Re: OT: Net Neutrality is far more serious than people realise

On Mon, 02 Jun 2008 01:56:48 -0700, JF Mezei
<jfmezei.spamnot@vaxination.ca> wrote:
[color=blue]
> New technology is now fast enough to provide DPI (deep packet
> inspection) on a large scale. Ellacoya has one box capable of scanning
> 20 gbps "live", with 500,000 customers each having multiple TCPIP
> sessions running (throttling by TCPIP session). It scans your private
> data, able to looks at multiple packets to detects certain applications,
> and will do accounting of what user uses what applications for how much
> data being exchanged. It can also do that on a HTTOP transaction dwon to
> each web site visited per user (which the telco can then sell to
> advertising firms).[/color]

Why is this not like opening someone's mail, from a legal viewpoint?

--
PL/I for OpenVMS
[url]www.kednos.com[/url]

In article <op.ub4h07n6hv4qyg@murphus.hsd1.ca.comcast.net>, "Tom Linden" <tom@kednos.company> writes:[color=blue]
>On Mon, 02 Jun 2008 01:56:48 -0700, JF Mezei
><jfmezei.spamnot@vaxination.ca> wrote:
>[color=green]
>> New technology is now fast enough to provide DPI (deep packet
>> inspection) on a large scale. Ellacoya has one box capable of scanning
>> 20 gbps "live", with 500,000 customers each having multiple TCPIP
>> sessions running (throttling by TCPIP session). It scans your private
>> data, able to looks at multiple packets to detects certain applications,
>> and will do accounting of what user uses what applications for how much
>> data being exchanged. It can also do that on a HTTOP transaction dwon to
>> each web site visited per user (which the telco can then sell to
>> advertising firms).[/color]
>
>Why is this not like opening someone's mail, from a legal viewpoint?
>[/color]
You mean like automatically opening and scanning mail for viruses on the
central mailhub ?

Deep packet inspection has been used by businesses for years - its the only way
to detect "firewall friendly" applications which bypass the firewall by
tunneling over port 80. Though nowadays many of these applications are moving
over to using encryption and port 443 which makes them pretty much invisible to
deep packet inspection.
The businesses doing that deep packet inspection though usually have a legal
obligation to keep that data secure and to only use it for specific purposes
eg keeping the network running, secure and free from applications which the
business' policy bans from its network. (The exact legal position of course
depends upon which legal jurisdiction the business falls under).

A more recent development has been the plans of certain ISPs to use a product
from a company called Phorm to target you with advertisements according to
your browser habits as determined by Phorm's interception of your browser
requests see

[url]http://www.theregister.co.uk/2008/02/29/phorm_roundup/[/url]

and in particular the secret trials of this product carried out last year
without informing customers.


David Webb
Security team leader
CCSS
Middlesex University

[color=blue]
>--
>PL/I for OpenVMS
>[url]www.kednos.com[/url][/color]

Bob Koehler wrote:[color=blue]
> In article <op.ub4h07n6hv4qyg@murphus.hsd1.ca.comcast.net>, "Tom Linden" <tom@kednos.company> writes:[color=green]
>> Why is this not like opening someone's mail, from a legal viewpoint?[/color]
>
> Because the laws that protect snail mail are specific to snail mail.
>[/color]

Also note that e-mail is very new compared to snail mail. More than 200
years of legislation and case law apply to snail mail.

There is nothing to prevent anyone with System privileges from reading
your e-mail. It might even be legal to forward it to "The New York
Times" and for the Times to publish it! If publishing your e-mail would
sell newspapers, somebody would do it!

The moral? Don't commit anything to e-mail that you would not want to
see on the front page of the Times!

For that matter, you should probably own, and use, a paper shredder.
Courts have ruled that a man has NO expectation of privacy in his trash.

Do you use wireless Ethernet? If so, you had better be sure it's
encrypted and that you change the encryption keys frequently enough to
discourage crackers.

Also note, that in the case of public officials, courts have held that
their e-mail is a "public record".

The moral? Well, I'm sure you get the idea.

In article <op.ub4h07n6hv4qyg@murphus.hsd1.ca.comcast.net>, "Tom Linden" <tom@kednos.company> writes:[color=blue]
>
> Why is this not like opening someone's mail, from a legal viewpoint?[/color]

Because the laws that protect snail mail are specific to snail mail.

On Jun 2, 2:08 pm, "Richard B. Gilbert" <rgilber...@comcast.net>
wrote:[color=blue]
> Bob Koehler wrote:[color=green]
> > In article <op.ub4h07n6hv4...@murphus.hsd1.ca.comcast.net>, "Tom Linden" <t...@kednos.company> writes:[color=darkred]
> >> Why is this not like opening someone's mail, from a legal viewpoint?[/color][/color]
>[color=green]
> > Because the laws that protect snail mail are specific to snail mail.[/color]
>
> Also note that e-mail is very new compared to snail mail. More than 200
> years of legislation and case law apply to snail mail.
>
> There is nothing to prevent anyone with System privileges from reading
> your e-mail. It might even be legal to forward it to "The New York
> Times" and for the Times to publish it! If publishing your e-mail would
> sell newspapers, somebody would do it!
>
> The moral? Don't commit anything to e-mail that you would not want to
> see on the front page of the Times![/color]

Well, that should be easy! I seriously doubt anything I would or have
put in an email would even make it to the Style section. The Onion,
maybe! :-)
[color=blue]
>
> For that matter, you should probably own, and use, a paper shredder.
> Courts have ruled that a man has NO expectation of privacy in his trash.[/color]

Got one!
[color=blue]
>
> Do you use wireless Ethernet? If so, you had better be sure it's
> encrypted and that you change the encryption keys frequently enough to
> discourage crackers.
>
> Also note, that in the case of public officials, courts have held that
> their e-mail is a "public record".
>
> The moral? Well, I'm sure you get the idea.[/color]

Got it. Thanks.

AEF

Tom Linden wrote:
[color=blue]
> Why is this not like opening someone's mail, from a legal viewpoint?[/color]


DPI used in a corporare environment does not have the "postal
confidentiallity" issue since the corporation essentially owns all the
data on its network, including private emails containing sex jokes sent
between workers.

But when you start dealing with an outfit that has common carrier
status, then the "postal confidentiality" issue becomes important.

Bell Canada claims it is looking only at the envelope. (it considers the
packet payload to be an envelope). (For instance, an HTTP response
header would be cosnidered envelope by Bell because the content follows,
even though at the network level, the HTTP response header and content
are all packet payloads (layer 7 of OSI stack).

BTW, I installed Wireshark on my Mac. (GUI and glorified equivalent of
Ethermon on VMS). It an an X application. (GTK2 toolkit). Interesting
to see form familiar X look-and-feel to it compared to native MAC apps
that reside next to it.

Bell Canada, in its CRTC filing has already stated that it has the
ability to start to favour certain web sites over others.

If you want to read how incompetant and clueless powerpoint-driven upper
management are, goto

[url]http://www.crtc.gc.ca/PartVII/eng/2008/8622/c51_200805153.htm[/url]

and read the Bell Canada submissions (especially the 2008-05-29).
(remember that the service in question is PPPoE frame transport on
pointo to point links between the home and a competitive ISP. This is
not an INTERNET service. IPs are assigned and managed by the ISPs, not
by Bell.

warning: Bell Canada has marketing agreements with Microsoft, has
outsourced its email to microsoft, and used to have conde on its web
site to retract acces to only microsoft users. Don't be surprised by teh
fact that a large corporation takes such huge risks by submitting legal
dopcumenst in microsoft word formats. The guy who is responsible for
those documents doesn't know the difference between bits and bytes.

It is a miracle that telephone calls get through.

Richard B. Gilbert wrote:
[color=blue]
> Also note that e-mail is very new compared to snail mail. More than 200
> years of legislation and case law apply to snail mail.[/color]

Common carriers also have strict confidentiality laws. More than 100
years of legistlation covers a telecom carrier's right to listen or
barge into conversations.

Remember that at one point, phone operators were paid by some companies
to connect callers to them instead of to their competitors when the
caller asked for the competitor. Laws had to be passed to prevent that.

On Jun 2, 2:20 pm, "Tom Linden" <t...@kednos.company> wrote:[color=blue]
> On Mon, 02 Jun 2008 01:56:48 -0700, JF Mezei
>
> <jfmezei.spam...@vaxination.ca> wrote:[color=green]
> > New technology is now fast enough to provide DPI (deep packet
> > inspection) on a large scale. Ellacoya has one box capable of scanning
> > 20 gbps "live", with 500,000 customers each having multiple TCPIP
> > sessions running (throttling by TCPIP session). It scans your private
> > data, able to looks at multiple packets to detects certain applications,
> > and will do accounting of what user uses what applications for how much
> > data being exchanged. It can also do that on a HTTOP transaction dwon to
> > each web site visited per user (which the telco can then sell to
> > advertising firms).[/color]
>
> Why is this not like opening someone's mail, from a legal viewpoint?
>
> --
> PL/I for OpenVMSwww.kednos.com[/color]

Well, from a logical and commonsense viewpoint, monitoring of
internetic traffic content is conceptually remarkably similar to
opening someone's mail. But the legal profession have for centuries
made well-paid careers out of ensuring that law doesn't necessarily
have anything with logic and common sense, or justice.

Ellacoya's deep packet inspection mostly looks at packet headers,
protocol types, IP addresses, and the like, and uses them fo "traffic
management" purposes, flow control, prioritisation, and such, without
actually knowing or caring about the details of the content. I'm a
customer of an ISP with Ellacoyas and I'm comfortable with it (for
now), though I understand that other folks might not be happy; that;s
what "choice" is for.

I suspect what JF is referring to, for real intrusive monitoring,
where all http traffic flowing through your ISP is intercepted, not
just headers, and the *contents* of your traffic used to provide
"extra targeted" ads isn't Ellacoya at all. Check out Phorm - plenty
of coverage on The Register and elsewhere.

BT and Virgin (the UK's sole surviving major cable company) were
touted by Phorm as being early adopters. Virgin have since said "not
yet we're not", but meanwhile they have recently changed their Ts+Cs
in a Phorm-friendly way. BT look a more likely candidate, as the
former technical director at BT Retail (who was in charge at BT while
they were secretly trialling Phorm monitoring/interception, whilst
telling customers who noticed strange things that no monitoring/
interception was occuring) is now the technical director at Phorm, and
a former Home Office minister is on the board at BT (aiui it would be
the Home Office that would have to approve BT/Phorm's scheme as
legit).

Interesting times.

In article <7uydneqty68VqtnVnZ2dnUVZ_hWdnZ2d@comcast.com>, "Richard B. Gilbert" <rgilbert88@comcast.net> writes:[color=blue]
>Bob Koehler wrote:[color=green]
>> In article <op.ub4h07n6hv4qyg@murphus.hsd1.ca.comcast.net>, "Tom Linden" <tom@kednos.company> writes:[color=darkred]
>>> Why is this not like opening someone's mail, from a legal viewpoint?[/color]
>>
>> Because the laws that protect snail mail are specific to snail mail.
>>[/color]
>
>Also note that e-mail is very new compared to snail mail. More than 200
>years of legislation and case law apply to snail mail.
>
>There is nothing to prevent anyone with System privileges from reading
>your e-mail. It might even be legal to forward it to "The New York
>Times" and for the Times to publish it! If publishing your e-mail would
>sell newspapers, somebody would do it!
>[/color]
This depends very much upon the legal jurisdiction. In the UK there are various
pieces of legislation (Human Rights, RIP act, Data protection act etc) which
cover interception of email. These acts basically provide senders and
recipients with protection against covert surveillance of their mail and
protection against divulging of personal information to third parties.
(There are a number of exceptions for Police and other Government bodies and
for monitoring in order to maintain the performance and security of the mail
system and for formal investigations into breaches of company policies. More
general monitoring is also allowed so long as an organisation has published a
policy to all its users advising them that monitoring will take place.)

see

[url]http://prisonplanet.com/articles/july2006/180706Email.htm[/url]

A system administrator intercepting mail and forwarding it to a newspaper would
almost certainly be in breach of the above laws. In a limited number of cases
the paper if it published the email might have a defense that publishing the
article was in the public interest. The system administrator though might have
more difficulty in mounting that defense unless they could show that the
interception was in accordance with the above laws since they would only have
been able to ascertain that its publication might be in the public interest
after having intercepted and read it.

Most of the above acts are based upon EU legislation which has been
incorporated into UK law and hence similar acts apply in the rest of the EU.



David Webb
Security team leader
CCSS
Middlesex University

In article <g22tj4$9fp$1@south.jnrs.ja.net>, [email]david20@alpha1.mdx.ac.uk[/email] writes:[color=blue]
>In article <4844b7b1$0$7257$c3e8da3@news.astraweb.com>, JF Mezei <jfmezei.spamnot@vaxination.ca> writes:[color=green]
>>johnwallace4@gmail.com wrote:
>>
>>[/color]
>JF you seem to think that this is something new it isn't. Companies have been
>fighting against the use of P2P applications and "firewall friendly"
>applications using deep inspection and traffic shaping tools for years.
>As to net neutrality this is a bit of mythology. The internet is and always has
>been a connected set of private networks. Each owner of a private network has
>always been free to accept, reject, throttle whatever traffic they like.
>The classic example is the granddaddy of email blacklists the RBL. The RBL
>(Realtime Blackhole list) could be deployed in two ways. The first was simply
>as an email check as with all the other DNS based blocking lists. The second
>though and the reason it is called a blackhole list was to alter routing
>information to effectivily cut the listed servers off the internet as far as
>those using the RBL service were concerned. This second method cuts not just
>email traffic but all traffic.
>
>See
>
>[url]http://www.mail-abuse.com/wp_introrbl.html[/url]
>
>At one point the company providing the Transatlantic link into Janet (UK Joint
>Academic Network) was using the MAPS RBL in router blocking mode. Hence if a
>site in the states managed to get onto that list and tried to contact a UK
>university they would not be able to connect over the internet and the UK
>university would have no knowledge of their connection attempts or way of
>allowing the US system to communicate. The only solution was for the US
>institution to get its system removed from the RBL.
>This was in place for a number of years.
>[/color]
There used to be a document on the JANET website explaining about the use of
the RBL in routing mode and the transatlantic link provided by Teleglobe but
I can't seem to find it at the moment. The best I can come up with is the short
mention in the section titled "Teleglobe Adopt the Realtime Blackhole List"
in
[url]http://webarchive.ja.net/services/publications/archive/newsletters/ukerna-news/1998/september/ukerna-news5.html[/url]

from the september 1998 newsletter.


David Webb
Security team leader
CCSS
Middlesex University

In article <7uydneqty68VqtnVnZ2dnUVZ_hWdnZ2d@comcast.com>, "Richard B. Gilbert" <rgilbert88@comcast.net> writes:[color=blue]
>
> There is nothing to prevent anyone with System privileges from reading
> your e-mail.[/color]

Tehcnically, yes, but rules may apply. I'm sure I'm not the only
one working for a private company who's policy states that reading
someone else's email requires approval of a corporate vice
president. Violation can result in termination.

An employee's relationship with a private employer is in many areas
left up to the employee and employer. I'm sure other companies exist
that have very different, or no, policies.

John Santos wrote:
[color=blue]
> JF may be paranoid, but even paranoids have real enemies.[/color]


Until bell started to do this throttling on commercial data links (not
at the ISP level but at the common telecom carrier level), I also
thought net neutrality was essentially a modern "hippie" issue.

But Bell forced me to start to study what those ellacoya boxes can do.
And this is what is truly scary. All of a sudden, those warning from the
"net neutrality hippies" start to make sense.

And yes, right now, Bell says its goal is only make P2P (they don't have
the guts to say "BitTorrent" because BitTorrent is a legit commercial
operation that sells movies legally) unusable during peak hours. (at the
same time, it launches its own competing unthrottled video store).

But when you look at the tactics and timing of Bell implementation, it
is clear that once the CRTC refuses the request to remove them, Bell
will not only be able to cripple its competitors, but it will then be
able to change the configs of its ellacoya boxes to do far more.


My ISP pays the big bucks to buy 5gbps bandwidth in the ADSL access
network, plus roughly $20 for each individual subscriber. The more its
customers transfer, the more bandwidth my ISP needs to buy from Bell to
carry raw data between the homes and the ISP's premises. This isn't
"internet", it is a simple point to point circuits to transfer data.

My ISP then buys internet transit and has its own routers, BGP, AS
Number, its own IP blocks.

My ISP wants to give me full freedom to use any application I want (Bell
now prevents it) in exchange for a download cap of 200 gigs a month. I
can get an "unlimited" package at higher price, or can pay a reasonable
price if I exceed the 200gigs limit.

It is wrong to accuse "net neutrality" advocates to want to access the
net for free.

When Bell is doing is dictating what on can and cannot say over the
telephone and inserting a "beep" in a phone conversation to blank out
any word Bell nilaterally has decided shouldn't be said.

In article <Wsh1k.5432$jX.259@trnddc04>, John Santos <john@egh.com> writes:[color=blue]
>david20@alpha1.mdx.ac.uk wrote:[color=green]
>> In article <4844b7b1$0$7257$c3e8da3@news.astraweb.com>, JF Mezei <jfmezei.spamnot@vaxination.ca> writes:
>>[color=darkred]
>>>johnwallace4@gmail.com wrote:
>>>
>>>[/color]
>> JF you seem to think that this is something new it isn't. Companies have been
>> fighting against the use of P2P applications and "firewall friendly"
>> applications using deep inspection and traffic shaping tools for years.
>> As to net neutrality this is a bit of mythology. The internet is and always has
>> been a connected set of private networks. Each owner of a private network has
>> always been free to accept, reject, throttle whatever traffic they like.
>> The classic example is the granddaddy of email blacklists the RBL. The RBL
>> (Realtime Blackhole list) could be deployed in two ways. The first was simply
>> as an email check as with all the other DNS based blocking lists. The second
>> though and the reason it is called a blackhole list was to alter routing
>> information to effectivily cut the listed servers off the internet as far as
>> those using the RBL service were concerned. This second method cuts not just
>> email traffic but all traffic.
>>
>> See
>>
>> [url]http://www.mail-abuse.com/wp_introrbl.html[/url]
>>
>> At one point the company providing the Transatlantic link into Janet (UK Joint
>> Academic Network) was using the MAPS RBL in router blocking mode. Hence if a
>> site in the states managed to get onto that list and tried to contact a UK
>> university they would not be able to connect over the internet and the UK
>> university would have no knowledge of their connection attempts or way of
>> allowing the US system to communicate. The only solution was for the US
>> institution to get its system removed from the RBL.
>> This was in place for a number of years.
>>
>>
>>
>> David Webb
>> Security team leader
>> CCSS
>> Middlesex University
>>
>>
>>
>>[color=darkred]
>>>[/color][/color]
>
>An ISP is *not* a private net. It is a public network. As a common
>carrier, it is shielded from responsibility for content. In return for
>that shielding, it must provide transit for everyone on equal terms.
>[/color]
Sorry I should have used the word separate rather than private. It doesn't make
any difference whether the separate network is open to the general public or
not.
ISPs are not common carriers they do accept some responsibility for content.
When people complain about spam,viruses or scanning from their networks they
investigate and take appropriate action - they do not turn round and say that
as a common carrier they cannot investigate and suggest going to the police.
Similarly they protect users of their networks and the services they provide
on their networks such as Mail from attack by measures which includes scanning
the content of incoming mail messages for viruses and spam. They may well use
DNS blacklists to block all mail coming from certain systems.

Many ISPs have policies which restrict whether you can run web servers etc on
their network. Many block incoming or outgoing direct connections on the smtp
port.
These are measures ISPs have been doing for years.



