General Notices

NOTICE 1414 OF 2001



Independent Communications Authority of South Africa Findings and Conclusions on the s27 Enquiry on Whether a Virtual Private Network (VPN) constitutes a Managed Data Network Service (MDNS) or not.

1. Background

1.1. On 11 October 2000, the Independent Communications Authority of South Africa (ICASA) issued Notice 4043 of 2000 in Government Gazette number 21642, requesting representations from interested parties on whether a Virtual Private Network (VPN) constitutes a Managed Data Network Service (MDNS) or not.

1.2. The Authority received fourteen (14) written representations on 9 November 2000. Four (4) respondents made oral representations to the special committee appointed by the ICASA Council at the hearing, which was held on 23 November 2000.

1.3. Arguments have been presented by various stakeholders, both in written submissions and during the hearing, in an attempt to demonstrate that a VPN is on the one hand a PTN and on the other hand a Value Added Network Service (VANS), specifically a MDNS.

2. Findings

In the light of the above-mentioned the Authority has reached the following findings and conclusions -

2.1. Background

The legal basis for the issues and dispute are -

2.1.1. Value Added Network Services are provided in terms of a VANS licence issued by the Authority in terms of section 40 of the Act.

2.1.2. A Private Telecommunication Network licence is issued by the Authority in terms of section 41 of the Act. In terms of section 41(1)(b), a licence shall be required for the provision of a PTN only where such network is Interconnected to the PSTN.

2.1.3. VANS providers claimed that the term VPN is commonly used to indicate to VANS customers that the MDNS type of VANS, which are provided concurrently to many users over shared infrastructure, can have the same attributes as those provided by a PTN. On the other hand, Telkom claimed that any VAN service that has the attributes of a PTN is per se a PTN and as such may not be provided as part of VANS as it would be contravening Telkom's PSTS exclusivity.

2.2. Legislative and Regulatory Framework

In any attempt to determine whether a VPN constitutes a PTN or a MDNS, arguments for or against either has to be considered within the legislative and regulatory context, as well as existing practices and markets demands, as they exist at the time. In this respect in South Africa the following situation presently exists -

2.2.1. Telkom enjoys statutory exclusivity in respect of the provision of the public switched telecommunications network (PSTN) and public switched telecommunication services (PSTS) (which are conveyed over the PSTN), with the exception of customer premises equipment (CPE) and VANS.

2.2.2. The Act does not define VANS but recognises MDNS as a form of VANS.

2.2.3. In terms of s40(3) of the Act a VANS may not be used for the conveyance of voice signals until a date to be determined by the Minister.

2.2.4. The Act implies and the proposed VANS regulations stipulate that a VANS shall "add value" to signals that are conveyed on behalf of customers over the shared infrastructure.

2.2.5. In terms of s41 of the Act, PTN is not defined, however, the Act stipulates that a PTN may convey both voice and data signals that (must be) "principally and integrally" related to the activities of the PTN user.

2.2.6. S40(2) and s41(2) of the Act stipulate that VANS providers and PTN users respectively, shall construct their networks by means of telecommunication facilities provided by Telkom.

2.2.7. Both VANS providers and PTN users may self-provide the CPE necessary to construct their respective networks.

2.2.8. The term VPN is not mentioned in the Act.

2.2.9. The Authority has classified the Internet, specifically Internet access, as a VANS.

2.2.10. The main difference between a VANS and a PTN is that -

(a) VANS provision is a commercial service in the competitive domain of the telecommunication sector, consisting of non-voice telecommunication services provided by the VANS licensee to its clients (for a fee) over shared infrastructure, during which value not normally provided by Telkom as part of its standard services, is added, whereas

(b) A PTN is a network constructed for and operated by the licensee for purposes principally and integrally related to the operations of the licensee. The services on a PTN are not of a commercial nature. Although telecommunication traffic to or from customers of the PTN licensee are carried on the PTN in the course of their business dealings with the PTN licensee, such calls are not charged for by the PTN licensee. As the PTN is dedicated only to the operations of the licensee, it can be used as benchmark for service standards such as availability, reliability and security.

