What can ISPs do better? Removing racism out of internet
Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going straight to the point. Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported. What can we do better as network operators about hate sites like 8Chan? I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/ I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives? Mehmet -- Mehmet +1-424-298-1903
Well, once they let NetOps fire sales staff we can get some traction going. -- Joe Hamelin, W7COM, Tulalip, WA, +1 (360) 474-7474 On Sun, Aug 4, 2019 at 8:42 PM Mehmet Akcin <mehmet@akcin.net> wrote:
Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going straight to the point.
Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported.
What can we do better as network operators about hate sites like 8Chan?
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
Mehmet
-- Mehmet +1-424-298-1903
could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
Nope. If they follow the word of the providers and services they use, there is no reason to terminate the service. CloudFlare terminating 8chan's service was a one off thing. Search rankings have nothing to do with the hosting or proxy provider. If 8chan is coloed, the only options are feds seizing hardware or tapping their connectivity. Ryan
On Aug 4, 2019, at 8:41 PM, Mehmet Akcin <mehmet@akcin.net> wrote:
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
I''d suggest reducing their reputation rankings, as reported by SpamHous and their kin. That's not to say that "Spamhaus and their kin must", although that would be one implementation. Another would be to include them also some other ranking mechanism in the analysis, and reduce the reputation of such sites in the implied alternative. Another would be to include such rankings in their calculations of whom to accept as customers - BGP or otherwise - and if some AS seems to accept such as customers, not accept them. I imagine they do, to some extent, but this could be followed up more closely.
On Sunday, 4 August, 2019 21:41, Mehmet Akcin <mehmet@akcin.net> wrote:
Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported.
What can we do better as network operators about hate sites like 8Chan?
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
I do not quite understand this. In days of yore, nutters used to send their screeds to Newspapers, TV and Radio stations. Did you shut them down or move them to frequencies that could not be received with COTS TVs and Radios? Did you ban the newspapers, put them out of business, or make it so their broadsheet was only available by travelling by aeroplane for 8 hours before breakfast? Of course not, you silly duck! There is an advantage to having all the nutters congregating on one place -- you know exactly where to find them. Granted, the advantage is not exactly the same as we apply to politicians (or lawyers) who are kepts all in one place so that kinetic weapons can dispatch the whole lot at one go if necessary. However, your solution of sweeping things you do not like under the rug is ill-conceived if not brain-dead in conception and you must not be permitted to carry out your objectives. The fate of the free world depends on it. However, do not worry. US AG William Barr is doing a fine job deploying his "backdoors". Why just the other day one of them was used to shut down the Georgia State Public Safety Services, and prior to that his "backdoors" were used to shut down several city computer systems in Florida and even the City of Baltimore. Good work with those backdoors, Mr. Barr. Job well done! It is nincompoops who do not think about what they are doing that create such a bloody mess of things. They should let the adults take care of it. Now, enough of this off-topic stuff and back to our regularly scheduled programming. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Mehmet, I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers. ISPs such as Cloudfare can no more disconnect customers for legal, if offensive, content than the phone company can, without losing that common carrier status. Cloudfare is being foolish, and hypocritical. They freely, for example, carry the equally offensive content of Antifa. Are they going to cut them off too? In America we have the right to free speech, and the right to use common carriers to carry that speech. If a common carrier chooses to censor legal speech, which is what Cloudfare has done, then it loses its CC status and can now be sued for that speech. -mel beckman
On Aug 5, 2019, at 8:06 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
On Sunday, 4 August, 2019 21:41, Mehmet Akcin <mehmet@akcin.net> wrote:
Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported.
What can we do better as network operators about hate sites like 8Chan?
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
I do not quite understand this.
In days of yore, nutters used to send their screeds to Newspapers, TV and Radio stations. Did you shut them down or move them to frequencies that could not be received with COTS TVs and Radios? Did you ban the newspapers, put them out of business, or make it so their broadsheet was only available by travelling by aeroplane for 8 hours before breakfast?
Of course not, you silly duck!
There is an advantage to having all the nutters congregating on one place -- you know exactly where to find them. Granted, the advantage is not exactly the same as we apply to politicians (or lawyers) who are kepts all in one place so that kinetic weapons can dispatch the whole lot at one go if necessary.
However, your solution of sweeping things you do not like under the rug is ill-conceived if not brain-dead in conception and you must not be permitted to carry out your objectives. The fate of the free world depends on it.
However, do not worry. US AG William Barr is doing a fine job deploying his "backdoors". Why just the other day one of them was used to shut down the Georgia State Public Safety Services, and prior to that his "backdoors" were used to shut down several city computer systems in Florida and even the City of Baltimore. Good work with those backdoors, Mr. Barr. Job well done!
It is nincompoops who do not think about what they are doing that create such a bloody mess of things. They should let the adults take care of it.
Now, enough of this off-topic stuff and back to our regularly scheduled programming.
-- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
* mel@beckman.org (Mel Beckman) [Mon 05 Aug 2019, 17:21 CEST]:
Cloudfare is being foolish, and hypocritical. They freely, for example, carry the equally offensive content of Antifa. Are they going to cut them off too?
Finally, a centrist to point out the true culprits of all this violence
Mel: My understanding is ISPs are not Common Carriers. Didn’t we just have a big debate about this w/r/t Network Neutrality? I Am Not A Lawyer (hell, I am not even an ISP :), but if any legal experts want to chime in, please feel free to educate us. Put another way, ISPs are not phone companies. Moreover, ISPs - and CDNs and hosting providers and etc. - can have terms of service which do not allow certain types of content on their platform. Again, that is is my understanding. Happy to be educated by someone who specializes in this type of law. I know there are a couple such people on NANOG-l. -- TTFN, patrick P.S. Interesting choice equating a group founded on the principals that “Nazis are bad” and a group espousing Nazi ideas. But that’s very off-topic, so if you want to discuss, please do so directly.
On Aug 5, 2019, at 11:13 AM, Mel Beckman <mel@beckman.org> wrote:
Mehmet,
I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers. ISPs such as Cloudfare can no more disconnect customers for legal, if offensive, content than the phone company can, without losing that common carrier status.
Cloudfare is being foolish, and hypocritical. They freely, for example, carry the equally offensive content of Antifa. Are they going to cut them off too?
In America we have the right to free speech, and the right to use common carriers to carry that speech. If a common carrier chooses to censor legal speech, which is what Cloudfare has done, then it loses its CC status and can now be sued for that speech.
-mel beckman
On Aug 5, 2019, at 8:06 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
On Sunday, 4 August, 2019 21:41, Mehmet Akcin <mehmet@akcin.net> wrote:
Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported.
What can we do better as network operators about hate sites like 8Chan?
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
I do not quite understand this.
In days of yore, nutters used to send their screeds to Newspapers, TV and Radio stations. Did you shut them down or move them to frequencies that could not be received with COTS TVs and Radios? Did you ban the newspapers, put them out of business, or make it so their broadsheet was only available by travelling by aeroplane for 8 hours before breakfast?
Of course not, you silly duck!
There is an advantage to having all the nutters congregating on one place -- you know exactly where to find them. Granted, the advantage is not exactly the same as we apply to politicians (or lawyers) who are kepts all in one place so that kinetic weapons can dispatch the whole lot at one go if necessary.
However, your solution of sweeping things you do not like under the rug is ill-conceived if not brain-dead in conception and you must not be permitted to carry out your objectives. The fate of the free world depends on it.
However, do not worry. US AG William Barr is doing a fine job deploying his "backdoors". Why just the other day one of them was used to shut down the Georgia State Public Safety Services, and prior to that his "backdoors" were used to shut down several city computer systems in Florida and even the City of Baltimore. Good work with those backdoors, Mr. Barr. Job well done!
It is nincompoops who do not think about what they are doing that create such a bloody mess of things. They should let the adults take care of it.
Now, enough of this off-topic stuff and back to our regularly scheduled programming.
-- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Patrick, You’re confusing the FCC’s definition of common carrier for telecom regulatory purposes, and the DMCA definition, which specifically grants ISPs protection from litigation through its Safe Harbor provision, as long as they operate as pure common carriers: “Section 512(a) provides a safe harbor from liability for ISPs, provided that they operate their networks within certain statutory bounds, generally requiring the transmission of third-party information without interference, modification, storage, or selection. [emphasis mine] http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf -mel On Aug 5, 2019, at 8:43 AM, Patrick W. Gilmore <patrick@ianai.net<mailto:patrick@ianai.net>> wrote: Mel: My understanding is ISPs are not Common Carriers. Didn’t we just have a big debate about this w/r/t Network Neutrality? I Am Not A Lawyer (hell, I am not even an ISP :), but if any legal experts want to chime in, please feel free to educate us. Put another way, ISPs are not phone companies. Moreover, ISPs - and CDNs and hosting providers and etc. - can have terms of service which do not allow certain types of content on their platform. Again, that is is my understanding. Happy to be educated by someone who specializes in this type of law. I know there are a couple such people on NANOG-l. -- TTFN, patrick P.S. Interesting choice equating a group founded on the principals that “Nazis are bad” and a group espousing Nazi ideas. But that’s very off-topic, so if you want to discuss, please do so directly. On Aug 5, 2019, at 11:13 AM, Mel Beckman <mel@beckman.org<mailto:mel@beckman.org>> wrote: Mehmet, I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers. ISPs such as Cloudfare can no more disconnect customers for legal, if offensive, content than the phone company can, without losing that common carrier status. Cloudfare is being foolish, and hypocritical. They freely, for example, carry the equally offensive content of Antifa. Are they going to cut them off too? In America we have the right to free speech, and the right to use common carriers to carry that speech. If a common carrier chooses to censor legal speech, which is what Cloudfare has done, then it loses its CC status and can now be sued for that speech. -mel beckman On Aug 5, 2019, at 8:06 AM, Keith Medcalf <kmedcalf@dessus.com<mailto:kmedcalf@dessus.com>> wrote: On Sunday, 4 August, 2019 21:41, Mehmet Akcin <mehmet@akcin.net<mailto:mehmet@akcin.net>> wrote: Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported. What can we do better as network operators about hate sites like 8Chan? I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/ I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives? I do not quite understand this. In days of yore, nutters used to send their screeds to Newspapers, TV and Radio stations. Did you shut them down or move them to frequencies that could not be received with COTS TVs and Radios? Did you ban the newspapers, put them out of business, or make it so their broadsheet was only available by travelling by aeroplane for 8 hours before breakfast? Of course not, you silly duck! There is an advantage to having all the nutters congregating on one place -- you know exactly where to find them. Granted, the advantage is not exactly the same as we apply to politicians (or lawyers) who are kepts all in one place so that kinetic weapons can dispatch the whole lot at one go if necessary. However, your solution of sweeping things you do not like under the rug is ill-conceived if not brain-dead in conception and you must not be permitted to carry out your objectives. The fate of the free world depends on it. However, do not worry. US AG William Barr is doing a fine job deploying his "backdoors". Why just the other day one of them was used to shut down the Georgia State Public Safety Services, and prior to that his "backdoors" were used to shut down several city computer systems in Florida and even the City of Baltimore. Good work with those backdoors, Mr. Barr. Job well done! It is nincompoops who do not think about what they are doing that create such a bloody mess of things. They should let the adults take care of it. Now, enough of this off-topic stuff and back to our regularly scheduled programming. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
On Aug 5, 2019, at 10:02 AM, Mel Beckman <mel@beckman.org> wrote:
Patrick,
You’re confusing the FCC’s definition of common carrier for telecom regulatory purposes, and the DMCA definition, which specifically grants ISPs protection from litigation through its Safe Harbor provision, as long as they operate as pure common carriers:
“Section 512(a) provides a safe harbor from liability for ISPs, provided that they operate their networks within certain statutory bounds, generally requiring the transmission of third-party information without interference, modification, storage, or selection. [emphasis mine]
http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf
-mel
Section 512(a) applies very specifically to the copyright infringement issue as addressed in the DMCA. While I don't disagree that this law school paper, written while Lovejoy was a law student, in 2013, could be read as if ISPs were common carriers, they are not, and were not. Even if it were headed that way, actions by the current FTC and administration rolled back net neutrality efforts in 2017, four years after this student paper was published. All that said, this is very arcane stuff, and ever-mutating, so it's not at all difficult to see why reasonable people can differ about the meanings of various things out there. Anne Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
Anne of Many Titles, I notice you didn’t provide any actual data to support your position. What, for example, outside of copyright violations, could ISPs conceivably be liable for? Present an argument to make your case. “No, because I’m a lawyer and you’re not” is not an argument :) As clearly stated in DMC 512(a), the safe harbor provision for transitory transport, which is what Cloudfare provides, "protects service providers who are passive conduits from liability for copyright infringement, even if infringing traffic passes through their networks. In other words, provided the infringing material is being transmitted at the request of a third party to a designated recipient, is handled by an automated process without human intervention, is not modified in any way, and is only temporarily stored on the system, the service provider is not liable for the transmission.” That’s not a law school student opinion. That’s the law itself. As I previously said, I’m not talking about the FCC definition of CC. Under DMCA, "service providers who are passive conduits” are the essence of the common law definition of Common Carrier (https://en.wikipedia.org/wiki/Common_carrier). Incidentally, Network Neutrality wasn’t enacted until 2015, and classified ISPs as FCC CCs purely to bring them under regulation by the FCC. DMCA was passed in 1998, and Safe Harbor is based on the fact that ISPs are “passive conduits". NN has nothing to do with the common carrier aspect of ISPs as "service providers who are passive conduits”. -mel On Aug 5, 2019, at 9:41 AM, Anne P. Mitchell, Esq. <amitchell@isipp.com<mailto:amitchell@isipp.com>> wrote: On Aug 5, 2019, at 10:02 AM, Mel Beckman <mel@beckman.org<mailto:mel@beckman.org>> wrote: Patrick, You’re confusing the FCC’s definition of common carrier for telecom regulatory purposes, and the DMCA definition, which specifically grants ISPs protection from litigation through its Safe Harbor provision, as long as they operate as pure common carriers: “Section 512(a) provides a safe harbor from liability for ISPs, provided that they operate their networks within certain statutory bounds, generally requiring the transmission of third-party information without interference, modification, storage, or selection. [emphasis mine] http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf -mel Section 512(a) applies very specifically to the copyright infringement issue as addressed in the DMCA. While I don't disagree that this law school paper, written while Lovejoy was a law student, in 2013, could be read as if ISPs were common carriers, they are not, and were not. Even if it were headed that way, actions by the current FTC and administration rolled back net neutrality efforts in 2017, four years after this student paper was published. All that said, this is very arcane stuff, and ever-mutating, so it's not at all difficult to see why reasonable people can differ about the meanings of various things out there. Anne Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
Mel, this is to ack your note. "Because I'm a lawyer" isn't an argument at all, *nor have I made it* - however, that I'm extremely busy, and under no obligation to provide any of this information here, is. I'm not here for academic debate. You are also free to bring a lawsuit based on ISP as common carrier, but you will lose. Anne
On Aug 5, 2019, at 12:19 PM, Mel Beckman <mel@beckman.org> wrote:
Anne of Many Titles,
I notice you didn’t provide any actual data to support your position. What, for example, outside of copyright violations, could ISPs conceivably be liable for? Present an argument to make your case. “No, because I’m a lawyer and you’re not” is not an argument :)
As clearly stated in DMC 512(a), the safe harbor provision for transitory transport, which is what Cloudfare provides,
"protects service providers who are passive conduits from liability for copyright infringement, even if infringing traffic passes through their networks. In other words, provided the infringing material is being transmitted at the request of a third party to a designated recipient, is handled by an automated process without human intervention, is not modified in any way, and is only temporarily stored on the system, the service provider is not liable for the transmission.”
That’s not a law school student opinion. That’s the law itself. As I previously said, I’m not talking about the FCC definition of CC. Under DMCA, "service providers who are passive conduits” are the essence of the common law definition of Common Carrier (https://en.wikipedia.org/wiki/Common_carrier).
Incidentally, Network Neutrality wasn’t enacted until 2015, and classified ISPs as FCC CCs purely to bring them under regulation by the FCC. DMCA was passed in 1998, and Safe Harbor is based on the fact that ISPs are “passive conduits". NN has nothing to do with the common carrier aspect of ISPs as "service providers who are passive conduits”.
-mel
On Aug 5, 2019, at 9:41 AM, Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote:
On Aug 5, 2019, at 10:02 AM, Mel Beckman <mel@beckman.org> wrote:
Patrick,
You’re confusing the FCC’s definition of common carrier for telecom regulatory purposes, and the DMCA definition, which specifically grants ISPs protection from litigation through its Safe Harbor provision, as long as they operate as pure common carriers:
“Section 512(a) provides a safe harbor from liability for ISPs, provided that they operate their networks within certain statutory bounds, generally requiring the transmission of third-party information without interference, modification, storage, or selection. [emphasis mine]
http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf
-mel
Section 512(a) applies very specifically to the copyright infringement issue as addressed in the DMCA. While I don't disagree that this law school paper, written while Lovejoy was a law student, in 2013, could be read as if ISPs were common carriers, they are not, and were not. Even if it were headed that way, actions by the current FTC and administration rolled back net neutrality efforts in 2017, four years after this student paper was published.
All that said, this is very arcane stuff, and ever-mutating, so it's not at all difficult to see why reasonable people can differ about the meanings of various things out there.
Anne
Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
--- Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
On Mon, 05 Aug 2019 18:19:06 -0000, Mel Beckman said:
I notice you didn’t provide any actual data to support your position. What, for example, outside of copyright violations, could ISPs conceivably be liable for?
You get caught with nuclear weapons data, terrorism-related info, or kiddie porn on your servers dropped there by a customer, you're going to be wishing for a safe harbor that extends further than just copyright. Whether you actually get one is going to depend on a *lot* of details of the specific incident. At that point, don't listen to me, and don't listen to Anne, hire a good lawyer who knows exactly what the rules are in your jurisdiction(s) and listen to them :)
Valdis, The key misunderstanding on your part is the phrase “on your servers”. ISPs acting as conduits do not, by definition (in the DMCA), store anything on servers. Moreover, the DMCA specifically spells out that safe harbor protection “covers acts of transmission, routing, or providing connections for the information, as well as the intermediate and transient copies that are made automatically in the operation of a network.” And if the FBI, or whoever, through various technical means, managed to discover that illegal information passed through an ISPs network, they have no more cause of action than if that traffic passed through AT&T leased lines. Not that they haven’t tried. -mel On Aug 5, 2019, at 11:34 AM, Valdis Klētnieks <valdis.kletnieks@vt.edu<mailto:valdis.kletnieks@vt.edu>> wrote: On Mon, 05 Aug 2019 18:19:06 -0000, Mel Beckman said: I notice you didn’t provide any actual data to support your position. What, for example, outside of copyright violations, could ISPs conceivably be liable for? You get caught with nuclear weapons data, terrorism-related info, or kiddie porn on your servers dropped there by a customer, you're going to be wishing for a safe harbor that extends further than just copyright. Whether you actually get one is going to depend on a *lot* of details of the specific incident. At that point, don't listen to me, and don't listen to Anne, hire a good lawyer who knows exactly what the rules are in your jurisdiction(s) and listen to them :)
On Mon, 05 Aug 2019 20:40:43 -0000, Mel Beckman said:
The key misunderstanding on your part is the phrase “on your servers”. ISPs acting as conduits do not, by definition (in the DMCA), store anything on servers.
Note that ISPs whose business is 100% "acting as conduits" are in the minority. Hint: The DMCA has the text about data stored on ISP servers because many ISPs aren't mere conduits. And this thread got started regarding a CDN, which is very much all about storing data on servers.....
Valdis, A CDN is very much an ISP. It is providing transport for its customers from arbitrary Internet destinations, to the customer’s content. The caching done by a CDN is incidental to this transport, in accordance with the DMCA. The alternative is that you believe CDNs are not protected by safe Harbor. Is that the case? -mel via cell
On Aug 5, 2019, at 4:02 PM, Valdis Klētnieks <valdis.kletnieks@vt.edu> wrote:
On Mon, 05 Aug 2019 20:40:43 -0000, Mel Beckman said:
The key misunderstanding on your part is the phrase “on your servers”. ISPs acting as conduits do not, by definition (in the DMCA), store anything on servers.
Note that ISPs whose business is 100% "acting as conduits" are in the minority.
Hint: The DMCA has the text about data stored on ISP servers because many ISPs aren't mere conduits. And this thread got started regarding a CDN, which is very much all about storing data on servers.....
On Tue, 06 Aug 2019 02:27:30 -0000, Mel Beckman said:
A CDN is very much an ISP. It is providing transport for its customers from arbitrary Internet destinations, to the customer’s content. The caching done by a CDN is incidental to this transport, in accordance with the DMCA.
Just because the DMCA says it's incidental doesn't mean that covers all bases. Go read up on the mess that covers warrants for e-mail contents - the rules are different for on-the-wire intercepts, mail that's in the queue and not delivered to a mailbox yet, mail that's been delivered to a mailbox and not read, and mail that's been read by the user and left in the mailbox, and mail that the user has read and downloaded to their personal computer. Anybody who thinks "DMCA says we have a safe harbor" is the be-all and end-all of it is in for a rude awakening. And if you have an NSL show up on your desk, you're in for a whole different world of hurt - even finding and hiring a lawyer can be a problem when you can't tell the lawyer you have an NSL problem until after you've hired them to help with your NSL problem. But I guarantee that if you tell the person handing you the NSL "DMCA says I have a safe harbor, get out of my office", your day will get even worse.
A CDN is a hosting company. It is the logical continuation and evolution of what an httpd hosting/server colo company was twenty years ago, but with more geographical scale and a great deal more automation tools. I have never in my life seen a medium to large-sized hosting company that didn't have a ToS reserving the right to discontinue service at any time for arbitrary reasons. On Mon, Aug 5, 2019 at 7:28 PM Mel Beckman <mel@beckman.org> wrote:
Valdis,
A CDN is very much an ISP. It is providing transport for its customers from arbitrary Internet destinations, to the customer’s content. The caching done by a CDN is incidental to this transport, in accordance with the DMCA.
The alternative is that you believe CDNs are not protected by safe Harbor. Is that the case?
-mel via cell
On Aug 5, 2019, at 4:02 PM, Valdis Klētnieks <valdis.kletnieks@vt.edu> wrote:
On Mon, 05 Aug 2019 20:40:43 -0000, Mel Beckman said:
The key misunderstanding on your part is the phrase “on your servers”. ISPs acting as conduits do not, by definition (in the DMCA), store anything on servers.
Note that ISPs whose business is 100% "acting as conduits" are in the minority.
Hint: The DMCA has the text about data stored on ISP servers because many ISPs aren't mere conduits. And this thread got started regarding a CDN, which is very much all about storing data on servers.....
Eric, Not really. The customer provides the content on its own servers. The CDN simply redistributes the content via temporary caching. It’s not a web hosting provider. The CDN _customer_ hosts the content. -mel beckman On Aug 5, 2019, at 11:09 PM, Eric Kuhnke <eric.kuhnke@gmail.com<mailto:eric.kuhnke@gmail.com>> wrote: A CDN is a hosting company. It is the logical continuation and evolution of what an httpd hosting/server colo company was twenty years ago, but with more geographical scale and a great deal more automation tools. I have never in my life seen a medium to large-sized hosting company that didn't have a ToS reserving the right to discontinue service at any time for arbitrary reasons. On Mon, Aug 5, 2019 at 7:28 PM Mel Beckman <mel@beckman.org<mailto:mel@beckman.org>> wrote: Valdis, A CDN is very much an ISP. It is providing transport for its customers from arbitrary Internet destinations, to the customer’s content. The caching done by a CDN is incidental to this transport, in accordance with the DMCA. The alternative is that you believe CDNs are not protected by safe Harbor. Is that the case? -mel via cell
On Aug 5, 2019, at 4:02 PM, Valdis Klētnieks <valdis.kletnieks@vt.edu<mailto:valdis.kletnieks@vt.edu>> wrote:
On Mon, 05 Aug 2019 20:40:43 -0000, Mel Beckman said:
The key misunderstanding on your part is the phrase “on your servers”. ISPs acting as conduits do not, by definition (in the DMCA), store anything on servers.
Note that ISPs whose business is 100% "acting as conduits" are in the minority.
Hint: The DMCA has the text about data stored on ISP servers because many ISPs aren't mere conduits. And this thread got started regarding a CDN, which is very much all about storing data on servers.....
On Tue, 06 Aug 2019 06:15:36 -0000, Mel Beckman said:
Not really. The customer provides the content on its own servers. The CDN simply redistributes the content via temporary caching. It’s not a web hosting provider. The CDN _customer_ hosts the content.
That's an... interesting.. interpretation. Most people would see it as the CDN doing the hosting, and the customer *providing* the content to be hosted. Do you also believe that your outbox is hosting the e-mail I'm replying to, and all the MTAs that got involved are just temporary caching? Or did you provide a copy of the mail, and request that the MTAs distribute it? (Also, if the CDN isn't a web hosting provider, why is it able to serve up data on an http connection? Hint - at one time, almost the entire web was static content, and even today a lot of it is file data not javascript and css. ;)
Valdis, You agree that the CDN content is temporary, no? That is the definition of processes used by an ISP providing pure transport services. -mel via cell
On Aug 5, 2019, at 11:36 PM, Valdis Klētnieks <valdis.kletnieks@vt.edu> wrote:
On Tue, 06 Aug 2019 06:15:36 -0000, Mel Beckman said:
Not really. The customer provides the content on its own servers. The CDN simply redistributes the content via temporary caching. It’s not a web hosting provider. The CDN _customer_ hosts the content.
That's an... interesting.. interpretation. Most people would see it as the CDN doing the hosting, and the customer *providing* the content to be hosted.
Do you also believe that your outbox is hosting the e-mail I'm replying to, and all the MTAs that got involved are just temporary caching? Or did you provide a copy of the mail, and request that the MTAs distribute it?
(Also, if the CDN isn't a web hosting provider, why is it able to serve up data on an http connection? Hint - at one time, almost the entire web was static content, and even today a lot of it is file data not javascript and css. ;)
Hey guys, how about we talk about the CLOUD act now? Anne --- Anne P. Mitchell, Attorney at Law Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose CEO/President, Institute for Social Internet Public Policy Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
Anne, Is the CLOUD Act germane to North American network operations (the mission of NANOG)? My understanding is that this ACT was to help solve problems the FBI had with obtaining remote data through overseas service providers, through SCA warrants. SCA already compels U.S.- and Canada-based service providers, via warrant or subpoena, to provide requested data stored on servers. It doesn’t matter if the data are stored in the U.S. or in another country. I’m not seeing how CLOUD impacts any NANOG member, which just encompasses Canada and the US (Mexico has its own network operator’s group, LACNOG.) I’m open to being educated, however. -mel On Aug 6, 2019, at 8:47 AM, Anne P. Mitchell, Esq. <amitchell@isipp.com<mailto:amitchell@isipp.com>> wrote: Hey guys, how about we talk about the CLOUD act now? Anne --- Anne P. Mitchell, Attorney at Law Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose CEO/President, Institute for Social Internet Public Policy Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
Is the CLOUD Act germane to North American network operations (the mission of NANOG)? My understanding is that this ACT was to help solve problems the FBI had with obtaining remote data through overseas service providers, through SCA warrants.
SCA already compels U.S.- and Canada-based service providers, via warrant or subpoena, to provide requested data stored on servers. It doesn’t matter if the data are stored in the U.S. or in another country. I’m not seeing how CLOUD impacts any NANOG member, which just encompasses Canada and the US (Mexico has its own network operator’s group, LACNOG.)
I’m open to being educated, however.
The CLOUD act is reciprocal. It allows an agency of another country to demand from U.S.-based holders of data that data which is relevant to a citizen of that country, where that individual is working abroad in the U.S.. - with *no* due process - in fact with no requirement of notice to that individual. It's the equivalent of a demand for production of documents (i.e. a subpoena) - no warrant, no anything else. Example (using the UK because that is the reciprocal agreement closest to being formalized): John Deaux is from London, and a citizen of the UK. John is working in the U.S., at a tech company in Palo Alto, California. John has a Gmail account, and uses Dropbox to store his photos. A law enforcement agency in the UK decides that it wants access to the data in John’s Gmail account and Dropbox account, and so they serve a demand for the production of John’s data on Google and Dropbox, under the CLOUD Act. If the U.S. and the UK have an executive agreement in place as contemplated by the CLOUD Act, Google and Dropbox must comply. And, it gets worse: Let’s say that while combing through John Deaux’s Gmail data the UK authorities find evidence that he has been laundering money, and they believe that it may be in concert with Joe Smith, who lives in Mountain View, a short distance from John. Joe is a U.S. citizen. The U.S. authorities do not know about Joe’s possible illegal activity, and they have no reason to suspect it. If they did suspect it, they would have to convince a judge to issue a warrant to search Joe’s data (because in the U.S. you can only use the subpoena route if there is already an open case against the person). *However*, there is nothing in the CLOUD Act that stops the UK agency from simply passing this data on to U.S. law enforcement voluntarily. In fact, the CLOUD Act encourages it. Anne --- Anne P. Mitchell, Attorney at Law Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose CEO/President, Institute for Social Internet Public Policy Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
On Tuesday, 6 August, 2019 12:17, Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote: ...
John Deaux is from London, and a citizen of the UK. John is working in the U.S., at a tech company in Palo Alto, California. John has a Gmail account, and uses Dropbox to store his photos. A law enforcement agency in the UK decides that it wants access to the data in John’s Gmail account and Dropbox account, and so they serve a demand for the production of John’s data on Google and Dropbox, under the CLOUD Act. If the U.S. and the UK have an executive agreement in place as contemplated by the CLOUD Act, Google and Dropbox must comply.
I assume that by "serve a demand" you mean "send a letter requesting"? I realize that the purpose of the terms "serve a demand" if legal globedey-glook phrased to pompously instill in the reader some feeling of the majesty and due regard for the process (etc), but in reality it is just pompous for "send a letter requesting" is it not?
Google and Dropbox must comply.
Well, no. They do not "have to" do anything. You do not *have to comply* with anything. Such is the nature of existance and it has always been thus. Of course, those seeking compliance are also free to torture you until you do as they want, but you do not "have to comply". What happens when an irresistable force (the torturer) meets and immovable object (the one refusing to comply) depends on which has the greatest resolve. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
On Tue, 06 Aug 2019 12:54:55 -0600, "Keith Medcalf" said:
I realize that the purpose of the terms "serve a demand" if legal globedey-glook phrased to pompously instill in the reader some feeling of the majesty and due regard for the process (etc), but in reality it is just pompous for "send a letter requesting" is it not?
I don't know about that. Most definitions of "pompous" don't include the implied phrase "or end up in a cell on a contempt citation". Feel free to be the test case to find out if a demand under the CLOUD act can result in a US contempt citation. :)
On Tuesday, 6 August, 2019 13:21, Valdis Kletnieks <valdis.kletnieks@vt.edu> wrote:
On Tue, 06 Aug 2019 12:54:55 -0600, "Keith Medcalf" said:
I realize that the purpose of the terms "serve a demand" if legal globedey-glook phrased to pompously instill in the reader some feeling of the majesty and due regard for the process (etc), but in reality it is just pompous for "send a letter requesting" is it not?
I don't know about that. Most definitions of "pompous" don't include the implied phrase "or end up in a cell on a contempt citation".
In Canada that is called "Extortion" and is a crime punishable by a number of years in prison. If the "implication" of the phraseology is to convey a threat in order to obtain compliance with the object of the statement, then the entire process is extortion from the get go. Since this cannot possibly be the case, your assertion must be incorrect, and there can be no such implication. Moveover I would wonder what exactly one would be in contempt of? The politicians who voted in favour of the passage of the Act? Contempt for the sender of the letter? None of these are capable of being "contempt" in any actionable sense. In fact, failure to comply with an order of a judge who makes an "administrative" order (that is, who is not acting as a judge, but is merely an administrative functionary or rubber-stamper) does not constitute contempt of court in Canada (since there was no actual due process or court function of judicial judgement involved to be in contempt of).
Feel free to be the test case to find out if a demand under the CLOUD act can result in a US contempt citation. :)
Anyone can bring whatever proceedings they like before any court at any time for any reason or no reason at all without regard to the probability of success of those proceedings. So whether or not "a demand under the CLOUD act can result in a US contempt citation" is quite meaningless. Of course, I only have first-hand knowledge of legal procedures in free countries, so how the United States does things is not entirely within my experience. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
My final comment on the original proposition of this thread, "What can ISPs do better? Removing racism out of internet.” is that no, we can’t remove racism from the Internet and still have free speech on, at least, democratically-administered Internet realms. -mel On Aug 6, 2019, at 12:43 PM, Keith Medcalf <kmedcalf@dessus.com<mailto:kmedcalf@dessus.com>> wrote: On Tuesday, 6 August, 2019 13:21, Valdis Kletnieks <valdis.kletnieks@vt.edu<mailto:valdis.kletnieks@vt.edu>> wrote: On Tue, 06 Aug 2019 12:54:55 -0600, "Keith Medcalf" said: I realize that the purpose of the terms "serve a demand" if legal globedey-glook phrased to pompously instill in the reader some feeling of the majesty and due regard for the process (etc), but in reality it is just pompous for "send a letter requesting" is it not? I don't know about that. Most definitions of "pompous" don't include the implied phrase "or end up in a cell on a contempt citation". In Canada that is called "Extortion" and is a crime punishable by a number of years in prison. If the "implication" of the phraseology is to convey a threat in order to obtain compliance with the object of the statement, then the entire process is extortion from the get go. Since this cannot possibly be the case, your assertion must be incorrect, and there can be no such implication. Moveover I would wonder what exactly one would be in contempt of? The politicians who voted in favour of the passage of the Act? Contempt for the sender of the letter? None of these are capable of being "contempt" in any actionable sense. In fact, failure to comply with an order of a judge who makes an "administrative" order (that is, who is not acting as a judge, but is merely an administrative functionary or rubber-stamper) does not constitute contempt of court in Canada (since there was no actual due process or court function of judicial judgement involved to be in contempt of). Feel free to be the test case to find out if a demand under the CLOUD act can result in a US contempt citation. :) Anyone can bring whatever proceedings they like before any court at any time for any reason or no reason at all without regard to the probability of success of those proceedings. So whether or not "a demand under the CLOUD act can result in a US contempt citation" is quite meaningless. Of course, I only have first-hand knowledge of legal procedures in free countries, so how the United States does things is not entirely within my experience. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
I'm so tired of this thread - but the bottom line is that censorship and even the definition of "hate" and "racism" (especially when used in the vernacular!) are extremely subjective and can lead to situations where reasonable people disagree. And if/when such policies are implemented to try to limit or shut down such speech, horrific unintended collateral damage will LIKELY occur. Also, totalitarian regimes OFTEN use the same arguments to get their foot in the door of controlling and suppressing speech. Even now, the mainstream news media is ALREADY highlighting a very selective part of these murderer's ideologies, and suppressing other parts, in order to convey an overall impression of their ideologies that doesn't actually match them, but furthers certain biased agendas. So actions to suppress "hate speech" and "racism" based on the 1/2 truths that most have been brainwashed to believe about these evil murderers' beliefs (1/2 contradicted by their own actual writings, which are already evil!), is ALREADY well on its way towards potentially causing collateral damage by unplugging or suppressing forums/platforms that really don't closely match the actual ideology of the shooters. Again, I'm not defending the murderers in the slightest - I'm just saying that many of those in favor of limiting speech are the SAME crowd that is either publishing or consuming content that describes the shooters' ideologies in a certain particular way that purposely tries to make them look like a DIFFERENT group of deranged people, in order to advance a biased agenda. So we're already well on the way towards the collateral damage I mentioned above. Also, I'm not saying that nothing should ever be done, or that we can't make any changes or improvements, but the cure might end up being potentially much worse than the disease if we're not careful. -- Rob McEwen
And now this has happened, in a nutshell France's lower house says remove content which is "obviously hateful" (words used in the article) in 24 hours or face up to a 1.25M euro fine. Granted perhaps it won't become law. But legislators are clearly becoming consumed with this whole internet fad and when all you have is a hammer the whole world looks like a nail. I'd argue all they're trying to legislate is free curation from providers which is a really lousy thing to do. https://www.msn.com/en-us/news/world/frances-lower-house-passes-online-hate-... -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Tue, 6 Aug 2019, Rob McEwen wrote:
I'm so tired of this thread - but the bottom line is that censorship and even the definition of "hate" and "racism" (especially when used in the vernacular!) are extremely subjective and can lead to situations where reasonable people disagree. And if/when such policies are implemented to try to limit or shut down such speech, horrific unintended collateral damage will LIKELY occur. Also, totalitarian regimes OFTEN use the same arguments to get their foot in the door of controlling and suppressing speech. Even now, the mainstream news media is ALREADY highlighting a very selective part of these murderer's ideologies, and suppressing other parts, in order to convey an overall impression of their ideologies that doesn't actually match them, but furthers certain biased agendas. So actions to suppress "hate speech" and "racism" based on the 1/2 truths that most have been brainwashed to believe about these evil murderers' beliefs (1/2 contradicted by their own actual writings, which are already evil!), is ALREADY well on its way towards potentially causing collateral damage by unplugging or suppressing forums/platforms that really don't closely match the actual ideology of the shooters.
those who perform political curation of content are at risk of losing their section 230 protections. archive.fo/zOUBG if you really want this to happen, go ahead and "remove racism out of internet". you won't like the result. -Dan
On August 5, 2019 at 19:02 valdis.kletnieks@vt.edu (Valdis Klētnieks) wrote:
Hint: The DMCA has the text about data stored on ISP servers because many ISPs aren't mere conduits. And this thread got started regarding a CDN, which is very much all about storing data on servers.....
