Legislation and its effects in our world

Fred Baker fred at cisco.com
Wed Feb 25 11:06:13 CST 2009


I am not a  lawyer; I am a person that can read something that is  
written in the English language, and considered by some to be a  
"reasonable man". So please don't consider this to be legal advice.  
Also, although I am posting from a Cisco account, this note represents  
my understanding based on a reading of the text of the bill, not an  
opinion of or advice by Cisco. Further, I do not represent myself as  
either for or against the legislation or the implied technology. I  
have opinions on all that, but I'll save them for another email.

#include <any other disclaimers that are important>

The text of the bill, which is in committee, is at http://www.govtrack.us/congress/billtext.xpd?bill=s111-436 
. Read the text of the bill before continuing with my comments on it  
or on Declan's article.

Most of the bill is about defining "child pornography", such as "  
inserting ‘1466A (relating to obscene visual representation of the  
abuse of children),’ before ‘section 1708’", or about changing  
penalties. Data retention is discussed in section 5:

> SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE  
> PROVIDERS.
> Section 2703 of title 18, United States Code, is amended by adding  
> at the end the following:
> ‘(h) Retention of Certain Records and Information- A provider of an  
> electronic communication service or remote computing service shall  
> retain for a period of at least two years all records or other  
> information pertaining to the identity of a user of a temporarily  
> assigned network address the service assigns to that user.’.

In context, this is about providers of a service. BTW, it doesn't talk  
about *creating* a record that doesn't exist, it talks about  
*retaining* records that have already been created, such as billing  
records or other records that would support billing and maintenance.  
IANAL, so run this by your lawyers, but a provider of a service is in  
the FCC definitions someone that sells a service to random purchasers,  
not someone that provides communications to his own employees,  
students, or family members. This came up during the discussion by the  
FCC about lawful intercept and what constituted a network that had to  
implement it several years ago. This is confirmed, says the  
"reasonable man", by the definition of the offense in Section 3:

> ‘(a) Offense- Whoever, being an Internet content hosting provider or  
> email service provider, knowingly engages in any conduct the  
> provider knows or has reason to believe facilitates access to, or  
> the possession of, child pornography (as defined in section 2256)  
> shall be fined under this title or imprisoned not more than 10  
> years, or both.

Note the lack of reference to home routers, wireless in any form, or  
any of the other stuff Declan mentions in his article:

> (CNET) -- Republican politicians on Thursday called for a sweeping  
> new federal law that would require all Internet providers and  
> operators of millions of Wi-Fi access points, even hotels, local  
> coffee shops, and home users, to keep records about users for two  
> years to aid police investigations.

I would ask you, how many local coffee shops or hotels that you know  
of operate their own Internet access? How many instead contract with T- 
Mobile or some other provider? Since the billing record is done with  
the provider (you somehow pay a bill to T-Mobile-or-whoever for use of  
the wifi and you identify yourself to them at the time you access the  
service), whom would you expect might be required to "retain" those  
records?

I would also be a trifle careful with Declan's repeated references to  
the party of the person who submitted the bill. The bill is, or at  
least looks like, enabling legislation required by the Cybercrime  
Treaty (http://tinyurl.com/6m9ey, Article 20 of which calls for what  
is now called "Data Retention"), and is pretty much in line with the  
current EU directive on the topic (http://tinyurl.com/2maatj). Both  
major parties in the US have been on deck during the negotiation of  
the CyberCrime Treaty, and whatever your opinion of it might be, this  
bill is in line with Obama campaign promises and actions as president  
as I understand them.

I personally tend to ignore stuff written by Declan. It requires too  
much work to drill through the political activism and sensationalism- 
portrayed-as-journalism to find the germ of truth that inspired the  
article.


On Feb 25, 2009, at 7:06 AM, Jim Willis wrote:

> After having a brief conversation with a friend of mine over the  
> weekend
> about this new proposed legislation I was horrified to find that I  
> could not
> dig anything up on it in NANOG. Surely this sort of short minded  
> legislation
> should have been a bit more thought through in its effects on those  
> that
> would have to implement these changes. My major concern is not just  
> for
> myself but for a much broader picture.
>
> "Republican politicians on Thursday called for a sweeping new  
> federal law
> that would require all Internet providers and operators of millions  
> of Wi-Fi
> access points, even hotels, local coffee shops, and home users, to  
> keep
> records about users for two years to aid police investigations."
>
> http://www.cnn.com/2009/TECH/02/20/internet.records.bill/index.html
>
>
> I understand and agree that minors should be protected and I think  
> child
> pornography is awful, however I think how the government is going  
> about
> catching these criminals with this new legislation will not really  
> be any
> more efficient than there current methods. Having a log of all IP's  
> that
> come across my or anyone in America's "home" Wi-Fi for two years is  
> not
> going to help "police investigations" but will cause me to have to  
> go buy a
> more expensive router.
>
> So I'm just wondering, how would this legislation effect some of you  
> on the
> NANOG list?
>
> -Jim





More information about the NANOG mailing list