You are here

The Many Vulnerabilities of an Open Internet

What an "Open Internet" does not mean is as important as what it does mean.



  • Surely an "Open Internet" is not intended to mean what it certainly can mean: un-protected, unguarded, or vulnerable to attack. 

  • Thus, it is essential for the FCC to be explicit in defining what the terms -- "Open Internet," "net neutrality," and Internet non-discrimination -- don't mean, as well as what they do mean.

The word "open" has 88 different definitions per Dictionary.com and the word "open" has even more different connotations depending on the context. While the term "open" generally has a positive connotation to mean un-restricted, accessible and available, it can also have a negative or problematic connotation if it means unprotected, unguarded or vulnerable to attack.  



  • When such an amorphous, multi-use term like "open" is proposed as a new effective purpose for the FCC, and a new formal basis for new economic regulation, it is essential that the term be defined very specifically, for what it is, and just as importantly, for what it is not.

FCC Chairman Genachowski's seminal speech on "Preserving a Free and Open Internet: A Platform for Innovation, Opportunity, and Prosperity," which can be found at www.OpenInternet.gov, did a good job of beginning to define the positive aspects of what "open" means in this context.



  • Clearly from the Chairman's speech the intention is for an "open" Internet to promote good, positive and consensus things like: "innovation, opportunity, and prosperity.


  • It is also clear that the Chairman believes an "Open Internet" fosters "innovation without permission;" he said in his speech:



    • "...the core principle of openness -- the freedom to innovate without permission -- ...has been a hallmark of the Internet since its inception, and has made it so stunningly successful as a platform for innovation, opportunity and prosperity."  

  • However, it is still not clear what the term "net neutrality" means other than preventing anti-competitive behavior, which is what antitrust law already does. 

While Chairman Genachowski's speech began the process of defining the positive aspects of an "Open Internet," it was largely and conspicuously silent on specifically what "open Internet" regulations would not mean or not do.


  • Consequently, it is a wide-open-question if the effort to define "open," will be an open-and-shut" case or if it will turn out to be an open-ended process with no satisfactory answer.

Without publicly and explicitly defining what "open" in "Open Internet" is, and is not, there could be several areas of substantial unnecessary confusion, uncertainty and conflict that serve no ones interests.


1.  Is an "Open Internet" defined like an "open market?"


Miriam-Webster's Dictionary of Law defines an open market as: "a freely competitive market in which any buyer and seller may trade and in which prices are set by competition.



  • Surely an "Open Internet" cannot mean the opposite of a "open market" -- in that it is a regulated market where only applications providers may trade or where the government effectively sets prices, terms and conditions and not competition.

  • Surely if competition sets prices in an "open market," then an "Open Internet" cannot mean that subscription-based or transaction-based business models do not have the freedom to compete with free-advertising-based business models. 

  • Surely the definition of an Open Internet cannot mean that one company's "freedom to innovate" would negate another company's freedom to compete or an entire sector's freedom to engage in free enterprise, because that definition would be a zero-sum construct that logically would not be the "platform for innovation, opportunity and prosperity" that Chairman Genchowski aspired to in his speech

  • Surely the freedom of enterprise, and the freedom of property, and the freedom to innovate all include the freedom to offer "managed services" unfettered by regulation to meet the diversity of growing demands of consumers and businesses.  

  • Surely the Internet's design is not genuinely "future-proof" when the Internet's co-designer, Vint Cerf, admitted in a Guardian interview that it was a mistake not to incorporate managed services in the Internet's design:

    •  ..."The idea of a virtual private network was not part of the original design," says Cerf, with a grin. "It was actually an oversight. It didn't occur to me that it would be useful until afterwards."         


2.  Is "Open Internet" non-discrimination defined as an absolute principle? 


A major confusion about what an "Open Internet" means comes from what Chairman Genachowski said: "The fifth principle is one of non-discrimination -- stating that broadband providers cannot discriminate against particular content or applications.



  • The speech's explicit language implies that the FCC's non-discrimination definition could be absolute, like it is in the current Markey-Eshoo Bill (HR 3458), in that it is not a qualified-term as all non-discrimination provisions have been since 1934 as... "unjust or unreasonable discrimination" or "undue or unreasonable preferences... predjudice, or disadvantage." [Bold added]

  • Surely the FCC can't be interpreting the FCC's Title I authority that the FCC has authority to impose a non-discrimination requirement for unregulated broadband information services that is more strict than the strictest non-discrimination requirement for regulated telecom services that is already in Title I section 10 and in Title II section 202.

  • Surely that extreme absolute can't be the case because that would imply that the FCC intends to regulate Internet transmissions for the first time much more restictively than any communications transmissions have been regulated the last 75 years. 

  • Surely a "free and open Internet" means what the language implies, a competition-driven unrestricted Internet, not a euphemism for disguising a new regulator-driven, hyper-restricted Internet that proactively discriminates in favor of applications at the expense of networks. 

  • Surely the FCC can't be interpreting the FCC's Title I authority to empower the FCC to restrict the business practices of competitive companies more strictly than the business practices of monopoly companies ever were. 

