PATRIOT/USA technical problems, call to action
William Allen Simpson
wsimpson at greendragon.com
Mon Oct 8 05:31:09 UTC 2001
Democracy is not a spectator sport.
The US House (hr.2975 PATRIOT) and US Senate (s.1510 USA) have
introduced bills that will cost ISPs a lot of money -- potentially tens
of thousands of dollars -- even for small ISPs.
Unlike CALEA, there is no requirement that ISPs be reimbursed.
This happened because the legislators are clueless about technical
requirements. It is up to you to educate them!
With the bombing started, it is thought that the bills will be pushed
through this week, without going through the normal committee review.
Each and every one of you MUST call your legislators, where you work and
again where you live. Call your Senator, and then call your
Representative. Do not send email, it won't get read soon enough!
Since Monday is a legal holiday of sorts, you may have to wait until
Tuesday morning, but try on Monday anyway.
--
Urge your representatives in Congress to hold full hearings, and fix
technical problems.
1. Call the White House switchboard at 202-224-3121, and ask to be
connected to the office of your Congressional representative.
-or-
Look up the office numbers on the web at www.house.gov and
www.senate.gov.
2. When you are put through, say "May I please speak to the staff member
who is working on the anti-terrorism legislation?" If that person is not
available to speak with you, say "May I please leave a message?"
3. Briefly explain that you work for an Internet Service Provider, and
although you appreciate the efforts of your representative to address
the challenges brought about by the September 11th tragedy, it would be
a mistake to make any changes in the federal wiretap statute that do not
respond to "the immediate threat of investigating or preventing
terrorist acts."
--
If they want to talk details, here they are:
Both bills add "addressing" and "routing" to the list of activities that
can be requested without a specific court order. So, just like call
setup for the phone companies, every single address that you assign, via
DHCP or otherwise, and every ARP, RIP, OSPF, and BGP routing table
change, must be recorded for posterity -- just in case any state or
federal agents want to review it someday. No time limits, and no
statute of limitations.
Some lawyers read this to extend to tracking every URL accessed through
your POPs, and every email To: and From: transmitted over your networks,
since they both can be considered "addressing" and your activity
"routing".
Obviously, the legislators don't quite understand what a dynamic
packet connectionless Internet means!
--
My solution, after talking to several Representatives and Senators
staffs, is to add clarification to the definitions section 3127:
(7) the term "addressing" means a numeric identifier that assists the
delivery of electronic communications over a specific link, attached to
the outermost encapsulation of the communication (but not including the
contents of such communication).
(8) the term "routing" means the numeric internetwork locator
associated with a communication that facilitates its carriage between
electronic communication services, contained within the internetwork
communication encapsulation (but not including the contents of such
communication).
--
As you can see, my solution means you can do it with standard tools,
like tcpdump or snort, and unlike phone call setup, there's nothing in
the definitions that indicates the information has to be recorded for
future requests....
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
More information about the NANOG
mailing list