The SIPNOC 2013 agenda includes talks on:

• VoIP and communications security
• Business strategies for service providers
• Regulatory and policy issues
• Multiple sessions about WebRTC and how that will change IP communications
• IPv6 and VoIP
• HD audio
• Standards relating to VoIP and SIP

The main sessions begin tomorrow with a keynote presentation from FCC CTO Henning Schulzrinne where I expect he will talk about some of the challenges the FCC has identified as they continue to push the industry to move away from the traditional PSTN to the world of IP communications.

I've very much enjoyed the past SIPNOC conferences and will be back there again this year leading sessions about: IPv6 and VoIP; how DNSSEC can help secure VoIP; and a couple of sessions related to VoIP security. I'm very much looking forward to the discussions and connections that get made there — and if any of you are attending I look forward to meeting you there.

SIPNOC 2013 will not be livestreamed, but if you are in the DC area (or can easily get there), registration is still open for the event. I suspect you'll also see some of us tweeting with the hashtag #sipnoc.

Written by Dan York, Author and Speaker on Internet technologies

As I look back over those chapters, I realize that the basic fundamentals of network security really haven't changed much even though technology has advanced at an incredible pace. "Defense in depth" was a hot catch phrase seven years ago, and it still applies today. I believe there are three broad steps any organization can take with respect to security and reliability to get a handle on their current security posture, whether internal (corporate, inside the firewall) or external (Internet, outside the firewall).

Network Assessment

Begin with a "network assessment." This is a broad term that might encompass a holistic view of an organization's Internet security posture, including Internet gateways, firewalls, DNS and email services, and B2B partner connectivity. In addition or alternatively, a network assessment may focus on an organization's internal network, including employee intranets, VPN, electronic mail, DNS, VoIP, vulnerability management and anti-virus services, change management, and business continuity planning and disaster recovery. A network assessment can be tailored to specific security requirements for any organization, but ultimately the assessment will provide a baseline gap analysis and remediation steps to fill those gaps.

Vulnerability Assessments

Once a baseline network assessment is completed, an organization may wish to perform periodic vulnerability assessments. Traditional vulnerability assessments tend to cover applications services and nothing more. However, an organization's security posture must include Internet gateway switches/routers, firewalls, DNS servers, mail servers, and other network infrastructure not directly related to providing service for a specific application. Whether internal or external, vulnerability assessments can uncover critical gaps in security that may lead to credential leaks, intellectual property theft, or denial of service to employees or customers. A well planned and executed vulnerability assessment should eliminate false positives, but can never give an organization 100% confidence that a specific vulnerability can be exploited. Vulnerability assessments should be executed on at least a quarterly basis, but it's not uncommon for larger organizations to execute them on a monthly basis.

Penetration Testing

The next step in assessing your organization's security and reliability is penetration testing. While I typically say that vulnerability assessments give you a "95% confidence level" that a vulnerability exists, penetration testing can give you 100% confidence that a specific vulnerability can be exploited and show you how it can be exploited by attackers. Alternatively, a penetration test may show you that you have proper compensating controls in place to prevent a vulnerability from being exploited. That is to say, the vulnerability exists, but a compensating control is in place that prevents attackers from succeeding.

One only needs to read the news to know that every organization, whether large or small, is susceptible to intrusions across their networks or exploits in their applications and services. It's prudent to execute a network assessment in order to understand your current security posture, and then follow up with periodic vulnerability assessments and penetration tests. These will give you a higher level of confidence that your architecture is sound, and that your staff is adhering to security policies and procedures. Ultimately, your customers trust you to secure your resources and their information, and your brand and market identity are at stake if you don't.

Written by Brett Watson, Senior Manager, Professional Services at Neustar

I checked it to see why it had gone through the spam filters. It had no URL in the text but a reply-to address. So it needed a valid domain name, and had one: postfinances.com.

PostFinance (without trailing "s") is the payment system of the Swiss Post. It has millions of users.

The domain postfinances.com had been registered a day before my receipt of the phishing email, through a Canadian registrar:

Domain Name: POSTFINANCES.COM
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 27-dec-2012
Creation Date: 27-dec-2012
Expiration Date: 27-dec-2013

The domain holder (falsely) shown on the Whois is Vistaprint, an international online services company. There is an MX record pointing to:

mx.postfinances.com.cust.b.hostedemail.com.

The Phishing message itself is not convincing. The copy I received is written in bad machine-translated German. I suppose French and Italian versions have been sent too. It is the classic false alert about "account information update" targeting users of an electronic payment system. It asks the recipient to answer with account information and telephone number, promising that the support team will then contact the account holder by telephone.

Can we simply dismiss this as a clumsy attempt at phishing?

It is not that clumsy. The Swiss Post giro accounts are extremely popular. Almost everyone in Switzerland has a postal account. So any user with an email address ending in .ch is likely to have a postal account and to have electronic access to it. In this respect, the phishing perpetrators are smart.

Now the domain name. The real thing is http://www.postfinance.ch. The plural of the word "finance" is frequently used, especially in the sense of personal finance. Addresses ending in .com are frequent for large Swiss companies. So postfinances.com sounds very credible. In this respect, the phishing perpetrators are almost elegant.

Now the style of the email, the bad German, the almost humoristic notice on the bottom of the message:

"This message was sent using IMP, the Internet Messaging Program."

That notice was left in English. Even that had a role: it filtered out the educated victims, leaving only the vulnerable people.

Is this something to laugh about?

There are enough vulnerable people. At any given time, there are millions of people in the process of learning about the Internet. Not all of them will have a good command of the language in which they received the Phishing message. Some of them may respond to the scammers, giving up their account information and telephone number. The perpetrators can then work by VOIP telephony, complete with fake caller ID, making the victim believe that there is urgency, that there is a problem, that the victim should connect to a web site whose address they dictate over the telephone. If the perpetrators do not speak German they can pretend that they work for an outsourced call center, a special security investigation company...you name it.

Here is where the ICANN problem starts.

I saw the Phishing email on December 28, one day after the domain registration of postfinances.com. I sent a Whois Data Problem complaint to http://wdprs.internic.net/.

(Note: compare the elegant domain name used by the bad guys — postfinances.com — to the cryptic domain name used by the good guys for problem reporting.)

The Whois problem reporting system is not only inadequate, it is a mere fig leaf. There is no real abuse reporting tool, there is no credible fast response infrastructure — even though ICANN's budget is higher than that of Interpol.

I added a note to Whois Data Problem report, saying that this was a manifest case of phishing and that the domain should be suspended immediately. I copied the phishing email into the comment box, as further proof. The ICANN system sent me confirmation — without my explanatory comments. I am not sure if the registrar of the postfinances.com domain received my comments through the ICANN system.

When I came back to the office on January 2, 2013, the domain was unchanged. The next day I sent a problem report to the http://www.melani.admin.ch/index.html?lang=en — the Swiss government security response team. I even tried to call the person in charge of domain names at the Swiss Post. It is understandable that he is on vacation as this time of the year — just as it is understandable the phishing perpetrators selected this time of the year for their scam.

At the time of writing, the domain name is still unchanged, and the email sent to it still goes to mx.postfinances.com.cust.b.hostedemail.com.

How many people have suffered damage? How many more people will suffer damage if the domain remains active, along with the email forwarding? Difficult to say, but for some time the likelihood of harm grows with each day. Does it make sense for fraud inspectors to keep the abusive domain name alive to track the perpetrators? I doubt it.

The sad thing is that humble, hardworking people are particularly threatened by this sort of scam. Imagine a migrant worker, struggling in the local language, with no time to learn about Internet governance (or about the lack of it).

But it is worse.

Well-deserved consumer confidence in electronic commerce and payments is a necessity. Jobs and economic growth depend on it. Negligence in the combat of scams does enormous harm. The social cost of lost confidence is a million times more than the money stolen by the scammers.

Now let us take a closer look and compare it with ICANN news.

Two new gTLD applications stand out that could (or should) help with the anti-phishing challenge. One of them is ".bank" — I mean the community-based one applied for by the banks. The other is ".banque" (in French), applied for by French banks.

These are TLDs that can facilitate special processing by MTAs, email client software, spam filters, web browsers and search engines on the basis of published usage policies. They can allow machine-based compliance verification of policies. Those policies can formally be associated with TLDs whose role is easy to understand for all people. In other words, these TLDs have the power to establish the same link between technology and the human mind, just as standardized coins or paper currency do with systematic security features.

ATMs, banknote checking/counting machines and vending machines help us deal with the standardized currency. We recognize the same currency with our eyes and touch it with our hands. That is a great achievement. Or does anyone want to go back to randomly shaped lumps of metal?

Software combined with responsibly managed financial domain names can do the same. Or do we prefer to laugh at people who have trouble telling the difference between postfinance.ch and postfinances.com?

True, both the community-based .bank and the .banque application are a bit confused. But they are not more confused than ICANN as a whole. ICANN's disorientation is the main reason why many of the gTLD applications are so unclear, or even full of errors and contradictions.

The .bank and .banque TLDs can be set up correctly. They can radically improve security and productivity of on-line financial transactions. It should have been done years ago.

But there is ICANN's way — our way — of managing urgent tasks.

No reaction in 7 days to a report on a scam domain — that is NOT the worst problem. The problem is that no better reporting system is in place. (Yes, we have talked about domain abuse for 10 years.) The next problem is that new gTLD program, through which urgently needed security improvements should be possible, has been delayed for years. It has also been mismanaged. And now it is managed randomly, literally, by way of a Draw.

Is this all that we, the Internet experts, have to offer?

Written by Werner Staub

The most egregious of the paragraphs in this proposal refer to routing, naming and addressing, to wit:

(management of Identification resources)
31B 3A.2 Member States shall have equal rights to manage the Internet, including in regard to the allotment, assignment and reclamation of Internet numbering, naming, addressing and identification resources and to support for the operation and development of basic Internet infrastructure.

This is either completely meaningless or incredibly dangerous to the day to day operation of the current Internet depending on interpretation. If one considers that Member States already have "equal rights" to participate in the current Internet governance regime (some would say they have more than equal rights given the exalted position of the GAC inside ICANN), then this is redundant text that should be removed. However, a more pernicious interpretation is that the ITU would entirely replace the existing institutions that have been responsible for naming and addressing with a completely intergovernmental model.

Why they have proposed this seeming non-starter is anybody's guess, as no mechanism exists for nation states to force the naming and addressing bodies to hand over responsibilities to an intergovernmental body. In fact there are contracts, policy documents and MoU's in place that would absolutely prevent it. The authors and the ITU staff who helped edit this proposal surely know this (and if they don't know, that in itself shows willful ignorance of how the current system works).

Seemingly, some of the Arab States who saw their previous proposal to form an intergovernmental Regional Internet Registry sent to a Working Group to die a quiet death are thinking that proposing direct control of Internet numbering resources is a good second choice. ICP-2 is the document that precludes the ITU from forming their own RIR (they could actually do it if it only served Antarctica but that isn't an attractive option for the ITU), so they have proposed:

(Fundamental Right)
31F 3B.1 Member states have the right to manage all naming, numbering, addressing and identification resources used for international telecommunications/ICT services within their territories.

Not only is this a complete rejection of the current system, but it is completely unworkable idea. Say for example I have registered a .ug domain name (which I have), but the webserver is located in the USA. Is that .ug domain name used for international telecommunications/ICT services within the USA or is it used in Uganda? The answer is both, but no one would suggest that the .ug ccTLD be managed by the USA. Nevertheless, that is what 31F 3B.1 says! Another example is that Autonomous System numbers (inter-domain routing identifiers) frequently cover multiple countries or regions, so who gets to "manage them" when they are used by routers in many nations to determine where to send traffic??

In terms of routing, the proposal introduces much more unworkable ideas:

30 3.3 Operating agencies shall determine by mutual agreement which international routes are to be used. A Member State has the right to know the international route of its traffic where technically feasible.

and

MOD
1/7 1.4 In cases where one or more international routes have been established by agreement between administrations/operating agencies and where traffic is diverted unilaterally by the administration/operating agency of origin to an international route which has not been agreed with the administration/operating agency of destination,the terminal shares payable to the administration/operating agency of destination shall be the same as would have been due to it had the traffic been routed over the agreed primary route and the transit costs are borne by the administration/operating agency of origin, unless the administration/operating agency of destination is prepared to agree to a different share.

Currently routers forward packets based on economic choices made by the owner of that router. The two modifications above change that paradigm completely, giving Nation States the ability to control the choice of provider networks that packets transit. In addition, if an ISP tries to skirt these "toll booths", they still have to pay for traffic that would have transited the "agreed" network. In other words, even though a provider did not receive service from a provider, they still have to pay for services they didn't receive! This would seem counter-intuitive to most people, but when you understand that there is no mechanism built in to the current routing protocol to count traffic in this way, it enters the realm of the absurd.

Fred Baker, Adrian Farrel and Benoit Claise have written an excellent primer on routing for regulators at WCIT, which it seems none of the authors of this proposal have read. In it they conclude by saying:

"Maybe increased connectivity between ASes through IXPs will magnify the
benefits of Internet connectivity, will attract more local online business, and
provide a significant economic stimulus as larger percentages of the population
are able to get on line. Perhaps these benefits will go some way to offset the lost
revenues from the declining legacy telephone systems. What is the for sure is
that using DPI to monitor and charge VoIP calls in the same old way ... will
simply not work!"

Internet infrastructure (IXPs, submarine and other fiber builds, data centers, etc.) have developed outside of a treaty body. Internetworking is done between networks, not between Member States. Trying to retrofit the Internet to include toll-booths and points of governmental control at this point is self-defeating. During the last revision of the ITRs, revenue from international voice calls were the golden eggs laid by the telephony golden goose, but the Internet has disrupted that model to the point where the ITRs are an anachronism that is no longer of great utility. Ultimately, it will be end-user customers of the affected businesses that will pay the price for the type of folly.

Of course, some cynics suspect this "compromise text" is a tactical ploy in a much longer game, that diplomats are human and don't want to be seen as the cause of a failed international treaty conference, that the USA and its "Hands Off the Internet" allies will tire of saying "No" and eventually relent to some of their bad ideas. It's also possible that the USA will throw Russia a bone in hopes of getting their cooperation in other areas of international relations (think Syria).

This proposal shows that those who were concerned about the agenda of some ITU Member States and the Secretariat were right. They are out to take over the Internet, they just weren't honest about it. The ITU does useful work in, inter alia, spectrum and satellite slot allocation. They should stick to those tasks and if they really want to help spread the edge of the network to the billions who don't yet have access, perhaps they should focus on access issues instead of asserting intergovernmental control over things they clearly don't understand.

William S. Burroughs wrote "Paranoia is just having the right information". It turns out that the folk who have had great concerns about WCIT over the last year were not paranoid, they just had the right information.

Written by McTim, Internet policy and governance consultant

As is always the case, the IETF meeting will feature groups focusing on pretty much all the various technical aspects of Internet infrastructure: IPv6, DNS, DHCP, security, VoIP, SIP, WebRTC, routing, "Internet of Things", P2P, HTTP, TCP, video conferencing, congestion control, energy management… basically pick any Internet protocol acronym and you'll probably find some group there talking about the topic. If you just scan down the IETF 85 agenda, you will get a sense of the breadth of topics being covered.

If you can't get to Atlanta next week to participate face-to-face, the good news is that the IETF provides a variety of ways that you can participate remotely in the meetings. I recently wrote up instructions that you may find useful: How To Participate In IETF 85 Remotely.

Out of this meeting, new standards will emerge, new drafts will be created, new efforts will be started… and the multistakeholder open standards process that drives the Internet will continue. If you get a chance, the IETF meetings are open to anyone to attend — and anyone can also follow along remotely.

P.S. If you have not had any prior exposure to the IETF, you may want to first read The Tao of IETF: A Novice's Guide to the Internet Engineering Task Force to understand a bit more about how it all works.

Written by Dan York, Author and Speaker on Internet technologies

Most international Medias picked the story wrong. And I see it being repeated. It is true that there is some legislative initiative regarding the regulation of VoIP calls and mainly the telecommunication sector in Ethiopia. But the initiative is just a draft, noting more. Besides there is no such a thing as 15 years punishment in the draft law for using Skype. Here are the provisions in the draft law that are stretched in many news headlines to bemoan that the use of Skype in Ethiopia entails 15 years punishment.

Article 10(3) – Whosoever provides Telephone call or fax services through the internet commits an offence and shall be punishable with rigorous imprisonment from 3 to 8 years and with fine equal to five times the revenue estimated to have been earned by him during the period of time he provided the service.

Article 10(4) – Whosoever intentionally or by negligence obtains the service stipulated under sub-article (3) of this article commits an offence and shall be punishable with imprisonment from 3 months to 3 years and with fine from Birr 2,500 to Birr 20,000.

Hope now you know that there is no 15 years punishment for using Skype in Ethiopia. Indeed the above draft provisions in someway prohibits the use of Skype. But it is worth recalling that there is a 2002 law Telecommunication Proclamation No. 281/2002 that states:

'The use or provision of voice communication or fax services through the internet are prohibited [punishable with imprisonments]'.

So in the eyes of the 2002's legislation the new draft legislation is way too liberal. The 2002 legislation was a blank prohibition to any internet based calls including PC to PC but the new draft law prohibits only telephone calls (to a landline or mobile phone) and fax services using the internet. The addition of the term 'telephone call' in the new draft legislation couldn't be accidental. More importantly, there has been no reports of prosecutions based on the 2002 legislation to date. But there are reports that businesses providing international calls using various technologies, without authorization, have faced closure and criminal charges since the law is enacted. The story unfolds this way not because the government wanted it to be but due to arduous task of monitoring individuals' internet traffic. But with businesses, the government can resort to intensive unautomated monitoring and inspection mechanisms. The government was, thus, mainly targeting businesses offering such services. I see no difference this time.

Whether this should be the case in the first place is another story that can be debated. I personally do not see the reasons cited by the government (the concerns of security and cut into the government revenue in telecom business) are better off with the current draft law. I doubt that the current Internet use in the country is posing such threat. According to 2011 Internet World Statistics, Ethiopia is home only to 622,122 Internet users, which is 0.7% of the total population. The lion share of this number, 511,240, goes to Facebook users. Thus, there is no adequate data indicating that the government is losing revenue for the wider usage of VoIP communications. This is even so assuming that with the existing poor connection someone is able to download Skype and to make calls.

Concomitantly, at the risk of stating the obvious, the government should be reminded the cost of implementing such legislation instead. The Internet architecture is designed in a way to treat packets indiscriminately. It does not distinguish a Skype call from e-mail, fax from YouTube video. Consequently, the government has to retain and inspect every packet of the Internet traffic inorder to know who is making Skype call or fax services over the Internet. Trying to achieve this, with the lack of expertise we have, is unbearable costly, if bearable at all. I am afraid the revenue of the telecom would end up just covering the expenses of Chinese expertise rather. Let's not forget also the devastating consequence it could have on attracting foreign investors. Imagine an investor who is lured by the generous land grab in Ethiopia coming across the news, as picked by many International Medias, that he or she could be busted for up to 15 years for using Skype in Ethiopia, no matter how true that is in fact.

In addition, it is undeniably true that VoIP services have associated security risks. But I personally believe that security concerns can better be dealt by liberalizing the sector. That would enable the government to share the burden of retaining, monitoring and tracking culprits with the providers. The Ethiopian government's approach seems the wrong way of dealing with it. It is like killing to cure approach. The use of Internet in general have similar kind of risks, if that could justify its ban. But in the 21st century, you can't afford to ban the internet for fear of security risks as you don't ban sex for fear of HIV. We have to manage the risk how difficult that might be.

Meanwhile stretching that Ethiopia's regulation of VoIP services and Telecommunication, should the law is implemented, can reinforce the UN takeover of the Internet is too far. If Ethiopia could show the Congress and perhaps the Internet community is Right to Be Worried about UN Control of the Internet, it should have been through the harsher 2002 legislation, not now. If that could have a clout in the global Internet governance, many governments have done that. Yet noting is changed in that respect.

For your view here is the draft legislation:
https://docs.google.com/file/d/0Bxje6_I1ftWCZnZURnBTbVhjRGc/edit

Written by Samson Yoseph Esayas, Research Assistant

These are key questions to be discussed at the "Workshop on Congestion Control for Interactive Real-Time Communication” held on July 28, 2012, in Vancouver prior to the start of the 84th meeting of the Internet Engineering Task Force (IETF). Hosted by the Internet Architecture Board (IAB) and the Internet Research Task Force (IRTF), the workshop is focused on this challenge:

The development and upcoming widespread deployment of web-based real-time media communication — where RTP is used to and from web browsers to transmit audio, video and data — will likely result in substantial new Internet traffic. Due to the projected volume of this traffic, as well as the fact that it is more likely to use unprovisioned capacity, it is essential that it is transmitted with robust and effective congestion control mechanisms.

Designing congestion control mechanisms that perform well under a wide variety of traffic mixes and over network paths with widely varying characteristics is not easy. Prevention of congestion collapse can be achieved through "circuit breaker" mechanisms, but for media flows that are supposed to coexist with a user's other ongoing communication sessions, a congestion control mechanism that shares capacity fairly in the presence of a mix of TCP, UDP and other protocol flows is needed.

The workshop is INVITATION-ONLY and you need to submit a position paper to be considered for inclusion. Participation in the workshop is free of charge and there is an option for invited participants to participate remotely. You do not have to register to attend the week-long IETF 84 meeting that follows the workshop, although many of the topics in the workshop will be discussed in the subsequent IETF meetings.

THE DEADLINE FOR SUBMITTING POSITION PAPERS IS JUNE 23, 2012.

Much more information about the workshop and the submission process can be found at: http://www.iab.org/cc-workshop/

Written by Dan York, Author and Speaker on Internet technologies

For example, airlines these days have codeshare agreements where a customer may purchase a ticket from one airline where the flight is operated by another airline. Given that one provider has received the revenue for the service and another provider has incurred the costs of providing the service, there is a need to pass some form of payment from one provider to the other. Rather than undertaking a separate inter-provider financial transaction for each codeshare journey, airlines can use a more efficient arrangement that uses inter-provider settlements. Each airline retains the original ticket sales revenue, and accumulates amounts in credit and debit from the execution of the codeshare flights between providers. They then settle any residual imbalance in the mutual service account with single financial transaction at the end of each settlement period.

The Internet operates in a similar fashion: its services are provided by some 40,000 constituent network service providers that must not only interconnect with one another, but also execute a set of inter-provider arrangements that ensures that each service provider is duly compensated for their respective efforts in providing end-to-end services to the network's clients.

The Telephony Model

To look at the Internet interconnection and settlement structure, it is useful to look at its immediate predecessor, the inter-provider financial settlements within the telephony domain.

The retail model for telephony is, for the most part, a model that appears to have been borrowed from the postal service, where the caller pays its local carrier for the entire cost of the call, while the called party pays nothing to receive the call. When both the caller and the called party are connected to the same carrier then this is quite straight forward: the carrier charges the caller for the entire cost of the call. When we take the same model and apply it to international phone calls, then the common intent is to preserve the same simple retail model: the caller pays the cost of the call. Given that this now involves the telephone carriers undertaking mutual service provision activities, the arrangement that the telephone industry came up to redress any residual imbalances in mutual service provision with was the concept of inter-carrier call accounting financial settlements.

Within the framework of this interconnection model, two national carriers interconnect at an agreed handover point, and, as part of this interconnection, they establish a call minute settlement rate, which is the rate one carrier bills the other for the residual imbalance of terminated calls that originate from the other carrier's network and are passed to the terminating carrier at the handover point for termination in the other carrier's network.

The calling provider receives a payment from the caller for the entire call, and accumulates a debit to the terminating provider for the termination costs of the call. The terminating provider receives no payment from the called party, and accumulates a credit from the calling provider for the same call termination cost. A periodic financial payment from one provider to the other allows the two providers to "settle" the net of these debit and credit accounts, and thereby providing a form of equity of cost distribution in meeting the costs of the calls made between the two providers.

Calls are measured in units of call minutes in the interconnection domain, and the debit and credit accounts are measured in units of call minutes. Where there is equity of call accounting rates between the two providers, the bilateral inter-provider financial settlements are used in accordance with originating call-minute imbalance, in which the provider hosting the greater number of originating call-minutes pays the other party according to a bilaterally negotiated rate per residual call minute imbalance as the mechanism of cost distribution between the two providers.

It's notable that the general bilateral telephony settlement model does not admit multi-party transit arrangements. Such arrangements are handled using further forms of inter-carrier agreements where a carrier may hand-off call requests to a third party carrier at some mutually agreed call minute rate, and similarly a carrier may engage another carrier to act as its call terminating carrier for an agreed share of the call termination settlement fees.

Because the telephony model includes local monopolies there is no inherent market-based capability that prevents a carrier setting its call termination settlement rates to a level that is in excess of its actual call termination costs. The resultant distortions and economic inefficiencies in the inter-carrier domain have acted as a powerful driver behind the increasing interest from some high volume calling party carriers in voice-over-IP (VoIP) solutions that bypass these call accounting settlements. In such situations the originating carrier uses VoIP trunking instead of call handover at the inter carrier interconnection point, and terminates the call request within the terminating carrier's network as a regular internal call. This allows the origination carrier to avoid the call termination settlement rates. The end customer of these VoIP trunk services benefit from a lower priced service offering, with an associated commercial pressure on the terminating carrier to remove the monopoly rental component from its call termination settlement rates. It would be a highly retrograde step to see a new wave of international regulation that entrenches these inefficient distortions of monopoly rentals in the telephone sector by attempting to prevent, by regulation, the use of alternate voice trunking solutions, such as VoIP, in the international telephony domain.

Another by product of this monopoly-based distortion in the inter-carrier settlement rates is the emergence of a lobby group who are current beneficiaries of these arrangements who, perhaps understandably, are highly motivated to see the continuance of these arrangements and the potential extension of these arrangements to encompass the Internet. This contemplated extension of interconnection regulations from telephony into the Internet environment again represents a retrograde step in terms of introducing regulatory distortions and significant inefficiencies into what is at present a functional and efficient Internet interconnection market, as we'll examine in the next section.

Internet Considerations

There are a number of important technical differences that exist between the telephony and Internet models of carrier interconnection. These differences are fundamental, and have confounded all attempts to cleanly map telephony interconnection models into the Internet environment. The most critical of these differences are described as follows:

There is no "call"

Unlike a telephony call, there is no concept of state initiation in an IP network to pass a call request through a network and lock down a network transit path in response to a call response. The network undergoes no state change in response to a packet being passed through the network, and therefore, no means is readily available to the carriage service operator to identify that a call has been initiated, and by which party.

Packets may be dropped

When a packet is passed across an interconnection from one carriage service provider to another, no firm guarantee is given by the second provider that the packet will definitely be delivered to the destination. The second provider, or subsequent providers in the packet's transit path, may drop the packet for quite legitimate reasons, and will remain within the Internet Protocol specification in so doing. Indeed, the TCP protocol uses packet drop as a rate-control signal, necessary for its efficient operation. The broader implication here is that the quality of the packet transit service that one carrier may anticipate from it's adjacent carrier peer when passing packets across an interconnection is inherently undefined.

Packet paths are not necessarily symmetric

The inter-carrier path a packet takes from one client to another is not necessarily the same path that a packet takes in the reverse direction. This path asymmetry means that there is no direct analogy to the virtual circuit model used in telephony. When two clients, A and B, exchange traffic a carrier may only see traffic flowing in the direction from B to A and not see any traffic from A to B. It's not that there is no such traffic, but that the traffic in the opposite direction uses a different inter-carrier transit path through the network. One outcome from this observation is that in a hypothetical case of traffic flow-based inter-carrier service accounting, when a carrier sees just one half of a traffic flow, it's unclear how a carrier can reliably determine whether it should claim a service debit or a credit from its adjacent carriers in passing the traffic towards its intended destination.

There is no network-based resource management regime

In the telephone world the establishment of a virtual circuit to support a voice call can be viewed as an exclusive claim on a unit of capacity in the network that excludes all other potential users of that capacity. However, in the Internet, there is no concept of resource exclusion, in other words, the Internet does not use a network-based management regime to allocate its resources to support individual transactions. The end-to-end architecture of the Internet places the onus of responsibility for resource management and allocation on the collection of end systems that generate traffic at any point in time. In this architecture its conventional to see traffic flows across the network being regulated by the Internet's transport protocol, TCP. Each traffic session is adaptive in such a manner that it will attempt to make the most efficient use of the entire set of network resources, while at the same time attempting to sustain a stable state were each individual traffic flow claims an equal volume of network resources for itself.

Internet Interconnection Arrangements

The retail model used by the Internet is not one of "sender pays," nor one of "receiver pays". The retail service is not one where either the sender or the receiver funds the entire end-to-end transit of a packet through the Internet as part of the retail tariff structure for Internet services. Indeed, given that the end-to-end transmission of a packet is not even an assured outcome in the Internet architecture, such a tariff model would be a mismatch to the nature of the service provided by the underlying IP network. The Internet retail model is one where a customer contracts with a carriage service provider for an access service. This is a customer/provider relationship, where the customer funds its carriage service provider for all packets that are sent or received by the customer.

The translation of this retail service model into the inter-carrier interconnection environment is one that preserves this particular form of customer/provider relationship at the retail edge of the network, translating in into the context of two interconnecting carriers. A carrier that is a customer of another carrier pays for an access service, where the customer carrier funds all traffic to and from its provider (or upstream transit) carrier.

Who is the provider and who is the customer in such an arrangement is not pre-determined by any objective or regulatory determination. It is based on a self-assessment by each carrier as to their own value and the value that the other carrier is bringing to the proposed interconnection.

If one carrier believes that it is bringing greater value to the interconnection then it would naturally only contemplate the interconnection if it were to be the provider and the other carrier to be its customer. If the other carrier reaches a similar conclusion that the other party is providing a greater value to the interconnection than the interconnection would most likely proceed to the next step of negotiation of service terms and conditions between provider and customer that recognizes the extent of the difference in relative value. Sometimes this takes the form of a conventional wholesale relationship, while at other times more creative labels are used for much the same form of customer relationship, such as "paid peering".

If the other carrier reaches the conclusion that it too was bringing a greater value to the interconnection, and it should assume the role of provider in an interconnection, then the mismatch in relative value perceptions would imply that any attempt to execute an interconnection between the two carriers would not be stable. The typical outcome of such a failure to directly interconnect is not necessary one that results in partitioning of the network. A more typical outcome in such a case is that any traffic that is exchanged between customers of the two carriers would be passed through indirect transit arrangements.

There is another possible outcome of this self-assessment of perception of value in an interconnection, where both parties see approximately equal mutual benefit in interconnecting. Here a "Sender Keep All" (SKA) relationship is appropriate, where the parties exchange traffic in both directions but do not exchange any funds in either direction. These SKA arrangements are typically referred to as "peer" relationships.

In all of these relationships, the parties themselves do not have to agree on what that measured value or scope may be in absolute terms. Each party makes an independent assessment of the value of the interconnection, in terms of the perceived size and value it brings to the interconnection and the value of the assets that the other party brings to the interconnection. If both parties reach the conclusion that, in their respective terms, a net balance of value is achieved, then the SKA interconnection is a stable one. If one party believes that it is bringing a greater value to the interconnection than the other then any SKA interconnection would result in leverage of its investment by the smaller party, and an SKA interconnection would be unstable.

These two forms of interconnection, namely a customer/provider relationship and a SKA peer relationship, form the basis of the entire set of connections that collectively support a coherent and fully connected Internet.

An outcome of this interconnection model is that the service providers' options for business optimization includes a strong incentive of increasing the size, scope and efficiency of its service provider operation within the consumer and wholesale market space, so that non-financially settled SKA peering can be negotiated with larger providers, thereby reducing the additional outlays required to purchase upstream transit services to complement these peering connections. This in tern results in an internet which is highly interconnected, which, in turn improves both the performance and operational costs of the service offering, both of which translate to improved consumer offerings in a highly competitive service industry.

A Market-based Approach to Interconnection

In many ways interconnection in the Internet can be seen as the operation of an open market within the broader framework of a generally deregulated industry, where each party brings assets to the interconnection market place and attempts to reach mutually satisfactory arrangements with other actors in the same market. Each party is attempting to reach precisely the same outcome, namely comprehensive connectivity, and to do so in a maximally efficient manner such that it minimizes its expenditure while meeting its requirements for connectivity and capacity.

