Re: Verizon must comply with RIAA's DMCA subpoena
[Moderator's note: I think this is slipping from relevance... --Perry] Faust wrote: Here's a little story: this week I learned that one of our valuable security doctoral candidates doesn't vote, and doesn't want to learn about or discuss politics and the political implications of what she does. Sounds very sensible to me. Leave the voting to those who care. Good thing that you never post complaining about security policy and governments, then Funny, that seems a constant theme on this list! For most of the years I've been involved, the very idea of public, unclassified, non-govermental activity in cryptography and security was actively opposed by our respective governments. That changed through direct activism by many of those on this list. Democracy is not a spectator sport. To be involved in security is to be concerned with policy. Ignorance of policy automatically disqualifies somebody to be a security analyst, since they have no basis for analysis. Security requires more than mere bit twiddling. One of my peeves about Australia is that voting is compulsory here. Quite apart from enforced voting being an infringement of my civil right, the What civil right would that be? Does Australia have some sort of enumerated right to benefit from the work of others without contributing? problem is that most people do not even know who is standing for election from their electorate, far less care what their policies are. And you personally worked to educate them -- how? As a result the great unwashed turn up and tick boxes at random. And you personally worked to educate them -- how? One rightwing politician used this recently to register 30 fake minor parties ( Gay and Lesbian Party, Marihuana party, Save the Forests Party etc ) and then directed the preferences of these parties to himself. This enabled him to get elected to Parliment. Sounds like an excellent hack of the system! Although, with petition signatures from 5% of the electorate for each party to gain a place on the ballot, 30 parties would indicate that he had 150% of the voters sign petitions Either there was an error in the petition validation process, or the party qualifications are unreasonably low (5% to 15% is typical), or you're exaggerating a wee bit (Here, you have to show a minimum of support to gain a place on the ballot. Indeed, incumbent officials have to go out and gather thousands of signatures to be placed on the ballot, even when their party has already qualified for the election. Heck, many places don't require a politician to be a member of any party, as long as they separately qualify to a slightly higher standard.) -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
At 09:54 PM 1/25/2003 +1300, Peter Gutmann wrote: William Allen Simpson [EMAIL PROTECTED] writes: But there is a strong economic rationale. We save untold operational expense, support costs, and legal fees. (The legal cost of complying with that single interstate subpoena cost us an entire month of revenue.) Lucky Green a while back reported that some European ISPs charge customers less if they use IPsec because then there's less cost involved in complying with surveillance requirements. It will be more expensive to obey an ISP's lawyer and somewhat less expensive to sell tappable service. That's the way of economic intimidation. Cheapest is to ignore the subpoena and never seek legal advice. The ISP world won't collapse despite chicken little warning. And ISPs look like cowardly shits for caving. Ponder the lessons of defiant, dissident publishers, and plan to increase your sales by putting your customers before your firm. ISPs are using lawyerly advice to cloak betrayal and cowardice. Fire the ISP lawyer, especially if in house. Pay the difference to sysadmins willing to fight. There's a stampede to comply with obnoxious law, better to throw a TIA party as D advises. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
With all due respect to the commentator and the tremendous amount that he has contributed to the community, I had to go eat a pint of ice cream and cool down, I was so incensed after reading his comments. Here's my attempt at a rational reply: John Young wrote: It will be more expensive to obey an ISP's lawyer and somewhat less expensive to sell tappable service. That's the way of economic intimidation. Cheapest is to ignore the subpoena and never seek legal advice. The ISP world won't collapse despite chicken little warning. And ISPs look like cowardly shits for caving. ... ISPs are using lawyerly advice to cloak betrayal and cowardice. Fire the ISP lawyer, especially if in house. Pay the difference to sysadmins willing to fight. I don't think we caved, or are cowardly shits. We're too small for an in house lawyer. But I won't expect sysadmin employees to go to jail. In the main, we have to work with the system as it exists, while we work to improve it. Those who know me well are aware that I've a few experiences along these lines in my life. - I've been jailed for civil contempt of court. - I've endured FBI investigation (google for it). - I've survived a 7+ year IRS audit, including 2 cases taken all the way to the 6th Circuit, looking to see whether my cryptographic activities were financially supported by foreigners. - I've been party to many other cases (primarily FOIA), setting local and state precedents argued all the way to our highest state court. - I've been involved in electoral politics for 25+ years, and am reasonably familiar with certain elected officials and governments. We got one of the main ACLU attorneys in our state. We sent back the original because it misspelled the name of the company, then challenged the scope, and finally limited the records provided. That is, we resisted every step of the way. Then, we changed our Best Current Practices so that such a subpoena would be more difficult to fulfill in the future. And urged the world to follow our example (well, NANOG and later this list). Here's a little story: this week I learned that one of our valuable security doctoral candidates doesn't vote, and doesn't want to learn about or discuss politics and the political implications of what she does. This was particularly disturbing to me, as she is a naturalized citizen, coming from the old soviet union. In other venues, new citizens are the most active in politics, happy to be somewhere they can participate. Sometimes, engineers have persistent tunnel vision I've always believed there's more to security than bit twiddling, and I've done my best to practice what I preach. As I've written IETF drafts over the past 14 years, I was long an advocate of adding a security considerations section to everything we've done. And I've generally added an operational considerations section, too. We always need to think about the consequences of our work. It needs to enhance security. It needs to protect the powerless from the powerful, even when the users don't think they have anything to hide. It needs to be easy to use (or it won't be used). So, in some respects, you're preaching to the choir. But there is a time and place for civil disobedience. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
Here's a little story: this week I learned that one of our valuable security doctoral candidates doesn't vote, and doesn't want to learn about or discuss politics and the political implications of what she does. Sounds very sensible to me. Leave the voting to those who care. One of my peeves about Australia is that voting is compulsory here. Quite apart from enforced voting being an infringement of my civil right, the problem is that most people do not even know who is standing for election from their electorate, far less care what their policies are. As a result the great unwashed turn up and tick boxes at random. One rightwing politician used this recently to register 30 fake minor parties ( Gay and Lesbian Party, Marihuana party, Save the Forests Party etc ) and then directed the preferences of these parties to himself. This enabled him to get elected to Parliment. -- natsu-gusa ya / tsuwamono-domo-ga / yume no ato summer grasses / strong ones / dreams site Summer grasses, All that remains Of soldier's dreams (Basho trans. Stryk) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
Declan McCullagh wrote: At 06:15 PM 1/21/2003 -0500, William Allen Simpson wrote: He's placed the decision here: http://www.politechbot.com/docs/verizon.riaa.decision.012103.pdf All this to learn the identity of a computer at a particular IP address. Presumbly, Verizon will now be smart enough to say: All of our IP addresses are assigned using DHCP, and we have no record of the name of any subscriber associated with an IP address. I was thinking along the same lines. This seems to be a market opportunity for an Internet provider that keeps no IP address-identity records for more than a few minutes or hours. Speaking with my ISP hat on, we had an experience (described on NANOG and such) with legal process several years ago. Since then, we: 1) never back up the mail servers -- if any fail, we would regenerate the account information from billing records, but any unPOPed mail will be lost. 2) regenerate DSL IP addresses every 6 hours (except for those companies paying extra for static IPs). 3) syslog dialup IPs to a separate server, where they would be lost when the power goes away, and in any event should roll over every day. It's not really a sales item. Since we are only local, I'm not sure how many customers would be sold by this feature. Farmers and college students tend to be oblivious. But there is a strong economic rationale. We save untold operational expense, support costs, and legal fees. (The legal cost of complying with that single interstate subpoena cost us an entire month of revenue.) The DMCA provides for standard technical measures that (C) do not impose substantial costs on service providers or substantial burdens on their systems or networks. Thus, we need to specifically ask our ISPs (market demand) to drive the process for these measures that (A) have been developed pursuant to a broad consensus Certainly, we're part of the consensus!?!? Neil Johnson wrote: Which leads me to beleive that most ISP's are going to want to to keep track of IP's. Oh yes, operationally we need to keep IPs around for a short time to track network problems and enforce the AUP. But we've found 6 hours to a day to be entirely adequate. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
