[Cryptography] Why mobile and consumer ISPs shouldn't censor encryption or the net

John Gilmore gnu at toad.com
Wed Nov 19 20:31:04 EST 2014

> ...this was port 25 on Cricket
> Wireless, a prepaid mobile subsidiary of AT&T, i.e., a consumer
> network without static IP addresses or mail servers.
> http://arstechnica.com/tech-policy/2014/11/condemnation-mounts-against-isp-that-sabotaged-users-e-mail-encryption/
> Blocking port 25 on consumer networks to prevent outgoing spam, with
> real mail submitted on port 587 with authentication, has been an ISP
> best practice for over a decade. 

I want to explore two of the assumptions in the above, that seem to be
decisive for some people in the debate:  "mobile" and "consumer".

The theory seems to be that in a "mobile" Internet provider (that is,
one run by a cellphone company), more censorship is justifiable.  And
that in a "consumer" Internet provider, like one that sells
residential DSL or cable service, more censorship is justifiable.  In
this theory, an uncensored Internet should only be available to end
user nodes that are servers and backbone ISPs, because they can be
trusted to handle it, and they have the bandwidth to deal with the

Let's talk about "consumer" first.  The Internet is a peer-to-peer
network.  That has always been its strength, and one of the big things
that distinguished it from the "master/slave" networks that preceded
it like IBM's RJE, SNA, public networks like Telenet and Tymnet, and
early computer communication services like MCI Mail, CompuServe and
The Source.  The Internet started with every peer able to talk to
every other peer, with no nodes relegated to mere "clients" or
"consumers".  TCP is designed to make a working connection even if
both nodes simultaneously and spontaneously reach out to each other,
as opposed to having a "server" side lying in wait and a "client" side
initiating connections.  New applications and protocols such as
multicast, instant messaging, VoIP, video conferencing, distributed
source code control systems like git, Mobile IP, BitTorrent, Kademlia,
federated social networking, and many others, including the Web which 
was invented dozens of years after the Internet, depend on this
peer-to-peer behavior.  When address exhaustion and NAT threatened
peer-to-peer since the 1990s, the network evolved to continue offering
peer-to-peer support, including IPv6 as the big fix, plus UPNP, NAT
Traversal, dynamic DNS, supernodes, and other NAT circumvention

In a peer-to-peer network it doesn't work to designate some portions of
the network as "consumers" or "clients" who don't get full access, and
other portions of the network as "providers" or "servers" who do get
full access.  Servers can be placed anywhere in the network, and
frequently are placed on "consumer" networks.  For example, in the
homes of engineers or entrepreneurs, in consumer Network Attached
Storage boxes, in ethernet video cameras, and even in flying $500
quadcopters.  Consumers (e.g. people) should have all the same rights
on the network as providers (e.g. websites).  Consumer devices
(e.g. tablets) should have all the same rights on the network as
provider devices (e.g. data center servers).  A device's location on
the network is not and should not be relevant.  Many of the most
transformative innovations have come from individual consumers like
Bram Cohen or Linus Torvalds who created new protocols that run at the
edge of the network (BitTorrent and git).

Now let's talk about "mobile".  The theory is that mobile networks
somehow should get more authority to censor or block traffic, because
they have less total bandwidth available, or because their endnodes
are "only" cellphones, or for reasons like those.  Those arguments are
largely specious, too.

First, cellphones have evolved into full blown pocket computers, and
there are more of them in the world than there are desktop computers.
If the broad social move from desktops to pocket computers means that
their billions of users get fewer rights and capabilities than they
had in the previous generation, there's something rotten at the heart
of that theory.  EFF was founded more than 20 years ago to counter
exactly this kind of creeping removal of well accepted civil rights
via technological change.  Cellphone users should have all the same
rights against censorship and rights to encrypt their transmissions,
as desktop computer users and as server operators.  Software that runs
as a mobile "app" should have the same rights on the network as
software that runs as a Linux desktop "package".  And by the time when
our cellphones shrink to run in our wristwatch, our eyeglasses, or in
our bloodstreams, our always-on network should not deprive us of
rights that we had back in the day when we had to unpack our computer
from a bulky suitcase.

Second, it is easy for "mobile" networks to provide connectivity to
full blown desktop computers or servers.  USB mobile dongles are
readily available and cheap.  Mobile-based WiFi hotspots are readily
available and cheap.  The endnodes that connect to such hotspots, or
use those dongles, should get no worse censorship and encryption
policies than when they connect to a hardwired WiFi hotspot or to an
Ethernet cable.

Third, telephone companies are now actively claiming that they cannot
affordably provide wired communications services, so they are asking
regulators to be able to withdraw wired services and offering ONLY
"mobile" networks to their customers in entire regions.  This got the
most press coverage after East Coast floods destroyed wired
infrastructure, but it is a covert nationwide strategy and every day a
telco petitions a government somewhere to eliminate the telco's core
requirement to provide wired service to every customer who wants it.
So not only do "mobile" users in those regions become second-class
customers, but EVERY user in those regions becomes a second class
customer.  If every user gets a more-censored Internet in this
transition, we're back to the dystopia of technological evolution and
telco manipulation destroying the valuable and important civil rights
that we all once had.

Fourth, let's examine the "low bandwidth" theory.  In many places on
the earth, 3G and 4G and 5G mobile bandwidth exceeds the readily
available bandwidth from wired Internet providers.  DSL lines only
reach tens of thousands of feet from a central office, relegating
rural home users to dialup modems or satellite or other wireless
feeds.  Yet mobile cellular networks in rural areas often cover large
geographical areas that hold few subscribers.  This means that each
subscriber gets a correspondingly large share of the total available
bandwidth of the cell site, often making mobile cellular the highest
available end user bandwith network.

Fifth, even where wired networks offer higher bandwidth than mobile,
the absolute bandwidth offered on mobile networks today vastly exceeds
the bandwidth that was available just a short time ago.  The original
ARPAnet's backbones were 56 kilobit/sec leased lines, as were the
original high speed ISDN Internet connections offered in the 1990s.
When the NSFnet took over from the ARPAnet, it ran on big 1500 kilobit
(1.5 Megabit, T1) backbones.  Almost every server in the mid-1990s had
no better connection to the Internet.  The NSFnet was later upgraded
to a T3 (45 megabits) backbone, roughly the downstream speed of
today's consumer cable modem -- but that was enough for the entire
North American continent.  Most initial Internet users were on 14.4
kilobit dialup modems, eventually rising to 56 kilobit dialup.  When
the telco monopolies were forced to allow entrepreneurs to change the
signalling on the last-mile wire to your telco central office, ADSL
lines that ran a whole megabit or more (in one direction) became
cheaply available to consumers and ordinary businesses.  So getting
back to the "mobile" theory, if your server is perfectly happy on a
1.5 megabit connection, why should you should get your access
censored, your encryption blocked, and your application choices
limited, depending whether your connection is a T1 line or a "mobile"

Sixth, after natural or man-made disasters, wired connectivity is
often destroyed, flakey or unavailable.  Mobile networks are much
quicker to repair after a flood, war, or earthquake, and may not go
down at all.  For the resilience of our infrastructure, which includes
Internet services and not just backbone connectivity, end users should
be able to switch both their "clients" and their "servers" onto
whatever networks are functioning, at any time.  A company that runs
its own mail server should not have mail delivery fail, or refuse
encryption, because it was wise enough to provision itself with backup
connectivity via a mobile network.  If after a tornado you put your
web server on port 80 on a mobile network while running the server on
battery backup, the cellphone company should not censor it.  In disasters
the network has to be flexible, not rigid and coercive.

All these theories about why it's OK to censor Internet access, block
certain services based on the whim of the ISP, and prevent end users
from encrypting their traffic, come at their root from the monopoly
nature of the underlying access media.  In the heyday of the Internet,
before these monopolies learned how to manipulate the regulators to
prevent it, the monopolies were prohibited by law from telling you
what phone numbers you could call, what ISP you could dial into, what
protocols you could run over that modem, or who in the rest of the
world you could communicate with.  The telco couldn't stop you from
calling the Internet -- much as they dearly would have loved to --
because they were a common carrier.  And if your ISP developed crazy
ideas about censorship, you could just dial into another ISP who had
policies that suited you -- or start your own ISP and attract
customers who like having full rights and freedoms.  I did exactly
that in the 1990s, when the available ISPs told me that I as a
"consumer" couldn't split down and share my net connection with
anybody else.

The heart of today's "network neutrality" issue is that by falsely
conflating the underlying broadband access media with "the Internet",
and then deciding to leave both free of regulation, the regulators
have abandoned that prohibition on discrimination.  The FCC now allows
the regulated monopolists to decide who you can talk to and what you
can say to them.  The fix is not to regulate the Internet.  The fix is
to regulate the underlying broadband access media -- the phone wiring,
cable wiring, fibers to your house or neighborhood, and wireless
infrastructure -- while preventing the infrastructure companies from
forcing you to choose a particular "Internet" provider over that
access medium.  Thus over your cable modem you could buy Internet
access from any of a dozen providers; over your cellular phone you
could buy Internet access from the same dozen.  The signals would be
carried over a different medium, but neither the cable company nor the
cellphone company could dictate which ISP you must use or on what
terms you must access the Internet.

We see this problem again and again in different corners of different
issues, including this "anti-spammers versus consumer privacy" issue,
but it's really the same issue.  The access providers don't want to be
common carriers who are obliged to carry all traffic for everyone --
because there's more money in getting a government granted monopoly
and then being able to selectively sell access to that region,
piecemeal, to the highest bidders.  Like Comcast deciding that it
won't take Netflix's traffic unless Netflix pays extra.  Like T-Mobile
deciding that you can't access http://mpp.org from your phone (try it)
because it publishes about the politics of drugs, and "drugs are bad".
And like spam-weary ISPs deciding that you can't encrypt your email
transmissions because it would make their particular choice of
ineffective antispam measures even more ineffective.

	John Gilmore

More information about the cryptography mailing list