2.2.11. Technical position of a VANS (MDNS) and a PTN -

(a) Both value added (VAN) and private telecommunication (PTN) networks are constructed or configured by means of telecommunication facilities obtained from Telkom to interconnect the separate, non-contiguous sites involved, and to which Customer Premises Equipment (CPE) is connected in order to provide the respective services.

(b) VANS licensees are presently prohibited from offering voice services over the VAN. However, the CPE used in the provision of VANS may use any kind of technology, provided it is approved by the Authority. The services provided by VANS may even, for example, use TCP/IP (but not VolP) protocols (see 3.3).

(c) The PTN may be used for both voice and non-voice type services. Therefore, CPE employing any kind of technology, ranging from analogue telephony to ISDN, may be used provided it has been approved by the Authority.

(d) Both networks (VAN and PTN)) are tiered telecommunications networks. The first tier consists of the basic telecommunication facilities as provided exclusively by Telkom. The second and any further tiers are provided by pt licensees (for their own use) and by VANS licensees (to their customers on a commercial basis). Any addition on top of the first tier is part of the PTN or the VANS.

(e) A "Virtual Private Network" (VPN) is created in a VANS by the application of software based technological intervention in the operation of the VANS, order to ensure certain characteristics (privacy, security, guaranteed levels of availability and reliability) in communications between specified participants. A VPN is another tier on top of the VANS, which by itself is a second tier on top of the telecommunication facilities obtained from Telkom, used in the construction of a value added network.

3. Conclusion

In view of the foregoing, the Authority has come to the following conclusion -

3.1. The Act clearly distinguishes between a PTN and a VANS. Certain desirable service characteristics (normally associated with a PTN) can be achieved by software based technological intervention in the operation of any network (PTN or VANS) and is commonly referred to as a VPN. However, the VPN has no physical substance and is only manifested by the service characteristics it confers on the VANS.

3.2. While the raison d'etre for the application of VPN techniques to a VAN is to create services that have some of the attributes associated with PTN, this does not per se mean that the network to which it is applied ipso facto becomes a PTN. Regardless of the stated similarities to a PTN, such services are provided on the Value Added Network in shared mode to many users.

3.3. A VANS licensee, who strictly complies with the requirements of section 40 of the Act, can in no way be considered to be engaged in the provision of a PTN.

These requirements are inter alia, -

(a) The simultaneous conveyance on shared infrastructure of signals generated by customers, (of which the telecommunication facilities portion have been provided by Telkom);

(b) The adding of value, and

(c) No conveyance of voice signals.

3.4. Similarly, a PTN licensee who strictly complies with the requirements of section 41 of the Act can in no way provide a VANS/MDNS.

These requirements are -

(a) The network is constructed for own use by means of dedicated infrastructure (of which the telecommunication facilities have been provided by Telkom or in future by any other PSTS licensee), and

(b) The conveyance of both voice and non-voice signals as the need arises is permitted.

3.5. Within this context the VANS/MDNS licensee is entitled to apply any technical resources (redundant capacity and technological intervention) and managerial skills (management of the redundant capacity and technological intervention) to signal processing, packetising and encryption in order to meet customer requirements in respect of availability, reliability and security. The application of such resources and skills is part of the value adding process and is a regulatory and commercial necessity. In this regard it is worth noting that customer perceptions of the services received are of vital commercial importance to the VANS licensee but irrelevant from a regulatory perspective.

3.6. Within this context, a PTN may not be used to provide and sell services to third parties.

3.7. It must be noted that "VPN techniques" can also be applied with benefit to PTNs and even the PSTN, for example to differentiate between and separate different types of calls in order to ensure preference for mission critical traffic within the PTN and/or PSTN.

3.8. It is a reality that e-commerce, and the demands it makes on availability, reliability and security of any telecommunication service, via the public Internet (a VAN), play an ever increasing role in the South African economy.

3.9. Within the present legal context, the so-called "VPN" is neither a MDNS or a PTN but is manifested as desirable service characteristics resulting from software based technological intervention in the management, configuration and operation of a VANS, which is a legal service in terms of section 40 of the Act, particularly section 40(4)(b)