- Introduction to Router Freedom
- Understanding the legal aspects
- Successes so far
- Router Freedom in Europe
Fighting for Router Freedom
- Finding interested people
- Collecting information
- Setting up courses of action
- Demanding implementation of measures by the NRA
- Stressing the topic in media and public
- Leveraging the political debate
- Possible Argumentation
- Possible Counterarguments
Introduction to Router Freedom
Router Freedom is the right of customers of an Internet Service Provider (ISP) to choose and use a private router instead of a router that the ISP forces them to use. This wiki page has the objective to inform interested people about the necessary information to start campaigning for Router Freedom. In the sections below you can find the the course of action to be taken before the public and the correspondent public authorities, ideas how to build alliances with organisations, as well as the (counter-)arguments to be used in the discussions. There is also information about how the FSFE has managed to defend Router Freedom in Germany.
If you are not familiar with Router Freedom, you can find more information on the campaign page.
Understanding the legal aspects
In Europe, since 2016, Router Freedom is protected by the Regulation 2015/2120 - Open Internet Regulation or Net Neutrality Regulation. Notwithstanding the fact that its norms are directly applicable by national courts in EU State Members States because it is a "Regulation", some countries need to adapt their national rules to enforce the Regulation. The article 4 determines that the enforcement of the rules is task for the National Regulatory Authorities (NRAs) of each country. NRAs are responsible for checking the application of the Regulation’s rules accordingly to the technical guidelines of the Body of European Regulators for Electronic Communications (BEREC).
This is the NRA's workflow accordingly to the Net Neutrality Regulation:
First step: BEREC establishes the technical guidelines for compliance with the Net Neutrality Regulation.
Second step: NRAs acknowledges the BEREC technical rules and monitor its application by national ISPs.
Third step: NRAs should sent a report to EU Commission about the implementation of compliance by the ISPs.
Fourth step: If an ISP does not comply with the regulation, NRA should take measures against them in order to enforce compliance.
A problematic steppingstone for the Directive's implementation are some technical aspects under the interpretation of BEREC and NRAs. Today, the debate is around the Network Termination Point, a definition of where the ISP's infrastructure ends and the user's begins. According to the Universal Service Directive 2002/22/EC, recital 6, the Network Termination Point (NTP) represents a boundary for regulatory purposes between the public network and the end user's private network. If the NTP would be defined as behind the router, the user might not have the right to use their own equipment because it belongs to the ISP and is protected by contract.
That’s why the debate around Router Freedom is extremely important for Europe. Raising awareness towards the topic helps the implementation of better and clearer rules for everybody!
The definition of the NTP is arbitrary. There is no tangible benefit for users to consider routers as part of the ISP’s infrastructure. On the contrary - this unfair position subjugates users to contract restrictions which are prejudicial and dangerous for them. But no worries, it is possible to counteract this freedom violation!
Successes so far
When FSFE started the Compulsory Routers campaign in 2013, the legal situation in Germany was unclear and some ISPs were already infringing Router Freedom. Three years later, we have been successful: a law has been established which defines the NTP as the “plug” on the wall, so routers are considered the users' equipment and therefore not subject to contract limitations. In 2019, a regional court (level 2 of 4) confirmed this position, ruling that the ISP may not impose its customers to choose its router. It is a sign that Router Freedom is understood (DE) by German courts meanwhile.
For more information about the FSFE's monitoring in Germany, click here.
Router Freedom in Europe
The awareness for topics concerning Router Freedom is very low across Europe. In several countries people are not discussing the risks of not having the right to choose our own equipment. The FSFE has been monitoring the reports on Net Neutrality produced by NRAs every year for the European Commission, and and has noticed that several of these reports are very limited and do not tackle the fundamental issue of Router Freedom. Surprisingly, many of them even mention the fact whether there are possible violations by the national ISPs against the article 3(1) of the Net Neutrality Regulation.
The map below contains the overview of Router Freedom in Europe. It is focused on the definition of the Network Termination Point (NTP). The(NTP) represents a boundary for regulatory purposes between end-users' ISPs' networks. According to Recital 19 of the European Electronic Communications Code (Directive (EU) 2018/1972), the National Regulatory Agencies (NRAs) should define the NTP in accordance with BEREC Guidelines. The NTP can be defined on three positions (Point A, B and C), which directly affects Router Freedom. With your help, we'll continue tracking the legislative developments regarding Router Freedom. Click on it and check the updated information.
Fighting for Router Freedom
This section is dedicated to everyone who wants to raise awareness for Router Freedom among the community and political representatives. The suggestions presented here are not exhaustive, since the situation can profoundly vary from each country, but it should help you in any case to set up and organise a course of action.
For every action to be taken, you need to find interested people, collect precise information, and set up a strategy to implement your demands.
Finding interested people
Sometimes there are a lot of interested people and organisations who are eager to get active helping to spread the information or to improve the communications tactics among public officials, but they are scattered. Networking is fundamental to bring people together, maturate the strategies and spread the ideas. IT experts, technology lawyers, interested volunteers, tech associations, hacker spaces, companies, and people attending tech events and conferences can be potential candidates for building alliances and collecting valuable information.
The most difficult and time-consuming task will be to collect information about national ISPs’ policies concerning Router Freedom. Besides reading on the internet, you can collect some arguments with IT professionals: developers of alternative router firmwares or plugins, volunteers interested in networking, and even legal experts. This will give you a larger network and more expertise. Consider creating discussion forums, groups on social media, or mailing lists for this.
Setting up courses of action
We have to admit: This topic is not very easy to put in the public media agenda. Many people do not understand it in the beginning, the public opinion often at first attributes it as a problem for geeks. However, if you already started to implement the previous steps, you will be able to understand better what are the best ways to achieve public and political attention in your country.
Generally speaking, there are three courses of action that can be implemented in parallel or simultaneously:
- Demanding implementation of measures in favor of Router Freedom by the NRA.
- Stressing the topic in media and public.
- Leveraging the political debate
Demanding implementation of measures by the NRA
As we saw above, the enforcement of the Router Freedom rules is an important task of National Regulatory Authorities (NRAs). You can file an official claim asking your NRA to provide precise information on the compliance by the national ISP with the Article 3(1) of the Net Neutrality Regulation. Filing this claim can be more effective if made by an association or a group of individuals. It denotes organisation of a public concern. If possible, ask legal and IT experts if they can help you with the demand.
You can find the list for European NRAs the here.
However, note that in the beginning it is possible that the NRA will not give the proper attention to the topic and won't be very cooperative to your request. Don’t be frustrated! Be patient and try to improve your communication channel with NRA’s officials. They can be very useful for supporting the demand before political representatives. Try to arrange meetings with them to stress properly the necessity of compliance with the Router Freedom rules.
Stressing the topic in media and public
Raising awareness among the public is essential to get support for the Router Freedom cause. It can improve the effectiveness of the communication with NRA by putting them under pressure or get the attention from political representatives.
Communicate with the media as often you can. Try to get into public debates and events. Consider social media, blogs and news sites as communication channels. Elaborate public statements on a blog and push it to tech magazines, and news sites. This creates the echoes and makes the public to get acquainted with this topic. Pushing the message to other sites, agencies, or newspapers can generate a broader reference to your initiative. You can also consider attending podcasts, or radio and TV shows. If you know somebody with contacts: use them! Try to talk as much as possible about Router Freedom in public. Remember to always keep the public updated with your progress.
Leveraging the political debate
The norms of the Net Neutrality Regulation are enforced by courts only after their internalisation by national parliaments. Therefore, your political representatives are the most important people who can turn Router Freedom a reality in your country. Depending on how you approach them, politicians can help you to improve the demanding before the NRA to implement monitoring measures on ISP or to speed up the digital agenda towards Router Freedom.
Some political parties are sensitive to a digital agenda. Try to identify them. They can provide a valuable support to the cause. Building alliances with them can be very productive. However, keep in mind that in several cases you will probably contact somebody who is not yet familiar with Router Freedom and needs to be convinced. Besides, an important hint: Do not underestimate the ISPs' lobbying power.
You can contact your representatives by sending emails and messages on social media, calling and arranging appointments and meetings, as well as organising or going to events. Before talking to them, be prepared to explain in a quick and understandable way the benefits of Router Freedom. Think about which arguments suit which each party; economic arguments may fit better with politicians who care about the economy, fundamental rights or security arguments may fit better with digital rights experts.
In addition to the general benefits of Router Freedom (check the "Why is Router Freedom important?" section on our general campaign page), you can find here arguments and counter arguments to substantiate your initiatives. It is important to be prepared every time when communicating with the NRA, the media, and public officials.
Don't be frighted! Luckily there are plenty of good arguments to make your point.
Note that the following points are derived from our experience in Germany. It can serve to you as a starting point for developing your own strategics and tactics. Keep in mind to adapt them to your actions accordingly to your country’s situation. In any case, feel free to contact us to discuss it in detail.
Competition is one of the strongest arguments because it targets a point which is of great interest for IT companies, political actors, and business associations. It does not sound like a "geek's problem" but like an important issue (and as we know, it IS important):
- In most countries, you can count the important ISPs by one or two hands. Assuming your country has 5 ISPs (each with more than 10-15% market share), you can assume that all these 5 providers give their users routers of not more than 7 IT companies in the best case. Most of these companies are settled in Asian countries. Other companies cannot sell their products because no one is able to use them. This is a great danger for local tech companies.
- In most cases, ISPs distribute the cheapest routers that suit their needs. They are bought by volume contracts, mostly without strong future compatibility, maintenance, support, security enhancements, or rare features - they are supposed to work, not more, not less. But the other features are often the strenghts of EU-based companies because they cannot win the dumping price game.
Security is another important issue where you can tackle compulsory routers - and maybe the easiest one. Take the arguments above and rethink them with focus on security problems:
- You don't have many companies that produce routers for ISPs in a country: There is the danger of monocultures. Even in school biology you learn that monocultures are dangerous. If the same product/gene is spreaded in i.e. 50% households/livings, it is easy for a clever virus to put this critically high number in danger.
- If there is a security flaw in a product that is only used by 5% of the users, it is bad indeed, but not critical because the other 95% of users are not affected. Assuming that no single product is dominant and that the market shares of single products are not very high (so that there are many routers in a country's households), malware and security flaws are equally distributed.
Dangers that derive from security flaws in routers:
- Sniffing tools (Banking, account credentials) .
- Botnets (Routers are full computers and therefore able to use your whole bandwidth to attack (i.e. DDoS) infrastructure).
- Victim Proxies (let criminals use your IP to surf through the internet. In many legislations, you are responsible for their criminal acts).
- Hosting malware (again, you are responsible if found by state authorities).
Some more examples of the disadvantages of monocultures:
- Oracle Java RTE
- Adobe Acrobat Reader
- Microsoft Windows
- Routers are produced at the lowest costs without long-term support: If there are any security flaws, bugs, or new security enhancing technologies, they are not/slowly fixed/supported. Because routers should be as cheap as possible, ISPs do not focus on security interests. Long-term maintenance is expensive, adding new technologies to the firmware as well.
- If there is no competition, there is no critical need for the companies/ISPs to maintain their routers: Assuming all 5 ISPs do have strong security problems, users can only choose the smallest evil.
Technical innovation and compatibility
Due to lack of competition and need to produce good routers (because users cannot decide to buy them even if they want to), new technologies are only slowly adapted. If no other competitor supports new technologies, why should anyone focus on supporting them? User can only decide for pricing, not for quality of hardware, even if they wanted to do so.
Technologies for security enhancements like tunneling protocols, or filtering, useful innovations like IPv6, important functions like port forwarding or SIP integration - everything needs years to be adapted by the ISPs' routers because it costs money and no other competitor supports them due to the same reasons.
This goes even further: If a user is forced to use a router, the ISP is only one step apart from supporting only one SIP provider, one cloud storage, one DynamicDNS provider, or one media streaming platform. The user cannot use their phones, their trusted online storage or their hardware, because it is not supported.
This creates even more problems on other levels like economy ("throw-away-society") or the environment ("why throwing away a working device?").
One of the most important argumentations we used is freedom: everyone should have the permission to use, study, share and improve their software, because only then they are able to be sure to know what the software does, and how to improve it if it does not suits their needs. But in this case, we should not only be able to use the software/router we want to use, but also require the ISP to let us do this without losing functionality.
However, we should not focus on demanding that the users HAVE to choose a router: Many people do not want to choose a device, they just want to make "internet working". We should respect that. But we should make sure that the ISP/state does allow every user to have FULL access and souvereignty over the hard- and software that runs in their houses. We should be able to install any software on any device, because all users should be able to use the devices they trust.
ISPs and other parties that do not support Router Freedom may be creative in finding counterarguments to weaken your position. Here are only some of them:
"Getting one device from the ISP is easier than letting every user choose his own device. This ensures that everything works fine"
Look at the "Freedom" argumentation: It's okay to suggest one router, but everyone should be able to use another. If an ISPs uses open standards and does not lock-down his infrastructure or uses proprietary protocols or other bad (and senseless) stuff, there are no technical obstacles that cannot be solved. If the users have the connection credentials, all connection information, and the traffic is not devided/changed/filtered elsewhere, they should be able to use every service they want to.
"If all our clients use the same router, we are able to maintain all of them by ourselves and react to security threats"
Wrong. read the "Security" section: Monocultures are not good and those routers do not focus on security enhancements or fast bug fixing. The ISP does not have the ressources to maintain all routers and fix those things.
Additionally it is enormeously critical to let the ISP access all routers without the clients' permission. This is done by insecure protocols (TR-069) and it does not ensure that all routers are maintained sufficiently. We have enough examples in Germany that show that ISPs need months and years to fix simple bugs (i.e. W-LAN bug in AVM Fritz!Box Cable devices from KabelBW and KabelDeutschland). The users are not able to update the firmware by themselves or replace them.
"If we have to support many routers from different companies, our support costs raise"
That's true and there's nothing to change it. But you have to differentiate: If users are free to choose a device, they can choose a device that supports their needed functions by factory. They don't need to put other devices behind the modem/routing box that may interfere. They can change important settings by theirselves, i.e. DNS servers, tunneling protocols, DynamicDNS providers, opened ports and so on.
Of course it's more difficult for the ISP's support to find out what does not work (IPS's infrastructure or user's router), but at least the user has the right to use any device he wants to use - and the others can stick to the ISP's suggestion. And if every ISP is forced by law to support other routers, there is a whole new competition field.