EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Dear network operators, I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories). If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments. Back story on what's happening: https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-i... https://www.eff.org/deeplinks/2017/03/senate-puts-isp-profits-over-your-priv... https://www.eff.org/deeplinks/2017/02/congress-contemplating-making-it-illeg... Summary of the FCC Broadband Privacy Rules themselves: https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf -- Peter Eckersley pde@eff.org Chief Computer Scientist Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993
All: It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight. No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet. --Brett Glass, Owner and Founder, LARIAT.NET At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
I am somehow please that Mr. Glass does not find me a “knowledgeable network professional”. It feels like a badge of honor. Any other “not” knowledgeable network professionals want to come forward and accept this badge? Personally, I find the FCC’s current rules to be sub-optimal. But saying a gov’t regulation is sub-optimal is like saying water is wet. The question is not whether the regulation could be improved. It is whether the proposed changes are an improvement. To be 10000% clear: I prefer the current privacy regime over the new one being proposed. Oh, and I do not believe the EFF is just a shill for Google. But then, I’m just a not knowledgeable network professional, so what do I know? -- TTFN, patrick
On Mar 27, 2017, at 7:13 PM, Brett Glass <nanog@brettglass.com> wrote:
All:
It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight.
No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet.
--Brett Glass, Owner and Founder, LARIAT.NET
At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
On 3/27/17 4:22 PM, Patrick W. Gilmore wrote:
I am somehow please that Mr. Glass does not find me a “knowledgeable network professional”. It feels like a badge of honor. Any other “not” knowledgeable network professionals want to come forward and accept this badge?
You will find me as cosignatory to the EFF's letter seen at: https://www.eff.org/deeplinks/2017/03/small-isps-oppose-congressess-move-abo... Not like I have any experience running an ISP, Datacenter, Content provider, anti-spam provider, etc... Tim
Many organizations clamor the FCC for regulation because they hate something about the top 10, 20, etc. ISPs. There is certainly something to hate about them, but almost every time, the baby gets thrown out with the bath water and little ISPs are harmed along the way. Extremes on both sides are what get attention, meanwhile nothing constructive for little ISPs gets done. The policy community forgets them. That same sort of forget about the little guys happens in technical discussions in NANOG as well. Most ISPs and most web hosts have less than 1G of upstream and likely from a single provider. The technical community forgets them. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Monday, March 27, 2017 6:22:27 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal I am somehow please that Mr. Glass does not find me a “knowledgeable network professional”. It feels like a badge of honor. Any other “not” knowledgeable network professionals want to come forward and accept this badge? Personally, I find the FCC’s current rules to be sub-optimal. But saying a gov’t regulation is sub-optimal is like saying water is wet. The question is not whether the regulation could be improved. It is whether the proposed changes are an improvement. To be 10000% clear: I prefer the current privacy regime over the new one being proposed. Oh, and I do not believe the EFF is just a shill for Google. But then, I’m just a not knowledgeable network professional, so what do I know? -- TTFN, patrick
On Mar 27, 2017, at 7:13 PM, Brett Glass <nanog@brettglass.com> wrote:
All:
It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight.
No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet.
--Brett Glass, Owner and Founder, LARIAT.NET
At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
Having worked networks with massive bandwidth, networks with a single T1 (don’t ask, just Google what a T1 is, er, was), and now being somewhere in the middle, I agree that the large guys sometimes forget the little guys exist. However, I think the change in privacy being proposed hurts -all- users, and disproportionately helps the large guys. A tiny ISP with < 1 Gbps upstream does not have enough user data to sell or otherwise “monetize”, while the top 5-10 ISPs have a ready and willing market for their users’ data. Which is why this is so strange. Mr. Glass’ ISP isn’t even a nat on the ass of national broadband ISPs. Not an indictment, like I said, I’ve run tiny networks myself. However, this change does not help ISPs in his position. Yet he is claiming the EFF is fighting for the big guy by opposing this change. Color me confused. But then again, I am a not knowledgeable network professional, so I am probably just confused. -- TTFN, patrick
On Mar 28, 2017, at 8:33 AM, Mike Hammett <nanog@ics-il.net> wrote:
Many organizations clamor the FCC for regulation because they hate something about the top 10, 20, etc. ISPs. There is certainly something to hate about them, but almost every time, the baby gets thrown out with the bath water and little ISPs are harmed along the way. Extremes on both sides are what get attention, meanwhile nothing constructive for little ISPs gets done. The policy community forgets them.
That same sort of forget about the little guys happens in technical discussions in NANOG as well. Most ISPs and most web hosts have less than 1G of upstream and likely from a single provider. The technical community forgets them.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Monday, March 27, 2017 6:22:27 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
I am somehow please that Mr. Glass does not find me a “knowledgeable network professional”. It feels like a badge of honor. Any other “not” knowledgeable network professionals want to come forward and accept this badge?
Personally, I find the FCC’s current rules to be sub-optimal. But saying a gov’t regulation is sub-optimal is like saying water is wet. The question is not whether the regulation could be improved. It is whether the proposed changes are an improvement.
To be 10000% clear: I prefer the current privacy regime over the new one being proposed.
Oh, and I do not believe the EFF is just a shill for Google. But then, I’m just a not knowledgeable network professional, so what do I know?
-- TTFN, patrick
On Mar 27, 2017, at 7:13 PM, Brett Glass <nanog@brettglass.com> wrote:
All:
It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight.
No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet.
--Brett Glass, Owner and Founder, LARIAT.NET
At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
On 3/28/2017 6:56 AM, Patrick W. Gilmore wrote:
Having worked networks with massive bandwidth, networks with a single T1 (don’t ask, just Google what a T1 is, er, was) I've lurked on this mailing list for months, and never felt obligated to chime in until now.
Thanks for reminding me exactly how dated my network is. :) Signed, an also not knowledgeable network professional who has a few hundred T1s scattered across the country. With 56k dial backup. Jason Schwerberg
Last time I checked most European countries have stronger privacy protections than the US. Are they also idiots? Mr. Glass, would you care to respond? Regards, Roderick. ________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of Brett Glass <nanog@brettglass.com> Sent: Tuesday, March 28, 2017 1:13 AM To: nanog@nanog.org Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal All: It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight. No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet. --Brett Glass, Owner and Founder, LARIAT.NET At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
No ISPs have any right to market our customers browsing history, and currently that practice is illegal unless the customer opts in. In my opinion, only a fool wants to relieve ISPs of this restriction. The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data. -mel beckman
On Mar 28, 2017, at 10:40 AM, Rod Beck <rod.beck@unitedcablecompany.com> wrote:
Last time I checked most European countries have stronger privacy protections than the US. Are they also idiots? Mr. Glass, would you care to respond?
Regards,
Roderick.
________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of Brett Glass <nanog@brettglass.com> Sent: Tuesday, March 28, 2017 1:13 AM To: nanog@nanog.org Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
All:
It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight.
No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet.
--Brett Glass, Owner and Founder, LARIAT.NET
At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
Alexa ran into this problem... https://www.cnet.com/news/amazon-unit-settles-privacy-lawsuit/ Tim On 3/28/17 11:45 AM, Mel Beckman wrote:
No ISPs have any right to market our customers browsing history, and currently that practice is illegal unless the customer opts in. In my opinion, only a fool wants to relieve ISPs of this restriction.
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
-mel beckman
On Mar 28, 2017, at 10:40 AM, Rod Beck <rod.beck@unitedcablecompany.com> wrote:
Last time I checked most European countries have stronger privacy protections than the US. Are they also idiots? Mr. Glass, would you care to respond?
Regards,
Roderick.
________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of Brett Glass <nanog@brettglass.com> Sent: Tuesday, March 28, 2017 1:13 AM To: nanog@nanog.org Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
All:
It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight.
No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet.
--Brett Glass, Owner and Founder, LARIAT.NET
At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
Quoting an Alexa spokesperson: "We don't think we did anything wrong," Alexa Chief Executive Brewster Kahle said. "But instead of going all the way through the legal process, we thought this was the easiest way to go on with our business." ------ That capsulized the problem perfectly: providers don't get that they're doing anything wrong when they sell user's personal usage data. -mel via cell
On Mar 28, 2017, at 12:12 PM, Tim Pozar <pozar@lns.com> wrote:
Alexa ran into this problem...
https://www.cnet.com/news/amazon-unit-settles-privacy-lawsuit/
Tim
On 3/28/17 11:45 AM, Mel Beckman wrote: No ISPs have any right to market our customers browsing history, and currently that practice is illegal unless the customer opts in. In my opinion, only a fool wants to relieve ISPs of this restriction.
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
-mel beckman
On Mar 28, 2017, at 10:40 AM, Rod Beck <rod.beck@unitedcablecompany.com> wrote:
Last time I checked most European countries have stronger privacy protections than the US. Are they also idiots? Mr. Glass, would you care to respond?
Regards,
Roderick.
________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of Brett Glass <nanog@brettglass.com> Sent: Tuesday, March 28, 2017 1:13 AM To: nanog@nanog.org Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
All:
It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight.
No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet.
--Brett Glass, Owner and Founder, LARIAT.NET
At 05:05 PM 3/26/2017, Peter Eckersley wrote:
Dear network operators,
I'm sure this is a controversial topic in the NANOG community, but EFF and a number of ISPs and networking companies are writing to Congress opposing the repeal of the FCC's broadband privacy rules, which require explicit opt-in consent before ISPs use or sell sensitive, non-anonymized data (including non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply off-list by midday Monday with your name, and a one-sentence description of your affiliation and/or major career accomplishments.
On 3/28/17 12:53, Mel Beckman wrote:
Quoting an Alexa spokesperson:
"We don't think we did anything wrong," Alexa Chief Executive Brewster Kahle said. "But instead of going all the way through the legal process, we thought this was the easiest way to go on with our business."
------
That capsulized the problem perfectly: providers don't get that they're doing anything wrong when they sell user's personal usage data.
Has there ever been a real survey that asks people where they think Google gets the money to support things like Gmail for "free"? ~Seth
On Tue, 28 Mar 2017 15:51:43 -0700, Seth Mattinen said:
Has there ever been a real survey that asks people where they think Google gets the money to support things like Gmail for "free"?
There's a difference. Google only gets to aggregate data you pass to Google. Your ISP gets to aggregate data you pass to *anybody*. The difference matters. Consider this example from the EFF: "They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed." And the ISP is in that same position of being able to see all 3, and allowing anybody they sell the data to, to make conclusions. https://www.eff.org/deeplinks/2013/06/why-metadata-matters
On Mar 28, 2017, at 7:08 PM, valdis.kletnieks@vt.edu wrote:
On Tue, 28 Mar 2017 15:51:43 -0700, Seth Mattinen said:
Has there ever been a real survey that asks people where they think Google gets the money to support things like Gmail for "free"?
There's a difference. Google only gets to aggregate data you pass to Google. Your ISP gets to aggregate data you pass to *anybody*. The difference matters.
Consider this example from the EFF:
"They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed."
And the ISP is in that same position of being able to see all 3, and allowing anybody they sell the data to, to make conclusions.
My first thought was your 6 year old watching sesame street videos, and your 10 year old playing minecraft. Sounds like the various COPPA lawsuits that I’ve seen from the FTC lawsuits, but IANAL.
On 3/28/17 16:08, valdis.kletnieks@vt.edu wrote:
On Tue, 28 Mar 2017 15:51:43 -0700, Seth Mattinen said:
Has there ever been a real survey that asks people where they think Google gets the money to support things like Gmail for "free"? There's a difference. Google only gets to aggregate data you pass to Google. Your ISP gets to aggregate data you pass to *anybody*. The difference matters.
I know, I'm not picking on Google like the other post was, other than to bring up that point that a lot of non-technical people don't connect that free Gmail means something has to pay for it. When I talk to people they have this expectation of free internet because ISPs charging for internet access is greedy when most most everything online is free. The internet is just a nebulous thing out there that's "free". So ultimately you have ISPs that sell data to marketers so they can meet the demands from sales/marketing to offer $10 gigabit internet access with no contracts and free install. ~Seth
Seth, Hmmm... I hadn't heard about the $10 Internet access with no contracts and free installation. I'm pretty sure that's a complete fantasy, and that every ISP on the planet makes sure they get a tidy profit from the contract fees that lock in customers, with zero advertising income. Money from stealing user browser data is just gravy. Not that I'm opposed to gravy, but not when I, as a customer, don't get any. Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen. -mel beckman
On Mar 28, 2017, at 4:26 PM, Seth Mattinen <sethm@rollernet.us> wrote:
On 3/28/17 16:08, valdis.kletnieks@vt.edu wrote: On Tue, 28 Mar 2017 15:51:43 -0700, Seth Mattinen said:
Has there ever been a real survey that asks people where they think Google gets the money to support things like Gmail for "free"? There's a difference. Google only gets to aggregate data you pass to Google. Your ISP gets to aggregate data you pass to *anybody*. The difference matters.
I know, I'm not picking on Google like the other post was, other than to bring up that point that a lot of non-technical people don't connect that free Gmail means something has to pay for it. When I talk to people they have this expectation of free internet because ISPs charging for internet access is greedy when most most everything online is free. The internet is just a nebulous thing out there that's "free".
So ultimately you have ISPs that sell data to marketers so they can meet the demands from sales/marketing to offer $10 gigabit internet access with no contracts and free install.
~Seth
On 3/28/17 17:17, Mel Beckman wrote:
Hmmm... I hadn't heard about the $10 Internet access with no contracts and free installation. I'm pretty sure that's a complete fantasy, and that every ISP on the planet makes sure they get a tidy profit from the contract fees that lock in customers, with zero advertising income. Money from stealing user browser data is just gravy. Not that I'm opposed to gravy, but not when I, as a customer, don't get any.
I'm mostly being speculatively facetious. All I can say for sure is they do that NXDOMAIN thing unless you opt out, good for 1 year only, so remember to renew your opt out annually. But I just don't use their resolvers. ~Seth
Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen.
https://arstechnica.com/information-technology/2013/12/att-offers-gigabit-in... ? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal
Hugo, That's a great find! I note in the article: "Not only is the price of the premier service (with ads) only $70 a month, but it comes with a waiver of equipment, installation, and activation fees. The standard service without ads is $99 a month..." So that's $29 a month to let AT&T track your Web browsing, but only for targeting ads. ATT promises "And we won’t sell your personal information to anyone, for any reason." I would guess that the ability to sell that data would be worth several times the $29/month, so it's conceivable that a provider could offer $10/mo Gig Internet in exchange for browsing history. But nobody does. Because they think they can steal it. I think this pretty well demonstrates the greed of the big-ISP executives who lobbied for today's legislative atrocity, which lets them rob customers of browsing history that even AT&T execs acknowledge users own. -mel beckman On Mar 28, 2017, at 5:56 PM, Hugo Slabbert <hugo@slabnet.com<mailto:hugo@slabnet.com>> wrote: Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen. https://arstechnica.com/information-technology/2013/12/att-offers-gigabit-in... ? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com<mailto:hugo@slabnet.com> pgp key: B178313E | also on Signal
What about little ISPs? There are already monetization platforms out there that can be resold to small ISPs. The company sells the aggregate data upstream. Not that I would, but in a small ISP, that money makes a big difference. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Mel Beckman" <mel@beckman.org> To: "Hugo Slabbert" <hugo@slabnet.com> Cc: nanog@nanog.org Sent: Tuesday, March 28, 2017 8:08:19 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal Hugo, That's a great find! I note in the article: "Not only is the price of the premier service (with ads) only $70 a month, but it comes with a waiver of equipment, installation, and activation fees. The standard service without ads is $99 a month..." So that's $29 a month to let AT&T track your Web browsing, but only for targeting ads. ATT promises "And we won’t sell your personal information to anyone, for any reason." I would guess that the ability to sell that data would be worth several times the $29/month, so it's conceivable that a provider could offer $10/mo Gig Internet in exchange for browsing history. But nobody does. Because they think they can steal it. I think this pretty well demonstrates the greed of the big-ISP executives who lobbied for today's legislative atrocity, which lets them rob customers of browsing history that even AT&T execs acknowledge users own. -mel beckman On Mar 28, 2017, at 5:56 PM, Hugo Slabbert <hugo@slabnet.com<mailto:hugo@slabnet.com>> wrote: Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen. https://arstechnica.com/information-technology/2013/12/att-offers-gigabit-in... ? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com<mailto:hugo@slabnet.com> pgp key: B178313E | also on Signal
What about bank robbery? Little ISPs could supplement their incomes using that immoral revenue stream too. The ends don't justify the means. Browsing history belongs to the user, not the ISP. Robbing users of this data is not justified just because it would give ISPs -- of any size -- a new revenue stream. -mel beckman
On Mar 28, 2017, at 6:14 PM, Mike Hammett <nanog@ics-il.net> wrote:
What about little ISPs? There are already monetization platforms out there that can be resold to small ISPs. The company sells the aggregate data upstream. Not that I would, but in a small ISP, that money makes a big difference.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Mel Beckman" <mel@beckman.org> To: "Hugo Slabbert" <hugo@slabnet.com> Cc: nanog@nanog.org Sent: Tuesday, March 28, 2017 8:08:19 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Hugo,
That's a great find! I note in the article:
"Not only is the price of the premier service (with ads) only $70 a month, but it comes with a waiver of equipment, installation, and activation fees. The standard service without ads is $99 a month..."
So that's $29 a month to let AT&T track your Web browsing, but only for targeting ads. ATT promises "And we won’t sell your personal information to anyone, for any reason."
I would guess that the ability to sell that data would be worth several times the $29/month, so it's conceivable that a provider could offer $10/mo Gig Internet in exchange for browsing history.
But nobody does.
Because they think they can steal it.
I think this pretty well demonstrates the greed of the big-ISP executives who lobbied for today's legislative atrocity, which lets them rob customers of browsing history that even AT&T execs acknowledge users own.
-mel beckman
On Mar 28, 2017, at 5:56 PM, Hugo Slabbert <hugo@slabnet.com<mailto:hugo@slabnet.com>> wrote:
Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen.
https://arstechnica.com/information-technology/2013/12/att-offers-gigabit-in... ? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com<mailto:hugo@slabnet.com> pgp key: B178313E | also on Signal
Yeah, I think we're done here. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Mel Beckman" <mel@beckman.org> To: "Mike Hammett" <nanog@ics-il.net> Cc: nanog@nanog.org Sent: Tuesday, March 28, 2017 8:19:08 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal What about bank robbery? Little ISPs could supplement their incomes using that immoral revenue stream too. The ends don't justify the means. Browsing history belongs to the user, not the ISP. Robbing users of this data is not justified just because it would give ISPs -- of any size -- a new revenue stream. -mel beckman
On Mar 28, 2017, at 6:14 PM, Mike Hammett <nanog@ics-il.net> wrote:
What about little ISPs? There are already monetization platforms out there that can be resold to small ISPs. The company sells the aggregate data upstream. Not that I would, but in a small ISP, that money makes a big difference.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Mel Beckman" <mel@beckman.org> To: "Hugo Slabbert" <hugo@slabnet.com> Cc: nanog@nanog.org Sent: Tuesday, March 28, 2017 8:08:19 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Hugo,
That's a great find! I note in the article:
"Not only is the price of the premier service (with ads) only $70 a month, but it comes with a waiver of equipment, installation, and activation fees. The standard service without ads is $99 a month..."
So that's $29 a month to let AT&T track your Web browsing, but only for targeting ads. ATT promises "And we won’t sell your personal information to anyone, for any reason."
I would guess that the ability to sell that data would be worth several times the $29/month, so it's conceivable that a provider could offer $10/mo Gig Internet in exchange for browsing history.
But nobody does.
Because they think they can steal it.
I think this pretty well demonstrates the greed of the big-ISP executives who lobbied for today's legislative atrocity, which lets them rob customers of browsing history that even AT&T execs acknowledge users own.
-mel beckman
On Mar 28, 2017, at 5:56 PM, Hugo Slabbert <hugo@slabnet.com<mailto:hugo@slabnet.com>> wrote:
Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen.
https://arstechnica.com/information-technology/2013/12/att-offers-gigabit-in... ? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com<mailto:hugo@slabnet.com> pgp key: B178313E | also on Signal
Even though your example is a bit melodramatic I agree with the concept, all the arguments against the ownership that users have on their own data is just hogwash. If there needs to be government imposed regulations to ensure it, I have zero problems with it. On 29/03/2017 03:19, Mel Beckman wrote:
What about bank robbery? Little ISPs could supplement their incomes using that immoral revenue stream too. The ends don't justify the means. Browsing history belongs to the user, not the ISP. Robbing users of this data is not justified just because it would give ISPs -- of any size -- a new revenue stream.
-mel beckman
On Mar 28, 2017, at 6:14 PM, Mike Hammett <nanog@ics-il.net> wrote:
What about little ISPs? There are already monetization platforms out there that can be resold to small ISPs. The company sells the aggregate data upstream. Not that I would, but in a small ISP, that money makes a big difference.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Mel Beckman" <mel@beckman.org> To: "Hugo Slabbert" <hugo@slabnet.com> Cc: nanog@nanog.org Sent: Tuesday, March 28, 2017 8:08:19 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Hugo,
That's a great find! I note in the article:
"Not only is the price of the premier service (with ads) only $70 a month, but it comes with a waiver of equipment, installation, and activation fees. The standard service without ads is $99 a month..."
So that's $29 a month to let AT&T track your Web browsing, but only for targeting ads. ATT promises "And we won’t sell your personal information to anyone, for any reason."
I would guess that the ability to sell that data would be worth several times the $29/month, so it's conceivable that a provider could offer $10/mo Gig Internet in exchange for browsing history.
But nobody does.
Because they think they can steal it.
I think this pretty well demonstrates the greed of the big-ISP executives who lobbied for today's legislative atrocity, which lets them rob customers of browsing history that even AT&T execs acknowledge users own.
-mel beckman
On Mar 28, 2017, at 5:56 PM, Hugo Slabbert <hugo@slabnet.com<mailto:hugo@slabnet.com>> wrote:
Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen.
https://arstechnica.com/information-technology/2013/12/att-offers-gigabit-in... ? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com<mailto:hugo@slabnet.com> pgp key: B178313E | also on Signal
Davide, My example is simply a reductio ad absurdum, to demonstrate the error of the idea that ISPs should be allowed to resell data "because money". :) -mel
On Mar 29, 2017, at 12:08 AM, Davide Davini <diotonante@gmail.com> wrote:
Even though your example is a bit melodramatic I agree with the concept, all the arguments against the ownership that users have on their own data is just hogwash.
If there needs to be government imposed regulations to ensure it, I have zero problems with it.
On 29/03/2017 03:19, Mel Beckman wrote: What about bank robbery? Little ISPs could supplement their incomes using that immoral revenue stream too. The ends don't justify the means. Browsing history belongs to the user, not the ISP. Robbing users of this data is not justified just because it would give ISPs -- of any size -- a new revenue stream.
-mel beckman
On Mar 28, 2017, at 6:14 PM, Mike Hammett <nanog@ics-il.net> wrote:
What about little ISPs? There are already monetization platforms out there that can be resold to small ISPs. The company sells the aggregate data upstream. Not that I would, but in a small ISP, that money makes a big difference.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Mel Beckman" <mel@beckman.org> To: "Hugo Slabbert" <hugo@slabnet.com> Cc: nanog@nanog.org Sent: Tuesday, March 28, 2017 8:08:19 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Hugo,
That's a great find! I note in the article:
"Not only is the price of the premier service (with ads) only $70 a month, but it comes with a waiver of equipment, installation, and activation fees. The standard service without ads is $99 a month..."
So that's $29 a month to let AT&T track your Web browsing, but only for targeting ads. ATT promises "And we won’t sell your personal information to anyone, for any reason."
I would guess that the ability to sell that data would be worth several times the $29/month, so it's conceivable that a provider could offer $10/mo Gig Internet in exchange for browsing history.
But nobody does.
Because they think they can steal it.
I think this pretty well demonstrates the greed of the big-ISP executives who lobbied for today's legislative atrocity, which lets them rob customers of browsing history that even AT&T execs acknowledge users own.
-mel beckman
On Mar 28, 2017, at 5:56 PM, Hugo Slabbert <hugo@slabnet.com<mailto:hugo@slabnet.com>> wrote:
Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen.
https://arstechnica.com/information-technology/2013/12/att-offers-gigabit-in... ? -- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com<mailto:hugo@slabnet.com> pgp key: B178313E | also on Signal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded. So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong. Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google. ---rsk
Why am I supposed to care? ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded. So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong. Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google. ---rsk
Mike: My guess is you do not. Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations. Later in this thread you said “we are done here”. Would that you were so lucky. -- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling. Note that I don't intend to ever do this at my ISP, nor my IX. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal Mike: My guess is you do not. Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations. Later in this thread you said “we are done here”. Would that you were so lucky. -- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
Thanks, I was a bit confused why you said it, which is apparently because I was confused. :-) I agree we need to do a better job educating users why this is important. And just so my opinion is clear, if there were a true market, I would not mind ISPs who did this (with proper notice). Unfortunately, over half of all households in the US have one or fewer choices for broadband providers. I am one of them. What do I do if my ISP wants to collect my data? VPN everything? -- TTFN, patrick
On Mar 28, 2017, at 10:18 PM, Mike Hammett <nanog@ics-il.net> wrote:
It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling.
Note that I don't intend to ever do this at my ISP, nor my IX.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> From: "Patrick W. Gilmore" <patrick@ianai.net <mailto:patrick@ianai.net>> To: "NANOG list" <nanog@nanog.org <mailto:nanog@nanog.org>> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Mike:
My guess is you do not.
Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations.
Later in this thread you said “we are done here”. Would that you were so lucky.
-- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net <mailto:nanog@ics-il.net>> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org <mailto:rsk@gsp.org>> To: nanog@nanog.org <mailto:nanog@nanog.org> Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
Are there really no others or are the ones that are there just marketing themselves poorly? Any nearby you could convince to expand? Over my WISP's coverage, I have at least 13 WISP competitors, 7 broadband wireline and nearly that many enterprise fiber. I admit that may be exceptional. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:25:54 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal Thanks, I was a bit confused why you said it, which is apparently because I was confused. :-) I agree we need to do a better job educating users why this is important. And just so my opinion is clear, if there were a true market, I would not mind ISPs who did this (with proper notice). Unfortunately, over half of all households in the US have one or fewer choices for broadband providers. I am one of them. What do I do if my ISP wants to collect my data? VPN everything? -- TTFN, patrick
On Mar 28, 2017, at 10:18 PM, Mike Hammett <nanog@ics-il.net> wrote:
It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling.
Note that I don't intend to ever do this at my ISP, nor my IX.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> From: "Patrick W. Gilmore" <patrick@ianai.net <mailto:patrick@ianai.net>> To: "NANOG list" <nanog@nanog.org <mailto:nanog@nanog.org>> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Mike:
My guess is you do not.
Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations.
Later in this thread you said “we are done here”. Would that you were so lucky.
-- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net <mailto:nanog@ics-il.net>> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org <mailto:rsk@gsp.org>> To: nanog@nanog.org <mailto:nanog@nanog.org> Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
Mike: I know Mr. Glass thinks of me as a not knowledgeable network professional, but I hope you know I’ve been doing “ISP stuff” for a couple decades. I know how to work the system. There really are not any other broadband providers in my area. Hell, LTE doesn’t even work well in my house, and I am less than a dozen miles from the center of Boston. But more importantly, even if there were a second provider, how do you expect Joe & Mary User to find that provider if I cannot? (Not trying to be arrogant, just saying I am more experience in this field than the average consumer.) Broadband competition in the US is a myth, at least for most people. At best, competition is the exception, not the rule. At worst, it’s a thinly veiled monopoly. Hell, they brag about it being a duopoly where they can, as if that’s a great thing. Comcast’s chairman brags that Time Warner & Comcast do not compete in any cities. -- TTFN, patrick
On Mar 29, 2017, at 6:35 AM, Mike Hammett <nanog@ics-il.net> wrote:
Are there really no others or are the ones that are there just marketing themselves poorly? Any nearby you could convince to expand?
Over my WISP's coverage, I have at least 13 WISP competitors, 7 broadband wireline and nearly that many enterprise fiber. I admit that may be exceptional.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:25:54 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Thanks, I was a bit confused why you said it, which is apparently because I was confused. :-)
I agree we need to do a better job educating users why this is important.
And just so my opinion is clear, if there were a true market, I would not mind ISPs who did this (with proper notice). Unfortunately, over half of all households in the US have one or fewer choices for broadband providers. I am one of them. What do I do if my ISP wants to collect my data? VPN everything?
-- TTFN, patrick
On Mar 28, 2017, at 10:18 PM, Mike Hammett <nanog@ics-il.net> wrote:
It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling.
Note that I don't intend to ever do this at my ISP, nor my IX.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> From: "Patrick W. Gilmore" <patrick@ianai.net <mailto:patrick@ianai.net>> To: "NANOG list" <nanog@nanog.org <mailto:nanog@nanog.org>> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Mike:
My guess is you do not.
Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations.
Later in this thread you said “we are done here”. Would that you were so lucky.
-- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net <mailto:nanog@ics-il.net>> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org <mailto:rsk@gsp.org>> To: nanog@nanog.org <mailto:nanog@nanog.org> Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
I know most of the people in the thread have been doing this a long time, the others I just don't know anything about them. FWIW: Glass has been running an ISP for 20 - 25 years, has given Congressional\FCC testimony, etc. He's not an industry slouch either, just with a different political standing. Certainly independents need better marketing machines, but the past 10 - 15 years, they've been beaten down pretty badly with the general public flocking to the incumbents and the masochism that entails. As my ISP tries to grow, in the same conversation I've had a property manager complain about Comcast and then say they don't need me because they have Comcast. I know that's not a technical battle. Heck, I've been trying to hire a sales\biz dev guy for the better part of two years. I never get anyone reasonable responding. One guy asked what B2B was. We need those anchor enterprise, government, MDU accounts in an area to justify the expense and low ROI of single family homes. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Wednesday, March 29, 2017 7:58:57 AM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal Mike: I know Mr. Glass thinks of me as a not knowledgeable network professional, but I hope you know I’ve been doing “ISP stuff” for a couple decades. I know how to work the system. There really are not any other broadband providers in my area. Hell, LTE doesn’t even work well in my house, and I am less than a dozen miles from the center of Boston. But more importantly, even if there were a second provider, how do you expect Joe & Mary User to find that provider if I cannot? (Not trying to be arrogant, just saying I am more experience in this field than the average consumer.) Broadband competition in the US is a myth, at least for most people. At best, competition is the exception, not the rule. At worst, it’s a thinly veiled monopoly. Hell, they brag about it being a duopoly where they can, as if that’s a great thing. Comcast’s chairman brags that Time Warner & Comcast do not compete in any cities. -- TTFN, patrick
On Mar 29, 2017, at 6:35 AM, Mike Hammett <nanog@ics-il.net> wrote:
Are there really no others or are the ones that are there just marketing themselves poorly? Any nearby you could convince to expand?
Over my WISP's coverage, I have at least 13 WISP competitors, 7 broadband wireline and nearly that many enterprise fiber. I admit that may be exceptional.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:25:54 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Thanks, I was a bit confused why you said it, which is apparently because I was confused. :-)
I agree we need to do a better job educating users why this is important.
And just so my opinion is clear, if there were a true market, I would not mind ISPs who did this (with proper notice). Unfortunately, over half of all households in the US have one or fewer choices for broadband providers. I am one of them. What do I do if my ISP wants to collect my data? VPN everything?
-- TTFN, patrick
On Mar 28, 2017, at 10:18 PM, Mike Hammett <nanog@ics-il.net> wrote:
It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling.
Note that I don't intend to ever do this at my ISP, nor my IX.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> From: "Patrick W. Gilmore" <patrick@ianai.net <mailto:patrick@ianai.net>> To: "NANOG list" <nanog@nanog.org <mailto:nanog@nanog.org>> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Mike:
My guess is you do not.
Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations.
Later in this thread you said “we are done here”. Would that you were so lucky.
-- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net <mailto:nanog@ics-il.net>> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org <mailto:rsk@gsp.org>> To: nanog@nanog.org <mailto:nanog@nanog.org> Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
On Mar 29, 2017, at 6:35 AM, Mike Hammett <nanog@ics-il.net> wrote:
Are there really no others or are the ones that are there just marketing
Lowering barriers to entry is where the next political focus should be. Joe Loiacono From: Mike Hammett <nanog@ics-il.net> To: Cc: NANOG list <nanog@nanog.org> Date: 03/29/2017 09:13 AM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal Sent by: "NANOG" <nanog-bounces@nanog.org> I know most of the people in the thread have been doing this a long time, the others I just don't know anything about them. FWIW: Glass has been running an ISP for 20 - 25 years, has given Congressional\FCC testimony, etc. He's not an industry slouch either, just with a different political standing. Certainly independents need better marketing machines, but the past 10 - 15 years, they've been beaten down pretty badly with the general public flocking to the incumbents and the masochism that entails. As my ISP tries to grow, in the same conversation I've had a property manager complain about Comcast and then say they don't need me because they have Comcast. I know that's not a technical battle. Heck, I've been trying to hire a sales\biz dev guy for the better part of two years. I never get anyone reasonable responding. One guy asked what B2B was. We need those anchor enterprise, government, MDU accounts in an area to justify the expense and low ROI of single family homes. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Wednesday, March 29, 2017 7:58:57 AM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal Mike: I know Mr. Glass thinks of me as a not knowledgeable network professional, but I hope you know I’ve been doing “ISP stuff” for a couple decades. I know how to work the system. There really are not any other broadband providers in my area. Hell, LTE doesn’t even work well in my house, and I am less than a dozen miles from the center of Boston. But more importantly, even if there were a second provider, how do you expect Joe & Mary User to find that provider if I cannot? (Not trying to be arrogant, just saying I am more experience in this field than the average consumer.) Broadband competition in the US is a myth, at least for most people. At best, competition is the exception, not the rule. At worst, it’s a thinly veiled monopoly. Hell, they brag about it being a duopoly where they can, as if that’s a great thing. Comcast’s chairman brags that Time Warner & Comcast do not compete in any cities. -- TTFN, patrick themselves poorly? Any nearby you could convince to expand?
Over my WISP's coverage, I have at least 13 WISP competitors, 7
broadband wireline and nearly that many enterprise fiber. I admit that may be exceptional.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:25:54 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and
engineers opposed to FCC privacy repeal
Thanks, I was a bit confused why you said it, which is apparently
because I was confused. :-)
I agree we need to do a better job educating users why this is
important.
And just so my opinion is clear, if there were a true market, I would
not mind ISPs who did this (with proper notice). Unfortunately, over half of all households in the US have one or fewer choices for broadband providers. I am one of them. What do I do if my ISP wants to collect my data? VPN everything?
-- TTFN, patrick
On Mar 28, 2017, at 10:18 PM, Mike Hammett <nanog@ics-il.net> wrote:
It was more a plea to educate the list on why this matters vs. doom and
Note that I don't intend to ever do this at my ISP, nor my IX.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <
https://plus.google.com/+IntelligentComputingSolutionsDeKalb> < https://www.linkedin.com/company/intelligent-computing-solutions> < https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> < https://www.linkedin.com/company/midwest-internet-exchange> < https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> < https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> From: "Patrick W. Gilmore" <patrick@ianai.net <mailto:patrick@ianai.net
To: "NANOG list" <nanog@nanog.org <mailto:nanog@nanog.org>> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Mike:
My guess is you do not.
Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations.
Later in this thread you said “we are done here”. Would that you were so lucky.
-- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net < mailto:nanog@ics-il.net>> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org <mailto:rsk@gsp.org>> To: nanog@nanog.org <mailto:nanog@nanog.org> Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is
gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling. that
the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal
the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent
on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
On Mar 29, 2017, at 9:59 AM, Joe Loiacono <jloiacon@csc.com> wrote:
Lowering barriers to entry is where the next political focus should be.
Joe Loiacono
And there you have much of the problem with this privacy bill. Read the actual Report and Order: https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf <https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf> 219 pages You want to start a competitive ISP these days? Make sure you: Incorporate your business Obtain Liability, Workers Comp, Unemployment, Auto Insurance Comply with the FCC Privacy Act (short reading, requires considerable investment in tracking opt in, opt out, privacy policies) File the mandatory FCC 477 filings twice a year with detailed information on the geolocation of all of your customers and service area. If offering VoIP service file your 499-A and Quarterly 499-Q’s with the FCC Draft your “Open Internet Disclosure Statement”, pay a FCC lawyer a couple grand to renew it, make sure it’s prominent on your website Build your website Obtain bandwidth and IP, fill out your ARIN information. Make up your “Consumer Label” for Broadband: https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services <https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services> (probably need a lawyer for this too..) Pay the lawyer to write your “Terms of Service” so that you have at least some chance of surviving the lawsuits Implement your CALEA plan and file that paperwork with the FBI so they can find you Register with the Copyright office so that you can deal with DMCA notices. Establish your copyright policy and procedures. Have your lawyer review it. Make sure you comply with 18 USC 2258A regarding reporting and registration for kiddie porn, train your employees Make sure you have a CPNI policy, training, and report to the FCC yearly Implement and file your Section 255 “Disability Rights” policy and make sure you file yearly with the FCC your information Slap up a Ubiquiti access point and you can now make millions of dollars in short order. I’m sure I forgot a few things like “build your network”, but that’s simple. Mark
+1bazillion What mark said! On Wed, Mar 29, 2017 at 2:26 PM Mark Radabaugh <mark@amplex.net> wrote:
On Mar 29, 2017, at 9:59 AM, Joe Loiacono <jloiacon@csc.com> wrote:
Lowering barriers to entry is where the next political focus should be.
Joe Loiacono
And there you have much of the problem with this privacy bill.
Read the actual Report and Order: https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf < https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf>
219 pages
You want to start a competitive ISP these days? Make sure you:
Incorporate your business Obtain Liability, Workers Comp, Unemployment, Auto Insurance Comply with the FCC Privacy Act (short reading, requires considerable investment in tracking opt in, opt out, privacy policies) File the mandatory FCC 477 filings twice a year with detailed information on the geolocation of all of your customers and service area. If offering VoIP service file your 499-A and Quarterly 499-Q’s with the FCC Draft your “Open Internet Disclosure Statement”, pay a FCC lawyer a couple grand to renew it, make sure it’s prominent on your website Build your website Obtain bandwidth and IP, fill out your ARIN information. Make up your “Consumer Label” for Broadband: https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services < https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services> (probably need a lawyer for this too..) Pay the lawyer to write your “Terms of Service” so that you have at least some chance of surviving the lawsuits Implement your CALEA plan and file that paperwork with the FBI so they can find you Register with the Copyright office so that you can deal with DMCA notices. Establish your copyright policy and procedures. Have your lawyer review it. Make sure you comply with 18 USC 2258A regarding reporting and registration for kiddie porn, train your employees Make sure you have a CPNI policy, training, and report to the FCC yearly Implement and file your Section 255 “Disability Rights” policy and make sure you file yearly with the FCC your information
Slap up a Ubiquiti access point and you can now make millions of dollars in short order.
