 So, the next talk is done by Thomas Lohninger who I remember from his speech at the Deutsche Telekom Hauptversammlung, where he talked about zero rating and about the telecom implementing it with stream on and, yeah, he's the CEO of Epicenter Works, formerly known as Aka Vorath in Austria, and he's also a frequent guest at the podcast in Logbuchnet's Politik, where we can hear him talking about net neutrality, which is his really, really special topic. He's going to tell us about the law of net neutrality in Europe and how it is implemented, how it is controlled, and how offers like zero rating are violating it. Please give a warm round of applause to Thomas. Okay, thanks everyone. Good. So, I'm going to talk a little bit about net neutrality enforcement in the European Union. As you might know, we have quite a long tradition about net neutrality in Europe. The debate has been going on for many years and we are now at a point where we have legislation that covers all of Europe and protects the open Internet, but now it's about the tricky parts of actually getting it enforced. This is not so much a beginner's talk, but Silla would like to briefly explain what net neutrality is in case you need a reminder. So, net neutrality protects the open Internet from interference from the network operators that control the physical infrastructure of the Internet. It more or less keeps us in control about which services we want to use or want to offer without any gatekeepers in between. Usually, those interferences in the network happen in two ways, either technically, by slowing down, blocking, or prioritizing traffic, or in an economical sense, by making certain applications more expensive than others. So, this is the basic principle, but to really understand why net neutrality matters, we have to remind ourselves why the Internet is different than previous telecommunication networks. In a television system, usually you are a receiver and you cannot really start your own television series from a home yard, but in the Internet everyone can use and offer services. It's a bi-directional network, and it's also different than the telephony system, because in telephony you have a centralized controlled entity that decides whether or not you can make this call between those two endpoints, and it also gives those two endpoints in their connection a dedicated price per unit, which is also different from a global packet switch network as the Internet is. So much for the basics. We are not in the vacuum here in Europe. We have, in this talk, I'll compare what's happening here in Europe with the situation in the U.S. As I'm sure most of you have heard, there was quite some big change recently, and also in India, which we do not hear that much about but which is also a really interesting point of comparison for us here in Europe. What combines those three areas is the way in which net neutrality was enshrined, and it was always a bottom-up movement from protests on the street, from academia, and librarians, startups. For many different people that came together and decided net neutrality is not just a good idea, it ought to be the law. And of course the debate in the U.S. was long-lasting, so they started in 2007, and we are now in the fifth iteration. You know, first we prevented the bad law on net neutrality, and then we established a weak law, then this law was lost in court, and we established another one. And now recently, in mid-December, we lost those rules in the U.S. In the U.S., it's different. We had a really stony path towards the European regulation, which means it is a law, which is directly applicable to all of the European Union. So we have one legal basis, and then many different regulators that now have to really use that law. The telecom regulators will be a big point of discussion in this talk. In India, it is kind of similar, so there you had a huge pushback against Facebook trying to more or less replace the internet in India for a large part of the population, and the Indians stood up to prevent that. And now India has really good protection on net neutrality. And again, it is regulation, so it's not really a law, but it is covered by the ministry. So also a little bit more solid legal standing than in the U.S., where every new administration can more or less appoint a trep person to the FCC and overdue everything that their predecessors have done. If we compare the content of the three different regulations, we have very similar situation in Europe and the U.S., actually. So blocking and throttling is prohibited, paid prioritization, specialized services, which basically means those things which are not the internet, but run over the same pipes. And we have device freedom, so we cannot be discriminated for being iOS or Android users or using Linux or any other hardware. So network operators cannot dictate which devices we use. And then it's the tricky part. We have weak case-by-case rulings on zero rating, which means making data less expensive or interconnection, which is the area where two ISPs actually exchange data between each other. There is something unique in Europe. The law gives us the right that we no longer just have up to a certain speed of our internet connection, but instead we have also minimum average and maximum speeds that should be in the contract of every fixed line internet connection. You might wonder because you might not have seen those, and that's part of the weak enforcement rule talk about. And in India, at least previously, we only had rules on zero rating. So given those rules, why aren't we done? Why do we still need to talk about the initiality? The thing is, in the world of telecom regulation, you have those weird entities called telecom regulatory authorities, short NRAs. And they are tasked, they are like the police