Chris T. Marsden will discuss the past, present and future of net neutrality regulation, enforcement and implementation, focussing on EU Regulation 2015/2120 and the Guidelines issued by BEREC on 30 August 2016. He will argue that the success of the Guidelines is dependent on the actions of the 28 national regulators and 9 observer regulators (one of whom actually wrote the majority of the Guidelines). He will draw comparison with the potential enforcement of net neutrality in other parts of the world http://www.iscc.cnrs.fr/spip.php?article2245
Marsden CNRS European net neutrality law & Guidelines 12092016
1. Net Neutrality law: NOT
business as usual
Prof Chris Marsden
University of Sussex
@ChrisTMarsden
www.chrismarsden.blogspot.com
9/13/2016
2. regulation, enforcement and implementation,
focussing on EU Regulation 2015/2120 and
the Guidelines issued by BEREC on 30 August 2016.
success of the Guidelines is dependent on
actions of 28 national regulators
9 observer regulators
(one of whom actually wrote the majority of the
Guidelines).
comparison with other parts of the world
9/13/2016
Past, present and future of net
neutrality
3. We can begin from principles of
Human rights
Network architecture
(Network) Economic principles
Developed within telecoms law and regulation frameworks
In practice, telecoms regulators adopt, change and use
these principles within their frameworks
(nice systems theory doctorate on perturbation awaiting?)
9/13/2016
Theory of net neutrality circles back
to telecom regulation
10. RFC 6973 Privacy Considerations for Internet Protocols
RFC 7258 Pervasive Monitoring Is an Attack
‘process’ rather than a ‘technical’ document,
impact on every strand of work the IETF does,
including the development and revision of standards.
Ted Hardy (Google):
“we’ve spent 20 years optimising for bandwidth and
speed, it’s time we also started optimising for privacy”
RFC 7624, Confidentiality in the Face of Pervasive
Surveillance: A Threat Model and Problem Statement
Working groups consider pervasive monitoring and provide
guidance for how such attacks could be mitigated.
9/13/2016
IETF and Privacy
from Government Attacks
11. IoT relies on stable connections
Cloud relies on stable connections
Big Data apps rely on stable connections
New Services? That 4th Industrial
Revolution (sic) thing?
9/13/2016
14. Background: Internet Science, RAND,
ITC UK, WorldCom, start-ups
Net Neutrality: Towards a Co-regulatory Solution
Bloomsbury, 2010
Net Neutrality: From Policy to Law to Regulation
Manchester UP, 2016
Regulating Code (with Prof. Ian Brown)
MIT Press, 2013
Network Neutrality:
A Research Guide
Handbook Of Internet Research
Internet Co-regulation
Cambridge UP, 2011
Bibliography of Internet Law
Oxford UP, 2012
9/13/2016
18. Welcome to the new boss….same as
the old boss?
Consumers’ associations & civil society deeply suspicious
of DT/Orange links to ministry and former bureaucrats
But they are all honourable men
http://www.reuters.com/article/france-orange-idUSL5N10968F20150729
9/13/2016
19. By Region (TB per Month)
North
America
557,237 831,457 1,199,309 1,700,159 2,327,596 3,208,203
42%
Western
Europe
432,322 707,537 1,045,171 1,477,156 2,060,788 2,795,362
45%
Asia Pacific 1,578,865 2,676,873 4,422,785 6,725,446 9,771,677 13,712,874
54%
Latin
America
276,416 447,991 714,540 1,065,744 1,521,312 2,091,703
50%
Central and
Eastern
Europe
545,750 946,263 1,510,630 2,242,669 3,249,449 4,442,281
52%
Middle East
and Africa
294,476 569,895 1,038,661 1,723,221 2,777,550 4,313,794
71%
Cisco VNI Mobile Forecast to 2020
9/13/2016
27. SCRIPTed: A Journal of Law, Technology & Society
Volume 13, Issue 1, May 2016
https://script-ed.org/article/comparative-case-studies-in-
implementing-net-neutrality-a-critical-analysis-of-zero-rating/
9/13/2016
Comparative Case Studies in
Implementing Net Neutrality: A
Critical Analysis of Zero Rating
28. Country Legislation/ regulation Published Date Enforced
Norway Guidelines[7] 24/2/2009[8]
Zero rating declaration
by NKOM of 2014
Costa Rica
