Monitoring, Flow Stats (Re: spam whore, norcal-systems)

If you read the statute, it permits monitoring for quality control
purposes, which your flowstats are.

There is no exception in 2511 for what Ravi did. Does Verio often reveal
confidential information about their customers' customers traffic? I
wonder how Verio's ISP customers/peers feel about that. I know I wouldn't
be happy if UUnet or BBN thought they could capture and publish my
customers packets. My customers include insurance and health care (privacy
intensive) companies. They would be very unhappy if we used someone who had
this attitude.

The anti-spammers usually claim the abuse exception as justification for
instituting a block. Its their best (though still flimsy) argument. Its
flimsy since the congress has the authority to regulate or ban spam, and
the congress did pass laws banning junk faxes, and limiting calls to cell
phones, yet they have not yet banned spam. Nor has any court found spam by
itself to be an abuse. The one spam related law that was before the
congress would have placed some requirements on spammers, but would have
made it specifically not an abuse for 2511. In other words, the congress
doesn't agree with the anti-spammers.

    --Dean

See what happens when we level the rain-forests - we destroy a cure for
this...

I really would beg to differ--congress has the right to legistlate, certainly, and until they do legislate one way or the other on the matter its pretty much in the ISPs hands; let's look at it this way, shall we: it may be your "${deity} given right" to try to send out spam, but until you own your mail server, the recipients mail server and all the transit in between, it is the operator of said equipment's right to abitrarily block and/or inspect data passing through that point in the course of operating their network.

Let me also point out a couple of things you seem to have missed:

  * in the early 90s, NSF started backing out of the Internet, so instead of being a grant project of NSF/DOD the Internet came to be under private ownership.
  * our government tries to limit regulation on business in the interested of commerce, some exceptions we can all think of off the top of our heads come to mind like "public utilities" and trusts.
  * being that the Internet is not a "public utility" it is not regulated the way our LEC/IXC carriers are regulated.
  * in fact, by and large the Internet is not regulated at all, and regulations fail on the principal that (a) no one has singular control over the Internet and (b) it is an international entity.

It is important to harp on the last fact, that the Internet is an international entity. Any attempt by the US legislation to regulate it would generally be met with either dissapproval or be wholly ignored. We have some regulations in place about the export of encryption technology in place that is probably unconstitutional and definitely unenforceable--why would be want to encourage the government to pass more unenforceable, unreasonable laws with respect to how ISPs operate? This is why the Decency Act failed so miserably. Any attempt to tell ISPs that they can't choose which kind of traffic to pass on their network takes away exactly the right that the industry ralleyed for with the CDA and I assure you, we *will* not allow our industry to be regulated like that.

I have the "${deity} given right" to allow or deny traffic on my network as I see fit as an agent of Verio, period. If I choose to limit my liability by not allowing spammers to pass traffic which I have arbitrarily deemed to be dubious it is my perogative. We have a set of rules and an arbitration process to sanitize our decision making process, but the point is if I wanted to block all IP addresses with two or more "4"s on Tuesdays and Thursdays, I can. I would hope no one would be stupid enough to be my customer if that was the case; likewise, I hope that no one who sends out spam would be interested in doing business with Verio--we dont want it on our network.

  </rant>

Chris

There is no exception in 2511 for what Ravi did.

Since when does the law prohibit the monitoring of NOC email which is what
Ravi did? Or are you complaining about Ravi's equipment being configured
to monitor the IP address field on packets in order to route them to
null0?

Both of these sound like the normal course of business to me.

The anti-spammers usually claim the abuse exception as justification for
instituting a block. Its their best (though still flimsy) argument.

There may be a better justification. I don't know enough details yet but I
do know that cellular providers have banded together to share information
on whether a subscriber is a "bandit" or not. When you roam into a new
area not covered by your cellular provider, they can query a database to
see if you have paid your bills with your home provider. GTE is one of
three companies that operates a database service that is used by telcos
all over North America.

It would also be interesting to see if there are some parallels in the
capabilities of CCS7 to trace phone calls.