Operators can’t play dumb if they want to be smart pipes
Picture the scene: a music-industry debate hosted in a small room above a pub in Soho, London. “Just answer me: Are you technically able to stop people sharing our music illegally online?” The casually dressed moderator’s voice was tense. It was the third time he’d asked the question.
The telecoms executive nervously adjusted his tie and replied that ISPs were much like the postal service. They couldn’t possibly be held responsible for the content traveling over the networks.
That was nearly two years ago. I’ve taken some dramatic license: My notes don’t show whether the telecoms executive actually fidgeted with his tie. Maybe he paused to wipe a bead of sweat from his brow…. But you get the point. Here you had two people from two different worlds trying to get each other to understand the pressures their businesses were under.
At the time, both arguments were valid. Even then, ISPs had a variety of means at their disposal to block illegal activities on their networks. In fact, many had been covertly using so-called deep-packet-inspection (DPI) technology to identify and discriminate against peer-to-peer file-sharing for several years to reduce the high cost of supporting the traffic.
This revelation rubbed more than a few copyright holders the wrong way, especially given the ISPs’ insistence that they had little control over how their networks were used.
The ISPs countered that they were discriminating against all P2P traffic, not just the illegal kind. DPI or not, they were no more able to inspect every packet of data traveling over their networks than the postal service is able to open every letter or package.
ISPs also have the protection of the law. Under European regulation, for example, they are “mere conduits,” carriers of information rather than publishers.
Yet more and more operators seem to resent this dumb-pipe status. They instead want to become smart pipes by using DPI to delve deeper than ever before into what’s happening on their network.
Some hope they will be able to use this information to prioritize certain Internet services, and charge their providers for the privilege. Others also want to use DPI to help deliver targeted advertising using systems such as Phorm and NebuAd.
Both ideas are already controversial. A number of campaign groups are concerned that allowing deals to give certain services priority on their networks would tilt the level playing field of the Internet toward ISPs and wealthy content providers. The European Parliament and Council of Ministers plan to reduce this threat by pushing for legislation to allow national regulators to force ISPs to provide a minimum quality of service for open Internet traffic.
And earlier this month, the European Commission launched infringement proceedings against the UK after receiving several complaints from citizens worried about the privacy implications of BT’s trials of Phorm.
Plans to use DPI for profit also lend weight to copyright holders’ claims that ISPs can and should take more responsibility for stolen content traveling over networks. This could in turn encourage an array of interest groups to call for action on online activities they are unhappy about.
Whether this would result in a change in the law is unclear. What is clear is that copyright holders are taking a great interest in DPI and plan to use their knowledge to lobby policymakers. The question for operators is whether the commercial gains from deeper DPI will outweigh such consequences.
There seems to be little appetite among content and application providers to pay ISPs to enhance the quality of service of their offerings. Phorm’s controversial approach to advertising, meanwhile, could cost ISPs more in lost subscribers than new advertising revenues, if the company’s critics are to be believed.
And just because an ISP is using DPI for these purposes does not mean it can easily use the equipment to meet the needs of, say, copyright holders or the authorities.
Most use DPI to target generally heavy usage or prevent denial-of-service attacks and other security risks. Using the technology to identify actual sharing of illegal content would place a major burden on their systems, which could slow down the network, they claim. Content-recognition technology would help, but copyright holders would have to play a role in managing it.
It is this kind of knowledge that ISPs need to share with the wider world. DPI is by nature controversial, and shrouding it in secrecy will enflame its detractors. Unless ISPs are open and honest, the next time they face a grilling about the technology, it might be in a brightly lit government building rather than a cozy pub.
There are also the interests of web sies to consider.
Material on a web site is also protected by Copyright law. That means it is illegal for an ISP to copy that content for any purpose other than onward delivery, particularly if the method of use damages the creator (by promoting a competitor).
In the UK Regulation of Investigatory Powers also requires consent from both parties to interception of communications.
There are other laws to consider too, such as the Computer Misuse Act (making it a crime to interfere with the operation of a computer), Fraud/Trademarks which protect the identity of a business.
Ultimately, if people want spyware they still have that choice. Download it. Install it on your computer.
But don’t compromise the privacy/security/integrity of UK and global telecommunications. Because, unless you’re willing to employ encryption, you will lose all right to private communication (voice, email, web the lot).
The answer to the question posed in the first paragraph is a clear “no” (encrypted file-sharing would become widely deployed within weeks). But, fortunately, there is a much better way for service providers to add value for the music industry: increase legal, paid use of their product by providing features such as DRM management (with secure identification) to allow innovative new publishing and distribution mechanisms.
For example, track whether someone has bought a particular track and hence should be allowed to re-download it onto their new phone for free. Monitor whether the user has used up the 10 free forwards they were granted by the copyright holder or whether they can forward it to another friend. If the friend tries to forward it again, offer to allow them to purchase the right to 10 free forwards themselves, charging it to their phone prepaid account. All in real-time, supporting the applications on the handset or PC.
Hi Graham
ISPs – particularly BT – have demonstrated themselves incapable of operating DPI in a trustworthy fashion.
They should not be permitted to use DPI on the communications we entrust to them.
That means no examination of the content, no modification of the content, no censorship of legal content, no throttling, and respecting client confidentiality.
ISPs should not examine or disclose the content, the sender, the recipient, or the location of their customers.
If that means the media industry have to find new ways to engage with their clients so be it. That’s called ‘revolution’; it affects all industries as time passes.
And as for the ISPs, if they need to make money they should be restricted to making money from communications services (ie, charging by consumption). That creates a self fulfilling virtuous circle of consumption, income, investment … without resorting to spying on customers, compromising their private/confidential communications, or censorship.
Pete
It seems to me that there is a solid tendency here to combine functions in this scene in ways that are not necessary, even if they may be obvious derivatives of the present processes. Specifically, the giant issue is whether or not, when, and how much copyrighted matter is flowing through the system. We don’t need the system operators to also be the police. What we need is that certain samples of content within a given message could easily recognize it as aspecific musical recording, like “I Want To Hold Your Hand.” When the tiny sample recognizes it, the carrier notes the fact and sends a batch message to the copyright owners that the stuff changed hands. The copyright holders can send a bill, ignore it, recognize it was known to them and legal,…. No involvement with any judgements or responsibility for anyone except for the copyright holder to accept the data and chose when and if to act. Keeping the conduit operators out is a good idea. Keeping the interested parties in “sight” of their property is also good.
Pingback: Technology, Thoughts, and Trinkets » Blog Archive » Deep Packet Inspection: The Good, the Bad, and the Ugly