PATRIOT/USA technical problems, call to action
Democracy is not a spectator sport. The US House (hr.2975 PATRIOT) and US Senate (s.1510 USA) have introduced bills that will cost ISPs a lot of money -- potentially tens of thousands of dollars -- even for small ISPs. Unlike CALEA, there is no requirement that ISPs be reimbursed. This happened because the legislators are clueless about technical requirements. It is up to you to educate them! With the bombing started, it is thought that the bills will be pushed through this week, without going through the normal committee review. Each and every one of you MUST call your legislators, where you work and again where you live. Call your Senator, and then call your Representative. Do not send email, it won't get read soon enough! Since Monday is a legal holiday of sorts, you may have to wait until Tuesday morning, but try on Monday anyway. -- Urge your representatives in Congress to hold full hearings, and fix technical problems. 1. Call the White House switchboard at 202-224-3121, and ask to be connected to the office of your Congressional representative. -or- Look up the office numbers on the web at www.house.gov and www.senate.gov. 2. When you are put through, say "May I please speak to the staff member who is working on the anti-terrorism legislation?" If that person is not available to speak with you, say "May I please leave a message?" 3. Briefly explain that you work for an Internet Service Provider, and although you appreciate the efforts of your representative to address the challenges brought about by the September 11th tragedy, it would be a mistake to make any changes in the federal wiretap statute that do not respond to "the immediate threat of investigating or preventing terrorist acts." -- If they want to talk details, here they are: Both bills add "addressing" and "routing" to the list of activities that can be requested without a specific court order. So, just like call setup for the phone companies, every single address that you assign, via DHCP or otherwise, and every ARP, RIP, OSPF, and BGP routing table change, must be recorded for posterity -- just in case any state or federal agents want to review it someday. No time limits, and no statute of limitations. Some lawyers read this to extend to tracking every URL accessed through your POPs, and every email To: and From: transmitted over your networks, since they both can be considered "addressing" and your activity "routing". Obviously, the legislators don't quite understand what a dynamic packet connectionless Internet means! -- My solution, after talking to several Representatives and Senators staffs, is to add clarification to the definitions section 3127: (7) the term "addressing" means a numeric identifier that assists the delivery of electronic communications over a specific link, attached to the outermost encapsulation of the communication (but not including the contents of such communication). (8) the term "routing" means the numeric internetwork locator associated with a communication that facilitates its carriage between electronic communication services, contained within the internetwork communication encapsulation (but not including the contents of such communication). -- As you can see, my solution means you can do it with standard tools, like tcpdump or snort, and unlike phone call setup, there's nothing in the definitions that indicates the information has to be recorded for future requests.... -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
If you really want the nitty gritty on other issues with the so-called anti-terrorism legislation, in laymans' terms, I recommend reading CRYPTO-GRAM SPECIAL ISSUE, September 30, 2001 <http://www.counterpane.com/crypto-gram.html> Visit the following Web sites for up-to-date information on what is happening and what you can do to help. The Electronic Privacy Information Center: <http://www.epic.org> The Center for Democracy and Technology: <http://www.cdt.org> The American Civil Liberties Union: <http://www.aclu.org> -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
In addition, i'd like to add that after calling your congresscritters, you do also send them a letter, either by fax or USPS (fax would be better). Some congress folks tend to take letters a little more seriously than calls, it seems. Tim On Mon, Oct 08, 2001 at 01:31:09AM -0400, William Allen Simpson wrote:
Democracy is not a spectator sport.
The US House (hr.2975 PATRIOT) and US Senate (s.1510 USA) have introduced bills that will cost ISPs a lot of money -- potentially tens of thousands of dollars -- even for small ISPs.
Unlike CALEA, there is no requirement that ISPs be reimbursed.
This happened because the legislators are clueless about technical requirements. It is up to you to educate them!
With the bombing started, it is thought that the bills will be pushed through this week, without going through the normal committee review.
Each and every one of you MUST call your legislators, where you work and again where you live. Call your Senator, and then call your Representative. Do not send email, it won't get read soon enough!
Since Monday is a legal holiday of sorts, you may have to wait until Tuesday morning, but try on Monday anyway.
--
Urge your representatives in Congress to hold full hearings, and fix technical problems.