and the judge when it comes to net neutrality. They oversee the market and implement the rules. So we have to really work with those guys and make them to do their job. Regulation works a little bit like the old story of the stick and the carrot. So regulators can use carrots to give companies something which is an incentive for them to make them behave. Or they can use the stick to punish them, issue fines, or in the worst case, even take away their license. And at the end, we are dealing with multi-billion, multinational companies that need to abide the law. And so, of course, they are very different interests. Telecom regulators have a problem of revolving doors. So if you look at the personnel of several NRAs, of several regulatory authorities, you see that those people all have histories in the industry. And usually, it's quite a fast way from the industry to the authority from the government that should oversee the same industry. And so, of course, there is particularly a strong revolving door between large countries that have state-owned or partly state-owned telecom companies like Deutsche Telekom or France Telecom and their regulatory authority, which is usually a little bit more lenient towards this company that also contributes to the government's income. Another important thing to know is those authorities have a limited budget. So in some cases, they only can afford x amount of cases, instead of having an incentive to only pick cases which they are sure they can win, which makes them a little bit cowardice. So how did we enforce? How did those regulatory authorities actually use the law? And I have a little bit of statistic here with the activities that you would expect them to do now that we have net neutrality in order to make it work, and the percentage of countries that have actually done it and which were the good countries. And bear in mind with me, we have the net neutrality law in Europe covers 31 countries. That means the U28, the member states, and the European economic area, three countries. But in this survey, we are missing two, so it's only just 29 countries. That's why the statistic is off. So only 17% of five NRAs updated their website. In most countries, if you are a user, you see a problem on net neutrality, you go to the right authority, but still, you are let alone, you don't have any information on actually how to submit the violation. Dedicated, complained mechanisms for net neutrality. Only France has this, so 3%. At least half of the NRAs offer the users a speed test to measure their own connection, and we heard before, we now have a right for an average internet speed. But still, how to get that right is still quite questionable. And then really measuring the internet on a whole to really see if there is blocking or throttling that might not every user see, very few NRAs are actually doing that, which is a huge problem. And then the most weird part, you would expect if a multi-billion company is not obliging the law, if it breaks the law actually, that there would be penalties. But there are a few countries for that do not even have penalties, so there is no price tech attached to violating net neutrality. And I would play a little bit of game. What do you think? What is the highest penalty for net neutrality in Europe? Anyone? It's actually 3 million or 10% of the annual turnover, which is quite high. So you would think, wow, this is really preventing companies from misbehaving. If you look at the lowest penalty, that's 250 euros in Bulgaria. That's Europe. And now let's go back to the graphic that we have before with the types of discrimination, with the things that we are actually protected against with the European legislation, and how well those have been implemented. When it comes to blocking and throttling, we see problems. Blocking not so much, but throttling, particularly of video streaming content, that is very widespread as part of the zero rating offers. And so this type of throttling is really rasterating all around Europe. And regulators are really slow to act, like we have seen now in Germany, where it took the German regulator from April to December to come to a decision, and now this decision will be upheld in court for probably two years. So stream on is here to stay. And that's part because of these problems. Paid privatization, not really an issue. Specialized services, we haven't seen them yet. But in the next two and three years, when 5G is rolled out, we'll see a huge push from the industry to reinvent the Internet, repackage it as specialized services. And 5G gives them a little bit of a technological background to argue why these should be specialized services. And here the problem of the missing measurement comes back to haunt us, because specialized services should not eat into the bandwidth of the open Internet, but if the regulator is not measuring how good the quality of the Internet in the country actually is, you don't know if it gets worse with specialized services. Device freedom is not really a problem, tethering, blockades, or something like that, where a big problem in Eastern Europe, those problems are distinct. And then the minimum, maximum, and average speeds, that's a big problem that we still have, because only about 48% of the countries have actually implemented that properly. And that's why you don't see those really basic statistics about the thing that you're buying. And this is also something that is not really a net neutrality issue, but here in Europe it is. And it's also something that, particularly in rural areas, is important, because if your ISP is not offering, is not really delivering the speed that you're paying for, you have the right to exit the contract. Interconnection, the part where ISPs exchange data between their networks, we just don't know, because this area usually has no end user involvement, there are very few statistics, and you mostly rely on whistleblowers or people in the Internet exchange hubs that give us information, but we cannot really say whether or not it is working in that field. But now to the biggest problem, zero rating. Zero rating, explained a little bit more in detail, is the practice of exempting certain applications from your monthly data volume if you have a mobile or fixed line volume based offer. And so you have your two gigabytes, and then Spotify does not count towards that. That would be a classical zero rating deal. So certain data is more expensive, and the partner services are free. Isn't that nice? So this type of net neutrality violation we see in almost all European countries. So 86% of the countries have, at least one and for the most part, it's several zero rating offers out there in the market, and that for several years already. If we only look at those 25 countries that have that problem, and just to go back once, mostly the countries which don't have zero rating are the ones which don't have data volumes. So there, if you buy a SIM card, you buy a SIM card with an offer of a certain bandwidth and speed, but the volume is unlimited. And then of course the zero rating problem is also solved. But in the 25 countries where we have to fight about that, only 11 had formal investigation into these practices. In the others, in the other countries, the regulator did not even look at the products there, according to what they told the European regulators. And so out of these 11 countries where we at least had a look if zero rating is legal or not, what do you think? How many products were prohibited? How many NRAs stood up against the industry and said, no, this is illegal? Exactly. Not a single case of zero rating has been decided in favor of net neutrality in Europe, which is exactly the same number of zero rating cases which were ruled by the FCC in the US. So not a single one, which means the case by case rule on zero rating is not working. There has been only one case to my knowledge where a case by case rule on zero rating led to the prohibition of such a product. And that was in Canada already a few years ago. But the problem is we have products like this from Portugal, from the Portuguese incumbent. This is the biggest telecom company in Portugal. If you buy an offer, if you buy internet from them with a SIM card, you get 500 megabyte. And then if you really want to use the internet, you have to buy those application-specific bundles. And those are not really zero rating, you're just buying 10 gigabytes of WhatsApp or 10 gigabytes of Spotify and SoundCloud. And this is still not prohibited in Portugal. That's about the level of scrutiny that the telecom regulators have shown us so far. Going back to the legislative side, so this was the situation mid 2017. Then Trump came into office and he appointed a new chairperson to the FCC, Ajit Pai. This is him in a video as center clause. And yes, this is real. This is not Photoshopped. And those two guys then killed the US net neutrality laws. They are gone. There's a hope to maybe get them back either in court, which usually takes two years, or via congressional review act if the politicians step up, which is unlikely with the Republican Congress, or the states could create a patchwork of net neutrality protections. If you have California enshrining something in their law particularly, or forcing ISPs to do it, but those are all just patchwork solutions. But there's also bright light. India. India only had a rule on zero rating before, but in December they closed the gap on all the other net neutrality issues and came up again with the best legal solutions that I've seen. So the Indians are at the forefront of that issue. And so we have a general picture of the US really going down, India going up, and Europe is on the crossroads. So for us, the whole debate now is about enforcement in 2018. But then we will have another big discussion because in April 2019, the European Commission, which is not really a fan of the open Internet, they will have to release a report, whether or not to review the European law on net neutrality. And then you have the industry pushing with 5G for regulatory holidays, which basically means just let us do our market capitals and our new products without interference. We don't want the government to cut into whatever promises we make about 5G. And so there's a huge political pressure to go lenient on net neutrality, but at the same time we already see that the current regime is not really working. And the way in which we enforce net neutrality, it's also worth to compare this approach because both in the US and in Europe, we have a so-called exposed regulation. So only after the damage is done, the regulator might get active, start looking into it, have proceedings, which usually take a few months, then deliver it, then maybe makes a decision, and then this decision can be holed up in court. So we see this in Germany with Deutsche Telekom now already. We see it in Belgium. We see it in Sweden. And in the US, of course, I mean, they only started investigating zero rating right at the end of Obama's terms, where it was clear they could not really deliver. Contrary to that, in India, they have a really cool system. So as a telecom company, you are free to offer whatever product you like. But within seven days, the regulator takes a close look and just tells you whether or not it's legal. And if it is not legal, then they might suspend your license to be a telecom operator in India. So net neutrality is tied into the license agreement in order to be a telecommunications operator in India. And if you think about, we actually, I know that a few people from India are watching this talk, so