Some ISPs have been ruthless in their approach. They have simply blocked access to well known peer-to-peer services and download sites. But as users find ways around that scheme, they have turned to a technology known as "traffic shaping."

Michael Geist, the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law says that traffic shaping is "a process that limits the amount of bandwidth available for certain applications."

He says that the original use of the system for restricting peer-to-peer activity has been expanded and that there are concerns that some ISPs are even using the process to deal with large email users and even virtual private networks.

Virtual Private Networks (or VPNs) are a vital business tool for many companies. The VPN is a form of extension of the company's intranet in which "tunnels" are built over the internet providing a highly secure transmission medium. VPNs are used by international companies for their internal communications and data exchange.

The concern for ISPs over VPN is the increasing use of the technology not just for voice (individually, voice packets are very small but a large company running its internal comms over the internet can use a lot of bandwidth) but, increasingly, for internet meetings including white-boards and graphics and applications sharing plus - perhaps the most damming - video-conferencing.

File sharers have defeated the traffic shaping (sometimes known as packet shaping) by the simple expedient of encrypting its content. Perhaps the best known user of this approach is Skype which, although few users realise it, works by a form of peer to peer networking. The encryption prevents the ISP from identifying the contents of the packet.

In Canada, Rogers - the largest ISP - has responded by adopting the ruthless approach of simply reducing the priority of all encrypted content.

Some, Geist says, have noticed that Rogers does not downgrade the priority of its own internet phone service - but it does downgrade the priority of other internet phone services. That means delays and echoes and ultimately complaints as to the quality of service.

But the supply industry says that traffic shaping is essential, even desirable.

But as always, there are "dark side" concerns. The manufacturers of one product say " It is also a verastile toolkit to perform complex filtering, programmable packet capture, and even create "penalty boxes" for workstations sending prohibited traffic. "

The product concerned, Traffic Shaping Engine "TSE" for NetWare, costs only USD349 per server on which it is deployed. However, it is restricted to servers running Novel Netware - and that's a very tiny proportion of the internet. However, it is a much greater proportion of corporate servers. Even so, it demonstrates the way the technology is going.

Basically, internet traffic reaches the server and is handled on a first in-first out basis. In short, it joins a queue and is very well behaved in waiting its turn. Traffic shaping reviews the queue, decides which data to allow to jump the queue and sends it on ahead. As a result, less favoured traffic simply is pushed back.

However, there is rarely a long-stop for how long individual traffic may be delayed. And so deeply unfavoured traffic may find itself shuffled backwards repeatedly, in theory (but not in practice) for ever.

The reason it will not be pushed back for ever is not because that in fact happens but because the receiving computer's settings will decide that the data is not coming and issue a time-out. In simple terms, your computer gets bored waiting for the data and says it's going to do something more interesting instead. So it stops asking for the data which then simply dies of old age in the ISP's cache as it seems no one wants it.

Last December rumours circulated that Malaysian ISP Streamyx (which has desperate problems with overloaded inbound traffic) had blocked access to BitTorrent. And in August this year, users of COMCAST in the US found that access to BitTorrent was sporadic at best and often none at all. Others have done the same but, according to commentators COMCAST's approach has been especially hard-line by preventing so called "seeding." This is the process by which users of the Torrent gain brownie points by adding material. By preventing this, COMCAST is making sure that its users are falling down priority lists on their chosen sites.

Last year, website TorrentFreak held an open forum on traffic shaping and found that ISPs were wholeheartedly behind the idea. The website quotes one respondent as saying "“The fact is, P2P is (from my point of view) a plague - a cancer, that will consume all the bandwidth that I can provide. It’s an insatiable appetite.”

The two leading companies in the field are Sandvine and Ellcoya. Both are blunt about what their product does. In the case of Sandvine it says "Our Deep Packet Inspection-Based Policy Solutions address key challenges such as managing bandwidth-intensive traffic, controlling malicious threats, enabling new services and identifying application quality trends." That is, it inspects users' traffic and decides whether and when traffic will be permitted to pass.

In short, ISPs are monitoring both inbound and outbound traffic which is not encrypted, looking for whatever they tell the system to look for. Hiding behind traffic shaping, then, is the treat of censorship and even governmental monitoring. What seems like a good idea in principle, seems rather worrying on several levels.

Streamyx is harangued by its users for dismal quality service - and as Streamyx users for our Malaysian operations we can say that on a good day it's rubbish and on a bad day we go to the pub. We have even had serious discussions about decamping to Singapore because, on bad days, our productivity falls by 80% or more. And sometimes it doesn't work at all. Streamyx promotes its service on the usual "best efforts" basis. Mostly, within Malaysia, it's acceptable. But as soon as international traffic is sent or demanded, it frequently slows to a crawl. Streamyx says that its intra-Malaysia service is where it has control over its best efforts promise. It has recently added a condition to its terms saying that Streamyx is not responsible for poor delivery of content from overseas sites. Even subscribers to premium services are, Streamyx customer services told us, still going to be calling data down the same overloaded pipes as hoi poloi.

There is, then, another option for companies: have two different levels of service. For commercial users, prepared to pay a higher price, simply put them into different pipes with less traffic. And put the low-cost users, who are for the most part those who are using P2P, etc., into the pipes that are overloaded. Instead of using discriminatory tech, why not discriminate on the age old basis of cost?

Business users are perfectly willing to pay multiples of the price paid by domestic and hobby users, especially in business areas that are mission critical. For those using VPN, constant data interchange and, in short, using the internet as the connection between users in a quasi-intranet, the internet IS mission critical. Traffic shaping is a trendy idea - but there are other alternatives which can be deployed faster, more reliably and without upsetting customers.

Response by Rogers:

This article contains a couple of inaccuracies regarding Rogers.

Firstly Rogers does not degrade encrypted traffic.

We do manage the traffic on our network to ensure performance for our subscribers.

Our policy is to allocate a percentage of the bandwidth provided for peer to peer traffic, whether that peer to peer traffic is encrypted or not. Encrypted packets that are not based on peer to peer protocols such as VPN’s, secure HTTP and services such as Citrix are not managed through this allocation.

We should also point out that we have been allocating bandwidth for P2P traffic for some years and that this is a common practice among broadband Internet providers.

Secondly, the statement attributed to Mr. Michael Geist regarding the "downgrading": of interpret phone service is also completely inaccurate. Rogers places a high priority on time sensitive traffic, such as voice traffic. ALL Internet phone services are treated equally. Thee is no evidence to suggest otherwise.

And for the record, I show below a letter that was published regarding yet another inaccurate statement from Mr. Geist about the University of Ottawa.

It is most unfortunate that Mr. Geist’s inaccuracies get reported as fact.

Taanta Gupta

Vice President Communication Rogers Communications Inc. Business,

April 16.

"For the record, Rogers is not "degrading encrypted traffic," as Michael Geist suggests.

He claims Rogers customers in Ottawa are having trouble getting email from the University of Ottawa. We have had no complaints to our call centre on this issue. We have tested the most common encrypted applications and have not been able to detect any performance issues.

Our equipment ensures network capacity is reserved for such services as email and Web surfing, and peer-to-peer traffic does not overwhelm the system.

Ken Engelhart, Vice-President, Regulatory, Rogers Communications Inc., Toronto