Over twenty years of experience in operating this market-based framework for Internet connectivity has shown that it is capable of scaling from a few dozen service providers to currently over 40,000 component networks, and at the same time it has proved to be capable of sustaining its objective, namely that of universal connectivity across the entire Internet's interconnection domain. It is also the case that the Internet has been able to achieve this outcome without the imposition of overriding regulatory impost, and with ever increasing price performance service offerings for the end consumer. The evidence from this experience points to a conclusion that this market operates in an efficient manner, and this efficiency directly translates into cost efficiencies in the retail market for Internet services.

The ultimate beneficiary of this form of market-based Internet connection in the Internet is the end consumer, who, for the price of a local access service across the last mile, gains access to the entire world of the Internet.

Written by Geoff Huston, Author & Chief Scientist at APNIC

International Telecommunication Regulations – Cover of the Telegraph and Telephone Regulations revised at the 1988 Melbourne Conference.
(Click to Enlarge / Image Source: ITU)At WATTC in 1988 some 178 of the world's nations agreed to a set of International Telecommunications Regulations (ITRs) that supplement the binding regulations of the International Telecommunication Convention. The goals of these regulations were Rather Grand as well. They aspired to promote the "harmonious development and efficient operation of technical facilities, as well as the efficiency, usefulness and availability to the public of international telecommunication services."

If one is prepared to view the rise of the Internet over the past 25 years as a product of a appropriately liberalised international regulatory regime as much as it was a product of the titanic shifts in computing and communications technologies that also occurred over this period, then it is conceivable to make the case that the Internet of today is a product of these ITRs. And what a prodigious product it has been!

But here, rather than look at the Internet, I'd like to look particularly at the ITRs and the preparatory activities in the leadup to WCIT.

Review of the International Telecommunication Regulations (ITRs)

In Dubai, between the 3rd and 14th of December in 2012 the nations of the world will convene again to consider a review of these ITRs, which define the general principles for the provision and operation of international telecommunications. Again, all Rather Grand stuff.

At the moment the international meeting cycle is ramping up to consider what aspect of the ITRs should be altered, what should stay the same, and what should be dropped. After all much has happened in the past 25 years, and there is an argument to be made that the ITRs should better reflect today's world.

But the world is not exactly aligned at the moment about what should and what should not be folded into a new set of international regulatory obligations. Some countries appear to be advocating for some quite specific measures to be added to the ITR to address what for them are characterised as otherwise unresolvable operational issues. Others are advocating a more general approach to have the ITRs explicitly embrace the Internet and fold references to the Internet in every place where specific carriage and service delivery technologies are references in the ITRs. It's when these two approaches intersect that the situation gets interesting.

"Number Misuse" and "the Internet"

What we are seeing at the moment is an effort to fold the concepts of "Number Misuse" and "the Internet" together, with a result that there is some advocacy by some countries to see the ITRs explicitly take on the concept of "IP Address and Routing Misuse" within a the framework of national obligations through common regulatory action. If successful this would oblige governments to take necessary actions to investigate and prosecute such instances of so-called "misuse." Surely we all desire a global public communications network that operates with integrity. Surely we would want to see countries do precisely this. So why is this not exactly the best idea to appear in the ITR negotiation process so far?

Let's look at the motivations for "Number Misuse" in the world of telephone carriers and telephone services, and then look at how this could conceivably map in to the world of the Internet.

To understand the telephone world and where this issue of "Number Misuse" is coming from, it may be useful to understand a little of how money circulates in the phone world.

Telephony: Sender Pays

In many ways the telephone leaned heavily on the telegraph service for its service model, which, in turn, leaned on the postal service, establishing a provenance for the telephone service model that stretched back over some centuries to at least the 1680's and London's Penny Post, if not earlier.

The Postal Service model that gained ascendency over the preceding centuries was a model where the sender paid for the entire service of delivery of the letter. If the postal service that received the letter in the first place needed to use the services of a different postal service to complete the delivery, then that was not something that was visible to either the sender or the intended recipient. The postal services were meant to divide up the monies received to deliver the letter and apportion this money between them to compensate each service provider for undertaking their part in the delivery of the letter.

The telephone service, for the most part, operates in a very similar fashion. The caller pays for the entire cost of the call, and the called party does not. When both the caller and the called party are connected to the same carrier then this really is quite straight forward. The carrier charges the caller for the cost of the call and, presumably, some small (or often not so small) margin for profit.

However, when we take the same model and apply it to, say, international phone calls, then the model is not so simple. The common desire on the part of the telephone operators was to preserve the same simple model: the caller pays. Now in this case the caller pays the presumably higher price of establishing a voice circuit from carrier in one country in one part of the world to another carrier in another country in another part of the world. But now the caller's carrier should not keep all of the revenue associated with the call. The other end, the "terminating carrier" has also incurred costs in servicing this call. The arrangement that the telephone industry came up with was the concept of "inter-carrier call accounting financial settlements."

To explain this it may be useful to bring in the unit of a "call minute", which is commonly used as a means of measuring a telephone call. What carriers establish between themselves on a bilateral basis are the inter-carrier settlement cost per call minute of a telephone call that originates in one carrier and is terminated by the other carrier.

Now if both carriers can establish a value of a call minute settlement rate where in both directions the call minute termination costs roughly equate to the call minute settlement rate, then in theory at any rate, neither party is relatively advantaged over the other irrespective of whether the callers are predominately located in one carrier or in the other carrier. In theory, in such an arrangement should be financially neutral to both carriers.

However, while in theory practice and theory should align, in practice its rarely the case. What happened in the telephone case was that we saw some carriers set a call minute call termination settlement rate that was well above cost, while at the same time set its international call tariffs such that outbound calls were prohibitively expensive for local subscribers. The result was that the local customers of these carriers found it cheaper to request that the other party call them, which was the desired outcome. The local carrier then generated income not by charging local subscribers but by revenues generated as an outcome of the call accounting settlement payments that were generated by the net imbalance of called vs calling call minutes.

This was a game played by carriers all over the world. For example, in France in the early 1990s it was some 5 - 10 times more expensive to call a US number from France than it was to make a call between the same two numbers in the other direction. If you add in a further consideration, namely that in the 1980's many carriers were part of the public administration and were in effect government-operated national monopolies whose profits contributed to national revenue, then you get an outcome that is described in Opinion No. 1 of the 1989 ITRs, under the heading "Special Telecommunication Arrangements", namely:

"considering further that, for many Members, revenues from international telecommunications are vital for their administrations" Telephony Special Services and "Number Misuse"

It's often said that the only really major innovation in more than a century of the telephone service was the fax. Perhaps that's a little too unkind, but innovations in the delivered services that industry were few and far between. However, there were a number of innovations that are important to this story, and the ones that are relevant here are number redirect and the so-called "premium" services.

The "premium" services attracted a higher call cost, and the carrier conventionally splits the revenue from the service with the called service. These services traditionally included weather forecasts, sports results, new headlines (until the Internet became all but completely ubiquitous and decimated these services!), and so on. They also attracted the sex industry. However, in many countries such services were not permitted, so a conventional premium service was not an option for this industry.

As ever, we are naturally inventive, and some folk thought about this and came up with a clever solution to use number redirect to redirect the call to this otherwise not permitted premium service to another country. As part of this redirection the premium service provider needed to reach an agreement with the new home carrier of the call termination point to divide the international call accounting revenue provided by callers to this service between the carrier and the service provider. Not only did this arrangement effectively circumvent local regulations relating to locally provided premium services, it also leveraged off the international call accounting arrangements to the benefit of the premium service provider as well as the terminating carrier.

We may be inventive, but all too often we are greedy as well. The next step was to circumvent any arrangement with the destination carrier and redirect the call to an entirely different carrier. One of the side effects of deregulation of the telephone industry in many countries was that in place of a single carrier that would receive incoming all international calls for a given country code there were a number of carriers who were ostensibly competing for the these incoming calls. Instead of routing calls based solely on the dialled country code, carriers now could route calls based on number blocks within the country code, and use different transit routes based on number block rules. What if a premium service provider took a number block from a country code and specified that all incoming calls were to be routed by a third party carrier? That all sounds innocent enough, but what if this third party did not actually route the calls through to the country in question, but instead terminated the calls and still charged the calling carrier the international call accounting settlement rate? No doubt the service provider has got a better deal, so the service provider is happy, and the carrier that terminates the call is receiving a portion of the call settlement rate, so the terminating carrier is happy. But happiness is not universal here. The carrier in the called country code is getting nothing from this arrangement, even though their country code is being used. From their perspective they are being defrauded of what they might claim is legitimate international call accounting revenue through the "misuse" of the number block drawn from their country code.

If the country code carrier could discover this unauthorised number block diversion, then presumably they could withdraw the number block and stop the international call diversion. Unfortunately this is not always the case. They can withdraw the number block, but at times, and under perhaps somewhat shady circumstances, the premium service provider and potentially the transit carriers, might still be able to convince local carriers that the number block diversion is still legitimate. While the country code carrier might see the problem, their ability to enforce carriers in other countries to respect their authority to regarding the use of number blocks drawn from their country code is not always clear. At times they are effectively powerless to enforce a remedy.

And the scheme can be further refined. Why even enter into any form of discussion with the international carrier for a number block? Why not pick one or more of the more obscure national country codes, generate some number blocks from these codes and then get a cooperative transit carrier to enter a number block diversion request into the local carrier? The number block is perhaps drawn from a country code that already makes extensive use of third party transit arrangements, and the local carrier may not question the request, and the carriers in the countries where the number blocks have been drawn from may not have the resources to even detect that this has occurred.

At this point we have arrived at the situation that is motivating some of the proposals to augment the ITRs in this round of negotiation. The position of the nations who have been highlighting this issue as being an important problem in the world of international telephony is that the unauthorised use of phone numbers drawn from their E.164 telephone number block is, in their eyes, a case of "Number Misuse."

The reason why they want to identify this situation and write it into the ITRs this time around is that they would like to involve governments into the role of enforcer of conformance with the conventions of management of telephone country codes. It appears that they would like governments to adopt, as a common convention, that calls made to a country's country code be directed such that the call request is sent to an authorised carrier located in the country, and to ensure that all authorized carriers essentially honour the integrity of the country codes of all other countries that use the E.164 country code number plan.

Inexorable Revenue Leakage

It's also reasonable to ascribe the motivation for this measure as one that is intended to ameliorate the inexorable revenue leakage of the former rich money tap of international call accounting settlement payments. I'm not sure that the various antics of the international premium service market are the true intended target of this measure. I suspect that the intended targets of this proposed regulatory measure are those carriers who have devised other methods to honour the intentions of their callers when they make an international phone call, and make the phone of the dialled number ring, yet at the same time bypass the traditional call accounting arrangements. Already VoIP trunking is commonplace, where the call is mapped into a Voice over IP call, and one way to bypass the conventional call accounting measures is to use a VoIP trunk to enter the dialled country, and then pass the call back into the PSTN as a locally originated call, terminating it on the originally dialled number. The call is then subject to domestic inter-carrier call termination tariffs, which are generally far lower than their international counterpart.

The Internet and services such as Skype are exerting massive downward pressure on what carriers can charge for conventional phone services without driving all remaining customers into Internet-based services. In an effort to retain some level of market share it is now evidently more commonplace for carriers themselves to embrace IP-based approaches and bypass these imposed inter-carrier international settlement charges. But for many countries in the developing world this shift represents a twofold financial blow. Not only are they seeing their foreign-sourced revenue stream disappear at the same rate as the call termination minutes of conventional telephony vaporises, but this revenue stream is being replaced by growing IP traffic volumes which represent a net cost to the national economy.

It should come as no surprise to see some countries attempt to advocate an international regulatory response that is intended to reverse this development, and restore the role of the international telephone network as a means of structural flow of monies from the business sector from the richer economies to the consolidated revenue stream of those not so well off economies.

Internet Number "Misuse"

In and of itself the above discussion is by no means a novel discussion for the telephone world, and the tensions exposed by the continual erosion of the traditional telephone business through the onslaught of new technology is not at all surprising.

What is perhaps a bit more of a surprise is the recent moves within the ITR preparatory activities where a number of nations are advocating pulling Internet addressing and routing into the same category of telephone number regulation and also fold this into this matter of "number misuse" that would apply to both E.164 numbers and IP addresses.

Now some things do not readily translate from telephony to the Internet: there is no "national IP address plan" as a counterpart to the E.164 number plan, as the IP address plan is aligned to networks, as distinct from countries. However one could take a broad view and find some form of mapping from the proposed recommendations regarding the use of E.164 networks to IP addresses. It would appear that the application of the proposals regarding "number misuse" would see a regulation to the effect that IP packets should be routed to the destination address specified in the packet, and not rerouted and terminated elsewhere. Surely this is part of the way the Internet works in any case. For the network to actually function, packets need to be passed to their addressed destination. Or so one would've thought.

And that is indeed what happens a lot of the time within the Internet. But by no means all of the time. As part of the normal course of operation of IP networks many operators deploy equipment that intercepts packets and forms a synthetic response using the address of the intended destination. And many national administrations either operate, or mandate the operation of, equipment that inspects packets in transit and discards packets addressed to certain number blocks.

What is going on?

Why do network operators regularly "misuse" IP addresses by deliberately intercepting packets and generating a synthetic response?

Packet Diversion

The most prevalent reason is the use of proxies, and, in particular, web proxies. These devices sit "on the wire" and intercept web fetches and cache the downloaded data. When another user requests the same URL the proxy will use the cached version of the content, rather than forwarding the request on to the original site. This is by no means unusual: it is typical for web browsers to cache the most recently visited web pages and when the user returns to the page, the local cached copy is used rather than re-performing the download. For the browser and the network operator the rationale for this form of "address misuse" is the same: it is both a desire to improve performance for the end user and a desire to increase the efficiency of the network by reducing the data volumes being shifted across the transit links. So the outcomes are, on the whole, positive outcomes; users see improved performance and potentially lower costs for the service, using an interception technique that is generally transparent to the user.

Is the deployment of a web proxy an instance of fraud?

Here's where another critical difference between the Internet and the telephone world comes into play. In the Internet the sender does not "pay all the way" to get a packet from its source to its intended destination. In general, every IP packet could be thought of as being partially funded by both the sender and the receiver.

The user who generated the packet pays for an ISP service, and the ISP may, in turn, purchase transit services from another ISP, and so on for sequenced transit services. However, at a peering exchange point, or within a provider network, the sender's money runs out. However the packet is not unfunded, for at this point the receiver's services take over, and the packet transits a path that is funded by the receiver's ISP's transit services, and there to the receiver's ISP and there to the receiver.

If a packet is diverted to a proxy then who wins and who loses? Can we make that case that there is a party that is out of pocket here?

As long as the proxy is a faithful proxy then the user wins in so far as the user experiences improved performance and the benefits of a more efficient network while still seeing precisely the same content. And the content provider wins in so far as the content is delivered to the user without incremental cost of packet handling at the content site. In this case there is no end-to-end service payment on the part of the user that would trigger an inter-carrier settlement payment, so it is difficult to make the case that this action necessarily damages any party involved in the network transaction.

Given the widespread deployment of these devices across the entire Internet, the beneficial outcomes of improved performance and network efficiency, and the option for content providers to use techniques that in effect mark content as not cacheable, it's extremely challenging to sustain a case that the use of proxies is a case of address misuse. So the use of traffic diversion and intercepting proxies are not generally regarded as an example of intentional fraud or even an accepted case of address misuse. Its just what we do today in the Internet.

Packet Interception

What about the deliberate interception and discarding of packets in flight. Surely this is a case of "misuse" of IP addresses?

That's a very hard case to make when you consider that such actions are exactly how firewalls work, and almost every network uses firewalls in some manner or other. The action of a firewall is to intercept all packets, and discard those that match so pre-determined set of rules relating to acceptable and unacceptable packets.

Many users run firewalls that deliberately black all incoming connection requests unless they match quite specific rules.

Many ISPs run firewalls that deliberately block access to ISP's services from users who are not direct customers of the ISP.

Many countries have content regulations that block access to certain content, enforced either through government-operated facilities, or through obligations imposed through the conditions associated with the carrier license within that country. The country I live in, Australia, imposes such constraints on its carriers for certain types of content, as does China through its much-reported national firewall facilities.

Users, service providers and carriers and governments all use various forms of packet interception. Are we all guilty of "Number Misuse"? Should we support changes to the ITRs to obligate governments to completely stop this practice?

Aside from many other motivations for firewalls, security is a continuing concern in the Internet, and there is little doubt that while firewalls have not eradicated all forms of toxic traffic and associated abuse and attack, they are an important part of a larger story about securing the Internet. Irrespective of the various views that get expressed at a national level about censorship, intellectual property rights and the position of common carriers and users, it seems counter-intuitive to me that we would want to obligate governments to pull down our firewalls and filters as a necessary consequence of a revised set of ITRs.

WCIT and the ITRs - Where to From Here?

The international call accounting arrangements used by the telephone world, and the use of structurally embedded imbalances in call accounting settlement rates is still a major factor in the ITR discussions. This accounting imbalance is sanctioned in the resolutions of the 1988 World Administrative Telegraph and Telephone Conference, where Resolution 3, concerning the apportionment of revenues provided for structural cross subsidisation of the developing world through asymmetric fixing of call accounting rates between the so-called developed and developing economies.

But in an increasing commercial world of telecommunications, where it is no longer a relatively exclusive collection of publicly funded monopolies that were an integral part of public utility service providers that in effect were an instrument of national governments, pushing the onus of an international developmental agenda onto an increasingly privatised commercial activity has been a less than comfortable fit. Private operators see this as in a more dispassionate light as a business cost input, and seek to find ways to minimize this cost in order to improve the competitive position of their business.

However, the changes in this industry over the past 25 years are so much larger than even this significant broad scale shift in the onus of capital injection and operation from the public to the private sector. At the same time we are seeing an even more fundamental shift in technology foundations, from circuits to packets with the introduction of the Internet into the picture. This has brought about profound shifts in both the engineering of communications infrastructure and, as we've seen, it also has triggered profound shifts in the pricing of the consumer service, shifting from transactional pricing to a "connection rental" model where packet transit costs are bundled into the service. This, in turn, has lead to profound shifts in the manner in which money moves between the network operators themselves.

And perhaps of even greater and more lasting significance in this industry is the decoupling of carriage and content. We have now seen the rise of highly valuable content-centric enterprises whose business model relies on a ubiquitous and abundant underlying communications infrastructure, but who are not financially beholden to the infrastructure operators. They have been able to forge direct relationships with consumers without having to deal with any form of mediation or brokerage imposed by carriage providers. The current value of these content enterprises dwarf the residual value of the carriage service sector, and the outlook for this sector is one of continuing shift in value away from carriage service providers and into the areas of content-based services.

Given the sheer scale of these changes in this industry over the past quarter century it seems to me that the view that one can simply fold the Internet seamlessly into the current framework of the ITRs by the prolific insertion of "and the Internet" into the text of the regulations is simply not viable.

Packets are not circuits, and the mechanisms used to engineer packet networks are entirely different than those used with the circuit switches that supported traditional telephony services. This difference encompasses far more than engineering. The way in which users pay for services differ, and this shift in the retail tariff structure of the Internet service implies a forced change in the way in which carriers interact to support a cohesive framework of network interconnection. The concept of a "call" really has no direct counterpart in the Internet. To extend this further into the area of "call accounting" and "caller pays" is again an extension that does not clearly map into the Internet. So when the existing ITRs refers to inter-carrier call accounting financial settlements there is no clear translation of such a concept into the Internet. When we extend this inter-carrier interconnection framework into structural imbalances in call accounting settlement rates, and extend this further into the concepts of "number misuse" all forms of connection between traditional telephony and Internet are completely lost.

However, this should not imply that the ITRs are now an historic relic, completely overtaken by comprehensive shifts in both the technology and service models of today's global communications network. Irrespective of the fine level of detail in these 25 year old documents, the ideals behind the ITRs are indeed worthy ideals, and should not be discarded lightly. Ultimately, what we are dealing with here is the role of individual nation states with respect to a public communications service for the entire world. In setting forth a framework for supporting an efficient, effective and capable global communications system, the obligations stated in the current ITRs relating to the promotion of international telecommunications services, and the endeavours to make such services generally available to the public remain thoroughly worthwhile objectives. The concept that widely respected technology standards are critical to interoperability are also critically important aspects, and again their recognition in the ITRs are worthwhile considerations.

But, as we both review the changes of the past quarter century and try to peer into what may emerge over the next quarter century, perhaps less is best in this area. Rather than seeking to explicitly add various regulations that attempt to address specific incidents of number misuse, and the rather clumsy efforts to include the Internet into the already detailed provisions relating to inter-carrier settlement models of the increasingly historic traditional telephone network, perhaps the best set of ITRs we could have for tomorrow's world are national obligations that support a common regulatory framework that is both more minimal with respect to describing or relying on particular technologies and service frameworks, and more encompassing in scope in stating the overall objectives and common aspirations all nations share in supporting this unique incredibly valuable common resource of a common communications service that truly embraces the entire world.

Further Reading:
World Conference on International Telecommunications (WCIT-12)
The Current ITRs (1988) [PDF]

Postscript: "It's all just Telecoms"

I received a comment soon after I posted this article, which I thought would provide some further insight to the WCIT process, so here is the comment and some further thoughts on the topic.

The comment was in the form of a report from a preparatory meeting for WCIT that evidently there is a mood within certain parts of the ITR drafting process to simply say: "The ITRs should apply to the Internet in full, because the Internet is nothing more than a telecom service and should be treated that way."

In one sense its true that the Internet is nothing more than a telecommunications service, but in the same way that the post, radio, television, and of course the telephone are also all just telecommunications services. But the nature of the particular service has many consequences, and the attempt to lump telephony and the Internet into the same form of regulatory handling is at best a somewhat misguided effort.

I truly wonder if, more than a century ago, the counterparts of today's government delegates, in a meeting of that august body, the Universal Postal Union, would've argued that a telephone conversation was just an exchange of letters without the artifice of paper, and that the telephone was indeed just a part of the postal service, because its just "a communications service." Indeed I'm pretty sure their counterparts did precisely that and for the next 80 years or more in many countries the Postmaster General operated the telephone service, and operated the wireless spectrum administration and regulated radio and television broadcasts, as well as operating the national postal service, the telegraph service and telex services, all because "its all just communications."

But, ultimately we changed all this. We created distinct entities to administer different communications media and services because its actually not all just communications and its not all just telecoms, and effective regulatory handling of these different communications mechanisms, using distinct forms of investment and finances, and at times entirely distinct regulatory frameworks and often distinct organisations and associated participatory arrangements allows us to realise the true potential of these various services and do so efficiently and effectively. This recognition of a need for distinction in the regulatory frameworks for various services avoids the unfortunate situation of the stultifying dead hand of history misapplying one form of regulation on an entirely distinct and very different medium.

I suspect the best thing the postal folk, in the form of the UPU, ever did was to tell the telephone folk "hail and farewell" and let them get on with their role using an organisation specifically designed to meet their collective needs in supporting telephony.

It may be well and truly time for the telephone folk, in the form of the ITU, to come to a similar arrangement in its dealings with the Internet!

Written by Geoff Huston, Author & Chief Scientist at APNIC

They tried and failed with UBB. Now they are at it again with "speed boost" technologies. The two technologies at question are Verizon's "Turbo” service and Roger's "SpeedBoost”. There are very few technical details, but it appears in the former case that users will be able to purchase additional instantaneous bandwidth to the detriment of other users on the same shared service. Whether this will make a difference to actual throughput is another matter because the slow video may be due to server problems and not network congestion. And if you are in elevator with very poor connectivity, you will unlikely get any faster download speed, no matter how many times you press the turbo button. But will Verizon give you a credit if you don't get the advertised speed boost? I doubt it. Similarly the Rogers' service, while still free, seems to imply faster speeds if they detect you are streaming a video, particularly from their own on-line service. Will users who are not streaming video, but using other real time applications get the same benefit such as VoIP or Telepresence? I doubt it.

The carriers continue to have this brain dead idea that bandwidth is a scarce resource — which is only true to the extent that were the ones who created this artificial scarcity. Building a business case around an artificial scarcity is as stupid as trying to make a premium market from air we breathe. Customers aren't interested in buying bandwidth or quality of service to enhance their user experience. Just as with electricity they want and expect that just about any appliance or application will simply work — with no need for special speed boosts and other gimmicks. Imagine negotiating with the electric utility for a little extra power when you needed to turn on your stove or TV.

It is last mile packet loss which has the biggest impact on the customer's user experience — NOT bandwidth or congestion. The Internet (TCP/IP) is designed so that packet loss is used as a signaling tool to reduce packet throughput. Regardless of where the packet loss occurs the Internet is designed to slow down any data stream, that is affected by a lost packet. However the rate to which a data stream is slowed down is greatly dependent on distance. This is why moving caching boxes as close as possible to the user affects end-to- end throughput, particularly if there is ongoing packet loss.

