Home
 » Editorial Article » 
Sponsored

ISP Association on the Risks of Brexit, DoH and UK Full Fibre Targets

Monday, September 16th, 2019 (12:01 am) - Score 2,585
andrew glover

Andrew Glover, Chair of the UK ISPA, has told ISPreview in a new interview that a no-deal Brexit could harm both the industry’s supply chain and access to a skilled workforce. Glover also warns that DNS over HTTPS (DoH) raises a “host of security concerns” and says “considerable regulatory change” is needed to hit full fibre targets.

The Internet Service Providers Association (ISPA), which was first formed all the way back in 1994, is the industry’s main trade association for providers of broadband, mobile, web hosting and other internet services in the United Kingdom. As part of that it not only promotes constructive collaboration between some 200+ members but also holds them to a code of practice and engages with Government and Ofcom to help shape future policy.

Andrew Glover is the current Chair of the ISPA and was also instrumental in founding both the EuroISPA and the Internet Watch Foundation (IWF). On top of that he runs three smaller ISPs – Bridge Fibre, Air Broadband and Connect Fibre – so has plenty of hands-on experience of both business and residential delivery, as well as infrastructure building.

Suffice to say that we were keen to get Andrew’s opinions on some of the industry’s most pressing challenges and right at the top of our list was everybody’s favourite topic – Brexit. On this Andrew doesn’t mince his words and warns that a no-deal outcome would be a problem for the industry, not least in terms of “maintaining access to a skilled workforce and the impact on supply chains.”

If Boris Johnson wants to live up to his commitment of rolling out full-fibre broadband nationwide by 2025, then a no-deal Brexit will inevitably make this harder,” said Andrew. Speaking of full fibre (FTTP), Andrew added that the current targets cannot be delivered by the industry alone and require the Government’s “full commitment … [and] considerable regulatory change, to wayleave legislation, fibre taxes and planning laws” etc.

However Brexit isn’t the only contentious area for the ISPA to be dealing with and lately one of their most controversial stances has been toward the rising adoption of DNS-over-HTTPS (DoH), which is a technology that encrypts DNS requests (i.e. turning IP addresses into human readable domain names like ISPreview.co.uk and back again).

Many people across the internet see DoH as a way of reducing their ISPs (and Governments) ability to snoop on and censor (filter) their online activity. On the flip side third-party DoH solutions can also break other systems deployed by ISPs. Suffice to say that the ISPA’s initial decision to label Mozilla an “Internet Villain” for their pro-DoH stance was negatively received by all except a fair few ISPs and politicians (here).

Nevertheless Andrew remains unapologetic. “[The] privacy improvements offered by DoH are often overstated and the protocol presents a whole host of security concerns,” said Andrew. “The UK Internet industry upholds high standards of safety and security and DoH must not subvert this … ISPA are adamant that DoH must not be introduced by default.”

The full interview covers various other subjects and adds more detail to the above topics. See below.

The Interview

1. I’m just going to jump right in at the deep end here and ask, in your understanding, what sort of measures or changes have ISPs had to make as part of preparations for an as yet uncertain agreement around Brexit? In keeping with that, would “no deal” be a bad outcome from the perspective of ISPs?

ANSWER:

Our biggest concerns regarding a no-deal Brexit have always been about maintaining access to a skilled workforce and the impact on supply chains. The Government’s commitment to maintain the rights of EU nationals in the UK even in the event of no-deal are welcomed. But in reality no one really knows what a no-deal Brexit will look like, and it could potentially disrupt this agreement and cause a huge amount of uncertainty.

We want to make sure that there is clarity from Government that our members will continue to have access to high-skilled workers from the EU, and that the rights of existing EU workers in the UK are protected. In addition, there is the potential that a no-deal Brexit which is damaging to the UK economy means that there will be less public funding to commit to big technological infrastructure projects.

If Boris Johnson wants to live up to his commitment of rolling out full-fibre broadband nationwide by 2025, then a no-deal Brexit will inevitably make this harder.

2. Consumer internet provision is a very low margins business and lately we’ve been getting the impression that smaller ISPs are finding it increasingly difficult (i.e. cost and technical challenge) to adapt to some of Ofcom’s new regulations (e.g. the new system of automatic compensation for broadband faults/delays and the latest broadband speed code of practice).

As a result very few smaller providers have joined the regulator’s voluntary schemes. Are you aware of any concerns around those systems from smaller providers and, if so, what do you think needs to change in order to bring them on-board?

ANSWER:

ISPA has a large and broad membership and we see ourselves as having an important role in representing the interests of smaller ISPs when talking to policymakers and regulators. We help smaller members understand compliance requirements by providing initial information and guidance on certain areas but keeping abreast of the increasing demands from Government and regulators is a challenge.

We have long called for a proportionate approach to enforcement and this has led us to the situation today where some rules and regulations tend not to fall on smaller ISPs, this includes data retention obligations and age verification blocking.

Smaller ISPs can struggle to adopt some voluntary or regulatory initiatives as you highlight, with some of the biggest challenges being cost (such as speeds code of practice) and resources. We are working on “best practice” guides in a number of areas that should enable our members to aspire to join these voluntary schemes.

3. At present it’s often still a slow and tricky process for people to switch their telephone number away from a fixed line phone service and on to a VoIP / SIP platform. Indeed sometimes doing this can even result in an active broadband line being ceased.

Going forward the rise in full fibre and broadband-only services is likely to drive a more aggressive shift away from traditional phone services. We’ve heard that Ofcom, the OTA and ISPs are working to come up with a better solution.

Can you tell us how much progress has been made on this and how long we might have to wait before it’s ready?

ANSWER:

We are still in the early stages of this process. People from across the industry have recognised that it will be important to solve this now as we need to make switching across infrastructure as easy possible. The upcoming European Electronic Communications somewhat sets a deadline for this but the complexities of getting switching right shouldn’t be underestimated.

4. The recently approved and highly controversial new EU Copyright Directive, which was supported by the UK Government, looks set to bring about a worrying culture of automated internet content filtering and restrictions upon the sharing of news.

Despite Brexit it looks likely that this or a similar form of the same policy may eventually find its way into UK law. If that happens then what position will the ISPA be taking and how should the UK Gov approach adoption of the arguably more controversial elements?

ANSWER:

Ultimately, UK providers need to comply with UK laws. That doesn’t mean that ISPA is in favour of extending blocking and filtering regimes, but we do need to recognise that the UK Parliament and Government have set the UK on a path that is somewhat different to some other Western Democracies.

We are not the only country going down that route and Germany, for example, has a similar discussion, and we are actively trying to make any attempts to block or filter the internet as proportionate as possible, not just for our members but crucially internet users.

As a minimum, we believe that any such process should be standardised and be founded on Parliamentary approval or a court order. Our members don’t want to be judge and jury and having an independent authority would help to ensure new blocking regimes would be proportionate, subject to legal requirements, follow due process and would avoid situations where ISPs are asked to block websites on a voluntary basis.

Flick over to page 2 for more..

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
19 Responses
  1. Avatar Ferrocene Cloud

    Any credibility is lost by claiming DoH is such a bad thing and negligible for privacy. There’s a reason the ISPA was widely mocked. Can you imagine the reaction if they said HTTPS should be disabled so they can keep everyone safer by MITM scanning web pages to filter them, and that it doesn’t do much for privacy anyway? This all reads as an attempt to poison the well, literally arguing that something that increases security and safety does the exact opposite.

    While in of itself I couldn’t find anything for definite, I would bet I could make accurate assumptions about peoples’ lives by looking at DNS records. Are they experiencing health problems, debt, divorce, and so on. If I can reasonably infer these things, then that makes it sensitive. And if it’s sensitive then it needs to be private.

    If your censorship plan relies on DNS, then your plan is shit, and you should be embarrassed for using such an incompetent solution. The exception would be in the corporate world where this can all be locked down and controlled, and as a component of security policies.

    I suspect the real reason for the ISPA’s stance is that standard DNS filtering is a system that appeases the British government without requiring much in the way of resources, and that if requested it’s easy to capture the DNS requests if required by law enforcement. Widespread DoH means they have to spend a lot more resources to try to comply.

    And I’d actually respect the reasoning if they said that this would increase the cost pressure to comply with legislation. I wouldn’t agree with it, but it would be an honest reason. Bullshit about how security and privacy actually are danger and insecurity is something Orwell would be proud to have included in 1984.

    • Avatar CarlT

      You have to connect to the server. In most cases that means a digital certificate exchange so that it can prove who it is. You read that, and they have to by law, you have the same information anyway.

      Given the UK has already implemented DNSSEC extensively the guy is spot on.

      If people really value their privacy so much never accepting cookies from anything, ever, or resetting them every time they open a new browser session, using a VPN to an endpoint they know isn’t logging anything and whose upstream provider doesn’t log anything, never using social media or a variety of other websites full to the gills of behavioural analysis or logging into anything that offers to cross-authenticate you to other sites would be a good start.

      Still he knows nothing. DoH is the panacea.

    • Avatar Ferrocene Cloud

      Who said DoH is a panacea? It’s not, but arguing that increasing security decreases safety and privacy is insane. The arguments against it, especially data protection of all things are ridiculous. How is the data protection any different than conventional DNS? The entire point of DoH is to protect the confidentiality of the data in transit. Claiming to uphold high standards in security and safety by demanding reverting to an unencrypted connection is oxymoronic. Or maybe just plain moronic.

      Remember, the entire context of this is coming from the IPSA labelling Mozilla an Internet Villain for their implementation of DoH, which lead to widespread ridicule. The exact words being “for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK”.

      About the only criticism I’ll say is that Mozilla should be enabling DoH by default and attempting to use the OS DNS server instead of defaulting to Cloudflare. If the OS DNS server doesn’t support DoH it should inform the end user and allow them to make a decision based on that.

      Saying there’s room for improvement is one thing. Saying how doing something in a more secure way is less secure? Yes, that does make you lose credibility.

    • Avatar CarlT

      Filtering can certainly be done without DNS. Just means running everyone through proxy farms and snooping HTTPS. Once TLS 1.3 kicks in it then means IP blocking.

      DNSSEC isn’t too bad. DoH I’m not fond of – taking DNS out of the OS layer and handing it to applications doesn’t make me feel the love. It breaks some load balancing techniques and makes it harder to keep connections local, too. Most of the content delivered is via CDNs, this tech potentially breaks that.

      Also kinda strange that when decentralisation of the Internet is ‘a thing’ people are so delighted by the prospect of having their DNS sent to Cloudflare by default.

      I’ve nothing against DNS per se but making it default and running it this way doesn’t appeal.

      I would assume and hope the ISPA issue was with it being made a default rather than its existence as a whole – they took up the issue with Mozilla for implementing it that way not the IETF for designing it.

    • Avatar New_Londoner

      The purported security privacy benefits of DoH are limited. Any app, not just browsers, can select it’s preferred resolver irrespective of the wishes and settings of the users. This allows malware to work with reduced risk of detection – some malware has already been found using DoH.

      From a privacy point of view, using the default Firefox settings redirects all of your DNS traffic to Cloudflare, helpfully putting it within reach of the US authorities without the need to obtain a warrant. You of course lose any GDPR protections.

      Yes some of Mozilla’s policies on DoH, updated after the ISPA nomination, have definitely improved and at least acknowledge that things like parental controls, malware filtering and corporate policies exist that they need to work with. However any other app on your device using DoH has no obligation to operate similar policies.

      The same applies to hardware when DOH is implemented in it. For example, Chromecast already tries to access Google’s DNS irrespective of any user preferences and I expect this will likely move to DoH in the future.

