[149378] in North American Network Operators' Group
RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked
daemon@ATHENA.MIT.EDU (Nathan Eisenberg)
Thu Feb 2 13:24:23 2012
From: Nathan Eisenberg <nathan@atlasnetworks.us>
To: Ray Soucy <rps@maine.edu>
Date: Thu, 2 Feb 2012 18:23:09 +0000
In-Reply-To: <CALFTrnP0pAtBJOJWTzzcad0hvq2_3DjferwOkckHqycT+sE_OQ@mail.gmail.com>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> > So, to pose the obvious question: Should there be [a law against
> prefix hijacking]?
While I'm certain that's largely rooted in lawmakers who are not technicall=
y savvy, I wonder if we-as-an-industry couldn't (or, shouldn't) be doing mo=
re to move internal values and policies into defensible legal standards.
> So far the track record of the US government trying to make laws
> regarding technology and the Internet has been less than stellar.
>=20
> The DMCA is already bad enough, but we continue to see things like
> PROTECT IP and SOPA pop up in attempts to hand over even more control
> of the Internet to those with enough money to buy the votes; at great
> cost to service providers and universities, mind you.
The best we-as-an-industry seem to be able to contribute to the problem is =
strongly worded and expertly backed petitions to Congress. We're in perman=
ent legislative fire-fighting mode, and we seem to be losing ground at an a=
larming pace.
=20
> Over the past few years it has become blatantly obvious that entire
> industries are trying to gain special control over the Internet. The
> RIAA and the MPAA both being openly guilty:
>=20
> "Candidly, those who count on quote 'Hollywood' for support need to
> understand that this industry is watching very carefully who's going
> to stand up for them when their job is at stake, don't ask me to write
> a check for you when you think your job is at risk and then don't pay
> any attention to me when my job is at stake."
>=20
> Chris Dodd, CEO MPAA in response to Obama position on SOPA.
=20
You and I agree that this is a disturbing concept - I doubt there are many =
dissenting opinions on this list (which is its own monoculture issue for an=
other day).
> With attempts at government control of DNS already underway, I think
> handing over control of BGP would be a dream come true for these guys.
=20
Indeed - and I don't think anyone is suggesting that we hand operational co=
ntrol of BGP to the courts. I'm more curious about legally codifying RIR a=
llocations (obviously, this is a complex and regional issue, but since the =
two parties in the OP were both US based companies, we can at least begin t=
o have this conversation).
Again, I don't know what the right answer is. I'm just turning this over i=
n my brain, and it seems to me that the current state of affairs is too fra=
gile. There is no 'drivers test' before you get your AS number. There are=
few consequences for hijackers and the service providers who support them =
- especially if those providers are very large. There is historical preced=
ent for government regulation in non-virtual industries helping to curb the=
chaos.
Hypothesis: If operators could recover their damages via the legal system f=
rom a service provider for aiding and abetting the hijacking of their ARIN =
assigned space, it would encourage a great deal more due-diligence in the s=
ervice provider space. With nothing to gain, and money to lose, companies =
will expect their netops people to behave as good netizens.
Thoughts?
Nathan
