Fw: Re: White House to Propose System for Wide Monitoring of Internet (fwd)

Fred Heutte aoxomoxoa at sunlightdata.com
Fri Dec 20 22:30:30 UTC 2002

I have restrained from saying this so far but... "I told you so."

When I attended the Oakland NANOG in October 2001, I had just 
returned from Washington DC.  The trip originally was for my 
brother's wedding but I extended it for some personal lobbying on 
the so-called USA PATRIOT bill as it rushed through the process, 
having not one single public hearing in either the House or Senate.  

During that time I was continually in contact with the very 
knowledgeable staff at CDT, EFF and an attorney who is a recognized 
expert on Fourth Amendment search and seizure law and the 1996 AEDPA 
anti-terrorism law that laid the groundwork for "Patriot".

As a USENIX member and NANOG participant, I had more insight into
the practical effect of the sweeping proposals in "Patriot" on actual
net operations than the attorneys did.  I realized that the "Patriot" 
law, when passed, would sooner or later entangle network operators in 
crucial decisions affecting the ability of ordinary users to traverse 
the net freely as we have always done.  

I did my best to alert my Oregon congressional delegation to these
issues, in personal meetings with their staff on Capitol Hill the
first week of October.  I've got a lot of background in lobbying but 
found this very hard to do.  Bridging the gap between communications 
and security policy and operational reality is a difficult matter at 
best.  But still, we have to try.

At the Oakland NANOG, following meeting procedure, I sent an email 
query requesting some discussion of the implications of the "Patriot"
bill, which ended up passing late in the month, and received a polite 
but firm reply from Susan Harris: this was beyond the scope of NANOG.  

I begged to differ then, and now I suggest that we all give serious 
thought to the implications that increasing and direct government 
intervention in the operation of the Net is starting to have.

We all want security, but security without liberty runs contrary to
the founding principles of the United States.  And as Bruce Schneier
has emphatically pointed out, security is a process not a product, 
whether it's a firewall or Total Information Awareness.  Avi Rubin 
observes the issue is not that the potential already exists to do 
great damage with the Internet.  With the advent of ever more potent 
attacks, from ordinary worms and viruses to Code Red and Nimda to 
root server DDOS and beyond, that is not disputed.  The question is 
why this capability is not used more often.  

The restraint from using technology for its maximum destructive 
potential is the social bonds that we have as human beings.  The 
great benefit of the Internet is that it helps strengthen those 
bonds, improve our planetary communications, and at its best help 
us collectively address the issues our societies face.  

If we do not have the maximum freedom to use the net for those 
purposes, free of government interference and arbitrary control 
wherever possible, but consistent with *reasoned and reasonable* 
security measures, our security will instead be undermined in the 
long run.

That is why the approach and attitude of network operators makes 
a difference.  It mattered at the time of the Oakland NANOG, and it 
matters now.  Perhaps NANOG is not the organizational locale to work 
these issues out, although I could see it being so.  But a coherent
response to increasing intrusion of governmental policy on network
operations needs to happen, one way or another.

You might say, "it's not my job to make policy."  And that may be 
true.  It's not a branch librarian or circulation manager's job to 
make policy either, but they all belong to the American Library 
Association, which has emerged as an effective champion of real 
security and real freedom on the Internet, because they are 
committed to the principle that their primary obligation is to the 
users of library services.  I believe network operators should, 
and do, take very seriously their primary obligation to the users 
of Internet services.

So I ask my friends in this organization NANOG whose purpose and 
work I, a mere net user, greatly admire, to consider this question
with the greatest thoroughness.  When the government (whichever one, 
not just the US) comes knocking and asking you to do something that 
restricts the freedom of net users, what will you do?  When those 
in your organization who set policy come asking what it will cost 
and what it will mean to users to do what the government wants, what 
will you say?  

I don't mean to place the entire burden on the shoulders of NANOG 
and its members.  But I do think it's important to consider the 
obligations that all of us, who have some in-depth knowledge of 
how the Internet *really* works, have to the users of the Internet,
which will ultimately be every last one of us on the planet.



------ mail forwarded, original message follows ------

From: Valdis.Kletnieks at vt.edu <>
Subject: Re: White House to Propose System for Wide Monitoring of Internet (fwd)
Date: Fri, 20 Dec 2002 14:31:39 -0500

On Fri, 20 Dec 2002 11:31:39 MST, "Wayne E. Bouchard" said:
> On Fri, Dec 20, 2002 at 11:12:43AM -0500, David Lesher wrote:
> > 
> > [This just jumped into the operational arena. Are you prepared
> > with the router port for John Poindexter's vacuum? What changes
> > will you need to make? What will they cost? Who will pay?]

> Heard about this on the news this morning and you know, I am so not
> worried about it.
> IMO, it's so completely unfeasable at every level as to be actually
> funny.

All the same, I suggest you forward the rest of your quite well-reasoned
comments to your congresscritter and/or the White House.  Remember that the
idea was probably propsed by people who have little or no clue of what the
actual impact would be - and the final decision will likely be made by
somebody with even less technical edge.

The truly scary part is that it could actually be approved....

More information about the NANOG mailing list