Tuesday, December 12, 2017

Peering Policies

A "Peering Policy" is "[t]he decision criteria that a provider applies in deciding with whom they will peer. " [NRIC Sec. 1.2.2] In the words of Bill Norton, a "Peering Policy" is "an articulation of peering inclination." [Norton, A Guide to Peering Contracts] [Norton Open Peering Policy] Originally, it was an articulation by a backbone network (the networks in the 1990s that peered) of whom it would perceive to be a "peer" or equal. It is like an amusement park sign that says, "you must be this tall to ride." Generally, to be a "peer," a network had to satisfy the settlement free peering proxy and be roughly equal in size and exchange roughly balanced traffic. A peering policy delineated how that would be measured.[Golding][BEREC p. 21 Dec. 6, 2012][NRIC FG 4]

A peering policy is not a peering contract; peering contracts are far more elaborate. It is not a legal "offer;" networks reserve the right to negotiate and to enter into a peering arrangement or not. [NRIC Sec. 1.2.2] [Norton, Peering Policies]

In the 1990s, as the nascent commercial Internet matured, Tier 1 backbones looked at smaller networks, concluded that they were not "peers," and migrated smaller networks to transit customer arrangements. [1997 Depeering] Smaller networks that found themselves with large transit bills complained. [Digital Handshake 2000] [First 706 Report, para. 105 (at the time, commenters unanimously opposed FCC intervention into peering and interconnection disputes with one exception; Bell Atlantic, now Verizon, recommended possible action by the FCC to lower barriers of entry to new entrants).] If they were not large enough to qualify for peering, then they wanted to know how large they had to be. They wanted to know what benchmarks they had to meet to avoid transit fees.

In 2001, the FCC's Network Reliability and Interoperability Council (NRIC, predecessor of CSRIC), led by Jim Crowe of Level 3, recommended that networks post peering policies on their websites. [NRIC Sec. 4.1] [NRIC Internet Peering Statement ("NRIC V encourages other Internet providers, and especially the large "backbone" Internet providers that comprise the core of the modern Internet, to consider, consistent with their business practices, publication of their criteria for peering.") Available on the Web Archive.] [GAO ("We were also told that peering policies should be made public.")] [FCC NRIC Encourages Publication of Peering Criteria to Promote Transparency (Oct. 30, 2001).] In the 2005 mergers (Verizon/WCOM, AT&T/SBC) and the 2007 merger (AT&T/Bell South), the parties agreed to post peering policies as a merger condition. [SBC / AT&T ¶ 133] [Verizon / MCI ¶ 134] [AT&T / Bell South, Appendix F]

Peering policies consist of two different types of clauses.[Compare Norton Survey (dividing the clauses into three groups: (1) operations-related Internet peering policy clauses; (2) Technical / Routing / Interconnection clauses; and (3) General Clauses).] First, provisions that determine whether a potential partner is a "peer" (roughly equal size with roughly balanced traffic), and, second, operational conditions regarding what is necessary to successfully interconnect. These provisions fall out as follows: 

Peer Criteria (roughly equal size / traffic) 
Operational Conditions 
  • Geographic reach
  • Redundant network
  • Presence at specified IXPs
  • Minimum number of points of interconnection
  • Minimum traffic capacity / utilization
  • Balanced traffic ratio
  • No customers as peers
  • 24/7 NOC
  • No Abuse
  • Consistent Routing Announcements
  • Filter routes
  • Hot or Cold Potato Routing
  • Resolving congestion / augmentation
  • Use of IRR, PeeringDB

[NortonStudy of 28 Peering Policies] [Golding] [BEREC p. 21 2012] [NRIC Sec. 4.3 (examples include geographic coverage, proximity to exchange points, minimum capacity, symmetry of traffic exchange, minimum traffic loads, reliable network support, and reasonable address aggregation)] [Verizon (“The key common feature, however, is that these voluntary arrangements involve a mutual exchange of value of one form or another.”)] [Aemen Lodhi, Natalie Larson, Amogh Dhamdhere, Constantine Dovrolis, kc claffy, Using PeeringDB to Understand the Peering Ecosystem, ACM SIGCOMM Computer Communication Review, 44(2), 20-27, 21 (2014), ("Finally, we explore what historical snapshots of the PeeringDB database can tell us about the evolution of the Internet peering ecosystem.")]

In 2004PeeringDB came on the scene. PeeringDB is a database created "by and for peering coordinators" that provides 
  • a link to peering policy,
  • peering inclination,
  • whether interconnection at multiple locations is required,
  • whether there is a balanced ratio requirement,
  • whether a contract is required,
  • peering contact information, and
  • the peering facilities where the network is available for interconnection.
According to PeeringDB, "The purpose of this project is to facilitate the exchange of information related to peering. Specifically, what networks are peering, where they are peering, and if they are likely to peer with you." [Martin Levy, PeeringDB and why everyone should use it, presentation at African Peering and Interconnection Forum 2011, slide 7] In 2016, PeeringDB 2.0 was launched and PeeringDB was established as a non-profit organization. By the end of 2016, it listed 8194 peering networks, 2302 interconnection facilities, and 566 IXPs.  [Arnold Nipper, PeeringDB, presentation at CEE Peering Days 2017] [Terry Rodery, PeeringDB, presentation at NANOG 40 (2007)] [Aemen Lodhi, Natalie Larson, Amogh Dhamdhere, Constantine Dovrolis, kc claffy, Using PeeringDB to Understand the Peering Ecosystem, ACM SIGCOMM Computer Communication Review, 44(2), 20-27 (2014)]

FTC FCC NN MOU :: BEREC on NN :: Carpenter v USA :: RIF For Whom?

FTC, FCC Outline Agreement to Coordinate Online Consumer Protection Efforts Following Adoption of The Restoring Internet Freedom Order https://www.ftc.gov/news-events/press-releases/2017/12/ftc-fcc-outline-agreement-coordinate-online-consumer-protection

Chairman Smith letter to DHS requesting information regarding Kaspersky lab


BEREC to discuss Net Neutrality issues in light of the report presenting one year of implementation of Open internet Regulation and related BEREC Guidelines http://berec.europa.eu//eng/news_and_publications/whats_new/4702-berec-to-discuss-net-neutrality-issues-in-light-of-the-report-presenting-one-year-of-implementation-of-open-internet-regulation-and-related-berec-guidelines


Changing Privacy Laws in the Digital Age: Carpenter v. United States Col. S. Tech. L. R. http://stlr.org/2017/11/28/changing-privacy-laws-in-the-digital-age-carpenter-v-united-states/

Carpenter v. United States – What future for digital privacy? WJLTA https://wjlta.com/2017/11/17/carpenter-v-united-states-what-future-for-digital-privacy/

Michael Geist, Why Abandoning Net Neutrality in the U.S. Matters in Canada http://www.michaelgeist.ca/2017/11/abandoning-net-neutrality-u-s-matters-canada/


Friday, November 03, 2017

Sen. Comm. Comm. Hrg. Nov 7 :: Advancing IoT in Rural America

U.S. Sen. Roger Wicker (R-Miss.), chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, will convene a hearing titled "Advancing the Internet of Things in Rural America," at 10:00 a.m. on Tuesday, November 7, 2017. The hearing will examine the use and benefits of the Internet of Things (IoT) in rural communities, and the infrastructure needs necessary to advance the IoT market to ensure rural America has access to products and devices that are driving the digital economy.

Witnesses:

  • Mr. Michael Adcock, Executive Director, Telehealth Center University of Mississippi Medical Center, Jackson, Miss.
  • Mr. David Armitage, Founder and CEO of Cartasite, Denver, Colo.
  • Mr. Timothy Hassinger, President and CEO, Lindsay Corporation, Omaha, Neb.
  • Mr. Michael Terzich, Chief Administrative Officer, Zebra Technologies, Lincolnshire, Ill.

Hearing Details:

Tuesday, November 7, 2017
10:00 a.m.
Subcommittee on Communications, Technology, Innovation, and the Internet

 

This hearing will take place in Russell Senate Office Building, Room 253. Witness testimony, opening statements, and a live video of the hearing will be available on www.commerce.senate.gov.

Thursday, November 02, 2017

1988, Nov. 2 :: 25th Anniversary of the Morris Worm

"In the fall of 1988, Morris was a first-year graduate student in Cornell University's computer science Ph.D. program. Through undergraduate work at Harvard and in various jobs he had acquired significant computer experience and expertise. When Morris entered Cornell, he was given an account on the computer at the Computer Science Division. This account gave him explicit authorization to use computers at Cornell. Morris engaged in various discussions with fellow graduate students about the security of computer networks and his ability to penetrate it.

Disc containing Morris Code
at Museum of Science
"In October 1988, Morris began work on a computer program, later known as the Internet "worm" or "virus." The goal of this program was to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers. Morris designed the program to spread across a national network of computers after being inserted at one computer location connected to the network. Morris released the worm into Internet, which is a group of national networks that connect university, governmental, and military computers around the country. The network permits communication and transfer of information between computers on the network.

