[112385] in North American Network Operators' Group
Re: Legislation and its effects in our world
daemon@ATHENA.MIT.EDU (Fred Baker)
Wed Feb 25 12:12:49 2009
From: Fred Baker <fred@cisco.com>
To: nanog@nanog.org
In-Reply-To: <2edfe3130902250706w2399947cie685c980bec3cd7b@mail.gmail.com>
Date: Wed, 25 Feb 2009 09:06:13 -0800
Errors-To: nanog-bounces@nanog.org
I am not a lawyer; I am a person that can read something that is =20
written in the English language, and considered by some to be a =20
"reasonable man". So please don't consider this to be legal advice. =20
Also, although I am posting from a Cisco account, this note represents =20=
my understanding based on a reading of the text of the bill, not an =20
opinion of or advice by Cisco. Further, I do not represent myself as =20
either for or against the legislation or the implied technology. I =20
have opinions on all that, but I'll save them for another email.
#include <any other disclaimers that are important>
The text of the bill, which is in committee, is at =
http://www.govtrack.us/congress/billtext.xpd?bill=3Ds111-436=20
. Read the text of the bill before continuing with my comments on it =20
or on Declan's article.
Most of the bill is about defining "child pornography", such as " =20
inserting =911466A (relating to obscene visual representation of the =20
abuse of children),=92 before =91section 1708=92", or about changing =20
penalties. Data retention is discussed in section 5:
> SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE =20
> PROVIDERS.
> Section 2703 of title 18, United States Code, is amended by adding =20
> at the end the following:
> =91(h) Retention of Certain Records and Information- A provider of an =20=
> electronic communication service or remote computing service shall =20
> retain for a period of at least two years all records or other =20
> information pertaining to the identity of a user of a temporarily =20
> assigned network address the service assigns to that user.=92.
In context, this is about providers of a service. BTW, it doesn't talk =20=
about *creating* a record that doesn't exist, it talks about =20
*retaining* records that have already been created, such as billing =20
records or other records that would support billing and maintenance. =20
IANAL, so run this by your lawyers, but a provider of a service is in =20=
the FCC definitions someone that sells a service to random purchasers, =20=
not someone that provides communications to his own employees, =20
students, or family members. This came up during the discussion by the =20=
FCC about lawful intercept and what constituted a network that had to =20=
implement it several years ago. This is confirmed, says the =20
"reasonable man", by the definition of the offense in Section 3:
> =91(a) Offense- Whoever, being an Internet content hosting provider or =
=20
> email service provider, knowingly engages in any conduct the =20
> provider knows or has reason to believe facilitates access to, or =20
> the possession of, child pornography (as defined in section 2256) =20
> shall be fined under this title or imprisoned not more than 10 =20
> years, or both.
Note the lack of reference to home routers, wireless in any form, or =20
any of the other stuff Declan mentions in his article:
> (CNET) -- Republican politicians on Thursday called for a sweeping =20
> new federal law that would require all Internet providers and =20
> operators of millions of Wi-Fi access points, even hotels, local =20
> coffee shops, and home users, to keep records about users for two =20
> years to aid police investigations.
I would ask you, how many local coffee shops or hotels that you know =20
of operate their own Internet access? How many instead contract with T-=20=
Mobile or some other provider? Since the billing record is done with =20
the provider (you somehow pay a bill to T-Mobile-or-whoever for use of =20=
the wifi and you identify yourself to them at the time you access the =20=
service), whom would you expect might be required to "retain" those =20
records?
I would also be a trifle careful with Declan's repeated references to =20=
the party of the person who submitted the bill. The bill is, or at =20
least looks like, enabling legislation required by the Cybercrime =20
Treaty (http://tinyurl.com/6m9ey, Article 20 of which calls for what =20
is now called "Data Retention"), and is pretty much in line with the =20
current EU directive on the topic (http://tinyurl.com/2maatj). Both =20
major parties in the US have been on deck during the negotiation of =20
the CyberCrime Treaty, and whatever your opinion of it might be, this =20=
bill is in line with Obama campaign promises and actions as president =20=
as I understand them.
I personally tend to ignore stuff written by Declan. It requires too =20
much work to drill through the political activism and sensationalism-=20
portrayed-as-journalism to find the germ of truth that inspired the =20
article.
On Feb 25, 2009, at 7:06 AM, Jim Willis wrote:
> After having a brief conversation with a friend of mine over the =20
> weekend
> about this new proposed legislation I was horrified to find that I =20
> could not
> dig anything up on it in NANOG. Surely this sort of short minded =20
> legislation
> should have been a bit more thought through in its effects on those =20=
> that
> would have to implement these changes. My major concern is not just =20=
> for
> myself but for a much broader picture.
>
> "Republican politicians on Thursday called for a sweeping new =20
> federal law
> that would require all Internet providers and operators of millions =20=
> of Wi-Fi
> access points, even hotels, local coffee shops, and home users, to =20
> keep
> records about users for two years to aid police investigations."
>
> http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html
>
>
> I understand and agree that minors should be protected and I think =20
> child
> pornography is awful, however I think how the government is going =20
> about
> catching these criminals with this new legislation will not really =20
> be any
> more efficient than there current methods. Having a log of all IP's =20=
> that
> come across my or anyone in America's "home" Wi-Fi for two years is =20=
> not
> going to help "police investigations" but will cause me to have to =20
> go buy a
> more expensive router.
>
> So I'm just wondering, how would this legislation effect some of you =20=
> on the
> NANOG list?
>
> -Jim
