From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 5BC343CB37 for ; Wed, 11 Oct 2023 13:39:03 -0400 (EDT) Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-52bd9ddb741so245330a12.0 for ; Wed, 11 Oct 2023 10:39:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697045941; x=1697650741; darn=lists.bufferbloat.net; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=119oQyz8N8yEy9dHj2O6x6H3igsSCdQ1uEVkLe6JxXc=; b=aFTH26TB94IScYEkhIwaUdHDniXw25H00hLxspttGdtiQcve3Ut6Aw3Rf8g7FrQA3s IeV9dVw2z+bfAIv3QAUhOrkePCuKsomyLkuN/iSN1RVtSBzpjEAwxMFlfzerFvgwKcOh lD11OKZvstH+0HHJTUnkOr/zVmhjyqOetkXGIE8ZLLhX3624xnpGxJfsgwyJKajbEcpt TidpP73gfUYhNy1qqsVB0S11nvI1XJf0saTata9JCWgLtfsk8pLRh4L+ac0cNZYcQSIZ hBI/3+LaGfpfQtdNhY0ni3ZaQSvacZQ1+g/VWPxdeA0Vm5ywEhFM7GG7R224Nq7kWoAX wusQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697045941; x=1697650741; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=119oQyz8N8yEy9dHj2O6x6H3igsSCdQ1uEVkLe6JxXc=; b=PoU4OAnoJ4wpID1gTWpWtT0zXAda5CufCPS4G9DrSv+dOgV/tB3ds71tlSxK+3B0JO s6I+KR4RJ2j/TDoDSUOGmc0TG4VrA5tRPKunSWvY0crt3Fv0VudaAjwsmxWdkkDhA4cF U2P/UCasEcVBeQ2J5nk5a5KPJKBrenUfBHEWfYGzgoB59RyAwY1kym80jDaUJ6lygfLv qQzt7IPhzy4sp1LnJptktctjeMd/sSsxsMkJWg1C34K/dAgDwAZQJF5mGyIo12035MUy R7tFGSFbybt3JWdPtBeQe1rayjQ5yeDpk8VJG7xX1Zp/d8YJ31oSe3y3+unRKf3iLjP4 obMQ== X-Gm-Message-State: AOJu0YyCccf7l5PM47evS+6xUZkI+14/hflVRdBm0g6ISCiK5/VmALRd qrcMrw2ijjY8mR9ulSfgPt+uSn2qrek8A9JRAhEgsiMn X-Google-Smtp-Source: AGHT+IFpvIR9WsaD4Z5zXY0N2JGCVw+8ZWmVu3TICg8d7J4bDD2lQRSgPJwJOutMqKtcYx1oTa5dU5QIMnbTe/ubD2g= X-Received: by 2002:a05:6402:1206:b0:530:4bcd:626c with SMTP id c6-20020a056402120600b005304bcd626cmr19749653edw.23.1697045941152; Wed, 11 Oct 2023 10:39:01 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "David Bray, PhD" Date: Wed, 11 Oct 2023 13:38:19 -0400 Message-ID: To: =?UTF-8?Q?Network_Neutrality_is_back=21_Let=C2=B4s_make_the_technical_asp?= =?UTF-8?Q?ects_heard_this_time=21?= Content-Type: multipart/alternative; boundary="0000000000007d6f800607744c2b" Subject: Re: [NNagain] Internet Education for Non-technorati? X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2023 17:39:03 -0000 --0000000000007d6f800607744c2b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I was at a closed-door event discussing these labels about two weeks ago (right before the potential government shutdown/temporarily averted for now) - and it was non-attribution, so I can only describe my comments: (1) the labels risk missing the reality that the Internet and cybersecurity are not steady state, which begs the question how will they be updated (2) the labels say nothing about how - even if the company promises to keep your data private and secure - how good their security practices are internal to the company? Or what if the company is bought in 5 years? (3) they use QR-codes to provide additional info, yet we know QR-codes can be sent to bad links so what if someone replaces a label with a bad link such that the label itself becomes an exploit? I think the biggest risks is these we be rolled out, some exploit will occur that the label didn't consider, consumers will be angry they weren't "protected" and now we are even in worse shape because the public's trust has gone further down hill, they angry at the government, and the private sector feels like the time and energy they spent on the labels was for naught? There's also the concern about how do startups roll-out such a label for their tech in the early iteration phase? How do they afford to do the extra work for the label vs. a big company (does this become a regulatory moat?) And let's say we have these labels. Will only consumers with the money to purchase the more expensive equipment that has more privacy and security features buy that one - leaving those who cannot afford privacy and security bad alternatives? On Wed, Oct 11, 2023 at 1:31=E2=80=AFPM Jack Haverty via Nnagain < nnagain@lists.bufferbloat.net> wrote: > A few days ago I made some comments about the idea of "educating" the > lawyers, politicians, and other smart, but not necessarily technically > adept, decision makers. Today I saw a news story about a recent FCC > action, to mandate "nutrition labels" on Internet services offered by ISP= s: > > > https://cordcuttersnews.com/fcc-says-comcast-spectrum-att-must-start-disp= laying-the-true-cost-and-speed-of-their-internet-service-starting-april-202= 4/ > > This struck me as anecdotal, but a good example of the need for > education. Although it's tempting and natural to look at existing > infrastructures as models for regulating a new one, IMHO the Internet > does not work like the Food/Agriculture infrastructure does. > > For example, the new mandates require ISPs to "label" their products > with "nutritional" data including "typical" latency, upload, and > download speeds. They have until April 2024 to figure it out. I've > never encountered an ISP who could answer such questions - even the ones > I was involved in managing. Marketing can of course create an answer, > since "typical" is such a vague term. Figuring out how to attach the > physical label to their service product may be a problem. > > Such labels may not be very helpful to the end user struggling to find > an ISP that delivers the service needed for some interactive use (audio > or video conferencing, gaming, home automation, etc.) > > Performance on the Internet depends on where the two endpoints are, the > physical path to get from one to the other, as well as the hardware, > software, current load, and other aspects of each endpoint, all outside > the ISPs' control or vision. Since the two endpoints can be on > different ISPs, perhaps requiring one or more additional internediate > ISPs, specifying a "typical" performance from all Points A to all Points > B is even more challenging. > > Switching to the transportation analogy, one might ask your local bus or > rail company what their typical time is to get from one city to > another. If the two cities involved happen to be on their rail or bus > network, perhaps you can get an answer, but it will still depend on > where the two endpoints are. If one or both cities are not on their > rail network, the travel time might have to include use of other > "networks" - bus, rental car, airplane, ship, etc. How long does it > typically take for you to get from any city on the planet to any other > city on the planet? > > IMHO, rules and regulations for the Internet need to reflect how the > Internet actually works. That's why I suggested a focus on education > for the decision makers. > > Jack Haverty > > _______________________________________________ > Nnagain mailing list > Nnagain@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/nnagain > --0000000000007d6f800607744c2b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I was at a closed-door event discussing these labels = about two weeks ago (right before the potential government shutdown/tempora= rily averted for now) - and it was non-attribution, so I can only describe = my comments:

