Reporting Little Blue Men

From: Dean Anderson <dean@av8.com>

But when you take the step from advocacy to actions you are violating the
law in almost every case. You can advocate anything, but you can't go
tearing down buildings, or in this case, intercepting communications.

Filtering packets is not interception, it is disregard. If I ignore
your packets and do not pass them to the next machine in the link, I
am not intercepting your communications, I am ignoring them. Unless
you are paying me to do so, I have no obligation to carry your packets.

If my server checks message headers to determine validity before
transferring to a spool file, I am not intercepting, I am determining
message routing. As above, if you aren't paying me, I have no obligation
to deliver something you handed me for delivery. Or are you suggesting
mail servers should deliver mail without determining who it is for?

If I review the content of your message, and then make decisions about
who gets to read it (as opposed to discarding it), then I am intercepting,
and reprehensible.

I cannot block mail espousing causes I disagree with, but I have no
obligation to deliver them either. Find yourself another path to my
client; I won't do anything to permit or prevent it. I am not blocking you.
I am also not assisting you. That is neither illegal nor immoral.

SPAM yourself silly.

dennis

From: Dean Anderson <dean@av8.com>

But when you take the step from advocacy to actions you are violating the
law in almost every case. You can advocate anything, but you can't go
tearing down buildings, or in this case, intercepting communications.

I cannot block mail espousing causes I disagree with, but I have no
obligation to deliver them either. Find yourself another path to my
client; I won't do anything to permit or prevent it. I am not blocking you.
I am also not assisting you. That is neither illegal nor immoral.

I agree with almost everything you said, but there is one point I question.
It is my understanding that I have an absolute right to block mail
espousing causes I disagree with on my private property (e.g. my mail
server). I am not the government, you have no "First Amendment" rights
with me. Of course, IANAL, so I could be wrong.

Unfortunately, I also agree that reading the CONTENT of users' e-mail is
immoral and reprehensible, so I don't know how I would block "causes" I
despise. And whether it is illegal or not, it is probably actionable in
civil court, so it's not a good idea no matter what. (Seems you can sue
anyone for anything in the US.)

SPAM yourself silly.

That's cute. Can I use it?

dennis

TTFN,
patrick

From: Dean Anderson <dean@av8.com>

But when you take the step from advocacy to actions you are violating the
law in almost every case. You can advocate anything, but you can't go
tearing down buildings, or in this case, intercepting communications.

Filtering packets is not interception, it is disregard. If I ignore
your packets and do not pass them to the next machine in the link, I
am not intercepting your communications, I am ignoring them. Unless
you are paying me to do so, I have no obligation to carry your packets.

If I am paying you to carry packets, you have an obligation to carry them.
Blocking some of them is illegal. (ala AGIS). Every packet that goes
through your network is paid for by one of your customers, one of their
customers, and so on.

If my server checks message headers to determine validity before
transferring to a spool file, I am not intercepting, I am determining
message routing. As above, if you aren't paying me, I have no obligation
to deliver something you handed me for delivery. Or are you suggesting
mail servers should deliver mail without determining who it is for?

Nope. Thats service observing. Illegal.

If I review the content of your message, and then make decisions about
who gets to read it (as opposed to discarding it), then I am intercepting,
and reprehensible.

And crimminal.

I cannot block mail espousing causes I disagree with, but I have no
obligation to deliver them either. Find yourself another path to my
client; I won't do anything to permit or prevent it. I am not blocking you.
I am also not assisting you. That is neither illegal nor immoral.

You are obligated to carry the packets you are paid to carry. You may not
look at their contents other than for incidental reasons, such as routing
and delivery. (and correct routing and delivery.)

But don't take my word for it. Look at Cheswick and Bellovin on page 205.
They say the same thing.

    --Dean

[SNIP - Unsupported ramblings my cohorts have told me to filter instead of
read]

But don't take my word for it. Look at Cheswick and Bellovin on page 205.
They say the same thing.

Yes, the seminal work in legal circles on the subject.

  --Dean

TTFN,
patrick

Actually, most mail filters will not look at the actual DATA portion of the
message - rather, the MAIL FROM: and RCPT TO: commands (and the connecting
host's IP address ot hostname).

Thus, the actual DATA (content) of the message is not looked at before
determining whether or not to discard the message.

If you consider that illegal, then ANY filtering of ANY sort is illegal,
since I'd have to look at a packet's IP address or protocol type in order to
filter XXX or YYY.

  -Taner

These are crimminal statues, and apply to "providers of wire communications
services".

Read these:

Definitions: (Wire communications)
http://www.law.cornell.edu/uscode/18/2510.shtml

Interception and disclosure of wire, oral, or electronic communications
prohibited:
http://www.law.cornell.edu/uscode/18/2511.shtml

If you operate a service available to the public, the rules are much
different than if you operate a private company's internal mail system.

So far as I know, these laws haven't been repealed. But cornell says they
use the January '96 CD. Maybe they have been repealed.

If you're not a provider of wire communication services according to the
definitions, they don't apply.

Anyway, my original point was to explain why the FBI is unresponsive to DoS
reports.

I think we can stop insisting that "these laws don't apply to me". Maybe
they don't. If not, then don't worry.

    --Dean

If you're not a provider of wire communication services according to
the definitions, they don't apply.

If anyone still cares, 18 USC 2510 defines the term, and it means a
phone company, not an ISP. Enough already.

(On the other hand, telcos seem to provide services that block calls
from specified phone numbers, or that block calls with suppressed
calling line ID, and I don't recall seeing large numbers of telco
executives carried away in chains. The law that Dean has been
selectively quoting is a law against wiretapping, and is written quite
narrowly so that's all it covers.)

Read the Electronic Communications and Privacy Act also known as the ECPA
before messing around with email. You do have some obligations to your
customers by running a mail server and it is important that your NOC staff
is aware of what they can and cannot do. The ECPA is posted in several
places on the web and is not that long so it is worth reading it yourself.

I agree with almost everything you said, but there is one point I question.
It is my understanding that I have an absolute right to block mail
espousing causes I disagree with on my private property (e.g. my mail
server). I am not the government, you have no "First Amendment" rights
with me. Of course, IANAL, so I could be wrong.

Read the Electronic Communications and Privacy Act also known as the ECPA
before messing around with email. You do have some obligations to your
customers by running a mail server and it is important that your NOC staff
is aware of what they can and cannot do. The ECPA is posted in several
places on the web and is not that long so it is worth reading it yourself.

I thank you for the warning, but we do not run mail for our clients, just
ourselves. And I feel perfectly free to filter whatever I want to myself
and my employees.

And, whatever the ECPA states, I would still feel perfectly safe filtering
sites that I thought were sending stuff I did not want to receive on my
mail server - as long as I let my users know about it first. In addition
almost every ISP I've ever seen has an "Acceptable Use Policy" which
obligates their users to refrain from using the mail server as a launching
point for such mass mailings.

I guess what it comes down to is that people seem to think that the
Constitution, or the First Amendment, or breathing the air, or SOMETHING
gives them the right to send anything they want to my mailbox. I do not
know why they feel this way. They are perfectly free to say whatever they
like IN PUBLIC, but not on my servers, in my network, on my time, my
bandwidth, and my mailbox. You can't call my phone over and over, you
can't yell at me in my house, why is my server and mailbox any different?

Of course, the worst part about it is that these same people usually have
the audacity to filter responses to their SPAM. And these are personalize,
directed e-mails to a person who has initiated contact, not anonymous
(usually spoofed) mass mailings to people who had less than no interest in
receiving the information. I wonder how they rationalize that bit of
hypocrisy? Or do they even try?

Michael Dillon - Internet & ISP Consulting

TTFN,
patrick

P.S. I would like to reiterate that IANAL nor do I run a public mail
server. And as with any major business decision, I would consult my
corporate counsel before enacting policy. Just to be safe.

If you're not a provider of wire communication services according to
the definitions, they don't apply.

If anyone still cares, 18 USC 2510 defines the term, and it means a
phone company, not an ISP. Enough already.

Well, like I said, if it doesn't apply to you, don't worry. I didn't make
the laws, and I am not a prosecutor. You have to make your own decisions
after reading the material.

But if you *actually* read the definitions in 2510, you will see it defines
the term "electronic communications" to mean:

(12) "electronic communication" means any transfer of signs, signals,
writing, images, sounds, data, or intelligence of any nature
       transmitted in whole or in part by a wire, radio, electromagnetic,
photoelectronic or photooptical system that affects interstate or foreign
       commerce, but does not include -
              (A) any wire or oral communication;
              (B) any communication made through a tone-only paging device; or
              (C) any communication from a tracking device (as defined in
section 3117 of this title);

Then it says what an electronic communications system is:

(14) "electronic communications system" means any wire, radio,
electromagnetic, photooptical or photoelectronic facilities for the
       transmission of electronic communications, and any computer
facilities or related electronic equipment for the electronic storage of
such
       communications;

Then 2511 says:

(1) Except as otherwise specifically provided in this chapter any person who -
              (a) intentionally intercepts, endeavors to intercept, or
procures any other person to intercept or endeavor to intercept, any wire,
oral,
              or electronic communication;

Then from Websters Dictionary, "intercept" means:

Intercept \In`ter*cept"\, v. t. [imp. & p. p. Intercepted; p. pr. & vb. n.
Intercepting.]
[L. interceptus, p. p. of intercipere to intercept; inter between +
capere to take, seize: cf. F. intercepter. See Capable.] 1. To take or
seize by
the way, or before arrival at the destined place; to cause to stop on the
passage; as, to intercept a letter; a telegram will intercept him at Paris.
God will shortly intercept your breath. --Joye. 2. To obstruct or
interrupt the
progress of; to stop; to hinder or oppose; as, to intercept the current of
a river.
Who intercepts me in my expedition? --Shak. We must meet first, and
intercept his
course. --Dryden. 3. To interrupt communication with, or progress toward;
to cut
off, as the destination; to blockade. While storms vindictive intercept
the shore. >--Pope.

Seems like "blocking IP packets" is "interception"

And what part of "signals, writing, images, sounds, data, or intelligence
of any nature" excludes IP packets? (the intelligence part of course

It would seem that if ones job is to transport packets from peers which
they have peering agreements with, and they don't do it for a political
reason, this would apply. Doesn't seem like it only applies to telephone
companies. But hey, I could be wrong, and some people seem to be very
unsettled by this discussion, so perhaps we should drop it. It's way off
my original point about smurfing and spam and the FBI's apparent lack of
interest in pursuing DoS cases.

But my point about the anti-spammer crowd has certainly been made more
eloquently by actions than words could ever describe.

    --Dean

If I am paying you to carry packets, you have an obligation to carry them.
Blocking some of them is illegal. (ala AGIS). Every packet that goes
through your network is paid for by one of your customers, one of their
customers, and so on.

And how do I... or how does the company I work for.. have an obligation to
some spammer on a different ISP, if he is spamming NACS.NET? There's no
contract there, nor is there any payment.

I still don't think you're a spammer, but you sure do sound like one.

>to deliver something you handed me for delivery. Or are you suggesting
>mail servers should deliver mail without determining who it is for?

Nope. Thats service observing. Illegal.

and you can cite laws or legal precedents that support your position, I'm
sure.

>If I review the content of your message, and then make decisions about
>who gets to read it (as opposed to discarding it), then I am intercepting,
>and reprehensible.

And crimminal.

see above.

You are obligated to carry the packets you are paid to carry. You may not
look at their contents other than for incidental reasons, such as routing
and delivery. (and correct routing and delivery.)

I, as ISP X, am not obligated to carry any packets from ISP Y unless ISP Y
is a downstream client of mine with a signed contract. Find me a judge who
says otherwise and I'll believe you.

But don't take my word for it. Look at Cheswick and Bellovin on page 205.
They say the same thing.

Irrelevant in most cases.

Cite legal precdents.

Dean Anderson writes:

> >If anyone still cares, 18 USC 2510 defines the term, and it means a
> >phone company, not an ISP. Enough already.
>
> Well, like I said, if it doesn't apply to you, don't worry. I didn't make
> the laws, and I am not a prosecutor.

Umm that's obvious. If you were you'd be aware that this

> Then from Websters Dictionary, "intercept" means:

is completely irrelevant since the meaning of "intercept" is printed
in black and white in the act itself.

The subject header is most appropriate, as is the "enough already"
remark.

(Mandatory disclaimer: IANYL)

I presume you mean cases where this law has been applied. I will look that
up. But even if there were no cases, the law can still be applied to the
first person caught violating them.

I'm starting to feel like I have to seek out some spammers and help them
collect evidence for a crimminal complaint, in order to defend my honor, or
at least my sanity from claims to the contrary.

Perhaps those network providers who think (and flame) that it can't
possibly apply to their actual blocking, will send me the names and
netblocks of the spammers they are blocking. They should write that the
blocked packets are coming from a peer for which they have a peering
agreement with, and would otherwise be expected to transport those packets
to their destinations. Write that the packets are blocked because they are
for an arbitrary reason. I'll take the evidence and get a crimminal
complaint, thus either proving the application of the law. Or disproving
it, beyond mere speculation. "Put up or shut up", as it were.

I would also point out that the definition of "intercept" in 2510 is
substantially *looser* than the dictionary definition. Just reading and
passing it on qualifies as an "intercept" according to 2510. You don't
actually have to block it to be intercepting according to the law. You're
making my point, while trying to disagree.

I might be wrong, but no one has yet given an explanation of how this law
doesn't apply. Claims that it only applies to phone companies seem to
definitely be wrong. But there is one way to find out for sure whether it
applies to anti-spammer network providers.

I'm not a spammer. Nor am I an anti-spammer. I'm for law and order; Laws
that apply equally to everyone, and can't be violated without punishment
when it suits some private purpose or agenda.

I claim that crimminals are of low moral fibre, and I'm willing to test who
the crimminals really are. I'll expect my postal mailbox to be full next
week: P.O. Box 7286, Nashua, NH 03060. I expect to find letters from the
flamers.

    --Dean

I presume you mean cases where this law has been applied. I will look that
up. But even if there were no cases, the law can still be applied to the
first person caught violating them.

But there have been court cases cited that prove that you're wrong.
Compuserve v. Cyber Promotions, for example. Or any of the AOL victories.

I'm starting to feel like I have to seek out some spammers and help them
collect evidence for a crimminal complaint, in order to defend my honor, or
at least my sanity from claims to the contrary.

If you feel you have to. Whatever.

Perhaps those network providers who think (and flame) that it can't

People flame you because no matter what evidence is provided to you you
insist you're right. As another Nanog reader mentioned, there is no point in
talking to you because in your opinion, apparently everyone else is
*automatically* wrong. You do nothing for your reputation, Dean, and in fact
end up sounding like a complete idiot.

possibly apply to their actual blocking, will send me the names and
netblocks of the spammers they are blocking. They should write that the
blocked packets are coming from a peer for which they have a peering
agreement with, and would otherwise be expected to transport those packets
to their destinations.

But in many, many cases, LIKE MINE, that's not the case! Why do you
automatically assume that?

Write that the packets are blocked because they are
sent from spammers and contain spam. Or just write that they are blocked
for an arbitrary reason. I'll take the evidence and get a crimminal
complaint, thus either proving the application of the law. Or disproving
it, beyond mere speculation. "Put up or shut up", as it were.

We're not blocking spammers at this point, Dean, so I can't really say
anything. Except that the aforementioned court cases say that the OWNERS OF
THE SERVERS HAVE A RIGHT TO PROTECT SAID SERVERS FROM MISUSE.

I would also point out that the definition of "intercept" in 2510 is
substantially *looser* than the dictionary definition. Just reading and
passing it on qualifies as an "intercept" according to 2510. You don't
actually have to block it to be intercepting according to the law. You're
making my point, while trying to disagree.

Well then, why hasn't every single person running an Internet-connected
computer been thrown in jail? Because -- the routers between point a and
point b on the Net MUST LOOK AT THE PACKETS to determine where to route them.

I might be wrong, but no one has yet given an explanation of how this law
doesn't apply. Claims that it only applies to phone companies seem to
definitely be wrong. But there is one way to find out for sure whether it
applies to anti-spammer network providers.

So go sue someone. Prove my point.

I'm not a spammer. Nor am I an anti-spammer. I'm for law and order; Laws
that apply equally to everyone, and can't be violated without punishment
when it suits some private purpose or agenda.

I agree with you that this should be the case. I do not agree that laws are
being violated.

I claim that crimminals are of low moral fibre, and I'm willing to test who
the crimminals really are. I'll expect my postal mailbox to be full next
week: P.O. Box 7286, Nashua, NH 03060. I expect to find letters from the
flamers.

As I said, Dean, you are flamed because you have been presented with
evidence, and have completely ignored it, instead trying to push your point
home. That's why you're flamed, not for your opinions. And how do I know
this? Because people have said it both on NANOG and in private e-mail to me.

I'd flip you a quarter and tell you to go buy a clue, but in order to afford
all the clues you need, you'd probably have to have a net worth close to
that of Bill Gates.

I presume you mean cases where this law has been applied. I will look that
up. But even if there were no cases, the law can still be applied to the
first person caught violating them.

But there have been court cases cited that prove that you're wrong.
Compuserve v. Cyber Promotions, for example. Or any of the AOL victories.

They don't prove that crimminal laws don't apply. They prove that spammers
financially responsible for damages they cause, when they do things that
one should know they aren't authorized to do, or when they expropriate
names and other things. Sounds reasonable to me.

You seem to think that since somebody won a case on expropriating their
name, that you can do anything you want, and act like no laws apply to you.

But in many, many cases, LIKE MINE, that's not the case! Why do you
automatically assume that?

I'm not assuming it is the case. You are. But if its your business to
transport packets from one place to another, and you are otherwise supposed
to transport packets from your customers to your uplink provider and vice
versa, but instead you block some of them for personal or political
reasons, this law prohibits that. If that's what you do, then it applies
to you. If thats not what you do, then it doesn't apply to you.

We're not blocking spammers at this point, Dean, so I can't really say
anything. Except that the aforementioned court cases say that the OWNERS OF
THE SERVERS HAVE A RIGHT TO PROTECT SAID SERVERS FROM MISUSE.

Of course you have a right to protect your property. But blocking emails
for personal or political reasons is not "protecting your property". You
sold/leased the resources to your customers. They aren't yours to do
anything you like with, anymore. These laws to protect the privacy and
integrity of communications.

Well then, why hasn't every single person running an Internet-connected
computer been thrown in jail? Because -- the routers between point a and
point b on the Net MUST LOOK AT THE PACKETS to determine where to route them.

Looking at packets incidental or necessary to operations (such as routing)
is permitted. It says that.

Blocking packets for personal or political reasons doesn't qualify as
incidental to network operations, or protecting your property.

Why is that so tough to understand?

    --Dean

Dean Anderson writes:
> I might be wrong, but no one has yet given an explanation of how this law
> doesn't apply.

Fair point. Here's how I analyze it for my own use [1]:

The bad act is the interception of a communication by persons not
parties thereto, and by those who are not necessary for the
communication.

"Interception" is defined in the wiretap act as the acquisition of the
communication's "contents" (a term of art, also defined).

In order for there to be a prohibited interception, one must have
acquired the substance of another's communications, i.e., the
"contents." s2511(1)

Yet the kind of blocking most of us contemplate (blackhole route,
sendmail check_[mail|relay], and the like) when "blocking" is brought
up inhibits acquisition of the contents. There is no violation if no
"contents" are acquired.

The wiretap act is intended to protect proprietary rights in message
content from another's wrongful taking. There's no indication
anywhere of intent to gaurantee a level of service for content's
transmission.

I find it somewhat reassuring that those desperate spammers who have
litigated related matters haven't attempted recovery through the civil
remedy provided by s2520. Don't you agree that they would have tried
if the theory had even a tiny bit of merit?

In order for there to be a prohibited interception, one must have
acquired the substance of another's communications, i.e., the
"contents." s2511(1)

This is a good point. I'm not sure I buy it, but it at least is a
reasonable point. It seems to me that the change of definition was to
loosen the meaning of intercept so that one doesn't have to actually block
to be in violation, rather than to require reading of the contents for
there to be a violation, as you interpret.

The wiretap act is intended to protect proprietary rights in message
content from another's wrongful taking. There's no indication
anywhere of intent to gaurantee a level of service for content's
transmission.

I don't think anyone would expect you to guarantee a level of service. But
it is not unreasonable to expect that you are not arbitrarilly and
capriciously discrimminating against people who reasonably expect you to
pass their packets. This goes far beyond spamming. Consider what might
happen if it actually is permissible for people to arbitrarilly blackhole
another person or company, at a whim. Suppose Microsoft decides to take
out Netscape during a dispute. Etc. Such behavior is already illegal,
given my interpretation. I am looking forward to having people send me
those letters, so we can test this.

I find it somewhat reassuring that those desperate spammers who have
litigated related matters haven't attempted recovery through the civil
remedy provided by s2520. Don't you agree that they would have tried
if the theory had even a tiny bit of merit?

You have to know about it. It appears the spammers aren't very good at
getting good lawyers so far, considering how they phrased their cases so
far. But the civil damages aren't much, either.

    --Dean

Yes that is a valid point but if a client of yours gets such unsolicited email

then the contents forwarded to you are fair game in the interception and
your methods can then interdict and block the rout from the spam soure
based on valid complaint from the client. Make this part of the policy
statement to your clients encouraging them to forward and complain
about unsolicited email...

Henry R. Linneweh

Dean Anderson wrote:

Dean Anderson writes:
> >In order for there to be a prohibited interception, one must have
> >acquired the substance of another's communications, i.e., the
> >"contents." s2511(1)
>
> This is a good point. I'm not sure I buy it, but it at least is a
> reasonable point. It seems to me that the change of definition was to
> loosen the meaning of intercept so that one doesn't have to actually block
> to be in violation, rather than to require reading of the contents for
> there to be a violation, as you interpret.

I'm not sure I'm understanding what you're getting at here with
respect to a loosening. Is the discrepancy between the common usage
meaning of the word "intercept" and the printed definition a source of
concern?

Definition sections work something like header file #defines. One may
replace all instances of the word "intercept" with "googleplex" and
arrive at the same result.

> >The wiretap act is intended to protect proprietary rights in message
> >content from another's wrongful taking. There's no indication
> >anywhere of intent to gaurantee a level of service for content's
> >transmission.
>
> I don't think anyone would expect you to guarantee a level of service. But
> it is not unreasonable to expect that you are not arbitrarilly and
> capriciously discrimminating against people who reasonably expect you to
> pass their packets. This goes far beyond spamming. Consider what might
> happen if it actually is permissible for people to arbitrarilly blackhole
> another person or company, at a whim. Suppose Microsoft decides to take
> out Netscape during a dispute. Etc. Such behavior is already illegal,
> given my interpretation.

I don't disagree with the last sentence, provided the claim of
wrongdoing is based in something other than these statutes...

> >I find it somewhat reassuring that those desperate spammers who have
> >litigated related matters haven't attempted recovery through the civil
> >remedy provided by s2520. Don't you agree that they would have tried
> >if the theory had even a tiny bit of merit?
>
> You have to know about it.

I can't imagine someone making it through the second year conlaw
classes and not butt heads with wiretap act two or three or more
times, but I concede the possiblity.

> It appears the spammers aren't very good at
> getting good lawyers so far, considering how they phrased their cases so
> far.

I thought counsel for the detestable firm with "C" in its name put
forth an interesting defense (company town). The failure to prevail
probably speaks more to the lack of merit in his client's position
than it does the competence of the representation.