Public traffic backhaul

It has long been a source of frustration that if a Janet connected site wanted to provide connectivity to members of the public this required a separate physical network link to connect those users to a partner Internet Access Provider. Members of the public can’t be given access to the Janet IP service as this would risk changing the network’s status as a private Electronic Communications Service under the Communications Act 2003. There could also be damage to the network’s reputation since measures used to enforce the Janet AUP against staff and students are unlikely to work for transient visitors.

Commercial wifi hosting services, and the legal interpretation of them, have now developed to the point where a segregated point-to-point tunnel across Janet may be an acceptable alternative to a separate physical link. This is subject to five conditions, set out in a revised version of the Janet Eligibility Policy:

  • The point-to-point tunnel must be established from the Janet customer’s premises to an Internet Access Provider (for example a commercial ISP) with whom the customer has an agreement;
  • The tunnel must be encrypted between its endpoints, so that no traffic from members of the public is carried on Janet in plaintext form;
  • Users of the service must be authenticated, either by the Janet customer or its partner Internet Access Provider;
  • Traffic from members of the public, when routed to the public Internet, must be identified as originating from the partner Internet Access Provider, not from Janet or the customer;
  • The customer and Internet Access Provider are responsible for compliance with any relevant laws and policies applying to public Internet access, for example on logging and filtering.

The first two of these conditions ensure that public traffic is clearly segregated, so the legal status of Janet should not be affected. The third and fourth protect the reputation of the Janet network. The fifth ensures that legal obligations for public network providers are not imposed unnecessarily on Janet or its customers.

Customers providing Internet access for members of the public should note, however, that network segments or devices that carry unsegregated public and private traffic are likely to be subject to those obligations. For example both the Regulation of Investigatory Powers Act (regulating access to content) and the Privacy and Electronic Communications Regulations (regulating use of traffic data) have different rules and penalties for public networks. Local area networks should therefore be designed to segregate the two types of traffic as soon as possible.

Several commercial companies provide wifi hotspot services that piggy-back on existing IP connectivity, which may satisfy the Eligibility Policy requirements. The requirements can also be achieved using suitable configurations of common networking devices if a Janet customer wishes to partner with another organisation acting as a public Internet Access Provider and can do so in a way that is compliant with State Aid law.

Janet’s factsheet on Guest and Public Network Access and technical guide on Network Access for Guests contain more detail.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *