Categories
Regulation - What is it Good For? The Industry

Being an ISP

Over time, this blog has talked about everything broadband, but I don’t think I’ve ever talked about being an ISP. In the simplest terms, an ISP is somebody that connects to a home or business and routes broadband traffic to and from the Internet. ISPs do a lot more these days. For example, they protect customers against hacking and bad behavior on the web.

We all know the big ISPs like Comcast, Charter, AT&T, and Verizon since these four ISPs serve over 75% of all broadband customers in the country. All of the other ISPs you hear about collectively serve the other one-fourth of the U.S. market.

The heyday of the ISP industry, in terms of the total number of ISPs, was probably in the late 1990s when anybody could be a dial-up ISP by buying a modem bank, some telephone lines, and a connection to the Internet. It seems like every small town and even many neighborhoods had one or more ISPs who competed with the few big nationwide players like AOL and CompuServe.

ISPs come in every shape and size. The ones we most think about as ISPs own networks that reach people’s homes, either through wires or wirelessly. Satellite companies like Viasat and Starlink are ISPs. But there are other kinds of ISPs. For example, some ISPs lease fiber connections from a city or somebody else that owns a network. There are still some ISPs delivering broadband over leased telco copper wires. A lot of people don’t think of cellular carriers as ISPs, but most people today have smartphones and connect to the Internet using apps. In many of the surveys we conduct, we see that as many as 10% of households only connect to the Internet over a cellular connection.

ISPs are somewhat regulated, but it gets complicated. The FCC under Ajit Pai largely deregulated broadband by wiping out the FCC’s Title II authority to regulate ISPs except for a handful of regulations specifically required by Congress. In doing so, Chairman Pai constantly referred to his deregulation as light-touch regulation, but the FCC eliminated 90% of the ways that the agency might theoretically be able to regulate ISPs. Consequently, the current FCC has very little regulatory authority over ISPs.

This doesn’t mean that ISPs are fully unregulated. ISPs are supposed to comply with a few regulations. For example, they are supposed to register with the FBI and describe the steps needed if the FBI wants to surveil a customer on an ISP network. An ISP has to officially register with the FCC if it wants to participate in receiving any funding from the Universal Service Fund. Many states expect ISPs to register as carriers – mostly, so the state knows who they are.

The FCC requires ISPs to use the Form 477 process to report the location of customers by Census Block, along with a description of the technology being used and the speeds delivered. But broadband regulation is taken so lightly that a lot of ISPs ignore this completely. For example, in almost every county I’ve ever worked in, there is a least one ISP that doesn’t report customers to the FCC. There doesn’t seem to be any penalty for not reporting or at least any that I’ve ever seen. Some of the ISPs that skirt regulation are sizable and sell fiber connections to large businesses in multiple markets.

ISPs are also theoretically regulated by the Federal Trade Commission. But that is truly light regulation because the FTC can’t easily establish rules or policies that affect all ISPs. Instead, the agency occasionally punishes a specific ISP for bad behavior, mostly centered on mistreating customers in some manner.

There are a lot of entities that don’t even realize they are ISPs. Governments often build fiber networks to connect various government buildings into a local network. But when cities then connect all of the government locations to the Internet, they have become an ISP. Cities also often branch out and provide a fiber connection to a few large businesses in a community – often without realizing this makes them an ISP like any other.

The big ISP industry believes that broadband regulation will be coming back when the FCC finally gets a fifth Commissioner. Companies with monopoly powers in all industries would love to be unregulated, and so far, the only two groups of companies that have largely been able to pull this off are ISPs and the giant web content companies. The need for some regulatory oversight is obvious. For example, the FCC is currently investigating the response efforts of big ISPs after a major storm. But without explicit regulatory authority, I’m not sure the agency has any authority to compel ISPs to do more to be ready for disaster recovery.

Categories
The Industry

Are There any Cable Companies Left?

Today I ask the question if there are really any cable companies left in the US. This was prompted by seeing an article that the Shrewsbury Electric and Cable Operations (SELCO), the municipal cable provider in Shrewsbury, Massachusetts announced to the Board of Selectmen that they are no longer a ‘cable company’. They have always been a traditional cable company in that they deliver their signals to customers over a coaxial cable network. They originally only used that network to deliver the cable product. But over the years they added telephone and broadband service, and from a customer perspective they look the same as any other triple play provider which delivers these same services over copper or fiber.

This announcement was prompted by two facts. First, the company sells broadband to more homes and businesses than it sells cable TV service. And that is due, in part, to the fact that it is seeing customers abandon cable service in favor of watching streaming video over the Internet.

