Archive for August, 2007

Last Friday I was thinking about nostalgic, virtual time zones.  I'm pleased to report that although next week I'm moving (for the term) to Ann Arbor, Michigan, it's the same time there that it is in New York and Washington.  So don't think that I'm a few hours ahead or behind — I'll still be in the same relative position.  Plus, so much of communication is supposed to be asynchronous that it really shouldn't matter.  I'm looking forward to the move, but this was a good piece of time-news.

It looks as if the European Union is much further ahead of us than a mere 6-9 hours when it comes to separating transport from content.  (I'm not saying that everything that happens on the EU level is a good idea.  Take data retention, please.)  There was a recent piece in the Times about Viviane Reding's continuing crusade to effect change:

According to a person in Brussels who has direct knowledge of the plan, the European commissioner for telecommunications, Viviane Reding, wants to create a European Union agency called the European Telecom Market Authority, with power to override national regulators and pry open domestic markets.

One of the most potent weapons wielded by the agency, which would consist of the directors of 27 European national telecommunications agencies, would be the ability to force former monopolies to separate legally from their transmission networks to give competitors equal access.

This will be very, very hard, and perhaps impossible, to implement.  But regulation requiring openness, or unbundling, hasn't been enforceable.  (This happened to us here in the U.S. after passage of the 1996 Act.)  So why not try something else?  European carriers, predictably, think functional separation is a terrible idea.  European national regulators give slow treatment to Brussels-imposed rules. European consumers probably don't know or understand why this kind of separation would ultimately help them.  So it's a lonely crusade, but a forward-thinking, ahead-of-our-time approach.

===

Monday:  E911.  It goes with CALEA (plug for The Ambulance, The Squad Car, and The Internet), and the Commission is thinking about mandatory disclosure of here-I-am location.  All your devices will be informing on you, all the time.  Still feel fondly towards your phone?

The wrangling around the Communications Assistance to Law Enforcement Act (CALEA) is one of those issues that creeps inexorably forward and is hard to follow unless you're really focusing.  So here is a quick, if longish, overview:

CALEA is a 1994 statute that requires telephone companies to design their services so that they are easily tappable by law enforcement in need of “call-identifying information.”  Back in August 2005, following a request from the Dept. of Justice, the Commission moved swiftly to impose CALEA obligations on providers of broadband access services and “interconnected VoIP” services. Now the Dept. of Justice is asking for mandated design compliance for content (packets), location, and other issues — seemingly far away from the statute's focus on access.

Ever since CALEA was enacted, law enforcement, industry, and the FCC have been tussling over what needs to happen for compliance.  The statute says that telecommunications common carriers are supposed to “expeditiously isolat[e] and enabl[e] the government, pursuant to a court order or other lawful authorization, to access call-identifying information that is reasonably available to the carrier. . ” and then deliver intercepted communications and call-identifying information to the government “in a format such that they may be transmitted . . . by the government to a location other than the premises of the carrier.” 

CALEA doesn't allow law enforcement to ask for designs that would enable access to “content” information beyond “call-identifying” information without proper legal process.  The Commission has said that “privacy concerns could be implicated if carriers were to give to [law enforcement agencies] packets containing both call-identifying and call content information when only the former was authorized.”

Much of the tussle has to do with cost-shifting:  the original CALEA statute authorized $500 million to be allocated to paying the carriers back for their efforts in connection with compliance, but there's no money being offered to the internet players.  But a lot of the recent tussle has to do with how to move CALEA's obligations into the internet era.  The problem is that CALEA was specifically written not to cover online applications like email and other “information services.”  And saying what online “call-identifying” (non-content) information is presents a difficult task.

The CALEA Order released in August 2005 interprets CALEA to cover any services provided by non-telephone companies that are in some way (however minor) replacements for telephone services.  Many people thought that was a very strange interpretation of the statute, which specifically exempts information services (online applications) from the definition of “telecommunications carrier.” 

Then, last summer (June 2006), the D.C. Circuit chose to defer to the FCC's interpretation of CALEA.  (Just as in BrandX — if Congress enacts a statute that can be categorized as “vague,” and the FCC interprets it, the courts will often go along.)   But the D.C. Circuit tried to make clear that CALEA could cover only the telecommunication-carrier aspects of broadband access and VoIP — the transport/access part/switching parts of these services that replace traditional phone service.  CALEA pretty clearly does not apply to the other things these services could do, like storage of email or web hosting.  CALEA, the court said, is about access. 

So, if the FCC wanted to broaden the coverage of CALEA to take in other non-access functions, they'd have to go back to Congress.

Well, law enforcement didn't want to go back to Congress.  Instead, in May 2007 the Dept. of Justice filed a “deficiency petition” [link goes to Part 1 of 3] with the Commission.  DOJ is now asking for an “expedited rulemaking” that would require broadband access providers to provide “call-identifying information” in the form of packet activity reporting for all of those online applications – all information services. DOJ is also asking for location information that is more precise than just cell-tower level information, and they want wireless carriers to force consumers to always have the location function in their cellphones on – a CALEA location mandate.

This is a very big deal.  In the past, CALEA required local phone companies to meet call-identifying obligations when it came to someone's phone call to reach his dial-up ISP.  So the local phone company had to provide information about the start and end of that phone call.  Even though “packets” were certainly traveling around this dial-up connection, no additional information had to be sent on to law enforcement, and the local phone company wasn't supposed to listen to the phone call. 

Now, law enforcement wants wireless transmission service providers (say, Verizon) to be able to report to law enforcement about what packets are being carried by them, using which port numbers.  (There's no real functional difference between wireless internet access and wired, so this same obligation would be applied to all highspeed internet access providers.)  Driving things to the packet level is a big deal.  It's way beyond what anyone understood “call identifying information” to mean in the days of the telephone.  And port numbers would reveal information about what application was being used, which is “content.”

This isn't about law enforcement's ability to get packet-level information from anyone.  With lawful process (like a warrant), law enforcement could ask for content elements from any old VoIP provider within its jurisdiction.  The key thing here is cost-shifting and design:  can law enforcement ask in advance that information service providers design their systems to spew out exactly the information that law enforcement wants, in law enforcement's desired format?  particularly when this information will necessarily include content?

The statute says (in my view) that law enforcement can't do this, and the FCC doesn't have the authority to rewrite the statute.  The Commission can't just say that all packets and port numbers are part of “call identifying information,” and can't extend CALEA's design obligations to information service functions (even information service functions of broadband access providers) that aren't part of transmission/access/switching.  The location mandate would be hugely privacy-invasive, and would require handset providers to build their phones in a particular way.

VeriSign, predictably, has filed in this proceeding to remind the Commission that it's a provider of “CALEA Trusted Third Party Services,” and urges the Commission to quickly grant law enforcement's petition.  VeriSign takes the view that what law enforcement is asking for is “well-settled” and just needs”clarification” as being covered by CALEA.

Bottom line:  the Dept. of Justice wants to require highspeed internet access providers to (1) design their systems so as to be able to provide detailed information about every packet that goes by, (2) to be able to provide fine-grained tracking information; and (3) to shift the cost of all of this to the carriers.

Implications:  if you have to be able to do all of this to provide highspeed access, you won't go into business lightly.  Only the largest incumbents will be able to handle these obligations if the FCC grants this petition.  Open access doesn't fit with these requirements at all, because the whole point would be that the carrier wouldn't even know what applications were being used on its network.  (So if you wanted to get rid of open access, you'd accept these changes to CALEA and then use CALEA as a reason never to allow competitive ISPs to connect to the wires and wireless systems of incumbents.) What about mesh, what about opportunistic community networks?  And what about privacy?  Should it be a condition of using a portable device that you permit your carrier to be able to easily report where you are at all times?

In late July 2007, several responses (CTIA, CDT et al.) were filed to the DOJ's May petition for expedited rulemaking.  I can't tell from the docket when the Commission plans to rule on the petition, and I'm hoping they deny it.  If law enforcement is going to suggest design mandates for all online applications, elected representatives should be aware- the statute they passed in 1994 clearly didn't cover this.  It is not a good idea to rely on the Commission's discretion in these key areas.

If you go over and look at the docket for this week's filings in the FCC's “white spaces” proceeding, you'll find this:

1.  Microsoft says the Commission tested a broken device, and never even tried the (functioning) backup device or called up Microsoft to find out why the heck the thing wasn't working:

In the presence of FCC engineers, Microsoft engineers tested the Prototype A device used by [FCC's Office of Engineering and Technology] for the DTV signal testing. This test revealed that the scanner in the device had been damaged and operated at a severely degraded level….

• Microsoft testing conducted in the presence of FCC engineers also revealed that the spare Prototype A device previously provided to the FCC Laboratory (which was in the FCC’s possession throughout the testing process) reliably detected occupied television channels at -114 dBm.

• OET staff acknowledged that they did not attempt to contact Microsoft after observing the performance of the damaged Prototype A device tested by OET, nor did OET use the spare/backup Prototype A device provided to it for any portion of its DTV signal testing.

2.  Philips Electronics North America reminds the Commission that its prototype device was very good at sensing DTV signals and wireless microphones:

In analyzing the test results, it is essential to bear in mind the purpose of this prototype testing. It is not for equipment authorization. We are not yet at that stage in the process. The sole purpose is to test the feasibility of operating unlicensed [White Spaces Devices] without causing harmful interference, of which consistent and robust detection is a significant part. Viewed from that perspective, all parties should view the testing of [the Philips device] as a success.

3.  Meanwhile, the cable industry's trade association group bravely tells the FCC that even though the Commission tested a broken device, the results of the tests “validate the concerns expressed by the cable industry and other parties regarding the substantial risks of wide-scale interference from unlicensed devices and the inadequacy of the signal sensing detection mechanism incorporated in prototype devices.”

Watch for both cable and broadcasters to get very up-in-arms about protecting wireless microphones.  If we get this wrong, planes will fall from the sky!

Low-powered wireless microphones are essential to television journalists covering breaking news events, particularly on-the-scene coverage of emergency situations. And they are ubiquitous tools for the distribution of audio in all major sports and entertainment events in large venues.

4.  A technical director for a church in Reno has this to say:

I would ask that your discussions and decisions keep in mind the thousands of churches across the country who rely on wireless technology to communicate messages of hope, encouragement, and love to millions of people every week.

5. Motorola chimes in, saying personal/portable devices could use geolocation information to avoid interference, and encourages the FCC to do more testing.

6.  And the Community Broadcasters Association says that it

believes that the [FCC] report validates its position that any White Space operations must be limited to operations at fixed locations that are held accountable through licensing; and if any personal portable devices are allowed, their frequency selection must be controlled by a licensed centralized beacon that relies on not only sensitive spectrum sensing but also a database that requires exclusion of all broadcast signals expected to reach the user’s location.

That's just three days of filings.  We've got a broken prototype being seriously tested by murmuring, clucking-with-concern engineers, immense security-plus-prayer concerns about wireless microphones, and a call for no unlicensed uses at all — much less the unlicensed, portable uses that would make a new opportunistic market for basic ubiquitous internet access possible. You can't make this stuff up.

[I couldn't resist this.  I promise CALEA tomorrow.]

I'm sadly not able to go to Aspen this week, but Gigi Sohn is there now.  Reporting in her inimitable style, she says:

[P]erhaps [Michael Eisner's] most ridiculous shot of the day was at co-panelist Arianna Huffington, publisher of the Huffington Post.
Eisner criticized Huffington for a business model that does not pay its
contributing bloggers. If people just give away their blog posts to the
Huffpo, they will be relegated to working on an assembly line just to pay their bills, he said.

Gigi points out, rightly, that there are a lot of reasons people blog that have nothing to do with money.  Recognition, influence, impact, conversational participation in the online world – there are many good motivations to write.  It may be true for most bloggers that there's no immediate business model, but there are indirect informational effects of writing a blog that can support a satisfying and moderately remunerative life.

Here, take my blog – it's free.  And tomorrow I'll go back to CALEA (bet you can't wait). 

The enormous PDF of the rules came out on Friday evening last week.  There is a lot here to chew through, but some highlights leap out:

1.  Those Carterfone protections don't mean too much.  The no-locking, no-blocking requirements are hedged in by substantial limitations:  the winning licensee will be able to lock and block devices and applications as long as they can show that their actions are related to “reasonable network management and protection,” or “compliance with applicable regulatory requirements.”   In other words, as long as the discrimination can be shown to be connected (however indirectly) to some vision of “network management,” it will be permitted.  (Discrimination “solely” for discrimination's sake is prohibited, but that's not too difficult to avoid.)

Among other limitations, the license winner will be allowed to continue to use its own (non-standardized) certification standards and processes to approve uses of devices and applications on their networks, will be allowed to protect the “safety and integrity” of their networks against non-carrier applications and devices, and will be permitted to restrict use of its network to devices “compatible with [the carrier’s] network control features.” Additionally, carriers will have the ability to deny interconnection to handsets and applications that are unable to provide location-information via the carrier’s E911 system (a system that is controlled by the carrier itself). 

All of these elements will provide any incumbent carrier that wins this auction with ample slow-roll capability.  It will be very difficult for non-carrier application providers and device manufacturers to work through the incumbent’s certification processes.

2.  The “reserve price” gambit is quite astounding.  Martin's arrangement for very limited open access is accompanied by a novel escape clause:  if the license block that had been conditioned on limited no-locking, no-blocking requirements fails to sell for at least $4.6 billion, it will be re-auctioned in smaller chunks without any conditions applied.  

Commr. Copps disagrees with this “reserve price” approach, saying “[t]he procedure in this Order carries chilling risk to the success of the auction. If some of these blocks do not fetch the bid prices stipulated, perhaps because of gaming of the worst sort, they will be re-auctioned with weaker build-out requirements. If the 22 MHz block, where we hope for Carterfone open access principles, fails to elicit a $4.6 billion bid, it will be re-auctioned without Carterfone open access. In the end, all of this micro-managing virtually hands industry the pen to write the auction rules and to constrict all the opportunities this spectrum held forth. The end result could be: same old, same old. What a pity that would be!”

There are many, many devils in these details.

I'm at a long meeting in a conference room overlooking the grounds of my high school.  This happened last year too, so being here is a weird mixture of nostalgia and déjà-vu-nostalgia (“I already had this nostalgia”).

Walking around the Stanford campus earlier this week, I felt firmly in the current day.  Because I was never there as a student, it's in the modern time zone for me.  But near my high school the time zone bends – somewhere nearby it's thirty years ago, and all the sights and smells remind me of what it was like then. 

Because I went to the same place for law school and college, I had this time zone feeling almost daily.  Just crossing the street from the law school to the undergraduate campus made me think that I had returned to my past.  Things seemed a little slower and out of focus, just slightly.  I guess that's sensory nostalgia.

Here, next to the high school, life is better now than it was then.  The pier nearby is all cleaned up – there's a really good rollercoaster (small) and a restaurant on the end where there used to be nothing.  I'm still doing the same things I did then, but it's more fun.  There are different worries, but I can get on a plane whenever I want and go somewhere else.

It's been a long week.  Have a nice weekend, whatever time zone you're in.

I learned the other day that the Commission had terminated a couple of proceedings that might have cast some light on all this spectrum policy wrangling. 

One had to do with receiver standards.  It's very hard to move towards using spectrum more efficiently if you're stuck dealing with a bunch of dumb legacy devices.  (Even if devices could just promise to receive IP packets that might make them smart enough.  But a lot of devices can't yet do that, of course.) 

The other had to do with interference.  If you don't have any measurements for interference, it's hard for anyone to discuss what it means or how much is too much.  Someone can always claim that planes just might fall from the sky if someone else does X or Y.

Because the incumbent carriers (both telcos and television broadcasters) are perfectly happy with dumb-but-customized devices and can work out their own interference deals behind closed doors, they don't mind having these proceedings end.  But their absence makes it harder for the rest of the ecosystem to predict the future and attract investment.  Many years of work went into these two proceedings.   (I see that Harold blogged about this eons ago.)

