Ms. Marlene H. Dortch
Secretary
Federal Communications Commission
445 Twelfth Street, SW
Washington, DC 20554

September 1, 2010

Re: Preserving the Open Internet, GN Docket No. 09-191; Framework for Broadband Internet Service, GN Docket No. 10-127

Dear Ms. Dortch,

Throughout the debate over protecting Internet users from harmful discrimination, network operators have simultaneously insisted that enforceable rules are not necessary because they are not engaging in any violations, and that enforceable rules would be harmful because these rules would prohibit current and future business practices. In its August 30, 2010 letter to the Commission, AT&T appears to have stated that it has engaged in widespread paid discrimination in its network. We believe this letter is either purposefully misleading or that AT&T has admitted to engaging in business practices that would have been prohibited by conditions placed on the AT&T/BellSouth merger.

AT&T was subject to merger conditions including an agreement to “maintain a neutral network and neutral routing in its wireline broadband Internet access service...[and] not to provide or to sell to Internet content, application, or service providers, including those affiliated with AT&T/BellSouth, any service that privileges, degrades or prioritizes any packet transmitted over AT&T/BellSouth's wireline broadband Internet access service based on its source, ownership or destination.” If, as AT&T declares in its August 30, 2010 letter, “the substantial majority” of hundreds of customers “purchase paid prioritization,” such arrangements clearly would appear to have violated both the letter and spirit of AT&T/BellSouth merger conditions. The fact that AT&T states that these include businesses that “provide important services to minority communities” raises deep concerns that a paid prioritization regime may be targeting these constituencies in particular.

Given a plain reading of AT&T’s August 30th letter and the harm that paid prioritization targeting minority communities would have, the FCC should investigate AT&T’s current prioritization practices directly and ensure that they are non-discriminatory. If and to the extent that AT&T is engaging in content, application, and/or service prioritization, the Commission should investigate whether such behavior occurred prior to the expiration of AT&T's merger conditions, and whether such behavior violated the conditions and would trigger sanctions against AT&T.

While only a thorough investigation could determine the practices in which AT&T actually engaged, we do not believe at present that AT&T is asserting that it engaged in widespread paid discrimination that would have violated the AT&T/BellSouth merger conditions at the time they were applicable. Instead we believe that AT&T has willfully conflated the widely accepted end user ability to set traffic priorities through the use of DiffServ with paid prioritization of traffic determined by the provider. User defined DiffServ that allows enterprise customers to prioritize certain traffic on their connection is not the same as AT&T establishing priorities and offering fast lanes to specific content and applications companies on residential last mile networks. Even though AT&T’s network may enable those enterprise customers to establish priorities, allowing AT&T to establish the priorities for the customers, instead of those users being able to set their own priorities, is out of character with the way that the RFCs end-to-end traffic prioritization technologies of DiffServ are written. Therefore, we write this letter to clarify current widely accepted network management practices and their implications for the Commission's proposed network neutrality framework.

Carrier dictated paid prioritization for last mile networks is not ‘business as usual.’

Despite AT&T’s claims in its August 30 letter, the practices documented in the letter take place on enterprise connections and middle-mile carrier networks. They have no direct impact on the priority of traffic within end user (last mile) connections. Rather, the RFCs cited by AT&T are framed in terms of enterprise service and are written with enterprise-level customers and SLAs in mind, where the application of the RFCs is a collaborative exercise between the network engineers of the enterprise and those of the carrier. In many cases, carrier practices maintain the lower level network resources and management functions using switching protocols such as MPLS to make end-to-end connections for their enterprise customers. Within these connections, carriers respect Diffserv priority flags established by the enterprise customers for their own incoming and outgoing traffic flows.

