I was at a closed-door event discussing these labels about two weeks ago (right before the potential government shutdown/temporarily averted for now) - and it was non-attribution, so I can only describe my comments:

(1) the labels risk missing the reality that the Internet and cybersecurity are not steady state, which begs the question how will they be updated
(2) the labels say nothing about how - even if the company promises to keep your data private and secure - how good their security practices are internal to the company? Or what if the company is bought in 5 years?
(3) they use QR-codes to provide additional info, yet we know QR-codes can be sent to bad links so what if someone replaces a label with a bad link such that the label itself becomes an exploit? 

I think the biggest risks is these we be rolled out, some exploit will occur that the label didn't consider, consumers will be angry they weren't "protected" and now we are even in worse shape because the public's trust has gone further down hill, they angry at the government, and the private sector feels like the time and energy they spent on the labels was for naught?

There's also the concern about how do startups roll-out such a label for their tech in the early iteration phase? How do they afford to do the extra work for the label vs. a big company (does this become a regulatory moat?)

And let's say we have these labels. Will only consumers with the money to purchase the more expensive equipment that has more privacy and security features buy that one - leaving those who cannot afford privacy and security bad alternatives?

On Wed, Oct 11, 2023 at 1:31 PM Jack Haverty via Nnagain <nnagain@lists.bufferbloat.net> wrote:
A few days ago I made some comments about the idea of "educating" the
lawyers, politicians, and other smart, but not necessarily technically
adept, decision makers.  Today I saw a news story about a recent FCC
action, to mandate "nutrition labels" on Internet services offered by ISPs:

https://cordcuttersnews.com/fcc-says-comcast-spectrum-att-must-start-displaying-the-true-cost-and-speed-of-their-internet-service-starting-april-2024/

This struck me as anecdotal, but a good example of the need for
education.  Although it's tempting and natural to look at existing
infrastructures as models for regulating a new one, IMHO the Internet
does not work like the Food/Agriculture infrastructure does.

For example, the new mandates require ISPs to "label" their products
with "nutritional" data including "typical" latency, upload, and
download speeds.   They have until April 2024 to figure it out. I've
never encountered an ISP who could answer such questions - even the ones
I was involved in managing.  Marketing can of course create an answer,
since "typical" is such a vague term.  Figuring out how to attach the
physical label to their service product may be a problem.

Such labels may not be very helpful to the end user struggling to find
an ISP that delivers the service needed for some interactive use (audio
or video conferencing, gaming, home automation, etc.)

Performance on the Internet depends on where the two endpoints are, the
physical path to get from one to the other, as well as the hardware,
software, current load, and other aspects of each endpoint, all outside
the ISPs' control or vision.   Since the two endpoints can be on
different ISPs, perhaps requiring one or more additional internediate
ISPs, specifying a "typical" performance from all Points A to all Points
B is even more challenging.

Switching to the transportation analogy, one might ask your local bus or
rail company what their typical time is to get from one city to
another.   If the two cities involved happen to be on their rail or bus
network, perhaps you can get an answer, but it will still depend on
where the two endpoints are.  If one or both cities are not on their
rail network, the travel time might have to include use of other
"networks" - bus, rental car, airplane, ship, etc.   How long does it
typically take for you to get from any city on the planet to any other
city on the planet?

IMHO, rules and regulations for the Internet need to reflect how the
Internet actually works.  That's why I suggested a focus on education
for the decision makers.

Jack Haverty

_______________________________________________
Nnagain mailing list
Nnagain@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain