FW: Eat this RIAA (or, the war has begun?)
-----Original Message----- From: music-bar-admin@ampfea.org [mailto:music-bar-admin@ampfea.org]On Behalf Of Joost Schuttelaar Sent: Wednesday, August 21, 2002 1:13 PM To: music-bar@ampfea.org Subject: Eat this RIAA (or, the war has begun?)
http://www.informationwave.net/news/20020819riaa.php
Too bad it's just a small ISP.
- Joost
_______________________________________________ music-bar mailing list music-bar@ampfea.org http://www.ampfea.org/mailman/listinfo/music-bar
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
http://www.informationwave.net/news/20020819riaa.php
Too bad it's just a small ISP.
- Joost
_______________________________________________ music-bar mailing list music-bar@ampfea.org http://www.ampfea.org/mailman/listinfo/music-bar
On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either. I suppose if you want symbolism, you can host -l riaa.com and wack their wcom webserver and other stuff at att, but I'd harly call that productive. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Wed, 21 Aug 2002 21:30:27 EDT, Richard A Steenbergen said:
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either.
If you read the URL originally referenced, they intend to blackhole riaa.com itself, and then run a honeynet gnutella network. Anything that pokes their Gnutella and then does anything else on their net that looks suspicious will get blackholed. Just imagine it - lots and lots of ISPs running honeynet Gnutellas, and if you poke around in it you get blackholed. That would make the RIAA's day. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Start now, do whatever it takes. Amongst the paperwork passed to congress, RIAA must have indicated where it's hackers would work from. Why not start there? NANOG should not sit on this. Trust me, if RIAA tried to function without email and internet access for a day or two I think they would get the message. <Nigel> -----Original Message----- From: Richard A Steenbergen [mailto:ras@e-gerbil.net] Sent: Wednesday, August 21, 2002 6:30 PM To: Nigel Clarke Cc: Jerry Eyers; nanog@merit.edu Subject: Re: Eat this RIAA (or, the war has begun?) - Why not all ISPs? On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either. I suppose if you want symbolism, you can host -l riaa.com and wack their wcom webserver and other stuff at att, but I'd harly call that productive. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Wed, Aug 21, 2002 at 09:36:29PM -0700, Nigel Clarke wrote:
Start now, do whatever it takes.
Amongst the paperwork passed to congress, RIAA must have indicated where it's hackers would work from. Why not start there?
NANOG should not sit on this.
Trust me, if RIAA tried to function without email and internet access for a day or two I think they would get the message.
Ok, start listing IPs... If you have them (and can confirm them of course :P), I'm certain a dozen people on this list would put up a bgp feed before you can say "blackhole". Heck I'm certain people would have something to do if you even knew the provider that was planning on giving them service for such activities. Until then, it's all a bunch of speculation, and my money is still on "idle threats and hype". -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Wed, 21 Aug 2002, Richard A Steenbergen wrote:
Ok, start listing IPs... If you have them (and can confirm them of course :P), I'm certain a dozen people on this list would put up a bgp feed before you can say "blackhole". Heck I'm certain people would have something to do if you even knew the provider that was planning on giving them service for such activities.
Start here: avleen@apple:avleen : host -t MX riaa.org riaa.org mail is handled (pri=50) by mail3.riaa.com riaa.org mail is handled (pri=10) by list.sparklist.com riaa.org mail is handled (pri=10) by mail.riaa.com riaa.org mail is handled (pri=25) by mail2.riaa.com -- Avleen Vig Work Time: Unix Systems Administrator Play Time: Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
## On 2002-08-22 08:04 +0100 Avleen Vig typed: AV> AV> Start here: AV> avleen@apple:avleen : host -t MX riaa.org AV> riaa.org mail is handled (pri=50) by mail3.riaa.com AV> riaa.org mail is handled (pri=10) by list.sparklist.com AV> riaa.org mail is handled (pri=10) by mail.riaa.com AV> riaa.org mail is handled (pri=25) by mail2.riaa.com AV> AV> AV> Not quite ;-) (1021)> whois -h whois.networksolutions.com riia.org Registrant: Royal Institute of International Affairs (RIIA-DOM) Chatham House, 10 St James Square London, SW1Y 4YE ENGLAND Domain Name: RIIA.ORG
OOPS - my typo sorry! (standing in the corner with egg on my face ;-) ## On 2002-08-22 11:10 +0300 Rafi Sadowsky typed: RS> RS> RS> ## On 2002-08-22 08:04 +0100 Avleen Vig typed: RS> RS> AV> RS> AV> Start here: RS> AV> avleen@apple:avleen : host -t MX riaa.org RS> AV> riaa.org mail is handled (pri=50) by mail3.riaa.com RS> AV> riaa.org mail is handled (pri=10) by list.sparklist.com RS> AV> riaa.org mail is handled (pri=10) by mail.riaa.com RS> AV> riaa.org mail is handled (pri=25) by mail2.riaa.com RS> AV> RS> AV> RS> AV> RS> RS> RS> Not quite ;-) RS> RS> (1021)> whois -h whois.networksolutions.com riia.org RS> RS> RS> Registrant: RS> Royal Institute of International Affairs (RIIA-DOM) RS> Chatham House, 10 St James Square RS> London, SW1Y 4YE RS> ENGLAND RS> RS> Domain Name: RIIA.ORG RS> RS> RS> RS> RS> RS>
On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either.