William Allen Simpson says, of the Verizon decision: wrote: All this to learn the identity of a computer at a particular IP address. Presumbly, Verizon will now be smart enough to say: All of our IP addresses are assigned using DHCP, and we have no record of the name of any subscriber associated with an IP address. Declan adds: I was thinking along the same lines. This seems to be a market opportunity for an Internet provider that keeps no IP address-identity records for more than a few minutes or hours. That would be a wise move. That would continue for about three weeks, and then we'd see a bill out of Congress demanding that ISPs retain identity for, oh, maybe seven years? Will Rodger Director Public Policy CCIA www.ccianet.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Verizon must comply with RIAA's DMCA subpoena
That would be a wise move. That would continue for about three weeks, and then we'd see a bill out of Congress demanding that ISPs retain identity for, oh, maybe seven years? UK law enforcement is already asking for this for two years, and subscriber details (name, address, payment mechanisms etc.) for five years: http://www.guardian.co.uk/bigbrother/privacy/statesurveillance/story/0,12382 ,790124,00.html Oh, and they want a global system. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Verizon must comply with RIAA's DMCA subpoena
On Wed, 22 Jan 2003 16:18:47 -, Ian Brown [EMAIL PROTECTED] wrote: That would be a wise move. That would continue for about three weeks, and then we'd see a bill out of Congress demanding that ISPs retain identity for, oh, maybe seven years? UK law enforcement is already asking for this for two years, and subscriber details (name, address, payment mechanisms etc.) for five years: http://www.guardian.co.uk/bigbrother/privacy/statesurveillance/story/0,12382 ,790124,00.html Oh, and they want a global system. That rips it. I'm conserving juice at the outlet, which limits my entertainment options and makes me much less of a consumer; new cars have/will-have GPS to track my donut foraging travels, and are made like crap, so I'm definitely not buying another; I'm already boycotting all music and video media, due the goofiness in Hollywood; and now I'll say goodbye to ISPs that narc for the world government -- 1st world gov, 3rd world, I'm not sure and who can tell the difference, today anyway. Does any portion of whatever world government have totalistic designs on the Yukon? Sure, the canadian government probably has a stack of tourist/emmigration forms to fill out, and they'd hate it if I just dropped out of sight there. But, if I wore a white parka and ski pants, I'd look just like another underfed polar bear. Surely polar bears aren't on anyone's hit-list? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Verizon must comply with RIAA's DMCA subpoena
Declan McCullagh recently posted an interesting article on a legal opinion: http://news.com.com/2100-1023-981449.html He's placed the decision here: http://www.politechbot.com/docs/verizon.riaa.decision.012103.pdf All this to learn the identity of a computer at a particular IP address. Presumbly, Verizon will now be smart enough to say: All of our IP addresses are assigned using DHCP, and we have no record of the name of any subscriber associated with an IP address. When reading the article and then the opinion, I found a discrepancy. Declan says the Verizon subscriber allegedly was sharing (that is, outgoing traffic to other users), while the opinion explicitly says downloaded (presumably, incoming from other users). This raises the question in my mind, how would the RIAA know? Are they snooping on Verizon's network? Wouldn't this eavesdropping be solved by using encryption? Discussing this with Niels Provos, he mentioned they might have a honeypot, and track the IP addresses of downloads. But then, wouldn't the downloads be authorized by the RIAA, and thus not infringing? Although the opinion itself is clear as far as it goes, unfortunately it doesn't cover the issues that are more important to us. The judge declined to rule, as the Verizon lawyers left it to amici to argue, Without a properly developed record, the court found that the defendant effectively waived the constitutional challenge: 17 Verizon devotes only two sentences and a footnote to the constitutional issues, contending that the subsection (h) subpoena authority, if broadly construed, raises substantial Article III (judicial power) and First Amendment (freedom to engage in anonymous speech) questions. [opinion page 30] Disappointing. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]