Net Neutrality: BEREC misses opportunity to lead the way
In November 2015, the European Union adopted the Net Neutrality Regulation (2015/2120), which contained a number of compromises that needed clarification. The Body of European Regulators for Electronic Communications (BEREC) was given the task of developing implementation guidelines to ensure a consistent application of the Regulation throughout Europe and, in practice, settle the remaining ambiguities of the adopted Regulation. After a public consultation to which almost half a million citizens responded and demanded strong net neutrality, BEREC adopted the guidelines in August 2016. The outcome of this process was a legal framework with robust and clear protection for net neutrality, which was applauded all around the world.
The fight for net neutrality in Europe did not, however, end there. The National Regulatory Authorities (NRAs) in the Member States of the European Union (EU) and European Economic Area (EEA) must now enforce the Regulation to ensure that all end users – consumers as well as Content and Application Providers (CAPs) – enjoy the full benefits of net neutrality.
The net neutrality landscape and the challenges faced by NRAs varies greatly throughout the 31 EU/EEA countries, but there are number of common tasks that all NRAs will have to consider. An example is certification of monitoring systems (software) for detecting possible net neutrality violations and empowering users to find out the actual speed of their internet connection.
In March 2017, the BEREC Net Neutrality Working Group invited stakeholders to present their views on measurement methodology and net neutrality supervision tools. At the stakeholder meeting with end-users and CAPs on 14 March 2017, EDRi was invited and represented by EDRi members epicenter.works (Austria) and IT-Pol (Denmark). The message from EDRi to BEREC was clear: the net neutrality measurement system in Europe should be based on open data, open source software and open, peer-reviewed methodologies, to ensure the full transparency and trustworthiness of the measurement results. Measuring internet quality was for a long time an area with just a few, mostly outdated and complicated software solutions. The mandate of NRAs to certify such software is a huge opportunity to combine forces and create a professional measurement system that not only solves this common problem in Europe, but also around the world. By opening up the data pool of measurement results, the regulators would invite independent researchers, consumer protection organisations and civil society to look for potential net neutrality infringements and create a better understanding of the internet in Europe.
Citizens should be encouraged to measure their internet connection as often as possible. This would allow them to test if they actually get the contractually agreed internet speed, and if their provider is tinkering with their connection by blocking or throttling applications they are using. Creating such measurement system would have the added benefit of respecting European data protection standards, by respecting informed consent and minimising information that can identify individual users, such as IP addresses.
At the stakeholder meeting, EDRi also pointed out the importance of securing funding for independent civil society projects like Respect My Net, where citizens can report cases of net neutrality violations and see reports of possible violations from other end users. Projects like this are necessary because net neutrality violations often go unpunished by the regulators. Besides the comments presented in the meeting, EDRi also submitted a written stakeholder response (pdf) to the BEREC Net Neutrality Working Group.
On 7 June 2017, BEREC presented a draft document on Net Neutrality Regulatory Assessment Methodology for public consultation. This document was published more than a year after the Net Neutrality Regulation went into effect and it is underwhelming, to say the least. EDRi member epicenter.works submitted a consultation response, supported by EDRi members IT-Pol and Access Now, as well as EDRi observer Xnet.
On some technical matters, the BEREC draft document gives a lengthy explanation of basic principles of network measurement. However, on the important points of collaboration between regulators, BEREC holds no position. It proposes no common solution for measurement software, it does not recommend an open source or open data approach which would allow inter-operability, and it does not even acknowledge that NRAs should certify any measurement software at all. This indicates that opinions between Member States vary greatly and that there was no easy consensus. However, the consensus on a measurement methodology cannot be harder to find than on net neutrality. It is BEREC’s role to lay out a path for collaboration between regulators. To quote the current Chair of BEREC Sébastien Soriano:
BEREC [is] expected to be an important part of the process for identification of solutions to problems and would be unsympathetic to those who offered only excuses for inaction.
On some other matters, BEREC is choosing a technical solution which is even turning a blind eye towards a common problem for many internet users – congestion. In the draft measurement methodology BEREC is proposing to measure speed only with multiple HTTP connections to a single test server located in a national internet exchange point (IXP). This setup is inadequate for finding possible net neutrality violations since multiple HTTP connections are less likely to show congestion issues. Also, using a single server means that some Internet Service Providers (ISPs) can easily prioritise the traffic to this server. This illegal type of traffic management has been documented by some ISPs in the past and would undermine all measurement efforts if it were allowed to continue.
The draft document from BEREC mentions that NRAs are not required to establish or certify a monitoring mechanism, and that a certified monitoring mechanism will not be available in some Member States. While the Regulation does not formally establish an obligation for NRAs to certify measurement software for end users, there is a clear obligation to closely monitor and ensure compliance with Articles 3 and 4 of the Regulation. This task will be very difficult to accomplish if the NRA cannot receive reliable input from end users due to a lack of certified monitoring mechanism or software. Without measurement software, the public is blind towards potentially illegal traffic management practices and consumers are stripped of their right to exit contracts where the ISP is not delivering the promised speed. In light of the need to measure the general quality of internet access services (IAS) in Europe, in order to make sure that specialised services do not deteriorate the quality of the IAS, it would be vital to establish a historic data set. This is particularly necessary before the rise of 5G prompts new specialised service experiments by telecom operators.
Rather than simply pointing out that the Regulation does not formally require a certified monitoring mechanism, BEREC should more actively encourage NRAs to co-operate in developing certified measurement methodologies. If all NRAs work on developing their own software, a lot of work is likely to be duplicated, and there will be no comparability of the different subsidiaries of the big telecom companies in Europe. The smaller Members States would benefit greatly from such a cooperation between NRAs, and BEREC is the natural forum for coordinating this activity.
EDRi: Net neutrality wins in Europe! (29.08.2016)
Written response to questions for BEREC stakeholder meeting with representatives of end-users and CAPs (14.03.2017)
Respect My Net
Draft Net Neutrality Regulatory Assessment Methodology, BEREC (07.06.2017)
Consultation response to BEREC on Draft Net Neutrality Regulatory Assessment Methodology, submitted by EDRi member epicenter.works (05.07.2017)
(Contribution by Thomas Lohninger, EDRi member epicenter.works, Austria and Jesper Lund, EDRi member IT-Pol, Denmark)