"Morris sought to program the Internet worm to spread widely without drawing attention to itself. The worm was supposed to occupy little computer operation time, and thus not interfere with normal use of the computers. Morris programmed the worm to make it difficult to detect and read, so that other programmers would not be able to "kill" the worm easily. Morris also wanted to ensure that the worm did not copy itself onto a computer that already had a copy. Multiple copies of the worm on a computer would make the worm easier to detect and would bog down the system and ultimately cause the computer to crash. Therefore, Morris designed the worm to "ask" each computer whether it already had a copy of the worm. If it responded "no," then the worm would copy onto the computer; if it responded "yes," the worm would not duplicate. However, Morris was concerned that other programmers could kill the worm by programming their own computers to falsely respond "yes" to the question. To circumvent this protection, Morris programmed the worm to duplicate itself every seventh time it received a "yes" response. As it turned out, Morris underestimated the number of times a computer would be asked the question, and his one-out-of-seven ratio resulted in far more copying than he had anticipated. The worm was also designed so that it would be killed when a computer was shut down, an event that typically occurs once every week or two. This would have prevented the worm from accumulating on one computer, had Morris correctly estimated the likely rate of reinfection.

"Morris identified four ways in which the worm could break into computers on the network: (1) through a "hole" or "bug" (an error) in SEND MAIL, a computer program that transfers and receives electronic mail on a computer; (2) through a bug in the "finger demon" program, a program that permits a person to obtain limited information about the users of another computer; (3) through the "trusted hosts" feature, which permits a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and (4) through a program of password guessing, whereby various combinations of letters are tried out in rapid sequence in the hope that one will be an authorized user's password, which is entered to permit whatever level of activity that user is authorized to perform.

"On November 2, 1988, Morris released the worm from a computer at the Massachusetts Institute of Technology. MIT was selected to disguise the fact that the worm came from Morris at Cornell. Morris soon discovered that the worm was replicating and reinfecting machines at a much faster rate than he had anticipated. Ultimately, many machines at locations around the country either crashed or became "catatonic." When Morris realized what was happening, he contacted a friend at Harvard to discuss a solution. Eventually, they sent an anonymous message from Harvard over the network, instructing programmers how to kill the worm and prevent reinfection. However, because the network route was clogged, this message did not get through until it was too late. Computers were affected at numerous installations, including leading universities, military sites, and medical research facilities. The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000.

"Morris was found guilty, following a jury trial, of violating 18 U.S.C. Section 1030(a)(5)(A). He was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision."

- U.S. v. Morris, 928 F.2d 504 (2nd Cir. 1991)

Postlude 

The Morris Worm also resulted in the creation of multiple new federal projects such as CERT with the mission of researching, thwarting, and alerting the network to new possible threats.  

Robert Morris is reportedly a professor at MIT.

Monday, October 30, 2017

U.S. Copyright Office Issues Notice of Proposed Rulemaking in the Seventh Triennial Rulemaking Proceeding Under Section 1201

"The Copyright Office has published a notice of proposed rulemaking in the seventh triennial rulemaking proceeding under the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 1201. Section 1201 provides that the Librarian of Congress, upon the recommendation of the Register of Copyrights, may exempt certain classes of works from the prohibition against circumvention of technological measures that control access to copyrighted works.


"As set forth in its prior notice of inquiry, the Office established a new, streamlined procedure for the renewal of exemptions that were granted during the sixth triennial rulemaking. The Office has now reviewed all comments regarding current exemptions received in response to that notice. With this notice of proposed rulemaking, the Office concludes that it has received a sufficient petition to renew each existing exemption, and it does not find any meaningful opposition to renewal. Accordingly, the Office intends to recommend readoption of all existing exemptions.


"In addition, the notice outlines proposed classes for exemptions for which the Office now initiates three rounds of public comment. In the first round of comments, which are due December 18, 2017, the Office seeks legal and evidentiary submissions from parties who support the adoption of a proposed exemption as well as parties that neither support nor oppose an exemption but seek to share pertinent information about a proposal. Responsive legal and evidentiary submissions from those who oppose the adoption of a proposed exemption are due February 12, 2018. Written reply comments from supporters of a proposed exemption and parties that neither support nor oppose a proposed exemption are due March 14, 2018.


"Participants in the proceeding are encouraged to familiarize themselves with section 1201(a)(1) and the rulemaking requirements so they can maximize the effectiveness of their submissions. For more information, commenters should carefully review the notice of proposed rulemaking and submission instructions available at https://www.copyright.gov/1201/2018/. Additional background information about section 1201 is available at https://www.copyright.gov/1201/, which contains helpful resources, such as video tutorials, the Office's recent policy study on section 1201, and links to prior rulemaking proceedings. 

Friday, October 20, 2017

Truth and Misinformation :: Content Providers and Intl Transport :: Geoff Huston :: CFP Internet Law Works in Progress Conf



The Future of Truth and Misinformation Online Pew http://www.pewinternet.org/2017/10/19/the-future-of-truth-and-misinformation-online/


NANOG Vid: Telegeography, Optical Illusions: Content Providers and the Impending Transformation of International Transport https://youtu.be/0_6zk87pxRQ


NANOG Vid: Geoff Huston, Let's Encrypt with Dane https://youtu.be/09fNjMur1Gs


Call for Projects/Papers/Participation for 8th Annual Internet Law Works-in-Progress Conference, NYLS, March 24, 2018

http://blog.ericgoldman.org/archives/2017/10/call-for-projectspapersparticipation-for-8th-annual-internet-law-works-in-progress-conference-nyls-march-24-2018.htm


Thursday, October 19, 2017

BEREC NN Report :: House Tech Hrg Cybersecurity Kaspersky Labs :: FCC FACA Broadband Deployment :: NTIA IOT Mtg ::

BEREC publishes study on Net Neutrality regulation in Chile, India and USA http://berec.europa.eu//eng/news_and_publications/whats_new/4539-berec-publishes-study-on-net-neutrality-regulation-in-chile-india-and-usa

House Tech Com Hrg: Bolstering Govt's Cybersecurity: Assessing Risk of Kaspersky Lab Products to Federal Government https://science.house.gov/legislation/hearings/bolstering-government-s-cybersecurity-assessing-risk-kaspersky-lab-products


Protecting the Privacy of Customers of Broadband and Other Telecommunications Services

Under the Congressional Review Act, Congress has passed, and the President has signed, Public Law 115-22, a resolution of disapproval of the rule that the Federal Communications Commission (FCC) submitted pursuant to such Act relating to "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services." By operation of the Congressional Review Act, the rule submitted by the FCC shall be treated as if it had never taken effect. However, because the Congressional Review Act does not direct the Office of the Federal Register to remove the voided regulatory text and reissue the pre-existing regulatory text, the FCC issues this document to effect the removal of any amendments, deletions, or other modifications made by the nullified rule, and the reversion to the text of the regulations in effect immediately prior to the effect date of the Report and Order relating to "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services."

Notice of 11/08/2017 Virtual Meeting of Multistakeholder Process on Internet of Things Security Upgradability and Patching


Date: 
October 12, 2017
Docket Number: 

NTIA will convene a virtual meeting of a multistakeholder process on Internet of Things Security Upgradability and Patching on November 8, 2017. The virtual meeting will be held on November 8, 2017, from 2:00 p.m. to 4:30 p.m., Eastern Time. 

For further information contact Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone: (202) 482-4281; email: afriedman@ntia.doc.gov. Please direct media inquiries to NTIA's Office of Public Affairs: (202) 482-7002; email: press@ntia.doc.gov.



Report on Responses to NTIA's Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats


Date: 
September 18, 2017
Docket Number: 
170602536-7536-01

This report identifies the common themes found in the responses to NTIA's "Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats." It is not a comprehensive discussion of all comments, nor does it reflect a government decision. The full text of all comments is available here.



Friday, July 28, 2017

FTC IOT Winner :: Sec. 1201 RFC :: LOC Ringer Fellowships

FTC Announces Winner of its Internet of Things Home Device Security Contest https://www.ftc.gov/news-events/press-releases/2017/07/ftc-announces-winner-its-internet-things-home-device-security

The Federal Trade Commission announced that a mobile app developed by a New Hampshire software developer was awarded the top prize in the agency's competition seeking tools to help consumers protect the security of their Internet of Things (IoT) devices.

The FTC launched the contest in January to challenge innovators to develop a tool that would help address security vulnerabilities of IoT devices.

With the assistance of an expert panel of five judges, the FTC awarded Steve Castle the $25,000 top prize for his proposal for a mobile app, "IoT Watchdog." As a software developer, Castle said he was motivated to enter the contest to distill his network security knowledge and experience into a tool that can help users easily determine if their devices are out of date or if their networks are insecure. The mobile app he proposed seeks to help users manage the IoT devices in their home. It would enable users with limited technical expertise to scan their home Wi-Fi and Bluetooth networks to identify and inventory connected devices. It would flag devices with out-of-date software and other common vulnerabilities and provide instructions on how to update each device's software and fix other vulnerabilities.


Copyright Office Announces Open Application Period for Ringer Fellowships https://copyright.gov/newsnet/2017/674.html?loclr=eanco

The United States Copyright Office is now accepting applications for the Barbara A. Ringer Copyright Honors Program. The fellowship, which runs eighteen- to twenty-four months, was created for attorneys in the initial stages of their careers who demonstrate exceptional ability and interest in copyright law. Ringer Fellows work closely with senior attorneys and others in the Office of the General Counsel, the Office of Policy and International Affairs, the Office and the Register, and the Registration Program on a range of copyright-related law and policy matters. Ringer Fellows serve as full-time federal employees for the term of their fellowships and are eligible for salary and benefits as permitted under federal law.


Additional details about the Ringer Fellowship, including the application process, can be found on the Barbara A. Ringer Copyright Honors Program website. Applications will be accepted through September 15, 2017. The fellowship is expected to start in September 2018.


