Wednesday, 4 March 2015

The ICO do not record when someone makes a request under section 32 of the PECR

That's right.

There is legislation that allows someone to make a request for them to exercise their enforcement functions, and they do not even count when someone makes such a request.

It is bad enough that they have no form on their site to allow one to make such a request, but this is just crazy.

How much more inept can you get?

See FOI request.

I have made 3113 separate reports and requests under section 32 now, and am still ignored, so next step is the Parliamentary and Health Services Ombudsman.

Net Neutrality

A small clip from The Oatmeal comic
(which I hope counts as fair use)
This is a complex one.

Firstly, to explain to those that are not technical, this is about settling a battle between ISPs and content providers that has been waged for some years. The Oatmeal try and explain it in very easy to understand terms (here).

As an ISP I am very keen on the principles that we "just shift packets", we don't care what people do with the service, and have no reason to - we are neutral and impartial. We peer with anyone, and we buy transit that connects to anyone neutrally.

However, you could have crazy situations where a major content provider pays an ISP for preferential access to its network, either to be the service the ISPs customers prefer (as it works better) or because the ISP is threatening to stifle the traffic if they are not paid. In some places this has happened.

So the US has just made some slightly controversial rulings on this making Internet have to work as a neutral carrier. The same stuff is happening in the EU.

"The EU Council of Minister has finalised its position on net neutrality and roaming. The Council will now begin trilogue meetings with the European Parliament and the European Commission (The Council and Parliament need to agree a text before it can become EU law)."

Unfortunately the idea of net neutrality has some issues.

So let's look at some of the problems I can see so far :-

"Providers should not limit the rights of end-users to: access and distribute information and content, use and provide applications and services and use terminal equipment of their choice. This is irrespective of the end-user’s or provider’s location or the location, origin or destination of the service, information or content (agreements between providers and end-users in relation to commercial or technical conditions, e.g. price, volume and speed are allowed)."

This is good - it will be interesting to see how BT's wires only FTTC will work with this as BT are currently limiting the VDSL modems that can be used on that service. Not all ISPs give out the login details for lines if you want to use your own terminal equipment.

But this also has implications where users might want to run email servers or use email servers or DNS not provided by the ISP. At A&A we have no issues, and allow anything, but some ISPs have some basic filtering as standard.

"Providers can offer non-internet access services that require a specific level of quality, as long as there is sufficient network capacity available so that the availability and quality of internet access services for other end-users are not impaired in a material manner."

Sounds sensible. Can't see immediate holes in that.

"When providing internet access services, providers shall equally treat equivalent types of traffic"

Again, sounds pretty sensible so far.

"Traffic management measures may be implemented to: comply with legal obligations (laid down in EU or national legislation); preserve the integrity and security of the network, services provided via the network or end-users’ terminal equipment; prevent pending network congestion and mitigate the effects of exceptional or temporary network congestion (provided that equivalent types of traffic are treated equally); or comply with an explicit request from the end-user, in order to prevent transmission of unsolicited communication or to implement parental control measures. When implementing traffic management measures, providers shall not block, slow down, alter, degrade or discriminate against specific content, applications or services, except as necessary and only for as long as necessary, to achieve one of the stated purposes"

This does get fun...
  1. Obviously this makes IPv6 mandatory, else discriminating against specific content (e.g. IPv6 only web sites). That is good news but not what they meant I am sure.
  2. This also outlaws IWF (child abuse image) filtering, as there is no legal requirement to filter such. My main objections to that have always been that it is the thin end of the wedge and ineffective at stopping child abuse. Though this could be provided as part of parental controls.
  3. This outlaws blocking of extremist material or anything else the government wants to block by the back door. They would have to actually pass laws, which is much more controversial. Again, this can be part of optional parental controls.
  4. This also outlaws all of the default filtering that some ISPs are doing as there is a requirement for explicit request from the end user.
  5. "End user" may not be same as "account holder" - it will depend on definitions. This could create problems where the account holder has asked for parental controls but the end user has not!
So, mostly this is good...

Now, I appreciate some of my comments may be a bit silly, I know, but if this ends up in actual law, it could be quite complex to define some of these things and difficult to be compliant. We have seen how badly worded laws end up with stupid convictions.

But can it go wrong?

You even have daft things like, obviously, our customers get good access to our email and VoIP servers as they are on the same network, but access to other networks email and VoIP services may not always be as good - simply due to the practical fact that they are connected by shared transit and peering links. Will that be seen as us as an ISP giving preferential treatment of traffic for us as a provider of email and VoIP? Will we have to move our servers off network to ensure they are treated equally?

I think we will need to watch the wording of this at EU and UK law level very carefully.

Net neutrality is great in principle but the details have to be right.

Monday, 2 March 2015


I was pondering the meaning of life, as I do, or rather more specifically the strange way that some things bother me and some do not with no rational reason why.

Like most people, I am sure, in the morning I brush my teeth, shave, get dressed, and in my case have to take a few tablets and an insulin injection. But this daily routine is not without some engineering considerations. For example, I have a glass of water with a fizzy vitamin tablet with which I wash down the tablets I take. So I ensure I fill the glass with water and put in the tablet after brushing my teeth - that is because, by then, the cold water is running nicely cold, and that is nicer to drink (I have mains drinking water in the bathroom). But I don't do it later as the tablet takes a couple of minutes to dissolve and I would be waiting for it when taking my tablets. So a bit of critical path analysis involved in ensuring I am not waiting an extra 10 seconds watching something go fizz in a glass.

I ponder why I am annoyed by a few seconds waiting for a tablet to dissolve. It does not matter. The whole process is not critical - I do not have a set time to get to work, and I get there hours before anyone else most days. What seems most inconsistent is that this whole highly efficient daily routine often follows an indeterminate time spent relaxing in a hot bath. That is also time doing nothing but which does not annoy me.

I can only conclude that people are strange, or that at least I am!

Sunday, 1 March 2015

These go to 11

Bit of a general drunken rant - "my personal opinion" even more so...

I have had a few concerns over advertising over the last months - I am annoyed by most adverts, and even more so when they are about something I understand (broadband service), but of late there has been a spate of "race the the bottom" stuff.

We are seeing people selling "Free broadband for 6 months", which is disconcerting. For a start, it is far from "Free", this is always with a "with phone line at £XXX", and some times that is quite a lot for a landline! Bear in mind we do a landline for broadband only use for £10/month.

But the big issue I have been trying to work out is how we can be different, or more to the point explain how we are different. The problem is that we try to be very honest with what we say, and that sometimes puts us at a disadvantage. We'd love to make claims that we are "better" than many other ISPs, but if we cannot say so with a definite measurable metric then we won't say it. Honesty is pretty important to us.

We gather that we are the highest average per-line peak usage of BT wholesale broadband, at least at some point when that was measured, but we have no proof of that (BT don't say that officially). But what that does mean is that "trying not to be the bottleneck" is indeed what we are managing - we are investing a lot in backhaul bandwidth to ensure people get what they pay for.

One of the big issues is that any "shared" service cannot guarantee the peak usage to everyone all the time. We cannot. What we can do is try very hard to ensure everyone can use what they need or want to use when they want. We can try not to be the bottleneck.

So I am unsure how we market ourselves. How we make truthful statements and good marketing statements, at the same time, in this industry.

We have has some lovely reviews! Support: As Nigel Tufnel (Spinal Tap) said: "These go to 11"

A lot of what we can say relates to when things go wrong. We know we are tenacious at beating up BT and TalkTalk over backhaul congestion and line faults and ensuring there are no charges when an engineer has to fix a fault in the network. But selling the "we do well when things break" angle is hard as it is saying "things break"! Sadly they do.

We monitor loss and latency on every line every seconds, and to this day BT do not accept a packet loss or latency issue as a fault category (in spite of a lot of pressure from us).

Whenever I personally get involved in any fault handling on any line (at weekends!) I almost always get very annoyed. I dispare despair at what my staff have to face every day. Many times we have managed to get carriers to change systems and improve things. Sadly there is an ingrained policy of not fixing the underlying problem in the likes of BT, but instead making extra layers to add on top. The latest, with so many ISPs disputing SFI charges does not result in any fix to the issue but a whole new process for the management of the disputes ISPs raise. It is layer on layer of sticking plaster and no real progress. In the past we automated re-tests of a fault, so they changed the system to require an SFI appointment on any failed re-test! They fight us at each step instead of working with us to actually make things better.

Some how we need to find a way to explain to people that we are actually quite a good ISP and worth every penny, but to do so in honest statements that we can back with facts and tests and proof.

I wonder if I need a marketing strategy that is more than "If you build it, they will come" :-)

We'll have to have a meeting to figure it out (thanks xkcd)

Friday, 27 February 2015

Unintentional DoS attacks?

We have had some issues today, both last night, and for a few of hours during the day today on and off. It looked a bit like a denial of service (DoS) attack via LINX, but it seems was not actually intentional!

Basically, somehow, a major content provider with which we peer suddenly thought we were a transit route for a chunk of their traffic and flooded our peering and hammering some of our transit to get the traffic to its actual destination (another country even!).

We've been working with them to try and understand and fix this. We are very sure we are not announcing someone else's blocks by mistake to them. They confirmed they could not see any layer 3 route to us for the traffic. So nothing looks wrong! But they are sending the traffic and it was enough to cause packet loss on LINX for us. Best guess is a hardware issue on their router.

I'll update more on here when we get to the bottom of it - we have had to shut down the peering, meaning no diagnostics can really be done to find the underlying cause, which is a nuisance. At some point we have to re-establish peering and do testing to confirm if fixed.

Even with peering down, we are still seeing bursts of traffic, but dropping the peering has helped, oddly. With peering down, this means it is some sort of layer 2 (Ethernet) issue. At least, when there is traffic, we stand a chance of diagnosing the problem.