I acted as an expert witness for the FBI regarding a case which revolved around whether email spending time on intermediate servers is "storing" the data or is it just another form of wire transmission? I don't think they came to a definitive conclusion, the case was basically settled out of court, plea-bargained I think, it was a criminal matter. But needless to say, once again, a non-legal-expert's reading of "storing data on servers" doesn't amount to a hill of beans in the legal world. It turned out to be very important at least in theory since illegally intercepting a wire transmission falls under a completely different law than illegally accessing stored data, the defendant was arguing that he'd been charged under the wrong law, and the court agreed it was a valid point to investigate. So my phone rang and I tried to help with the part of that (technical) I knew something about, how internet email is transmitted etc. But I was briefed on the legal aspects to help me focus on what they needed and I agreed it isn't /prima facie/ obvious. For example you may see storing of email (which may not even mean to a physical disk) during transmission through intermediate servers as "storing of data" but then again many network devices have various buffering mechanisms in which data might reside for some amount of time. Are they legally distinguishable? Should they be? etc. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Anne, I can see the 4th amendment violation here, but are there operational issues with ISPs? For example, CALEA requires telecommunications carriers (or VoIP providers) to provide voice data streams to law enforcement agencies in real time. NSLs require production of customer information in secret, which means the ISP needs internal security procedures to avoid criminal violations of the terms of the NSL. So impacted ISP’s have a clear operational concerns in both cases. What is the CLOUD Act’s operational impact? Is it the same as responding to an ordinary subpoena or search warrant? FISA, for example, has similar 4A issues, but no operational component for ISPs (the government intercepts data using its own means in the Internet backbone). One operational issue with CLOUD might be how much data an ISP turns over in a CLOUD Act request (which I gather still requires due process for the ISP). For example, when your example law enforcement agency in the UK uses their power under a CLOUD executive agreement to collect a foreign target’s data from a US ISP, can the ISP legally sanitize that data to mask US citizens information? This is, after all, the standard with FISA 702 (requiring the gov to get a warrant before looking at information collected on US intelligence agencies surveilling foreign targets). If that’s the case, then there is an operational interest in ISP-operated software to do the sanitizing. If it’s not the case, and the ISP has to turn over anything requested, I’m not seeing the operational impact. The technical effort is no different than with today’s domestic subpoenas, which ISPs deal with all the time. -mel
On Aug 6, 2019, at 11:17 AM, bzs@theworld.com wrote:
On August 5, 2019 at 19:02 valdis.kletnieks@vt.edu (Valdis Klētnieks) wrote:
Hint: The DMCA has the text about data stored on ISP servers because many ISPs aren't mere conduits. And this thread got started regarding a CDN, which is very much all about storing data on servers.....
I acted as an expert witness for the FBI regarding a case which revolved around whether email spending time on intermediate servers is "storing" the data or is it just another form of wire transmission?
I don't think they came to a definitive conclusion, the case was basically settled out of court, plea-bargained I think, it was a criminal matter.
But needless to say, once again, a non-legal-expert's reading of "storing data on servers" doesn't amount to a hill of beans in the legal world.
It turned out to be very important at least in theory since illegally intercepting a wire transmission falls under a completely different law than illegally accessing stored data, the defendant was arguing that he'd been charged under the wrong law, and the court agreed it was a valid point to investigate.
So my phone rang and I tried to help with the part of that (technical) I knew something about, how internet email is transmitted etc. But I was briefed on the legal aspects to help me focus on what they needed and I agreed it isn't /prima facie/ obvious.
For example you may see storing of email (which may not even mean to a physical disk) during transmission through intermediate servers as "storing of data" but then again many network devices have various buffering mechanisms in which data might reside for some amount of time. Are they legally distinguishable? Should they be? etc.
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers. ISPs such as Cloudfare can no more disconnect customers for legal, if offensive, content than the phone company can, without losing that common carrier status.
Cloudfare is being foolish, and hypocritical. They freely, for example, carry the equally offensive content of Antifa. Are they going to cut them off too?
In America we have the right to free speech, and the right to use common carriers to carry that speech. If a common carrier chooses to censor legal speech, which is what Cloudfare has done, then it loses its CC status and can now be sued for that speech.
-mel beckman
ISPs are not common carriers, and, in fact, they have the right to carry - or to not carry - whatever traffic they choose. In fact, for some aspects of Internet traffic, ISP immunity is specifically written into the law (cf. CAN-SPAM §8(c) which states that "(c) No EFFECT ON POLICIES OF PROVIDERS OF INTERNET ACCESS SERVICE.--Nothing in this Act shall be construed to have any effecton the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route,relay, handle, or store certain types of electronic mail messages."). Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
My first suggestion would be to include an indemnification clause in your contracts which includes liability for content, if you don't already have it (probably most do.) And a clause which indicates you (need lawyering for this) will seek expenses including but not limited to legal, judgements, reputational recovery (e.g., cost of producing press releases), etc, incurred by actions taken by customer. I've long had something like the latter regarding anyone using our facilities to spam and I have billed spammers, and have collected some of those bills. I don't do this punitively. I really like to be paid for our time and services! Their behavior doesn't give them free access to our time even in the form of responding to emails ("above and beyond normal") or phone calls etc regarding their behavior. I also included a clause that allows me to require an immediate deposit if the outstanding bill rises above (pick a number) and failure to provide that deposit or work out an arrangement is grounds for suspension of services. That allows for nearly immediate action rather than putting it into a 30 day billing cycle. But the real power of generating that sort of bill is if they won't or don't pay ok then they've been shut off not for their content etc but for non-payment have a nice day. And if they pay, ok. As I said I have been paid generally with a promise to moderate their behavior, usually involving too-aggressive email advertising causing a lot of complaints. Perhaps not spamming in spirit but if we come in to 100+ complaints which need to be responded to I ain't payin' for that! But beyond their right to express themselves, which I'm ok with, they need to be financially responsible for their costs. Free speech is not necessarily "free" as in beer. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Aug 5, 2019, at 11:46 AM, bzs@theworld.com wrote:
My first suggestion would be to include an indemnification clause in your contracts which includes liability for content, if you don't already have it (probably most do.)
And a clause which indicates you (need lawyering for this) will seek expenses including but not limited to legal, judgements, reputational recovery (e.g., cost of producing press releases), etc, incurred by actions taken by customer.
These are all excellent suggestions - and while we're on the subject of that sort of thing, *everyone* should have warrantees of GDPR compliance in any of their third-party contracts in which data can be touched, and *also* indemnification clauses in those same contracts if you are held responsible because those third-parties were breached, etc., and found to *not* be in compliance with GDPR (for which GDPR specifically provides - i.e. GDPR can go through the third-party contract and hold *you* liable). This is one of the ways that GDPR can seep in to get you even if you think you're safe because you're not in the EU. Anne --- Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
Hi Anne, I would argue that if you're not in the EU and have no presence there, you are safe from GDPR. No matter how much they EUSSR wants it, they cannot enforce their laws in other jurisdictions. What would happen if Russia would try to enforce their laws in the U.S.? Same thing. GDPR is the most ridiculous piece of legislation I've ever read, and a clear indication of where the EUSSR is headed to. A bloated business unfriendly socialist continent. Thanks, Sabri Berisha, Network Engineer CEO/President, Cluecentral Ventures Inc Volunteer, Barrett Elementary School Author: www.null.nl Network Consultant M.Sc, MBA, JNCIE-M/SP #261, JNCIP-M/SP #381, JNCIS-ER, JNCIS-ENT, JNCSP-SP, ECE-IPN #2 Board of Directors, Villanova HOA Licensed Pilot Former JTAC Engineer Member: AAA ----- On Aug 5, 2019, at 10:56 AM, Anne P. Mitchell, Esq. amitchell@isipp.com wrote:
On Aug 5, 2019, at 11:46 AM, bzs@theworld.com wrote:
My first suggestion would be to include an indemnification clause in your contracts which includes liability for content, if you don't already have it (probably most do.)
And a clause which indicates you (need lawyering for this) will seek expenses including but not limited to legal, judgements, reputational recovery (e.g., cost of producing press releases), etc, incurred by actions taken by customer.
These are all excellent suggestions - and while we're on the subject of that sort of thing, *everyone* should have warrantees of GDPR compliance in any of their third-party contracts in which data can be touched, and *also* indemnification clauses in those same contracts if you are held responsible because those third-parties were breached, etc., and found to *not* be in compliance with GDPR (for which GDPR specifically provides - i.e. GDPR can go through the third-party contract and hold *you* liable). This is one of the ways that GDPR can seep in to get you even if you think you're safe because you're not in the EU.
Anne
---
Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Former Counsel: Mail Abuse Prevention System (MAPS) Member: California Bar Association
In article <6956E76B-E6B7-409F-A636-C7607BFD881C@beckman.org> you write:
Mehmet,
I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers.
ISPs in the U.S. are not carriers and never have been. Even the ISPs that are subsidaries of telcos, which are common carriers for their telco operations, are not common carriers for their ISPs. This should not come as surprise to anyone who's spent 15 minutes looking at the relevant law. ISPs are probably protected by 47 USC 230(c)(1) but all of the case law I know is related to web sites or hosting providers.
John, Please reread my comments. I did not say “carriers” and specifically excluded the FCC’s definition. I said “Common Carriers”, as defined by Common Law. The DMCA asserts that they must operate as CCs under this definition: in order to get protection under Safe Harbor they must function as a “passive conduit” of information. -mel via cell
On Aug 6, 2019, at 7:36 PM, John Levine <johnl@iecc.com> wrote:
In article <6956E76B-E6B7-409F-A636-C7607BFD881C@beckman.org> you write:
Mehmet,
I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers.
ISPs in the U.S. are not carriers and never have been. Even the ISPs that are subsidaries of telcos, which are common carriers for their telco operations, are not common carriers for their ISPs.
This should not come as surprise to anyone who's spent 15 minutes looking at the relevant law.
ISPs are probably protected by 47 USC 230(c)(1) but all of the case law I know is related to web sites or hosting providers.
FYI, Bloomberg BusinessWeek published TODAY a 3,200-word article by Felix Gillette entitled "Section 230 Was Supposed to Make the Internet a Better Place. It Failed" https://www.bloomberg.com/news/features/2019-08-07/section-230-was-supposed-... Tony Patti [SW_logo_HighRes]<http://www.swalter.com/> CIO t: (215) 867-8401 f: (215) 268-7184 e: tony@swalter.com<mailto:tony@swalter.com> w: www.swalter.com<http://www.swalter.com/> -----Original Message----- From: NANOG <nanog-bounces@nanog.org> On Behalf Of Mel Beckman Sent: Tuesday, August 6, 2019 11:36 PM To: John Levine <johnl@iecc.com> Cc: nanog@nanog.org Subject: Re: What can ISPs do better? Removing racism out of internet John, Please reread my comments. I did not say “carriers” and specifically excluded the FCC’s definition. I said “Common Carriers”, as defined by Common Law. The DMCA asserts that they must operate as CCs under this definition: in order to get protection under Safe Harbor they must function as a “passive conduit” of information. -mel via cell
On Aug 6, 2019, at 7:36 PM, John Levine <johnl@iecc.com<mailto:johnl@iecc.com>> wrote:
In article <6956E76B-E6B7-409F-A636-C7607BFD881C@beckman.org<mailto:6956E76B-E6B7-409F-A636-C7607BFD881C@beckman.org>> you write:
Mehmet,
I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers.
ISPs in the U.S. are not carriers and never have been. Even the ISPs
that are subsidaries of telcos, which are common carriers for their
telco operations, are not common carriers for their ISPs.
This should not come as surprise to anyone who's spent 15 minutes
looking at the relevant law.
ISPs are probably protected by 47 USC 230(c)(1) but all of the case
law I know is related to web sites or hosting providers.
On 8/7/2019 10:50 AM, Tony Patti wrote:
FYI, /Bloomberg BusinessWeek/ published _TODAY_ a 3,200-word article by Felix Gillette entitled* "Section 230 Was Supposed to Make the Internet a Better Place. It Failed"* https://www.bloomberg.com/news/features/2019-08-07/section-230-was-supposed-...
If the whole Section 230 gets deleted - and isn't carefully replaced - then many DNSBLs and spam filters and spam filtering technology providers with get sued out of business (even if just by SLAPP lawsuits suddenly making more progress and costing a fortune in attorney feeds). These costs will then get passed onto consumers in the form of either MUCH WORSE spam filtering, or much higher costs for email hosting services. The same is true for Internet content filters, too. Be careful what you wish for, you might get it! -- Rob McEwen
I propose that the RIGHT THING TO DO would be to seek out, promote (to both customers and the public), and support various curation services like netnanny. Promoting the idea that third-party curation is a service one can obtain into the public discussion can only be good. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On Wednesday, 7 August, 2019 13:38, bzs@theworld.com wrote:
I propose that the RIGHT THING TO DO would be to seek out, promote (to >both customers and the public), and support various curation services like netnanny.
IANAP (I Am Not A Psychiatrist) however, persons who, when reading or hearing the words of others cannot control the images which leap, unbidden, into their minds causing them to offend themselves or otherwise instill in themselves a self-created state of distress, should, IMHO, seek professional help from a trained and certified mental health professional who may be able to help them overcome their mental disability either through psychotherapy or the administration of psychoactive drugs. I do not think NetNanny is a certified mental health professional in any jurisdication -- at least not those within the NANOG region. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Netnanny is mostly sold for parents to put on their children's access. You're not thinking this through. Promote third-party curation, those who never want to see content they find disturbing can PURCHASE* that service rather than bugging their congressperson to demand that ISPs provide this for everyone for free by law. * No reason it couldn't be ad-supported but I hope you get my point. On August 7, 2019 at 16:34 kmedcalf@dessus.com (Keith Medcalf) wrote:
On Wednesday, 7 August, 2019 13:38, bzs@theworld.com wrote:
I propose that the RIGHT THING TO DO would be to seek out, promote (to >both customers and the public), and support various curation services like netnanny.
IANAP (I Am Not A Psychiatrist) however, persons who, when reading or hearing the words of others cannot control the images which leap, unbidden, into their minds causing them to offend themselves or otherwise instill in themselves a self-created state of distress, should, IMHO, seek professional help from a trained and certified mental health professional who may be able to help them overcome their mental disability either through psychotherapy or the administration of psychoactive drugs.
I do not think NetNanny is a certified mental health professional in any jurisdication -- at least not those within the NANOG region.
-- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Well, I don't want any net nannies sensoring the news I get, any ideas the nanny does not like I will never see (?) On Wed, 07 Aug 2019 15:37:48 -0400, bzs@theworld.com wrote:
I propose that the RIGHT THING TO DO would be to seek out, promote (to both customers and the public), and support various curation services like netnanny.
Promoting the idea that third-party curation is a service one can obtain into the public discussion can only be good.
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
-- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici wb2una covici@ccs.covici.com
On August 7, 2019 at 18:43 covici@ccs.covici.com (John Covici) wrote:
Well, I don't want any net nannies sensoring the news I get, any ideas the nanny does not like I will never see (?)
Then you wouldn't buy it. Netnanny exists now, do you use it? No? Would you use it? No. Then nothing would change. P.S. Netnanny is an actual product parents can buy to put a filter on their children's access to the internet. I have no interest, it's just become a term for that kind of thing.
On Wed, 07 Aug 2019 15:37:48 -0400, bzs@theworld.com wrote:
I propose that the RIGHT THING TO DO would be to seek out, promote (to both customers and the public), and support various curation services like netnanny.
Promoting the idea that third-party curation is a service one can obtain into the public discussion can only be good.
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
-- Your life is like a penny. You're going to lose it. The question is: How do you spend it?
John Covici wb2una covici@ccs.covici.com
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
John, Seriously, just quote so people don’t have to look it up. Honestly, though others are probably right in that case law usually will over-ride written law due to our legal structure.
On Aug 6, 2019, at 10:36 PM, John Levine <johnl@iecc.com> wrote:
In article <6956E76B-E6B7-409F-A636-C7607BFD881C@beckman.org> you write:
Mehmet,
I’m not sure if you understand the terms under which ISPs operate as “common carriers”, and thus enjoy immunity from lawsuits due to the acts of their customers.
ISPs in the U.S. are not carriers and never have been. Even the ISPs that are subsidaries of telcos, which are common carriers for their telco operations, are not common carriers for their ISPs.
This should not come as surprise to anyone who's spent 15 minutes looking at the relevant law.
ISPs are probably protected by 47 USC 230(c)(1) but all of the case law I know is related to web sites or hosting providers.
[ (1)Treatment of publisher or speaker No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. ] Sounds great on paper, but sort of caught backpage in a quondam, perhaps because they installed filters to begin with. Technically, will anyone else booting customer’s for any offense of TOS be similar is still up for grabs, since it’s basically a political nightmare for lawyers right now. Right or wrong in your philosophy you are basically screwed imho. I guess that’s why Anne’s got a job... * Seriously though I think we should probably put a discussion thread in here, it’s reminding me of outages saying me too.
In article <56CBB25E-9A53-4E5E-B2CB-3E769112F516@truenet.com> you write:
John,
Seriously, just quote so people don’t have to look it up. Honestly, though others are probably right in that case law usually will over-ride written law due to our legal structure.
Well, kind of, but in this particular case they're well aligned.
ISPs are probably protected by 47 USC 230(c)(1) but all of the case law I know is related to web sites or hosting providers.
[ (1)Treatment of publisher or speaker No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. ]
Sounds great on paper, but sort of caught backpage in a quondam, perhaps because they installed filters to begin with.
Keep reading and look at 47 USC 230(c)(2). No provider or user of an interactive computer service shall be held liable on account of— (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; ... Courts have construed "otherwise objectionable" very broadly. It includes spam filtering. The section Mel has been trying to interpret is different, 17 USC 512(a) which says that if you're carrying traffic in a mechanical way (defined in more detail, see the statute) you're not responsible for copyright violations. This is not even sort of like being a common carrier, of course.
Technically, will anyone else booting customer’s for any offense of TOS be similar is still up for grabs, since it’s basically a political nightmare for lawyers right now.
No, really, it's not. ISPs and CDNs don't have to provide service to anyone. I suppose a lawyer could make a case if a provider refused to provide service to members of a protected class ("we don't serve black people") but the kind of people you find on 8chan aren't a protected class. R's, John
“Now, enough of this off-topic stuff and back to our regularly scheduled programming.” Keith, what could be more on-topic than an ISP’s status as a common carrier? Seems pretty operational to me. -mel
On Aug 5, 2019, at 8:06 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
Now, enough of this off-topic stuff and back to our regularly scheduled programming.
On Mon, Aug 5, 2019, at 11:30, Mel Beckman wrote:
Keith, what could be more on-topic than an ISP’s status as a common carrier? Seems pretty operational to me.
American ISPs are not common carriers. When net neutrality was revoked on December 14, 2017, so was ISP's common carrier status / protection. -- Harald
On Monday, 5 August, 2019 09:16, Mel Beckman <mel@beckman.org> wrote:
“Now, enough of this off-topic stuff and back to our regularly scheduled programming.”
Keith, what could be more on-topic than an ISP’s status as a common carrier? Seems pretty operational to me.
I think that is closing the barn door after the horse already left. It is my understanding that in your fabulous United States of America that "carriers" (meaning having no content serving nor content consuming customers*) may be "common carriers" or can claim to be common carriers. The rest of you who are not pure carriers are, thanks to Ijit Pai, merely Information Services and do not have common carrier status, nor can you claim to be common carriers. A "common carrier" is one who must provide carriage provided the fee for carriage is paid. This is not the case for "Information Service" providers as they are not required to provide carriage to any who can pay the fee for carriage. *I hate the term "content", it is somowhat lame. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Keith, You’re confusing ISPs that merely provide transport services, such as AT&T and Cloudfare, with information services like FaceBook and Twitter. The Common Carrier status for legal protection of ISPs stems from the 1998 DMCA, which long preceded the 2015 Network Neutrality act. It provides protection only for an ISP that as a “provider merely acts as a data conduit, transmitting digital information from one point on a network to another at someone else’s request.” The ISP loses that Common Carrier (in the Common Law definition) protection if it alters the transmission in any way. Just because an ISP isn’t a Common Carrier under FCC rules doesn’t mean that it isn’t a Common Carrier for other purposes. Trains and planes, for example, are Common Carriers, and the FCC has nothing to do with them. But they can’t exclude passengers based on their speech (yet, anyway). -mel
On Aug 5, 2019, at 8:54 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
On Monday, 5 August, 2019 09:16, Mel Beckman <mel@beckman.org> wrote:
“Now, enough of this off-topic stuff and back to our regularly scheduled programming.”
Keith, what could be more on-topic than an ISP’s status as a common carrier? Seems pretty operational to me.
I think that is closing the barn door after the horse already left.
It is my understanding that in your fabulous United States of America that "carriers" (meaning having no content serving nor content consuming customers*) may be "common carriers" or can claim to be common carriers. The rest of you who are not pure carriers are, thanks to Ijit Pai, merely Information Services and do not have common carrier status, nor can you claim to be common carriers.
A "common carrier" is one who must provide carriage provided the fee for carriage is paid. This is not the case for "Information Service" providers as they are not required to provide carriage to any who can pay the fee for carriage.
*I hate the term "content", it is somowhat lame.
-- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Cloudflare is not an ISP. They are a CDN. You cannot ask them for a DSL or Cable connection, or even DIA. Not that it matters: ISPs are not “Common Carriers” in statute or Common Law. The DMCA provides some protections which are similar to Common Carrier status, but that does not mean they have all the rights and responsibilities of Common Carriers. And just to be really meta, that doesn’t matter either. Cloudflare did nothing wrong. While in the US, anyone can sue anyone for anything, the idea 8Chan will prevail in suing Cloudflare for violation of Common Carrier responsibilities, or even for 1st amendment free speech rights, it ludicrous on its face. I am not terribly pleased with CF’s continued support of miscreants like “Booter Services” (read “DDoS-for-Hire”), but their lawyers are not idiots. And while you may not believe Anne, I know her and trust her judgement here. Plus I know a small amount about running CDNs. So I’m going to go with the consensus on the side of “not Common Carriers”. Feel free to disagree. But if you plan to convince the people reading this thread, you will have to do better than quoting snippets of the DMCA. -- TTFN, patrick
On Aug 5, 2019, at 4:19 PM, Mel Beckman <mel@beckman.org> wrote:
Keith,
You’re confusing ISPs that merely provide transport services, such as AT&T and Cloudfare, with information services like FaceBook and Twitter. The Common Carrier status for legal protection of ISPs stems from the 1998 DMCA, which long preceded the 2015 Network Neutrality act. It provides protection only for an ISP that as a “provider merely acts as a data conduit, transmitting digital information from one point on a network to another at someone else’s request.” The ISP loses that Common Carrier (in the Common Law definition) protection if it alters the transmission in any way.
Just because an ISP isn’t a Common Carrier under FCC rules doesn’t mean that it isn’t a Common Carrier for other purposes. Trains and planes, for example, are Common Carriers, and the FCC has nothing to do with them. But they can’t exclude passengers based on their speech (yet, anyway).
-mel
On Aug 5, 2019, at 8:54 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
On Monday, 5 August, 2019 09:16, Mel Beckman <mel@beckman.org> wrote:
“Now, enough of this off-topic stuff and back to our regularly scheduled programming.”
Keith, what could be more on-topic than an ISP’s status as a common carrier? Seems pretty operational to me.
I think that is closing the barn door after the horse already left.
It is my understanding that in your fabulous United States of America that "carriers" (meaning having no content serving nor content consuming customers*) may be "common carriers" or can claim to be common carriers. The rest of you who are not pure carriers are, thanks to Ijit Pai, merely Information Services and do not have common carrier status, nor can you claim to be common carriers.
A "common carrier" is one who must provide carriage provided the fee for carriage is paid. This is not the case for "Information Service" providers as they are not required to provide carriage to any who can pay the fee for carriage.
*I hate the term "content", it is somowhat lame.
-- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
One tiny bit of sermonizing not aimed at anyone in particular: Interested amateurs tend to study the wording of laws. Lawyers tend to study case law, actual cases and their outcomes. In part that's because, besides the hazards of interpretation, laws often conflict, supercede each other, modify each other, have unexpressed limits particularly regarding jurisdiction and other matters of process and applicability, etc etc etc and that all tends to come out and get defined in the case law. And case law tends to be dispositive, /stare decisis/ and all that, precedents. And if that paragraph bored the crap out of you then good luck guessing at what a few thousand pages of case law on a topic will do to you. TBH some of this is like watching someone try to set up a router using only the marketing brochures. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
On 8/5/19 4:57 PM, bzs@theworld.com wrote:
TBH some of this is like watching someone try to set up a router using only the marketing brochures.
Hey, I got my Network+ too. dafuq is a "BGP"?.... -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
On 8/5/19 11:15 AM, Mel Beckman wrote:
Keith, what could be more on-topic than an ISP’s status as a common carrier? Seems pretty operational to me.
Mel gets to decide what's on topic and off topic for the nanog list? :D -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
LOL! You mean instead of “Keith gets to decide what’s on topic”? I didn’t “decide” anything, BTW. I simply pointed out that Common Carrier operations is within the NANOG mandate to discuss operational issues. -mel
On Aug 5, 2019, at 9:30 AM, Bryan Fields <Bryan@bryanfields.net> wrote:
On 8/5/19 11:15 AM, Mel Beckman wrote:
Keith, what could be more on-topic than an ISP’s status as a common carrier? Seems pretty operational to me.
Mel gets to decide what's on topic and off topic for the nanog list?
:D -- Bryan Fields
727-409-1194 - Voice http://bryanfields.net
Peace, On Mon, Aug 5, 2019 at 6:42 AM Mehmet Akcin <mehmet@akcin.net> wrote:
What can we do better as network operators about hate sites like 8Chan?
About nothing, because recent IETF developments like QUIC, ESNI, or MASQUE would completely prohibit you from figuring out what sites you, as an ISP, are giving an access to. This is, uh, the very point of those developments.
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack.
The 8chan shutdown is no more than a one off. And I assume 8chan just needs to change the name to get their service back. There's no trend whatsoever. This is also sooo funny, because Cloudflare is happily protecting even DDoS booters for almost a decade. $ host -t A ddos-black.info ddos-black.info has address 104.31.72.53 ddos-black.info has address 104.31.73.53 $ whois 104.31.72.53 | grep OrgName: OrgName: Cloudflare, Inc. $ host -t A ddos-stress.cc ddos-stress.cc has address 104.28.4.14 ddos-stress.cc has address 104.28.5.14 $ whois 104.28.4.14 | grep OrgName: OrgName: Cloudflare, Inc. $ Those booters basically only exist because Cloudflare, OVH, and others allow them to. A booter business isn't very steady and profitable. Without a cheap DDoS protection those services would be dead in weeks, because sometimes their operators don't even know how to mitigate their own attacks themselves. So they get that protection from Cloudflare, because apparently that doesn't violate "the Cloudflare mission to help build a better Internet". This is just one example. Carding fraud, malware, illegal munitions, drugs, whatever. It's all there. But, ya know, all those are much better than some imageboard outta there. The latter is the root of all evil. -- Töma
"I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?" As network operators? We shouldn't do anything. The onus falls on the hosting companies. I do not want to go down the slippery slope of deciding what traffic should or should not be allowed on the internet. That process involves traffic sniffing and possibly attempting to break encryption to see what's flowing through the pipes. I'm adamantly against that. If I'm building and maintaining highways, I'm not opening up every single truck to make sure there's nobody being smuggled inside. The trucking company can police what cargo is in their trailers. On Sun, Aug 4, 2019, 8:42 PM Mehmet Akcin <mehmet@akcin.net> wrote:
Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going straight to the point.
Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported.
What can we do better as network operators about hate sites like 8Chan?
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
Mehmet
-- Mehmet +1-424-298-1903
On Sun, Aug 4, 2019 at 10:41 PM Mehmet Akcin <mehmet@akcin.net> wrote:
What can we do better as network operators about hate sites like 8Chan?
What is a "hate site" and who gets to decide what constitutes a "hate site"? These are the most dangerous questions of our time, because once we begin sliding down the slippery slope of unbounded, subjectively-determined censorship, we may find that we don't agree with what all is being censored. To make this point perhaps more saliently, the vast majority of regimes worldwide that engage or have engaged in censorship have done so primarily in order to quell dissent against their policies and leaders. We could implement a "great firewall" much like China has, but how long would it be before it was viewed as a useful political tool to silence opposition? Could you imagine one side determining that any content related to, perhaps, safe access to abortion, is counter to their ideal society and hence "too dangerous" to allow the citizenry to view? Could the other side then determine just as easily that content related to, say, gun rights is objectionable and dangerous, also? In my humble opinion, no one can or should be trusted with that sort of power, and that is why we have the first amendment in the US constitution.
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/
Cloudflare is a private entity and can host or not host whatever it wants, of course.
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
Websites can't end innocent lives; only actions taken offline by their participants can do that. Having all of these sites online and as in-the-open as possible has a benefit of allowing law enforcement to monitor activity therein through legal means which allow for oversight and due process, US constitutional concepts which protect all of us from potential abuses of power. If we as operators wish to help prevent crimes and violence, then we should foster good relationships with law enforcement, and inform them of anything that we notice which may be related to the commission of or threats of violence. They can then follow prescribed paths which protect everyone involved to determine whether enforcement action is necessary/possible without violating anyones' rights. I'm not claiming the system is perfect, of course, but I don't think anyone's going to do a whole lot better. There is no perfect system. Bad people can and will still do bad things. The best that we each can do is to be aware of our surroundings at all times both online and off, and protect ourselves, our families, our homes, and our communities. - Matt
On 8/4/19 11:41 PM, Mehmet Akcin wrote:
What can we do better as network operators about hate sites like 8Chan?
I actually went and looked at 8chan, it would appear to me they have a bunch of hate filled people there, 10 yr olds who think saying the n-word makes them cool, and then other bland users.
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/
I'd be more concerned with the lack of notice given to their customer. This was 24 hours notice, and I'd expect at least 30 days under any hosting contract. This scares the shit out of me as a customer; could cloudflare decide to give me no notice and shut my services off? Once you make the point that you're willing to play that game, how can you be trusted as a provider?
I am sure there are many sites like this out there, but could network operators do anything to make these sites “not so easy” to be found, reached, and used to end innocent lives?
These atrocities were committed by people willing to die for their cause, how ever sick and fucked up it is. There's little anyone can do against this sort of actor, and it is why it's so terrifying. I certainly don't have a solution to it, but can say censorship is not the answer. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
On 8/5/2019 10:24 AM, Bryan Fields wrote:
I'd be more concerned with the lack of notice given to their customer. This was 24 hours notice, and I'd expect at least 30 days under any hosting contract. This scares the shit out of me as a customer; could cloudflare decide to give me no notice and shut my services off?
If they were a paying customer... sure, maybe 30 days. However, if they're a paying customer, their agreement likely gives cloudflare an out under some situations. If they aren't a paying customers, then you give them the amount of time in relation to how much they are paying. In this case, if they are paying $0, then I think giving them until Midnight was being overly generous. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
On 8/5/19 9:24 AM, Bryan Fields wrote:
On 8/4/19 11:41 PM, Mehmet Akcin wrote:
What can we do better as network operators about hate sites like 8Chan? I actually went and looked at 8chan, it would appear to me they have a bunch of hate filled people there, 10 yr olds who think saying the n-word makes them cool, and then other bland users.
I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan off its platform today after El Paso attack. https://blog.cloudflare.com/terminating-service-for-8chan/ I'd be more concerned with the lack of notice given to their customer. This was 24 hours notice, and I'd expect at least 30 days under any hosting contract. This scares the shit out of me as a customer; could cloudflare decide to give me no notice and shut my services off?
Well, we don't know what led up to this. Like do we know they weren't on notice? Mike
On Monday, 5 August, 2019 10:25, Bryan Fields <Bryan@bryanfields.net> wrote:
I'd be more concerned with the lack of notice given to their customer. This was 24 hours notice, and I'd expect at least 30 days under any hosting contract. This scares the shit out of me as a customer; could cloudflare decide to give me no notice and shut my services off?
Yes. This is in Cloudflare's Terms of Service. You pay them and they provide services. They may decide to terminate those services at any time, without any prior notice whatsoever, and keep your money. You agree to this when you contract with them. So I would suppose that this just means that you would not do business with Cloudflare. That is your right. If you do not like the contract provisions you are free not to contract with them. If you do not mind that they may decide at any point in time for any reason or no reason at all to terminate your services and stop providing the service for which you have paid in advance (and without refund), then you are free to do so. As always, the choice is yours. No one compels you to do business with Cloudflare. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
On Sun, Aug 4, 2019 at 8:41 PM Mehmet Akcin <mehmet@akcin.net> wrote:
Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going straight to the point.
Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported.
What can we do better as network operators about hate sites like 8Chan?
De-anonymize them. Let them say what they'll say and defend their right to say it but don't let them hide behind your name. Promise that when the police come knocking and it appears to you to be a hate speech site, your privacy policy is: none whatsoever. The best cure for speech is more speech. The President notwithstanding, hateful behavior has a hard time surviving the light of day. You shouldn't be the censor but you can shine the light. (Also, as a practical matter the further you force folks to the fringe, the harder they are to track and thereby stop. Letting folks know you object by terminating their service does them more of a favor than cooperating with law enforcement.) Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
The best cure for speech is more speech. +1E07 On Aug 5, 2019, at 10:05 AM, William Herrin <bill@herrin.us<mailto:bill@herrin.us>> wrote: On Sun, Aug 4, 2019 at 8:41 PM Mehmet Akcin <mehmet@akcin.net<mailto:mehmet@akcin.net>> wrote: Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going straight to the point. Most of us who operate internet services believe in not being the moderator of internet. We provide a service and that’s it. Obviously there are some established laws around protecting copyrights, and other things which force us to legally take action and turn things down when reported. What can we do better as network operators about hate sites like 8Chan? De-anonymize them. Let them say what they'll say and defend their right to say it but don't let them hide behind your name. Promise that when the police come knocking and it appears to you to be a hate speech site, your privacy policy is: none whatsoever. The best cure for speech is more speech. The President notwithstanding, hateful behavior has a hard time surviving the light of day. You shouldn't be the censor but you can shine the light. (Also, as a practical matter the further you force folks to the fringe, the harder they are to track and thereby stop. Letting folks know you object by terminating their service does them more of a favor than cooperating with law enforcement.) Regards, Bill Herrin -- William Herrin bill@herrin.us<mailto:bill@herrin.us> https://bill.herrin.us/
On 8/5/19 10:05 AM, William Herrin wrote:
The best cure for speech is more speech. The President notwithstanding, hateful behavior has a hard time surviving the light of day. You shouldn't be the censor but you can shine the light.
That doesn't seem to work on Facebook, where people spew the most vile things under the banner of their own name.
participants (29)
-
Anne P. Mitchell, Esq. -
Brielle -
Bryan Fields -
bzs@theworld.com -
Dan Hollis -
Eric Kuhnke -
Eric Tykwinski -
Fred Baker -
Harald Koch -
James Downs -
Joe Hamelin -
John Covici -
John Levine -
Keith Medcalf -
Matt Harris -
Mehmet Akcin -
Mel Beckman -
Michael Thomas -
Mike Bolitho -
Niels Bakker -
Patrick W. Gilmore -
Rob McEwen -
Ryan Hamel -
Sabri Berisha -
Seth Mattinen -
Tony Patti -
Töma Gavrichenkov -
Valdis Klētnieks -
William Herrin