Sunday, December 17, 2017
Wednesday, December 13, 2017
Palihapitiya on Impact of Social Media :: Senators for Net Neutrality :: Senator Against Net Neutrality :: Internet Pioneers for Net Neutrality
Tuesday, December 12, 2017
Peer Criteria (roughly equal size / traffic)
- a link to peering policy,
- peering inclination,
- whether interconnection at multiple locations is required,
- whether there is a balanced ratio requirement,
- whether a contract is required,
- peering contact information, and
- the peering facilities where the network is available for interconnection.
Chairman Smith letter to DHS requesting information regarding Kaspersky lab
Friday, November 03, 2017
Thursday, November 02, 2017
|Disc containing Morris Code|
at Museum of Science
"Morris sought to program the Internet worm to spread widely without drawing attention to itself. The worm was supposed to occupy little computer operation time, and thus not interfere with normal use of the computers. Morris programmed the worm to make it difficult to detect and read, so that other programmers would not be able to "kill" the worm easily. Morris also wanted to ensure that the worm did not copy itself onto a computer that already had a copy. Multiple copies of the worm on a computer would make the worm easier to detect and would bog down the system and ultimately cause the computer to crash. Therefore, Morris designed the worm to "ask" each computer whether it already had a copy of the worm. If it responded "no," then the worm would copy onto the computer; if it responded "yes," the worm would not duplicate. However, Morris was concerned that other programmers could kill the worm by programming their own computers to falsely respond "yes" to the question. To circumvent this protection, Morris programmed the worm to duplicate itself every seventh time it received a "yes" response. As it turned out, Morris underestimated the number of times a computer would be asked the question, and his one-out-of-seven ratio resulted in far more copying than he had anticipated. The worm was also designed so that it would be killed when a computer was shut down, an event that typically occurs once every week or two. This would have prevented the worm from accumulating on one computer, had Morris correctly estimated the likely rate of reinfection.
"Morris identified four ways in which the worm could break into computers on the network: (1) through a "hole" or "bug" (an error) in SEND MAIL, a computer program that transfers and receives electronic mail on a computer; (2) through a bug in the "finger demon" program, a program that permits a person to obtain limited information about the users of another computer; (3) through the "trusted hosts" feature, which permits a user with certain privileges on one computer to have equivalent privileges on another computer without using a password; and (4) through a program of password guessing, whereby various combinations of letters are tried out in rapid sequence in the hope that one will be an authorized user's password, which is entered to permit whatever level of activity that user is authorized to perform.
"On November 2, 1988, Morris released the worm from a computer at the Massachusetts Institute of Technology. MIT was selected to disguise the fact that the worm came from Morris at Cornell. Morris soon discovered that the worm was replicating and reinfecting machines at a much faster rate than he had anticipated. Ultimately, many machines at locations around the country either crashed or became "catatonic." When Morris realized what was happening, he contacted a friend at Harvard to discuss a solution. Eventually, they sent an anonymous message from Harvard over the network, instructing programmers how to kill the worm and prevent reinfection. However, because the network route was clogged, this message did not get through until it was too late. Computers were affected at numerous installations, including leading universities, military sites, and medical research facilities. The estimated cost of dealing with the worm at each installation ranged from $200 to more than $53,000.
"Morris was found guilty, following a jury trial, of violating 18 U.S.C. Section 1030(a)(5)(A). He was sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision."
- U.S. v. Morris, 928 F.2d 504 (2nd Cir. 1991)
The Morris Worm also resulted in the creation of multiple new federal projects such as CERT with the mission of researching, thwarting, and alerting the network to new possible threats.
Robert Morris is reportedly a professor at MIT.
Monday, October 30, 2017
U.S. Copyright Office Issues Notice of Proposed Rulemaking in the Seventh Triennial Rulemaking Proceeding Under Section 1201
"The Copyright Office has published a notice of proposed rulemaking in the seventh triennial rulemaking proceeding under the Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 1201. Section 1201 provides that the Librarian of Congress, upon the recommendation of the Register of Copyrights, may exempt certain classes of works from the prohibition against circumvention of technological measures that control access to copyrighted works.
"As set forth in its prior notice of inquiry, the Office established a new, streamlined procedure for the renewal of exemptions that were granted during the sixth triennial rulemaking. The Office has now reviewed all comments regarding current exemptions received in response to that notice. With this notice of proposed rulemaking, the Office concludes that it has received a sufficient petition to renew each existing exemption, and it does not find any meaningful opposition to renewal. Accordingly, the Office intends to recommend readoption of all existing exemptions.
"In addition, the notice outlines proposed classes for exemptions for which the Office now initiates three rounds of public comment. In the first round of comments, which are due December 18, 2017, the Office seeks legal and evidentiary submissions from parties who support the adoption of a proposed exemption as well as parties that neither support nor oppose an exemption but seek to share pertinent information about a proposal. Responsive legal and evidentiary submissions from those who oppose the adoption of a proposed exemption are due February 12, 2018. Written reply comments from supporters of a proposed exemption and parties that neither support nor oppose a proposed exemption are due March 14, 2018.
"Participants in the proceeding are encouraged to familiarize themselves with section 1201(a)(1) and the rulemaking requirements so they can maximize the effectiveness of their submissions. For more information, commenters should carefully review the notice of proposed rulemaking and submission instructions available at https://www.copyright.gov/1201/2018/. Additional background information about section 1201 is available at https://www.copyright.gov/1201/, which contains helpful resources, such as video tutorials, the Office's recent policy study on section 1201, and links to prior rulemaking proceedings.
Friday, October 20, 2017
Truth and Misinformation :: Content Providers and Intl Transport :: Geoff Huston :: CFP Internet Law Works in Progress Conf
The Future of Truth and Misinformation Online Pew http://www.pewinternet.org/2017/10/19/the-future-of-truth-and-misinformation-online/
NANOG Vid: Telegeography, Optical Illusions: Content Providers and the Impending Transformation of International Transport https://youtu.be/0_6zk87pxRQ
NANOG Vid: Geoff Huston, Let's Encrypt with Dane https://youtu.be/09fNjMur1Gs
Call for Projects/Papers/Participation for 8th Annual Internet Law Works-in-Progress Conference, NYLS, March 24, 2018
Thursday, October 19, 2017
BEREC NN Report :: House Tech Hrg Cybersecurity Kaspersky Labs :: FCC FACA Broadband Deployment :: NTIA IOT Mtg ::
Protecting the Privacy of Customers of Broadband and Other Telecommunications Services
Notice of 11/08/2017 Virtual Meeting of Multistakeholder Process on Internet of Things Security Upgradability and Patching
NTIA will convene a virtual meeting of a multistakeholder process on Internet of Things Security Upgradability and Patching on November 8, 2017. The virtual meeting will be held on November 8, 2017, from 2:00 p.m. to 4:30 p.m., Eastern Time.
For further information contact Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone: (202) 482-4281; email: email@example.com. Please direct media inquiries to NTIA's Office of Public Affairs: (202) 482-7002; email: firstname.lastname@example.org.
Report on Responses to NTIA's Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats
This report identifies the common themes found in the responses to NTIA's "Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats." It is not a comprehensive discussion of all comments, nor does it reflect a government decision. The full text of all comments is available here.
Tuesday, August 01, 2017
NTIA Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats https://www.ntia.doc.gov/federal-register-notice/2017/comments-promoting-stakeholder-action-against-botnets-and-other
Friday, July 28, 2017
U.S. Copyright Office Announces Start of Seventh Triennial Rulemaking Proceeding Under Section 1201
Issue No. 673 - June 30, 2017
Saturday, July 15, 2017
Wednesday, July 12, 2017
"Telstar was launched by NASA on July 10, 1962, from Cape Canaveral, Fla., and was the first privately sponsored space-faring mission. Two days later, it relayed the world's first transatlantic television signal, from Andover Earth Station, Maine, to the Pleumeur-Bodou Telecom Center, Brittany, France.
"Developed by Bell Telephone Laboratories for AT&T, Telstar was the world's first active communications satellite and the world's first commercial payload in space. It demonstrated the feasibility of transmitting information via satellite, gained experience in satellite tracking and studied the effect of Van Allen radiation belts on satellite design. The satellite was spin-stabilized to maintain its desired orientation in space. Power to its onboard equipment was provided by a solar array, in conjunction with a battery back-up system.
"Although operational for only a few months and relaying television signals of a brief duration, Telstar immediately captured the imagination of the world. The first images, those of President John F. Kennedy and of singer Yves Montand from France, along with clips of sporting events, images of the American flag waving in the breeze and a still image of Mount Rushmore, were precursors of the global communications that today are mostly taken for granted.
"Telstar operated in a low-Earth orbit and was tracked by the ground stations in Maine and France. Each ground station had a large microwave antenna mounted on bearings, to permit tracking the satellite during the approximately half-hour period of each orbit when it was overhead. The signals from Telstar were received and amplified by a low-noise "maser" (Microwave Amplification by Stimulated Emission of Radiation), the predecessor of the modern laser. After demonstrating the feasibility of the concept, subsequent communications satellites adopted a much higher orbit, at 22,300 miles above the Earth, at which the satellite's speed matched the Earth's rotation and thus appeared fixed in the sky. During the course of its operational lifespan, Telstar 1 facilitated over 400 telephone, telegraph, facsimile and television transmissions. It operated until November 1962, when its on-board electronics failed due to the effects of radiation."
Tuesday, June 13, 2017
Friday, June 09, 2017
Is an IP Number the Same as a Telephone Number? :: U.S. v Ulbright, 2nd Cir. May 31, 2017 (The Silk Road Case)
In this post, we look at Defendant's claim that evidence was obtained in violation of the Fourth Amendment, specifically that for purposes of Trap and Trace, an IP number is not functionally the same as a telephone number.
FACTS: Suspecting Defendant's involvement in Silk Road, law enforcement agents (LEAs) obtained five pen/trap orders pursuant to 18 U.S.C. § 3121-27. "The orders authorized LEAs to collect IP address data for Internet traffic to and from Defendant's home wireless router and other devices that regularly connected to Defendant's home router." "The pen/trap orders did not permit the government to access the content of Defendant's communications, nor did the government 'seek to obtain the contents of any communications.'"
"According to Defendant, the government's use of his home Internet routing data violated the Fourth Amendment because it helped the government match Defendant's online activity with DPR's use of Silk Road. Defendant argues that he has a constitutional privacy interest in IP address traffic to and from his home and that the government obtained the pen/trap orders without a warrant, which would have required probable cause."
RULE: "The government obtained the orders pursuant to the Pen/Trap Act, which provides that a government attorney "may make [an] application for an order . . . authorizing or approving the installation and use of a pen register or a trap and trace device . . . to a court of competent jurisdiction." 18 U.S.C. § 3122(a)(1). A "pen register" is defined as a "device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted," and "shall not include the contents of any communication." Id. § 3127(3). A "trap and trace" device means "a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, and signaling information reasonably likely to identify the source of a wire or electronic communication." Id. § 3127(4). Like pen registers, trap and trace devices may not capture the "contents of any communication." Id."
The level of legal process required is an application to a court, unlike a Fourth Amendment search and seizure that requires a warrant. LEAs receive transactional information about the communications, such as the communications' addressing. Courts have held that pursuant to the Third Party Doctrine, individuals have no expectation of privacy in transactional information - individuals turn this information over to network providers in order to set up and complete communications.
It is settled caselaw that telephone numbers are "addressing" that fall within this precedent. They are network addresses used by individuals given over to the network provider to set up and complete telephone calls. According to the Supremes,
Telephone users, in sum, typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes.Smith v. Maryland, 442 U.S. 735, 743-44 (1979) .
ISSUE: Is an IP number an "address" analogous to a telephone number?
ANALYSIS: Federal courts have concluded that IP numbers provide the same function as telephone numbers and fall under the Third Party Doctrine in the same way as telephone numbers.
E-mail and Internet users, like the telephone users in Smith, rely on third-party equipment in order to engage in communication. Smith based its holding that telephone users have no expectation of privacy in the numbers they dial on the users' imputed knowledge that their calls are completed through telephone company switching equipment. 442 U.S. at 742, 99 S.Ct. 2577. Analogously, e-mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the websites they visit because they should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information. Like telephone numbers, which provide instructions to the "switching equipment that processed those numbers," e-mail to/from addresses and IP addresses are not merely passively conveyed through third party equipment, but rather are voluntarily turned over in order to direct the third party's servers. Id. at 744, 99 S.Ct. 2577.United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008).
The 2nd Circuit in Ulbright agrees with the 9th Circuit, stating that "the recording of IP address information and similar routing data, which reveal the existence of connections between communications devices without disclosing the content of the communications, are precisely analogous to the capture of telephone numbers at issue in Smith… The substitution of electronic methods of communication for telephone calls does not alone create a reasonable expectation of privacy in the identities of devices with whom one communicates."
HOLDING: IP numbers are analogous to telephone numbers for purposes of Trap and Trace and Pen Registers.
WHERE IP NUMBERS and TELEPHONE NUMBERS INTERSECT: There are other points where IP numbers and telephone numbers intersect. Recently the FCC in the 2015 Open Internet order revised the definition of " telecommunications service" to include networks that utilize the North American Numbering Plan as well as ICANN's IP address resource. When the FCC then applied privacy regulations to the Internet, the Internet Society adamantly argued that IP numbers are not analogous to telephone numbers. . However, ISOC elsewhere indicated support for the Open Internet. ISOC's concern appeared to be less about the analogy and more about applying "telephone era regulations to the Internet."
The analogy between IP numbers and telephone numbers has also arisen in the context of Regional Internet Registries (RIRs) who have grappled with address transfers and whether network addresses are the property of the assignee or of the network. FCC precedent has held that network addresses are the property of the network, not the subscriber - a policy necessary to ensure the efficient operation of the network. A policy that views network addresses as the property of subscribers encumbers the network resource in bankruptcy proceedings, trademark disputes, mergers and acquisitions, and speculations. Following the precedent of the telephone numbering resource, RIRs have contractual terms that state that IP numbers are the property of the RIRs and not assignees.
Finally, IP Numbers and telephone numbers intersect with VoIP. iVoIP providers need access to the telephone number resource in order to assign telephone numbers to their customers and must make number portability available. They also need to be able to interconnect with other North American Numbering Plan networks (in other words, reach other network end points addressable by telephone numbers). See also ENUM.
CITATION: U.S. v Ulbright, 2nd Cir. May 31, 2017 (The Silk Road Case)
Sunday, April 30, 2017
NSFNET gave us the early commercial topology of the Internet, with Tier 1 backbones, Tier 2 regional networks, and Tier 3 local networks. NSFNET gave us our first dedicated backbone and the first mbps backbone. It also gave us the crucial Network Access Points, known today as Internet eXchange Points. The contractors that bid for the opportunity to build and operate NSF's network learned from their experience and launched into the information economy as the leading commercial Internet networks. A government investment of millions of dollars had a Return on Investment of an entire new economy.
In 1995, MERIT published the NSFNET Final Report, in which it was stated:
"Infrastructures, for purposes such as transportation and communication, have long been vital to national welfare. They knit together a country's economy by facilitating the movement of people, products, services, and ideas, and play important roles in national security." p. 4.The report concluded:
"Since the earliest days of the telegraph and the telephone, history tells us that the arrival of each new communications medium has been accompanied by grandiose claims of its potential benefits to society. In order to take advantage of the exciting opportunities afforded by today's technology, it is imperative that policy makers examine the development of the NSFNET and the Internet. We are still far away from a truly open, interoperable, and ubiquitous global information infrastructure accessible to all, "from everyone in every place to everyone in every other place, a system as universal and as extensive as the highway system of the country which extends from every man's door to every other man's door," in the words of Theodore Vail, president of AT&T in 1907. However, the Internet has brought us a giant step closer to realizing the promise of high-speed networking, one of the most revolutionary communications technologies ever created. As part of this phenomenon, the NSFNET backbone service provided a model for future partnerships as well as a legacy of technology for the world." p. 43.
Sunday, April 23, 2017
Wednesday, April 19, 2017
Tuesday, April 18, 2017
Wednesday, April 05, 2017
Not Not Pleading That Defendant is a Content Producer Means Continued Friction of Sec. 230(c) Litigation :: Moretti v. The Hertz Corp., D. Del. 2017
To understand today’s 47 U.S.C. s 230(c) litigation, we must go back to Civil Procedure 101. What is the difference between a motion on the pleadings, Rule 12(c), and a motion to for summary judgment, Rule 56? Friction and expense. If plaintiff files suit and alleges a claim that cannot result in a decision in plaintiff’s favor, regardless of the facts, then defendant can file a “You Got Nothing” motion for judgment on the pleadings. For example, if plaintiff sues defendant for being a raspberry cupcake, defendant can move to dismiss on the grounds that being a raspberry cupcake is not grounds for a lawsuit. Lawsuit ends before it even begins.
If, however, we are in the 9th Circuit where being a raspberry cupcake actually is a problem, then a motion to dismiss will not succeed. Defendant must defend, arguing that defendant is a blueberry cupcake, not a raspberry cupcake. To establish this, parties must engage in discovery (expense) and submit evidence (expense). Now, after discovery, if there are no relevant facts in dispute, defendant can move for summary judgment. “Plaintiff alleges that Defendant is a cupcake, but after discovery it is undisputed that Defendant is a blueberry cupcake. Therefore plaintiff’s cause of action should be dismissed.” Defendant wins again…. but after friction and expense.
Now you are ready to understand today’s Sec. 230(c) case: Moretti v. THE HERTZ CORPORATION, Dist. Court, D. Delaware 2017.
Plaintiff sued Hertz, Dollar Thrifty, and Hotwired on the grounds that, according to the court,
“The Hertz Corporation and Dollar Thrifty Automotive Group, Inc. supplied  misleading information about car rental prices and terms to Hotwire, and Hotwire incorporated the content into listings on its website. Plaintiff alleges that Hotwire continued to do so despite consumer complaints and Hotwire's knowledge of the information's fraudulent content. Plaintiff characterizes Hotwire as a willing and ratifying participant in this arrangement, and alleges that Hotwire "directly profit[s]" from the scheme.”Defendant Hotwired said, “Plaintiff’s Got Nothing.” Plaintiff has alleged that Defendant Hotwired has published third party content. Pursuant to Sec. 230(c), Defendant Hotwired as an Interactive Computer Service is not liable for third party content on its website. Easy get out of litigation free case.
Before we move forward, let’s review some precedent. There is no “notice and takedown provision” to Sec. 230(c); notice to an interactive computer service that third party content is problematic does not obligate the interactive computer service to remove that content and does not give rise to a cause of action. Zeran v. American Online, Inc., 958 F. Supp. 1124, 1134-36 (E.D. Va. 1997), aff'd 129 F.3d at 333 ("Liability upon notice would defeat the dual purposes advanced by § 230 of the CDA" as it would "reinforce service providers' incentives to restrict speech and abstain from self-regulation"; notice-based liability "would provide third parties with a no-cost means to create the basis for future lawsuits."). Furthermore, making a profit also does not give rise to a cause of action and does not transform an interactive content service into a content producer (see caselaw involving interactive content services that made money off of hosting third party content). The only relevant allegation with regards to Defendant Hotwired is that it published third party content.
Not so fast, says the court. And this is where the tension between a motion to dismiss and motion for summary judgment grows. Even though, according to the facts as presented by the court, plaintiff did not allege that defendant Hotwired was a content provider, plaintiff also did not allege that defendant Hotwired was not (yes a double negative) a content provider. It is not on Plaintiff to anticipate every affirmative defense and plead facts sufficient in the complaint to defeat those affirmative defenses. There is no evidence that Congress wanted to convert Sec. 230(c) from an affirmative defense to a pleading requirement.
Really?? REALLY!! I mean come on! The court would rather encumber defendants with the slings and arrows of pissed off plaintiffs rather than dispose of unnecessary litigation out of the gates? We have been here over and over and over again and yet plaintiff’s attorneys seem unable to learn that interactive computer services ARE NOT LIABLE for third party content. But hey, on the one hand we could have plaintiff easily amend its complaint and add like three words that say defendant is a content provider - something the court said plaintiff indicated it could do - but the court did not require of the plaintiff in order to continue the litigation - or we can let defendants out of litigation (without prejudice) that they allegedly have no business being dragged through, wasting their time and money.
Let’s be clear. According to the Rules of Civil Procedure, Rule 8(a)(2): the complaint must plead “a short and plain statement of the claim showing that the pleader is entitled to relief.” Defendant Hotwired gets to know why it’s being sued. According to the facts as presented by the court, the content in question came from third party defendants; the only relevant factual allegation is that defendant Hotwired hosted the third party content. And from that, the only way Defendant can respond is that Defendant is an Interactive Computer Service protected under Sec. 230(c). Compare Levitt v. Yelp! Inc., Case No. C10-1321, 2011 WL 5079526, at *2 (N.D. Cal. Oct. 26, 2011) (Mere speculation is insufficient to overcome a motion to dismiss).
The court weasels:
“The Court recognizes the friction between its holding and Congress's stated goals in enacting Section 230. The Court is sensitive to the expense of litigation and the public policy arguments in favor of requiring plaintiffs to plead around immunities from suit like Section 230.“Nevertheless, “Hotwire has not ‘clearly established that no material issue of fact remains to be resolved.’” Yeah, establishing that there are no disputed facts is the summary judgment standard. The motion to dismiss standard is that “Plaintiff’s Got Nothing.” And when on the pleadings all that Plaintiff has alleged is that a third party supplied content and defendant has that content on its website, then Plaintiff has nothing and the court should not be putting defendants through litigation that cannot lead anywhere (or make plaintiff amend its complaint).
Unless, off course, it’s just the case that the judge feels that Congress through Sec. 230(c) inappropriately shielded defendants and that Interactive Computer Services really should face responsibility for publishing third party content.
Or did I get that wrong?