[color=blue]
>At least, that is the way it is *supposed* to work. The ISPs seem to
>want the best of both worlds. There is a term for an economic system
>that uses the power of the state to protect entrenched oligarchies at
>the expense of personal liberties. Anyone care to invoke Godwin?
>
>I just today got an email from my ISP stating that they were going to
>change the terms of service. The included summary seemed fairly
>reasonable (don't know if the summary reflects the actual TOS), except
>for one phrase...
>
>"4. Modifications to AUP. We have added language to our AUP making clear (a)
>that we may monitor our subscribers’ compliance with our Terms of Service and
>AUP; and (b) that we have the right, but not the obligation, to pre-screen,
>refuse, move or remove any content available on the Service including, but not
>limited to, content that violates the law, our Terms of Service or our AUP."
>
>The "but not limited to" gives them the right to block or remove any
>content whatsoever, for any or no reason. For example, if they made
>a deal with M$ or Amazon, they could block iTunes downloads. Or they
>could block Skype because it competes with their VOIP service.[/color]

And if they blocked Itunes just to favour someone else they had a business deal
with then Apple could sue them for unfair restraint of trade.

[color=blue]
> Or
>they could throttle a customer because they complain too much about
>poor service. Or they could block email to the FCC if they suspected
>you were complaining.[/color]

You really think they would risk such actions when the customer who wished to
complain could certainly find other means to contact the FCC or whoever.

David Webb
Security team leader
CCSS
Middlesex University

[color=blue]
> In the old days of dialup Internet, you could
>change ISPs if your current one was not providing decent service
>since there were lots of competitors, but now there are only two
>broadband providers (TelCo and cable TV company) available to most
>people.
>
>JF may be paranoid, but even paranoids have real enemies.
>
>--
>John Santos[/color]

[email]david20@alpha2.mdx.ac.uk[/email] wrote:
[color=blue]
> And if they blocked Itunes just to favour someone else they had a business deal
> with then Apple could sue them for unfair restraint of trade.[/color]

Why do you think Comcast backed down on crippling BitTorrent protocol ?
BitTorrent Corp (who legally sells movies and other contents for a fee)
lawyers started to talk to Comcast about exactly that.

And this is one reason Bell Canada uses "P2P" instead of specifying it
is blocking BitTorrent traffic.

In article <4846fbe2$0$20557$c3e8da3@news.astraweb.com>, JF Mezei <jfmezei.spamnot@vaxination.ca> writes:[color=blue]
>david20@alpha2.mdx.ac.uk wrote:
>[color=green]
>> And if they blocked Itunes just to favour someone else they had a business deal
>> with then Apple could sue them for unfair restraint of trade.[/color]
>
>Why do you think Comcast backed down on crippling BitTorrent protocol ?
>BitTorrent Corp (who legally sells movies and other contents for a fee)
>lawyers started to talk to Comcast about exactly that.
>
>And this is one reason Bell Canada uses "P2P" instead of specifying it
>is blocking BitTorrent traffic.[/color]

Which is perfectly OK since they are treating competitors of BitTorrent who use
other P2P protocols in a similar fashion and therefore presumably do not have
any special relationship with those competitors which could be seen as
providing an anticompetive advantage.

The problem with P2P applications is that as well as the few companies legally
selling movies and other content through them there are also lots of others
illegally distributing copyrighted content. If the ISPs do nothing about these
illegal distributions then they face the possibility of legal sanctions from
the representatives of the Movie and Record industries.


Here is an article about AT&T discussing filtering in an attempt to placate
the R.I.A.A and M.P.A.A which was published in January

[url]http://bits.blogs.nytimes.com/2008/01/08/att-and-other-isps-may-be-getting-ready-to-filter/index.html[/url]

The problem of course is how you determine the legal from the illegal P2P
download it's much easier just to block P2P totally. But even that won't work
for long because the P2P networks will just move to using encryption over port
443 to evade deep packet inspection.



David Webb
Security team leader
CCSS
Middlesex University

In article <4846fbe2$0$20557$c3e8da3@news.astraweb.com>, JF Mezei <jfmezei.spamnot@vaxination.ca> writes:[color=blue]
>
> Why do you think Comcast backed down on crippling BitTorrent protocol ?
> BitTorrent Corp (who legally sells movies and other contents for a fee)
> lawyers started to talk to Comcast about exactly that.[/color]

Comcast announced that it will start throttling all heavy users,
using the same tchnology they were going to use to throttle
BitTorrent, but without looking inside the packet to see what kind
of data they're throttling.

Higher speeds will be available for a fee.