Disclosures by companies are an important part of the recently issued recommendations on net neutrality, said Telecom Regulatory Authority of India’s (Trai) chairman R S SHARMA, suggesting that they would help create checks and balances where exclusions from rules create possibility for violation of the broader net neutrality principle. In an interview with PRANAV MUKUL, he also speaks about the need for an honest and a sincere international collaboration for cybersecurity, which has actionable points to ensure protection of cyber systems. Edited excerpts:
There is some fear that the exclusion of content delivery networks (CDNs) from net neutrality could create some conflict of interest for telecom companies that have their own CDNs…
CDNs are not tied to one content provider. They house content close to the telecom service providers’ networks. What we have said in our recommendations is that the disclosure will include what kind of relationship does one have with a CDN. If it is your own CDN, and you are trying to provide fast lane for the service that is available on the internet, then there is a conflict of interest. This is a part of disclosures. We can’t say that CDNs, per se, are bad. If someone misuses CDN to violate net neutrality then we will figure out. All the exemptions and exclusions are meant to ensure faithful implementation of the net neutrality principle, and will have checks and balances. In furtherance to that, if someone tries to shortcut or defeat the spirit in a mischevious manner, they will be held accountable. If you can’t do something directly, you can’t do it indirectly as well, that is the basic principle of jurisprudence.
What are the issues that Trai would be looking at in the new consultation paper on over-the-top services?
We had issued a consultation paper in March 2015, which did not reach any conclusion. After that, a lot of things have happened. We did not include this in the net neutrality debate because while it is a connected topic, it is not central to net neutrality. We believe that a lot of water has flown in the last two and a half years since the last consultation was done. Whatever inputs came during that consultation process will be taken into account, but we also feel that we need to further consult the stakeholders.
So, the issues for consultation will largely remain the same as in the previous paper?
We’ll have to see, because many of those issues may have been solved as either a part of the net neutrality recommendations or some regulation. Only those issues, which are still unresolved, they will have to be deliberated upon.
How soon can we see the in-flight connectivity rules in place?
Once the recommendations are submitted, DoT (Department of Telecommunications) will take it forward. It’s not a simple problem, there are multiple problem in it such as the issue of gateway, technology, etc. A lot of confusion has been cleared during the open-house discussion, and we will come out with the recommendations in a week or two.
The Global Conference on Cyberspace concluded recently. In your view, what needs to be done at the global level to ensure cyber security?
A multi-stakeholder body would probably be a better mechanism, but one that has complete supports from governments from the world. It is important that countries agree on what constitutes cybercrime, and will not promote cybercrime in their countries. They’ll have to say that we are committed to protecting our ICT (information and communications technology) infrastructure. There is a need to have honest and sincere international collaboration, and not just in terms of spirit but in terms of actual concrete actions, which should ensure these things work.
Where do you think India is placed in terms of cyber security?
India’s policies are quite aligned with the idea of cybersecurity. We have created the policies pertaining to open source, open standards and open API (application program interface). Their objective is that security does not come from obscurity. When you open a software or an operating system, it gives everyone a chance to tinker with it, and then what comes out as a product in open source is a more robust product. These policies are the biggest antidotes against cybercrime. India has taken a huge initiative in that direction. Only thing is that now, we need to deploy these, and just having these policies doesn’t mean everything will become secure.
Is Trai doing anything with regard to cybersecurity?
Trai is talking about data security, which also talks about cybercrime. But our role is limited. The consultation paper that we floated on data security, data ownership and data privacy in the telecom sector. That is limited in scope. We have said in our recommendations on cloud services and machine-to-machine communications that cyber security is extremely important.
EXCLUSIONS FROM NET NEUTRALITY
Content delivery networks or CDNs: CDN is a platform that does not operate on public internet and do not interact directly with the consumer. It is a system of servers deployed at geographical proximity to the ISP and are used by content generators to distribute their content. For example, a US-based content generator will hire a CDN in India to distribute its content to telecom operators to be consumed by their subscribers here. Considering that large content providers might directly host their content inside the telecom service providers’ network through direct interconnection arrangements, some argue that CDNs with their own content should come under purview of net neutrality. Those in favour of CDNs being out of net neutrality rules say that by deploying CDNs, ISPs can reduce the load on their networks as the customer requests for content that is stored on a CDN will be processed in the most geographically efficient location and avoiding points of congestion in India, companies such as Akamai, Tata Communications, among others provide CDN services
Specialised services: As per Trai, specialised services are recognised as those requiring a minimum standard of quality. Stakeholders argued that certain services that required assured quality of service cannot be guaranteed by flow of traffic on a best efforts basis, and might need to be favoured on the network. While Trai has not defined specialised services, it has cited global examples such as tele-surgery, voice-over-internet protocol, internet protocol television services, etc. Further, Trai has said these should be excluded only if they are not provided as a replacement for internet access services. It has also said that ‘internet of things’ (IoT) as a class may not be excluded from the scope of net neutrality but critical services, as identified by the DoT in the category of specialised services, will be automatically excluded. For example, IoT-based irrigation systems, which may not be time-sensitive could be governed by net neutrality rules, but autonomous vehicle systems that are heavily dependent on seamless connectivity may be classified as critical.