Photo by publik15 – CC BY-NC-SA 2.0
Introduction
I’m a technology optimist. I look at new technologies and most of the time, I’m excited. I see all the good they can bring and don’t often wonder too deeply about the bad. Information technology in particular, has largely been a force for good in this world. It helps us better communicate and understand each other. Even considering the damning revelations exposed by Edward Snowden and others about the US Government’s development of mass surveillance technologies, I still think information technology has, on balance, caused power to be distributed more equally in our societies than without it.
So it was surprising and pretty disturbing for me to see a technology being developed, in the open, by my industry, that gave me such pause. The technology is called Service Function Chaining, abbreviated SFC, and while it sounds boring, mundane, and innocuous, it actually represents a startling power grab by service providers. That is to say, by the people who run the networks that connect your computers, mobile phones and other devices to the Internet.
As I’ll explain, it’s not just that it’s anti-consumer, and anti-innovation, but some of the biggest proponents of the technology are state-controlled Internet service providers with a long history of abuses to the freedom of expression, speech, and the press. Of course US telcos, cable companies and other giant network providers are big fans as well. The technology itself is being developed by many equipment & software providers, some in the US and some abroad, and it’s being standardized, right now, by the Internet Engineering Task Force.
This is a big topic and I want to keep it accessible to people who don’t work on networks for a living, which means that I will, of necessity, be doing some explainin’. I’ve decided to divide this into a series of four posts. This first post will describe what service function chaining is, and will speak in general terms about why I think it’s so alarming. Then, I’ll have two posts to cover specific examples of this stuff in practice. The fourth and final post will be focused on what can be done about it.
Service Functions?
People in technology have a bad habit of coming up with names that are absolutely impenetrable to outsiders. In this case, service function is an unfortunate combination of trying to express a very generic concept that operates in a super specific context: service functions filter or modify the information you send across the Internet in between you and the person or place you send it to.
When your computer, or phone, or smart TV or whatever connects to the Internet, it’s actually exchanging a series of small “packets” of information with other users or computer servers. What you expect your Internet service provider to do is deliver those packets of information. In order to make Google.com, or BitTorrent, or Netflix, or Skype work, you just need them to deliver the messages, and do it as fast as they can.
But, actual, deployed networks don’t just deliver the messages. They actually contain a bunch of little boxes along the way, like checkpoints that mess with your packets as they traverse the network. A service function is one of these boxes that messes with your packets. Now some service functions you’ll just begrudgingly accept as a part of how the world works. For example, firewalls are service functions that check where packets are going to and from, and may block ones that don’t belong. They’re basically the Customs & Border Protection of the Internet world.
But, plenty of service functions get deployed to do things that you don’t want and didn’t ask for. And, the application you’re using, like Google or Skype don’t want them and didn’t ask for them either. Who wants them? The network operators or the governments that regulate & control them. Network operators want to boost their profits by
- inserting identifiers into your web requests, so that advertisers can more easily track you
- inserting advertisements into the web pages you visit, with or without the consent of the sites you visit
- “managing” the videos you watch, to make them use less bandwidth, without asking you
Governments want the ability to conduct surveillance and censor what you access by
- wiretapping phone or video calls, or other kinds of Internet use (called lawful intercept capability)
- filtering which web sites you can and cannot access
- filtering what videos you can and cannot watch
And, this is just the stuff they’re willing to talk about in making their case for this technology to the IETF.
Service Function Chaining
So far, we’ve been talking about different service functions. What is service function chaining? Well, network operators are deploying so many different service functions that they’re having a hard time managing it all. See, since neither you nor the application or person you’re communicating with have asked for these service functions; they’re not part of the information about where your packets came from or where they are going. So service functions have to be like checkpoints on the road: they have to physically be on the route from you to your packets’ destination. This is expensive for network operators because they have to build them all over the place and rewire a bunch of shit every time they add a new one. Service function chaining is a technology that will allow them to reroute your packets through an easily configurable list of service functions: a service function chain. Then they can build the service functions where ever they want, then reorder, reconfigure, and add new service functions with a click of a button.
The Threat
Service function chaining is specifically designed to make deploying more service functions cheaper and easier. That’s bad for consumers, bad for our freedoms of speech, expression, association, and the press, and bad for entrepreneurs who are building new services that compete with entrenched business models of carriers (that is to say, phone calls and television).
Service functions and service function chains are a response to the gradual erosion of control that network operators and their government backers have over the information and applications we use. Broadly speaking, this technology is a coalition between
- governments who fear loss of control over what people read, watch, talk about, and whom they talk with
- network operators who fear loss of control over applications that run over their networks (and therefore loss of ability to extract revenue from those applications)
- network equipment manufacturers and software suppliers, responding to their customers (above)
For the US Government and its allies, it appears that their primary concern is about surveillance, rather than censorship. And for their part, US network operators seem primarily moved by their own attempts to increase revenue, at least publicly.
Chinese network operators, on the other hand, openly discuss use cases and legal requirements of censorship in relation to service function chaining.
To be continued…
In my next post, I’ll discuss some specific examples of US operators’ use of service functions and their forays into trying to capture a piece of that sweet, sweet advertising pie that currently fuels Google and Facebook.
Please note: the opinions expressed are mine alone. In particular, no attempt is made to represent the opinions of my employer.
Service Function Chaining Part 2: Greed
[…] is Part 2 of a series on service function chaining. I recommend starting with Part 1 as an […]
Service Function Chaining Part 3: Censorship
[…] Part 1: Introduction […]
Service Function Chaining Part 4: Conclusions
[…] Part 1: Introduction […]