The blocking of any an all directly RIAA sites, feeds, etc, would produce an economic reaction. Cut off their sales websites, their basic connectivity (how much money do you think it would cost them to go back to snail mail today?), their [few] subscription sites. Let the money do the work. Yours, J.A. Terranson sysadmin@mfn.org * SPEAKING STRICTLY IN A PERSONAL CAPACITY * at this time anyway. We'll see if we can't change that. Tomorrow. Goddamn right!
However, this type of action might not be necessary at all. Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own? A "polite" letter from a NANOG representative should do the trick. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of J.A. Terranson Sent: Wednesday, August 21, 2002 7:01 PM To: Nigel Clarke Cc: Richard A Steenbergen; Jerry Eyers; nanog@merit.edu Subject: RE: Eat this RIAA (or, the war has begun?) - Why not all ISPs?
On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either.
The blocking of any an all directly RIAA sites, feeds, etc, would produce an economic reaction. Cut off their sales websites, their basic connectivity (how much money do you think it would cost them to go back to snail mail today?), their [few] subscription sites. Let the money do the work. Yours, J.A. Terranson sysadmin@mfn.org * SPEAKING STRICTLY IN A PERSONAL CAPACITY * at this time anyway. We'll see if we can't change that. Tomorrow. Goddamn right!
On Wed, 21 Aug 2002 22:32:22 -0700 "Nigel Clarke" <nigel@forever-networks.com> wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
Well, it seems pretty certain that RIAA is doing DOS attacks on the file sharing systems (by trying to flood them with fake files masquerading as real MP3's). I would assume that these are not idle threats. Regards Marshall Eubanks
A "polite" letter from a NANOG representative should do the trick.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of J.A. Terranson Sent: Wednesday, August 21, 2002 7:01 PM To: Nigel Clarke Cc: Richard A Steenbergen; Jerry Eyers; nanog@merit.edu Subject: RE: Eat this RIAA (or, the war has begun?) - Why not all ISPs?
On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either.
The blocking of any an all directly RIAA sites, feeds, etc, would produce an economic reaction. Cut off their sales websites, their basic connectivity (how much money do you think it would cost them to go back to snail mail today?), their [few] subscription sites.
Let the money do the work.
Yours,
J.A. Terranson sysadmin@mfn.org
* SPEAKING STRICTLY IN A PERSONAL CAPACITY * at this time anyway. We'll see if we can't change that. Tomorrow. Goddamn right!
On Wed, 21 Aug 2002, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
The RIAA's annual budget is roughly $18 million. That pays for lawyers and other stuff which goes into writing "polite" letters. To raise that much money Merit would need to charge about $12,000 per person per NANOG meeting. People complain the current $300 registration fee is too much. NANOG is not a lobbying organization. There are other several organizations (and mailing lists) you may want to consider instead, such as the Electronic Frontier Foundation http://www.eff.org/ You can also write your elected representatives for the price of a postage stamp. Some congress critters even accept e-mail now.
To be perfectly honest, I could care less about any letters. It might be a good idea to follow in the footsteps of Informationwave and just take action. <CLARKE> -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Sean Donelan Sent: Wednesday, August 21, 2002 8:20 PM To: nanog@merit.edu Subject: $12,000 per person registration fee (was RE: Eat this RIAA) On Wed, 21 Aug 2002, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
The RIAA's annual budget is roughly $18 million. That pays for lawyers and other stuff which goes into writing "polite" letters. To raise that much money Merit would need to charge about $12,000 per person per NANOG meeting. People complain the current $300 registration fee is too much. NANOG is not a lobbying organization. There are other several organizations (and mailing lists) you may want to consider instead, such as the Electronic Frontier Foundation http://www.eff.org/ You can also write your elected representatives for the price of a postage stamp. Some congress critters even accept e-mail now.
