Home / Blogs

IP Addresses Are Not Telephone Numbers - The Fundamental Flaw with the FCC’s Proposed Privacy Rules

Protect your privacy:  Get NordVPN  [73% off 2-year plans, 3 extra months]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Last month the FCC released a Notice of Proposed Rulemaking (NPRM) on Customer Proprietary Network Information (CPNI), the information telcos collect about consumers’ phone calls.

The Commission’s proposed rules would adapt and apply privacy rules that have historically applied to the traditional telephone space to broadband carriers. It would also regulate how broadband providers use and share that data. The FCC is able to do this since broadband providers are subject to the existing privacy protections under Title II of the Communications Act, the result of the Open Internet Order.

Providing consumers with the tools they need to protect their privacy is unquestionably a good thing. However, the Internet Society is concerned about whether expanding and applying Title II to the broadband market is the right approach, as such a course of action may have unintended consequences.

Of particular concern to the Internet Society is the following text taken from section 45 of the NPRM:

“45. Internet Protocol (IP) Addresses and Domain Name Information. We propose to consider both source and destination IP addresses as CPNI in the broadband context. An IP address is the routable address for each device on an IP network, and BIAS providers use the end user’s and edge provider’s IP addresses to route data traffic between them. As such, IP addresses are roughly analogous to telephone numbers in the voice telephony context, and the Commission has previously held telephone numbers dialed to be CPNI. Further, our CPNI rules for TRS providers recognize IP addresses as call data information. IP addresses are also frequently used in geo-location. As such, we believe that we should consider IP addresses to be “destination” and “location” information under Section 222(h)(1)(A). Similarly, we propose to consider other information in Internet layer protocol headers to be CPNI in the broadband context, because they may indicate the “type” and “amount of use” of a telecommunication service. We seek comment on this proposed interpretation.”

A blanket association between telephone numbers and IP numbers and domain names is simply not useful. Here’s the problem—IP numbers and domain names are not telephone numbers. By using this analogy as the starting point for their rationale to consider IP numbers as CPNI, the FCC is beginning from a fundamentally flawed starting point.

The telephone numbering system was born out of an inherently regulatory framework within a multilateral institution, and coordinated at the international level by the International Telecommunication Union (ITU). In contrast, IP addressing was born out of a global, bottom-up multistakeholder approach. This model has been a driver of the innovation and creativity that made the Internet a virtually unparalleled force for social and economic progress in our collective history. Generally speaking, this broad comparison fails to account for the underlying context for each numbering system, and renders the analogy too broad and insufficient to be effective.

There may also be unintended negative outcomes globally from using this analogy. Like it or not, Washington exists in a policy fishbowl—the rest of the world pays attention to what happens here. There are nations that will watch, and may indeed copy, the FCC’s lead.

Applying decades-old telephone system regulations to the Internet puts at risk the principles and norms that contributed to its tremendous growth and success. As Dr. Robert Pepper wrote in Forbes ahead of the ITU’s World Conference on International Telecommunications in 2012, “Changing the regulatory and business model of the Internet now with an outdated legacy telecom model would limit the Internet’s expansion and diminish the potential for further innovation.” Pepper rightly concludes, “This would be an enormous mistake.”

Furthermore, the FCC’s use of this analogy is in clear contrast to the deregulatory approach to the Internet that the U.S. Government promotes on the global stage. In a world where the multistakeholder model for Internet governance is so often under threat, do we really want the FCC to normalize a governance framework that does not recognize the crucial role of it played in the growth and success of the Internet?

The Communications Act was developed at a very different time and to regulate a very different system. Putting aside the fact that the Act dates from the 1930s, the last time it was updated was in 1996—the dawn of the publicly available Internet. I believe that the uniqueness and complexity inherent to the Internet behoove us to take an approach to consumer privacy that is just as unique.

Comments on the NPRM close on May 27.

By Mark Buell, Regional Bureau Director, North America at the Internet Society

Filed Under

Comments

The development of the addressing system of DoD Internet Protocol Standard ... Peter Thimmesch  –  Jun 3, 2016 3:49 AM

Or IPv4, was not done via a multi-stakeholder process. It was done under contract to the US Department of Defense. The process for Simple Internet Protocol Plus (SIPP), or IPv6, was done via the IETF’s process but no one would call that a multi-stakeholder group.

Yet you are correct that the very concept that the Internet Identifiers within the Routing Table is somehow equal to the North America Numbering Plan (NANP) is laughable. Maybe stick the to the facts that the end-customer’s public addressed address(es) is/are something that may have a short Time To Live (TTL) and may be given to another end-user customer in any given moment (think a Starbucks customer) therefore it doesn’t belong to them as the same as the NANP’s system gives to its end-users (think mobile number portability) ... it is an easier and more understandable way of breaking down the FCC rule as being preposterous.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix