the slippery slope is looking like a cliff
One of the things I've been helping out with at work is the setup for DearAOL.com, an open letter/petition put together by the EFF to oppose AOL's recent adoption of a premium email service. The idea is that users can pay a small premium to have their email bypass spam filters. The spam filters could then be tightened up, and spammers would be dissuaded from plying their noxious trade.
The problem is that this would also affect groups like MoveOn, as well as a vast array of email-heavy businesses. Yes, there are supposed to be one-year exceptions for the MoveOns of the world; no, there are no guarantees. And the basic point made by the EFF — that under this scenario AOL will have a financial incentive to do a poor job maintaining its unpaid-email-spamfilters — seems basically sound to me.
But people seem to have mixed feelings about this initiative. Hurting online advocates would be bad, but spam is pretty bad, too. In a perfect world we'd pay the email toll computationally, donating time to worthy causes through SETI@home-style computing. But botnets make that idea useless.
I'm inclined to agree with something our CTO JP said at work: this issue is more about precedent than the merits of the AOL scheme.
And hey, look! Evidence of the problem: Comcast is screwing up Vonage users' ability to use the product. Surprise surprise, Comcast is rolling out its own VoIP service soon.
This idea is starting to come up more and more — "tiered service" is the term of art, and it's a notion that ISP executives are starting to get pretty excited about. Why not let websites pay for faster service, they say? Heck, they could make iTunes songs download faster than Napster songs, if Apple ponies up the necessary dough. Or they could just block the high-quality streams from video sites unless you paid for their platinum level of service.
It's an electronic shakedown, basically. VoIP is an obvious target for this sort of nonsense. Not because it's bandwidth intensive — if you've ever used a phone happily and a modem impatiently, you know that the bandwidth of a telephonic conversation isn't particularly large. But everyone expects VoIP to be big business (sorry telcos!), and now the ISPs are trying to help themselves to a maximally-sized pie slice.
Well, we shouldn't put up with it. If you paid for something once, you shouldn't have to pay for it again — particularly when the additional price doesn't represent a production cost, but is rather an all-profit tariff. Conveniently, Senator Wyden of Oregon has introduced legislation aimed at stopping tiered service schemes before they have a chance to start. I'd encourage everyone to add their name at DearAOL, patronize ethical ISPs, and, if you have time, send Sen. Wyden a friendly note.
Comments
Question, though... why do botnets make the idea of computational tolls useless?
Do botnets really exist in such massive sizes that there exists no reasonable toll that could slow them down? What about a hybrid approach, one that focuses on handling, globally, massive botnets while slowing the smaller fish with the computational tolls?
I guess what I'm asking is, is this a _feeling_, that botnets render that solution useless? Or have people thought carefully, and quantitatively, about it and found that "no, it won't work?"
I'm not up on the current state-of-the-art in computer security, so this may be a dumb question.
It's a feeling, but I like to think it's an educated one. The point of a computational toll -- any email toll, really -- is to throttle email on the basis of a resource that legitimate users have more of on a per-message-sent basis than the spammers do. Money is an obvious one -- you and I can only write so many emails per day, and could consequently spend more money on each of them.
Computational power seems to be another one. But botnets put massive, parallel computing farms -- sometimes with hundreds of thousands of nodes (reportedly) -- in the hands of spammers. They have much more computational power available than you or I or MoveOn. Their hardware costs are zero (if you don't count the per-machine risk of getting caught).
A computational toll would no doubt put a throttle on spammers, but one that they'd be in a better position to deal with than small entities that need to send a lot of email -- websites that use email for registration and reminders, alumni societies, charities, etc.
I suppose you're right, and we'd have to know the outlines of a specific proposal before we can judge. And I've been told that most spam still does come from rogue datacenters, not botnets. Plus, I'm optimistic that as old, firewall-less OSes like win98 stop being used, botnets will start to fade from existence. But right now I think its chances of hurting the spammers more than the legitimate mass-mailers don't look too good.
also: it's worth noting that smart botnet operators already throttle the rate at which they send out email, in order to avoid detection by ISPs.
The Internet is nothing but a massive communications network designed to move data from one point to another. The goal is to move data from one place to another as fast as possible. Unfortunately since the total bandwidth is limited, you have to try to maximize the throughput given a certain amount of bandwidth. This is what tiered services are really trying to do and what I agree with.
Low bandwidth services like email should try to reduce the amount of data they transmit as spam both in the network sense and the inbox sense. However, computational tolls are idiotic and somehow I recall this being proposed by Microsoft or AOL at one point. Two key arguments against computational tolls were the fact that this places a burden on the bandwidth (email+toll+report that toll was completed+overhead) across a network and the fact that not all devices sending email have processing power to spare (think laptops, pdas, cell-phones, blackberries).
The origin of tiered services stems from research done with QoS (quality of service) routing. Large telcos wanted to implement QoS methods to their packet switched networks to meet the demand for high bandwidth applications (voice and video) where latency was a key problem. Tiered services are a natural progression of this work whereby higher priority packets are now associated with a price.
As for AOLs pricing for unfiltered email, this is analogous because the extra bandwidth (albeit small to one person but big across AOLs network) may be keeping their networks from serving their new broadband content. In the end, AOL has to cater to their customers and I can't imagine someone actually wanting to pay for unfiltered email in this age of "spamblockers". I personally prefer not to receive spam and despite having heavy filtering on my account some still slips through (although I've never had a "valid" source denied...).
If people are scared of tiered services, one could point out that many other services are tiered. For example, airline tickets, concert tickets, DSL service, Jiffy lube, Best Buy warranties, and even the I-66 HOV lane restrictions. To apply the same tiered approach to networks shouldn't really surprise anyone.
My three-fiddy...
I think that's a fair point, Tomas. But I also think there's a difference between QoS and traffic shaping -- which are entirely reasonable things for an ISP to do -- and deliberately crippling functionality in anticompetitive ways.
There already are tiers in the sense you describe -- you can buy different line speeds, connection types, etc. Soon enough I imagine we'll start seeing variable bandwidth caps (some newsgroup services already do this). But taking packet A and charging more for its delivery than for packet B simply because packet A is going to a more successful host/technology/competitor -- that's no good, and it shouldn't be allowed.
"But I also think there's a difference between QoS and traffic shaping and deliberately crippling functionality in anticompetitive ways."
That is true. In fact, there may be some precedent in a case about a decade ago involving AT&T or MCI (i don't have the energy to look it up). I think the case boiled down to one of the local line companies charging a lot more (or barring or hindering, but something to that effect) for AT&T (or MCI) long distance service. The FTC (ok, my memory is vague and someone should correct me if possible) ruled that this was an anti-competitive practice. I believe the result of all this was that a local provider (I'm thinking Verizon) couldn't charge more to the user for selecting a different long distance carrier. I'm assuming this is the kind of practice people want to avoid including myself.
So in a sense we are in agreement Tom (wow!). But (damn!), I don't think AOL's efforts necessarily lead to price gouging (or potentially blocking others from) AOL subscribers. AOL is merely trying to curb spam in the best way possible (at least in their view). I'm sure AOL would be open to any kind of spam filtering technology that benefits both its subscribers and people trying to reach them. Therein lies the technology challenge.
PS: I tend to discourage any legislation that tries to regulate Internet technology or the Internet itself. For one thing, the Internet doesn't belong to the USA so our laws mean just about squat to foreign ISPs (take China for example).
Post A Comment