Democracy is not a spectator sport. The US House (hr.2975 PATRIOT) and US Senate (s.1510 USA) have introduced bills that will cost ISPs a lot of money -- potentially tens of thousands of dollars -- even for small ISPs. Unlike CALEA, there is no requirement that ISPs be reimbursed. This happened because the legislators are clueless about technical requirements. It is up to you to educate them! With the bombing started, it is thought that the bills will be pushed through this week, without going through the normal committee review. Each and every one of you MUST call your legislators, where you work and again where you live. Call your Senator, and then call your Representative. Do not send email, it won't get read soon enough! Since Monday is a legal holiday of sorts, you may have to wait until Tuesday morning, but try on Monday anyway. -- Urge your representatives in Congress to hold full hearings, and fix technical problems. 1. Call the White House switchboard at 202-224-3121, and ask to be connected to the office of your Congressional representative. -or- Look up the office numbers on the web at www.house.gov and www.senate.gov. 2. When you are put through, say "May I please speak to the staff member who is working on the anti-terrorism legislation?" If that person is not available to speak with you, say "May I please leave a message?" 3. Briefly explain that you work for an Internet Service Provider, and although you appreciate the efforts of your representative to address the challenges brought about by the September 11th tragedy, it would be a mistake to make any changes in the federal wiretap statute that do not respond to "the immediate threat of investigating or preventing terrorist acts." -- If they want to talk details, here they are: Both bills add "addressing" and "routing" to the list of activities that can be requested without a specific court order. So, just like call setup for the phone companies, every single address that you assign, via DHCP or otherwise, and every ARP, RIP, OSPF, and BGP routing table change, must be recorded for posterity -- just in case any state or federal agents want to review it someday. No time limits, and no statute of limitations. Some lawyers read this to extend to tracking every URL accessed through your POPs, and every email To: and From: transmitted over your networks, since they both can be considered "addressing" and your activity "routing". Obviously, the legislators don't quite understand what a dynamic packet connectionless Internet means! -- My solution, after talking to several Representatives and Senators staffs, is to add clarification to the definitions section 3127: (7) the term "addressing" means a numeric identifier that assists the delivery of electronic communications over a specific link, attached to the outermost encapsulation of the communication (but not including the contents of such communication). (8) the term "routing" means the numeric internetwork locator associated with a communication that facilitates its carriage between electronic communication services, contained within the internetwork communication encapsulation (but not including the contents of such communication). -- As you can see, my solution means you can do it with standard tools, like tcpdump or snort, and unlike phone call setup, there's nothing in the definitions that indicates the information has to be recorded for future requests.... -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32