ISP Association on the Risks of Brexit, DoH and UK Full Fibre Targets
5. Increasingly politicians appear to be introducing measures that aren’t particularly workable and may potentially even be damaging to how people normally use or interact with the internet / online content (e.g. the often technically unworkable aspects of GDPR’s cookie policy, Article 13 [now 17] in the EU Copyright Directive and Age Verification / blocking for adult websites).
We get the sense from these that politicians often don’t understand how such networks and technologies work, thus failing to comprehend the full ramifications of their changes. We similarly get the sense that they aren’t listening or adapting enough to what the industry has to say on such issues.
Does the ISPA feel as if they’re being heard and concerns acted upon when raised, or do you think there is indeed a growing culture of wilful ignorance?
ANSWER:
In some ways there is a slight inevitably about this – as the Internet and technology became mainstream, politicians and others will look to regulate in what they see is in the interests of the public. Every few years witnesses a new approach to internet regulation and the most recent is the Online Harms White Paper that is set to establish a regulator for online harms.
The White Paper touches on a number of the challenges around internet regulation, such as the limitations on blocking and filtering, enforcement and jurisdiction and what constitutes a harm. Any changes to policy in this area should be targeted and specific to address a clear problem. The delay in implementing age verification shows the challenges in introducing new policy.
Politicians are only likely to continue to seek to regulate more so it’s important for industry and others to actively engage in these discussions to make for more informed and realistic policy. This is something ISPA regularly does and will continue to do.
It would be great to see politicians improve their understanding of the Internet and technology, but equally it needs industry and the technical community to improve how it understands policymakers’ concerns and intentions. As such we offer to meet with MPs, government and regulators on a regular basis and as early in the process as possible such that we can provide background information to help inform their thoughts before it gets to policy – however, the culture of sound bites and knee-jerk reactions are not a new phenomenon in politics.
6. You touched above on the new Online Harms White Paper, which appears to mark a significant shift toward a much more censored internet, where everything from fake news to hate speech and conspiracy theories could, at an extreme, end up being either removed at source or blocked by a broadband ISP.
The rules will focus upon major social networks (Facebook, Twitter etc.) but could also target smaller file-hosting sites, online forums, messaging services and even internet search engines. Smaller sites may struggle to implement effective filtering due to cost and limited human moderation resources (e.g. individual blogs are run by people who simply aren’t awake 24/7 to monitor such things).
One difficulty here is that there can be different interpretations of what is or is not “fake news” and some of the other content category definitions are similarly ambiguous. Suffice to say, many fear that in the race to protect internet users and children from harm we might ultimately sacrifice freedom of speech and expression. What are your thoughts on the recent proposals?
ANSWER:
UK ISPs have played a prominent role in supporting the online safety agenda for many years and acknowledge the importance of the Government’s ambition to make the UK the safest place to be online which underpins the Online Harms White Paper. There are, however, some areas of the White Paper that we have concerns about as they are currently expressed.
You mention the gulf in the resources of large social networks and small websites – this reality must inform the online harms regime. In our response to the consultation, we consistently emphasised the importance of proportionality, both in terms of scope and enforcement requests.
The UK Internet industry has great breadth and diversity and we suggested that services and business models where there is no, or very limited, associated harm to users should not be included in the scope. Furthermore, the size of companies must be taken into consideration to ensure that the regulatory burden is not too great for smaller businesses and start-ups. It is vital that this regulation does not undermine the UK’s position as a world leading digital economy and does not deter innovation and investment.
You are right to highlight the ambiguity of language used to describe harms in the White Paper and the dangers this poses to freedom of speech. The Government must clearly define the concept of ‘harm’ used in the regime and it should be founded on clear, transparent and evidence-based principles.
Similar transparency must be applied to the process for deciding which harms are in scope and such decisions should be subject to consultation. Here the importance of proportionality comes to the fore again – it is vital that the response to different kinds of harm is proportionate, consistent and targeted. The whole regime must be underpinned by a robust system of checks and balances, including a mechanism for appeals against the regulator, to uphold freedom of speech and expression.
7. In keeping with the above, Government politicians are known to be concerned about the future adoption of DNS over HTTPs (DoH) technology. At present ISPs usually control their own Domain Name Systems (DNS), but the new encrypted DoH solution can be managed by a third-party (e.g. Google’s Chrome website browser) and they may in the future enable it by default.
Politicians are concerned that DoH may hamper their censorship plans and some ISPs are also worried that it could create more problems for their service, such as by hindering the operation of certain features. On the other hand DoH is fundamentally a security and privacy improvement for consumers. What is your perspective on this debate?
ANSWER:
ISPA are widely supportive of measures to improve privacy and security; however, we would caution that the privacy improvements offered by DoH are often overstated and the protocol presents a whole host of security concerns. Beyond this, and the negative impact on user experience that you mention, the introduction of DoH raises concerns about data protection, user choice and consent, online safety and competition.
ISPA are adamant that DoH must not be introduced by default. We welcome recent indications from the major browsers that they do not plan to introduce the protocol by default in the UK; however, we would like to see this commitment formally expressed to UK stakeholders. Furthermore, any future implementation of DoH in the UK must be carried out in a responsible manner, being mindful of UK Internet norms and the complexities of user relationship and trust models that are in play.
The UK Internet industry upholds high standards of safety and security and DoH must not subvert this. Going forward, collaboration and consultation with the UK internet industry, third sector groups and policymakers will be vital.
8. The Government wants to see nationwide coverage of “full fibre” (FTTP) broadband ISP networks by 2033 and in order to do that they’ve committed nearly £1bn to help foster such networks, such as through targeted investment schemes and vouchers. Do you think this is the right approach to achieve such an aim and, if not, what should they be doing differently?
ANSWER:
We are keen to deliver on the Government’s ambitions for full fibre coverage, but these targets cannot be delivered overnight by the industry alone. The Government’s full commitment is needed to oversee considerable regulatory change, to wayleave legislation, fibre taxes and planning laws to name but a few.
Without the crucial removal of these barriers to sit alongside the very welcome funding commitments, the UK will not be able to reach full fibre coverage by 2033. It is really encouraging to see the growth in new network builders and ISPs building and rolling out full fibre services, this shows there is a healthy market delivering for consumers and businesses, although everyone recognises that further funding was also be required if we are to reach the whole of the country.
9. As part of the aforementioned effort the UK Government has already introduced a 5 year holiday on business rates for new fibre optic lines (effective since April 2017), although Scotland has just introduced a 10 years relief for the same purpose.
At the same time we note that the payback period for FTTP networks can be extremely lengthy, often extending to 10-15 years. Do you think the UK Government should also extend their relief from 5 years to 10 or possibly more?
ANSWER:
The business rates relief on fibre infrastructure has been welcomed by the industry, but it is well established that these infrastructure projects are planned with timelines of 15-20 years to recoup the investment made. This means that a five year relief window can only have a very limited effect, and we have been pushing for clarity well ahead of the 2022 ending date for relief.
The FTIR made the Government’s fibre ambitions clear, and a true sign of their commitment to the ‘full-fibre future’ would be to remove business rates from fibre infrastructure indefinitely. This would give the industry the certainty they need to build effective business cases and roll out fibre faster and further to the communities that desperately need it. The whole area of business rates needs to be reviewed as they are no longer fit for purpose in the digital age.
10. Openreach and Ofcom have both recently launched consultations on their future approach to switching off old copper networks as part of a phased move toward full fibre FTTP infrastructure. What sort of challenges do you see this as creating in the future and how do you think it should be handled?
ANSWER:
The switch off of legacy infrastructure will always be an important and nuanced issue as the UK moves away from copper infrastructure to higher capacity networks. There will undoubtedly be challenges given the number and range of consumers impacted, many of whom may be vulnerable, and it is particularly crucial that all parties can work together constructively to bring this about in the smoothest possible manner.
We’d just like to take a moment to thank Andrew for engaging with us over these topics. Earlier this year he also wrote a Guest Editorial for ISPreview.co.uk, which our visitors might also like to read (here).
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and Linkedin.
« Virgin Media UK Contractors in Wrexham Attract More Complaints
Latest UK ISP News
- FTTP (5533)
- BT (3518)
- Politics (2542)
- Openreach (2299)
- Business (2267)
- Building Digital UK (2247)
- FTTC (2045)
- Mobile Broadband (1978)
- Statistics (1790)
- 4G (1669)
- Virgin Media (1621)
- Ofcom Regulation (1466)
- Fibre Optic (1396)
- Wireless Internet (1392)
- FTTH (1382)
Any credibility is lost by claiming DoH is such a bad thing and negligible for privacy. There’s a reason the ISPA was widely mocked. Can you imagine the reaction if they said HTTPS should be disabled so they can keep everyone safer by MITM scanning web pages to filter them, and that it doesn’t do much for privacy anyway? This all reads as an attempt to poison the well, literally arguing that something that increases security and safety does the exact opposite.
While in of itself I couldn’t find anything for definite, I would bet I could make accurate assumptions about peoples’ lives by looking at DNS records. Are they experiencing health problems, debt, divorce, and so on. If I can reasonably infer these things, then that makes it sensitive. And if it’s sensitive then it needs to be private.
If your censorship plan relies on DNS, then your plan is shit, and you should be embarrassed for using such an incompetent solution. The exception would be in the corporate world where this can all be locked down and controlled, and as a component of security policies.
I suspect the real reason for the ISPA’s stance is that standard DNS filtering is a system that appeases the British government without requiring much in the way of resources, and that if requested it’s easy to capture the DNS requests if required by law enforcement. Widespread DoH means they have to spend a lot more resources to try to comply.
And I’d actually respect the reasoning if they said that this would increase the cost pressure to comply with legislation. I wouldn’t agree with it, but it would be an honest reason. Bullshit about how security and privacy actually are danger and insecurity is something Orwell would be proud to have included in 1984.
You have to connect to the server. In most cases that means a digital certificate exchange so that it can prove who it is. You read that, and they have to by law, you have the same information anyway.
Given the UK has already implemented DNSSEC extensively the guy is spot on.
If people really value their privacy so much never accepting cookies from anything, ever, or resetting them every time they open a new browser session, using a VPN to an endpoint they know isn’t logging anything and whose upstream provider doesn’t log anything, never using social media or a variety of other websites full to the gills of behavioural analysis or logging into anything that offers to cross-authenticate you to other sites would be a good start.
Still he knows nothing. DoH is the panacea.
Who said DoH is a panacea? It’s not, but arguing that increasing security decreases safety and privacy is insane. The arguments against it, especially data protection of all things are ridiculous. How is the data protection any different than conventional DNS? The entire point of DoH is to protect the confidentiality of the data in transit. Claiming to uphold high standards in security and safety by demanding reverting to an unencrypted connection is oxymoronic. Or maybe just plain moronic.
Remember, the entire context of this is coming from the IPSA labelling Mozilla an Internet Villain for their implementation of DoH, which lead to widespread ridicule. The exact words being “for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK”.
About the only criticism I’ll say is that Mozilla should be enabling DoH by default and attempting to use the OS DNS server instead of defaulting to Cloudflare. If the OS DNS server doesn’t support DoH it should inform the end user and allow them to make a decision based on that.
Saying there’s room for improvement is one thing. Saying how doing something in a more secure way is less secure? Yes, that does make you lose credibility.
Filtering can certainly be done without DNS. Just means running everyone through proxy farms and snooping HTTPS. Once TLS 1.3 kicks in it then means IP blocking.
DNSSEC isn’t too bad. DoH I’m not fond of – taking DNS out of the OS layer and handing it to applications doesn’t make me feel the love. It breaks some load balancing techniques and makes it harder to keep connections local, too. Most of the content delivered is via CDNs, this tech potentially breaks that.
Also kinda strange that when decentralisation of the Internet is ‘a thing’ people are so delighted by the prospect of having their DNS sent to Cloudflare by default.
I’ve nothing against DNS per se but making it default and running it this way doesn’t appeal.
I would assume and hope the ISPA issue was with it being made a default rather than its existence as a whole – they took up the issue with Mozilla for implementing it that way not the IETF for designing it.
The purported security privacy benefits of DoH are limited. Any app, not just browsers, can select it’s preferred resolver irrespective of the wishes and settings of the users. This allows malware to work with reduced risk of detection – some malware has already been found using DoH.
From a privacy point of view, using the default Firefox settings redirects all of your DNS traffic to Cloudflare, helpfully putting it within reach of the US authorities without the need to obtain a warrant. You of course lose any GDPR protections.
Yes some of Mozilla’s policies on DoH, updated after the ISPA nomination, have definitely improved and at least acknowledge that things like parental controls, malware filtering and corporate policies exist that they need to work with. However any other app on your device using DoH has no obligation to operate similar policies.
The same applies to hardware when DOH is implemented in it. For example, Chromecast already tries to access Google’s DNS irrespective of any user preferences and I expect this will likely move to DoH in the future.
You can of course ignore all this and decide to blindly trust US tech companies to respect your privacy and security – what could possibly go wrong!
Again with the risks based on hear say conjecture and speculation without any evidence to support it. Unless you watch the BBC during the vote and after where it appears magically out of thin air. THERE IS good and bad points on both sides. Just get it over with.
I phrased it wrong. God in heaven. Meant to say “When you watch the BBC during and after the vote it appears magically out of thin air is a perfect example of that. An edit button for the future would be nice if possible.
You need to reset the troll bot.
@New_Londoner An edit button would be better
DNS can be secured and encrypted using DoT DNS over TLS, it doesn’t need DoH.
The real issue is that DNS requests are being redirected by default to someone else.
Before DoH, Mozilla corporation would not know what web pages a person was visiting, unless they had code that forwarded every page visited to their own servers, but this would have been seen as a huge infringement of privacy and they would be slated for it, and quite rightly so.
Now, under the guise of “security”, Mozilla are redirecting DNS requests to their contractors who log every website a person visits, and some people are applauding them for that.
It doesn’t need DoH defaulting to Mozilla for a secure DNS system, we had options for that for some time, but Mozilla obviously feel they themselves need it.
DoT gives the user a much better solution than DoH as it remains under user control, can be disabled if required, much like a VPN. Ceding decisions on security from the user to apps in the way that DoH does seems like an incredibly risky thing to do given the extensive history of privacy abuses by tech companies.
Andrew is a good reminder of why everyone should die at 30 like in Logan’s Run.
@Anon
Your post is an unintended example of the benefits of minimum age / maturity requirements for posters. If your best retort to the points made in his interview is that he should die then you’d be advised not to share them with the rest of humanity.
@New_Londoner
My comment isn’t aimed at him personally. Just that humans dying at 30 like in Logan’s Run would prevent them from becoming power hungry and corrupt.
Maintain the harmony.
The bureaucrats will continue to shout that DoH/DoT is bad, some of the inept public will even agree but in the end they’re all wrong.
DNS needs more that DNSSEC and if you think DNSSEC is all you need then you woefully do not understand what it provides and why we still need more secure transport.
DoT is great and will be made better when eSNI is implemented. No network can be trusted these days and the less that is seen on the wire un-encrypted the better.
All of this is tied to Gov. officials stating encryption is bad.
I agree that DoT + DNSSEC is an excellent combination, encrypts the content (DoT) and gives confidence that the response is correct (DNSSEC). Adjustments will be made to allow CDNs to works correctly, especially when eSNI is added to the mix.
A remoaner… check
Dislikes privacy… check
runs three smaller ISPs – Bridge Fibre, Air Broadband and Connect Fibre… check
Answer.. AVOID and ignore anything he has to say or run.
You lost me at “remoaner”. Why do you have to moan about this subject on this thread?
If you do not know the difference between what a ‘singular’ moan on a subject/person from me is and what is a ‘continual’ moan on a subject, from person/s that did not get the outcome they desired is, then i am not surprised you are lost.
Perhaps you could “re-read” a dictionary to help.