[119088] in North American Network Operators' Group
Re: Congress may require ISPs to block fraud sites H.R.3817
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Nov 6 10:52:54 2009
In-Reply-To: <4AF3716B.1040000@bennett.com>
Date: Fri, 6 Nov 2009 10:51:48 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Richard Bennett <richard@bennett.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Nov 5, 2009 at 7:44 PM, Richard Bennett <richard@bennett.com> wrote=
:
> I think the idea is for the government to create an official blacklist of
> the offending sites, and for ISPs to consult it before routing a packet t=
o
this works exceptionally unwell for the Singaporese(ian) govt'...
(list of bad sites comes out monthly, montly+1min all sites change
ips, weee!)
> the fraud site. The common implementation would be an ACL on the ISPs bor=
der
'common implementation' isn't 'common' nor 'implementable' in many cases.
> router. The Congress doesn't yet understand the distinction between ISPs =
and
> transit providers, of course, and typically says that proposed ISP
nor 'web hosting farm' ... (of course FastFlux puts a hole in the
'hosting' part of that)
> regulations (including the net neutrality regulations) apply only to
> consumer-facing service providers.
>
> If this measure passes, you can expect expansion of blocking mandates for
> rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.
sure, been there, done that... German anti-nazi-propganda laws anyone?
(or france or singapore or ...)
-Chris
(Note, I don't think that NO LAW is a good answer, but often the laws
proposed or passed seem to misunderstand how the networks are
run/build/maintained/used)
> RB
>
> Steven Bellovin wrote:
>>
>> On Nov 5, 2009, at 5:56 PM, Valdis.Kletnieks@vt.edu wrote:
>>
>>> On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
>>>>
>>>> Did I miss a thread on this? Has anyone looked at this yet?
>>>
>>>> `(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, o=
n
>>>> or through a system or network controlled or operated by the Internet
>>>> service provider, transmits, routes, provides connections for, or stor=
es
>>>> any material containing any misrepresentation of the kind prohibited i=
n
>>>> paragraph (1) shall be liable for any damages caused thereby, includin=
g
>>>> damages suffered by SIPC, if the Internet service provider--
>>>
>>> "routes" sounds the most dangerous part there. =A0Does this mean that i=
f
>>> we have a BGP peering session with somebody, we need to filter it?
>>
>> Also "transmits". =A0(I'm impressed that someone in Congress knows the w=
ord
>> "routes"....)
>>>
>>> Fortunately, there's the conditions:
>>>
>>>> `(A) has actual knowledge that the material contains a misrepresentati=
on
>>>> of the kind prohibited in paragraph (1), or
>>>
>>>> `(B) in the absence of actual knowledge, is aware of facts or
>>>> circumstances from which it is apparent that the material contains a
>>>> misrepresentation of the kind prohibited in paragraph (1), and
>>>
>>>> upon obtaining such knowledge or awareness, fails to act expeditiously
>>>> to remove, or disable access to, the material.
>>>
>>> So the big players that just provide bandwidth to the smaller players a=
re
>>> mostly off the hook - AS701 has no reason to be aware that some website
>>> in
>>> Tortuga is in violation (which raises an intresting point - what if the
>>> site *is* offshore?)
>>>
>>> And the immediate usptreams will fail to obtain knowledge or awareness =
of
>>> their customer's actions, the same way they always have.
>>
>> Note the word "circumstances"...
>>>
>>> Move along, nothing to see.. ;)
>>
>> Until, of course, some Assistant U.S. Attorney or some attorney in a civ=
il
>> lawsuit decides you were or should have been aware and takes you to cour=
t.
>> =A0You may win, but after spending O(\alph_0) zorkmids on lawyers defend=
ing
>> yourself....
>>
>>
>> =A0 =A0 =A0 =A0--Steve Bellovin, http://www.cs.columbia.edu/~smb
>>
>>
>>
>>
>>
>>
>
> --
> Richard Bennett
> Research Fellow
> Information Technology and Innovation Foundation
> Washington, DC
>
>
>