I’m sure I forgot a few things like “build your network”, but that’s simple.
Mark
The vast majority of obligations you describe continue to exist and don't have anything to do with this bill. On Wed, Mar 29, 2017 at 4:02 PM, Mark Radabaugh <mark@amplex.net> wrote:
On Mar 29, 2017, at 9:59 AM, Joe Loiacono <jloiacon@csc.com> wrote:
Lowering barriers to entry is where the next political focus should be.
Joe Loiacono
And there you have much of the problem with this privacy bill.
Read the actual Report and Order: https://apps.fcc.gov/edocs_ public/attachmatch/FCC-16-148A1.pdf <https://apps.fcc.gov/edocs_ public/attachmatch/FCC-16-148A1.pdf>
219 pages
You want to start a competitive ISP these days? Make sure you:
Incorporate your business Obtain Liability, Workers Comp, Unemployment, Auto Insurance Comply with the FCC Privacy Act (short reading, requires considerable investment in tracking opt in, opt out, privacy policies) File the mandatory FCC 477 filings twice a year with detailed information on the geolocation of all of your customers and service area. If offering VoIP service file your 499-A and Quarterly 499-Q’s with the FCC Draft your “Open Internet Disclosure Statement”, pay a FCC lawyer a couple grand to renew it, make sure it’s prominent on your website Build your website Obtain bandwidth and IP, fill out your ARIN information. Make up your “Consumer Label” for Broadband: https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services < https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services> (probably need a lawyer for this too..) Pay the lawyer to write your “Terms of Service” so that you have at least some chance of surviving the lawsuits Implement your CALEA plan and file that paperwork with the FBI so they can find you Register with the Copyright office so that you can deal with DMCA notices. Establish your copyright policy and procedures. Have your lawyer review it. Make sure you comply with 18 USC 2258A regarding reporting and registration for kiddie porn, train your employees Make sure you have a CPNI policy, training, and report to the FCC yearly Implement and file your Section 255 “Disability Rights” policy and make sure you file yearly with the FCC your information
Slap up a Ubiquiti access point and you can now make millions of dollars in short order.
I’m sure I forgot a few things like “build your network”, but that’s simple.
Mark
-- Fletcher Kittredge GWI 207-602-1134 www.gwi.net
On Wed, 29 Mar 2017 16:02:45 -0400, Mark Radabaugh said:
And there you have much of the problem with this privacy bill.
Hate to break it to you, but most of the gripes you have here are things you really *want* to do - they're things that reduce your personal liability and/or chance of ending up in prison. Just because you seem to be anti-regulation doesn't rule out the existence of regulations that are actually there to *help* you run your business.
Incorporate your business
That's usually a given for *any* business unless you want to be sued to your skivvies...
Obtain Liability, Workers Comp, Unemployment, Auto Insurance
Ditto.
Obtain bandwidth and IP, fill out your ARIN information.
You're gonna need to do that no matter how anti-regulation you are.
Pay the lawyer to write your “Terms of Service” so that you have at least some chance of surviving the lawsuits
Or you can gamble on the lawsuits you'll get if you have an abusive customer who doesn't want you to cut them off.
Implement your CALEA plan and file that paperwork with the FBI so they can find you Register with the Copyright office so that you can deal with DMCA notices. Establish your copyright policy and procedures. Have your lawyer review it. Make sure you comply with 18 USC 2258A regarding reporting and registration for kiddie porn, train your employees
Again, would you rather follow these requirements, or deal with the consequences of not following them? I'd recommend you make sure you have your safe harbors mapped out.
On Mar 29, 2017, at 4:52 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 29 Mar 2017 16:02:45 -0400, Mark Radabaugh said:
And there you have much of the problem with this privacy bill.
Hate to break it to you, but most of the gripes you have here are things you really *want* to do - they're things that reduce your personal liability and/or chance of ending up in prison. Just because you seem to be anti-regulation doesn't rule out the existence of regulations that are actually there to *help* you run your business.
Incorporate your business
That's usually a given for *any* business unless you want to be sued to your skivvies...
Obtain Liability, Workers Comp, Unemployment, Auto Insurance
Ditto.
Obtain bandwidth and IP, fill out your ARIN information.
You're gonna need to do that no matter how anti-regulation you are.
Pay the lawyer to write your “Terms of Service” so that you have at least some chance of surviving the lawsuits
Or you can gamble on the lawsuits you'll get if you have an abusive customer who doesn't want you to cut them off.
Implement your CALEA plan and file that paperwork with the FBI so they can find you Register with the Copyright office so that you can deal with DMCA notices. Establish your copyright policy and procedures. Have your lawyer review it. Make sure you comply with 18 USC 2258A regarding reporting and registration for kiddie porn, train your employees
Again, would you rather follow these requirements, or deal with the consequences of not following them? I'd recommend you make sure you have your safe harbors mapped out.
Valdis, You miss my point. One of the major reasons you have a limited number of ISP’s to choose from is that it’s not that simple to start an ISP. There is a lot of regulation and cost involved, much of which is essentially nonsense regulation that has very little application to a small provider, yet can results in significant fines from regulators for doing nothing other than failing to file a annual certification. Did Congress go a bit too far in the CRA? Probably - but at the same time the FCC went way too far with the regulation. Mark
I'm not saying such detailed regulation is really necessary, but it's not really a huge barrier either. Just try to open a food truck (all the rage these ads). You'll find many more regulations than this. The answer to over regulation is political lobbying. A good idea would be requiring retirement of existing obsolete rules before being allowed to create new ones. Oh, wait, that's actually being done now. -mel
On Mar 29, 2017, at 1:53 PM, "valdis.kletnieks@vt.edu" <valdis.kletnieks@vt.edu> wrote:
On Wed, 29 Mar 2017 16:02:45 -0400, Mark Radabaugh said:
And there you have much of the problem with this privacy bill.
Hate to break it to you, but most of the gripes you have here are things you really *want* to do - they're things that reduce your personal liability and/or chance of ending up in prison. Just because you seem to be anti-regulation doesn't rule out the existence of regulations that are actually there to *help* you run your business.
Incorporate your business
That's usually a given for *any* business unless you want to be sued to your skivvies...
Obtain Liability, Workers Comp, Unemployment, Auto Insurance
Ditto.
Obtain bandwidth and IP, fill out your ARIN information.
You're gonna need to do that no matter how anti-regulation you are.
Pay the lawyer to write your “Terms of Service” so that you have at least some chance of surviving the lawsuits
Or you can gamble on the lawsuits you'll get if you have an abusive customer who doesn't want you to cut them off.
Implement your CALEA plan and file that paperwork with the FBI so they can find you Register with the Copyright office so that you can deal with DMCA notices. Establish your copyright policy and procedures. Have your lawyer review it. Make sure you comply with 18 USC 2258A regarding reporting and registration for kiddie porn, train your employees
Again, would you rather follow these requirements, or deal with the consequences of not following them? I'd recommend you make sure you have your safe harbors mapped out.
Why aren't _ALL_ consumer privacy regulations managed by the FTC? Why is the FCC needed here? -Dan On Wed, 29 Mar 2017, Mark Radabaugh wrote:
On Mar 29, 2017, at 9:59 AM, Joe Loiacono <jloiacon@csc.com> wrote:
Lowering barriers to entry is where the next political focus should be.
Joe Loiacono
And there you have much of the problem with this privacy bill.
