Re: Reporting Little Blue Men
From: Dean Anderson <dean@av8.com>
But when you take the step from advocacy to actions you are violating the law in almost every case. You can advocate anything, but you can't go tearing down buildings, or in this case, intercepting communications.
Filtering packets is not interception, it is disregard. If I ignore your packets and do not pass them to the next machine in the link, I am not intercepting your communications, I am ignoring them. Unless you are paying me to do so, I have no obligation to carry your packets. If my server checks message headers to determine validity before transferring to a spool file, I am not intercepting, I am determining message routing. As above, if you aren't paying me, I have no obligation to deliver something you handed me for delivery. Or are you suggesting mail servers should deliver mail without determining who it is for? If I review the content of your message, and then make decisions about who gets to read it (as opposed to discarding it), then I am intercepting, and reprehensible. I cannot block mail espousing causes I disagree with, but I have no obligation to deliver them either. Find yourself another path to my client; I won't do anything to permit or prevent it. I am not blocking you. I am also not assisting you. That is neither illegal nor immoral. SPAM yourself silly. dennis
At 03:54 PM 1/21/98 -0500, Dennis Simpson wrote:
From: Dean Anderson <dean@av8.com>
But when you take the step from advocacy to actions you are violating the law in almost every case. You can advocate anything, but you can't go tearing down buildings, or in this case, intercepting communications.
I cannot block mail espousing causes I disagree with, but I have no obligation to deliver them either. Find yourself another path to my client; I won't do anything to permit or prevent it. I am not blocking you. I am also not assisting you. That is neither illegal nor immoral.
I agree with almost everything you said, but there is one point I question. It is my understanding that I have an absolute right to block mail espousing causes I disagree with on my private property (e.g. my mail server). I am not the government, you have no "First Amendment" rights with me. Of course, IANAL, so I could be wrong. Unfortunately, I also agree that reading the CONTENT of users' e-mail is immoral and reprehensible, so I don't know how I would block "causes" I despise. And whether it is illegal or not, it is probably actionable in civil court, so it's not a good idea no matter what. (Seems you can sue anyone for anything in the US.)
SPAM yourself silly.
That's cute. Can I use it? ;)
dennis
TTFN, patrick ************************************************************** Patrick W. Gilmore voice: +1-650-482-2840 Director of Operations fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net "The People You Know. The People You Trust." **************************************************************
On Wed, 21 Jan 1998, Patrick W. Gilmore wrote:
I agree with almost everything you said, but there is one point I question. It is my understanding that I have an absolute right to block mail espousing causes I disagree with on my private property (e.g. my mail server). I am not the government, you have no "First Amendment" rights with me. Of course, IANAL, so I could be wrong.
Read the Electronic Communications and Privacy Act also known as the ECPA before messing around with email. You do have some obligations to your customers by running a mail server and it is important that your NOC staff is aware of what they can and cannot do. The ECPA is posted in several places on the web and is not that long so it is worth reading it yourself. -- Michael Dillon - Internet & ISP Consulting http://www.memra.com - E-mail: michael@memra.com
At 06:59 PM 1/21/98 -0800, Michael Dillon wrote:
On Wed, 21 Jan 1998, Patrick W. Gilmore wrote:
I agree with almost everything you said, but there is one point I question. It is my understanding that I have an absolute right to block mail espousing causes I disagree with on my private property (e.g. my mail server). I am not the government, you have no "First Amendment" rights with me. Of course, IANAL, so I could be wrong.
Read the Electronic Communications and Privacy Act also known as the ECPA before messing around with email. You do have some obligations to your customers by running a mail server and it is important that your NOC staff is aware of what they can and cannot do. The ECPA is posted in several places on the web and is not that long so it is worth reading it yourself.
I thank you for the warning, but we do not run mail for our clients, just ourselves. And I feel perfectly free to filter whatever I want to myself and my employees. ;) And, whatever the ECPA states, I would still feel perfectly safe filtering sites that I thought were sending stuff I did not want to receive on my mail server - as long as I let my users know about it first. In addition almost every ISP I've ever seen has an "Acceptable Use Policy" which obligates their users to refrain from using the mail server as a launching point for such mass mailings. I guess what it comes down to is that people seem to think that the Constitution, or the First Amendment, or breathing the air, or SOMETHING gives them the right to send anything they want to my mailbox. I do not know why they feel this way. They are perfectly free to say whatever they like IN PUBLIC, but not on my servers, in my network, on my time, my bandwidth, and my mailbox. You can't call my phone over and over, you can't yell at me in my house, why is my server and mailbox any different? Of course, the worst part about it is that these same people usually have the audacity to filter responses to their SPAM. And these are personalize, directed e-mails to a person who has initiated contact, not anonymous (usually spoofed) mass mailings to people who had less than no interest in receiving the information. I wonder how they rationalize that bit of hypocrisy? Or do they even try?
Michael Dillon - Internet & ISP Consulting
TTFN, patrick P.S. I would like to reiterate that IANAL nor do I run a public mail server. And as with any major business decision, I would consult my corporate counsel before enacting policy. Just to be safe. ;) ************************************************************** Patrick W. Gilmore voice: +1-650-482-2840 Director of Operations fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net "The People You Know. The People You Trust." **************************************************************
Dennis Simpson writes...
From: Dean Anderson <dean@av8.com>
But when you take the step from advocacy to actions you are violating the law in almost every case. You can advocate anything, but you can't go tearing down buildings, or in this case, intercepting communications.
Filtering packets is not interception, it is disregard. If I ignore your packets and do not pass them to the next machine in the link, I am not intercepting your communications, I am ignoring them. Unless you are paying me to do so, I have no obligation to carry your packets.
I agree fully. Interception only takes place by a party whose role is not the carrying of the communication. The phone company is not doing an interception of your Chicago to New York phone call if they happen to route it via Dallas and Atlanta just because there are available lines there.
If my server checks message headers to determine validity before transferring to a spool file, I am not intercepting, I am determining message routing. As above, if you aren't paying me, I have no obligation to deliver something you handed me for delivery. Or are you suggesting mail servers should deliver mail without determining who it is for?
The only possible remaining obligation is with the receiver who is paying. If they actually _want_ spam, then the obligation to deliver is not met if spam is blocked. OTOH I know of no one (besides spammers) who actually want spam (and most spammers themselves don't want any from anyone else). -- Phil Howard | die3spam@no0where.edu w2x4y3z2@dumbads9.com stop0it3@no2where.com phil | w0x5y9z1@anyplace.edu stop4078@s8p6a5m7.com a4b3c9d3@no87ads9.net at | blow0me5@lame6ads.org end4it59@dumb6ads.edu no37ads5@no3where.edu milepost | suck7it0@anyplace.net eat77me9@spam8mer.org eat06me1@no0where.net dot | a8b9c5d3@no4where.edu no69ads7@anywhere.com stop7541@dumb6ads.com com | no9way51@noplace5.com die0spam@no9where.org w8x3y6z6@no6place.edu
At 3:54 PM -0500 1/21/98, Dennis Simpson wrote:
From: Dean Anderson <dean@av8.com>
But when you take the step from advocacy to actions you are violating the law in almost every case. You can advocate anything, but you can't go tearing down buildings, or in this case, intercepting communications.
Filtering packets is not interception, it is disregard. If I ignore your packets and do not pass them to the next machine in the link, I am not intercepting your communications, I am ignoring them. Unless you are paying me to do so, I have no obligation to carry your packets.
If I am paying you to carry packets, you have an obligation to carry them. Blocking some of them is illegal. (ala AGIS). Every packet that goes through your network is paid for by one of your customers, one of their customers, and so on.
If my server checks message headers to determine validity before transferring to a spool file, I am not intercepting, I am determining message routing. As above, if you aren't paying me, I have no obligation to deliver something you handed me for delivery. Or are you suggesting mail servers should deliver mail without determining who it is for?
Nope. Thats service observing. Illegal.
If I review the content of your message, and then make decisions about who gets to read it (as opposed to discarding it), then I am intercepting, and reprehensible.
And crimminal.
I cannot block mail espousing causes I disagree with, but I have no obligation to deliver them either. Find yourself another path to my client; I won't do anything to permit or prevent it. I am not blocking you. I am also not assisting you. That is neither illegal nor immoral.
You are obligated to carry the packets you are paid to carry. You may not look at their contents other than for incidental reasons, such as routing and delivery. (and correct routing and delivery.) But don't take my word for it. Look at Cheswick and Bellovin on page 205. They say the same thing. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
At 04:41 PM 1/21/98 -0500, Dean Anderson wrote: [SNIP - Unsupported ramblings my cohorts have told me to filter instead of read]
But don't take my word for it. Look at Cheswick and Bellovin on page 205. They say the same thing.
Yes, the seminal work in legal circles on the subject. ;)
--Dean
TTFN, patrick ************************************************************** Patrick W. Gilmore voice: +1-650-482-2840 Director of Operations fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net "The People You Know. The People You Trust." **************************************************************
Dean Anderson writes:
You are obligated to carry the packets you are paid to carry. You may not look at their contents other than for incidental reasons, such as routing and delivery. (and correct routing and delivery.)
But don't take my word for it. Look at Cheswick and Bellovin on page 205. They say the same thing.
From page 205:
"It is quite permissible to look at stored files if such a look is necessary to provide the desired service." So if you tell your customers that you are selling them a service that includes SPAM filtering of some sort it would be ok. "...system administrators are permitted to protect their own property." So if spam traffic is causing operational problems (disk space cycles, staff time), it would seem to be ok. "Examination of fraudulent messages is quite permissible, if the intent of the message is to defraud the service provider." Forged SMTP headers come to mind. Unauthorized 3rd party SMTP relay comes to mind. It looks to me as if you stopped reading about one fourth of the way down the page.
Dean Anderson writes...
If I am paying you to carry packets, you have an obligation to carry them. Blocking some of them is illegal. (ala AGIS). Every packet that goes through your network is paid for by one of your customers, one of their customers, and so on.
If you are the customer then by all means if you want them you can have them. OTOH, it is not always cost beneficial for ISPs to be both in the business of carrying _all_ packets and in the business of carrying _some_ packets. Many ISPs are in the latter category. If you want to buy a sub sandwich, and are willing to pay for it, you have a right to do so, but McDonalds doesn't have an obligation to sell you one unless they have agreed (in their advertising, for example) to do so. Many ISP are indeed shifting roles from the carrier of all packets and messages to carriers of only those packets and messages that their paying customers actually want, to whatever level maximizes their return on investment.
If my server checks message headers to determine validity before transferring to a spool file, I am not intercepting, I am determining message routing. As above, if you aren't paying me, I have no obligation to deliver something you handed me for delivery. Or are you suggesting mail servers should deliver mail without determining who it is for?
Nope. Thats service observing. Illegal.
Calculating the checksum of an arriving packet, in order to determine if it is valid or not, would be observing, too. Every byte will have been examined. Looking at the header to see where it is supposed to go is also observing. So can you define what kinds of observing you think is illegal? I consider illegal any kind of observing that is not a specific function of the obligation to carry out the services agreed to. And our customers want the kind of Internet services that give them the most benefit for the least hassle. That includes blocking spam.
I cannot block mail espousing causes I disagree with, but I have no obligation to deliver them either. Find yourself another path to my client; I won't do anything to permit or prevent it. I am not blocking you. I am also not assisting you. That is neither illegal nor immoral.
You are obligated to carry the packets you are paid to carry. You may not look at their contents other than for incidental reasons, such as routing and delivery. (and correct routing and delivery.)
