FCC Brief Painfully Wrong about DNS

The FCC’s response to the challenges to its latest Open Internet Order (OIO) completely misrepresents the nature of DNS and its role in the Internet. As a result, the brief shows that the order’s misclassification of Internet service is based on a fundamentally incorrect assessment of the facts. Consequently, the FCC’s request for the Court’s deference on the basis of its expert status fails. The Court must therefore vacate the FCC’s order.

The crux of the reclassification issue is whether there is any rational basis for asserting that Internet service is more like the Title II common carrier telephone network than it’s like the Title III mobile network, the Title VI cable network, or the unregulated Title I Information Services that dominate the digital age and accurately describe the service ISPs offer to the public.

Misunderstanding Domain Name Service

The order has a number of legal problems, but my concern is with the FCC’s assertions about the nature of the Internet’s Domain Name Service, DNS. This is a good proxy for the larger discussion of the role of information processing in the service ISPs offer the public, which I explained in my Amicus Brief. The FCC makes two assertions about DNS that contradict each other and are riddled with false analysis. These are important because they call into question the FCC’s desire to be granted deference by the court on the basis of the agency’s standing as an “expert agency” with a unique grasp on the technical facts that is beyond the reach of mere lawmakers, judges, and economists. As we will see, the FCC’s analysis of DNS is so weak it undermines the FCC’s claim to expert status.

metaphoricalAs those who have challenged the order argue, DNS is an essential part of the service ISPs offer the public, and it is clearly an Information Service. DNS is the world’s largest distributed database, and it is implemented as an application rather than a transmission element. Users send requests for information to DNS, and DNS responds with either the information we requested (a name or an address) or a reason why it will not provide the information (an error code). When the ISP assigns an IP address to a user account, it also supplies two or more addresses for DNS servers we can use to get IP addresses of services we wish to access as well as verification of the domain name/IP address mapping of information we receive in emails, web site responses, and other types of messages.

ISPs argue that DNS is an intrinsic part of the service they offer, along with anti-virus software and a number of other features. The FCC didn’t address the anti-virus issue, but it makes two contradictory arguments against the DNS claim: on the one hand, it asserts that DNS is not an essential part of the ISP service because DNS can provided by third parties such as Google and OpenDNS:

The Commission also found that even if DNS and caching do not fall within the telecommunications management exception, those services are functionally separable from the transmission component of broadband. See Order ¶370 (JA___) (DNS “is not so inextricably intertwined with broadband Internet access service so as to convert the entire service offering into an information service”); id. ¶372 (JA___) (noting that caching is a “distinct” component of broadband that may be offered by third parties).(footnote 26 of the FCC response)

The FCC then turns around and argues DNS is a network management function permitted by the Communications Act as part of a common carrier service — despite its essentially information service nature:

The Communications Act thus expressly provides that an “information service” does not include information processing that is used “for the management, control, or operation of a telecommunications system or the management of a telecommunications service.” 47 U.S.C. § 153(24). (page 71-2 of the FCC response)

weakThe FCC’s problem is that a function “for the management, control, or operation of a telecommunications system” cannot very well be outsourced to an unknown third party by users of the system on a whim, which is what the first argument asserts. If I choose Google’s DNS instead of the one provided by my wired and mobile ISPs – a selection that is made automatically and without my knowledge or consent each time the ISP issues me an IP address – I need to take a deliberate action. My router performs a transaction with the ISP (using the DHCP protocol) that asks for an IP address; the ISP response assigns the router an IP address and also assigns it two DNS server addresses. If I want to use Google’s DNS, I have to login to the router’s admin interface and override the DHCP settings. This is a deliberate act that some very small number of users perform. Just after the SOPA fight, we were told that overriding the default DNS server address is beyond the ability of the typical Internet user.

That’s necessary for the FCC’s first claim about DNS to come true; but the ability to override the ISP’s DNS server undermines the FCC’s second (and more important) argument that DNS is a necessary function for the “management of a telecommunications service” because it says Google is managing my ISPs’ networks. That’s right: If I override the DNS provided by both of my ISPs — the wired one and the mobile one — I’m allowing Google to manage these ISPs’ networks.

