[Operational] Internet Police
fred at cisco.com
Thu Dec 9 13:22:31 CST 2010
On Dec 9, 2010, at 10:19 AM, Michael Smith wrote:
> My question is what architectural recommendations will you make to your employer if/when the US Govt compels our employers to accept our role as the "front lines of this "cyberwar"?
> I figure once someone with a relevant degree of influence in the govts realizes that the "cyberwar" is between content/service controllers and eyeballs. With involuntary and voluntary botnets as the weapons of "the eyeballs", relying exclusively on a line of defense near to the content (services) leaves a great expanse of "battlefield". I would expect the content/service controllers to look for means to move the battleline as close to the eyeballs as possible (this community) So... if/when our employers are unable to resist the US Govt's demand that we "join in the national defense", wouldn't this community be the ones asked to guard the border?
> Assuming the govt won't send federal agents into each of our NOCs, won't our employers ask us "what can we do?"
> If inspecting and correlating every single packet/flow for attack signatures is not feasible (on scale), are there name/address registration/resolution measures that could effectively lock-down the edge? ...will we look toward China/Saudi Arabia/etc for lessons learned in there 'great firewalls' to develop a distributed version where central control pushes policy out to the edge (into the private networks that currently provide the dreaded "low barrier for entry")?
> Obviously the environment is created by layers 8/9, but I'm interested in the layer 1-7 solutions that the community would consider/recommend.
In my ever-so-humble opinion, this is not primarily about copyrighted material; it is primarily about content control. Go to any country in the world; they have something they wish wasn't available on the net. It might be child pornography, pornography in general by some definition of that term or lack thereof, journalist reports regarding their country or certain events in their country, paparazzi photos of their leaders or their consorts, or comments or comics featuring important religious figures or violating local social norms (did you know that DSLRs are illegal in Kuwait unless one is a registered journalist?). The UN Al Qua'da Task Force would like to block all files that originate from Al Qua'da. During the US 2004 presidential elections, one of the candidates suggested using CleanFeed to suppress information about dog racing. It might be COICA, HADOPI, or some municipal court judge who has no idea what he is asking but makes a decree that <something> should go away. They are all, at the end of the say, talking about the same thing: "we don't care what other countries or other people think; in our country, <something> should not be available on the Internet."
Which is to say that they think that they should be in control of some bit of content. Content control, which they might well decry when others do it and respond very poorly when you point out their own actions.
I would note that in many cases similar laws already exist in the various countries' legal systems. For some reason, rather than enforcing the existing law of the land, they feel compelled to make a new law that is specific to the Internet. I asked a lawyer advocating yet another such a law about this once, trying to find out why she thought that was necessary. Her response was that the existing law of the land had been found in court after court and jurisdiction over jurisdiction to be unimplementable and unenforceable; a certain famous statement about the definition of obscenity comes to mind, and very appropriately. "If I have the law, it gives me one more chance to argue the case in court". A case she freely admitted that she would very likely lose.
If your boss comes to you and asks you to be part of it, my suggestion (I am not a lawyer, and this is not legal advice) would be to first ask him whether he has a court order. If you are obligated to comply, you are obligated to comply. But in any event, I would suggest that he read http://www.washingtonpost.com/wp-dyn/content/article/2010/12/08/AR2010120804038.html. I suspect we will be reading similar articles about some 70 sites that have been taken down recently, and in some cases they may take whoever-did-it to court and win a judgement. The Internet routes around failure, and people who think they can control content are notorious for failing.
That's not a political viewpoint; some of those things that folks would like to go away probably should. From a very pragmatic and practical perspective, any technical mechanism that has been proposed is trivially defeated. The first implementers of DKIM were the spammers. What does CleanFeed do with https or encrypted BitTorrent? DNS Blocking is very interesting in a DNSSEC world, and is trivially overcome by purchasing a name in another TLD - or a thousand of them. Null routes block access to specific addresses; move the content, and the null route is a waste of bits. Look at how successful we have been in erasing botnets from our memory, or viruses, or spam.
The way to address these things is not to childishly wish there was a magic silver bullet that would make the problem go away. If it's against the law, and in most cases the content that folks want to control is, go arrest the guy.
That's not to say that you couldn't use technologies like CleanFeed or Lawful Intercept, if you use them lawfully, to gather forensic evidence. But that's a far cry from pretending to make the content go away.
More information about the NANOG