Net Neutrality and Data Privacy ‘Ammbraced’

Last year’s massive DDoS attacks on network infrastructure in the USA, next to increasing forms of sophisticated cyber warfare, are laying bare the intrinsic vulnerabilities of our current global telecommunications systems. Telecommunications companies are vulnerable to politically or commercially motivated cyber-attacks as clusters of control of critical infrastructure for the storage of large amounts of sensitive data. The crisis in cyber security management solutions is magnified by the coming of a new era of liabilities which Internet Service Providers (ISP) would face under net neutrality rules and in particular data privacy legislation, such as the upcoming General Data Protection Regulation (GDPR) in the EU.

Net neutrality rules as part of the EU’s Digital Single Market strategy are meant to guarantee the freedom of the Internet by protecting the right of citizens to access Internet content, applications and services without unjustified interference or discrimination by ISPs[1]. In particular, ISPs are not allowed to deprioritise or discriminate against encrypted traffic on the basis of, for example, the data’s anonymity, without breaching the non-discrimination principle. Direct protection is provided to end-users and their chosen digital identities against, among others, ISPs’ commercial exploitation of different quality bandwidth through the provision of tailored services. This so-called network slicing is a practise whereby multiple vertical networks across a single infrastructure are customised for different data traffic or application types.

ISPs are currently only exempted from net neutrality rules in a few defined cases, in particular where certain measures are required related to the management of a network’s security and integrity, subject to a strict technical quality assessment. A breach of security with end-users’ data being compromised however, would have potentially far reaching punitive consequences under EU law, even when an ISP in its capacity as data processor may not be exercising direct control over such data, or is unaware that their services are used to process personal data.

Data protection in the EU is an individual and enforceable fundamental right[2] in itself and is not treated as a mere extension of the right to privacy. The objective of the EU rules differs from other jurisdictions, with the EU specifically placing emphasis on the control of personal data by its citizens and the legal certainty stemming from the protection against misuse by data processors or data controllers.

The reach of the EU’s net neutrality and GDPR rules would thereby extend far beyond Europe’s borders and the recent industry self-regulatory or laissez-faire policy with regards to net neutrality and data privacy governance in the USA[3] would not protect US service providers, considering the borderless nature of the global network infrastructure and data flows.

The EU’s net neutrality and data privacy rules are born out of the simple necessity to provide a uniform legal structure across the EU Member States which, in turn, allows for uniformity in solving issues related to the current geographical fragmentation of the single market and the lagging of economic growth in certain regions. Network slicing in this respect would impede the competitiveness of start-ups and small businesses and limit the diversity and growth, in particular, of innovation related advanced technologies, Internet of Things (IoT) services and the development of 5G applications.

Led by Nokia[4], a number of large telecommunication companies have joined forces for an EU funded research project on use cases for 5G network slicing, despite the fact that it would be highly unlikely that the anti-discrimination principle of net neutrality will be revised any time soon.

This principle would equally apply to crypto transactions taking place on blockchain platforms. Since it would be technically possible for an ISP to intervene with transactional operations on a blockchain through either a partition attack or a delay attack[5], it would escape from accountability if net neutrality rules would not be applicable. In addition, a delay attack of a transactional block delivery to a node, for a period of say 20 minutes, could have varying consequences, such as the loss of substantial computational power, susceptibility to the risk of double spending and inability to contribute to a given network.

The new Ammbr blockchain network employs mesh network topology for wireless telecommunication services. Data is distributed and relayed through the cooperation of mesh nodes creating a strong interconnection and high resiliency. Each mesh router distributes Internet broadband to the users of the network who would have the software client application loaded on their respective devices. The shared economic incentive for growth of the Ammbr network is maintained through the circulation of Ammbr crypto tokens, utilised as the network-specific micropayment medium of exchange (and stored in individual digital wallets) in return for bandwidth access. A self-sovereign digital identity (SSDI) layer provided for participants and users on the Ammbr network would sustain high levels of security within the network. Nodes are protected by the network’s proprietary protocol, whereas participants and users exercise full control and management of their own data through the SSDI framework. Any possibility for backhaul interference by a given ISP targeting the distribution of Internet broadband or the transmission of data traffic to end users would automatically be negated by the network’s Proof of Velocity protocol and micropayment mechanism. Interaction within the network is only enabled through the use of these individually controlled digital identities, on the basis of -EU law compliant- pseudonymity.

Even in the absence of preemptive net neutrality rules, the technology behind Ammbr would still enable fair access to Internet broadband, whereby the quality of service of the network would further improve with the expansion of the network, even beyond the speed of the backhaul.

Ammbr provides for a secure environment where full data control is practised by the participants and users of the network, and where the operational success of the network would only rely on the participants’ and users’ performances. In other words, with its bottom-up system of governance, the Ammbr network operates only through the contribution of resources from its own network peers without unilateral dependence of a third party such as an ISP[6]. As there is no centrally organised intermediary protocol present, there cannot be any access, content or application-based discrimination contravening net neutrality rules. Equally, there cannot be a breach of personal data as defined under the GDPR, since the Ammbr network would not be considered as a data processor or data controller. Finally, security of the infrastructure against cyber-attacks would be controlled and contained by the network’s protocol, whereas control of personal data would be managed directly by each individual user through the network’s SSDI framework.

§ Authors:

Pieter van Ysseldijk, LL.M. Msc.

Golnaz A. Jafari, LL.M.

[1] The EU Digital Single Market has laid the groundwork for EU Telecoms Single Market Regulation in 2015, Regulation (EU) 2015/2120 which grants end-users, broadband subscribers, an enforceable right to access and distribute Internet content and services of choice.

[2] EU Charter of Fundamental Rights, Article 8

[3] In April 2017 the USA Federal Communications Commission (FCC) has put forward a proposal for a repeal of the 2015 Open Internet Order. The Open Internet Order reclassifies broadband Internet services as telecommunication services and as a result regulates ISPs. It categorises three Bright Line Rules, namely no blocking, no throttling and no paid prioritisation.


[5] Hijacking Bitcoin: Routing Attacks on Cryptocurrencies, Apostolaki, Zohar and Vanbever, IEEE 2017