Frankly, that claim doesn’t pass the laugh test.

The fact that my ISPs provide me with DNS automatically, combined with the fact that I don’t have to use their DNS servers, says it’s an important part of the ISP service that has nothing whatsoever to do with managing the ISPs’ networks. DNS has something to do with the end-to-end transactions that take place when an Internet user access a remote, non-ISP provided service such as Netflix or GMail. DNS today means Secure DNS (DNSSEC), a new variation of DNS that authenticates the remote site.

DNSSEC guarantees me that the Netflix server’s address is really supplied by Netflix and not by somebody doing a man-in-the-middle attack. This wasn’t the case when Brand X was decided, because DNSSEC didn’t exist. This is a more intense information service than traditional DNS, and it has nothing to do with providing a simple IP address to IP address transmission service, which is the FCC’s reductive theory about what the Internet is.

Managing the transmission subsystem of an Internet Service is simply routing packets from one IP address to another without regard for any other consideration. As the Order says, “[f]ixed and mobile broadband Internet access providers also price and differentiate their service offerings on the basis of the quality and quantity of data transmission the offering provides” and only on that basis. The Order also claims “[m]arketing broadband services in this way leaves a reasonable consumer with the impression that a certain level of transmission capability—measured in terms of ‘speed’ or ‘reliability’—is being offered in exchange for the subscription fee, even if complementary services are also included as part of the offer” (page 85).

DNS has no effect on the speed or quantity of data the user sends and receives, so it can’t be a management element of such a service, whether provided by the ISP or by a third party. The offering of Secure DNS is a marketing tool for ISPs, a new development that reinforces the fact that ISPs are in the information services business. Comcast championed DNSSEC before the other ISPs did and used it as a marketing chip. So yes, this is an important part of the ISP service and one that it not simply a function that manages transmission.

Bizarre Technical Claims

The FCC can be partially forgiven for misunderstanding the role that DNS plays for Internet service because the order demonstrates that it doesn’t understand what DNS actually does. This is a strong assertion, but the evidence of the Order’s misunderstanding of DNS is very, very strong. The Order bizarrely claims that DNS is a routing function:

[DNS] therefore “allows more efficient use of the telecommunications network by facilitating accurate and efficient routing from the end user to the receiving party,” id. ¶368 (JA___), thereby benefiting the broadband provider by reducing its costs. In this context, DNS performs the same general routing function as “speed dialing, call forwarding, and computer-provided directory assistance”—services that were previously found to qualify for the telecommunications systems management exception. Id.; see also Brand X, 545 U.S. at 1012-13 (Scalia, J., dissenting) (DNS “is scarcely more than routing information, which is expressly excluded from the definition of ‘information service’”). (page 93)

and…

DNS is appropriately viewed as providing the same kind of routing of a transmission as that provided in an earlier day when a person could (without knowing a neighbor’s phone number) use computerized directory assistance to place the call. (page 94)

incorrectThe Internet is a routed, packet-switched network, and we know where the routing function for its transmission subsystem resides: routing is done by Internet Protocol (IP) using information supplied to it by Border Gateway Protocol (BGP). This is not DNS and it is nothing like DNS. IP chooses a path to take to each packet’s destination at every one of the 10 – 20 routers in a path according to which of the router’s interfaces is most likely to be on the best path to the destination, allowing for best current information about the health of the interfaces. When a router receives a packet for destination W:X:Y:Z on an interface that it believes is the best path to W:X:Y:Z, for example, it knows it has a problem and tries to remediate. This is not what DNS does.

The actions that the Order describes from the PSTN world – call forwarding for example – are similar to Internet functions performed at end points, such as e-mail forwarding or web site redirects. These are also not things DNS does, especially DNSSEC. In fact, the design of DNSSEC is such that it can’t “re-route” a query from its correct destination to some other place. The SOPA and PIPA measures that failed in the House and Senate in 2011-12 wanted DNS to block or redirect certain queries, but this notion sank like a cannonball in a tub of jello faster than you can say “Reddit riot.”

