Congress may require ISPs to block fraud sites H.R.3817
Did I miss a thread on this? Has anyone looked at this yet? http://m.news.com/2166-12_3-10390779-38.html Section 508 of H.R.3817: SEC. 508. PENALTY FOR MISREPRESENTATION OF SIPC MEMBERSHIP OR PROTECTION. Section 14 of the Securities Investor Protection Act of 1970 (15 U.S.C. 78jjj) is amended by adding at the end the following new subsection: `(d) Misrepresentation of SIPC Membership or Protection- `(1) IN GENERAL- Any person who falsely represents by any means (including, without limitation, through the Internet or any other medium of mass communication), with actual knowledge of the falsity of the representation and with an intent to deceive or cause injury to another, that such person, or another person, is a member of SIPC or that any person or account is protected or is eligible for protection under this Act or by SIPC, shall be liable for any damages caused thereby and shall be fined not more than $250,000 or imprisoned for not more than five years. `(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider-- `(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or `(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material. `(3) INJUNCTIONS- Any court having jurisdiction of a civil action arising under this Act may grant temporary injunctions and final injunctions on such terms as the court deems reasonable to prevent or restrain any violation of paragraph (1) or (2). Any such injunction may be served anywhere in the United States on the person enjoined, shall be operative throughout the United States, and shall be enforceable, by proceedings in contempt or otherwise, by any United States court having jurisdiction over that person. The clerk of the court granting the injunction shall, when requested by any other court in which enforcement of the injunction is sought, transmit promptly to the other court a certified copy of all papers in the case on file in such clerk's office.'.
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it? Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?) And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have. Move along, nothing to see.. ;)
In message <23895.1257461806@turing-police.cc.vt.edu>, Valdis.Kletnieks@vt.edu writes:
--==_Exmh_1257461806_2581P Content-Type: text/plain; charset=us-ascii
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
Unless it is informed. Once it is informed it has to take action. Turning the informer off, luckily, doesn't meet the requirements for "taking action" as you need to protect all of your customers or make yourself liable for prosecution. I suspect informing a closer peer that is also subject to the act would be seen as taking reasonable action as it could be reasonably assumed that they will take appropriate steps, but one would have to check that the material was removed/blocked. If you run a residential network, it appears to me that, you are now responsible for seeing that all material that is subject to the act that is reported to you by your customers is addressed. INAL.
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Move along, nothing to see.. ;)
--==_Exmh_1257461806_2581P Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001
iD8DBQFK81gucC3lWbTT17ARAjaeAJ9Snqyq/z7qeF/Z+ag+xluKfUQAdwCgrJ4V LyG+0P2RJeLA9VRrzgejyiE= =Mxbr -----END PGP SIGNATURE-----
--==_Exmh_1257461806_2581P--
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
I was at an IP (as in intellectual property), um, "constituency" I think, IPC, meeting at ICANN which basically consisted of 99 lawyers and me in the room. There was a fair amount of grousing about how ISPs give them the run-around when they inform them of a violation looking for a takedown, and don't take down the site or whatever demanding (sneer sneer) paper from a court of competent jurisdiction as a dodge. I explained that they should try it from the other side, we get a fair amount of spurious stuff. I gave the example of a spouse in an ugly divorce demanding we do something or other with the web site they developed together in happier days IMMEDIATELY OR ELSE!!! (typically change the password to one only they know). How can we as ISPs possibly sort that out? Court orders are your friend, they're not that hard to get if you're legitimate. The way this reg is written it has that feel, it seems to promote the fantasy that if J. Random Voice calls me and says "a site you host, creepsrus.com, violates HR3817, YOU HAVE BEEN INFORMED!" then we have been informed and therefore culpable/liable. Well, perhaps there's enough precedent that it doesn't have to be spelled out in that text what's meant by "knowingly" and a call like that wouldn't be sufficient. At the very least I'd require a clear transfer of liability. That is, if the claim (and hence, takedown) turns out to be unsupportable then any damages etc are indemnified by the complaining ("informing") party. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
Barry Shein wrote:
I was at an IP (as in intellectual property), um, "constituency" I think, IPC, meeting at ICANN which basically consisted of 99 lawyers and me in the room.
