Saturday, July 16, 2016

1992 :: July 16 :: David Clark Articulates Internet Creed

We Reject: Kings, Presidents, and Voting.
We Believe in: Running Code and Rough Consensus.
Prof. David Clark
On July 16, 1992, Prof. David Clark articulated what would become the creed of the Internet engineering community.  He was giving a presentation A Cloudy Crystal Ball: A Vision into the Future at the IETF.  It was era of turmoil and uncertainty as the privatization of the Internet (the transformation of the Internet from NSFNET to commercial networks) was in its infancy.

During his presentation, based on Prof. Clark's slides, he made a number of additional curious observations:

  • Our best success was not computing, but hooking people together.
  • The hacks of today are the commonplace of tomorrow.
  • Security is a CRITICAL problem.
  • What we should do: Fix insecure services: PASSWORDS
  • The problem is assigning the correct degree of fear to distant elephants.
  • If we have a problem it is due to too much success. 

Thursday, July 14, 2016

1999, July 14 :: IANA Announces First Allocations of IPv6 Addresses

14 July 1999
From: IANA [iana@ISI.EDU]
Sent: Wednesday, July 14, 1999 12:32 PM
To: iana-announce@ISI.EDU
Cc: 'iana'
Subject: Delegation of IPv6 address space 
Internet Community, 
After much discussion concerning the policy guidelines for the deployment of IPv6 addresses, in addition to the years of technical development done throughout the Internet community, the IANA has delegated the initial IPv6 address space to the regional registries in order to begin immediate worldwide deployment of IPv6 addresses. 
We would like to thank the current Regional Internet Registries (RIR) for their invaluable work in the construction of the policy guidelines, which seem to have general consensus from the Internet community. We would also like to thank the efforts of the IETF community and the support of the IAB in making this effort a reality.

1998, July 14 :: Akamai files CDN Patent

In the 1990s, with the birth of the public Internet and the success of the World Wide Web, the network was experiencing high and peak demand resulting in significant congestion. Generally, each time content was requested by an end-user, the request would go across the backbones to the content host server, the content would be served and travel back across the backbones, and it would be delivered across the access network to the end user. When peak demand hit World Wide Web resources, content would become congested and some traffic would not get through (packet loss). In 1999, catastrophically demonstrating the problem of content delivery at that time, Victoria's Secret advertised during the Superbowl that it would webcast its fashion show. 1.5 million people attempted to view the Victoria's Secrets webcast, overwhelming the server infrastructure, resulting in a poor experience. [Adler] [Borland] Online services had a problem moving content from source, across the backbones, to eyeballs. 

In 1995, Tim Berners Lee foresaw that this means of delivering content could not successfully scale. He challenged colleagues at MIT to invent a way to deliver web traffic and mitigate congestion, particularly during moments of peak or flash demand. [Akamai History] [Mitra (quoting Tom Leighton, "Tim was interested in issues with the Internet and the web, and he foresaw there would be problems with congestion. Hot spots, flash crowds, … and that the centralized model of distributing content would be facing challenges. He was right.... He presented an ideal problem for me and my group to work on.")][Berners-Lee] [Held 149] (For discussion of flash demand, see [Jung] [Khan]) A 1998 entrepreneurship competition at MIT resulted in Patent '703 which became Akamai [Akamai History] [Khan]. CDNs were designed to fetch and cache the most popular content, store it closer to access networks, and permit quality access to the content while avoiding transit fees.  

Sunday, July 10, 2016

Internet Means the Death of Borders :: Elvis is Everywhere :: #Nope

In the era of exceptionalism, the Internet was proclaimed as the death of borders.  Kinda like Elvis, the Internet was everywhere all the time.  Plaintiffs' lawyers heard that - and figured that meant any court had jurisdiction over any website ~ because that website was virtually in that jurisdiction.

The courts found the borders; they did not have jurisdiction over any website.

Okay, the facts on this one are straight forward.  Let's got to the video tape: Plaintiffs sell clothes.  Plaintiffs claims that Defendants (all 3343 of them), who are like in China, "sell counterfeit products that violate Plaintiffs' intellectual property rights . . . to consumers within the United States."  Plaintiffs sued in Illinois.

Jumping over a lot in the court's decision to get to the interesting stuff, there was just not a lot alleged that connected defendants to Illinois other than that they had websites.

So, over an individual defendant,  as a rule, a court has your general jurisdiction and your specific jurisdiction.  

As for general jurisdiction, the court sez:
[T]he exercise of personal jurisdiction here is based exclusively upon Defendants' alleged maintenance of interactive websites. Without more (and there is not more here), this fact alone is not enough to support general personal jurisdiction.  See, e.g., Richter v. INSTAR Enterprises Int'l, Inc., 594 F. Supp. 2d 1000, 1009 (N.D. Ill. 2009) ("[R]egardless how interactive a website is, it cannot form the basis for [general] personal jurisdiction . . . unless the contacts through the website are so substantial that they may be considered `systematic and continuous' for the purpose of general jurisdiction."); Euromarket Designs, Inc. v. Crate & Barrel Ltd., 96 F. Supp. 2d 824, 833 (N.D. Ill. 2000) ("Generally, the defendant's mere maintenance of an Internet website is not sufficient activity to exercise general jurisdiction over the defendant.").
As for specific jurisdiction, this means that the defendant had specific transactions and presence within the jurisdiction.  Plaintiffs said that each of the defendants transacted business in Illinois.  A few of the defendants surfaced and said... "um, no we didnt (and by the way, we are Irish not Chinese)."  The court said
jurisdictional allegations are accepted as true, but if a defendant submits evidence in opposition to the exercise of jurisdiction, plaintiff must go beyond the pleadings and submit affirmative evidence to support it) (citing Purdue Research Foundation v. Sonofi-Synthelabo, S.A., 338 F.3d 773, 782-83 (7th Cir. 2003)). Plaintiffs did not provide such evidence
Then plaintiffs' counsel flops back and argued "that he believed personal jurisdiction was proper as to all 3,343 defendants solely because they operated interactive websites that displayed copyrighted images and infringed Plaintiffs' trademarks."

To quote the court, "yeah.... no." Following plaintiffs logic, the court said, "personal jurisdiction would automatically exist in every state and presumably every country."  The court cited two cases where the court indeed found jurisdictions over websites, but the finding of specific jurisdiction was premised on evidence that defendants had in fact transacted business in Illinois. Monster Energy, 136 F.Supp. 3d at 902. State of Illinois v. Hemi Group LLC, 622 F.3d 754 (7th Cir. 2010). "In this case, however, Plaintiffs have not made such a showing. They provided no facts to show that any of the defendants named in the complaint aimed any action at Illinois."

The Internet is not borderless; Elvis is not everywhere.

American Bridal & Prom Industry v a bunch of defendants, NDILL June 29, 2016

1962, July 10 :: Telstra I lauched

Wikipedia: "Telstar is the name of various communications satellites. The first two Telstar satellites were experimental and nearly identical. Telstar 1 was launched on top of a Thor-Delta rocket on July 10, 1962. It successfully relayed through space the first television pictures, telephone calls, faximages and provided the first live transatlantic television feed. Telstar 2 was launched May 7, 1963. Telstar 1 and 2, though no longer functional, are still in orbit as of October 2013"

Saturday, July 09, 2016

Bollaert :: "Designed to Solicit Illegal Content" Removes Sec. 230 Immunity #Nope

I like this case.  Every now and then a judge puts it just right.  47 USC s 230 immunity applies, except where a site is "designed to solicit illegal content."  The court states Defendant's "actions were not neutral, but rather materially contributed to the illegality of the content and the privacy invasions suffered by the victims."

Nice. Clean. Wrong.

Okay, before we unpack it, lets go to the videotape:
In 2012, 2013 and 2014, a number of individuals discovered that photographs of themselves, including nude photographs, as well as their names, hometowns, and social media addresses, had been posted without their permission on a Web site, Most of the pictures were taken by or for former significant others or friends. Some of the pictures the victims had taken on their own phones or placed on personal webpages for private viewing by themselves or select others. Some had been taken while the victim was drugged and in a compromised state or otherwise unaware of the photographing. Victims received harassing and vulgar messages from strangers. Many of the victims contacted the Web site administrator at to try to get their photographs and information removed without success. ...The UGotPosted Web site contained a link to another Web site,, where victims were told that for payment of a specified amount of money, their pictures and information would be taken down. Six of the victims paid money to an account on to have their pictures removed from the Web site.
The People brought charges of extortion and unlawful use of personally identifying information.