Read the actual Report and Order: https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf <https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf>
219 pages
You want to start a competitive ISP these days? Make sure you:
Incorporate your business Obtain Liability, Workers Comp, Unemployment, Auto Insurance Comply with the FCC Privacy Act (short reading, requires considerable investment in tracking opt in, opt out, privacy policies) File the mandatory FCC 477 filings twice a year with detailed information on the geolocation of all of your customers and service area. If offering VoIP service file your 499-A and Quarterly 499-Q’s with the FCC Draft your “Open Internet Disclosure Statement”, pay a FCC lawyer a couple grand to renew it, make sure it’s prominent on your website Build your website Obtain bandwidth and IP, fill out your ARIN information. Make up your “Consumer Label” for Broadband: https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services <https://www.fcc.gov/consumers/guides/consumer-labels-broadband-services> (probably need a lawyer for this too..) Pay the lawyer to write your “Terms of Service” so that you have at least some chance of surviving the lawsuits Implement your CALEA plan and file that paperwork with the FBI so they can find you Register with the Copyright office so that you can deal with DMCA notices. Establish your copyright policy and procedures. Have your lawyer review it. Make sure you comply with 18 USC 2258A regarding reporting and registration for kiddie porn, train your employees Make sure you have a CPNI policy, training, and report to the FCC yearly Implement and file your Section 255 “Disability Rights” policy and make sure you file yearly with the FCC your information
Slap up a Ubiquiti access point and you can now make millions of dollars in short order.
I’m sure I forgot a few things like “build your network”, but that’s simple.
Mark
On Mar 29, 2017, at 5:53 PM, Dan Hollis <goemon@sasami.anime.net> wrote:
Why aren't _ALL_ consumer privacy regulations managed by the FTC?
Why is the FCC needed here?
-Dan
This was a consequence of the FCC declaring "information services” a Title II service in an attempt to avoid losing yet another lawsuit over the “Open Internet Principals” of No Blocking, No Throttling, and No Paid Prioritization. Once the FCC declared the internet (information service) a common carrier service that removed all authority of the FTC to regulate. The rules the FCC had in place on privacy are geared toward phone services, not the Internet. The rules didn’t fit so they attempted to write internet specific regulations. There was some good stuff in what the FCC wrote but a whole lot of overkill as well. So what happens now? If Trump signs the CRA (expected) the FCC can not recreate the rules until Congress authorizes them to. Getting legislation allowing more regulation through Congress is pretty unlikely for the next couple of years. If the FCC decides to roll back Title II that takes ‘information service’ out of Title II. The FTC regains the authority to regulate Internet Service. Congress is looking at a complete rewrite of the Communications Act. Everything is up for grabs if this happens. Mark
Wait, so are you saying that the "journalists" and fanboys that pushes so hard for Title II had no idea of the implications of their desires? Say it isn't so. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Mark Radabaugh" <mark@amplex.net> To: "Dan Hollis" <goemon@sasami.anime.net> Cc: "NANOG list" <nanog@nanog.org>, "NANOG" <nanog-bounces@nanog.org> Sent: Wednesday, March 29, 2017 5:06:08 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Mar 29, 2017, at 5:53 PM, Dan Hollis <goemon@sasami.anime.net> wrote:
Why aren't _ALL_ consumer privacy regulations managed by the FTC?
Why is the FCC needed here?
-Dan
This was a consequence of the FCC declaring "information services” a Title II service in an attempt to avoid losing yet another lawsuit over the “Open Internet Principals” of No Blocking, No Throttling, and No Paid Prioritization. Once the FCC declared the internet (information service) a common carrier service that removed all authority of the FTC to regulate. The rules the FCC had in place on privacy are geared toward phone services, not the Internet. The rules didn’t fit so they attempted to write internet specific regulations. There was some good stuff in what the FCC wrote but a whole lot of overkill as well. So what happens now? If Trump signs the CRA (expected) the FCC can not recreate the rules until Congress authorizes them to. Getting legislation allowing more regulation through Congress is pretty unlikely for the next couple of years. If the FCC decides to roll back Title II that takes ‘information service’ out of Title II. The FTC regains the authority to regulate Internet Service. Congress is looking at a complete rewrite of the Communications Act. Everything is up for grabs if this happens. Mark
As I say often. Perhaps a better way of handling things is instead of running to the government every time we get a tear in our eyes, vote with feet\wallets. Support your local independent (well, the ones that believe whatever it is you believe). ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Mike Hammett" <nanog@ics-il.net> To: "Patrick W. Gilmore" <patrick@ianai.net> Cc: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:18:40 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling. Note that I don't intend to ever do this at my ISP, nor my IX. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal Mike: My guess is you do not. Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations. Later in this thread you said “we are done here”. Would that you were so lucky. -- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote:
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
I generally believe less government is better government. But government is still necessary for a few things, such as the military. And privacy. Because privacy invasion is a crime committed in secret, so economic "voting" doesn't work. Without a law prohibiting selling of browser data, ISPs will simply lie and say they don't do it (as many already have). A VPN is no help. Every browser has to jump on the bare Internet somewhere, and where it does, data can be captured and then analyzed to identify individual user signatures. As the NSA (thank you Snowden) has so ably demonstrated. A law gives victims access to the power of legal discovery, civil damages, and even criminal prosecution. Where data privacy is concerned, we must have it. -mel beckman
On Mar 28, 2017, at 7:30 PM, Mike Hammett <nanog@ics-il.net> wrote:
As I say often. Perhaps a better way of handling things is instead of running to the government every time we get a tear in our eyes, vote with feet\wallets. Support your local independent (well, the ones that believe whatever it is you believe).
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Mike Hammett" <nanog@ics-il.net> To: "Patrick W. Gilmore" <patrick@ianai.net> Cc: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:18:40 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling.
Note that I don't intend to ever do this at my ISP, nor my IX.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Mike:
My guess is you do not.
Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations.
Later in this thread you said “we are done here”. Would that you were so lucky.
-- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote: The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
What is lost if AT&T or Comcast sells my anonymized usage habits? Quite frankly I think targeting advertising is a great thing. On TV I see all kinds of commercials for medicine for diseases I've never heard of, old people complications I won't have for another 40 or 50 years, etc. Waste of my time, waste of their dollars. Targeted advertising brings me Hurricane Electric advertisements, network gear, servers, etc. Things I'm likely to be shopping for. Seems better in every way. You'd have better luck getting regulation passed with precise language. The collected information can (or cannot) be used in these specific ways. ISPs lying? Sounds like something for the courts, not capitol hill. Otherwise it just sounds like whining. I don't like them either, but certain groups will do whatever they can do "get back" at AT&T, Comcast, etc. regardless of what flag they're flying at the time (privacy, net neutrality, doughnut selections, whatever). ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Mel Beckman" <mel@beckman.org> To: "Mike Hammett" <nanog@ics-il.net> Cc: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 10:11:57 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal I generally believe less government is better government. But government is still necessary for a few things, such as the military. And privacy. Because privacy invasion is a crime committed in secret, so economic "voting" doesn't work. Without a law prohibiting selling of browser data, ISPs will simply lie and say they don't do it (as many already have). A VPN is no help. Every browser has to jump on the bare Internet somewhere, and where it does, data can be captured and then analyzed to identify individual user signatures. As the NSA (thank you Snowden) has so ably demonstrated. A law gives victims access to the power of legal discovery, civil damages, and even criminal prosecution. Where data privacy is concerned, we must have it. -mel beckman
On Mar 28, 2017, at 7:30 PM, Mike Hammett <nanog@ics-il.net> wrote:
As I say often. Perhaps a better way of handling things is instead of running to the government every time we get a tear in our eyes, vote with feet\wallets. Support your local independent (well, the ones that believe whatever it is you believe).
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Mike Hammett" <nanog@ics-il.net> To: "Patrick W. Gilmore" <patrick@ianai.net> Cc: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:18:40 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
It was more a plea to educate the list on why this matters vs. doom and gloom with a little more gloom and a little less Carmack. Instead I got more of the sky is falling.
Note that I don't intend to ever do this at my ISP, nor my IX.
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Patrick W. Gilmore" <patrick@ianai.net> To: "NANOG list" <nanog@nanog.org> Sent: Tuesday, March 28, 2017 9:12:15 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
Mike:
My guess is you do not.
Which is -precisely- why the users (proletariat?) need to find a way to stop you. Hence laws & regulations.
Later in this thread you said “we are done here”. Would that you were so lucky.
-- TTFN, patrick
On Mar 28, 2017, at 5:58 PM, Mike Hammett <nanog@ics-il.net> wrote:
Why am I supposed to care?
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Tuesday, March 28, 2017 4:45:25 PM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal
On Tue, Mar 28, 2017 at 06:45:04PM +0000, Mel Beckman wrote: The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
This needs to be repeated loudly and often at every possible opportunity. I've spent much of the past decade studying this issue and the most succinct way I can put it is that however good you (generic "you") think de-anonymization techniques are, you're wrong: they're way better than that. Billions, and I am not exaggerating even a little bit, have been spent on this problem, and they've been spent by smart people with essentially unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized", the default response should be to mock them, because there is a very high probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course with nearly 40 years in the field I'm a mere clueless newbie and despite ripping them a new one about once every other month, I'm clearly a tool of Google.
---rsk
On Wed, Mar 29, 2017 at 05:48:11AM -0500, Mike Hammett wrote:
What is lost if AT&T or Comcast sells my anonymized usage habits?
They're NOT anonymized. Aren't you paying attention? Anonymization -- *real* anonymization -- is hard. Hard means expensive. It also reduces the sale price of the data. There is no reason for any of these companies to spend the required money in order to sell the data for less than they could get otherwise. Why should they reduce their obscene profits? (a) Nobody's going to make them and (b) most people are as ignorant as you are and therefore aren't demanding it. It's much easier and more profitable to *claim* that the data is anonymized, maybe make a token (and worthless) gesture at making it so, and laugh all the way to the bank. And let me note that in passing that even if -- and this is a very faint "if" -- they're really anonymizing your data, it's not anonymized at the point of collection. Sooner or later, someone with access -- whether authorized or not -- will tap into that. Of course they will, it's far too valuable to be ignored indefinitely. Maybe it'll be an insider operation, maybe it'll be just one person, maybe it'll be outside attackers, maybe it'll be an intelligence or law enforcement agency. The point is that these data collection operations are obvious, high-value targets, therefore they WILL be attacked, and given the thoroughly miserable history of the security postures in play, they WILL be attacked succcessfully. So even if you're foolish and naive enough to believe the professional spokesliars at AT&T and Comcast, you should always keep in mind that this data will *not* be confined to those operations. It will be for sale, in raw unredacted form, on the darknet to anyone who can pay and/or it will be loaded into the data warehouses of any agency that chooses to acquire it. ---rsk
And so what if it is? What's the downside here? ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Rich Kulawiec" <rsk@gsp.org> To: nanog@nanog.org Sent: Wednesday, March 29, 2017 6:24:31 AM Subject: Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal On Wed, Mar 29, 2017 at 05:48:11AM -0500, Mike Hammett wrote:
What is lost if AT&T or Comcast sells my anonymized usage habits?
They're NOT anonymized. Aren't you paying attention? Anonymization -- *real* anonymization -- is hard. Hard means expensive. It also reduces the sale price of the data. There is no reason for any of these companies to spend the required money in order to sell the data for less than they could get otherwise. Why should they reduce their obscene profits? (a) Nobody's going to make them and (b) most people are as ignorant as you are and therefore aren't demanding it. It's much easier and more profitable to *claim* that the data is anonymized, maybe make a token (and worthless) gesture at making it so, and laugh all the way to the bank. And let me note that in passing that even if -- and this is a very faint "if" -- they're really anonymizing your data, it's not anonymized at the point of collection. Sooner or later, someone with access -- whether authorized or not -- will tap into that. Of course they will, it's far too valuable to be ignored indefinitely. Maybe it'll be an insider operation, maybe it'll be just one person, maybe it'll be outside attackers, maybe it'll be an intelligence or law enforcement agency. The point is that these data collection operations are obvious, high-value targets, therefore they WILL be attacked, and given the thoroughly miserable history of the security postures in play, they WILL be attacked succcessfully. So even if you're foolish and naive enough to believe the professional spokesliars at AT&T and Comcast, you should always keep in mind that this data will *not* be confined to those operations. It will be for sale, in raw unredacted form, on the darknet to anyone who can pay and/or it will be loaded into the data warehouses of any agency that chooses to acquire it. ---rsk
All if you are in a tizzy over a policy that's been dead for a while. < https://www.google.com/amp/amp.timeinc.net/fortune/2016/09/30/att-internet-f...
-- Ryan Stoner On Mar 29, 2017 6:26 AM, "Rich Kulawiec" <rsk@gsp.org> wrote: On Wed, Mar 29, 2017 at 05:48:11AM -0500, Mike Hammett wrote:
What is lost if AT&T or Comcast sells my anonymized usage habits?
They're NOT anonymized. Aren't you paying attention? Anonymization -- *real* anonymization -- is hard. Hard means expensive. It also reduces the sale price of the data. There is no reason for any of these companies to spend the required money in order to sell the data for less than they could get otherwise. Why should they reduce their obscene profits? (a) Nobody's going to make them and (b) most people are as ignorant as you are and therefore aren't demanding it. It's much easier and more profitable to *claim* that the data is anonymized, maybe make a token (and worthless) gesture at making it so, and laugh all the way to the bank. And let me note that in passing that even if -- and this is a very faint "if" -- they're really anonymizing your data, it's not anonymized at the point of collection. Sooner or later, someone with access -- whether authorized or not -- will tap into that. Of course they will, it's far too valuable to be ignored indefinitely. Maybe it'll be an insider operation, maybe it'll be just one person, maybe it'll be outside attackers, maybe it'll be an intelligence or law enforcement agency. The point is that these data collection operations are obvious, high-value targets, therefore they WILL be attacked, and given the thoroughly miserable history of the security postures in play, they WILL be attacked succcessfully. So even if you're foolish and naive enough to believe the professional spokesliars at AT&T and Comcast, you should always keep in mind that this data will *not* be confined to those operations. It will be for sale, in raw unredacted form, on the darknet to anyone who can pay and/or it will be loaded into the data warehouses of any agency that chooses to acquire it. ---rsk
On Mar 29, 2017, at 6:48 AM, Mike Hammett <nanog@ics-il.net> wrote:
ISPs lying? Sounds like something for the courts, not capitol hill.
You can’t sue someone because they do something you do not like. Well, you can, but you won’t win. I guess you could ask for the providers to put it in their terms of service so you have something actionable to sue on. Now see my previous post. I tell my provider “put in a clause that says you won’t sell my data”. They reply “no”. And I do … what exactly? . . . . . . . . . Not sure we will get closure here. Some people think ISPs should be allowed to see data. Others do not. I am in the latter camp. The law is on the desk of POTUS which will do exactly what I do not want. My guess is he will sign it. Posting to NANOG will not change that. Shall we agree to disagree and move on? -- TTFN, patrick
On Mon, Mar 27, 2017, at 18:13, Brett Glass wrote:
The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists.
Please keep conspiracy theories off the list, thanks. -- Mark Felder feld@feld.me
participants (23)
-
Brett Glass -
Christopher Morrow -
Dan Hollis -
Davide Davini -
Eric Tykwinski -
Fletcher Kittredge -
Hugo Slabbert -
Jason Schwerberg -
Joe Loiacono -
Mark Felder -
Mark Radabaugh -
Mel Beckman -
Mike Hammett -
Patrick W. Gilmore -
Peter Eckersley -
Rich Kulawiec -
Rod Beck -
Ryan Stoner -
Sean Heskett -
Seth Mattinen -
Tim Pozar -
Tim Pozar -
valdis.kletnieks@vt.edu