      You can of course ignore all this and decide to blindly trust US tech companies to respect your privacy and security – what could possibly go wrong!

  2. Avatar Marty

    Again with the risks based on hear say conjecture and speculation without any evidence to support it. Unless you watch the BBC during the vote and after where it appears magically out of thin air. THERE IS good and bad points on both sides. Just get it over with.

  3. Avatar Phil

    DNS can be secured and encrypted using DoT DNS over TLS, it doesn’t need DoH.

    The real issue is that DNS requests are being redirected by default to someone else.

    Before DoH, Mozilla corporation would not know what web pages a person was visiting, unless they had code that forwarded every page visited to their own servers, but this would have been seen as a huge infringement of privacy and they would be slated for it, and quite rightly so.

    Now, under the guise of “security”, Mozilla are redirecting DNS requests to their contractors who log every website a person visits, and some people are applauding them for that.

    It doesn’t need DoH defaulting to Mozilla for a secure DNS system, we had options for that for some time, but Mozilla obviously feel they themselves need it.

    • Avatar New_Londoner

      DoT gives the user a much better solution than DoH as it remains under user control, can be disabled if required, much like a VPN. Ceding decisions on security from the user to apps in the way that DoH does seems like an incredibly risky thing to do given the extensive history of privacy abuses by tech companies.

  4. Avatar anon

    Andrew is a good reminder of why everyone should die at 30 like in Logan’s Run.

    • Avatar New_Londoner

      @Anon
      Your post is an unintended example of the benefits of minimum age / maturity requirements for posters. If your best retort to the points made in his interview is that he should die then you’d be advised not to share them with the rest of humanity.

    • Avatar anon

      @New_Londoner

      My comment isn’t aimed at him personally. Just that humans dying at 30 like in Logan’s Run would prevent them from becoming power hungry and corrupt.

      Maintain the harmony.

  5. Avatar t0m5k1

    The bureaucrats will continue to shout that DoH/DoT is bad, some of the inept public will even agree but in the end they’re all wrong.

    DNS needs more that DNSSEC and if you think DNSSEC is all you need then you woefully do not understand what it provides and why we still need more secure transport.

    DoT is great and will be made better when eSNI is implemented. No network can be trusted these days and the less that is seen on the wire un-encrypted the better.

    All of this is tied to Gov. officials stating encryption is bad.

    • Avatar New_Londoner

      I agree that DoT + DNSSEC is an excellent combination, encrypts the content (DoT) and gives confidence that the response is correct (DNSSEC). Adjustments will be made to allow CDNs to works correctly, especially when eSNI is added to the mix.

  6. Avatar beany

    A remoaner… check
    Dislikes privacy… check
    runs three smaller ISPs – Bridge Fibre, Air Broadband and Connect Fibre… check

    Answer.. AVOID and ignore anything he has to say or run.

  7. Avatar Spurple

    You lost me at “remoaner”. Why do you have to moan about this subject on this thread?

    • Avatar beany

      If you do not know the difference between what a ‘singular’ moan on a subject/person from me is and what is a ‘continual’ moan on a subject, from person/s that did not get the outcome they desired is, then i am not surprised you are lost.
      Perhaps you could “re-read” a dictionary to help.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £21.00 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited (FUP)
    Gift: None
  • Post Office £22.90 (*37.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2555)
  2. FTTP (2301)
  3. FTTC (1688)
  4. Building Digital UK (1628)
  5. Politics (1463)
  6. Openreach (1445)
  7. Business (1277)
  8. FTTH (1132)
  9. Statistics (1120)
  10. Mobile Broadband (1071)
  11. Fibre Optic (987)
  12. Ofcom Regulation (933)
  13. Wireless Internet (932)
  14. 4G (927)
  15. Virgin Media (876)
  16. EE (607)
  17. Sky Broadband (602)
  18. TalkTalk (588)
  19. Vodafone (543)
  20. 3G (418)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact