On Thu, Nov 5, 2009 at 7:44 PM, Richard Bennett <richard@bennett.com> wrote:
I think the idea is for the government to create an official blacklist of the offending sites, and for ISPs to consult it before routing a packet to
this works exceptionally unwell for the Singaporese(ian) govt'... (list of bad sites comes out monthly, montly+1min all sites change ips, weee!)
the fraud site. The common implementation would be an ACL on the ISPs border
'common implementation' isn't 'common' nor 'implementable' in many cases.
router. The Congress doesn't yet understand the distinction between ISPs and transit providers, of course, and typically says that proposed ISP
nor 'web hosting farm' ... (of course FastFlux puts a hole in the 'hosting' part of that)
regulations (including the net neutrality regulations) apply only to consumer-facing service providers.
If this measure passes, you can expect expansion of blocking mandates for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.
sure, been there, done that... German anti-nazi-propganda laws anyone? (or france or singapore or ...) -Chris (Note, I don't think that NO LAW is a good answer, but often the laws proposed or passed seem to misunderstand how the networks are run/build/maintained/used)
RB
Steven Bellovin wrote:
On Nov 5, 2009, at 5:56 PM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Also "transmits". (I'm impressed that someone in Congress knows the word "routes"....)
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Note the word "circumstances"...
Move along, nothing to see.. ;)
Until, of course, some Assistant U.S. Attorney or some attorney in a civil lawsuit decides you were or should have been aware and takes you to court. You may win, but after spending O(\alph_0) zorkmids on lawyers defending yourself....
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC