The End of Net Neutrality: Implications for National Security

The Federal Communications Commission (FCC) voted 3-2 on Thursday to dismantle their authorities to enforce net neutrality rules that prohibit internet service providers, such as Verizon, AT&T, and Comcast, from interfering in the traffic streams that take place over their infrastructure. The reversal of the FCC’s 2015 decision means the federal government will no longer be able to regulate ISPs as if they were a utility, allowing ISPs to privilege some traffic over others and perhaps even throttle or block content they independently decide to – such as controversial political opinions.  

While there are major consumer implications to the end of net neutrality, there are also potential ripple effects into the nation’s security. The Cipher Brief revisits its analysis on how the end of net neutrality could impact anything from terrorist content online, foreign disinformation campaigns in U.S. elections, and even how U.S. intelligence agencies, such as the National Security Agency, traverse the global web to collect information critical to the country’s national security.

Consumer access to the marketplace of ideas, goods and services isn’t the only underpinning of American society to be affected by the Federal Communications Commission’s (FCC) vote to lift restrictions that require internet service providers to treat all legal internet traffic equally in terms of speed. The decision also will reverberate for the nation’s security. The FCC’s decision will be felt in the fight against online messaging for terrorist recruitment, the struggle to quell disinformation campaigns, and efforts to thwart cyber intrusions by foreign adversaries.

• The core principle of net neutrality is that all lawful internet traffic is considered equal by internet service providers (ISPs)—mainly AT&T, Verizon and Comcast for the U.S. This means that, no matter whether the traffic consists of video, audio or text, it is provided at the same bandwidth regardless of which website the data is travelling to or from.
• Without net neutrality, ISPs would be able to determine which sites are accessible and how fast the internet traffic is able to move to and from each site. The fear is that ISPs will essentially create a tiered system whereby some traffic—likely that belonging to those paying a premium—would traverse networks quickly, while everyone else must deal with lag times (known as throttling) or even site blackouts.
• In particular, traffic for those accessing the products of market competitors—for example, should Comcast seek to outmaneuver Netflix for market share of television streaming services—could be blocked or throttled, so that customers instead turn to different video streaming products for better loading speeds. According to research by Google, a delay of just six seconds when accessing a website doubles the chances a consumer will abandon their efforts to access the site.
• This has particular consequences for freedom of speech, as ISPs could essentially censor content they deem inappropriate or controversial. It also effectively allows websites with enough money to pay a surcharge for faster internet traffic to increase their viewership—a form of sponsored content not clearly labeled as such. In the absence of net neutrality, money could become even more powerful in shaping political opinion.
• Net neutrality effectively shapes conceptions of the modern internet as an open and free marketplace of ideas, goods and services that has been the foundation of much of global economic, cultural and political growth.
• ISPs reportedly have interfered in internet traffic a number of times, including censoring political speech at a Pearl Jam concert in 2007; throttling, or slowing down, file-sharing sites such as BitTorrent, eDonkey and Gnutella to prevent customers from accessing these sites; and blocking access to a text-messaging platform used by activists to coordinate collective action.
• Before today’s vote, the legal framework for government-imposed net neutrality rested on Title II of the 1934 Communications Act, which categorizes ISPs as common carriers similar to telephone networks that are considered similar to a government utility. ISPs were originally categorized under Title I until 2015, which did not give the FCC the same robust protective authorities as Title II. The FCC’s vote Thursday reclassified ISPs under Title I protections again, effectively removing the FCC’s authority to adequately impose net neutrality rules over them.

The FCC’s decision to end net neutrality could have unforeseen, yet significant, effects for political discourse, cybersecurity and possibly even terrorism and disinformation within the United States.

• Should a tiered internet system be implemented, the effect will not only stem the ability of startups to operate on an even online playing field with established institutions that can pay the premium for speed, It also could limit the real-time sharing of cyber-threat intelligence on the tactics, techniques and procedures of state-sponsored hackers targeting critical infrastructure.

• Technically, a tiered system could be accomplished through “deep-packet” inspection tools, a technique used to view the content of internet traffic as it passes by. The tactic is already used on behalf of law enforcement to scan emails for evidence of child sexual abuse domestically or by intelligence agencies against foreign intelligence targets such as terrorists under authorities provided by Section 702 of the Foreign Intelligence Surveillance Act. Deep-packet inspection could allow ISPs to filter traffic and determine whether it is desirable to place in the “fast lane” of a tiered system, or to be effectively slowed or blocked.
• Some have argued that net neutrality provides a virtual safe haven for extremist content, from recruitment messaging to how-to manuals. Under the Title II net neutrality framework, an ISP can’t, without government direction, slow or block websites that host terrorist content, even though internet companies such as Google, Facebook, Twitter or Microsoft can on their own sites.
• But while terrorists certainly have used the internet effectively—for example, the Boston bomber Dzhokar Tsarnaev studied bomb-making materials on AQAP’s online Inspire magazine—ending net neutrality is seemingly the wrong lever to fight it. Laws already prohibit material support for terrorism, and Title II protections under the Communications Act only apply to legal web traffic. Law enforcement is fully equipped to remove sites linked closely with criminal activity without the need for ISPs to use a separate authority.
• But if ISPs cannot determine what sort of application—voice, text, data, etc.—is being used, they don’t know whether to prioritize or deprioritize a specific traffic stream. That might tempt internet users to employ encryption to circumvent discriminatory practices such as tiering, in turn increasing the number of cases in which criminal organizations and terrorist groups “go dark” by hiding from law enforcement and intelligence agencies behind anonymizing technology and end-to-end encryption.
• At the same time, ISPs may decide to just place all encrypted traffic in the “slow lane.” That effectively would jeopardize the majority of users’ privacy and cybersecurity through market forces, while not necessarily stopping nefarious actors who might be willing to tolerate the inconvenience in return for the security of encryption.
• In a similar vein, the argument could be made that the end of net neutrality could allow ISPs to fight disinformation online by censoring misleading content. Following Russia’s online influence operations in the lead-up to the 2016 U.S. elections, and throughout Europe, combating such information warfare has become a central priority for Western democracies. However, a tiered system also could provide new avenues of disinformation, enabling foreign adversaries such as Russia to covertly purchase or gain privileged viewership to their disinformation as they did with sponsored content artificially amplified on social media platforms.