Thinking out loud here, plenty of room for all to chime in. The key
differences, if there are any, between IETF and NANOG and her sisters, and
between IETF and IRTF, are:
Nanog should not be compared to the IETF. Nanog is a forum that has
promoted ignorance of the law or perhaps even tolerance of illegal
activity, and specifically promotes misinformation of network operators
with respect to the Electronic Communications and Privacy Act (ECPA) and
Computer Fraud and Abuse Act (CFAA). Nanog does this by selective
suppression of discussion on the subject and the suppression of
participation of anyone who would refute the notion that the ECPA only
applies to "common carriers". Merit and Nanog describe themselves as
"educational". The failure to educate Network Operators on the legal
aspects of their profession is, in my opinion, nothing less than
reprehensible. Quite obviously, there are legal aspects to internet
service operation just as there are legal aspects to business. No
reputable business school would fail to provide adequate courses in
business law, or fail to discuss the legal aspects of business with
students. Nanog claims to be an educational organization, yet it fails to
live up to any reasonable standard of education, and goes further with its
selective suppression. The selective suppression reveals an agenda of
misinformation that goes beyond simply not educating.
Over the years, I have done extensive research on the ECPA, and the CFAA.
I have employed lawyers on the subject, and have supporting documents such
as legal, uptodate copies of the statutes, the House and Senate reports on
the ECPA and the CFAA, and the Model Criminal Code, as well as an
extensive library of case law. While the House and Senate reports on the
ECPA speak extensivly about Email and Remote Computing Services, many
people on Nanog have posted that the ECPA does not apply to ISPs. Yet
despite having all this information, Susan Harris has asked me not to
refute those people who claim that the ECPA does not apply to ISPs or
Email.
In January of 2000, Susan Harris asked me (only me) to stop posting on the
subject, in reference to a specific incident. She didn't want me to
refute people on the topic. She did not make any requests of anyone else
to stop, and the "bashing" continued for two or three days, until news
reported that law enforcement acted in a way that vindicated what I was
saying. After I posted this vindication, which came after several days of
bashing in which I did not participate, she removed my posting privileges.
Actually being right on concrete issues is not something that is respected
on Nanog. My posts were also informative, respectful, and well supported
with citations. Supposing this were off-topic, it would be appropriate to
ask everyone to stop. But of course, it isn't any more off-topic for
Network operators to learn about the ECPA than it is for business school
candidates to learn about business law.
While Nanog did have a DOJ person speak in October, 2000, that
presentation has been wildly misquoted, and it barely addressed the civil
aspect of the ECPA. The CFAA was not discussed. False information is
still posted on Nanog on the topic, which has been brought up by others.
And the topic is clearly of interest to network operators, because it
keeps coming up.
For example, I was not allowed to correct claims made in June 2002 by
Steve Bellovin that "what you say is correct for *telephone* companies,
but not ISPs.". Bellovin attributes this statement to the DOJ
presentation. But the DOJ presentation does not in fact say that. Though I
concede that it is easy to take the slides out of context, this goes well
beyond that. Bellovin makes other mistakes to give the impression that
only common carriers need be concerned with the ECPA. Bellovin also uses
claims of "discussions with prosecutors" to substantiate his claims. But
his claims are refuted by the statute text, the Congressional Reports, and
the case law. Unfortunately, few are familar with that material allowed
to post. Some of the material is obscure and costs money to obtain. So I
am limited to privately emailing information to the people who posted the
original questions. Others, perhaps interested in the topic, but who
didn't post, are misled.
So Nanog is quite a bit different from the IETF, and, in my opinion,
should not be associated with or compared to the IETF. Actually being
right on concrete issues is something that carries no weight with Nanog,
but it does carry weight with the IETF.
Dean Anderson
CEO
Av8 Internet, Inc