At 11:01 AM -0700 8/22/02, Nigel Clarke wrote:
Jeff,
In a nutshell you're saying do nothing.
Not necessarily ... Each network operator will need to make their own decisions. There are various associations that lobby on behalf of ISPs, telecommunications companies, educational institutions, and others and those groups might choose to work with Congress to see if we can get reasonable laws passed, keep unreasonable laws from being passed, or get existing unreasonable laws revised. In fact I assume that they are already doing that. They might also work with the courts (would need to join someone else's court case probably) to see if we can get reasonable interpretations of the laws. Some of us who don't belong to such organizations now might consider joining. Individuals and individual organizations can work with Congress as well. Some organizations may think this is a good time to update their policies and procedures so that they explicitly address new circumstances that we are now confronted with and provide a firm legal basis for taking actions, when appropriate, that don't conflict with obligations to end users or others. The DMCA pretty much requires this, although the DMCA doesn't say exactly what one is required to do other than have and implement "reasonable" policies. Having explicit policies can sometimes allow you to refuse to do something as well as require you to do something. We can all talk to the press and others to raise awareness of these issues. We might have a session at a NANOG meeting to talk more about these issues. We could invite the RIAA, folks from Congress, folks from China, and Janis Ian (Do we think the RIAA is as brave as the FBI and might actually stand up in front of a NANOG meeting? Would be fun to find out.). To the extent that the issues are international in scope we can talk to our international colleagues about them or encourage discussions by the NANOG-like groups in other parts of the world. We might want to work through IETF or elsewhere to develop protocols to distribute lists of IP addresses, ranges of IP addresses, lists of ASs, that should be blocked in some fashion so if we are required to do these sort of things that they can be applied by everyone more or less equally and that the overhead of doing them and keeping track of them is shared among many providers and doesn't just land on the providers that happen to be targeted by someone. We might consider establishing a clearing house that helps us all deal with these matters. Or we might not want to do any of these things since it might make it easier for someone to ask us to do it. We might work at IETF or elsewhere to write a best practices RFC or similar document that talks about how ISPs should address these issues. We might write another best practices RFC that helps non-ISPs understand what actions they can and should take when they encounter these sorts of problems (on-going online theft of copyrighted materials or other intellectual property). Most of all I think we need to avoid general vigilante or retaliatory action against the RIAA or others that might be illegal. I think we might be justified in taking specific actions to prevent attacks on or harm to our customers, ourselves, or our peers. I think it will be easier to defend those specific actions if they are based on thoughtfully developed policies. I think it will be much harder to justify taking those specific actions if the RIAA or others talk Congress into passing laws that explicitly allow them to attack others under some circumstances. I think the main action here is likely to be before Congress and in the courts for sometime to come. If we care about this, we need to engage in those arenas. Sorry this got so long and sounds a bit like something you might expect to hear in a high school civics class. -Jeff Ogden Merit Network
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Jeff Ogden Sent: Thursday, August 22, 2002 7:42 AM To: nanog@merit.edu Subject: RE: Eat this RIAA (or, the war has begun?) - Why not all ISPs?
At 10:32 PM -0700 8/21/02, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
Just to state the obvious, no one is authorized to represent NANOG in this fashion, not even folks here at Merit. NANOG isn't a decision making organization. NANOG isn't something that can take actions (other than holding a few meetings each year and managing this e-mail list).
Individuals and organizations that participate in NANOG can take actions, but not in NANOG's name. I'm no lawyer, but I suspect that lawyers should be consulted before taking individual or coordinated action of the sort being suggested against another organization.
Of course IPSs do take action against individuals or organizations all of the time, but they need to do that based on policies and procedures that take into account their obligations to their customers as well as their obligations under the law.
As an end user I really don't want my ISP to make decisions about who is allowed to communicate with me or who I am allowed to communicate with except when those decisions are based on policies designed to protect me or others from serious problems (DDOS attacks and the like), even then I want those policies to be written and available so I can review them, and I want them to be applied fairly.
As an ISP I really don't want my upstream ISPs to make decisions about who is allowed to communicate with my network or who my network is allowed to communicate with except under the conditions outlined in my agreements with those ISPs. This is important to me if I am in turn going to be able to meet my obligations to my own end users.
So, I really don't want the RIAA to tell me or my upstreams who I can't communicate with, but neither do I want my upstreams to tell me that I can't communicate with the RIAA or the labels if I (or really my customers) want to do so.
-Jeff Ogden Merit Network