  • Surely the FCC cannot be interpreting the FCC's Title I authority to regulate broadband companies that are not common carriers (cable, wireless, and satellite), as common carriers, when the law explicitly has always treated them differently even if they are "all paths to the same Internet."  

  • Surely the FCC cannot interpret constitutional due process and equal protection to allow the preemptive and selective restriction and punishment of hundreds of broadband companies (that the FCC Chairman implictily acknowleged have done nothing wrong), based on just two official problems the FCC has found in several years of oversight, and also based on the FCC's Broadband Policy Statement which explictly applies to more than just broadband providers: "consumers are entitled to competition among network providers, application and service providers and content providers."   

3.  Is an "Open Internet" defined to be un-protected, unguarded, or vulnerable to attack?


In describing the FCC's new purpose in preserving an "Open Internet," Chairman Genachowski was largely silent on whether an "Open Internet" would be a "safe Internet" or a "secure Internet."



  • The only reference to Internet safety and security in Chairman Genachowski's ~4000 word speech was: the non-discrimination "principle will not constrain efforts to ensure a safe, secure, spam-free Internet experience, or to enforce the law. It is vital that illegal conduct be curtailed on the Internet." 

  • Apparently there was no place in the positive definition of an "Open Internet" for the concept of cyber-security because it was not mentioned at all as a problem or threat to the Internet.

  • It is noteworthy, that a speech about "preserving a free and open Internet" made no mention at all of President Obama's important declarations on cyber-security and cyber-security threats in his cybersecurity address 5-29-09.

  • President Obama said:

    • "This new approach starts at the top, with this commitment from me:  From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be:  as a strategic national asset.  Protecting this infrastructure will be a national security priority.  We will ensure that these networks are secure, trustworthy and resilient.  We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage."

    • "In short, America's economic prosperity in the 21st century will depend on cybersecurity." ..."It's about the privacy and economic security of American families." "...this is also a matter of public safety and national security."  

  • Remarkably, FCC Chairman Genachowski's speech about "Preserving a Free and Open Internet: a Platform for Innovation, Opportunity, and Prosperity" did not consider raging cyber-crime and rapidly-escalating cyber terrorism threats to the reliable operation of the Internet, our financial system, and our electrical grid, to be mentioned as a danger to the Open Internet and American opportunity and prosperity -- or to be worthy of the FCC's internet policy attention.

  • Also remarkable was that the only mention of a "danger" in Chairman Genachowski's "Open Internet" speech was:

    • The concern about "a dangerous retreat from the core principle of openness -- the freedom to innovate without permission..." and that    

    • "This is not about protecting the Internet from imaginary dangers."

Surely the FCC's definitions of an "Open Internet," "net neutrality" and a non-discrimination Fifth principle will not effectively define broadband providers as the greatest threat and danger to an Open Internet and its users -- a greater threat and danger than cyber-criminals or cyber-terrorists.


Surely, the FCC does not see the potential for anti-competitive discrimination that harms innovation as a bigger danger to consumers and a more important problem to address than the real, pervasive every day cyber-security threat of viruses, worms, malware, cyber-crime, identity theft, cyber-stalking, fraud, denial of service attacks, bot-net zombie networks, etc.


Surely the FCC will be explicit in caring if the Internet is reliably available and operational so that the Internet can be free and open and can enable innovation, opportunity and prosperity.


Surely the FCC will be explicit that it understands some things are more important than others and that without meeting physical, security, and social Internet needs first, aspirational needs like openness tautologically cannot be met. (See my post: "A Maslow's Internet Heirarchy of Needs? Will the Internet have priorities or be a priority-less Internet?") 


Surely if competitive broadband providers' business models are truly not viewed as a danger to users but as an essential part of the cybersecurity solution, the non discrimination "Fifth Principle" definition should make it explicit that nothing in that principle should be interpreted to hinder network operators' ability to manage, protect and safeguard their networks and customers from the full and evolving spectrum of unforeseen cyber-security risks and harms.



  • Surely any new regulation definitions to fulfill its new found purpose of preserving an "Open Internet" must square with the FCC's 75-year-old  purposes Congress authorized for the FCC from Title I section 1: "...for the purpose of the national defense, for the purpose of promoting safety of life and property..."

  • Surely any new FCC Open Internet regulatory definitions will comport with, agree with, and stay within the bounds of existing longstanding FCC statutory authority and precedent.    

Given that Chairman Genachowski's speech focused a good bit on the history of Internet openness as a design principle, it is relevant to share the security assessment of an "Open Internet" -- from the perspective of Vint Cerf, the renowned actual co-designer of the Internet's end-to-end protocol.



  • In an interview with the Guardian, Mr. Cerf shared his candid assessment of the many security vulnerabilities of an Open Internet:

    • "It's every man for himself," he says, grinning. "In the end, it seems every machine has to defend itself. The internet was designed that way."

    • "...every machine that can be compromised is a potential hazard. A machine that was OK yesterday is certainly not OK today: it may have ingested an infected memory stick...."

    • "My bias right now tends to be 'It's every man for himself' - you need to be suspicious whether you're inside the trusted cloud or not, and when it fails, the house of cards tends to collapse." 

