This week's blog by Dr. Gary Kessler, professor at Embry-Riddle Aeronautical University and Head of the Department of Security Studies and International Affairs at the university's main campus in Daytona Beach, FL. Dr. Kessler is a member of Total Digital Security's Board of Directors and a nationally recognized expert in the cybersecurity field.
On May 18, 2017, the Federal Communications Commission (FCC) adopted a proposal to roll back the current 2015 Net Neutrality rules, aka Open Internet. This is an important issue to us as Internet users and consumers, potentially impacting security and privacy.
Let's start by defining some terms. First, there are two levels to the Internet, namely infrastructure and services. We physically access the Internet via a hardware infrastructure composed of computers, communications channels, routers, and switches. The reason that we use the internet is to access to services -- the software of the Internet -- such as social media, the World Wide Web, e-mail, games, streaming media, search engines, etc.
Second, the FCC oversees Internet service providers (ISPs), aka broadband Internet access providers. These providers are the communication carriers that sell users physical access to the Internet, such as cable television and telephone companies. In other words, they are infrastructure providers rather than service providers.
The providers of Internet services -- not regulated at all by the FCC or, often, anyone else -- are organizations such as Facebook, Google, Hotmail, and Netflix; every company, agency, and university that you have ever heard of; and tens of millions of sites that you have never heard of.
So what is net neutrality? Net neutrality simply means that all sites on the Internet are equally accessible to all users without interference or bias by the ISP. Here's how the FCC's Open Internet Page defines it:
An Open Internet means consumers can go where they want, when they want... It means innovators can develop products and services without asking for permission... The FCC's Open Internet rules protect and maintain open, uninhibited access to legal online content without broadband Internet access providers being allowed to block, impair, or establish fast/slow lanes to lawful content.
Read the above carefully and consider the following example. MySpace started in 2003 and was a large success. Facebook became available to the public in 2006. Consumers -- who had equal access to both platforms -- largely decided that Facebook provides more and better services than MySpace. Today, Facebook is the largest social networking site on the Internet, having more than twice the number of registered users as the second most popular site, and is currently 40 times the size of MySpace. It doesn't matter whether you love or hate Facebook; this is an example of a free, neutral market.
Now, consider what might have happened in a non-open Internet. MySpace, the dominant social media site in 2006, might well have had the resources to buy express lane service from ISPs whereas Facebook did not. In that environment, access to Facebook would have been significantly slower than access to MySpace, inhibiting consumer awareness of the competing service and/or adoption of that service. In such an environment, money would have trumped a new and better idea, and the social media landscape might look very different today. (For that matter, what might Facebook do today to competitors if Net neutrality is not maintained?)
Killing net neutrality will make many businesses happy because they can continue to get the bulk of their industry sector's traffic and can make it much harder for new competition to get a foothold. Most ISPs will be happy because they can once again use consumers as an involuntary revenue stream.
But there is absolutely no benefit to end users. Rolling back the rules means that end users lose choice and access to competing ideas.
Proponents of removing the current rules most often cite that doing so will promote innovation. This suggests that Net neutrality has somehow stifled innovation. Nothing could be further from the truth and, in fact, flies in the face of the history of the Internet. Since its inception in 1969 and through commercialization in 1991, the Internet has always been Net neutral. Innovation comes because someone in the user community develops an idea -- or a way to improve an existing idea -- and makes it available to the rest of the user community. The simple truth is that the current set of ISPs has never done anything to provide innovation in Internet services (although they have clearly provided significant innovation in our methods of Internet access).
David Clark of MIT famously said, in 1992, "We reject kings, presidents and voting. We believe in rough consensus and running code" (https://www.wired.com/1995/10/ietf/). This has long been a mantra of the Internet. No one created applications in the non-open telephone network except the telephone company. On the Internet, access providers don't give us applications; the user community gives us applications.
We have allowed this issue to become a political one and conversations that fall on political boundaries rarely result in good policy. This debate is not about "reversing Obama Administration government overreach." Indeed, the FCC vote to adopt the proposal was on party lines and has the political doublespeak name of "Restoring Internet Freedom." Politics has to be put aside.
So why bring this up in blog about personal information security? With the recent rollback of rules governing what data ISPs can collect about consumers' browsing habits and what information ISPs can sell to just anyone (possibly including the government), followed by a proposed roll back of rules protecting user rights to go where we wish on the Internet unfettered by the people who sold us the wire, we are losing our privacy and control of how we use our Internet. Competition will be stifled and innovation will be stifled, the very innovation and competition that might help make us safe on the Internet. Big companies that cannot keep our data secure can actually inhibit smaller companies that might do more to protect us merely because they are bigger, richer, and can afford the express lane. The continued assault on our privacy by the selling of our information to these big companies will actually make it easier for big companies to maintain control and even harder for new entries to effectively compete. This doesn't benefit us as consumers, it doesn't foster innovation, and it doesn't help the Internet.
I don't make these prognostications lightly. I have been using the Internet since 1981, five years before it was even called the Internet and ten years before it's widespread commercialization. I have watched the 'Net's evolution and the evolution and creation of new applications. And almost none of the players advocating for the rollback of Net neutrality had anything to do with making the Internet the greatest innovation incubator in the technical age. As I have observed before, the Internet was always in a "net neutral" state. Innovation and freedom of expression on the Internet -- at least in the U.S. -- was always a given. When the current rules were adopted in June 2015, then-FCC Chair Tom Wheeler observed, "After a decade of debate, these rules finally provide strong safeguards for free expression."
Prior to the June 2015 ruling, the FCC received more than 4 million calls, overwhelmingly in favor of maintaining Net neutrality. The comment period on the "Restoring Internet Freedom" proposal is open until mid-August 2017. I would urge readers to tell the FCC that Net neutrality has worked for the last quarter century of the commercial Internet. The ideal market decides winners and losers when all players have a level playing field; an Open Internet is the epitome of a fair game where good ideas -- even from small players -- can float to the top.
KEEPING THE NET NEUTRAL
by Gary C. Kessler, Ph.D., CISSP