Stewardship of Cyberspace: Duties for Internet Service Providers

More documents

Recommendations

Info

HATHAWAY/SAVAGE: Stewardship of Cyberspace: Duties for Internet Service Providers 6 In addition to the basic agreement, fifty-five governments agreed to value-added services (or telecommunications for which suppliers “add value” to the customer’s information by enhancing its form or content or by providing for its storage and retrieval, such as on-line data processing, on-line database storage and retrieval, electronic data interchange, e-mail, or voice mail). The World Trade Organization’s director-general, Mr. Renato Ruggiero, stated that “information and knowledge, after all, are the raw material of growth and development in our globalized world.” 11 The rapid adoption of technology and growing migration of essential services to be delivered on Internet-based infrastructure demands a re-examination of whether ISPs should be classified as nondiscriminatory. That is, must they treat all customers equally in terms of service or can they “discriminate?” Can we really say that the Internet or those who provide information services over the Internet deserve a similar degree of explicit responsibility as that assigned to “telecommunications service providers?” Internationally, most nations do not distinguish between basic services (traditional modes of communications) and enhanced services (Internet-based services). However, the United States has made that distinction. The Telecom- munications Act of 1996 created separate regu- latory regimes for companies providing voice telephone service, cable television service, and providers of information services (broadband). The law did not necessarily envision the con- vergence of voice, data, and video services and infrastructures. A year after this law was enact- ed, the United States agreed at the WTO to treat 11 “WTO Telecom Talks Produce Landmark Agreements,” World Trade Organization, paper 16, 15 February 1997, http://www. wto.org/english/res_e/focus_e/focus16_e.pdf. both value-added services (Internet) and traditional communications (voice) in a nondiscriminatory manner. The Federal Communications Commission (FCC) or Congress should clarify this contradiction. Why? Because the rapid adoption of technology and growing migration of essential services to be delivered on Internet- based infrastructure demands that broadband and other Internet-based services be classified as core telecommunications services. This obli- gates the providers to deliver a reliable service that contributes to the stability and resiliency of the global communications infrastructure. The United States and other countries are pursu- ing deeper integration of critical infrastructures with Internet-based technologies, like the “smart grid,” a computerized network that facilitates electricity and information flows between homes and electrical suppliers; computerized health records; public safety alerts (Voice Over Internet Protocol); and next-generation air-traffic management. However, these essential services may not be built to the same standards for which the traditional voice telephone system was built. Broad- band network reliability and resiliency are vital for all services that traverse a network, including traditional communications services. Our reliance on the dependable operation of communications networks is growing. Therefore, it may be necessary to expand existing communications reliability and resilience programs, including best practices and associated outage reporting, as these services transition from traditional modes of communications to Internet-based technologies. Outage reports and other reliability data collected by regulators provide insight on the overall health of communications reliability and security of the critical infrastructure and, where necessary, enables regulators to work with indi- vidual entities or the industry as a whole to bring
HATHAWAY/SAVAGE: Stewardship of Cyberspace: Duties for Internet Service Providers 7 about improvements. 12 The FCC realizes that it “needs a clear strategy for securing the vital communications networks upon which critical infrastructure and public safety communications rely.” 13 Europe is already moving forward with streamlining its regula- tory process as part of the Digital Agenda for Europe. Europe recognizes that compliance monitoring and enforcement of a nondiscrimi- nation policy allows for more choices, at afford- able prices, underpinned by a higher standard of service. 14 Many nations have recognized that it is in their national economic interest to enhance access to and participation in the Internet. ISPs provide an essential citizen service – the Internet – and they also provide the conduit upon which other essential services depend (e.g., Smart Grid). Therefore, it is their duty to serve as reliable and accessible conduits to Internet traffic and services. 2. Duty to provide authentic and authoritative routing information Interdomain routing (from ISP to ISP) occurs primarily through the Border Gateway Protocol (BGP). 15 BGP has become a standard because of its simplicity and resilience. Under BGP, each ISP announces destinations that can be reached 12 “Audit Report: The Department’s Management of the Smart Grid Investment Grant Program,” United States Department of Energy, Office of Inspector General, OAS-RA-12-04, January 2012. 13 Connecting America: The National Broadband Plan, The United States Federal Communications Commission, 16 March 2010. 14 “Commission Launches Public Consultation on the Application, Monitoring and Enforcement of Non-discrimination Obligations in Electronic Communications,” European Commission, 28 November 2011, http://ec.europa.eu/information_society/ policy/ecomm/library/public_consult/non_discrimination/index_en.htm. 15 K. Butler, T.R. Farley, P. McDanier, and J. Rexford, “A Survey of BGP Security Issues and Solutions,” Proceedings of the IEEE, 98, no. 1 (January 2010): 100-122. via it and the paths that packets will take to these destinations. (Think of this as a message that says I am open for business, I can route your information, and if you send it to me, it will pass through these ISPs.) These announcements propagate to neighbours and eventually to all routers on the Internet. BGP relies on trust among the operators of gateway routers—routers between ASes—to ensure the integrity of Internet routing information. However, this trust has been compromised on a number of occa- sions, revealing fundamental weaknesses in this critical Internet utility and service. When BGP vulnerabilities are exploited, Inter- net traffic can be misdirected and misused. For example, in February 2008, Pakistan Telecom was ordered by the Pakistan telecommunications ministry to prevent its users from viewing certain YouTube addresses. Announcements of short paths to these addresses were designed to draw traffic from within Pakistan to the pro- vider who then proceeded to discard the traffic. Unfortunately, these announcements leaked from Pakistan and made portions of YouTube inaccessible to about two thirds of all Internet users for about two hours. 16 On 10 April 2010, BGP users received an alert regarding a possible prefix hijack by China’s largest ISP, China Telecom. For approximately fifteen minutes, this ISP generated approximately 37,000 unique prefixes that were not assigned to them. 17 This is what is typically called a prefix hijack and while the hijack had modest to minimal impact on total Internet traffic vol- umes, China was ten times more affected than the United States. This event underscores the 16 Declan McCullagh, “How Pakistan Knocked YouTube Offline.” CNET News, 25 February 2008, http://news.cnet.com/8301- 10784_3-9878655-7.html. 17 “Chinese ISP Hijacks the Internet,” BGP.mon blog, 8 April 2010, http://bgpmon.net/blog/?p=282.
Page 2 and 3: ABSTRACT In today’s interconnecte
Page 4 and 5: HATHAWAY/SAVAGE: Stewardship of Cyb
Page 24: HATHAWAY/SAVAGE: Stewardship of Cyb

Stewardship of Cyberspace: Duties for Internet Service Providers

Create successful ePaper yourself

Delete template?

Save as template?