RFC LOC DMCA Sec 1201 Circumvention Exceptions Comments Due Sept 13 https://copyright.gov/newsnet/2017/673.html?loclr=eanco


U.S. Copyright Office Announces Start of Seventh Triennial Rulemaking Proceeding Under Section 1201
Issue No. 673 - June 30, 2017


The Copyright Office has published a notice of inquiry and request for petitions initiating the seventh triennial rulemaking proceeding under the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 1201. Section 1201 provides that the Librarian of Congress, upon the recommendation of the Register of Copyrights, may adopt temporary exemptions to the DMCA's prohibition against circumvention of technological measures that control access to copyrighted works. The ultimate goal of the proceeding is to determine whether there are particular classes of works as to which users are, or are likely to be in the next three years, adversely affected in their ability to make noninfringing uses due to the prohibition on circumventing access controls. When such classes are identified, the Librarian promulgates regulations exempting the classes from the prohibition for the succeeding three-year period.


For this proceeding, the Office is establishing a new, streamlined procedure for the renewal of exemptions that were granted during the sixth triennial rulemaking. If renewed, those current exemptions would remain in force for an additional three-year period (October 2018–October 2021).


The notice of inquiry requests for interested parties to submit written petitions for renewal of current exemptions by July 31, 2017, written comments in response to any petitions for renewal by September 13, 2017, and written petitions proposing new exemptions by September 13, 2017.


For more information, please visit https://www.copyright.gov/1201/2018/.


Wednesday, July 12, 2017

1962 :: July 12 :: Telstar Satellite Launched

July 12, 1962: The Day Information Went Global, NASA

"Telstar was launched by NASA on July 10, 1962, from Cape Canaveral, Fla., and was the first privately sponsored space-faring mission. Two days later, it relayed the world's first transatlantic television signal, from Andover Earth Station, Maine, to the Pleumeur-Bodou Telecom Center, Brittany, France.

"Developed by Bell Telephone Laboratories for AT&T, Telstar was the world's first active communications satellite and the world's first commercial payload in space. It demonstrated the feasibility of transmitting information via satellite, gained experience in satellite tracking and studied the effect of Van Allen radiation belts on satellite design. The satellite was spin-stabilized to maintain its desired orientation in space. Power to its onboard equipment was provided by a solar array, in conjunction with a battery back-up system.

"Although operational for only a few months and relaying television signals of a brief duration, Telstar immediately captured the imagination of the world. The first images, those of President John F. Kennedy and of singer Yves Montand from France, along with clips of sporting events, images of the American flag waving in the breeze and a still image of Mount Rushmore, were precursors of the global communications that today are mostly taken for granted.

"Telstar operated in a low-Earth orbit and was tracked by the ground stations in Maine and France. Each ground station had a large microwave antenna mounted on bearings, to permit tracking the satellite during the approximately half-hour period of each orbit when it was overhead. The signals from Telstar were received and amplified by a low-noise "maser" (Microwave Amplification by Stimulated Emission of Radiation), the predecessor of the modern laser. After demonstrating the feasibility of the concept, subsequent communications satellites adopted a much higher orbit, at 22,300 miles above the Earth, at which the satellite's speed matched the Earth's rotation and thus appeared fixed in the sky. During the course of its operational lifespan, Telstar 1 facilitated over 400 telephone, telegraph, facsimile and television transmissions. It operated until November 1962, when its on-board electronics failed due to the effects of radiation."

Tuesday, June 13, 2017

FTC Announces Third PrivacyCon, Calls for Presentations

FTC Announces Third PrivacyCon, Calls for Presentations

FOR RELEASE

Building on the success of its two previous PrivacyCon events, the Federal Trade Commission is announcing a call for presentations for its third PrivacyCon, which will take place on February 28, 2018.

The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the FTC is seeking general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality. The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies' failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.

"Deepening the FTC's understanding of the economics of privacy and consumer harm in the context of information exposure is integral to the FTC's enforcement and educational efforts," said Acting FTC Chairman Maureen K. Ohlhausen. "I have made studying the economics of privacy a centerpiece of my consumer protection agenda, and I hope that PrivacyCon 2018 will highlight important research in this area."

The call for presentations seeks research and input on a wide range of issues and questions to build on previously presented research and promote discussion, including:

  • What are the greatest threats to consumer privacy today? What are the costs of mitigating these threats? How are the threats evolving? How does the evolving nature of the threats impact consumer welfare and the costs of mitigation?
  • How can companies weigh the costs and benefits of security-by-design techniques and privacy-protective technologies and behaviors? How can companies weigh the costs and benefits of individual tools or practices?
  • How can companies assess consumers' privacy preferences?
  • Are there market failures (e.g. information asymmetries, externalities) in the area of privacy and data security? If so, what tools and strategies can businesses or consumers use to overcome or mitigate those failures? How can policymakers address those failures?

Submissions for PrivacyCon must be made by November 17, 2017.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook(link is external), follow us on Twitter(link is external), read our blogs and subscribe to press releases for the latest FTC news and resources.

