White House to Propose System for Wide Monitoring of Internet (fwd)

I have restrained from saying this so far but... "I told you so."

When I attended the Oakland NANOG in October 2001, I had just
returned from Washington DC. The trip originally was for my
brother's wedding but I extended it for some personal lobbying on
the so-called USA PATRIOT bill as it rushed through the process,
having not one single public hearing in either the House or Senate.

During that time I was continually in contact with the very
knowledgeable staff at CDT, EFF and an attorney who is a recognized
expert on Fourth Amendment search and seizure law and the 1996 AEDPA
anti-terrorism law that laid the groundwork for "Patriot".

As a USENIX member and NANOG participant, I had more insight into
the practical effect of the sweeping proposals in "Patriot" on actual
net operations than the attorneys did. I realized that the "Patriot"
law, when passed, would sooner or later entangle network operators in
crucial decisions affecting the ability of ordinary users to traverse
the net freely as we have always done.

I did my best to alert my Oregon congressional delegation to these
issues, in personal meetings with their staff on Capitol Hill the
first week of October. I've got a lot of background in lobbying but
found this very hard to do. Bridging the gap between communications
and security policy and operational reality is a difficult matter at
best. But still, we have to try.

At the Oakland NANOG, following meeting procedure, I sent an email
query requesting some discussion of the implications of the "Patriot"
bill, which ended up passing late in the month, and received a polite
but firm reply from Susan Harris: this was beyond the scope of NANOG.

I begged to differ then, and now I suggest that we all give serious
thought to the implications that increasing and direct government
intervention in the operation of the Net is starting to have.

We all want security, but security without liberty runs contrary to
the founding principles of the United States. And as Bruce Schneier
has emphatically pointed out, security is a process not a product,
whether it's a firewall or Total Information Awareness. Avi Rubin
observes the issue is not that the potential already exists to do
great damage with the Internet. With the advent of ever more potent
attacks, from ordinary worms and viruses to Code Red and Nimda to
root server DDOS and beyond, that is not disputed. The question is
why this capability is not used more often.

The restraint from using technology for its maximum destructive
potential is the social bonds that we have as human beings. The
great benefit of the Internet is that it helps strengthen those
bonds, improve our planetary communications, and at its best help
us collectively address the issues our societies face.

If we do not have the maximum freedom to use the net for those
purposes, free of government interference and arbitrary control
wherever possible, but consistent with *reasoned and reasonable*
security measures, our security will instead be undermined in the
long run.

That is why the approach and attitude of network operators makes
a difference. It mattered at the time of the Oakland NANOG, and it
matters now. Perhaps NANOG is not the organizational locale to work
these issues out, although I could see it being so. But a coherent
response to increasing intrusion of governmental policy on network
operations needs to happen, one way or another.

You might say, "it's not my job to make policy." And that may be
true. It's not a branch librarian or circulation manager's job to
make policy either, but they all belong to the American Library
Association, which has emerged as an effective champion of real
security and real freedom on the Internet, because they are
committed to the principle that their primary obligation is to the
users of library services. I believe network operators should,
and do, take very seriously their primary obligation to the users
of Internet services.

So I ask my friends in this organization NANOG whose purpose and
work I, a mere net user, greatly admire, to consider this question
with the greatest thoroughness. When the government (whichever one,
not just the US) comes knocking and asking you to do something that
restricts the freedom of net users, what will you do? When those
in your organization who set policy come asking what it will cost
and what it will mean to users to do what the government wants, what
will you say?

I don't mean to place the entire burden on the shoulders of NANOG
and its members. But I do think it's important to consider the
obligations that all of us, who have some in-depth knowledge of
how the Internet *really* works, have to the users of the Internet,
which will ultimately be every last one of us on the planet.



------ mail forwarded, original message follows ------

BRAVO FRED!!!! You encapsulated this well...now its up to us.
The bureaucracy is bound to forge ahead in establishing the police-state, we do NOT have to help them...