Sala Constitucional De La Corte
Suprema De Justicia[9]
13/7/2010
2010 by Supreme Court
precedent
Chile Law 20.453[10] 18/8/2010
Decree 368,
15/12/2010[11]
Netherlands Telecoms Act 2012[12] 7/6/2012
2014 and Guidelines
15/5/2015[13]
Slovenia
Law on Electronic
Communications 2012[14]
20/12/2012
Zero rating 2015
Finland
Information Society Code
(917/2014)[15]
17/9/2014 2014
India Regulations (No.2 of 2016) 8/2/2016
August: 6 months after
Gazette publication date
Brazil Law No. 12.965 23/4/2014
Consultation 2015-16, no
implementation[16] 9/13/2016
Notable laws or regulation
29. Brazil follows India, bans zero rating 11 May
http://chrismarsden.blogspot.co.uk/2016/05/brazil-bans-zero-
rating-fudges.html
DECRETO Nº 8.771, DE 11 DE MAIO DE 2016
Regulamenta a Lei no 12.965, de 23 de abril de 2014,
para tratar das hipóteses admitidas de discriminação de
pacotes de dados na internet e de degradação de tráfego,
indicar procedimentos para guarda e proteção de dados por
provedores de conexão e de aplicações, apontar medidas de
transparência na requisição de dados cadastrais pela
administração pública e estabelecer parâmetros para
fiscalização e apuração de infrações.
9/13/2016
Brazil, India, Chile
30.
31. Mobile roaming internationally
Potential abolition of charges by 2018
‘Open Internet’ (not net neutrality)
Some protection from throttling
Both came into force 1st May 2016
Latter subject to BEREC Guidelines
to be issued by 30 August 2016
9/13/2016
EU Regulation 2015/2120
32. Details of the Regulation
7 relevant pages with
Articles 3-7
19 Recitals:
PECP/PIAS TMM v CAS
Interesting definitions!
“Strict interpretation and
to proportionality
requirements” (Recital 11)
Four issue areas for BEREC
Transparency and evidence
Recital 19, Article 4 in force!
Zero rating
Recital 7 ‘material effect’
Specialised services
Recitals 16-17, Art.3(5)
Enforcement of TMP/Privacy
Recital 18, Art.3(4), Art.5/6
9/13/2016
33. Test is not FRAND but RTNDP
FRAND
Fair
Reasonable
and
Non-Discriminatory
Settled case law and
regulatory practice for
this approach
RTNDP
Reasonable
Transparent
Non-Discriminatory
Proportionate
Not entirely clear where
this standard lies?
Case law of CJEU needed?
That would delay us years
9/13/2016
34. Recital 10, 33-35 – date incorrect on EDPS opinion (14/11/2013)
e.g. DPI motivated Dutch law: KPN investor call in May 2011
PHORM returns? 2006-7 illegal interception UK
See my 2014 report for government of Korea on exactly this
Italy and UK 3 ad-blocking an example?
http://www.bbc.co.uk/news/technology-35615430
“Customers should not have to pay data charges because of adverts
mobile ads should not access handset data without explicit consent,
owners should only see advertising that is relevant, interesting to them
rather than obtrusive and untargeted information”
Specific content monitoring could be
interpreted as prohibited by the Regulation
9/13/2016
35. Relationship nationally & EU level with BEREC members
Enforced by DPA, evidence gathered by comms regulator?
Note emerging US FTC-FCC re. Title II data collection
http://www.theverge.com/2016/2/16/11017934/net-
neutrality-data-collection-fcc-title-ii
Is privacy enforcement by the
Article29 Working Group?
9/13/2016
36. Self- and co-regulatory solutions need explicit legal act
New legislation required in a few extraordinary nations
assuming all stay in the EU/EEA that long….
UK position on government-
mandated or “encouraged” opt-ins
9/13/2016
38. Four weeks’ consultation in July –
what process amends guidelines?
“scarcely two months to evaluate and incorporation of potentially
thousands submissions in several languages,
an extraordinary plenary then votes on the finished document”
https://netzpolitik.org/2016/netzneutralitaet-wie-es-jetzt-weiter-geht/
Wrong –actually ONE month. London & Oslo, how’s your Slovenian?
9/13/2016
39. “4million people participated in FCC consultation
In India, there were over one million people,
arguably greatest direct democratic participation
movements in history, for an internet issue .
