This is Part 2 of a series on service function chaining. I recommend starting with Part 1 as an introduction.
So let’s start talking in more detail about the kinds of things network providers and governments want to use service function chaining for. In this installment, I’ll be focusing on use cases that are primarily about network operators exerting control over the applications that run on their networks. This control is used to drive profits. The next installment will be about government actors trying to control information for political purposes.
A historical interlude
For people both a) interested in and b) not familiar with the economic forces that drive network operators to want to control applications, the following is a broad-strokes sketch of what’s going on. Its deliberately simplified, but gives a fairly compelling answer to the question of “why do network operators care so much about applications.” You can safely skip this section if you’re happy to just accept that they do care a lot about it and move on.
The profit examples are firmly rooted in western, monopoly or oligopoly service providers. These firms were founded and built out their original networks to deliver specific applications. By application, I mean something like “telephone calls” or “watching television.” The vast majority of Americans today get home Internet access from a company that historically provided either telephone or cable television. These operators built out large regional, national, or international networks that were specially designed to deliver a single application.
For the average American consumer, that model of a single company providing both the network and application started shifting in the 90s and 2000s with home access to the Internet. Today you can use a mind boggling array of applications over the Internet. Some of these applications are genuinely new things that didn’t exist in the 90s, like social media or online video gaming, and some of them are just outgrowths and evolutions of existing services like Skype for telephone calls or Netflix for watching TV.
These monopoly or oligopoly providers used to charge you one fee for both the network and the service, and so got to extract their fee on 100% of the value you, the end user, got out of the information flowing across the network. The fact that there was nearly no competition meant that they could charge basically whatever government regulators would let them get away with. And that’s the way they liked it. You build out your network and enjoy relatively risk-free existence, since the government will always let you charge enough to turn a profit.
Fast forward to 2015: cable TV subscriptions are dropping, just as the price content providers (ESPN, HBO and the like) are charging you is increasing. Not only are the likes of Netflix and Hulu stealing your customers’ eyeballs, but while content providers are jacking up the price they charge you, they’re also offering streaming content direct to your subscribers. Fewer eyeballs means fewer ad dollars.
Landline telephone subscriptions are also dropping. Mobile phones are so pervasive you can only grow by stealing customers from your rivals, and while the number of minutes per day Americans are glued to their phone screens is surging, the number of minutes they spend on voice calls is plummeting. Skype, FaceTime, Google Hangouts and the like are free-as-in-beer.
Comcast, BitTorrent, and Sandvine
In early 2007, America’s largest cable company, Comcast, began disrupting popular peer-to-peer file sharing applications for its subscribers. The targeted applications appeared to be BitTorrent and Gnutella, but there were widespread reports of additional applications like Lotus Notes and Windows Remote Desktop being affected as well. As news and consumer advocate organizations investigated, Comcast lied, saying that it did not target any specific application or protocol.
After an investigation, then FCC Chairman Kevin Martin gave the following analogy for what Comcast was doing:
Would you be OK with the post office opening your mail, deciding they didn’t want to bother delivering it, and hiding that fact by sending it back to you stamped “address unknown – return to sender”? Or if they opened letters mailed to you, decided that because the mail truck is full sometimes, letters to you could wait, and then hid both that they read your letters and delayed them? Unfortunately, that is exactly what Comcast was doing with their subscribers’ Internet traffic.
Furthermore, the FCC concluded that Comcast was indeed specifically targeting BitTorrent and other peer-to-peer file sharing applications, and ordered them to stop.
Comcast was almost certainly using equipment from Sandvine, and early pioneer of service function chaining. As the IETF began their efforts to design and standardize their own service function chaining , they asked Sandvine to describe how their technology works as a reference, which they did in an Internet Draft.
Why was Comcast going to such an effort to disrupt BitTorrent? The FCC offered one obvious motive:
Comcast has an anticompetitive motive to interfere with customers’ use of peer-to-peer applications. Such applications, including those relying on BitTorrent, provide Internet users with the opportunity to view high-quality video that they might otherwise watch (and pay for) on cable television. Such video distribution poses a potential competitive threat to Comcast’s video-on-demand (“VOD”) service.
Also, BitTorrent is designed to make maximal use of your Internet connection by simultaneously downloading from multiple sources. Comcast designed its subscriber terms and marketing claims of “unlimited” data under the assumption that its subscribers wouldn’t really be able to use the full bandwidth of their network link all the time — for most applications bottlenecks elsewhere in the Internet slow communications to a fraction of the capacity of the link between subscriber and Comcast’s core network. But BitTorrent and protocols like it blow those bottlenecks out of the water and Comcast likely struggled to keep up with the demands on its network.
Carving out a slice of the advertisement pie
The giants of the web, Facebook and Google, are fueled not by subscriptions, but by advertising dollars. Whether you use Google or not, basically every consumer good you’ve bought in the last 10 years has a hidden “Google Tax” to account for the vast sums these companies spend to market to you. (Of course, a general “marketing tax” is nothing too new, it’s just that 15 or so years ago, it all went to print & television instead of the big G.)
It’s no secret that Google, Facebook and other ad-driven players gather and store tons of data about you and your habits so they can effectively target ads for you. They gather that data from their main website and, in general, a patchwork of affiliated sites, meaning that any one company/ad-network only monitors a certain slice of your overall life online.
But, at the end of the day, all of your Internet usage goes via an ISP, so if they get in the business of monitoring your usage they could construct a much more complete picture of your digital self. This opportunity is so compelling to network providers that recent history is littered with examples of such efforts, to different effects. Two big examples are Charter’s announced and then abandoned plan in 2008, and AT&T’s pilot programs from this year. These programs depend on rerouting your web traffic to scanning service functions which read the contents of your web requests and mine it for useful data they can use to target ads to you.
In the AT&T case, we have some information on just how lucrative AT&T consider this scheme to be since they allow users to opt-out of it for an extra $29-$60 per month, depending on the services bundled (like TV or phone).
Surveillance for advertising can also go beyond just reading the contents of your web surfing sessions. For example, since 2014 at least, Verizon Wireless have been modifying users web requests to inject ID tags to better allow 3rd party advertising networks to track its subscribers. There is a burgeoning industry of different injected tracking systems, and researchers at the International Computer Sciences Institute at Berkeley have been collecting information on the different tracking systems and who uses them. For information about your own country and provider, or to scan your own connection, you can visit their Netalyzr site. Network industry people working on service function chaining call this kind of manipulation “HTTP header enrichment” (you can guess who’s getting enriched by this process), and it’s of course one of the main use cases they discuss in working group documents.
Less common (so far), but more disturbing, is service function chaining gear that hijacks the actual web content you get from pages you visit to trick your browser into doing things the page you visit never intended. For example, Comcast started using this technology last year on their public WiFi access points, hijacking the user’s web session to show pop-up ads.
Pretty low, but not nearly as sinister as weaponizing the same technology to launch attacks against anti-censorship organizations, as China did earlier this year. But, more details on that in part 3.