While I agree with Sean that NANOG is not the place to lobby, I would also state that the coordination of a BGP blockade against RIAA's harmful policies is an internet traffic management issue requiring coordination among providers to solve. Owen Sean Donelan wrote:
On Wed, 21 Aug 2002, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
The RIAA's annual budget is roughly $18 million. That pays for lawyers and other stuff which goes into writing "polite" letters. To raise that much money Merit would need to charge about $12,000 per person per NANOG meeting. People complain the current $300 registration fee is too much.
NANOG is not a lobbying organization. There are other several organizations (and mailing lists) you may want to consider instead, such as the Electronic Frontier Foundation http://www.eff.org/ You can also write your elected representatives for the price of a postage stamp. Some congress critters even accept e-mail now.
Doesn't the RIAA's ISP(s) have an AUP that would put a stop to their behaviour? On Thu, 22 Aug 2002, Owen DeLong wrote:
While I agree with Sean that NANOG is not the place to lobby, I would also state that the coordination of a BGP blockade against RIAA's harmful policies is an internet traffic management issue requiring coordination among providers to solve.
Owen
Sean Donelan wrote:
On Wed, 21 Aug 2002, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
The RIAA's annual budget is roughly $18 million. That pays for lawyers and other stuff which goes into writing "polite" letters. To raise that much money Merit would need to charge about $12,000 per person per NANOG meeting. People complain the current $300 registration fee is too much.
NANOG is not a lobbying organization. There are other several organizations (and mailing lists) you may want to consider instead, such as the Electronic Frontier Foundation http://www.eff.org/ You can also write your elected representatives for the price of a postage stamp. Some congress critters even accept e-mail now.
At 10:32 PM -0700 8/21/02, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
Just to state the obvious, no one is authorized to represent NANOG in this fashion, not even folks here at Merit. NANOG isn't a decision making organization. NANOG isn't something that can take actions (other than holding a few meetings each year and managing this e-mail list). Individuals and organizations that participate in NANOG can take actions, but not in NANOG's name. I'm no lawyer, but I suspect that lawyers should be consulted before taking individual or coordinated action of the sort being suggested against another organization. Of course IPSs do take action against individuals or organizations all of the time, but they need to do that based on policies and procedures that take into account their obligations to their customers as well as their obligations under the law. As an end user I really don't want my ISP to make decisions about who is allowed to communicate with me or who I am allowed to communicate with except when those decisions are based on policies designed to protect me or others from serious problems (DDOS attacks and the like), even then I want those policies to be written and available so I can review them, and I want them to be applied fairly. As an ISP I really don't want my upstream ISPs to make decisions about who is allowed to communicate with my network or who my network is allowed to communicate with except under the conditions outlined in my agreements with those ISPs. This is important to me if I am in turn going to be able to meet my obligations to my own end users. So, I really don't want the RIAA to tell me or my upstreams who I can't communicate with, but neither do I want my upstreams to tell me that I can't communicate with the RIAA or the labels if I (or really my customers) want to do so. -Jeff Ogden Merit Network At 10:32 PM -0700 8/21/02, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of J.A. Terranson Sent: Wednesday, August 21, 2002 7:01 PM To: Nigel Clarke Cc: Richard A Steenbergen; Jerry Eyers; nanog@merit.edu Subject: RE: Eat this RIAA (or, the war has begun?) - Why not all ISPs?
On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either.
The blocking of any an all directly RIAA sites, feeds, etc, would produce an economic reaction. Cut off their sales websites, their basic connectivity (how much money do you think it would cost them to go back to snail mail today?), their [few] subscription sites.
Let the money do the work.
Yours,
J.A. Terranson sysadmin@mfn.org
* SPEAKING STRICTLY IN A PERSONAL CAPACITY * at this time anyway. We'll see if we can't change that. Tomorrow. Goddamn right!
Jeff, In a nutshell you're saying do nothing. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Jeff Ogden Sent: Thursday, August 22, 2002 7:42 AM To: nanog@merit.edu Subject: RE: Eat this RIAA (or, the war has begun?) - Why not all ISPs? At 10:32 PM -0700 8/21/02, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
Just to state the obvious, no one is authorized to represent NANOG in this fashion, not even folks here at Merit. NANOG isn't a decision making organization. NANOG isn't something that can take actions (other than holding a few meetings each year and managing this e-mail list). Individuals and organizations that participate in NANOG can take actions, but not in NANOG's name. I'm no lawyer, but I suspect that lawyers should be consulted before taking individual or coordinated action of the sort being suggested against another organization. Of course IPSs do take action against individuals or organizations all of the time, but they need to do that based on policies and procedures that take into account their obligations to their customers as well as their obligations under the law. As an end user I really don't want my ISP to make decisions about who is allowed to communicate with me or who I am allowed to communicate with except when those decisions are based on policies designed to protect me or others from serious problems (DDOS attacks and the like), even then I want those policies to be written and available so I can review them, and I want them to be applied fairly. As an ISP I really don't want my upstream ISPs to make decisions about who is allowed to communicate with my network or who my network is allowed to communicate with except under the conditions outlined in my agreements with those ISPs. This is important to me if I am in turn going to be able to meet my obligations to my own end users. So, I really don't want the RIAA to tell me or my upstreams who I can't communicate with, but neither do I want my upstreams to tell me that I can't communicate with the RIAA or the labels if I (or really my customers) want to do so. -Jeff Ogden Merit Network At 10:32 PM -0700 8/21/02, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of J.A. Terranson Sent: Wednesday, August 21, 2002 7:01 PM To: Nigel Clarke Cc: Richard A Steenbergen; Jerry Eyers; nanog@merit.edu Subject: RE: Eat this RIAA (or, the war has begun?) - Why not all ISPs?
On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either.
The blocking of any an all directly RIAA sites, feeds, etc, would produce an economic reaction. Cut off their sales websites, their basic connectivity (how much money do you think it would cost them to go back to snail mail today?), their [few] subscription sites.
Let the money do the work.
Yours,
J.A. Terranson sysadmin@mfn.org
* SPEAKING STRICTLY IN A PERSONAL CAPACITY * at this time anyway. We'll see if we can't change that. Tomorrow. Goddamn right!
On Thu, 22 Aug 2002 11:01:54 PDT, Nigel Clarke <nigel@forever-networks.com> said:
In a nutshell you're saying do nothing.
No, he's saying that *NANOG COLLECTIVELY* do nothing. On the other hand, if you're seeing attempted DDOS activity on YOUR network, you're allowed to blackhole them without bothering to check if it's an RIAA sponsored DDOS or if it's just another script kiddie.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
I understand that. This is probably the safest route to take. Nigel -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Thursday, August 22, 2002 8:20 AM To: nigel@forever-networks.com Cc: Jeff Ogden; nanog@merit.edu Subject: Re: Eat this RIAA (or, the war has begun?) - Why not all ISPs? On Thu, 22 Aug 2002 11:01:54 PDT, Nigel Clarke <nigel@forever-networks.com> said:
In a nutshell you're saying do nothing.
No, he's saying that *NANOG COLLECTIVELY* do nothing. On the other hand, if you're seeing attempted DDOS activity on YOUR network, you're allowed to blackhole them without bothering to check if it's an RIAA sponsored DDOS or if it's just another script kiddie.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
On Thu, 22 Aug 2002, Nigel Clarke wrote:
Jeff,
In a nutshell you're saying do nothing.
I think doing nothing is the best course of action. I mean, the bill isn't going to get passed. I think that has been evident for some time now. In fact, I'm annoyed by all the people running around thinking the sky is falling. Chill out. The RIAA is not going to come hacking your customers. If they do, let's talk about it then. And enough about implementing some new form of SMTP...I'll believe that has a chance when I see IPv6 replace IPv4. Lot's of brilliant people have come up with interesting ideas on how to "fix" SMTP, but they all seem to give up at the "how do I get the world to implement this" stage. Face it, this is a legacy industry. The bigger the net gets, the more impossible it is to "fix". Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
At 11:01 AM -0700 8/22/02, Nigel Clarke wrote:
Jeff,
In a nutshell you're saying do nothing.
Not necessarily ... Each network operator will need to make their own decisions. There are various associations that lobby on behalf of ISPs, telecommunications companies, educational institutions, and others and those groups might choose to work with Congress to see if we can get reasonable laws passed, keep unreasonable laws from being passed, or get existing unreasonable laws revised. In fact I assume that they are already doing that. They might also work with the courts (would need to join someone else's court case probably) to see if we can get reasonable interpretations of the laws. Some of us who don't belong to such organizations now might consider joining. Individuals and individual organizations can work with Congress as well. Some organizations may think this is a good time to update their policies and procedures so that they explicitly address new circumstances that we are now confronted with and provide a firm legal basis for taking actions, when appropriate, that don't conflict with obligations to end users or others. The DMCA pretty much requires this, although the DMCA doesn't say exactly what one is required to do other than have and implement "reasonable" policies. Having explicit policies can sometimes allow you to refuse to do something as well as require you to do something. We can all talk to the press and others to raise awareness of these issues. We might have a session at a NANOG meeting to talk more about these issues. We could invite the RIAA, folks from Congress, folks from China, and Janis Ian (Do we think the RIAA is as brave as the FBI and might actually stand up in front of a NANOG meeting? Would be fun to find out.). To the extent that the issues are international in scope we can talk to our international colleagues about them or encourage discussions by the NANOG-like groups in other parts of the world. We might want to work through IETF or elsewhere to develop protocols to distribute lists of IP addresses, ranges of IP addresses, lists of ASs, that should be blocked in some fashion so if we are required to do these sort of things that they can be applied by everyone more or less equally and that the overhead of doing them and keeping track of them is shared among many providers and doesn't just land on the providers that happen to be targeted by someone. We might consider establishing a clearing house that helps us all deal with these matters. Or we might not want to do any of these things since it might make it easier for someone to ask us to do it. We might work at IETF or elsewhere to write a best practices RFC or similar document that talks about how ISPs should address these issues. We might write another best practices RFC that helps non-ISPs understand what actions they can and should take when they encounter these sorts of problems (on-going online theft of copyrighted materials or other intellectual property). Most of all I think we need to avoid general vigilante or retaliatory action against the RIAA or others that might be illegal. I think we might be justified in taking specific actions to prevent attacks on or harm to our customers, ourselves, or our peers. I think it will be easier to defend those specific actions if they are based on thoughtfully developed policies. I think it will be much harder to justify taking those specific actions if the RIAA or others talk Congress into passing laws that explicitly allow them to attack others under some circumstances. I think the main action here is likely to be before Congress and in the courts for sometime to come. If we care about this, we need to engage in those arenas. Sorry this got so long and sounds a bit like something you might expect to hear in a high school civics class. -Jeff Ogden Merit Network
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Jeff Ogden Sent: Thursday, August 22, 2002 7:42 AM To: nanog@merit.edu Subject: RE: Eat this RIAA (or, the war has begun?) - Why not all ISPs?
At 10:32 PM -0700 8/21/02, Nigel Clarke wrote:
However, this type of action might not be necessary at all.
Some of the users on this list think RIAA's recent actions are nothing more than empty threats. Why doesn't NANOG make a few of its own?
A "polite" letter from a NANOG representative should do the trick.
Just to state the obvious, no one is authorized to represent NANOG in this fashion, not even folks here at Merit. NANOG isn't a decision making organization. NANOG isn't something that can take actions (other than holding a few meetings each year and managing this e-mail list).
Individuals and organizations that participate in NANOG can take actions, but not in NANOG's name. I'm no lawyer, but I suspect that lawyers should be consulted before taking individual or coordinated action of the sort being suggested against another organization.
Of course IPSs do take action against individuals or organizations all of the time, but they need to do that based on policies and procedures that take into account their obligations to their customers as well as their obligations under the law.
As an end user I really don't want my ISP to make decisions about who is allowed to communicate with me or who I am allowed to communicate with except when those decisions are based on policies designed to protect me or others from serious problems (DDOS attacks and the like), even then I want those policies to be written and available so I can review them, and I want them to be applied fairly.
As an ISP I really don't want my upstream ISPs to make decisions about who is allowed to communicate with my network or who my network is allowed to communicate with except under the conditions outlined in my agreements with those ISPs. This is important to me if I am in turn going to be able to meet my obligations to my own end users.
So, I really don't want the RIAA to tell me or my upstreams who I can't communicate with, but neither do I want my upstreams to tell me that I can't communicate with the RIAA or the labels if I (or really my customers) want to do so.
-Jeff Ogden Merit Network
On Wed, 21 Aug 2002, Nigel Clarke wrote:
Start now, do whatever it takes.
Amongst the paperwork passed to congress, RIAA must have indicated where it's hackers would work from. Why not start there?