BEREC consultation finishes after twenty days
making it the shortest of the three.”
https://translate.google.co.uk/translate?sl=auto&tl=en&js=y&prev=_t&hl=
en&ie=UTF-
8&u=https%3A%2F%2Fnetzpolitik.org%2F2016%2Fnetzneutralitaet-wie-es-
jetzt-weiter-geht%2F&edit-text=&act=url
Students are on holiday in July – good timing?
Or millions…?
9/13/2016
41. They hate their telcos
Speeds are inadequate in most EU countries – esp.
compared to academic not-for-profit networks
They hate surveillance
Five Eyes, Snowden, PRISM, Squeaky Dolphin
They value privacy
Schrems, Digital Rights Ireland, PHORM-BT
They distrust regulators
See telcos and security services as allies – and you?
Why are (some) people angry?
9/13/2016
43. [EDRi evidence to BEREC]
right to receive, seek and impart information (Article 11)
the freedom to conduct business (Article 16)
right to provide services in all 28 Member States (Article 15.2)
Traffic management must be application-agnostic:
class-based traffic management prevents the roll-out of new
services, harm competition, innovation, privacy, users
congestion affects end-users’ choice if not properly managed
“The Regulation must be read in light
of the Charter of Fundamental Rights”
9/13/2016
44. Telekom’s Hottges’ start-up tax announcement
right after adoption of net neutrality rules
What will BEREC decide, as FRAND solution apparently
off the table?
FRAND would have been easier for you?
Or physical/logical separation? DOCSIS3 issue
Regulators must not allow the
reclassification of online services and
applications as “specialised services”
9/13/2016
45. Leads to uncompetitive market consolidation between
IAPs & Content Application Providers
EU protectionism vs US OTTs? ETNO v. BEREC?
BEREC, NRAs and competition authorities
should stop IAPs making access to their
customer base a new form of monopoly
9/13/2016
47. affects individual users’ freedom to impart information;
a commercial practice;
violates the Regulation’s ban on blocking and throttling;
TMM would not be temporary, as required by Regulation;
distorts competition and limits end-users’ choice.
Is it reasonable to interpret that zero-
rating is prohibited?
9/13/2016
53. [2016] Comparative Case Studies in Implementing Net
Neutrality: A Critical Analysis of Zero Rating
SCRIPT-Ed 13:1 at http://script-ed.org/
[2015] Zero Rating and Mobile Net Neutrality,
Chapter 18, pp241-260 in Belli and de Filippi eds.
‘Net Neutrality Compendium: Human Rights, Free Competition
and the Future of the Internet’ Springer
Research articles on zero rating
(in addition to Prof. van Schewick)
9/13/2016
54.
55. Telecoms regulators will focus on zero rating & net neutrality
There is a privacy issue that is omnipresent
Monitoring traffic at network level
I have written at length about this elsewhere:
Particularly Phorm/BT secret trials in 2006/7
Snowden revealed Vodafone/BT cable interception
PRISM programme of GCHQ/National Security Agency
Later violations in developing countries
Finfisher software sold by UK defence contractor
Hacking Team ‘assistance’ to LatAm governments
9/13/2016
Net neutrality and censorship
57. Focus on developing countries
India, Brazil, Mexico, Russia
Mobile/Wifi as central network/access points
Privacy as right infringed, more than free speech
Vital economic importance of expat VPN/VOIP
‘Remittance societies’ – inc. Bangladesh, Philippines,
Pakistan, Sri Lanka
Very good work by LIRNE Asia and others
9/13/2016
Further research into privacy,
surveillance & net neutrality
58. Net neutrality implementation
EU/EEA/Brexit UK
USA & Canada
BRICs & Mexico
Openness and mandated interoperability
Social network ‘platform’ regulation
Privacy of data transfer/personal data stores
Co-regulation & NGO/civil society debate
Note NN produced 4m US/2m India/500k EU responses
Regulating Code Part II
‘Regulating Platforms’?
9/13/2016
My future work
59. Net Neutrality:
Discrimination, Competition, and
Innovation
in the UK and US
Alissa Cooper and Ian Brown (2015)
ACM Transactions on Internet Technology, 15(1): 2-21
http://dl.acm.org/citation.cfm?id=2700055
9/13/2016
Editor's Notes
5 months participant observation at major UK ISP; 70 semi-structured interviews + analysis of 300+ company and govt documents