28 March 2014:
It should go without saying that in our society we should be able to freely choose technical devices for use in our homes like we are free to choose what mobile phone we buy. But some Internet service providers dishonor this principle by dictating which device their customers have to use in order to connect to the internet or they discriminate against the owners of alternative devices. This undermining of our basic freedom of choice is called “compulsory routers” and is being strongly criticised by the Free Software Foundation Europe and many other organisations, projects and individuals. Compulsory routers is not merely a topic for experts. It affects all of us.
What are routers, and what sort of compulsion?
Routers are devices that handle other functions besides connecting to the internet, for instance WiFi, Voice over IP (VoIP), and TV streaming, and also technical details such as port forwarding, dynamic DNS, or VPN tunneling. Normally, all internet-based communication passes through routers.
ISPs such as Telekom, Vodafone, Kabeldeutschland, and many others in Germany, often offer a recommended router with the contract. In principle that is not bad because then users do not need to go searching for a suitable device themselves. On the other hand there must always be the option of deciding for a device oneself without having to be dependant on the goodwill of the ISP. Why is this so important? There are several reasons, some of a general and others of a technical nature.
- Trust and Preferences: Every person has different preferences when it comes to the selection of electronic devices. An ISP should not set itself over this freedom of decision. If customers do not want to use the ISP-recommended device for any reason, the ISP must respect this without repercussions for the user.
- Privacy and Data Protection: Dozens of times, standard routers from ISPs have been known to have security flaws or be victims of backdoors that allowed intelligence agencies and criminals to access the infrastructure behind the device. Customers thus need the freedom to choose a device or manufacturer that they trust in. In opposition to this, compulsory routers destroy the already damaged trust in new technologies.
- Free Competition and Technological Progress: Users profit from the free competition that guarantees free choice and steady improvement of products. Should, however, more and more ISPs force the usage of compulsory routers, smaller router manufacturers would be at a disadvantage because almost no one could use their devices. In this way, small and alternative manufacturers would no longer be able to stay on the market. This would, eventually,come at the cost of the user because (security) features would be be continually reduced and the user-friendliness would drop.
- Compatibility: Nowadays, the diversity of technical devices is huge. In principle this is a good thing because we can freely choose the products which are most appealing. Unfortunately there are, for instance, routers to which only certain telephones may be connected. Users need to purchase new hardware solely because of the unwillingness of the internet service providers. From the consumer’s and the environment’s point of view this is unfavourable due to the build up of electronic waste even though the devices would still work..
Security Concerns from Monocultures and Lacking Updates:
Security experts are already worried about the growing number of technical monocultures.
These come about when a large percentage of a technological sector is dominated by only
one product family or manufacturer. Then, if major problems or security holes appear, an
enormous number of users are affected at once. Most ISPs only use a few router models
and thus endanger the security of their customers.
That is particularly problematic when manufacturers and providers are very slow in the delivery of critical updates. Often it is not possible for compulsory router customers to perform updates themselves, although they may already be available from the router manufacturer. Thus, customers are incapacitated with regard to their security.