Given Mr. Cerf's blunt assessment of the security problems inherent at the edge of an end-to-end architecture of the "Open Internet," there are many security threats: malware, viruses, worms, trojans, denial of service attacks, etc., which require reasonable network management to defend against.



  • And most importantly, these threats are constantly evolving and many are unforeseen, so surely a non-discrimination definition would need to provide substantial latitude to engage in reasonable network management to address the many vulnerabilities of an "Open Internet." 

  • One category of cyber-security threat, so-called zero-day-threats are so new and potentially pernicious that if there is no flexibility to engage in reasonable network management there would be no way to fulfill President Obama's cyber-security pledge to: "deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage." 



  • Tom Tovar, CEO of Nominum, wrote an excellent analysis on the essential role of networks in cyber-security entitled: "Network-based Security Is Our Future."



    • The simple but essential takeaway from his analysis is that an "Open Internet" will increasingly need network-based security solutions to cope with rapidly proliferating security threats and attacks.

    • Surely any FCC non-discrimination definition from the FCC will explicitly ensure the network flexibility to make the Internet more safe and secure and not more unprotected, unguarded and vulnerable to attack.    

    Given that the Internet's co-designer candidly admits that the Open Internet architecture design has major design flaws that create an "every man for himself" environment, the FCC must take great care in the definition of the non-discrimination fifth principle, to not "force openness" or "force dumbness" on networks.


Surely the FCC's definitions will make clear that nothing in a non-discrimination fifth principle could be interpreted to authorize any:



  • Abandonment of precautions, prevention, and protections that defends users;

  • Loss of necessary cyber-security safeguards; or

  • Opening to new dangers, risks and harms by barring defenses that require discrimination or prioritization.

Surely the FCC's definitions will explicitly allow sufficient flexibiliity for reasonable network management/protections and smart network innovation to enable:



  • Rapid and effective responses to crises, intrusions, infections and outages;

  • Efforts to prevent and protect from cyber-crime, cyber-terrorism and Internet pollution; and

  • A necessary safety valve for unforeseen network pressures.

4.  Does an "Open Internet" "freedom to innovate without permission" definition respect property rights? 


It is clear that the Chairman believes "innovation without permission" is important to openness, he said in his speech:



  • "...the core principle of openness -- the freedom to innovate without permission -- ...has been a hallmark of the Internet since its inception, and has made it so stunningly successful as a platform for innovation, opportunity and prosperity."  

Surely the FCC's proposed "freedom to innovate without permission" which is found nowhere in law or the constitution, is not a new absolute FCC principle that overrides or negates other freedoms and rights that are actually based in the constitution or existing law -- like property rights.


Surely the FCC's proposed "freedom to innovate without permission," does not override the constitutional right to own property and control and profit from its use.


Surely any new non-discrimination principle that is not based on any specific statutory authority, but only interpreted ancillary authority, will not override network owners property rights to require a consumer to agree to and abide by contracted terms of service and pay for services rendered.


Surely the non-discrimination definition will make it clear that "innovation without permission" or non-discrimination is not a license for a taking of property nor does it mean that a property owner does not have the right to require permission and payment for the use of their property.


Surely the FCC's definitions will make clear that when  constitutional and statutory protections of property are not different on the Internet than in the physical world.   


Surely the FCC's "Open Internet" definitions will be specific that they in no way contradict or contravene the official "policy of the United States... to preserve the vibrant and competitive free market that presently exists for the Internet," which is in the 1996 Telecom Act, and surely the definitions will not have the effect of practically transforming the Internet from a "free market" to an "information commons" where property owners cannot require permission and payment for use of their property.


5. How

does a new non-discrimination definition thread-the-needle of dealing with anti-competitive behavior without preempting free and open competition? 







Surely the FCC's regulatory definitions to implement its new found open Internet purpose does not ignore or conflict with the most current law and regulatory precedents related to the 1996 Telecom Act's promotion of competition.  


Surely the challenge in the non-discrimination definition is to not define anti-competitive as anything that could increase regulation that would in effect discourage competition, given that the statutory purpose the 1996 Telecom Act was "to promote competition and reduce regulation... and encourage the rapid deployment of new telecommunications technologies."  


In conclusion, surely the FCC does not want to create confusion, uncertainty and conflict in fulfilling its signature policy initiative, nor create many new unintended vulnerabilities for Internet users, when the FCC simply can clearly and explicitly define what an "Open Internet," "net neutrality" and a non-discrimination fifth principle, are not intended to do or mean.


 


 


 


 


 



 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 


 


 


 


 


 


 



 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 


 


 


 


 


 


 



 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 



 


 


 


 


 



 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 


 


 


 


 


 



 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 



 


 


 


 



 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 



 


 



 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 




 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 


 


 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 



 


 


 


 


 


 



 


 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 



 


 


 


 


 


 



 



 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 




 


 


 


 


 



 


 


 


 


 


 



 



 


 


 


 



 



 


 



 




 



 


 


 


 


 



 



 


 


 


 



 



 


 



 




 




 


 


 


 



 



 


 



 




 




 


 



 




 





 


 


 


 


 

Q&A One Pager Debunking Net Neutrality Myths