(1) the labels risk missing the = reality that the Internet and cybersecurity are not steady state, which beg= s the question how will they be updated
(2) the labels say nothin= g about how - even if the company promises to keep your data private and se= cure - how good their security practices are internal to the company? Or wh= at if the company is bought in 5 years?
(3) they use QR-code= s to provide additional info, yet we know QR-codes can be sent to bad links= so what if someone replaces a label with a bad link such that the label it= self becomes an exploit?=C2=A0

I think the biggest= risks is these we be rolled out, some exploit will occur that the label di= dn't consider, consumers will be angry they weren't "protected= " and now we are even in worse shape because the public's trust ha= s gone further down hill, they angry at the government, and the private sec= tor feels like the time and energy they spent on the labels was for naught?=

There's also the concern about how do st= artups roll-out such a label for their tech in the early iteration phase? H= ow do they afford to do the extra work for the label vs. a big company (doe= s this become a regulatory moat?)

And let'= ;s say we have these labels. Will only consumers with the money to purchase= the more expensive equipment that has more privacy and security features b= uy that one - leaving those who cannot afford privacy and security bad alte= rnatives?

On Wed, Oct 11, 2023 at 1:31=E2=80=AFPM Jack Haverty vi= a Nnagain <nnagain@list= s.bufferbloat.net> wrote:
A few days ago I made some comments about the idea of &quo= t;educating" the
lawyers, politicians, and other smart, but not necessarily technically
adept, decision makers.=C2=A0 Today I saw a news story about a recent FCC <= br> action, to mandate "nutrition labels" on Internet services offere= d by ISPs:

https://cordcuttersnews.c= om/fcc-says-comcast-spectrum-att-must-start-displaying-the-true-cost-and-sp= eed-of-their-internet-service-starting-april-2024/

This struck me as anecdotal, but a good example of the need for
education.=C2=A0 Although it's tempting and natural to look at existing=
infrastructures as models for regulating a new one, IMHO the Internet
does not work like the Food/Agriculture infrastructure does.

For example, the new mandates require ISPs to "label" their produ= cts
with "nutritional" data including "typical" latency, up= load, and
download speeds.=C2=A0=C2=A0 They have until April 2024 to figure it out. I= 've
never encountered an ISP who could answer such questions - even the ones I was involved in managing.=C2=A0 Marketing can of course create an answer,=
since "typical" is such a vague term.=C2=A0 Figuring out how to a= ttach the
physical label to their service product may be a problem.

Such labels may not be very helpful to the end user struggling to find
an ISP that delivers the service needed for some interactive use (audio or video conferencing, gaming, home automation, etc.)

Performance on the Internet depends on where the two endpoints are, the physical path to get from one to the other, as well as the hardware,
software, current load, and other aspects of each endpoint, all outside the ISPs' control or vision.=C2=A0=C2=A0 Since the two endpoints can be= on
different ISPs, perhaps requiring one or more additional internediate
ISPs, specifying a "typical" performance from all Points A to all= Points
B is even more challenging.

Switching to the transportation analogy, one might ask your local bus or rail company what their typical time is to get from one city to
another.=C2=A0=C2=A0 If the two cities involved happen to be on their rail = or bus
network, perhaps you can get an answer, but it will still depend on
where the two endpoints are.=C2=A0 If one or both cities are not on their <= br> rail network, the travel time might have to include use of other
"networks" - bus, rental car, airplane, ship, etc.=C2=A0=C2=A0 Ho= w long does it
typically take for you to get from any city on the planet to any other
city on the planet?

IMHO, rules and regulations for the Internet need to reflect how the
Internet actually works.=C2=A0 That's why I suggested a focus on educat= ion
for the decision makers.

Jack Haverty

_______________________________________________
Nnagain mailing list
Nnagain@= lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain
--0000000000007d6f800607744c2b--