Although bandwidth and congestion can be a factors affecting packet loss, there are much more clever ways of reducing the impact of packet loss, especially in wireless environments. There are two much simpler solutions. The first is to locate caching/cloud servers as close as possible to the end users. Something that companies like Akamai and Google do already — at no charge to the carrier. Decreasing wireless distance from the wireless node is the other critical factor. This is why integrating WiFi with 3G/4G is so important.

A good example of a carrier that "gets it" is Free.FR in France. Free.FR is redefining what the idea of a carrier in the 21st century is, thanks to these innovations I have been talking about and pioneered by R&E networks like SURFnet. Integrating a blend of Wi-Fi, 3G and its all-fiber backbone, Free will offer unlimited voice, texting and data over the mobile networks. Free.fr deploys their own set-top box for automatically sharing a portion of one's broadband connection via Wi-Fi with other Free.fr customers. Over five million set-top boxes means Free.fr has a free Wi-Fi cloud covering major cities such as Paris. Even when away from home, you can easily get broadband instead of resorting to an expensive 3G network. Their set top box will also allow extreme local caching, to further enhance the user mobile experience. This is the future of broadband. Not silly gimmicks like TurboBoost or SpeedBoost.

Written by Bill St. Arnaud , Green IT Networking Consultant

… guide the FCC's work on technology and engineering issues, together with the FCC's Office of Engineering and Technology. He will advise on matters across the agency to ensure that FCC policies are driving technological innovation, including serving as a resource to FCC Commissioners. He will also help the FCC engage with technology experts outside the agency and promote technical excellence among agency staff. He will be based in the FCC's Office of Strategic Planning and Policy Analysis.

Henning brings an excellent background to this role, having been one of the co-authors of the Session Initiation Protocol (SIP - RFC 3261) and the Real-time Transport Protocol (RTP - RFC 3550 and 1889), the two main standards used in most Voice over IP (VoIP) systems today. Henning is also the author/co-author of over 70 other RFCs and countless Internet-Drafts and has been active with the Internet Engineering Task Force (IETF) since the 1990's. He also served on the Internet Architecture Board (IAB).

Given the recent FCC workshops on the transition of the Public Switched Telephone Network (PSTN) to new technologies, it's great to have someone with Henning's background and knowledge in a prominent role at the FCC. Henning himself noted this in an email to the IETF DISPATCH working group mailing list, where he noted that the FCC is definitely seeking input from technical folks.

Obviously in this new role he'll be working not only with real-time communications but also with the wide range of other areas that the FCC covers. Regardless, it's excellent to have someone with Henning's background providing this level of advice and input to FCC activities.

Prior to joining the FCC, Henning has been a professor and chair of the Computer Science department at Columbia University. In my experience he's also just an all-around decent person and I'm very much looking forward to seeing what he'll do at the FCC.

Written by Dan York, Author and Speaker on Internet technologies

http://www.fcc.gov/live

The FCC's note about the workshops mentions that people watching the live stream can send in questions to panelists using either of two methods:

• by e-mailing livequestions@fcc.gov
• tweeting on Twitter using the hashtag #FCCLIVE

Given that a video recording was provided for the first workshop, hopefully a video recording of this second session will also be made available.

Today's sessions look to be quite interesting and contain quite a range of participants. The full schedule and list of participants is available on the FCC's web site (click on "Expand" in the lower right corner of the page), but here is the brief list:

* * *

9:30 a.m. — 9:40 a.m. - Welcome Remarks by Zachary Katz, Chief Counsel and Senior Legal Advisor, Office of the Chairman, FCC

9:40 a.m. — 10:45 a.m. - Impact of the Transition on the Technology and Economics of the PSTN
Participants include: University of Colorado, Carnegie Mellon, George Washington University, Massachusetts Institute of Technology (MIT), Gillan Associates, SIP Forum

10:45 a.m. — 11:45 p.m. - Policies of the PSTN (e.g., accessibility, reliability, affordability, and public safety)
Participants include: Tufts University, Consumer Federation of America, University of Wisconsin, Neustar

1:00 p.m. — 2:10 p.m. - Implementing the Transition to New Networks
Participants include: Verizon, Comcast, Carnegie Mellon, National Telecommunications and Information Association (NTIA), XO Communications

2:10 p.m. — 3:20 p.m. - Syncing Expectations, Emerging Technologies and the Public Good
Participants include: Georgetown University, University of Michigan, University of Pennsylvania — Wharton, Acme Packet, Panasonic Systems Networks

3:20 p.m. — 4:30 p.m. - Economic Rationales for PSTN Transition
Participants include: Queens College, Indiana University, Syracuse University, Sanford Bernstein, University of Auckland, NZ

Written by Dan York, Author and Speaker on Internet technologies

http://www.fcc.gov/events/public-switched-telephone-network-transition

Given that the workshop was 4 hours long, you may or may not want to watch the entire session. The workshop was divided into four hour-long panels that consisted of brief presentations by the various panelists followed by questions to each panel from the moderator and attendees. FCC Chairman Julius Genachowski also appeared briefly to provide a few comments.

The order of the workshop panels is as follows (and differs from the planned agenda only in that FCC Chairman Genachowski's comments came between the first two panels):

• The Impact of Broadband Communications on Public Safety and Network Reliability
• Remarks by Julius Genachowski, Chairman, FCC
• Disability Access in Substitute Services
• Technical Capacity, Capabilities, and Challenges Facing Future Rural Networks
• Identifying, Evaluating, and Transitioning Key PSTN Edge Functionalities (e.g., alarm monitoring, medical devices, and consumer equipment)

In his comments, FCC Chairman Genachowski discussed how the world is changing and moving to an IP network. He highlighted that 19% of the nation's telephone connections are already interconnected VoIP and 30% of Americans have cut the cord and moved to wireless. He spoke of the role of IP networks in unleashing innovation, contributing to job creation, education, etc. and indicated he and the commission are seeking answers to questions such as these:

• how do we minimize consumer disruption in the move?
• how do we ensure public safety access?
• how do preserve and promote disability access?
• how do we ensure ubiquitous access?
• how do we ensure access to high quality service?
• how do we best foster innovation?

He emphasized that the current PSTN is reliable and accessible and we don't want to lose benefits of old system. He indicated that he wants to enable the private sector to take the best benefits of PSTN and bring those into the future while taking advantage of new technologies.

The panelists in each section all saw the transition as inevitable, indicated it was already well underway and raised legitimate concerns to be considered with regard to their topic area. For instance, the sheer number of installed devices connected to the PSTN will take quite some time to change over to devices that can work with IP networks. An example was given that a standard for alarm systems over IP was only standardized within the TIA in 2007 and a similar standard for smoke alarms over IP was only standardized in 2010. It will take quite some time for devices with those standards to propagate out into commercial availability and transition options may need to be evaluated. Similarly, while the use of traditional TTY devices continues to decline, there is still a huge installed base. These TTY devices are designed to work over the PSTN and the traditional protocol used does not work well over IP. These devices will need to either be replaced or have a transition device such as a terminal adapter installed to work over IP networks.

All in all it was quite an interesting session and hopefully did provide the FCC with the type of feedback they were seeking. The second FCC workshop on the PSTN transition takes place tomorrow, December 14, 2011.

Written by Dan York, Author and Speaker on Internet technologies

Circuit-switched wireline voice technology has created a high standard for reliability, accessibility, and ubiquity. Consumers will continue to expect and demand these qualities, even as they shift from PSTN services to services provided over different networks. The transition away from the PSTN is already occurring, and is likely to accelerate. Through these workshops, the Commission will seek input on the technical, economic, and policy issues that must be addressed to minimize disruption during this transition, and to protect consumers, public safety, competition, and other important interests.

The first workshop on Tuesday, December 6, will focus on "what obstacles and opportunities the transition may create regarding public safety, accessibility, and ubiquitous service.”

The second workshop on Wednesday, December 14, will focus on "a wide array of economic, technological, and policy issues that need to be addressed as consumers choose to subscribe to, and rely on, new technologies and services.”

More details about attending can be found in the public notice. The document also indicates that the workshops will be streamed live at http://www.fcc.gov/live

Written by Dan York, Author and Speaker on Internet technologies