AT&T cherry-picks and quotes various sections of RFC 2474 in its letter, but a complete review of that document makes clear that AT&T’s reference to the ability of the [providers] network to control prioritization is a purposefully incomplete interpretation of RFC 2474. While RFC 2474 does state it would be the responsibility of the [provider] network to determine the DiffServ flags and their valid values established by an agreement between the AT&T and their customers, it very clearly states that control over prioritization should be determined by the customer in the last mile network.¹AT&T does not, and likely would not, choose on behalf of its enterprise customers which of their traffic would be prioritized and which traffic would not be prioritized. Most importantly, AT&T presumably strikes no side deals for prioritization with specific content providers to give them preferential treatment over AT&T’s end users' Internet access service connections or competing content providers.

In their letter, AT&T uses RFC 2474 out of context to missleadingly support discriminatory traffic prioritization stating: “Service providers are not required to use the same node mechanisms or configurations to enable service differentiation within their networks, and are free to configure the node parameters in whatever way that is appropriate for their service offerings and traffic engineering objectives.” In fact, Section 5 of RFC 2474 referenced in AT&T’s letter, provides guidelines for evolution of a standard and discusses specific internal mechanism for prioritization practices, not what prioritization practices should be.²The authors of the RFC intended for a standard to be adopted and utilized by all networks allowing for ubiquitous end-to-end user-defined prioritization across multiple networks.

The meaning of “paid prioritization” as understood by most net neutrality proponents as third-party deals by providers with specific content or application providers to receive priority treatment over residential end user Internet access services. AT&T's letter attacks a straw man -- conflating reasonable network management practices with proprietary pay-for-prioritization regimes. As open Internet proponents have made clear, supporting transparent and non-discriminatory network management practices while preventing anti-competitive deals to carve up the Internet into private lanes of fast traffic is a pragmatic and reasonable policy goal.

Enterprise SLAs are not the same thing as third-party paid prioritization.

There are substantial differences in both engineering and policy between an ISP offering and enforcing a service level agreement (SLA) for the carriage of traffic over an enterprise Internet access connection, and an ISP entering into deals with third party content providers to tinker with priority levels within last mile networks ending at customer premise equipment (CPE) in a residential end user's home. AT&T conflates these two very distinct practices in its August 30th letter.

As OTI and other public interest groups, including Free Press, have noted on numerous occasions, allowing network operators to override the priorities set by end users would undermine consumer choice and greatly harm competition and innovation in the markets for Internet content, applications, and services. Further, this would undermine one of the core (though yet to be universally implemented) purposes of DiffServ: to allow end users to determine their own end-to-end priority manually or by end user applications without interference by core network providers.³

AT&T and other network operators have sought to undermine edge-user empowerment by creating prioritization regimes where these network operators, and not edge users, control traffic flow. Such a regime would, by definition, interfere with the choices made by edge users over which applications, content, and services are most important, with profoundly negative implications for free expression and free speech. AT&T’s purpose appears to be to give ISPs the power to give priority to their own content, applications, and service offerings, and to strike side deals with specific Internet companies while ignoring both inter-carrier and user-defined DiffServ flags. It is this form of paid priority - the imposition of prioritization, and the resulting degradation and harm to residential and edge users - that open Internet proponents seek to prohibit. And it is this form of paid priority that AT&T agreed not to engage in as part of its merger with BellSouth and that the Commission proposed to forbid in its notice of proposed rulemaking on rules to preserve the open Internet.

The practices described by AT&T are entirely distinct. Although they involve payment (for the underlying connection and transit service itself), they do not involve end user broadband connections, third parties, or any network operator-imposed prioritization. Prioritization decisions made entirely by end users for their own connections, without discriminatory limitations on applications or services imposed by the network operator, would not be impacted by the network neutrality framework widely supported by public interest groups. AT&T is correct in its assertions that such prioritization is implemented in practice by DiffServ - but AT&T’s letter is hopelessly vague as to the important details. A small or medium-sized business can have many users sharing a single dedicated Internet access connection, and this transit service may share capacity between crucial business customer communications and entertainment videos (for example, from ICanHasCheezburger.com or ESPN.com being viewed by employees on their lunch breaks). At their own discretion, a business may attach DiffServ flags to traffic setting priority to customer communications over the employees' personal video viewing. Per an SLA between the business and AT&T, AT&T would not interfere with these DiffServ flags - its management is limited to maintaining the underlying MPLS network.