Shrewsbury is not unique and most of my other small triple play clients are in this same position. SELCO is unique only in that they announced it formally, which made it into the press and onto my desk. Except for some tiny rural cable companies that only sell cable service, it’s hard to imagine that every other cable company is not in the same position. And you can’t find a telco that doesn’t sell more broadband than telephone. In fact, it’s hard to find a telco any more where more than half of the customers have a landline – only in places where the cellular coverage is terrible.

The biggest company to make this announcement was Comcast. Over a year ago CEO Brian Roberts announced that Comcast was no longer a cable company. A quarter earlier their number of broadband customers had surpassed their cable customers, and since then broadband penetration is still growing steadily while cable customers are shrinking.

And yet the industry still refers to Comcast as a cable company. We still refer to AT&T as a telco even though they are primarily a wireless company. The use of these monikers comes from the technology being used – the technology, and the vendors that support each technology are different for those operating telephone copper networks, cable company HFC (hybrid Fiber Coax) networks or fiber. Yet, from a customer perspective these different kinds of companies sell the same thing – with the differentiator being their broadband speeds.

I struggle with this as a blogger since there are a lot more similarities between Comcast and AT&T than there are differences. Calling one a telco and the other a cable company no longer makes much sense. When taking about the whole industry I usually refer to triple play providers as ISPs or carriers.

We don’t have a good short word to describe companies that use their networks to sell the triple play services, and which now also other services like security, smart home, managed WiFi, etc. The word ISP really isn’t adequate because there are plenty of companies around that only sell Internet access. Those are ISPs in the strictest sense.

And carriers is an inadequate description. That’s an old telecom phrase that was used mostly to denote the bigger companies in the traditional telephone industry. But size of company is no longer a differentiator – from a product perspective, many smaller companies today have a more robust product offering than large companies like Frontier or Windstream.

What really starts making this difficult is that a lot of smaller ISPs are abandoning or thinking about abandoning cable TV service. They are finding that they can barely buy the raw programming for the retail prices offered with the smaller satellite cable packages. Small ISPs are quickly becoming double play providers, and they won’t fit into any description that includes the triple play.

So please bear with me when you see me referring to companies in this industry with descriptors that don’t really fit what they do for a living. If any of you have a better idea of what to call these companies I’m open to suggestion.

Categories
Regulation - What is it Good For?

FCC Looks at Consumer Data Security

The FCC will be voting on March 31 to release a Notice of Proposed Rulemaking (NPRM) concerning customer rights concerning their data on the Internet. More specifically, the NPRM is looking at the relationship between a customer and their ISP. It’s been assumed FCC Chairman Tom Wheeler already has the votes to get this passed.

The premise of the NPRM is that an ISP knows more about what a customer does than anybody else. They know what web sites you connect to and for how long, and even if you encrypt everything they know a lot about you. Most people don’t realize that an ISP has total knowledge of everything a customer does that is not encrypted. If they care to do so an ISP can record every keystroke made online.

And so the NPRM will be asking what rights customers should have as far as allowing their ISP to use or monetize the knowledge they gain about customers. The proposed rules are going to apply the same sorts of privacy rights to broadband that have been in place for telephone service. The privacy rules would not apply to social media sites, browsers or search engines, just to ISPs. The FCC’s reasoning is that customers voluntarily give their data to these edge series but they have not done so freely to their ISP.

The NPRM starts with the premise that consumers ought to have control over how their data is used by their ISP. Telephone customers have had similar rights for years. Here are the primary areas that will be covered by the NPRM:

Transparency. The FCC wants ISPs to inform people about the information they collect about them. They want ISPs to further tell customers how they use this data and if and how the data might be sold to others. And the FCC wants all of this written in plain English (good luck with that!)

Security. The FCC believes that ISPs have the responsibility to protect customer data. The NPRM wants to require ISPs to take reasonable steps to protect customer data.

  • This would mean new rules for ISPs. They would have to institute training practices for employees, adopt strong customer authorization practices, identify to the FCC the senior manager(s) responsible for data security, and take responsibility of customer data when it’s shared with a third party.
  • There would also be new rules about data breaches. Customers would have to be notified of data breaches within 10 days of discovery. The ISP would need to notify the FCC within 7 days of any breach. ISPs would have to notify the FBI and the US Secret Service of any breach of more than 5,000 customers.

Choice. The NPRM suggest that customers be given a choice to say what kind of data their ISP may use and under what conditions it can be shared with others. The FCC wants to categorize customer data into three categories:

  • First is the data that an ISP must have in order to serve customers. This would be things like name, address and other data needed to bill a customer. And because the product is broadband the FCC believes that an ISP has the inherent right to do things like measure your total data usage and other related network information.
  • Second, the FCC thinks that an ISP ought to be able to use a customer’s data to market other telecom products to them. But, like with telephone service, the FCC thinks customers should have the right to opt-out of ISP marketing activity.
  • Third, the FCC is then suggesting that customers would need to opt-in to give an ISP the right to use their data for any other purposes.

The FCC wants these to be rules about customer permission and protection of data and they are not prohibiting ISPs from gathering and using data as long as the customer approve of it. As is usual with this kind of NPRM we can expect a lot of comments both for and against the proposal. What I find most unusual about this NPRM is that it largely assumes that the FCC is going to prevail in its order to regulate broadband under Title II rules. If that gets order gets overturned then protection of customer data would probably revert back to the FTC.

Categories
Improving Your Business

Should an ISP Offer Fast Upload Speeds?

One question I am often asked is if clients should offer symmetrical data speeds for residential customers. I’ve noticed lately a number of fiber networks that are advertising symmetrical speeds, and so this option is gaining some market traction. This is not an easy decision to make and there are a lot of different factors to consider:

The Competition. Most fiber networks are competing against cable networks, and the HFC technology on those networks does not allow for very fast uploading. The number one complaint that cable companies get about upload speeds is from gamers who want fast low-latency upload paths. But they say that they get very few other complaints from residential customers about this issue.

So this leads me to ask if residential customers care as much about upload speeds as they do download speeds. I know that today that household use the bulk of their download capabilities to view video and there are very few households that have the desire to upload videos in the same manner or volume. One of the questions I ask clients is if they are just trying to prove that their network is faster. Because to promote something heavily that most customers don’t care about feels somewhat gimmicky.

Practical. At the residential level there are not many users who have enough legal content to justify a fast upload. There are a few legitimate uses of uploading, but not nearly as many as there are for downloading. Some of the normal uses for uploading include gaming, sending large files, sharing videos and pictures with friends and family, doing data backup and other related activities into the cloud. But these uses normally do not generate as much traffic as the download bandwidth that is used by most households to watch video. And so one must ask the practical question if offering symmetrical bandwidth is just a marketing ploy since customers are not expected to use the upload nearly as much as they download.

Cost. Another consideration is cost, or lack of cost. A lot of ISPs buy symmetrical data pipes on their connection to the Internet. To the extent that they download a lot more data than is uploaded, one can almost look at the excess headroom on the upload side as free. They are already paying for that bandwidth and often there is no incremental cost to an ISP for customers to upload more except at  the point where upload becomes greater than download.

Technical. One must ask if allowing symmetrical bandwidth will increase demand for uploading over time. We know that offering faster download speeds induces homes to watch more video, but it’s not clear if this is true in the upload direction. If uploading is stimulated over time then there are network issues to consider. It requires a more robust distribution network to support a network that has significant traffic in both directions. For example, most fiber networks are built in nodes of some sort and the fiber connection to those nodes needs to be larger to support two-way traffic than it would be if the traffic is almost entirely in the download direction.

Bad Behavior. One of the main arguments against offering fast upload speeds is that it can promote bad behavior or can draw attention from those with malicious intents. For example, fast upload speeds might promote more use of file sharing, and most of the content shared on file sharing sites is copyrighted and being illegally shared.

There has always been the concern that customers also might set up servers on fast connections that can upload things quickly. And one of the few things that requires a fast upward connection is porn. So I’ve always found it likely that having fast upload connections is going to attract people who want to operate porn servers.

But the real concern is that fast networks can become targets for those with malicious intent. Historically hackers took over computers to generate spam. That still happens today, but there are other more malicious reasons for hackers to take over computers. For instance, hackers who launch denial of service attacks do so by taking over many computers and directing them to send messages to a target simultaneously. Computers are also being hijacked to do things like mine bitcoins, which requires frequent communication outward.

One would think that a hacker would find a computer sitting on a network that allows 100 Mbps or 1 Gbps upload to be worth a whole lot more than a computer on a slower network. And so they might well be targeting customer on these networks.

What this all means to me is that if you offer fast upload connections that you ought to be prepared to monitor customer to know which ones upload a lot. If such customers are operating server businesses they might be directed to use business products. Or you can help them find and remove malware if their computers have been hacked. But I find the idea of allowing fast uploads without monitoring to be dangerous for the ISP and for customers.