DNS is actually a function that makes information from the destination available to the initiator of a network transaction. Part of this information tells the initiator the IP addresses (both IPv4 and IPv6) of the destination, but that’s not all it communicates. DNS also tells the initiator where to send email, how many distinct subdomains the destination network has, and the addresses of the subdomains. It does all of this at lightning speed. It can also store and transmit perfectly arbitrary information: If I want to put a poem into the DNS for bennett.com, I can.

To compare this to dialing a mom to find the phone number of one of her kids is to employ an inapt analogy; this is like comparing Internet packets to postcards. That’s fine for tutorial or handwaving purposes, but it doesn’t represent “expert” knowledge of the actual system.

The smoking gun is the FCC’s claim that “[DNS] allows more efficient use of the telecommunications network by facilitating accurate and efficient routing from the end user to the receiving party thereby benefiting the broadband provider by reducing its costs.”

DNS does no such thing.

The FCC Understands Metaphors, Not Technical Detalis

The accurate and efficient routing of packets from source to destination is BGP’s and IP’s job; all DNS does is tell the sender the network name (that’s what an IP address is) of the service it wants to reach. Routing is not a DNS function, sorry. And by the way, you reach DNS with the UDP or TCP protocol, so you need to already have a functional transmission network before you can even use DNS. The DNS does something “kinda sorta” like facilitating efficient routing, but not in the interest of ISP costs. DNS provides a means of optimizing the allocation of resources for “edge providers” such as Amazon and Netflix, however, and this service may very well affect their costs.

Because networks supply the information served up by DNS to end users, Netflix can jigger DNS responses to point to server complexes in locations that lower its costs and provide its users with better service, but this doesn’t help the ISP. In some cases, Netflix may direct users to servers that are low cost to the ISP, but that’s not Netflix’s goal; rather, Netflix wants to reduce its own costs and keep its own customers happy. So the only sense in which DNS is a management function is in relation to the firms who supply the DNS with information. These firms are not Title II common carriers, they are Title I information services. So the actual role of DNS is to make things work better for information services. Some information services are known as edge providers, but others are ISPs.

If the argument is the DNS is “kinda like” an automated telephone directory, that’s fine; but the issue is that it’s not enough like a telephone directory to justify the claim that it’s a network management feature. AT&T and Verizon and the others don’t outsource the management of their telephone networks to customers or third parties selected by their customers, they manage them on their own. DNS is used by edge providers to manage edge provider networks, not ISP networks. This fundamental flaw is based on the FCC’s substitution of a metaphorical grasp of the Internet for a real technical grasp.

The FCC as much as admits its judgment about DNS is flawed: “The Commission’s interpretation of the telecommunications management exception also reflects a common-sense understanding of how telecommunications service is—and has always been—provided.” That’s right, the FCC’s faulty view of DNS’s role in the modern Internet is consistent with a common sense understanding of a traditional telephone service. But the FCC isn’t paid to apply common-sense understandings of one network to another, it’s paid to apply the complete set of facts in a rational, expert, and defensible manner. The management exception has to applied in an expert fashion, not in a “finger to the wind” common sense manner.

The Internet is More than Just a Fast Telephone Network

The error is the FCC’s rush to reduce the most innovative network ever created – indeed, one of the most innovative creations in all of history – to nothing more than a faster telephone network. A network that carries phone calls, web traffic, video streams, video calls, interactive gaming, telemedicine, GPS directions to moving cars with traffic jam re-routing, etc. is much more than a telephone network. Would the FCC engage in a ten year long, bipartisan effort to protect the Internet from a few TCP packets with the “Reset” bit set to 1 instead of 0 if the underlying system were nothing more than a fast telephone network? That seems a bit unlikely.

The service that ISPs offer the public has a superficial resemblance to a telephone service, but that superficial resemblance doesn’t allow the FCC to go where it wants to go. The ISP service also bears a trivial resemblance to cable TV and mobile phone service. That’s also not good enough.

Factually, the only rational judgment that the FCC could have made within the terms of Communications Act is that ISPs are in the Information Service business. The Agency got this right for 13 years, and the changes that have taken place over that span of time have done nothing but reinforce the correctness of that judgment.

[Note: this post is the first of two parts on the FCC’s defense brief on the challenge to its Title II order. The second part deals with the problems in its assessment of the mobile network.]