Whilst packet loss on a major external link is a problem, it does not usually have that much of an issue on normal access to web pages, email, etc. For a start, it is only the one link, and we have many. But it does have quite an impact on VoIP services which mostly go over peering links. We immediately redirected some of our VoIP routing to try and avoid this, but some calls were still via LINX and suffering break up in audio.

Obviously we need to have a serious look at ways we can cater for this sort of issue in future - ultimately we have very little control of things going wrong "in the Internet", and it is almost impossible to pre-plan every possible contingency. None the less, we will try and learn from this.

I picked a good day to be off sick!

Update: I would like to thank my engineering team (Paul, Andrew, Jimi) for working on this all day and on in to the evening in their own time, and the guys form LINX as well. It seems the exchange itself (LINX) is not at fault in any way, which is good news. Some additional steps with the route server do seem to have stopped the bursts of traffic as of around 5pm Friday, and we intend to leave things like this until the peer can investigate further.

Update: When another LINX peer suffering the same issue contacted the offending peer this morning (Saturday), they immediately reset the card facing LINX and fixed it. One wonders why they would not do that when we reported it yesterday, shame. It does however confirm this was not "just A&A" being affected.

Thursday, 26 February 2015

Knowing your customer

Obviously, as a business, we have to know our customer. To be more specific we have to know some particular details about our customer.

This is not always true - a shop selling a mars bar does not have to know anything of their customer, and neither does someone running a vending machine.

However, we have to know some details, though in theory we could provide some services where we do not need to.

For a start we have to know what that customer's legal entity is, e.g. a limited company, or a sole trader, or so on. We also have to know a service address. The reason for these, apart from anything else, is so that we are able to enforce the contract (to take someone to court if necessary) for things like non-payment of bills. This is the same for  pretty much any businesses offering any sort of ongoing service.

But we also have to know a few other things, and we do ask some of these when people order. Here are just a few examples of what and why...

Under 18

If someone is under 18 they are a minor, and there are a whole load of things that impact the contract we can make with a minor and the extent that we can enforce such a contract. We have actually made a decision for the services we offer not to deal with minors (sorry). We do ask though, as lying about that would be fraud. If we did not ask, it would be tough luck on us.


The rules on contracts, in terms of what is allowed, and some of the steps we have take in giving notice of contract terms and getting agreement, are impacted by whether someone is a consumer or a business. Consumers have extra rights for cancelling contracts that have not yet been provided. There are also differences in terms of late payment penalties that can be applied. Of course it is possible for someone to be an individual, but buying as a sole trader in a business and so not be a consumer!

Small business (10 or fewer individuals work for the business, paid or volunteer)

This is a complicated one, as any small business can change to have greater or fewer staff over time. This one impacts a couple of things - one is the ability to make use of ADR (Alternative Dispute Resolution). Someone with more than 10 people doing work for them cannot use ADR.

This is also part of the new GC22 migration. Anyone with more that 10 people cannot expect to be able to migrate broadband or fixed line telephone services (though in practice they may be able to).

Communications provider

This is complicated!

For Digital Economy Act, being a Communications Provider means you are exempt from copyright notices. It is possible to be a Communications Provider and not be an Internet Service Provider, even, so avoiding other obligations of the Digital Economy Act. However, for this, the definition of Communications Provider comes from the Communications Act, and seems to me to cover anyone with a network switch or router at home would meet the definition.

For ADR, a Communications Provider cannot use ADR, and that definition is from the Communications Act too.

For GC22 migrations of broadband or fixed line, the definition is different! It is someone providing DSL (including FTTC) or fixed line telephone services, so someone with a switch at home is not a Communications Provider under that definition.

This makes "Knowing your customer" slightly more complex as someone could (a) be a Communications Provider under the Communications Act (and so for DEA and ADR) reasons, but could be (b) a Communications Provider under OFCOM GC22, quite independently (one, or the other or both). You then have that for DEA one has to be "buying service as a Communications Provider" so it is not simply whether you are one, but if you are buying as one!

At the moment we ask if someone is a Communications Provider under the Communications Act, but we may have to refine that question slightly!

Wednesday, 25 February 2015

OFCOM confirm...

GC22 - the new migration rules that replace MAC codes for broadband, simply do not apply to lines for customers with more than 10 people working for them or which are communications providers.

They suggest such migrations are best managed by a cease of old services and re-provide of new services with some overlap (and notable cost).

In some ways this is sensible, in some it is not.

They do not confirm who is responsible for determining that an end user has more than 10 people working for it, and who is liable if a telco acts on statements made by the customer on such things or what happens if number of staff changes over time.

They do not confirm the reason code to give when a losing ISP refuses a migration because its customer is more than 10 staff and hence "GC22 does not apply".

I have to feel that OFCOM have not thought this through.

P.S. - this is not just broadband, but fixed line telephone services as well!