Network neutrality – “treating all bits alike” – has been top-of-mind for Congress and for many geeks / lawyers / telco companies. I’m hoping some of you who are smarter / better-informed than I can help me answer this question: at a technical level, how does one define or implement network neutrality?
I approach this with both my former systems engineer and current lawyer hats on. Assume Congress decides network neutrality is a wonderful idea, and legislates to that effect. How would such legal code translate into computer code – in this case, network management policies? What would ISPs or other telecommunications companies be enjoined from doing?
I’ve considered a few possibilities, none satisfactory:
- No port blocking: ISPs could not block ports, which would make it harder to prevent the deployment of new services such as VoIP. However, ISPs already block ports (such as Earthlink, with SMTP’s port 25), and there are excellent reasons to block, say, port 23 (Telnet).
- No discrimination by sender: ISPs could not handle packets from different senders differently. However, ISPs already do this to filter spam (preventing connections or mail from known bad actors) or to mitigate Denial of Service attacks. Both policies seem unobjectionable.
- No discrimination by recipient: ISPs could not handle packets to different recipients differently. However, would this change spam filtering (for example, flagging or quarantining messages addressed to many users – often a sign of spam), or filtering based on parental controls?
- No discrimination by application: ISPs could not handle packets for different applications in a different fashion. Yes, please tell providers that they must allow users to port scan the network.
- No differential charges: ISPs could not charge 1) users or 2) senders differently based on application, content, or destination. But ISPs already offer tiered service plans (based on connection speed, storage space, services offered — try running a DNS server on your network, or upstream bandwidth) to users. Plus, some anti-spam strategies require charging senders differently, and it’s not clear how to craft a policy that lets ISPs block smurfing but prevents differential pricing. (Remember, users are senders too…)
In short, imagine you’re the IT person charged with implementing a law that mandates network neutrality. What switches do you flip? Remember that you have to keep your users and management happy by blocking spam, dealing with virus / worm traffic (including botnets, and perhaps kicking infected machines off the network), and perhaps preventing vulnerability identification with nmap or the like, at the same time you keep Congress happy by avoiding discriminatory treatment. What do you do?
I hope someone will help me with this. Comments appreciated.