CONTACT INFORMATION 

MEDIA CONTACT:
Juliana Gruenwald Henderson(link sends e-mail)
Office of Public Affairs
202-326-2924

STAFF CONTACT:
Kristen Anderson
Bureau of Consumer Protection
202-326-3209

Friday, June 09, 2017

Is an IP Number the Same as a Telephone Number? :: U.S. v Ulbright, 2nd Cir. May 31, 2017 (The Silk Road Case)

Both telephone numbers and IP numbers function as network addresses. Are they analogous in terms of law and policy? The recent Second Circuit decision U.S. v Ulbright (The Silk Road Case) concludes that they are. But of course the answer to this question depends on the context in which it is asked.

Source: Wikicommons
CASE SUMMARY: "Defendant Ulbricht appeals from a judgment of conviction and sentence to life imprisonment entered in the United States District Court for the Southern District of New York. A jury convicted Defendant of drug trafficking and other crimes associated with his creation and operation of Silk Road, an online marketplace whose users primarily purchased and sold illegal goods and services. He challenges several aspects of his conviction and sentence, arguing that (1) the district court erred in denying his motion to suppress evidence assertedly obtained in violation of the Fourth Amendment; (2) the district court committed numerous errors that deprived him of his right to a fair trial, and incorrectly denied his motion for a new trial; and (3) his life sentence is both procedurally and substantively unreasonable. Because the appellate court identified no reversible error, it AFFIRMED Defendant's conviction and sentence in all respects."

In this post, we look at Defendant's claim that evidence was obtained in violation of the Fourth Amendment, specifically that for purposes of Trap and Trace, an IP number is not functionally the same as a telephone number.

FACTS: Suspecting Defendant's involvement in Silk Road, law enforcement agents (LEAs) obtained five pen/trap orders pursuant to 18 U.S.C. § 3121-27. "The orders authorized LEAs to collect IP address data for Internet traffic to and from Defendant's home wireless router and other devices that regularly connected to Defendant's home router." "The pen/trap orders did not permit the government to access the content of Defendant's communications, nor did the government 'seek to obtain the contents of any communications.'"

"According to Defendant, the government's use of his home Internet routing data violated the Fourth Amendment because it helped the government match Defendant's online activity with DPR's use of Silk Road. Defendant argues that he has a constitutional privacy interest in IP address traffic to and from his home and that the government obtained the pen/trap orders without a warrant, which would have required probable cause."

RULE: "The government obtained the orders pursuant to the Pen/Trap Act, which provides that a government attorney "may make [an] application for an order . . . authorizing or approving the installation and use of a pen register or a trap and trace device . . . to a court of competent jurisdiction." 18 U.S.C. § 3122(a)(1). A "pen register" is defined as a "device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted," and "shall not include the contents of any communication." Id. § 3127(3). A "trap and trace" device means "a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, and signaling information reasonably likely to identify the source of a wire or electronic communication." Id. § 3127(4). Like pen registers, trap and trace devices may not capture the "contents of any communication." Id."

The level of legal process required is an application to a court, unlike a Fourth Amendment search and seizure that requires a warrant. LEAs receive transactional information about the communications, such as the communications' addressing. Courts have held that pursuant to the Third Party Doctrine, individuals have no expectation of privacy in transactional information - individuals turn this information over to network providers in order to set up and complete communications.

It is settled caselaw that telephone numbers are "addressing" that fall within this precedent. They are network addresses used by individuals given over to the network provider to set up and complete telephone calls. According to the Supremes,
Telephone users, in sum, typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes.
Smith v. Maryland, 442 U.S. 735, 743-44 (1979) .

ISSUE: Is an IP number an "address" analogous to a telephone number?

ANALYSIS: Federal courts have concluded that IP numbers provide the same function as telephone numbers and fall under the Third Party Doctrine in the same way as telephone numbers.
E-mail and Internet users, like the telephone users in Smith, rely on third-party equipment in order to engage in communication. Smith based its holding that telephone users have no expectation of privacy in the numbers they dial on the users' imputed knowledge that their calls are completed through telephone company switching equipment. 442 U.S. at 742, 99 S.Ct. 2577. Analogously, e-mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the websites they visit because they should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information. Like telephone numbers, which provide instructions to the "switching equipment that processed those numbers," e-mail to/from addresses and IP addresses are not merely passively conveyed through third party equipment, but rather are voluntarily turned over in order to direct the third party's servers. Id. at 744, 99 S.Ct. 2577.
United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008).

The 2nd Circuit in Ulbright agrees with the 9th Circuit, stating that "the recording of IP address information and similar routing data, which reveal the existence of connections between communications devices without disclosing the content of the communications, are precisely analogous to the capture of telephone numbers at issue in Smith… The substitution of electronic methods of communication for telephone calls does not alone create a reasonable expectation of privacy in the identities of devices with whom one communicates."

HOLDING: IP numbers are analogous to telephone numbers for purposes of Trap and Trace and Pen Registers.

WHERE IP NUMBERS and TELEPHONE NUMBERS INTERSECT: There are other points where IP numbers and telephone numbers intersect. Recently the FCC in the 2015 Open Internet order revised the definition of " telecommunications service" to include networks that utilize the North American Numbering Plan as well as ICANN's IP address resource. When the FCC then applied privacy regulations to the Internet, the Internet Society adamantly argued that IP numbers are not analogous to telephone numbers. . However, ISOC elsewhere indicated support for the Open Internet. ISOC's concern appeared to be less about the analogy and more about applying "telephone era regulations to the Internet."

The analogy between IP numbers and telephone numbers has also arisen in the context of Regional Internet Registries (RIRs) who have grappled with address transfers and whether network addresses are the property of the assignee or of the network. FCC precedent has held that network addresses are the property of the network, not the subscriber - a policy necessary to ensure the efficient operation of the network. A policy that views network addresses as the property of subscribers encumbers the network resource in bankruptcy proceedings, trademark disputes, mergers and acquisitions, and speculations. Following the precedent of the telephone numbering resource, RIRs have contractual terms that state that IP numbers are the property of the RIRs and not assignees.

Finally, IP Numbers and telephone numbers intersect with VoIP. iVoIP providers need access to the telephone number resource in order to assign telephone numbers to their customers and must make number portability available. They also need to be able to interconnect with other North American Numbering Plan networks (in other words, reach other network end points addressable by telephone numbers). See also ENUM.

CITATION: U.S. v Ulbright, 2nd Cir. May 31, 2017 (The Silk Road Case)

Sunday, April 30, 2017

1995 :: April 30 :: NSFNET Decommissioned

April 30th, 1995 marked the end of the wildly successful NSFNET.  NSFNET was born out of the desire to expand the Internet community beyond a Department of Defense playground, extending it to the full academic community.  It ended with the successful privatization of the Internet, transferring backbone services to commercial networks, and establishing key commercial Internet interconnection sites.

NSFNET gave us the early commercial topology of the Internet, with Tier 1 backbones, Tier 2 regional networks, and Tier 3 local networks. NSFNET gave us our first dedicated backbone and the first mbps backbone.  It also gave us the crucial Network Access Points, known today as Internet eXchange Points.  The contractors that bid for the opportunity to build and operate NSF's network learned from their experience and launched into the information economy as the leading commercial Internet networks. A government investment of millions of dollars had a Return on Investment of an entire new economy.


In 1995, MERIT published the NSFNET Final Report, in which it was stated:
"Infrastructures, for purposes such as transportation and communication, have long been vital to national welfare. They knit together a country's economy by facilitating the movement of people, products, services, and ideas, and play important roles in national security." p. 4.
The report concluded:
"Since the earliest days of the telegraph and the telephone, history tells us that the arrival of each new communications medium has been accompanied by grandiose claims of its potential benefits to society. In order to take advantage of the exciting opportunities afforded by today's technology, it is imperative that policy makers examine the development of the NSFNET and the Internet. We are still far away from a truly open, interoperable, and ubiquitous global information infrastructure accessible to all, "from everyone in every place to everyone in every other place, a system as universal and as extensive as the highway system of the country which extends from every man's door to every other man's door," in the words of Theodore Vail, president of AT&T in 1907. However, the Internet has brought us a giant step closer to realizing the promise of high-speed networking, one of the most revolutionary communications technologies ever created. As part of this phenomenon, the NSFNET backbone service provided a model for future partnerships as well as a legacy of technology for the world." p. 43.

Wednesday, April 05, 2017

Not Not Pleading That Defendant is a Content Producer Means Continued Friction of Sec. 230(c) Litigation :: Moretti v. The Hertz Corp., D. Del. 2017

Litigation is a painful friction. And an expense. And generally one wants to dispose of litigation as expeditiously as possible.

To understand today’s 47 U.S.C. s 230(c) litigation, we must go back to Civil Procedure 101. What is the difference between a motion on the pleadings, Rule 12(c), and a motion to for summary judgment, Rule 56? Friction and expense. If plaintiff files suit and alleges a claim that cannot result in a decision in plaintiff’s favor, regardless of the facts, then defendant can file a “You Got Nothing” motion for judgment on the pleadings. For example, if plaintiff sues defendant for being a raspberry cupcake, defendant can move to dismiss on the grounds that being a raspberry cupcake is not grounds for a lawsuit. Lawsuit ends before it even begins.

If, however, we are in the 9th Circuit where being a raspberry cupcake actually is a problem, then a motion to dismiss will not succeed. Defendant must defend, arguing that defendant is a blueberry cupcake, not a raspberry cupcake. To establish this, parties must engage in discovery (expense) and submit evidence (expense). Now, after discovery, if there are no relevant facts in dispute, defendant can move for summary judgment. “Plaintiff alleges that Defendant is a cupcake, but after discovery it is undisputed that Defendant is a blueberry cupcake. Therefore plaintiff’s cause of action should be dismissed.” Defendant wins again…. but after friction and expense.