thank you for giving them a round of applause. And this is why it is working in India. And they really take net neutrality series, which is also the right approach if you think about the damage that it's done to the market, to the innovation, to democracy, if suddenly ISP start blocking or throttling or prioritizing only their own services. So given the damage that can be caused by really taking the open internet away from a society, it is only the right approach to have a big stick here and not just a carrot. Finally, I would like to explain the internet, but also to, so there has been a shift. We have good protections, at least better protection in Europe than in the US, particularly when it comes to zero rating. And that means that the telecom industry adopted its model. You know, you can more or less, there are like epochs in the net neutrality debate. Originally, it was about blocking services you don't like. Then it was about throttling, bitter end, because you don't want to clutter up your network. And then it was about giving preferential treatment, pay for a specialized service, pay to become zero rated. All of these things are hard to argue in Europe these days. And that's why the telecom industry came up with a big new model. Streamon and Vodafone Pass are two very well known examples that we have in about 15 countries in Europe. And I will explain here what exactly changed and why we still have a problem with those open class based zero rating offers. So originally, the internet works quite easy. You have an ISP, you have a customer, gives money for access. It's easy. Then the customer dreams of a service that she or she wants to use. In this case, it is a bit love, a decentralized podcast hosting service, which is really popular in Germany. And so this service allows podcast producers to reach a really wide audience without having to pay any hosting fee, which is really cool. So there is the service bit love that also pays for access. And then you have the cloud, the interconnection part, where those two ISPs exchange data, and everyone is happy. The classic model of net neutrality violation would be that the ISP wants to get money from the content and application provider from bit love. So suddenly you have another money flow that gives preferential treatment, either prioritized in a technical way, your data is faster, or your data is cheaper because I don't deduct it from the arbitrary volume gap that I enforce on my users. And what you get here is basically a two-sided market. So the ISP can open up its hands from both sides and get money. This is a really old concept in telephony. When I make a call with you, then my operator pays your operator because he terminates the call. It's called calling party network pays. That's the way telecommunication companies have made most of their money for decades. And now we have this old model more or less forced into the internet. And they, for example, call it sending party network pays. So again, I am Deutsche Telekom. I am Vodafone. I have a huge customer base. I want to get money from both sides, both from the users that I'm offering their access service and from the application providers that want to reach these customers. I'm in control. I have the access monopoly on both sides. That's the old model. And the new model is different. Products like these that are all modeled after the binge on program of T-Mobile US have been really widespread in Europe. And we now also have other companies like INCE in Austria and Telia that all follow the same approach. And the new model is different. Suddenly, you no longer just buy access. You get YouTube or Netflix or ZTF media tick. And are you paying for these particular services to be zero rated? Or they are just given for free. It doesn't matter in that model. It's just a minor detail. The really important thing here is those ISPs have competitors, hopefully. And they have suddenly the customer has to decide, which service do I want? Do I want this type of access or that type of access? Or which services do I get? Suddenly, the product matrix gets really complicated. Suddenly, using a new cool service is no longer a question of just signing up on their website but changing the access product that you have. Suddenly, internet is no longer a universal plug that connects you to the whole globe and all of the innovative capacity that will be invented tomorrow. No, you have a subscription that is with your telecommunications company. It usually has a period of two years before you can enter contract in most countries. And you have a shift here in the way how agile users can vote with their feet. And that, of course, makes it more complicated for users. But the really big problem is when you reintroduce the application provider. Let's take BitLove again. BitLove wants to also be zero rated, let's say. And so they would have to also be part of the Streamon or Vodafone Pass program, which means they have to enter into a contract in that country, in that language. They have to continuously cooperate with the telecom company to have their data zero rated. That means to have it identifiable by that operator, which is quite tricky to do in most cases. And you have to give them 30-day notice with Vodafone Pass or four weeks with Streamon before you make a change on your own service, which is quite a drastic interference on the innovative capacity of any company. And this is just, you know, and finally, you also could be held liable for any wrongfully built data volume, which means as a small company or in this case is BitLove as a community project, you face a lot of potential costs if you make a mistake. And this is just one zero rating program. There is another one in Germany. There are around 25 mobile operators in Germany alone. 