The CRTC today released its new guidelines on breaching net neutrality, based on its July hearings. From Michael Geist, the very sensible comment that "While this decision will undoubtedly leave many disappointed, a full prohibition on throttling was never in the cards. Many consumer groups and net neutrality advocates got some of what they asked for - a test that looks a lot like what they recommended, an acknowledgement of the problems with application-specific measures, new disclosure requirements, new privacy safeguards, and agreement that throttling can violate the law in certain circumstances. That isn't bad as an overall framework. The big question is how to enforce these rules. The larger ISPs may well view the decision as a green light to continue doing what they are doing with a bit more communications. Indeed, by placing the onus squarely on consumers, the CRTC has virtually guaranteed continued throttling and a steady stream of cases."
Here's his summary of the conditions:
1. A new framework for considering traffic management. Consumers can complain about traffic management practices or the Commission can bring an action on their own. Where there is a credible complaint, the ISP will be required to:
Describe the ITMP being employed, as well as the need for it and its purpose and effect, and identify whether or not the ITMP results in discrimination or preference.
If there is any degree of discrimination or preference:
demonstrate that the ITMP is designed to address the need and achieve the purpose and effect in question, and nothing else;
establish that the ITMP results in discrimination or preference as little as reasonably possible;
demonstrate that any harm to a secondary ISP, end-user, or any other person is as little as reasonably possible; and
explain why, in the case of a technical ITMP, network investment or economic approaches alone would not reasonably address the need and effectively achieve the same purpose as the ITMP.
2. There are two key additional considerations. First, traffic management that degrades or prefers one application over another may warrant investigation under section 27(2) of the Act. Second, economic traffic management practices (ie. bit caps) are generally viewed as ok.
3. The Commission has stepped into the throttling issue. It has ruled that for time-sensitive Internet traffic (ie. real-time audio or video), where the throttling creates noticeable degredation, this "amounts to controlling the content and influencing the meaning and purpose of the telecommunications in question." The Commission will require prior approval for such activities. Even for non-sensitive traffic, the CRTC has ruled that it is possible to slow down to an extent that it amounts to blocking or controlling the content, therefore requiring prior approval.
4. The Commission has mandated new disclosure requirements. It is requiring ISPs to disclose their traffic management practices to customers, including:
why there are being introduced
who is affected
when it will occur
what Internet traffic is subject to the traffic management
how it will affect an Internet user's experience, including specific impact on speed
5. New privacy requirements The Commission has established new privacy requirements on the use of information obtained from deep-packet inspection. It now mandates ISPs "not to use for other purposes personal information collected for the purposes of traffic management and not to disclose such information."
In addition to the retail side of the equation, the decision also addresses wholesale (ie. ISP to ISP). In a nutshell, where incumbents treat independents in the same manner as their retail customers, the same complaints-based approach applies. Where the approach is more restrictive, prior approval is required (this latter point was the inspiration that led to the initial hearings - Bell Canada choked all its retail customers, which was traffic management but not discrimination).