Home / Blogs

IP Addresses Are Not Telephone Numbers - The Fundamental Flaw with the FCC's Proposed Privacy Rules

Mark Buell

Last month the FCC released a Notice of Proposed Rulemaking (NPRM) on Customer Proprietary Network Information (CPNI), the information telcos collect about consumers' phone calls.

The Commission's proposed rules would adapt and apply privacy rules that have historically applied to the traditional telephone space to broadband carriers. It would also regulate how broadband providers use and share that data. The FCC is able to do this since broadband providers are subject to the existing privacy protections under Title II of the Communications Act, the result of the Open Internet Order.

Providing consumers with the tools they need to protect their privacy is unquestionably a good thing. However, the Internet Society is concerned about whether expanding and applying Title II to the broadband market is the right approach, as such a course of action may have unintended consequences.

Of particular concern to the Internet Society is the following text taken from section 45 of the NPRM:

"45. Internet Protocol (IP) Addresses and Domain Name Information. We propose to consider both source and destination IP addresses as CPNI in the broadband context. An IP address is the routable address for each device on an IP network, and BIAS providers use the end user's and edge provider's IP addresses to route data traffic between them. As such, IP addresses are roughly analogous to telephone numbers in the voice telephony context, and the Commission has previously held telephone numbers dialed to be CPNI. Further, our CPNI rules for TRS providers recognize IP addresses as call data information. IP addresses are also frequently used in geo-location. As such, we believe that we should consider IP addresses to be "destination" and "location" information under Section 222(h)(1)(A). Similarly, we propose to consider other information in Internet layer protocol headers to be CPNI in the broadband context, because they may indicate the "type" and "amount of use" of a telecommunication service. We seek comment on this proposed interpretation."

A blanket association between telephone numbers and IP numbers and domain names is simply not useful. Here's the problem — IP numbers and domain names are not telephone numbers. By using this analogy as the starting point for their rationale to consider IP numbers as CPNI, the FCC is beginning from a fundamentally flawed starting point.

The telephone numbering system was born out of an inherently regulatory framework within a multilateral institution, and coordinated at the international level by the International Telecommunication Union (ITU). In contrast, IP addressing was born out of a global, bottom-up multistakeholder approach. This model has been a driver of the innovation and creativity that made the Internet a virtually unparalleled force for social and economic progress in our collective history. Generally speaking, this broad comparison fails to account for the underlying context for each numbering system, and renders the analogy too broad and insufficient to be effective.

There may also be unintended negative outcomes globally from using this analogy. Like it or not, Washington exists in a policy fishbowl — the rest of the world pays attention to what happens here. There are nations that will watch, and may indeed copy, the FCC's lead.

Applying decades-old telephone system regulations to the Internet puts at risk the principles and norms that contributed to its tremendous growth and success. As Dr. Robert Pepper wrote in Forbes ahead of the ITU's World Conference on International Telecommunications in 2012, "Changing the regulatory and business model of the Internet now with an outdated legacy telecom model would limit the Internet's expansion and diminish the potential for further innovation." Pepper rightly concludes, "This would be an enormous mistake."

Furthermore, the FCC's use of this analogy is in clear contrast to the deregulatory approach to the Internet that the U.S. Government promotes on the global stage. In a world where the multistakeholder model for Internet governance is so often under threat, do we really want the FCC to normalize a governance framework that does not recognize the crucial role of it played in the growth and success of the Internet?

The Communications Act was developed at a very different time and to regulate a very different system. Putting aside the fact that the Act dates from the 1930s, the last time it was updated was in 1996 — the dawn of the publicly available Internet. I believe that the uniqueness and complexity inherent to the Internet behoove us to take an approach to consumer privacy that is just as unique.

Comments on the NPRM close on May 27.

By Mark Buell, Regional Bureau Director, North America at the Internet Society
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

The development of the addressing system of DoD Internet Protocol Standard ... Peter Thimmesch  –  Jun 02, 2016 7:49 PM PST

Or IPv4, was not done via a multi-stakeholder process. It was done under contract to the US Department of Defense. The process for Simple Internet Protocol Plus (SIPP), or IPv6, was done via the IETF's process but no one would call that a multi-stakeholder group.

Yet you are correct that the very concept that the Internet Identifiers within the Routing Table is somehow equal to the North America Numbering Plan (NANP) is laughable. Maybe stick the to the facts that the end-customer's public addressed address(es) is/are something that may have a short Time To Live (TTL) and may be given to another end-user customer in any given moment (think a Starbucks customer) therefore it doesn't belong to them as the same as the NANP's system gives to its end-users (think mobile number portability) ... it is an easier and more understandable way of breaking down the FCC rule as being preposterous.

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias