Democracy is not a spectator sport.
The US House (hr.2975 PATRIOT) and US Senate (s.1510 USA) have
introduced bills that will cost ISPs a lot of money.
Unlike CALEA, there are no provisions for reimbursing ISPs for these
expenses -- tens of thousands of dollars could bankrupt many ISPs.
This is an attack on both civil liberties and small business.
This happened because the legislators are clueless about technical
requirements. It is up to you to educate them!
With the bombing started, it is thought that the bills will be pushed
through this week, without going through the normal committee review.
Each and every one of you MUST call your legislators, where you work and
again where you live. Call your Senators, and then call your
Representative. Do not send email, it won't get read soon enough!
And those of you overseas should contact your governments, too. The
bills both treat non-US citizens more harshly.
--
If you live or work in their state, especially call:
Daschle, Tom
Feingold, Russ
Graham, Bob
Hatch, Orrin G.
Leahy, Patrick J.
Lott, Trent
Sarbanes, Paul S.
Shelby, Richard C.
--
The open-ended lack of definitions of "routing" and "addressing" are the
specific problem. They are mixed in with phone calls and signaling.
The solution is to add clarification to the definitions section 3127.
This solution means we can do it with standard tools, and unlike phone
call setup, there's nothing in the definitions that indicates the
information has to be recorded for future requests:
(7) the term "addressing" means a numeric identifier that assists the
delivery of electronic communications over a specific link, attached to
the outermost encapsulation of the communication (but not including the
contents of such communication).
(8) the term "routing" means the numeric internetwork locator
associated with a communication that facilitates its carriage between
electronic communication services, contained within the internetwork
communication encapsulation (but not including the contents of such
communication).
--
The legal justification might be that there is no expectation of privacy
for the IP header, as every service provider's router examines that
header as it passes.
There IS an expectation of privacy for everything beyond the IP header,
as it is processed internally by the recipient.
--
Urge your representatives in Congress to hold full hearings, and fix
technical problems.
1. Call the White House switchboard at 202-224-3121, and ask to be
connected to the office of your Senator/Representative.
-or-
Look up the office numbers on the web at www.house.gov and
www.senate.gov.
2. When you are put through, say "May I please speak to the staff member
who is working on the anti-terrorism legislation?" If that person is not
available to speak with you, say "May I please leave a message?"
3. Briefly explain that you are an Internet Engineer, and although you
appreciate the efforts of your representative to address the challenges
brought about by the September 11th tragedy, it would be a mistake to
make any changes in the federal wiretap statute that do not respond to
"the immediate threat of investigating or preventing terrorist acts."
4. Tell them they need a strong definition of Internet "addressing" and
"routing". Ask for a direct staff email address. Educate them!
--
If they want to talk details, here they are:
Both bills add "addressing" and "routing" to the list of activities that
can be requested without a specific court order. So, just like call
setup for the phone companies, every single address that you assign, via
DHCP or otherwise, and every ARP, RIP, OSPF, and BGP routing table
change, must be recorded for posterity -- just in case any state or
federal agents want to review it someday. No time limits, and no
statute of limitations.
Some lawyers read this to extend to tracking every URL accessed through
your POPs, and every email To: CC: BCC: and From: transmitted over your
networks, since they all can be considered "addressing" and your
activity "routing".
Obviously, the legislators don't quite understand what a dynamic
packet connectionless Internet means!
--
According to http://www.senate.gov/~leahy/press/200110/100401a.html,
"Administration initially proposed expansion of pen register and trap
and trace authority to capture undefined "routing" and "addressing"
information of Internet users. "
I have received private confirmation that during negotiations,
"... the Republicans and the Administration would not accept the
definitions and prefer to leave it undefined. "
Apparently, the Administration wants the capability to track every
Internet user simultaneously, just like they want to track every cell
phone user. They want the ISPs to record all addresses assigned, all
email transmitted, all web sites accessed, and all routing changes, so
that they can access the information without going to the trouble of a
warrant.
Believe me, I've been explaining for days that URLs and email addresses
are content, and routing changes are carried by ISPs not suspects, but
I've only convinced some of my representatives. Instead, others
believe that we need to track every public library terminal, etc, that
a suspect _might_ use, everywhere in the US.
According to former FBI agent nee Congressman Mike Rogers, "It will only
give them addresses and other basic information.... these terrorists
have multiple ways of communicating. They can communicate through the
Internet, they can use 15 cell phones and rotate them to avoid
detection. (The act) would allow us to keep pace with that.... it
allows you rather than targeting a phone, to target an individual and
their electronic communications. "
--
If you really want the nitty gritty on other issues with the so-called
anti-terrorism legislation, in laymans' terms, I recommend reading
CRYPTO-GRAM SPECIAL ISSUE, September 30, 2001
<http://www.counterpane.com/crypto-gram.html>
Visit the following Web sites for up-to-date information on what is
happening and what you can do to help.
The Electronic Privacy Information Center:
<http://www.epic.org>
The Center for Democracy and Technology:
<http://www.cdt.org>
The American Civil Liberties Union:
<http://www.aclu.org>
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32