I think the idea is for the government to create an official blacklist
of the offending sites, and for ISPs to consult it before routing a
packet to the fraud site. The common implementation would be an ACL on
the ISPs border router. The Congress doesn't yet understand the
distinction between ISPs and transit providers, of course, and typically
says that proposed ISP regulations (including the net neutrality
regulations) apply only to consumer-facing service providers.
If this measure passes, you can expect expansion of blocking mandates
for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.
RB
Steven Bellovin wrote:
On Nov 5, 2009, at 5:56 PM, valdis.kletni...@vt.edu wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on
or through a system or network controlled or operated by the Internet
service provider, transmits, routes, provides connections for, or
stores
any material containing any misrepresentation of the kind prohibited in
paragraph (1) shall be liable for any damages caused thereby, including
damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if
we have a BGP peering session with somebody, we need to filter it?
Also "transmits". (I'm impressed that someone in Congress knows the
word "routes"....)
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a
misrepresentation
of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or
circumstances from which it is apparent that the material contains a
misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously
to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players
are
mostly off the hook - AS701 has no reason to be aware that some
website in
Tortuga is in violation (which raises an intresting point - what if the
site *is* offshore?)
And the immediate usptreams will fail to obtain knowledge or
awareness of
their customer's actions, the same way they always have.
Note the word "circumstances"...
Move along, nothing to see.. ;)
Until, of course, some Assistant U.S. Attorney or some attorney in a
civil lawsuit decides you were or should have been aware and takes you
to court. You may win, but after spending O(\alph_0) zorkmids on
lawyers defending yourself....
--Steve Bellovin, http://www.cs.columbia.edu/~smb
--
Richard Bennett
Research Fellow
Information Technology and Innovation Foundation
Washington, DC