1. Call the White House switchboard at 202-224-3121, and ask to be connected to the office of your Congressional representative. -or- Look up the office numbers on the web at www.house.gov and www.senate.gov.
2. When you are put through, say "May I please speak to the staff member who is working on the anti-terrorism legislation?" If that person is not available to speak with you, say "May I please leave a message?"
3. Briefly explain that you work for an Internet Service Provider, and although you appreciate the efforts of your representative to address the challenges brought about by the September 11th tragedy, it would be a mistake to make any changes in the federal wiretap statute that do not respond to "the immediate threat of investigating or preventing terrorist acts."
--
If they want to talk details, here they are:
Both bills add "addressing" and "routing" to the list of activities that can be requested without a specific court order. So, just like call setup for the phone companies, every single address that you assign, via DHCP or otherwise, and every ARP, RIP, OSPF, and BGP routing table change, must be recorded for posterity -- just in case any state or federal agents want to review it someday. No time limits, and no statute of limitations.
Some lawyers read this to extend to tracking every URL accessed through your POPs, and every email To: and From: transmitted over your networks, since they both can be considered "addressing" and your activity "routing".
Obviously, the legislators don't quite understand what a dynamic packet connectionless Internet means!
--
My solution, after talking to several Representatives and Senators staffs, is to add clarification to the definitions section 3127:
(7) the term "addressing" means a numeric identifier that assists the delivery of electronic communications over a specific link, attached to the outermost encapsulation of the communication (but not including the contents of such communication).
(8) the term "routing" means the numeric internetwork locator associated with a communication that facilitates its carriage between electronic communication services, contained within the internetwork communication encapsulation (but not including the contents of such communication).
--
As you can see, my solution means you can do it with standard tools, like tcpdump or snort, and unlike phone call setup, there's nothing in the definitions that indicates the information has to be recorded for future requests....
-- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
--
Probably best to not refer to them as congresscritters when you call, and to understand the legal definitions of words where they are different than "our" definitions of them.
In addition, i'd like to add that after calling your congresscritters, you do also send them a letter, either by fax or USPS (fax would be better). Some congress folks tend to take letters a little more seriously than calls, it seems.
Tim
On Mon, Oct 08, 2001 at 01:05:37PM -0400, Cristopher Daniluk wrote:
Probably best to not refer to them as congresscritters when you call, and to understand the legal definitions of words where they are different than "our" definitions of them.
Slightly OT, but to carry that point home a bit, since the average person on here may not be familiar with writing prose to officials. Be CLEAR, reference the HR/S bill #, state your position. Be CONCISE, 1 page is perfect. Be FACTUAL, avoid rhetoric, or emotional arguments. Be COURTEOUS, being nice doesn't mean being soft. Demonstrate expertise, personal experience/knowledge of the issue. Explain adverse consequences, suggest better solutions. Be sure to write YOUR representative ;-) If writing to another representative, explain how this will impede/affect actions that would have otherwise benefited their area. Ask for a reply (you should get one if you send snail mail). Use Dear Senator, or Dear Congress[wo]man - bri, not wanting any more stupid laws, and omitting some insanely obvious stuff here like, typing the letter. -- Unix Staff, High Energy Physics Group <brusso@phys.hawaii.edu> Debian/GNU Linux! http://www.debian.org <wolfie@debian.org>
Also, OT, but useful in this regard: if you write such a letter, be sure that you are registered to vote. For some strange reason, members of congress take letters from registered voters a little more seriously. I can't imagine why :) You may also want to include a phone number - if you are a technical expert on the subject matter of the bill (and in this case, some letter writers will be), you may receive a call from a staffer, with specific questions. - Daniel Golding
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Brian Russo Sent: Wednesday, October 10, 2001 1:51 AM To: Cristopher Daniluk Cc: 'Timothy Brown'; nanog@merit.edu Subject: Re: PATRIOT/USA technical problems, call to action
On Mon, Oct 08, 2001 at 01:05:37PM -0400, Cristopher Daniluk wrote:
Probably best to not refer to them as congresscritters when you
call, and to
understand the legal definitions of words where they are different than "our" definitions of them.
Slightly OT, but to carry that point home a bit, since the average person on here may not be familiar with writing prose to officials.
Be CLEAR, reference the HR/S bill #, state your position. Be CONCISE, 1 page is perfect. Be FACTUAL, avoid rhetoric, or emotional arguments. Be COURTEOUS, being nice doesn't mean being soft.
Demonstrate expertise, personal experience/knowledge of the issue. Explain adverse consequences, suggest better solutions. Be sure to write YOUR representative ;-) If writing to another representative, explain how this will impede/affect actions that would have otherwise benefited their area. Ask for a reply (you should get one if you send snail mail). Use Dear Senator, or Dear Congress[wo]man
- bri, not wanting any more stupid laws, and omitting some insanely obvious stuff here like, typing the letter.
-- Unix Staff, High Energy Physics Group <brusso@phys.hawaii.edu> Debian/GNU Linux! http://www.debian.org <wolfie@debian.org>
If you live or work in their state, especially call: Daschle, Tom Feingold, Russ Graham, Bob Hatch, Orrin G. Leahy, Patrick J. Lott, Trent Sarbanes, Paul S. Shelby, Richard C. -- According to http://www.senate.gov/~leahy/press/200110/100401a.html, "Administration initially proposed expansion of pen register and trap and trace authority to capture undefined "routing" and "addressing" information of Internet users. " I have received private confirmation that during negotiations, "... the Republicans and the Administration would not accept the definitions and prefer to leave it undefined. " Apparently, the Administration wants the capability to track every Internet user simultaneously, just like they want to track every cell phone user. They want the ISPs to record all addresses assigned, all email transmitted, all web sites accessed, and all routing changes, so that they can access the information without going to the trouble of a warrant. Believe me, I've been explaining for days that URLs and email addresses are content, and routing changes are carried by ISPs not suspects, but I've only convinced some of my representatives. Instead, others believe that we need to track every public library terminal, etc, that a suspect _might_ use, everywhere in the US. According to former FBI agent nee Congressman Mike Rogers, "It will only give them addresses and other basic information.... these terrorists have multiple ways of communicating. They can communicate through the Internet, they can use 15 cell phones and rotate them to avoid detection. (The act) would allow us to keep pace with that.... it allows you rather than targeting a phone, to target an individual and their electronic communications. " -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
I guess it never occurs to them that the Internet is a peer-to-peer network... Their email has no need to pass through an ISP, it can be directly transferred via many different methods... I guess now we will have to record every packet that traverses our network at the full dump level... I guess we should all buy stock in storage media companies now... Tim McKee -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of William Allen Simpson Sent: Wednesday, October 10, 2001 15:31 To: nanog@merit.edu Subject: Re: PATRIOT/USA technical problems, call to action If you live or work in their state, especially call: Daschle, Tom Feingold, Russ Graham, Bob Hatch, Orrin G. Leahy, Patrick J. Lott, Trent Sarbanes, Paul S. Shelby, Richard C. -- According to http://www.senate.gov/~leahy/press/200110/100401a.html, "Administration initially proposed expansion of pen register and trap and trace authority to capture undefined "routing" and "addressing" information of Internet users. " I have received private confirmation that during negotiations, "... the Republicans and the Administration would not accept the definitions and prefer to leave it undefined. " Apparently, the Administration wants the capability to track every Internet user simultaneously, just like they want to track every cell phone user. They want the ISPs to record all addresses assigned, all email transmitted, all web sites accessed, and all routing changes, so that they can access the information without going to the trouble of a warrant. Believe me, I've been explaining for days that URLs and email addresses are content, and routing changes are carried by ISPs not suspects, but I've only convinced some of my representatives. Instead, others believe that we need to track every public library terminal, etc, that a suspect _might_ use, everywhere in the US. According to former FBI agent nee Congressman Mike Rogers, "It will only give them addresses and other basic information.... these terrorists have multiple ways of communicating. They can communicate through the Internet, they can use 15 cell phones and rotate them to avoid detection. (The act) would allow us to keep pace with that.... it allows you rather than targeting a phone, to target an individual and their electronic communications. " -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
participants (6)
-
Brian Russo
-
Cristopher Daniluk
-
Daniel Golding
-
Timothy Brown
-
Timothy R. McKee
-
William Allen Simpson