Categories
Current News Technology The Industry

Spying on our Internet Infrastructure

English: NSA EMPLOYEES ONLY Français : NSA employés seulement (Photo credit: Wikipedia)

Everybody I know in the telecom industry has been following the controversy surrounding the allegations that the NSA has been gathering information on everybody’s Internet usage. What I find somewhat amusing are the smaller ISPs who are telling people that they have not cooperated with the NSA, and that it is ‘safe’ for customers to use them. That is a great marketing ploy but it far from the truth. The Internet infrastructure in the country is very complex, but for the most part the data traffic in the country can be characterized in three ways: core Internet, peering and private traffic.

The private data traffic is just that. There are huge numbers of private data connections in the country that are not part of the ‘Internet’. For example, every banking consortium has a private network that connects branches and ATMs. Large corporations have private connections between different locations within the company. Oil companies have private data circuits between the oil fields and headquarters. And for the most part the data on these networks is private. Most corporations that use private networks do so for security purposes and many of them encrypt their data.

The FBI has always been able to get a ‘wiretap’ on private data circuits using a set of rules called CALEA (Communications Assistance for Law Enforcement Act). The CALEA rules proscribe the processes for the FBI to use to wiretap any data connection. But over the years I have asked hundreds of network technicians if they have ever seen a CALEA request and from what I can see this is not a widely used tool. It would require active assistance from telecom companies to tap into private data circuits, and there just does not seem to be much of that going on. Of course, there is also not a lot of likelihood in finding spy-worthy information in data dumps between oil pumps and many of the other sorts of transactions that happen on private networks.

But the NSA is not being accused of spying on private corporate data. The allegations are that they are monitoring routine Internet traffic and that they possess records of every web site visited and every email that is being sent over the Internet. And it seems plausible to me that the NSA could arrange this.

The Internet in the US works on a hub and spoke infrastructure. There are major Internet hubs in Los Angeles, New York, Atlanta, Chicago, Dallas and Washington DC. Most of ‘Internet’ traffic ends up at one of these hubs. There are smaller regional hubs, but all of the Internet traffic that comes from Albuquerque, Phoenix, San Francisco, Las Vegas and all of the other cities in that region will end up eventually in Los Angeles. You will hear ISP technicians talking about ‘hops’, meaning how many different regional hubs an Internet transmission must go through before it gets to one of these Internet hubs.

So when some smaller Internet provider says that the NSA does not have their data they are being hopeful, naive or they are just doing PR. I recall an article a few months back where Comcast, Time Warner and Cox all said that they had not cooperated with the NSA and that it was safer to use their networks than to use AT&T and Verizon, who supposedly have cooperated. But everything that comes from the Comcast and Cox networks ends up at one of these Internet hubs. If the NSA has figured out a way to collect data at these hubs then there would be no reason for them to come to the cable companies and ask for direct access. They would already be gathering the data on the customers of these companies.

But then there is the third piece of the Internet, the peering network. Peering is the process of carriers handing data directly to each other rather than sending it out over the general Internet. Companies do this to save money. There is a significant cost to send information to and from the Internet. Generally an ISP has to buy transport, meaning the right to send information through somebody’s fiber cable. And they have to buy ‘ports’ into the Internet, meaning bandwidth connection from the companies that own the Internet portals in those major hubs. If an ISP has enough data that goes to Google, for example, and if they also have a convenient place to meet Google that costs less than going to their normal Internet hub, then they will hand that data traffic directly to Google and avoid paying for the Internet ports.

And peering is also done locally. It is typical for the large ISPs in large cities to hand each other Internet traffic that is heading towards each other’s network. Peering used to be something that was done by the really large ISPs, but I now have ISP clients with as few as 10,000 customers who can justify some peering arrangements to save money. I doubt that anybody but the biggest ISPs understand what percentage of traffic is delivered through peering versus directly through the more traditional Internet connections.

But the peering traffic is growing all of the time, and to some extent peering traffic can bypass NSA scrutiny at the Internet hubs. But it sounds like the NSA probably has gotten their hands on a lot of the peering traffic too. For instance, a lot of peering traffic goes to Google, and so if the NSA has an arrangement with Google then that catches a lot of the peering traffic.

There certainly are smaller peering arrangements that the NSA could not intercept without direct help from the carriers involved. For now that would be the only ‘safe’ traffic on the Internet. But if the NSA is at the Internet hubs and also has arrangements with the larger companies in the peering chains, then they are getting most of the Internet traffic in the country. There really are no ‘safe’ ISPs in the US – just those who haven’t had the NSA knocking on their doors.