25 contracts that you have to keep up with. 25 people you have to notify every time you make a change on your own service. In Europe, it would be roughly 3,000 mobile operators that you would have to enter into contracts with. Almost no company can do that. At least not the SMEs that we are talking about in the digital single market. And then what would happen is that you only choose the biggest ISPs with the hugest user base to make deals with them and just forget the smaller ones. And there we have the Matthew effect, you know, those that already have accumulated a lot of market capital will have it much more easier to reinforce their market position. But then of course, if you are a really big kid on the playground like Netflix, you can just make one deal and then you are zero rated in all of Europe. But BitLove can do that. And there is another problem why this will not work with BitLove because BitLove is a decentralized podcast hosting service. It uses BitTorrent as an underlying technology. It does not have centralized service that it can rely on for distributing its content. And these types of models only work with centralized services. So you need to have a hard identification marker and you cannot rely on any peer network. You know, most of the things like the blockchain would not be possible to be zero rated. Many new technologies that don't have centralized hierarchies cannot be part of this type of the internet. So we see a drastic change and we lose a lot of the innovative capacity and we might never see the services which are possible in the internet that we have right now. And on a final note, there's a huge privacy problem that I would like to mention. In order to be a service that is zero rated, you have to be identifiable for the network operator. So you can rely on IP addresses to get up with port numbers. But in the most cases, you have URLs or SNI, server name identification, certificates. Those two things are most widely used in order to identify a service. But that means, you know, the internet is structured in layers. Deep packet inspection is in the red area. That's off hands, off limits for an ISP. They should not look deep into the packages in the layers and the top three layers. And this is also prohibited by the European net neutrality regulation. And we're speaking about criteria which are really high on the list. URLs, layer seven, application layer. And now comes the tricky part. You have a bill from your telecom company every month. There you have the data volume that you've used. You know from telephony that if they wrongfully bill you for a call that you have not made, you have the right to dispute this bill. They have to store the data. They have to do data retention in order to be able to have this dispute resolution done. Now suddenly URLs become the same thing as the callers, the calls that you've made with your telephone. So this could be data retention through the back door. And there's not just the whole net neutrality aspect that we have to talk about. Having this level of deep down control in every internet contract also means at the end that you might need, you might need legally be obliged as an ISP to store every URL that a user has accessed and amount of data that was transferred at least to that host. And this is not unthinkable. Like in Denmark, they have data retention which is on a session basis. It's actually quite close to this already. So here the interest of the telecom industry and of governments that want to surveil their citizens actually align quite neatly. And I think this is a ticking time bomb about the whole net neutrality and zero rating debate. And I wanted to bring that to your attention. Finally, we have a workshop later today at 6 p.m. at lecture hall three. If you want to get active in your own country and help us make enforcement of net neutrality, if you are a customer of stream on or voter from pass or any other net neutrality violating offer, come to us and we might actually have some collaboration that we can do. And yeah, in general, we need more people. We are hiring and we also have many volunteer possibilities. If you are a python jungle developer, we always need telecom lawyers from all of your member countries or economists. And designers, web developers, campaigners and particularly leakers from telecom companies, internet exchange points and of course regulatory authorities are always welcome. Thank you very much. Thank you, Thomas. We have time for one question. So microphone number four, please. Yes, maybe we can both agree that the internet has grown as large and good as it is due to the overall lack of government regulation. Historically speaking, why do you think now is the correct time to introduce a very far-reaching detailed government regulation of the internet? Isn't there a potential this will backfire? I mean, you are talking about government bureaucrats inspecting people throughout the configurations, basically. Republicans have made exactly the same point in the recent enthrality debate. I'm not a republican. I believe you. But the problem is the internet was born neutral and to quote Lawrence Lessig. We are more or less just protecting the original way the internet was built and yes, we need laws and some type of government regulation in order to enforce it. But I just see no other way. The market forces would inherently drive telecom companies to more profit, to more control over their users and we have to keep the internet open. And in a democracy, laws are the only way that we have in order to give limits to the market and also a free market economy relies on a certain framework within which the market can happen. And without this framework, I think we have trouble capitalism and definitely no free and open internet. So again, another round of applause for Thomas. Thank you.