Coupled with DPI, DiffServ can be abused in a manner that would violate the proposed rules.

Standard SLA maintenance practices do not violate proposals for network neutrality. As AT&T notes in its own letter, priority signals are likely to be ignored the moment the traffic leaves AT&T's network. The intended purpose of DiffServ is user-driven differentiation of traffic – not discrimination in favor of specific applications or vendors that overrides user choice and expression. DiffServ was not designed to be a tool for network operator-driven, application level discrimination, but rather an option for user empowerment at a networks edge. Perhaps because of this, network operators have never widely installed or used technology to implement user-centric end-to-end priority signals through DiffServ.

Unfortunately, the bits in the IP header field reserved for DiffServ in IP networks can be abused in a variety of ways. For example, a network operator could use deep packet inspection (DPI) technology to identify the application or content originating the traffic, and then assign DiffServ priority levels in end user transit connections without any end user input. However, such behavior was not envisioned in DiffServ’s specifications. In fact, sophisticated deep packet inspection technology was many years away when DiffServ was designed and written. Thus this would be a highly non-standard use of DiffServ, in much the same way that Comcast utilized TCP reset packets to discriminate against peer-to-peer technologies like BitTorrent. Such a use of DiffServ to interfere with the traffic of an individual application would go strictly against the recommendations of the standard.⁴As with Comcast’s use of reset packets, the network operators’ use of DiffServ to discriminate among types of applications, content or services (particularly, in return for monetary or in-kind compensation) is not what the technology was intended for and should be viewed with substantial skepticism.

AT&T deliberately conflates accepted network practices with harmful traffic discrimination.

In their letter, AT&T seeks to use the example of their enterprise customers paying for the ability to voluntarily set traffic priorities through the use of DiffServ to argue that paid prioritization of traffic determined by the provider is a widely accepted network management practice. Rather, the enterprise services they currently permit are quite different from the paid prioritization practices they seek to justify. For the provider, AT&T in this case, to establish priorities for the residential user of last mile networks instead of those users being able to set their own priorities for their Internet traffic, is out of character with the way that the cited RFCs for the end-to-end traffic prioritization technologies of DiffServ are written. As the RFC’s recognize, the most effective place to make those priority assignments is at the edge of the network, where they should be set by the user within the parameters established by an agreement between the provider and the user. Such practices would be consistent with the view of net neutrality held by most of its proponents.

Sincerely,

Josh King
Benjamin Lennett
Sascha Meinrath
Daniel Meredith

Open Technology Initiative
New America Foundation
Washington, D.C.

1“We define the source domain as the domain containing the node(s) which originate the traffic receiving a particular service. Traffic sources and intermediate nodes within a source domain may perform traffic classification and conditioning functions. The traffic originating from the source domain across a boundary may be marked by the traffic sources directly or by intermediate nodes before leaving the source domain.” RFC2475 Section 2.3.4.1, and the same section goes on to talk about how the classification by the source domain is advantageous: “First, a traffic source can more easily take an application's preferences into account when deciding which packets should receive better forwarding treatment. Also, classification of packets is much simpler before the traffic has been aggregated with packets from other sources, since the number of classification rules which need to be applied within a single node is reduced.”

2“The behavioral characteristics of a PHB are to be standardized, and not the particular algorithms or the mechanisms used to implement them.” RFC2474 Section 5

3“Marking is performed by traffic conditioners at network boundaries, including the edges of the network (first-hop router or source host) and administrative boundaries.” -RFC2474 1

4“It is RECOMMENDED that PHB implementations do not introduce any packet re-ordering within a microflow.” - RFC2474 Section 5, where RFC2474 defines a microflow as “a single instance of an application-to-application flow of packets which is identified by source address, destination address, protocol id, and source port, destination port (where applicable).”