Home / Blogs

The ETNO Proposal: Unintended Consequences


In the run up to the WCIT negotiations in December, the most talked about proposed change to the ITRs (International Telecommunications Regulations) is the ETNO proposal. Most of the discussion centers around the clause;

"For this purpose, and to ensure an adequate return on investment in high bandwidth infrastructures, operating agencies shall negotiate commercial agreements to achieve a sustainable system of fair compensation for telecommunications services and, where appropriate, respecting the principle of sending party network pays."

Much of the discussion has focused on how this would deter innovation, hamper start-ups and make Internet access much more expensive. Overlooked thus far are the unintended consequences of how this proposal will affect the Content Distribution Network (CDN) industry while simultaneously making cybercrime much easier.

CDNs store content for their customers in various PoPs around the globe to ensure faster delivery to eyeball networks. It's a useful and sustainable business model, as CDN provide valuable services that folks are willing to pay for. However, if the ITRs are amended to include "sending party network pays" will these CDNs be seen as the sending party and therefore be asked to pay for delivery of their customer's content thus making their services more expensive to their customers or will they be seen as simple intermediaries, and the source of the content be seen as the sending party? It is conceivable that carriers would even try to "triple dip" with sending party pays, receiving revenue from subscribers, CDNs and content providers for the same traffic.

In the (hopefully) unlikely event that the ITRs are amended with a sending party pays clause, the answer to the above question would be in the details of the implementation. As well as the above direct threat to the CDN business model, there are indirect threats as well. CDNs place their PoPs inside eyeball networks (or at IXPs) whenever possible. With sending party pays, carriers would no longer have an incentive to host CDN PoPs within their networks, as they would not receive revenue if content was already cached inside the carriers network. This would result in greater latency, jitter and bandwidth consumption globally.

CDN deployment (which is especially useful in the developing world) would come to a halt in such a scenario. As an example, in recent years Google has put in Google Global Cache machines at a number of IXPs and in ISPs networks in Africa (and elsewhere). This has resulted in order of magnitude (or lager0 growth in network traffic at these African IXPs. This is "local content" in the sense it does not need to come from the US or the EU on expensive international links. These deployments are positive step for the development of the Internet in Africa, but if ISPs can make more money by removing them, it is hard to see why they would keep a GGC on their network.

It is much easier to foresee how exactly a "sending party network pays" could make the life of cybercriminals much easier and more profitable. If a botnet herder wanted to make some quick extortion cash from a network provider, all they would have to do is to threaten to send loads of traffic from a network to a variety of providers. It's conceivable that some ISP would accede to the demands of bot-herders or even collude with them to have traffic terminate on their network.
It would be trivial for even "script kiddies" to direct their "zombies" on a targeted network to cause network traffic to increase from the target (much as they do today with DDOS attacks) but this would be the inverse, where traffic flows out of the network which means that network pays. While this is certainly an "innovative business model", I suggest it is not one that is in the public interest.

The ETNO proposal is a bad idea for a variety of reasons, not least of which is the threat to legitimate business models and the promise of illegitimate ones. I would rather see ETNO members fix their own business models if they are not sustainable.

By McTim, Internet policy and governance consultant

Related topics: Access Providers, DDoS, Internet Governance, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Dyn Comments on ICG Proposal for IANA Transition

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Introducing the Verisign DNS Firewall

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

DotConnectAfrica on "CONNECTing the Dots: Options for Future Action" at UNESCO, Paris

IBCA Presentation to ICANN GAC on Protection of Geographic Names in New gTLDs

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Sponsored Topics

Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services


Sponsored by

DNS Security

Sponsored by


Sponsored by