Home / Blogs

The ETNO Proposal: Unintended Consequences

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.

In the run up to the WCIT negotiations in December, the most talked about proposed change to the ITRs (International Telecommunications Regulations) is the ETNO proposal. Most of the discussion centers around the clause;

"For this purpose, and to ensure an adequate return on investment in high bandwidth infrastructures, operating agencies shall negotiate commercial agreements to achieve a sustainable system of fair compensation for telecommunications services and, where appropriate, respecting the principle of sending party network pays."

Much of the discussion has focused on how this would deter innovation, hamper start-ups and make Internet access much more expensive. Overlooked thus far are the unintended consequences of how this proposal will affect the Content Distribution Network (CDN) industry while simultaneously making cybercrime much easier.

CDNs store content for their customers in various PoPs around the globe to ensure faster delivery to eyeball networks. It's a useful and sustainable business model, as CDN provide valuable services that folks are willing to pay for. However, if the ITRs are amended to include "sending party network pays" will these CDNs be seen as the sending party and therefore be asked to pay for delivery of their customer's content thus making their services more expensive to their customers or will they be seen as simple intermediaries, and the source of the content be seen as the sending party? It is conceivable that carriers would even try to "triple dip" with sending party pays, receiving revenue from subscribers, CDNs and content providers for the same traffic.

In the (hopefully) unlikely event that the ITRs are amended with a sending party pays clause, the answer to the above question would be in the details of the implementation. As well as the above direct threat to the CDN business model, there are indirect threats as well. CDNs place their PoPs inside eyeball networks (or at IXPs) whenever possible. With sending party pays, carriers would no longer have an incentive to host CDN PoPs within their networks, as they would not receive revenue if content was already cached inside the carriers network. This would result in greater latency, jitter and bandwidth consumption globally.

CDN deployment (which is especially useful in the developing world) would come to a halt in such a scenario. As an example, in recent years Google has put in Google Global Cache machines at a number of IXPs and in ISPs networks in Africa (and elsewhere). This has resulted in order of magnitude (or lager0 growth in network traffic at these African IXPs. This is "local content" in the sense it does not need to come from the US or the EU on expensive international links. These deployments are positive step for the development of the Internet in Africa, but if ISPs can make more money by removing them, it is hard to see why they would keep a GGC on their network.

It is much easier to foresee how exactly a "sending party network pays" could make the life of cybercriminals much easier and more profitable. If a botnet herder wanted to make some quick extortion cash from a network provider, all they would have to do is to threaten to send loads of traffic from a network to a variety of providers. It's conceivable that some ISP would accede to the demands of bot-herders or even collude with them to have traffic terminate on their network.
It would be trivial for even "script kiddies" to direct their "zombies" on a targeted network to cause network traffic to increase from the target (much as they do today with DDOS attacks) but this would be the inverse, where traffic flows out of the network which means that network pays. While this is certainly an "innovative business model", I suggest it is not one that is in the public interest.

The ETNO proposal is a bad idea for a variety of reasons, not least of which is the threat to legitimate business models and the promise of illegitimate ones. I would rather see ETNO members fix their own business models if they are not sustainable.

By McTim, Internet policy and governance consultant

Related topics: Access Providers, DDoS, Internet Governance, Telecom



To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Dyn Comments on ICG Proposal for IANA Transition