Yesterday Ofcom, the UK comms regulator, announced they would be investigating Vodafone and Three over concerns that the networks had failed to comply with the European Union’s version of network neutrality regulation. You can read the announcement here.
Perhaps the UK networks of Vodafone and Three, part of the Hutchison group, have engaged in some traffic management that they should not have. Perhaps not. Thanks to the EU’s Open Internet Access Regulation it will take a long while to find out, and nobody will be very sure about the outcome. Some people will still doubt the outcome even after it has been announced. That is because this regulation is a splendid example of well-intentioned people deciding there should be a rule against naughty stuff whilst remaining hopelessly vague about the dividing line between naughty stuff and all the other stuff. Presumably we are meant to recognize naughty stuff when we see it. After which, it then becomes obvious if the fine levied should be 10 percent of turnover, a single penny, or something between.
If Vodafone and Three have behaved “reasonably” then they will have done nothing wrong. Here is the definition of reasonable per this regulation:
The objective of reasonable traffic management is to contribute to an efficient use of network resources and to an optimisation of overall transmission quality responding to the objectively different technical quality of service requirements of specific categories of traffic, and thus of the content, applications and services transmitted. Reasonable traffic management measures applied by providers of internet access services should be transparent, non-discriminatory and proportionate, and should not be based on commercial considerations. The requirement for traffic management measures to be non-discriminatory does not preclude providers of internet access services from implementing, in order to optimise the overall transmission quality, traffic management measures which differentiate between objectively different categories of traffic. Any such differentiation should, in order to optimise overall quality and user experience, be permitted only on the basis of objectively different technical quality of service requirements (for example, in terms of latency, jitter, packet loss, and bandwidth) of the specific categories of traffic, and not on the basis of commercial considerations. Such differentiating measures should be proportionate in relation to the purpose of overall quality optimisation and should treat equivalent traffic equally. Such measures should not be maintained for longer than necessary.
Three and Vodafone thought they were being reasonable. People working for Ofcom are not so sure. Am I the only person who wonders how anyone expected such a difficult definition of ‘reasonable’ to be consistently applied in practice?
One of the many problems with the political arguments for net neutrality is that they pretend traffic management infractions will be obvious. However, the people making this argument have literally no idea of how they would spot an infraction unless it was comically obvious. Even the worst businesses rarely commit offenses that are comically obvious.
Consider an analogy based on the kinds of traffic management that even lawyers can visualize in practice. We have laws against dangerous driving on our roads. Nobody likes dangerous driving. The police try to arrest people who engage in dangerous driving. But laws like that are hard to enforce – what if no police officer saw the dangerous driving when it happened, and nobody photographed it? Even if somebody is arrested, it is going to be difficult to judge how dangerous the driving was, based on one person’s say-so compared to another person’s say-so. It is then even harder to confidently levy a penalty that is fair when compared to other cases of dangerous driving. That is why we also have laws against speeding. Speeding is dangerous. We use the speeding laws because we do not want to rely on the dangerous driving laws; it is easy to tell who is speeding, and to punish them automatically. Speeding cars can even be photographed by a purpose-built machine.
These reasons explain why Brits are ten times more likely to be punished for speeding than for all the other driving offenses combined. Net neutrality is a regulation for people who want to prevent dangerous driving, and who think it will be as easy to determine as speeding. The truth is they have no idea how to translate their nebulous concept of danger into a failure that is as objective and as easy to measure as speeding. What makes this argument even more absurd is that they know they want to punish ISPs who slow traffic down, but they have no way to define how fast the traffic should be in the first place, and how much slower is too slow. So they want the equivalent of a mandatory minimum speed without being able to express that concept using actual numbers.
By now, approximately 90 percent of the Commsrisk audience have given up reading. The stats for articles about net neutrality are shockingly low in comparison to other articles on this site. This is odd; if I was a television comedian my ratings would shoot up if I was talking about net neutrality. I can only surmise that risk professionals think net neutrality has nothing to do with them. If so, let me outline some of the key points:
- A fine of up to 10 percent of annual turnover in places like the EU.
- Infrastructure costs money. Actually, it costs a lot of money.
- Sub-optimal use of infrastructure wastes money. That is why people use data and analytics and clever numerical techniques to try to optimize the use of infrastructure.
- If you carry more traffic you either need to pay for more infrastructure or get better at optimizing traffic management.
- But if somebody says your traffic management is not reasonable then you could be spending a lot of time defending yourselves. And may then have to pay that fine.
Managing net neutrality compliance is probably the best example of a risk optimization problem currently faced by this industry. It is subject to numerical analysis, but it also requires subjective judgement. The financial costs of being too safe are enormous. The penalty for not being safe enough is also large, and that is before considering the potential impact on reputation. Risk managers should be poring over the implications of net neutrality and determining how telcos should respond – or do we think lawyers will do the relevant network and financial analysis?
If risk managers sometimes wonder why they are considered irrelevant, or if they worry that their compliance-related work has negligible importance, they should ask themselves the extent to which they are evaluating and responding to the risks that come with net neutrality.