VoIP Regulation in America: A View from the Trenchesby John Todd
Editor's Note: John Todd is a networking and VoIP consultant. In this op-ed piece, he offers some persuasive arguments for why the VoIP industry should look seriously now at formulating its own regulatory stances. If you're involved in this industry, what do you think? Weigh in with your opinions in the Talkback section the end of the article.
Most of us have lived a carefree, packet-based life in the sun, where the dark and dangerous concepts of regulation have had little or no impact. Even Congress went so far as to declare the Internet a "regulation-free" zone for a number of years, which allowed for amazing growth and the blossoming of new technologies, business plans, and jobs. Now that IP technology (and with it, open source software) are strongly stepping into business markets, along with large-scale replacement of existing technologies, the ugly spectre of regulation is something that must be considered.
As OSS/IP networks start to touch and replace the edges of existing, highly regulated industries (telcom, as in this article's example), it is possible that developers and businesses need to consider the implications of their designs and decisions as they relate to current regulations, or else there may be an unpleasant set of results. Where regulations do not fit, we need to encourage and design alternative legal frameworks. Where regulation is unavoidable or sensible, developers must think ahead to compliance strategies when creating new protocols or business models.
As many of you are aware, recent steps have been taken by some states in the U.S. to start regulating Voice over Internet Protocol (VoIP) providers (a.k.a. IPCSP, or IP Communications Service Providers, previously known as ITSPs, or Internet Telephony Service Providers; more on this in a minute). These regulatory efforts are due to unclear legislative wording and changing industry methods, and this collision of racing technology and inadequate legislation could cause great harm to the VoIP industry unless a broad Federal exemption is made to cover these new companies and the methods they use to connect individuals to each other.
I sympathize a bit with the state regulators in their plight; these regulators are only trying to enforce the law, they don't write the bills. The majority of telecommunications legislation was written without the foresight that voice data would become separate from the wires on which that voice traveled, and therein lies the problem that faces current regulatory agencies. Information has become separate from the mechanism on which it is delivered, and there are a growing number of delivery mechanisms for information, including voice, video, and other content.
DSL, cable modem, wireless, and power-line delivery of IP data (and with it, voice data) are breaking the model that has held for the last 100 years or so, which is that voice data is delivered on a pair of copper wires owned by the telephone company. This new separation of delivery mechanism and data has not been fully recognized by legislatures, especially where the transmission of human voice is concerned. There has been a previous definition of ISPs and cable companies as "Information Service Providers," which are immune from the legal requirements under which telephone companies ("Telecommunications Service Providers") must operate. The definitions are vague at best, and are almost certainly ripe to be legally challenged by telcos that feel unfairly regulated. Congress will need to revisit these definitions in the medium term, with guidance from the FCC. Where that will lead is a crapshoot, to be sure, as Congress is (to put it mildly) unpredictable in its legislation regarding technology and regulation.
The Current Legal State of VoIP Regulation
It seems that the regulatory wolves have been staved off for the moment, with a ruling from the Minnesota Circuit Court that defines IPCSPs as "Information Service Providers" and not "Telephony Service Providers," a seemingly minor but very important distinction. The Court's ruling (in summary) said that Congress had defined the Internet as a no-regulation zone, and that IPCSPs were clearly in that sphere, regardless of what services they offered. By this definition, there should be no regulation of IPCSPs.
This seems to be a very fragile ruling, whose basis may change if Congress makes some longer-term ruling on taxation and/or regulation of Internet services. However, for the time being, I expect it to remain adequate to shield IPCSPs from regulatory intervention. The Circuit Court's ruling contradicted a lower court's statement that Vonage (an IPCSP) was a "Telephony Service Provider" that needed to be licensed under the same rules as telephone companies. Other states are still considering regulatory steps (California being the most important), but I suspect that the Minnesota ruling will put a damper on any regulatory firestarters for several months, at least.
Regulation and Investment
Now, why talk about investment in a discussion about regulation? Because technology is driven by investment, and regulation scares investment; therefore, regulation impedes technology. I have spoken first-hand to major investors who have clearly indicated that they will not invest in a technology or company that could be severely regulated in the future, or that (worse) will be retroactively punished for actions made in good faith.
In the American tradition of "follow the money," this clearly indicates that the investment activities in the VoIP market are stalled, to some degree, without assurance of regulatory futures. Even with this uncertainty, there is a land rush happening with VoIP, and VC money may not be necessary for some entrants in the market. The Minnesota ruling against additional regulation will certainly assist in freeing up some indecisive investment capital for the industry, but a firm statement from the Federal government will help those of us in the technical arena, as well as those in the investment arena (the people that ultimately fund our paychecks).
So, What Are the Problems?
Once investment money starts flowing freely, what's the next issue? The problems that critics see with VoIP being non-regulated lie in fairly widely dispersed but narrow categories. E911, USF (Universal Service Fund, a USA-specific tax by any other wording), and common carrier status seem to be hotpoints. USF is the biggest issue, since it "follows the money," but E911 is the biggest emotional factor. Common carrier status has yet to surface as a major issue (though it will) and CALEA and other interception methods will also need to be considered by VoIP carriers to some degree. Let's take a look at each.
E911 is perhaps one of the most visible concerns about VoIP, and one that the average user will understand. One would be hard-put to find VoIP providers who are not trying to come up with some solution in this arena, for regulatory as well as legal reasons. The market will drive this as much as any threat of regulation--the first providers to reliably deliver E911 service will see commensurate reward, and any vendor eventually left without that service will become a second-rate system. There are halfway-useful systems in place right now from only one IPCSP, and the buying public should consider these features when signing up for service. This raises an interesting point--if people aren't willing to pay for it, should it be offered as an option? Try mentioning that idea in a public forum of telephony people and see how fast the rocks fly in your direction.
I will use my not-so-bullish pulpit to state that I believe that regulation of these services should be market-driven, as there are no monopoly statutes granted in the world of IP packet delivery. The basic elements of E911 should be provided as a public service, and not repackaged to exclusive commercial contracts. This is a much larger topic, which will undoubtedly fuel some of the most heated and irrational debate (from both sides) on the subject of VoIP regulation.
- Common Carrier
This segues right into a brief comment on common carrier status. It does seem to make sense in certain circumstances to define carriers of layer 1 (wires) services as common carriers, and that they should be responsible for delivery of packets to the "majority" of the Internet at a reasonable price. Defining what "majority," "delivery," and "reasonable" mean is where the lobbying organizations start working, compensation plans get introduced, and the USF zombie menacingly lurches from the crypt in search of live companies to eat.
I'll leave this extremely long discussion for another article. To this end, however, the FCC has clearly ruled that Internet services do not fall into USF-funded services, so we perhaps have several years before the overhaul of layer 1 taxation will be considered again. I will again put my opinion up for review and say that common carrier status should be inflicted upon firms that are granted some type of monopoly or virtual monopoly for serving data (packets, voice, whatever) to a geographic location. The prize to offset these penalties for these monopolies might be government subsidies, or rate controls. Consider this as a possible solution: Common carrier status should be levied upon firms that deliver layer 1, 2/3 services (physical facilities and IP transit) in circumstances where a monopoly or virtual monopoly exists. VoIP providers are not common carriers under that definition, but that definition is not yet accepted by all concerned parties.
There is that strange payment you see on your phone bill every month, labeled "USF charge," which (to some degree) pays for the phone service to rural or otherwise disproportionately expensive endpoints of the traditional phone network, and also pays for users of the phone system who qualify for low-income assistance. There are also some portions of the USF taken for educational networking ("e-rate") funding. Rural states (and there are a lot of them) depend on USF to provide service to residents of remote parts of their states who would ordinarily pay very high rates to run facilities to some location that is very distant from the CO or telephony network fabric.
Billions of dollars flow through the USF of various states, and any threat to that revenue gets the attention of legislators. Those farmers vote, you know. The companies that benefit from USF funding are also happy to contribute to the election campaigns of those legislators, further solidifying the status of USF. The VoIP networks that are being created do not pay USF fees, meaning that as people convert to VoIP and turn off their primary phone lines (this will happen, eventually), then that revenue disappears. There are some critics of the USF, who say that the various phone companies are fleecing the government for millions of dollars, and this, I'm sure, will come under renewed examination over the next few years. The solution in my opinion is what I mentioned for Common Carrier status: assign USF to the layers 1/2/3 delivery mechanisms in some way -- don't tax the data, tax the delivery mechanism.
The CALEA (Communications Assistance for Law Enforcement) standards may ultimately be inapplicable for most aspects of VoIP, which will cause many three-letter-agencies and their non-US counterparts to leap up and down in a howling rage. I do not see CALEA as being possible in some VoIP situations (peer-to-peer or SIP native bridges, to name just two) and in those instances where interception is possible, I see no significant change in the methods that are used by law enforcement to gather the relevant information or recordings.
It would be difficult for Congress or law enforcement to seriously consider CALEA as a regulatory roadblock to VoIP, simply because in many cases, CALEA access is just not possible with VoIP. This is an unpleasant fact that law enforcement will have to consider, but it is unavoidable and inevitable that voice communications between two individuals will no longer be easily accessed through some central clearinghouse such as a central-office wire plant. While CALEA still must apply to gateways where VoIP and the PSTN meet, I see no reason that this would require any significantly different laws than those that exist today.
There's enough about ENUM to write several articles, but I'll sum it up in an abbreviated example: imagine if your phone system in your office looked up every number in DNS to see if it could find an IP-capable phone switch that was designated to handle calls for that number. If the answer to the DNS query was positive, then the call would be routed over IP and to the destination host. There would be no analog circuitry involved. There would be no phone companies involved. There would be no charge. Got your attention? Try this with a modern version of Linux/*BSD:
host -t NAPTR 0.8.7.9.22.214.171.124.3.4.e164.arpa.and I think you can quickly see how it works on a lookup for a number in Austria (an active participant in the trials.)
Now, to put a darker spin on this: imagine if the phone number was under control of VeriSign. Or Verizon. Or SBC. Do you think you would be happy with the outcome of this? How would you want this done? Who runs all this, anyway? Have you ever tried to get in-addr.arpa assignments moved to your nameservers (if so, you can start to see the problem at hand)? There are answers to these questions that I hope you might take some time to discover. ENUM is coming, and it could be a blessing or a boondoggle. My belief is that it will be a blessing, but one that needs to have the long-term implications thought out ahead of time.
ENUM is arguably more important than any other aspect of the DNS, as it will replace a system that currently has more users than the Internet does. ENUM has been designed as a stopgap measure: people remember and use phone numbers right now, since that is what they are accustomed to using. Over time, URI-based dialing strings will become more common (i.e.: "firstname.lastname@example.org" is a SIP dialing string) and hopefully will become the standard for dialing. In the meantime, though, it will be hard to break people of their number-dialing habit immediately, especially since all traditional phones don't have alphanumeric keyboards. So to loop back to our "regulation" concept, the owner of the referral servers upstream from you may hold the key to your ability to receive calls to a phone number for some years to come, depending on the way the nation regulates the dispersal of that DNS hierarchy.
I titled this article "VoIP Regulation in America" for specific reasons. The regulatory path that the U.S. takes may have significant influence on how other nations define their own regulatory stance. The E.U. has been ahead of the U.S. in its definitions of regulation in VoIP technology, though there is still some inertia to overcome with state-owned telephone companies maintaining enormous power in the E.U. regions. The rest of the world will likely build their VoIP regulation guidelines to a large degree on what these two powers enact within their own legislative domains. Of course, the risk also exists that 200 nations will enact 200 different policies for VoIP, unless some clear international consensus is reached, based on prior examples. It will be an interesting comparison to see how the U.S. and E.U. policies stack up against each other, as I have seen evidence of some pleasantly forward-thinking people in the E.U.'s telecom policy bureaucracy.
VoIP is undergoing incredible growth right now, and in the next year there will be dozens of firms offering what only a few offer today, as far as VoIP-to-PSTN delivery. The regulatory environment is stable at the moment, but far from certain. The combination of uncertainty and growth is potentially dangerous, and regulatory stances need to be established now while the industry is still small. Old ideas of technology need to be removed from regulatory wording, and rethinking needs to happen with respect to the application layers of taxation on a telephony/information delivery architecture. Regulate the monopolistic delivery mechanism, not the data delivered on it. IPCSPs should hold their breath and hire some high-priced lawyers. Then we shall see what the future brings.
Return to the Policy DevCenter