By the Montevideo ICANN meeting '01 the "Internet Service Providers Constituency" (ISPC) had dwindled down to the corporate trademarks portfolio managers for the few remaining ISPs. At the Paris ICANN meeting a year ago we corrolated the votes of the Intellectual Property, Business, and ISP Constituencies and found that there was no discernable independence amongst them, another way of sayins the IPC had captured the BC and ISPC. Of course, now we have GNSO reform, and "Stakeholder Groups" replacing the Constituencies. Bottom line. ISPs are f**ked by their own sonombulism. In a slightly different and partially overlapping policy and operational scope, the Address Supporting Organization originates no policy development of note, and has been somnolent for most of the ICANN trajectory, so BCP 38 and sBGP and so on have no real presence in the ICANN toolkit. So IP lawyers are doing pretty good in the oughts, and more time and bandwidth goes to retail cops and robbers than goes to any "critical infrastructure vulnerability", outside of ICANN's DNS mafia, post-Kaminsky. Any ISP that want's to spend some resources on operational issues, having some relevance to resource identifiers, feel free to drop me a line. I could just as well give process clue to Ops folk as ops clue to IP lawyers.
There was a fair amount of grousing about how ISPs give them the run-around when they inform them of a violation looking for a takedown, and don't take down the site or whatever demanding (sneer sneer) paper from a court of competent jurisdiction as a dodge.
I explained that they should try it from the other side, we get a fair amount of spurious stuff. I gave the example of a spouse in an ugly divorce demanding we do something or other with the web site they developed together in happier days IMMEDIATELY OR ELSE!!! (typically change the password to one only they know).
How can we as ISPs possibly sort that out? Court orders are your friend, they're not that hard to get if you're legitimate.
The way this reg is written it has that feel, it seems to promote the fantasy that if J. Random Voice calls me and says "a site you host, creepsrus.com, violates HR3817, YOU HAVE BEEN INFORMED!" then we have been informed and therefore culpable/liable.
Well, perhaps there's enough precedent that it doesn't have to be spelled out in that text what's meant by "knowingly" and a call like that wouldn't be sufficient.
At the very least I'd require a clear transfer of liability.
That is, if the claim (and hence, takedown) turns out to be unsupportable then any damages etc are indemnified by the complaining ("informing") party.
On Nov 5, 2009, at 5:56 PM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Also "transmits". (I'm impressed that someone in Congress knows the word "routes"....)
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Note the word "circumstances"...
Move along, nothing to see.. ;)
Until, of course, some Assistant U.S. Attorney or some attorney in a civil lawsuit decides you were or should have been aware and takes you to court. You may win, but after spending O(\alph_0) zorkmids on lawyers defending yourself.... --Steve Bellovin, http://www.cs.columbia.edu/~smb
I think the idea is for the government to create an official blacklist of the offending sites, and for ISPs to consult it before routing a packet to the fraud site. The common implementation would be an ACL on the ISPs border router. The Congress doesn't yet understand the distinction between ISPs and transit providers, of course, and typically says that proposed ISP regulations (including the net neutrality regulations) apply only to consumer-facing service providers. If this measure passes, you can expect expansion of blocking mandates for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws. RB Steven Bellovin wrote:
On Nov 5, 2009, at 5:56 PM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Also "transmits". (I'm impressed that someone in Congress knows the word "routes"....)
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Note the word "circumstances"...
Move along, nothing to see.. ;)
Until, of course, some Assistant U.S. Attorney or some attorney in a civil lawsuit decides you were or should have been aware and takes you to court. You may win, but after spending O(\alph_0) zorkmids on lawyers defending yourself....
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
On Nov 5, 2009, at 7:44 PM, Richard Bennett wrote:
I think the idea is for the government to create an official blacklist of the offending sites, and for ISPs to consult it before routing a packet to the fraud site. The common implementation would be an ACL on the ISPs border router. The Congress doesn't yet understand the distinction between ISPs and transit providers, of course, and typically says that proposed ISP regulations (including the net neutrality regulations) apply only to consumer-facing service providers.
If this measure passes, you can expect expansion of blocking mandates for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.
It's worth looking at hhttp://www.cdt.org/speech/pennwebblock/ -- a Federal court struck down a law requiring web site blocking because of child pornography. --Steve Bellovin, http://www.cs.columbia.edu/~smb
IANAL, but I wouldn't set too much stock by that order - there are numerous errors of fact in the opinion, and much of it relates to the lack of due process in the maintenance of a secret blacklist. It was also a state law, not a federal one, so there was a large jurisdictional question (the Commerce Clause concern.) As people in Washington are saying around the net neutrality debate these days: "anything goes is not a serious argument." RB Steven Bellovin wrote:
On Nov 5, 2009, at 7:44 PM, Richard Bennett wrote:
I think the idea is for the government to create an official blacklist of the offending sites, and for ISPs to consult it before routing a packet to the fraud site. The common implementation would be an ACL on the ISPs border router. The Congress doesn't yet understand the distinction between ISPs and transit providers, of course, and typically says that proposed ISP regulations (including the net neutrality regulations) apply only to consumer-facing service providers.
If this measure passes, you can expect expansion of blocking mandates for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.
It's worth looking at hhttp://www.cdt.org/speech/pennwebblock/ -- a Federal court struck down a law requiring web site blocking because of child pornography.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
Net neutrality suffers another blow. I liked Congress when they had no idea what the internet was, now they've progressed to "still have no idea but like to pretend." Jeff On Thu, Nov 5, 2009 at 7:58 PM, Steven Bellovin <smb@cs.columbia.edu> wrote:
On Nov 5, 2009, at 7:44 PM, Richard Bennett wrote:
I think the idea is for the government to create an official blacklist of the offending sites, and for ISPs to consult it before routing a packet to the fraud site. The common implementation would be an ACL on the ISPs border router. The Congress doesn't yet understand the distinction between ISPs and transit providers, of course, and typically says that proposed ISP regulations (including the net neutrality regulations) apply only to consumer-facing service providers.
If this measure passes, you can expect expansion of blocking mandates for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.
It's worth looking at hhttp://www.cdt.org/speech/pennwebblock/ -- a Federal court struck down a law requiring web site blocking because of child pornography.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
* Jeffrey Lyon:
Net neutrality suffers another blow. I liked Congress when they had no idea what the internet was, now they've progressed to "still have no idea but like to pretend."
Our company is most likely not the owner of the site associated with this domain. Please do not contact us with inquiries regarding the web site content as they will likely be disregarded. If you keep playing such games, it's guaranteed that there will be some sort of backlash. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
On Thu, Nov 5, 2009 at 7:44 PM, Richard Bennett <richard@bennett.com> wrote:
I think the idea is for the government to create an official blacklist of the offending sites, and for ISPs to consult it before routing a packet to
this works exceptionally unwell for the Singaporese(ian) govt'... (list of bad sites comes out monthly, montly+1min all sites change ips, weee!)
the fraud site. The common implementation would be an ACL on the ISPs border
'common implementation' isn't 'common' nor 'implementable' in many cases.
router. The Congress doesn't yet understand the distinction between ISPs and transit providers, of course, and typically says that proposed ISP
nor 'web hosting farm' ... (of course FastFlux puts a hole in the 'hosting' part of that)
regulations (including the net neutrality regulations) apply only to consumer-facing service providers.
If this measure passes, you can expect expansion of blocking mandates for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.
sure, been there, done that... German anti-nazi-propganda laws anyone? (or france or singapore or ...) -Chris (Note, I don't think that NO LAW is a good answer, but often the laws proposed or passed seem to misunderstand how the networks are run/build/maintained/used)
RB
Steven Bellovin wrote:
On Nov 5, 2009, at 5:56 PM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Also "transmits". (I'm impressed that someone in Congress knows the word "routes"....)
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Note the word "circumstances"...
Move along, nothing to see.. ;)
Until, of course, some Assistant U.S. Attorney or some attorney in a civil lawsuit decides you were or should have been aware and takes you to court. You may win, but after spending O(\alph_0) zorkmids on lawyers defending yourself....
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
On Nov 5, 2009, at 7:24 PM, Steven Bellovin wrote:
On Nov 5, 2009, at 5:56 PM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Also "transmits". (I'm impressed that someone in Congress knows the word "routes"....)
Don't get hung up on the wording. A DNS blackhole list will do the trick as well. I don't think border ACLs on routers will be necessary. - Daniel Golding
Don't get hung up on the wording. A DNS blackhole list will do the trick as well. I don't think border ACLs on routers will be necessary.
do you use your ISP's dns servers? does your corporate vpn?
A DNS blackhole list makes it *appear* as if the government/police is doing something. "We must do something. This is something, therefore we must do it." This way of thinking is alive and well in the form of DNS based child porn blackhole lists in Norway and several other countries. The fact that anybody who is *really interested* can easily evade these lists, for instance by using his own DNS server, does not seem to concern politicians or police... Steinar Haug, Nethelp consulting, sthaug@nethelp.no
On Fri, Nov 6, 2009 at 11:07 AM, <sthaug@nethelp.no> wrote:
Don't get hung up on the wording. A DNS blackhole list will do the trick as well. I don't think border ACLs on routers will be necessary.
do you use your ISP's dns servers? does your corporate vpn?
A DNS blackhole list makes it *appear* as if the government/police is doing something.
right, so now the site I go to MUST BE the real elbonia bank site, because... the gov't protected me! oops :(
"We must do something. This is something, therefore we must do it."
ah, the 'make work' plan :(
This way of thinking is alive and well in the form of DNS based child porn blackhole lists in Norway and several other countries. The fact that anybody who is *really interested* can easily evade these lists, for instance by using his own DNS server, does not seem to concern politicians or police...
yes, though in the case of CP the properties of the user are reversed (in my mind at least)... 'searching out content' versus stumbling upon content. -Chris
On Thu, Nov 5, 2009 at 5:56 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
mail to: abuse@uu.net Subject: Fraud through your network Hi! someone in tortuga on ip address 1.2.3.4 which I accessed through your network is fraudulently claiming to be the state-bank-of-elbonia. Just though you should know! Also, I think that HR3817 expects you'll now stop this from happening! -concerned-internet-user oops, now they have actual knowledge... I suppose this is a good reason though to: vi /etc/aliases -> abuse: /dev/null so, is this bill helping? or hurting? :(
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Move along, nothing to see.. ;)
to my mind this is the exact same set of problems that the PA state anti-CP law brought forth... -chris
Correct me if I'm wrong, but isn't there an RFC(2142 if memory serves) that states filtering certain email addresses(like abuse@, noc@, support@) isn't allowed? I understand your point, but it seems sending it to /dev/null only opens another set of problems for you down the road. Network Engineer, JNCIS-M
214-981-1954 (office) 214-642-4075 (cell) jbrashear@hq.speakeasy.net http://www.speakeasy.net -----Original Message----- From: Christopher Morrow [mailto:morrowc.lists@gmail.com] Sent: Friday, November 06, 2009 9:47 AM To: Valdis.Kletnieks@vt.edu Cc: nanog@nanog.org Subject: Re: Congress may require ISPs to block fraud sites H.R.3817
On Thu, Nov 5, 2009 at 5:56 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
mail to: abuse@uu.net Subject: Fraud through your network Hi! someone in tortuga on ip address 1.2.3.4 which I accessed through your network is fraudulently claiming to be the state-bank-of-elbonia. Just though you should know! Also, I think that HR3817 expects you'll now stop this from happening! -concerned-internet-user oops, now they have actual knowledge... I suppose this is a good reason though to: vi /etc/aliases -> abuse: /dev/null so, is this bill helping? or hurting? :(
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Move along, nothing to see.. ;)
to my mind this is the exact same set of problems that the PA state anti-CP law brought forth... -chris
(top posting makes it hard to follow the conversation, but...) On Fri, Nov 6, 2009 at 10:52 AM, Jonathan Brashear <Jonathan.Brashear@hq.speakeasy.net> wrote:
Correct me if I'm wrong, but isn't there an RFC(2142 if memory serves) that states filtering certain email addresses(like abuse@, noc@, support@) isn't allowed? I understand your point, but it seems sending it to /dev/null only opens another set of problems for you down the road.
There are some 'nice to have' ideas that postmaster/abuse/root/webmaster ought to go somewhere and be seen. If the business decides that any tom/dick/harry/mary can 'inform' them of something such as this you can bet your aliases file that abuse@ will get turned down somewhere. I don't support that activity, but I also don't support this incarnation of the anti-X regulation either. -Chris
Network Engineer, JNCIS-M
214-981-1954 (office) 214-642-4075 (cell) jbrashear@hq.speakeasy.net http://www.speakeasy.net -----Original Message----- From: Christopher Morrow [mailto:morrowc.lists@gmail.com] Sent: Friday, November 06, 2009 9:47 AM To: Valdis.Kletnieks@vt.edu Cc: nanog@nanog.org Subject: Re: Congress may require ISPs to block fraud sites H.R.3817
On Thu, Nov 5, 2009 at 5:56 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
mail to: abuse@uu.net Subject: Fraud through your network
Hi! someone in tortuga on ip address 1.2.3.4 which I accessed through your network is fraudulently claiming to be the state-bank-of-elbonia. Just though you should know! Also, I think that HR3817 expects you'll now stop this from happening!
-concerned-internet-user
oops, now they have actual knowledge... I suppose this is a good reason though to:
vi /etc/aliases -> abuse: /dev/null
so, is this bill helping? or hurting? :(
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Move along, nothing to see.. ;)
to my mind this is the exact same set of problems that the PA state anti-CP law brought forth...
-chris
On Fri, 6 Nov 2009, Christopher Morrow wrote:
paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
Some phrases people might search in various combindations on Google SIPC Stratton Oakmont Prodigy 47 USC 230 House of Representatives Conference Report GAO Report: Securities Investor Protection: Steps needed to better disclose SIPC policies to investors
In message <75cb24520911060747x3556e01tbb80be8c9e0d58b3@mail.gmail.com>, Christ opher Morrow writes:
On Thu, Nov 5, 2009 at 5:56 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. =A0Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website i= n Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
mail to: abuse@uu.net Subject: Fraud through your network
Hi! someone in tortuga on ip address 1.2.3.4 which I accessed through your network is fraudulently claiming to be the state-bank-of-elbonia. Just though you should know! Also, I think that HR3817 expects you'll now stop this from happening!
-concerned-internet-user
oops, now they have actual knowledge... I suppose this is a good reason though to:
vi /etc/aliases -> abuse: /dev/null
There are still plenty of way to inform a company. Ring up the support line. Registered mail. I suspect a court would see the practice of sending abuse@ to /dev/null in a very poor light especially once the court learns that this is the standard address. A consumer should be able to reasonably assume that the message was delivered. If you bounce then they should be aware that it didn't get through and they can take other steps to inform you.
so, is this bill helping? or hurting? :(
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Move along, nothing to see.. ;)
to my mind this is the exact same set of problems that the PA state anti-CP law brought forth...
-chris
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
If you're a consumer broadband provider, and you use a DNS blackhole list so that any of your subscribers who tries to reach bigbank1.fakebanks.example.com gets redirected to fakebankwebsitelist.sipc.gov, you might be able to claim that you complied with the law, though the law's aggressive enough that it could be argued otherwise. If you're a transit ISP providing upstream bandwidth the the broadband provider, and some packets are addressed to 1.1.1.257, which is the IP address of a hosting site in Elbonia that carries bigbank1.fakebanks.example.com and innocent.bystander.example.com, the fact that the broadband ISP was using a DNS blackhole list doesn't protect you, because you're still routing packets to 1.1.0.0/16. You could set up a /32 route to send that traffic to null0, censoring innocent.bystander.example.com, or you could get fancy and route it to some squid proxy that cleans up the traffic. But of course the phisher could be using fast-flux, so 5 minutes later that trick no longer works, and by tomorrow the 100,000 phishing websites on the list have added 1,000,000 routes to your peering routers... Not pleasant, but you don't really have much alternative. -- ---- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.
participants (15)
-
Barry Shein -
Bill Stewart -
Bryan King -
Christopher Morrow -
Dan Golding -
Eric Brunner-Williams -
Florian Weimer -
Jeffrey Lyon -
Jonathan Brashear -
Mark Andrews -
Richard Bennett -
Sean Donelan -
Steven Bellovin -
sthaug@nethelp.no -
Valdis.Kletnieks@vt.edu