Got it?

Now you are ready to understand today’s Sec. 230(c) case: Moretti v. THE HERTZ CORPORATION, Dist. Court, D. Delaware 2017.

Plaintiff sued Hertz, Dollar Thrifty, and Hotwired on the grounds that, according to the court,
“The Hertz Corporation and Dollar Thrifty Automotive Group, Inc. supplied [] misleading information about car rental prices and terms to Hotwire, and Hotwire incorporated the content into listings on its website. Plaintiff alleges that Hotwire continued to do so despite consumer complaints and Hotwire's knowledge of the information's fraudulent content. Plaintiff characterizes Hotwire as a willing and ratifying participant in this arrangement, and alleges that Hotwire "directly profit[s]" from the scheme.”
Defendant Hotwired said, “Plaintiff’s Got Nothing.” Plaintiff has alleged that Defendant Hotwired has published third party content. Pursuant to Sec. 230(c), Defendant Hotwired as an Interactive Computer Service is not liable for third party content on its website. Easy get out of litigation free case.

Before we move forward, let’s review some precedent. There is no “notice and takedown provision” to Sec. 230(c); notice to an interactive computer service that third party content is problematic does not obligate the interactive computer service to remove that content and does not give rise to a cause of action. Zeran v. American Online, Inc., 958 F. Supp. 1124, 1134-36 (E.D. Va. 1997), aff'd 129 F.3d at 333 ("Liability upon notice would defeat the dual purposes advanced by § 230 of the CDA" as it would "reinforce[] service providers' incentives to restrict speech and abstain from self-regulation"; notice-based liability "would provide third parties with a no-cost means to create the basis for future lawsuits."). Furthermore, making a profit also does not give rise to a cause of action and does not transform an interactive content service into a content producer (see caselaw involving interactive content services that made money off of hosting third party content). The only relevant allegation with regards to Defendant Hotwired is that it published third party content.

Not so fast, says the court. And this is where the tension between a motion to dismiss and motion for summary judgment grows. Even though, according to the facts as presented by the court, plaintiff did not allege that defendant Hotwired was a content provider, plaintiff also did not allege that defendant Hotwired was not (yes a double negative) a content provider. It is not on Plaintiff to anticipate every affirmative defense and plead facts sufficient in the complaint to defeat those affirmative defenses. There is no evidence that Congress wanted to convert Sec. 230(c) from an affirmative defense to a pleading requirement.

Really?? REALLY!! I mean come on! The court would rather encumber defendants with the slings and arrows of pissed off plaintiffs rather than dispose of unnecessary litigation out of the gates? We have been here over and over and over again and yet plaintiff’s attorneys seem unable to learn that interactive computer services ARE NOT LIABLE for third party content. But hey, on the one hand we could have plaintiff easily amend its complaint and add like three words that say defendant is a content provider - something the court said plaintiff indicated it could do - but the court did not require of the plaintiff in order to continue the litigation - or we can let defendants out of litigation (without prejudice) that they allegedly have no business being dragged through, wasting their time and money.

Let’s be clear. According to the Rules of Civil Procedure, Rule 8(a)(2): the complaint must plead “a short and plain statement of the claim showing that the pleader is entitled to relief.” Defendant Hotwired gets to know why it’s being sued. According to the facts as presented by the court, the content in question came from third party defendants; the only relevant factual allegation is that defendant Hotwired hosted the third party content. And from that, the only way Defendant can respond is that Defendant is an Interactive Computer Service protected under Sec. 230(c). Compare Levitt v. Yelp! Inc., Case No. C10-1321, 2011 WL 5079526, at *2 (N.D. Cal. Oct. 26, 2011) (Mere speculation is insufficient to overcome a motion to dismiss).

The court weasels:
“The Court recognizes the friction between its holding and Congress's stated goals in enacting Section 230. The Court is sensitive to the expense of litigation and the public policy arguments in favor of requiring plaintiffs to plead around immunities from suit like Section 230.“
Nevertheless, “Hotwire has not ‘clearly established that no material issue of fact remains to be resolved.’” Yeah, establishing that there are no disputed facts is the summary judgment standard. The motion to dismiss standard is that “Plaintiff’s Got Nothing.” And when on the pleadings all that Plaintiff has alleged is that a third party supplied content and defendant has that content on its website, then Plaintiff has nothing and the court should not be putting defendants through litigation that cannot lead anywhere (or make plaintiff amend its complaint).

Unless, off course, it’s just the case that the judge feels that Congress through Sec. 230(c) inappropriately shielded defendants and that Interactive Computer Services really should face responsibility for publishing third party content.

Or did I get that wrong?