Lawsuits for falsyfying DNS responses ?
As many may know, the province of Québec has passed a law to protect the interests of its lottery corporation. To do so, it will provide ISPs with list of web sites to block (aka: only allow its own gambing web site). There is an opportunity to comment this week in which I will submit. (I've gathered many arguments over the past little while already). But have a specific question today: Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ? For instance, user asks for www.google.com and ISP's DNS responds with an IP that points to a bing server? If the risk of a lawsuit is real, then it brings new dimension to arguments already made agains that (stupiod) Québec law. (And it also creates interesting issues for DNS servers from companies such as Google which may have a anycast server located in Québec but are not considered an ISP and won't receive those documenst from the gov with list of websites to block.
On Mon, Sep 12, 2016 at 1:41 PM, Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
To do so, it will provide ISPs with list of web sites to block
Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ?
Hi, You're talking about two different things here: blocking a DNS domain and redirecting a domain. While both are technologically ineffective countermeasures against undesired content, I would expect the legal implications to be different. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
On Mon, Sep 12, 2016 at 04:08:08PM -0400, William Herrin wrote:
On Mon, Sep 12, 2016 at 1:41 PM, Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
To do so, it will provide ISPs with list of web sites to block
Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ?
Hi,
You're talking about two different things here: blocking a DNS domain and redirecting a domain.
Blocking for that purpose usually means redirecting in practive. You'll redirect to a page that explains why the original site is not available. András
On Tue, Sep 13, 2016 at 07:12:59AM +0200, JÁKÓ András <jako.andras@eik.bme.hu> wrote a message of 18 lines which said:
Blocking for that purpose usually means redirecting in practive. You'll redirect to a page that explains why the original site is not available.
It has practical consequences for the user: in France, DNS lies in ISP's resolvers for "terrorist" sites redirect you to a Web site of the police, which will get your source IP address and the site you wanted (thanks to the Host: HTTP field). Clear blocking (DNS lie returning localhost or NXDOMAIN) is a bit better for privacy. (But less transparent about the censorship.)
On Mon, Sep 12, 2016 at 01:41:16PM -0400, Jean-Francois Mezei wrote:
Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ?
This happened with Paxfire (and the ISPs that used them) in 2011. https://www.eff.org/deeplinks/2011/07/widespread-search-hijacking-in-the-us http://www.courthousenews.com/2011/08/08/38796.htm Marcus
I believe that the CRTC has rules against censorship - meaning that Videotron, Bell etcetera have a choice between following the CRTC code or the provincial law (following one = sanctions from the other), rendering internet service provision to Québec impossible without being a dialup provider from out-of-province. The law may even be actually contrary to federal law. On September 12, 2016 10:41:16 AM PDT, Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
As many may know, the province of Québec has passed a law to protect the interests of its lottery corporation.
To do so, it will provide ISPs with list of web sites to block (aka: only allow its own gambing web site).
There is an opportunity to comment this week in which I will submit.
(I've gathered many arguments over the past little while already). But have a specific question today:
Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ?
For instance, user asks for www.google.com and ISP's DNS responds with an IP that points to a bing server?
If the risk of a lawsuit is real, then it brings new dimension to arguments already made agains that (stupiod) Québec law.
(And it also creates interesting issues for DNS servers from companies such as Google which may have a anycast server located in Québec but are not considered an ISP and won't receive those documenst from the gov with list of websites to block.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 2016-09-13 03:42, LHC wrote:
I believe that the CRTC has rules against censorship - meaning that Videotron, Bell etcetera have a choice between following the CRTC code or the provincial law (following one = sanctions from the other), rendering internet service provision to Québec impossible without being a dialup provider from out-of-province.
Canada's Telecom Act (*) dates from 1993, which predates the Internet being a primary transporter that drives the economy. The clause being looked at by the CRTC is 36: Content of Messages 36 Except where the Commission approves otherwise, a Canadian carrier shall not control the content or influence the meaning or purpose of telecommunications carried by it for the public. There is not explicit clause about a carrier not modyfying content or blocking access, so one has to frame an issue to fit existing clauses. (For instance, network neutrality is driven mostly by 27(2) (2) No Canadian carrier shall, in relation to the provision of a telecommunications service or the charging of a rate for it, unjustly discriminate or give an undue or unreasonable preference toward any person, including itself, or subject any person to an undue or unreasonable disadvantage. The CRTC asked for supporting evidence to allow it to reach a conclusion that the Québec plan would force ISPs to breach the federal telecommunication law. Because so far, only lawyers have been involved, they have not understood the implications of forcing ISPs to give false DNS answers which goes beyond just blocking packets. (For instance, most ISPs will block packets destined to an external port 25 to reduce spam being emitted by infected customers, but they allow any/all email to be sent via their own servers. There is an element of controlling content but was never challenged. Because Section 36 allows the CRTC to approcve some control of content, it is important to show that the type of control being requested by the QC government show never be allowed because it is far worse than just blocking port 25. (*) http://laws-lois.justice.gc.ca/eng/acts/T-3.4/FullText.html
On Sep 14, 2016, at 12:14 AM, Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
On 2016-09-13 03:42, LHC wrote:
I believe that the CRTC has rules against censorship - meaning that Videotron, Bell etcetera have a choice between following the CRTC code or the provincial law (following one = sanctions from the other), rendering internet service provision to Québec impossible without being a dialup provider from out-of-province.
Canada's Telecom Act (*) dates from 1993, which predates the Internet being a primary transporter that drives the economy.
The clause being looked at by the CRTC is 36:
Content of Messages
36 Except where the Commission approves otherwise, a Canadian carrier shall not control the content or influence the meaning or purpose of telecommunications carried by it for the public.
There is not explicit clause about a carrier not modyfying content or blocking access, so one has to frame an issue to fit existing clauses.
Please explain to me how one modifies a request or response without managing to “control the content” or “influence the meaning or purpose”? Blocking a request or simply failing to answer MIGHT be within the law, but returning a false record certainly seems to me that it would run afoul of the law cited. Owen
On 2016-09-15 16:03, Owen DeLong wrote:
Please explain to me how one modifies a request or response without managing to “control the content” or “influence the meaning or purpose”?
Blocking a request or simply failing to answer MIGHT be within the law, but returning a false record certainly seems to me that it would run afoul of the law cited.
Blocking would also be a form of control. Because Section 36 has a "unless authorized by CRTC" escape clause, one has to show to the CRTC that granting permission would be bad. Since court proceedings have already begun, it is likely the CRTC will be involved in court, at which point, the more evidence they have, the more chances they have of arguing against the QC loterry censorship.
Well "may" is not "must". “260.34. An Internet service provider may not give access to an online gambling site whose operation is not authorized under Québec law. ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 09/12/16 13:41, Jean-Francois Mezei wrote:
As many may know, the province of Québec has passed a law to protect the interests of its lottery corporation.
To do so, it will provide ISPs with list of web sites to block (aka: only allow its own gambing web site).
There is an opportunity to comment this week in which I will submit.
(I've gathered many arguments over the past little while already). But have a specific question today:
Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ?
For instance, user asks for www.google.com and ISP's DNS responds with an IP that points to a bing server?
If the risk of a lawsuit is real, then it brings new dimension to arguments already made agains that (stupiod) Québec law.
(And it also creates interesting issues for DNS servers from companies such as Google which may have a anycast server located in Québec but are not considered an ISP and won't receive those documenst from the gov with list of websites to block.
On Tue, 13 Sep 2016 08:29:25 -0400, Alain Hebert said:
Well "may" is not "must".
â260.34. An Internet service provider may not give access to an online gambling site whose operation is not authorized under Québec law.
Note that most legal jurisdictions don't include RFC2119 as part of their legal language.
When worded this way in a legal context, I’m pretty sure it is equivalent. That is “may not” means “is not allowed to”. Owen
On Sep 13, 2016, at 8:29 AM, Alain Hebert <ahebert@pubnix.net> wrote:
Well "may" is not "must".