Defendant claimed immunity under 47 USC s 230.

If you are familiar with the Roommates decision, you know where this is going. In Roommates, defendant created a website which had a survey with required questions and answers.  These required inquiries were used to create a customer's profile.  Unfortunately, some of those questions appeared to have violated the Fair Housing Act.  The court held that yeah, if you requiring that people answer questions with answers that you supplied, you have become an Information Content Provider and are liable for the content you created.

In this instance, the court found that the Defendant was pretty much doing the same thing: Defendant
created so that it forced users to answer a series of questions with the damaging content in order to create an account and post photographs. That content—full names, locations, and Facebook links, as well as the nude photographs themselves—exposed the victims' personal identifying information and violated their privacy rights.
The court then slips: Defendant's
Web site was "designed to solicit"  content that was unlawful, demonstrating that [Defendant's] actions were not neutral, but rather materially contributed to the illegality of the content and the privacy invasions suffered by the victims. In that way, he developed in part the content, taking him outside the scope of CDA immunity. 
Yeah.  No.  Careful.

The court has conflated two questions - and in some ways the conflation does not matter - but in some ways it is important to acknowledge and bloggers need things to quibble about. The two questions:  (A) Is defendant an Information Content Producer and thus does not fall under 230 immunity and (B) Is the content in question legally actionable.

Say it the opposite way.  The fact that "the content was unlawful" did not make Defendant an Information Content Producer.  The whole purpose to 230 is to protect Interactive Computer Services from the bad content created by third parties. Consistently, if a defendant created a perfectly legal survey with required questions and pre-concocted answers - but legal - defendant would still potentially be an Information Content Producer under Roommates and not fall under 230 immunity (there would just be no liability because the content was not actionable). 

Sec. 230 immunity is lost, pursuant to Roommates, not, because the site was designed to solicit unlawful content.  Sec. 230 immunity is lost, pursuant to Roommates, because
By requiring subscribers to provide the information as a condition of accessing its service, and by providing a limited set of pre-populated answers, Roommate becomes much more than a passive transmitter of information provided by others; it becomes the developer, at least in part, of that information. And section 230 provides immunity only if the interactive computer service does not `creat[e] or develop[]' the information `in whole or in part.'
Roommates p. 1166.  

Whether the content is illegal is a different question from whether defendant is immune.

People v. BOLLAERT, Cal: Court of Appeal, 4th Appellate Dist., 1st Div. 2016

Thursday, July 07, 2016

:: Priorities for the National Privacy Research Strategy

Release: Vast improvements in computing and communications are creating new opportunities for improving life and health, eliminating barriers to education and employment, and enabling advances in many sectors of the economy. The promise of these new applications frequently comes from their ability to create, collect, process, and archive information on a massive scale.
However, the rapid increase in the quantity of personal information that is being collected and retained, combined with our increased ability to analyze and combine it with other information, is creating concerns about privacy. When information about people and their activities can be collected, analyzed, and repurposed in so many ways, it can create new opportunities for crime, discrimination, inadvertent disclosure, embarrassment, and harassment.
This Administration has been a strong champion of initiatives to improve the state of privacy, such as the “Consumer Privacy Bill of Rights” proposal and the creation of the Federal Privacy Council. Similarly, the White House report Big Data: Seizing Opportunities, Preserving Values highlights the need for large-scale privacy research, stating: “We should dramatically increase investment for research and development in privacy-enhancing technologies, encouraging cross-cutting research that involves not only computer science and mathematics, but also social science, communications and legal disciplines.”
Today, we are pleased to release the National Privacy Research Strategy. Research agencies across government participated in the development of the strategy, reviewing existing Federal research activities in privacy-enhancing technologies, soliciting inputs from the private sector, and identifying priorities for privacy research funded by the Federal Government. The National Privacy Research Strategy calls for research along a continuum of challenges, from how people understand privacy in different situations and how their privacy needs can be formally specified, to how these needs can be addressed, to how to mitigate and remediate the effects when privacy expectations are violated. This strategy proposes the following priorities for privacy research:
  • Foster a multidisciplinary approach to privacy research and solutions;
  • Understand and measure privacy desires and impacts;
  • Develop system design methods that incorporate privacy desires, requirements, and controls;
  • Increase transparency of data collection, sharing, use, and retention;
  • Assure that information flows and use are consistent with privacy rules;
  • Develop approaches for remediation and recovery; and
  • Reduce privacy risks of analytical algorithms.

  With this strategy, our goal is to produce knowledge and technology that will enable individuals, commercial entities, and the Federal Government to benefit from technological advancements and data use while proactively identifying and mitigating privacy risks. Following the release of this strategy, we are also launching a Federal Privacy R&D Interagency Working Group, which will lead the coordination of the Federal Government’s privacy research efforts. Among the group’s first public activities will be to host a workshop to discuss the strategic plan and explore directions of follow-on research. It is our hope that this strategy will also inspire parallel efforts in the private sector.

Friday, July 01, 2016

This is Cybertelecom

Established in 1997, Cybertelecom is an educational not-for-profit project focusing on Federal Internet law and policy. The project is an educational resource providing individuals with the opportunity to learn about and discuss federal laws, judicial interpretations, and regulatory developments. The project includes:
You're feedback is appreciated.  Oh, and ya gotta read our disclaimer.

Thursday, June 30, 2016

Larry Roberts, "The ARPANET and Computer Networks" - Computer History Museum


What They’re Saying: Reaction to NTIA’s Assessment of the IANA Stewardship Transition ProposalJune 16, 2016 by NTIA

A week ago, NTIA announced that the proposal developed by the Internet multistakeholder community to transition the U.S. Government’s stewardship role for the Internet Assigned Numbers Authority (IANA) functions met the criteria NTIA outlined in March 2014. The announcement was an important milestone in the U.S. Government’s effort to complete the privatization of the Internet’s domain name system. The transition will help ensure the continued leadership of the private sector in making decisions related to the technical underpinning of the Internet, which has helped the Internet thrive as a platform for innovation, economic growth, and free speech.
NTIA worked with other U.S. Government agencies and conducted a thorough review of the Internet community’s proposal to ensure it met our criteria. NTIA also found that the proposal adequately addressed relevant internal control principles, in a review recommended by the U.S. Government Accountability Office (GAO). In addition, a panel of corporate governance experts concluded that the plan is consistent with the sound principles of good governance.

NTIA’s assessment of the proposal has earned praise from a range of individuals, industry organizations and civil society groups. Here’s what they are saying....


:: BEREC Report on “Enabling the Internet of Things”.

BEREC participation at the OECD Ministerial Meeting on the “Digital Economy: Innovation, Growth and Social Prosperity” in CancĂșn, Mexico

23 June 2016
BEREC Chair Wilhelm Eschweiler represented BEREC at the OECD Ministerial Meeting on the “Digital Economy: Innovation, Growth and Social Prosperity” which took place in CancĂșn, Mexico, from 20-23 June 2016. In particular, Mr. Eschweiler participated as a speaker in the panel discussions regarding “Tomorrow’s Internet of Things (IoT)” on 23 June 2016 where he discussed the OECD report on IoT and highlighted the main messages of the BEREC Report on “Enabling the Internet of Things”.
“Since connectivity is an essential part of, and a precondition for, the Internet of Things, it is vital that regulatory frameworks concerning telecommunication are fit for purpose”, the BEREC Chair emphasized. Depending on national circumstances, regulatory telecom frameworks might need a ”refreshment” in order to create an environment where IoT services can thrive and which fosters innovation and competition. Therefore, legislators should consider reviewing their telecom laws in order to adjust them if appropriate. In this line, the BEREC Report on “Enabling the Internet of Things” examines if and where adjustments to the EU regulatory telecom framework might be required.
The BEREC Chair also pointed out that, from a regulator’s perspective, in particular the automotive industry and the energy industry are areas where the Internet of Things is becoming more and more important. For both types of IoT services – connected cars and smart meters – usually mobile connectivity and SIM cards are used. BEREC and national regulatory authorities in the European Union are in close dialogue in particular with these industries as well as network operators in order to remove existing barriers and to enable corresponding business models.