Congress may require ISPs to block fraud sites H.R.3817

Richard Bennett richard at bennett.com
Thu Nov 5 18:44:27 CST 2009


I think the idea is for the government to create an official blacklist 
of the offending sites, and for ISPs to consult it before routing a 
packet to the fraud site. The common implementation would be an ACL on 
the ISPs border router. The Congress doesn't yet understand the 
distinction between ISPs and transit providers, of course, and typically 
says that proposed ISP regulations (including the net neutrality 
regulations) apply only to consumer-facing service providers.

If this measure passes, you can expect expansion of blocking mandates 
for rogue sites of other kinds, such as kiddie porn and DMCA scofflaws.

RB

Steven Bellovin wrote:
>
> On Nov 5, 2009, at 5:56 PM, Valdis.Kletnieks at vt.edu wrote:
>
>> On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
>>> Did I miss a thread on this? Has anyone looked at this yet?
>>
>>> `(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on
>>> or through a system or network controlled or operated by the Internet
>>> service provider, transmits, routes, provides connections for, or 
>>> stores
>>> any material containing any misrepresentation of the kind prohibited in
>>> paragraph (1) shall be liable for any damages caused thereby, including
>>> damages suffered by SIPC, if the Internet service provider--
>>
>> "routes" sounds the most dangerous part there.  Does this mean that if
>> we have a BGP peering session with somebody, we need to filter it?
>
> Also "transmits".  (I'm impressed that someone in Congress knows the 
> word "routes"....)
>>
>> Fortunately, there's the conditions:
>>
>>> `(A) has actual knowledge that the material contains a 
>>> misrepresentation
>>> of the kind prohibited in paragraph (1), or
>>
>>> `(B) in the absence of actual knowledge, is aware of facts or
>>> circumstances from which it is apparent that the material contains a
>>> misrepresentation of the kind prohibited in paragraph (1), and
>>
>>> upon obtaining such knowledge or awareness, fails to act expeditiously
>>> to remove, or disable access to, the material.
>>
>> So the big players that just provide bandwidth to the smaller players 
>> are
>> mostly off the hook - AS701 has no reason to be aware that some 
>> website in
>> Tortuga is in violation (which raises an intresting point - what if the
>> site *is* offshore?)
>>
>> And the immediate usptreams will fail to obtain knowledge or 
>> awareness of
>> their customer's actions, the same way they always have.
>
> Note the word "circumstances"...
>>
>> Move along, nothing to see.. ;)
>
> Until, of course, some Assistant U.S. Attorney or some attorney in a 
> civil lawsuit decides you were or should have been aware and takes you 
> to court.  You may win, but after spending O(\alph_0) zorkmids on 
> lawyers defending yourself....
>
>
>         --Steve Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>
>
>

-- 
Richard Bennett
Research Fellow
Information Technology and Innovation Foundation
Washington, DC





More information about the NANOG mailing list