“260.34. An Internet service provider may not give access to an online gambling site whose operation is not authorized under Québec law.
----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 09/12/16 13:41, Jean-Francois Mezei wrote:
As many may know, the province of Québec has passed a law to protect the interests of its lottery corporation.
To do so, it will provide ISPs with list of web sites to block (aka: only allow its own gambing web site).
There is an opportunity to comment this week in which I will submit.
(I've gathered many arguments over the past little while already). But have a specific question today:
Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ?
For instance, user asks for www.google.com and ISP's DNS responds with an IP that points to a bing server?
If the risk of a lawsuit is real, then it brings new dimension to arguments already made agains that (stupiod) Québec law.
(And it also creates interesting issues for DNS servers from companies such as Google which may have a anycast server located in Québec but are not considered an ISP and won't receive those documenst from the gov with list of websites to block.
Jean-Francois, Canada's Anti-Spam Legislation has specific sections that makes altering of data illegal under the Act. In my non-lawyer opinion, sections 10 (5) (b) and (e) would be violated by hijacking someone preference to go to Website A and replace it with Website B without their express consent to do so. Source: http://laws-lois.justice.gc.ca/PDF/E-1.6.pdf *Section 10 - 5 * Description of functions (5) A function referred to in subsection (4) is any of the following functions that the person who seeks express consent knows and intends will cause the computer system to operate in a manner that is contrary to the reasonable expectations of the owner or an authorized user of the computer system: (a) collecting personal information stored on the computer system; *(b) interfering with the owner’s or an authorized user’s control of the computer system; * (c) changing or interfering with settings, preferences or commands already installed or stored on the computer system without the knowledge of the owner or an authorized user of the computer system; (d) changing or interfering with data that is stored on the computer system in a manner that obstructs, interrupts or interferes with lawful access to or use of that data by the owner or an authorized user of the computer system; *(e) causing the computer system to communicate with another computer system, or other device, without the authorization of the owner or an authorized user of the computer system; * (f) installing a computer program that may be activated by a third party without the knowledge of the owner or an authorized user of the computer system; and (g) performing any other function specified in the regulations. It might be interesting to bring this to their attention, or the attention of your own lawyers for comment. Cheers, ~ Matt On 12/09/2016 1:41 PM, Jean-Francois Mezei wrote:
As many may know, the province of Québec has passed a law to protect the interests of its lottery corporation.
To do so, it will provide ISPs with list of web sites to block (aka: only allow its own gambing web site).
There is an opportunity to comment this week in which I will submit.
(I've gathered many arguments over the past little while already). But have a specific question today:
Are there examples of an ISP getting sued because it redirected traffic that should have gone to original site ?
For instance, user asks for www.google.com and ISP's DNS responds with an IP that points to a bing server?
If the risk of a lawsuit is real, then it brings new dimension to arguments already made agains that (stupiod) Québec law.
(And it also creates interesting issues for DNS servers from companies such as Google which may have a anycast server located in Québec but are not considered an ISP and won't receive those documenst from the gov with list of websites to block.
In article <c4dc7a7d-8295-e25c-5c76-7e17f682bf5b@gmail.com> you write:
Canada's Anti-Spam Legislation has specific sections that makes altering of data illegal under the Act.
In my non-lawyer opinion, sections 10 (5) (b) and (e) would be violated by hijacking someone preference to go to Website A and replace it with Website B without their express consent to do so.
That section only applies to 10(4) which is about getting permission to install downloaded software.
Description of functions
(5) A function referred to in subsection (4) is any of the following functions ...
I don't think the Quebec law is a good idea, or is likely to be effective, but I also don't think it has preemption issues. R's, John
participants (11)
-
Alain Hebert
-
Jean-Francois Mezei
-
John Levine
-
JÁKÓ András
-
LHC
-
Marcus Reid
-
Matthew Vernhout
-
Owen DeLong
-
Stephane Bortzmeyer
-
Valdis.Kletnieks@vt.edu
-
William Herrin