www.satn.org

Project MAC, where we met S at MIT A the Software Arts building where we worked together T and the attic N where VisiCalc was written
Other writings on our personal sites:

Bob's
David's
Dans's
RSS Feeds:

SATN

Bob

Dan
Comments from Frankston, Reed, and Friends

Friday, June 30, 2006

BobF at 11:09 AM [url]:

Cringely: If we build it they will come

I've been struggling to explain why we should be thinking about infrastructure and opportunity rather than just Network Neutrality.

Robert X Cringely has done a far better job than I have been able to do in summarizing the key points in his PBS column.

Too bad the FCC sees it's mission as protecting the so-called telecom industry from it's biggest threat -- it's customers, i.e. all of us.



Thursday, June 29, 2006

DPR at 6:57 PM [url]:

Remote controlled routers - trojan horse or benefit?

Dewayne's list passed on this press announcement of a new "high speed home router" that comes with its new FIOS service, allowing multiple users to access the Internet over the FIOS fiber. This router is described in the press release in terms of its speed and customer support capabilities. Verizon carefully notes that it was designed specifically for the FIOS users.

But since this router is supplied, owned and controlled by Verizon, we should also be careful of any "Trojan Horses" that are embedded that might affect Internet service in a way that a standard "home router" does not. In particular, this router has features designed by the DSL industry (i.e. the LECs' captive suppliers). The major one being the "Industry Standard TR-069" touted at the top of the press release as a tool for customer support. But it can be far more than that.

I would note that "Industry Standard TR-069" is not hard to find on the DSL Forum site.

However, a little (though not much) careful reading is required to find the reasons why Verizon might like this standard as a tool to manage a user's use of the net.

For the most worrisome example: I direct the reader to Appendix D. Appendix D describes an architecture for intercepting web page requests from the customer and redirecting them. In other words, the standard can be exploited to control World Wide Web accesses a customer (or any Internet-based equipment the customer might choose to buy at a later time) might make, since Verizon owns and controls the router frp, a remote control server.

Note that this router feature does not merely "prioritize" traffic. It can meddle with web requests, redirecting some requests to special sites that are in a business relationship with the owner.

From an Internet point of view, this protocol is not standard. There is no Internet RFC that has been filed for the protocol involved. Not even a draft RFC. The DSL Forum is an organization that has no standing in the Internet community.

Verizon's description of the protocol as "industry standard" is deceptive, because it is incomplete. It is a standard, from a very narrow "Industry" (telephone equipment providers who sell DSL termination equipment). But it has not followed the normal route by which Internet protocols are developed and deployed on a worldwide consensus basis. As a NAT router, it violates the basic principles of the Internet architecture as well, which have created the most rapidly growing world-wide communications capability in the history of civilization.*

Verizon is perfectly within its rights to develop and deploy any technology it wants to sell to customers, if that is what they choose when fully informed of what they are buying. But it must
acknowledge that this equipment and its network are not giving customers access to The Internet. Instead, Verizon is giving its customers access to a private walled garden, with limited access to The Internet when and if it suits Verizon's purposes.

In my personal opinion, putting this kind of technology in the path of a service that claims to offer Internet access comes close to *misappropriating* and distorting an important public good, called The Internet, which was built by voluntary market cooperation and social contribution, for private gain, and deceiving its customers in its representations in the process.

Of course, there is no evidence (other than the political opposition to neutrality taken by all of the Bells via their lobbyists) that Verizon will use this capability. But it is latent in the routers they are deploying.

You may not agree, but if you do find this a bit fishy, please share this observation with your friends, and perhaps your US Senators as an example of how companies like Verizon try to deceive their customers and to exploit their government-granted monopoly power over their customers by baiting them with speed, and reserving the right to switch their communications to preferred substitutes.

You might also share with your friends this link to a proposed bill to protect The Internet from such redefinition by vendors that pretend to sell Internet Access, but sell something else instead.

(Full disclosure: I contributed to the creation of this legislative proposal, primarily through the observation that The Internet is not a "service" but something defined collectively by those it connects, just as "culture" or a "conversation" or a "meeting" is a joint activity defined by its voluntary participants). However, I had not read TR-069 until my curiosity was piqued by the press release.)

When I commented on this on Dave Farber and Dewayne Hendrick's site, some email responses I got suggested that people thought I had discovered Verizon actually doing something bad. I did not mean in any way to imply that, so I hope if you have forwarded my earlier note you will pass on this clarification.

My comment here is based on studying the TR-069 standard, *in the context of the current "Net Neutrality" debate* in which both I and Verizon are involved, and noting that it is possible to exploit the features of that standard to redirect traffic and monitor traffic under the control of the access provider.

I do not mean that the router itself is a bad product, or that it has no good purpose. I also am not accusing Verizon of actually doing those things that I worry about - I have no such evidence.

But the possibility is real, and we have no assurances from Verizon or other providers that they will not exploit those possibilities. (In fact, many in the Net Neutrality debate who claim to be acting for the Bells seem to be arguing that it will be *necessary* and *appropriate* for Verizon to do so.)

I would hope that Verizon would make a clear policy statement about what it will do to make sure that such features are not used inappropriately.

It is surely a good thing for router equipment to provide facilities for remote diagnosis and maintenence. When communications equipment is concerned, such tools need to be used with care, however. The data being carried is sensitive and personal, and is NOT the property of the carrier of the data. It may not even be the case that the user has the right to disclose the data in question (as is the case in HIPAA and European data protection regimes).

Thus features that redirect, block, and otherwise interfere with communications must be used carefully, with clear authorization from all concerned parties, and (here it is my opinion only) with recognition that the the users' communications belong to the users and their counterparties, not the operator of the communications system.



For more, see the Archive.

© Copyright 2002-2008 by Daniel Bricklin, Bob Frankston, and David P. Reed
All Rights Reserved.

Comments to: webmaster at satn.org, danb at satn.org, bobf at satn.org, or dpreed at satn.org.

The weblog part of this web site is authored with Blogger.