And you are NOT obligated to carry the packets you are not paid to carry. How big of a list can you come up with of customers that actually _want_ to pay to carry spam packets? -- Phil Howard | eat1this@dumb2ads.org no5spam6@spam4mer.com no66ads1@noplace7.org phil | no42ads6@anywhere.org no7way16@no9place.com blow4me9@no0where.edu at | stop8374@anyplace.org no0way60@anyplace.net eat42me4@s4p9a6m5.net milepost | crash141@s4p8a8m1.edu no45ads9@anyplace.com no43ads2@anywhere.com dot | a9b1c5d8@no0where.com a8b5c2d6@dumb1ads.com eat12me1@s1p7a4m5.com com | eat28me4@spam5mer.net a0b4c0d3@s4p3a1m1.net a3b0c0d6@anyplace.edu
On Wed, Jan 21, 1998 at 04:41:17PM -0500, Dean Anderson <dean@av8.com> wrote:
If my server checks message headers to determine validity before transferring to a spool file, I am not intercepting, I am determining
Nope. Thats service observing. Illegal.
Actually, most mail filters will not look at the actual DATA portion of the message - rather, the MAIL FROM: and RCPT TO: commands (and the connecting host's IP address ot hostname). Thus, the actual DATA (content) of the message is not looked at before determining whether or not to discard the message. If you consider that illegal, then ANY filtering of ANY sort is illegal, since I'd have to look at a packet's IP address or protocol type in order to filter XXX or YYY. -Taner
In article <v0300781ab0ec1ab2f29a@[198.3.136.121]>, Dean Anderson <dean@av8.com> writes: DA> You are obligated to carry the packets you are paid to carry. You may not DA> look at their contents other than for incidental reasons, such as routing DA> and delivery. (and correct routing and delivery.) DA> But don't take my word for it. Look at Cheswick and Bellovin on page 205. DA> They say the same thing. Cheswick and Bellovin are not lawyers; they're AT&T Labs researchers. I would take their work with a grain of salt; besides, they disclaim all of their legal advice themselves. --Michael Michael S. Fischer <otterley@ipass.com> |\ Sr. Systems/Network Administrator, iPass Inc. _O_ | require Std::Disclaimer; | () Voice: +1 415 944 0333 EFNET: otterley FAX: +1 415 237 7321 | Pager: +1 888 200 1658 Pager e-mail: <pgr-otterley@ipass.com>
On Wed, Jan 21, 1998 at 04:41:17PM -0500, Dean Anderson wrote:
If I am paying you to carry packets, you have an obligation to carry them. Blocking some of them is illegal. (ala AGIS). Every packet that goes through your network is paid for by one of your customers, one of their customers, and so on.
And how do I... or how does the company I work for.. have an obligation to some spammer on a different ISP, if he is spamming NACS.NET? There's no contract there, nor is there any payment. I still don't think you're a spammer, but you sure do sound like one.
to deliver something you handed me for delivery. Or are you suggesting mail servers should deliver mail without determining who it is for?
Nope. Thats service observing. Illegal.
and you can cite laws or legal precedents that support your position, I'm sure.
If I review the content of your message, and then make decisions about who gets to read it (as opposed to discarding it), then I am intercepting, and reprehensible.
And crimminal.
see above.
You are obligated to carry the packets you are paid to carry. You may not look at their contents other than for incidental reasons, such as routing and delivery. (and correct routing and delivery.)
I, as ISP X, am not obligated to carry any packets from ISP Y unless ISP Y is a downstream client of mine with a signed contract. Find me a judge who says otherwise and I'll believe you.
But don't take my word for it. Look at Cheswick and Bellovin on page 205. They say the same thing.
Irrelevant in most cases. -- Steve Sobol - sjsobol@nacs.net NACS FAQ: http://www.nacs.net/support/faq Maintainer of the NACS.NET Tech Support Site at http://www.nacs.net/support DNS guy, Postmaster, "Web Dude", and AUP Person/Spaminator (T.I.N.C.) 128K ISDN. Flat rate. $37.50 per month. You know you want it, so why don't you call me? 216 619-2000, 1-888-273-NACS. "Operators are standing by!" :)
participants (10)
-
Dean Anderson -
Dennis Simpson -
Gary R Wright -
Michael Dillon -
Michael S. Fischer -
Patrick W. Gilmore -
Patrick W. Gilmore -
Phil Howard -
Steve Sobol -
Taner Halicioglu