We can't move all of communications into the internet model – the “indifferent transport” model – using the white spaces without piercing this darkness.

Yesterday, Telecommunications Reports quoted Chairman Martin – and it's quite an optimistic report. 

Tiny background:  Just as Brand X and Grokster came out on the same day, and Brand X has turned out to be centrally important (although all the press buzz was about Grokster), the FCC's report on white spaces devices came out the same day as the 700 MHz rules – and unlicensed use of the white spaces may be even more important than having the right rules apply to 700 MHz.

Why?  Because so much more spectrum is at stake.  There are about 294 MHz of (non-contiguous) white spaces (unused TV airwaves), and the most anyone thought would be available for wholesale access in the 700 MHz auction was 22 MHz.

You can do a lot more with 300 MHz than 22 MHz.  You can find opportunistic ways of providing last-mile highspeed internet access on an unlicensed, fill-in basis.  This could be key for unserved rural areas in this country.  It could also be key for a tsunami of innovation and bit transport generally – just think how many more bits are being moved around via wifi hotspots in comparison with other kinds of transport.  (A lot more.)

So when the FCC appeared to be pooh-poohing the ability of a couple of prototype devices to avoid interference, it was a big deal the other day.

Now Chairman Martin is expressing optimism, and it's a good thing:

I think the Commission remains … committed to be able to find a way to more efficiently utilize all of the spectrum, including the white spaces in the broadcast spectrum. . . . While I think that the engineers, you know, had some concerns with some of the devices, I think that they didn't conclude that it still would not be technically feasible. … Our engineers have actually opened up the process. They're trying to bring in engineers both from the broadcasters and from the technology companies to identify ways in which to improve those devices to ensure that it doesn't create undue interference.

So that's good news.  For some reason, the Microsoft prototype failed the tests.  There's time to do this right and get different prototypes in front of the Commission.  Watch for the white spaces – they're key.

I'm at a hotel that won't let me send SMTP mail – in Mountain View! – and so I thought today would be a good day to talk about Deep Packet Inspection.  Nate Anderson of Ars Technica wrote a fine article about this recently.

In talking about tricky “when the law hits the network” questions, we often assume that non-cableco ISPs can't know all that much about what their subscribers are doing online.  It would take so much computational effort to look at packets zipping by that the user experience would grind to a halt – people would take their business elsewhere.

It turns out that's just not true.  Anderson's piece points out that there are vendors selling products that are designed to dig into a packet's payload and make educated guesses about what the packet is part of.  And more than that – they can reconstitute webmail messages and chat sessions. 

Patient visitors to this blog will remember that I've spent a lot of their time talking about CALEA.  Well, these same vendors make CALEA compliance easy for ISPs, because they can just isolate all the traffic coming from a particular subscriber and forward it on (in response to adequate legal process, you hope) to law enforcement.

The vendors' argument on “traffic shaping” is that it's only fair – why should some bandwidth hogs get away with whatever they want to, when capacity is constrained?  A response could be: why don't you provision more bandwidth, and then charge people for using more capacity?

The key point, the money quote, is here:

Think about that for a second.  We assume for purposes of the whole Net Neutrality debate in this country that competition is absent in the “last mile.”  What if there's no competition for backbone transport?  What if the backbone providers think they can get away with private traffic shaping too?  We'll have no way of knowing, and they'll be able (apparently) to watch the payload of every packet.

That could be a good title for a novel.  It's what the Times is saying about its new skinny format.  The paper asserts that there's a “national newspaper 12-inch standard” to which it's now adhering, and I have no reason not to believe them.

There's something so deliberate and sweet and hard-copyish about the phrase “somewhat fewer words per page.” 

What's nice about a web page:  you just can't control how many words your reader's page has on it.

I'm in motion today, on my way to California for several days of talking.  I had a great time this afternoon with Joanne Colon and Andrew Baron of Rocketboom.  They're under management and quite the media moguls at this point, but they were kind to me.  And a big blog thank-you to Andy Carvin.

Tomorrow:  some reflections on surveillance.