her FIN has been ACKed.
• He's now a higher level abstraction.
• She has moved up the protocol stack.
• He is now a perfect packet traversing a loop free path of celestial ASN's.
• She has gone to the ultimate peering point.
• Her TTL went to zero.

The ACPA and the Rule Against Digital Perpetuities

The copyright-forever crowd is once again trying to turn copyright into a card that trumps civil liberties, due process, and Constitutional limitations.

The Anti-Counterfeiting Trade Agreement (ACTA) that is being "secretly" negotiated by the US and other nations would require signatory nations to impose a regime similar to the US DMCA, including Digital "Rights" Management (DRM) anti-cirumvention.

Under the United States Constitution (Article I, Section 8, Clause 8) the United States can only create copyright rights if those rights are constrained to exist only for "limited times".

DRM lasts forever.

DRM will make it difficult, often impossible, to make use of materials once the copyright term expires and the material enters the public domain.

DRM creates a perpetual right to prevent copying - a perpetual copyright.

And DRM will make it difficult, often impossible, for historians and archivists of the future to examine materials even long past the expiration of any copyright.

It thus of great importance that the ACTA adopt what I call "The Rule Against Digital Perpetuities":

No Digital Rights Management (DRM) limitation or anti-copying mechanism may endure longer than the copyright in the protected work.

See my prior notes on this subject:

• The Rule Against Digital Perpetuities
• The Rule Against Digital Perpetuities - A Reprise

Questioning Authority – Searching For Stability In Internet Governance

Here is the text of my talk today (November 13, 2009) at the LTA Symposium at the the Center for Law, Technology, and the Arts at Case Western Reserve University School of Law in Cleveland, Ohio.

---

Questioning Authority – Searching For Stability In Internet Governance

Pre-talk – Who I am (one slide)

Hello, I am Karl Auerbach.

I've been around the internet for a very long time.

If there is anything about the net that is constant it is that the net is always changing.

Introduction

A few months ago we discovered a hidden plumbing problem in my house. We hired a building inspector to take a look at the damage.

He told us that the supporting structure was badly damaged, that it was at risk of collapse, and that we'd have to replace some large supporting timbers.

Today much of our discussion has been about the more refined aspects of trademarks and domain names.

In this talk I'm going to take you in a different direction, down into the basement to take a look at the quality of the timbers that hold up trademarks, domain names, and internet governance.

Governance, Authority, and Technical Reality

Let's begin with the conflict between governance, authority, and technical reality.

The fabled anarchy of the internet is rapidly becoming a thing of the past.

Bodies and rules internet governance are quickly becoming a framework around which we structure our internet businesses and our internet lives.

If that framework lacks a firm foundation it could warp, be manipulated, or collapse.

Such a collapse would, in turn, have a ripple effect on all of the relationships and rights that we have constructed on that framework.

The effects of a crack in the foundation of internet governance could be significant, far flung, and painful.

---

When it comes to governance of the internet there are two foundation-stones: authority and technical reality.

Without authority, internet governance loses its power to command. Without authority a body of internet governance becomes nothing more than a small stone that barely disturbs the river flowing around it.

And without technical reality a body of internet governance will find itself superseded and become irrelevant.

We as a community of lawyers and technologists have been surprisingly willing to assume that authority exists or that technology will not someday be used in ways different than is the current norm.

The point of this talk is that we need to step back and examine our assumptions.

It is my contention that we will find the foundations of internet governance are lacking, weak, and in conflict with technical reality.

I believe that is time to put out the cautionary yellow flag in the race for internet governance.

We need to take a time-out to establish a firm foundation of legitimacy, authority, and technical relevance.

ICANN

Our focus here is Domain Names and Online Trademarks – which puts us squarely in the bailiwick of ICANN.

A considerable portion of the rights that people believe they have in domain names and in trademarks associated with domain names derives from ICANN's provisions embedded in ICANN contracts.

Without ICANN many of our perceived rights in domain names and trademarks could vanish.

---

ICANN's foundation reminds me of a friend who lives in New Hampshire in a house built in 1763.

In the process of exploring a drainage problem he discovered that the house had been built on nothing more substantial than a few stones that had been piled up to support the wooden sills upon which the house was framed.

It cost a small fortune to jack the house up, insert a real foundation, and then cure the warping that had accumulated over the years.

I'm afraid that ICANN has put us into a similar position.

ICANN hits the double jackpot.

ICANN lacks a source of authority. And ICANN is based on a technical fantasy.

Unless these are cured we may have to jack-up our existing rules of domain names and trademarks, build a new foundation, and deal with the accumulated warpage.

To make matters worse the method of control used by ICANN will amplify the extent of the damage should ICANN begin to wobble.

ICANN sits at the vertex of a pyramid of contracts.

That guarantees that uncertainties about ICANN will quickly propagate.

ICANN's lack of authority means that it may be vulnerable on the grounds that it is an unlawful combination or conspiracy in restraint of trade.

We are here in Cleveland, home to J.D. Rockefeller and the Standard Oil Company.

J.D.R justified his monopolistic practices on the grounds they eliminated the harmful effects of competition. That certainly sounds like the arguments that INTA has advanced its arguments against new top level domains.

ICANN may eventually have to face the same questions that were faced in the 19^th century by the Standard Oil Company.

And ICANN might have to answer those questions not only in the US but also in non-US jurisdictions such as the European Union.

--

ICANN's lack of technical reality means that ICANN will find itself high-and-dry should someone chose to establish a new DNS root.

--

These cracks in the stability and clarity of ICANN's role in internet governance will become wider and deeper as ICANN attempts to splatter itself into multiple legal entities in multiple countries using specialized national legal structures.

---

So let's examine the foundations that underlie our existing ICANN based regime of trademarks and domain names.

Where Is ICANN's Source of Authority?

Where is ICANN's source of authority?

Many believe that ICANN's source of authority is like the Seven Cities of Cibola – illusory.

Does ICANN's glamor of authority exist only because internet users have, for the moment, chosen to avoid asking the hard question?

ICANN began and remains merely a California corporation. ICANN has no special legal status.

The authority that ICANN wields must come from some external source.

Did ICANN's authority come from the US Government?

ICANN's governmental companion, the National Telecommunications and Information Administration, has never been able to articulate a clear statement of its own authority to act as a regulator of domain names nor that if it had such power that it has the power to delegate it to a private corporation.

No less an authority than the US Congress' GAO has looked at ICANN – twice - and has come away without being able to find that either the Department of Commerce or NTIA has adequate authority.

Not long ago, in September of this year, ICANN and NTIA signed an “Affirmation” that purports to reduce the degree to which ICANN can be viewed as an instrumentality of the United States government.

That agreement was notable for the absence of any statement that could be construed as a delegation of authority to ICANN.

Alternatively was ICANN's authority somehow derived from Jon Postel or the function that Jon filled, that of the Internet Assigned Numbers Authority (IANA)?

If so, how did that task, a task performed via the University of Southern California, leap to ICANN

Assuming that Jon or IANA had the powers that ICANN now wields, an assumption that is not particularly solidly grounded, there is neither a trail of documents nor an oral history to support an argument that a transfer did occur.

Where else might we look for the source of ICANN's authority?

NTIA did issue a zero dollar purchase order under which ICANN performs an undefined “IANA function”.

It is hard to reconcile a government purchase order, the same process that the government uses to purchase janitorial services, as amounting to a delegation by the US government of discretionary authority over a large part of the internet.

Did that purchase order delegate to ICANN a right to charge internet users what cumulates to a large amount of money for the privilege of using certain parts of the net?

Did that PO give ICANN the power to assign very lucrative parts of the net to third party operators for time periods that are effectively perpetual?

---

If ICANN's authority did somehow come from the US Government, then what happens to that delegation as ICANN and the US Government try to distance themselves from one another?

---

These are not situations that create a sense of stability. Rather it suggests that ICANN has been nailed together too quickly.

We've all seen Road Runner cartoons.

Is ICANN in a situation like that of Wylie Coyote when he has run off a cliff and is standing in mid air? We all know what comes next - he looks down, realizes his predicament, and then crashes to ground.

ICANN Versus Technical Reality

It was once believed that the seas were too vast to be controlled.

And it has been said that the internet must have exactly one domain name system.

The idea that the seas were too vast was demolished in the latter 1800's by Captain Alfred Mahan of the United States Navy.

Is ICANN about to crash on the reef of technical reality?

---

ICANN's control over DNS depends upon the belief that the internet must have exactly one domain name system and that whoever controls the top level text file called “the root zone” controls that DNS.

That belief is technically inaccurate.

There already exist competing domain name systems.

Most of them are run very poorly and have given a bad name to the concept.

But good operators, needing only an investment of a few hundred thousand dollars, easily and without needing any permission can establish competing roots.

And despite the common wisdom, and the self-preserving statements of ICANN, the existence of competing roots no more destabilizes the internet or causes user confusion than the existence of competing mobile telephone companies.

There are significant impulses that are inducing the creation of competing roots.

First is the profit motive – there are considerable opportunities to derive positive cash flow from a well run competing root.

Second is that it provides a market-driven answer to the Gordian knot of new top level domains.

Third is that ICANN is perceived, even after the recent “Affirmation” as an instrument of United States hegemony over the net, thus suggesting to other nations the possibility of establishing their own roots as a kind of internet declaration of independence.

Should competing roots arise, ICANN will lose its ability to dictate the terms of the domain name marketplace, including the UDRP, Whois, and new TLDs.

Conclusion

In conclusion there are several reasons to be concerned that the foundation underpinning ICANN and today's domain name word is brittle and could suffer catastrophic collapse through a successful lawsuit or the establishment of competing DNS roots.

This does not mean that we should panic.

The absence of clear authority can be remedied through national legislation and international treaty.

Competing DNS roots can be viewed not as a threat but as an opportunity to allow market-driven deployment of new top level domains.

In the longer term today's domain name wars may become nothing more than sound and fury signifying nothing.

All of this may become moot because technical innovation, particularly with the rise of better search and directory systems, is eroding domain names as indicators of sources of goods and services.

In other words, the idea that domain names are trademarks may be an idea that has as much place in the future internet as a dial-up modem.

--

I'll be happy to take questions.

Thank you.