What they plan to do sounds incredibly illegal. Now if we could arrange for their top management to spend the next few years fighting criminal charges, that might keep them out of everybody's hair :-) Miles ************************************************************************** The Center for Civic Networking PO Box 600618 Miles R. Fidelman, President & Newtonville, MA 02460-0006 Director, Municipal Telecommunications Strategies Program 617-558-3698 fax: 617-630-8946 mfidelman@civicnet.org http://civic.net/ccn.html Information Infrastructure: Public Spaces for the 21st Century Let's Start With: Internet Wall-Plugs Everywhere Say It Often, Say It Loud: "I Want My Internet!" **************************************************************************
On Wed, 21 Aug 2002, Miles Fidelman wrote:
On Wed, 21 Aug 2002, Nigel Clarke wrote:
Start now, do whatever it takes. Amongst the paperwork passed to congress, RIAA must have indicated where it's hackers would work from. Why not start there? What they plan to do sounds incredibly illegal. Now if we could arrange for their top management to spend the next few years fighting criminal charges, that might keep them out of everybody's hair :-)
Theres always the possible angle of a few hundred pissed off consumers all filing individual lawsuits against the top RIAA management as individuals, going after each one of them as a person and not as a corporate entity. Then there is also the angle of blacklisting providers who provide RIAA access to the net, blacklist them like spammers or any other net abusers. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
As much as I like the idea of blacklisting the RIAA (and think it's probably a good thing to do on principle), I don't believe that it will actually help. The RIAA, itself, doesn't use the net for revenew, or, really, much of anything. What few uses they do have could easily be served through disposable dialup accounts. It is the RIAA member companies, such as Sony (one of the biggest offenders), Arista, Geffen, etc. which are getting their revenue through the net. Unfortunately, no provider can defend turning off Sony as a rational business decision. Your customers wouldn't tolerate it or stand behind you on it. (If anyone wants to prove me wrong, I would very much enjoy being wrong on this). As such, I support a blockade of RIAA addresses on the net. However, if it is done as a group effort (BGP feed, etc.), be very careful and have lawyers review the process to avoid getting charged with collusion, etc. Remember, the RIAA has _LOTS_ of lawyers, and if you cut their net access, they'll also have _LOTS_ of time to chase you. This is probably a good thing, if you're willing to take that risk. I'd much rather see them wasting their time on this than the things they have been doing. On the other hand, if they are allowed to go far enough, eventually, there will be a great backlash against them, and they may lose more ground than we are currently trying to prevent them from gaining. In any case, it will be interesting to watch. Owen
The RIAA, itself, doesn't use the net for revenew, or, really, much of anything. What few uses they do have could easily be served through disposable dialup accounts. It is the RIAA member companies, such as Sony (one of the biggest offenders), Arista, Geffen, etc. which are getting their revenue through the net. Unfortunately, no provider can defend turning off Sony as a rational business decision. Your customers wouldn't tolerate it or stand behind you on it. (If anyone wants to prove me wrong, I would very much enjoy being wrong on this).
Generic question related to this: Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge? Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever? Any armchair lawyers, who play one on TV, have the/an answer? -Rob
I don't know how an ILEC who also provided Internet would be able to respond, but as a CLEC here in the People's Republic of Massachusetts sometimes the only recourse a business has against a consumer is the ability to say "I simply choose not to do business with you".
Generic question related to this:
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
Any armchair lawyers, who play one on TV, have the/an answer?
-Rob
Not sure about US law but usually you can choose whoever you do business with but if a group of independent companies works together to not do business with a particular entity then that does tend to be illegal ... Steve On Thu, 22 Aug 2002, Vincent J. Bono wrote:
I don't know how an ILEC who also provided Internet would be able to respond, but as a CLEC here in the People's Republic of Massachusetts sometimes the only recourse a business has against a consumer is the ability to say "I simply choose not to do business with you".
Generic question related to this:
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
Any armchair lawyers, who play one on TV, have the/an answer?
-Rob
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
IANAL but something similar has come up in conversations with my attorney (this is all US but this is also NANOG): You can pretty much choose not to do business with anyone so long as it's not motivated by race/religion/etc. and you're not operating under some specific regulatory regimen (e.g., tax-exempt, RBOCs) and of course don't explicitly represent otherwise (ads that say "no one will be turned down!" tho even that has its limits.) What you CANNOT do is collude with other businesses to do this, that's called a "business boycott" and violates anti-trust laws. Private individuals can collude on boycotts but, without good and sound reason like "xyz doesn't pay their bills", businesses cannot, particularly not to effect a change in behavior or policy which is otherwise perfectly legal (like, collude to boycott a company until they lower their prices.) Of course if you each come to that same conclusion independently no problem but I think, for example, the openly available discussion on this list might serve as evidence of a possible collusion. Then again if you believed what the RIAA was doing was illegal or harming your business you might be able to defend your decision. IANAL. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
On Thu, 22 Aug 2002, Barry Shein wrote:
Then again if you believed what the RIAA was doing was illegal or harming your business you might be able to defend your decision.
or if the riaa had been convicted of price fixing... -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
On Thu, 2002-08-22 at 13:31, Rob Healey wrote:
The RIAA, itself, doesn't use the net for revenew, or, really, much of anything. What few uses they do have could easily be served through disposable dialup accounts. It is the RIAA member companies, such as Sony (one of the biggest offenders), Arista, Geffen, etc. which are getting their revenue through the net. Unfortunately, no provider can defend turning off Sony as a rational business decision. Your customers wouldn't tolerate it or stand behind you on it. (If anyone wants to prove me wrong, I would very much enjoy being wrong on this).
Generic question related to this:
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
Any armchair lawyers, who play one on TV, have the/an answer?
IANAL, but in my previous life at a different ISP, we used our "we reserve the right to not provide service" clause a couple of times. The customer(s) were costing us more to support them. We refunded their $$, and sent them packing. Game Over. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Rob, Since the recording industry isn't a protected class, we can always choose not to do business with them. However, I would expect that someone will do business witht them, in the end, Money talks. - Daniel Golding
Rob Healey Said....
The RIAA, itself, doesn't use the net for revenew, or, really, much of anything. What few uses they do have could easily be served through disposable dialup accounts. It is the RIAA member companies, such as Sony (one of the biggest offenders), Arista, Geffen, etc. which are getting their revenue through the net. Unfortunately, no provider can defend turning off Sony as a rational business decision. Your customers wouldn't tolerate it or stand behind you on it. (If anyone wants to prove me wrong, I would very much enjoy being wrong on this).
Generic question related to this:
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
Any armchair lawyers, who play one on TV, have the/an answer?
-Rob
On Thu, 22 Aug 2002, Rob Healey wrote:
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
ISPs, if they wanted, could have a policy that states "We refuse to service people of color, alternate sexualities, non-christians, and women. If you fit that, don't apply."
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
Any private business can serve whoever they want.
Any armchair lawyers, who play one on TV, have the/an answer?
I'm not a lawyer, but this is pretty fundemental so you get my input anyway. Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access
Generic question related to this:
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
Any armchair lawyers, who play one on TV, have the/an answer?
-Rob
As far as I know, yes, any company can refuse to do business with any individual or company with very few exceptions. This even applies to monopolists, providing their monopoly is legally acquired and they haven't entered into any contracts to the contrary. The only exceptions I know of involve either true discrimination unrelated to the transaction (such as racial discrimination) or life, health and safety issues. DS
On Thu, 22 Aug 2002, Rob Healey wrote:
Generic question related to this:
Can ISP's arbitrarily refuse to give service to someone who tries to sign up? i.e. if everyone refused to give Sony service could they sue on some sort of discrimination/collusion charge?
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
At my "day job", we routinely refuse service to a large number of people, based on our opinion as to whether the potential revenue stream is worth the expected overheads (labor, bandwidth, etc). It *alway* a *business decision* whether or not sell [a non-protected class] a product. -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
Do ISP/ASP/*SP's HAVE to provide services if someone knocks on the door requesting them or can they refuse for any reason what so ever?
At my "day job", we routinely refuse service to a large number of people, based on our opinion as to whether the potential revenue stream is worth the expected overheads (labor, bandwidth, etc). It *alway* a *business decision* whether or not sell [a non-protected class] a product.
And it is also a business decision to risk being sued for refusing to provide a product to a protected class or someone claiming to be a member of a protected class. Even boards of NYC coops finally got that real-estate laws do not superceed Bill of Rights. Alex
On Thu, 22 Aug 2002 15:53:49 EDT, alex@yuriev.com said:
And it is also a business decision to risk being sued for refusing to provide a product to a protected class or someone claiming to be a member of a protected class. Even boards of NYC coops finally got that real-estate laws do not superceed Bill of Rights.
"power-hungry bottom-feeders" is a protected class? ;)
Owen DeLong <owen@delong.sj.ca.us> wrote:
As much as I like the idea of blacklisting the RIAA (and think it's probably a good thing to do on principle), I don't believe that it will actually help. The RIAA, itself, doesn't use the net for revenew, or, really, much of anything.
Why stop with just the RIAA? If they truly represent their members then null route their subnets too. Just think of the healthy drop in spam you'll get coming from rr.com... Tim
Tim Thorne wrote:
Owen DeLong <owen@delong.sj.ca.us> wrote:
As much as I like the idea of blacklisting the RIAA (and think it's probably a good thing to do on principle), I don't believe that it will actually help. The RIAA, itself, doesn't use the net for revenew, or, really, much of anything.
Why stop with just the RIAA? If they truly represent their members then null route their subnets too. Just think of the healthy drop in spam you'll get coming from rr.com...
Think of the drop in customers you'll get when they can't access Disney, Sony, Paramount or any other media company. -- David
As much as I like the idea of blacklisting the RIAA (and think it's probably a good thing to do on principle), I don't believe that it will actually help. The RIAA, itself, doesn't use the net for revenew, or, really, much of anything.
Why stop with just the RIAA? If they truly represent their members then null route their subnets too. Just think of the healthy drop in spam you'll get coming from rr.com...
Think of the drop in customers you'll get when they can't access Disney, Sony, Paramount or any other media company.
Engage dripping sarcasm mode: Actually, if all those media companys are correct and all the customers are a bunch of P2P content stealers then they won't even NOTICE when Disney, Sony, Paramount and others are unreachable because they are too busy swapping hot media to look at the content provider's sites! Disengage dripping sarcasm mode. -Rob
On Wed, 21 Aug 2002, Nigel Clarke wrote:
Start now, do whatever it takes.
Amongst the paperwork passed to congress, RIAA must have indicated where it's hackers would work from. Why not start there?
NANOG should not sit on this.
Trust me, if RIAA tried to function without email and internet access for a day or two I think they would get the message.
Surprisingly enough, they didn't seem to care too much that their website was offline fora few days. You never can tell though.
<Nigel>
-----Original Message----- From: Richard A Steenbergen [mailto:ras@e-gerbil.net] Sent: Wednesday, August 21, 2002 6:30 PM To: Nigel Clarke Cc: Jerry Eyers; nanog@merit.edu Subject: Re: Eat this RIAA (or, the war has begun?) - Why not all ISPs?
On Wed, Aug 21, 2002 at 09:08:03PM -0700, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
And what IPs precisely are you planning to deny? So far its all idle threats, we have no idea where they plan to launch their scans or hacking attempts from, or even if they have any clue how to hack anything. I highly doubt they'll be attaching riaa.com to it either.
I suppose if you want symbolism, you can host -l riaa.com and wack their wcom webserver and other stuff at att, but I'd harly call that productive.
-- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Christopher L. Morrow wrote:
Surprisingly enough, they didn't seem to care too much that their website was offline fora few days. You never can tell though.
And that's exactly the point. I hate to continue this OT thread but../ The RIAA is a decoy. Their sole purpose is to fight for the labels and take the bullets. The RIAA has a budget in the tens of millions of dollars and when they need more they will get it. Blackholing the RIAA and hating them is pointless, that is what they are there for. Blackholing them accomplishes nothing. If you want to cause change you need to go after the labels. The labels are the member organizations which fund the RIAA. It's the labels who need to be stopped, the RIAA is just their puppet and shield. -davidu
On Wed, 21 Aug 2002, David U. wrote:
Christopher L. Morrow wrote:
Surprisingly enough, they didn't seem to care too much that their website was offline fora few days. You never can tell though.
And that's exactly the point. I hate to continue this OT thread but../
The RIAA is a decoy. Their sole purpose is to fight for the labels and take the bullets. The RIAA has a budget in the tens of millions of dollars and when they need more they will get it.
Blackholing the RIAA and hating them is pointless, that is what they are there for. Blackholing them accomplishes nothing. If you want to cause change you need to go after the labels. The labels are the member organizations which fund the RIAA. It's the labels who need to be stopped, the RIAA is just their puppet and shield.
Agreed, however, I assume[d], possibly incorrectly having now read your post, that when we are discussing "RIAA", we are in fact refering to RIAA "proper" as well as all the component members. The recording industry is a *business*, just like the networking industry: if a given course of action leads to suboptimal financial results, the actions will change (eventually ;-). We need to doit, and doit now, to each and every member of RIAA - no connectivity, no Internet advertising, no Internet revenue stream. Doit till they scream Uncle. J.A. Terranson sysadmin@mfn.org
Is someone mainitaining a server I can get an eBGP feed from that will blackhole all RIAA IPs? If not, how do you propose to block the RIAA? Ralph Doncaster principal, IStop.com On Wed, 21 Aug 2002, Nigel Clarke wrote:
Why don't larger ISPs follow through on this? Simply deny RIAA any access...
http://www.informationwave.net/news/20020819riaa.php
Too bad it's just a small ISP.
- Joost
_______________________________________________ music-bar mailing list music-bar@ampfea.org http://www.ampfea.org/mailman/listinfo/music-bar
participants (29)
-
alex@yuriev.com
-
Alif The Terrible
-
Andy Dills
-
Avleen Vig
-
Barry Shein
-
Christopher L. Morrow
-
Dan Hollis
-
Daniel Golding
-
David Charlap
-
David Schwartz
-
David U.
-
J.A. Terranson
-
Jeff Ogden
-
Jerry Eyers
-
Larry Rosenman
-
Marshall Eubanks
-
Miles Fidelman
-
Nigel Clarke
-
Owen DeLong
-
Rafi Sadowsky
-
Ralph Doncaster
-
Richard A Steenbergen
-
Rob Healey
-
Robert A. Hayden
-
Sean Donelan
-
Stephen J. Wilcox
-
tim.thorne@btinternet.com
-
Valdis.Kletnieks@vt.edu
-
Vincent J. Bono