Broad Bills to Protect 'Communications Services'

mttlg writes "According to Freedom to Tinker, MA, TX, SC, FL, GA, AK, TN, and CO have introduced similar bills that would make it illegal to possess, use, etc. "any communication device to receive ... any communication service without the express consent or express authorization of the communication service provider" or "to conceal ... from any communication service provider ... the existence or place of origin or destination of any communication." (Additional legalese removed for the sake of brevity.) This would seem to outlaw NAT, VPNs, and many other security measures. In other words, don't secure your communications, just sue if you don't like who receives them." The bills define 'communication service' as just about any sort of telecom service that is provided for a charge or fee. In effect, they would extend the already-extant laws relating to theft of cable TV services to any telecom service. For example, if your ISP charges per computer connected, using a router/NAT device would be illegal if these became law.

Ouch

[DeadSea]

This law would make it illegal to do several things that I currently do:

1. Run a proxy server at home and connect to it via ssl so that my employer can't tell what web pages I visit at work.
2. SSH chaining - Use ssh to log into a remote computer and use ssh to log into another computer since this makes both endpoints unaware of the address of the other.
3. Use a remailer as a whistleblower. A remailer stips all headers off a message before sending it out to a new specified sender. This provides anonymous mail which is important for people who are afraid of retribution if the note could be traced back.
4. Post to slashdot anonymously.

Re:Ouch

[Carbonite]

While I can certainly see legitimate uses of each of those things, they do seem rather questionable. Even if you're using these methods for the right reasons, I'd suspect that many people aren't. The real debate is whether a law prohibiting these activities is necessary. I believe that in virtually all cases, the answer is no.

Re:Ouch

[jgerman]

It doesn't matter who it's directed AT. What matters is that it can be used against anyone that it covers. Which include people doing the things the poster suggested. Things that should not be legislatable (matbe I just made that word up). I contantly ssh from box to box in what may be a long chain of ssh sessions. This bill is ridiculous and has no business even being up for a vote. It's nother example of how current lawmakers get involved in things they have absolutely no comprehension of.

Re:Ouch

[warmcat]

The DMCA wasn't aimed at printer cartridges. But there it is.

Re:Ouch

[B1]

I think this bill is probably not so much directed at us, IP geeks, as much as it is directed at people stealing sattelite TV, and people stealing cell phones

It may not be directed at IP geeks--maybe the spirit of the bill is that it's supposed to go after satellite TV pirates and cellular fraud.

The problem though is that once the law is in the books, it's the letter of the law that matters. And right now, the wording of the bill leaves it open to potential abuse.

The law may not target IP geeks, but if some ISP wanted to go after NAT users, they would now have a broken law on their side. As with the DMCA, the road to hell is paved with good intentions.

Re:Ouch

[kableh]

The real debate is if this will stop real criminals, as opposed to those of us who have work to get done, from doing any of these things. I believe that in all cases, the answer is no.

Re:Ouch

[Creep73]

If an ISP can regulate the amount of computers I have hooked up to that ISP's pipe can the water company charge for the amount of faucets installed in my house? Can the electric company charge me for the amount of electrical sockets installed in my home? Can the phone company charge me per phone? The logic used in coming up with these policies is flawed to the core. I thank the companies for this and the gullible lawmakers we have in this country. Instead of making money by creating and proving viable services they will make their current services and products make them more money through bad legislation. Unfortunately it is the current trend. Just ask Disney's Mickey.

This is frightening

[joebagodonuts]

"In effect, they would extend the already-extant laws relating to theft of cable TV services to any telecom service."

It does more than that. The language of the bills uses the word "harm" instead of "fraud". The language is vague enough that it could be twisted to be used against anyone. Just having a firewall that does nat translation is a violation of these bills.

All brought to us by the friendly folks at the MPAA. Jerks

Yeah, but the cow's already out of the barn...

[Bonker]

While not having quite the range of people using services in violation of these statutes as say, people downloading mp3's, there are already so many people doing these things, and profiting on them, that it will be pointless to try to enforce this law.

Imagine for a second Bestbuy's reaction to the fact that it's popular cable-modem routers and wireless access points have all become illegal. I don't exactly see them pulling millions of dollars of hardware off the shelves without a legal fight. Nor do I see the manufacturers of those devices just giving up either.

I NAT and I'm proud of it!

Re:Yeah, but the cow's already out of the barn...

[SpaceLifeForm]

Not to mention that SBC *provides* routers for home DSL users that have multiple computers.

I also NAT as do many others. The PTB still don't have a fsck'n clue when it comes to home networking. For some reason they believe that home networks are costing Large Corps money, when in fact, most people doing NAT at home probably have a clue and actually reduce problems (ex: CodeRed) due to firewalling.

A proud member of the NAT terrorist group!

I Am Not Sure How To React

[Jerk+City+Troll]

It seems to me that the likelihood of these bills getting passed is next to nothing (of course, one can never be so sure). They were clearly introduced by technology-clueless law makers, but once they are subject to a vote, their silliness should become obvious. So I am not entirely afraid that they will succeed. If they do pass, other states are likely to pick up and follow the trail.

What is really scary to me is that, even though these bills were introduced by the ignorant, the fact that lots of legislators had the mind to introduce them in the first place is shocking. Particularly on the note of encryption, this is largely unconstitutional and hopefully, if ever passed, these bills will be challenged by (financially) enabled individuals.

How can such a thing even hold up when it not only criminalizes most existing telecom infrastructure, violates the 4th Amendment by tangent? Of course, we do live in a DMCA-cursed USA...

Re:I Am Not Sure How To React

[Cpt_Kirks]

It seems to me that the likelihood of these bills getting passed is next to nothing

In TENNESSEE? Dude, up until a couple of years ago, you could hire a contractor to work on your house. Your agreement was with him. If the contractor did not pay HIS suppliers, the supplier could put a lean on your house. And it was LEGAL!

Bad law, crooked as a dogs hind leg, right? It took YEARS AND YEARS to repeal that shit. The building material suppliers said it would bankrupt them. God knows they shouldn't have to do credit checks on fly-by-night contractors...

Relax, John Ashcroft will help you..

[grub]

Just wait for John Ashcroft to announce the only legal services after these laws take effect:

http://www.nsa.gov/patriot-proxy/
http://www.fbi. gov/freedom-remailer/

Depends on Definition

[PhxBlue]

From the article:

If you have a home DSL router, or if you use the "Internet Connection Sharing" feature of your favorite operating system product, you're in violation because these connection sharing technologies use NAT. Most operating system products (including every version of Windows introduced in the last five years, and virtually all versions of Linux) would also apparently be banned, because they support connection sharing via NAT.

I'm not concealing the origin or destination of communication, in any of these cases. If I'm using a router to share my network connection, the origin/destination of my ISP's communications is whatever box is doing the routing. After that, if my router routes a copy of the data from my ISP to another PC in my home, that's okay: the transmission between my router and my ISP is complete, and the new transmission is between my router and one or more PCs on my network.

I've always held that, as far as ISPs are concerned, they're responsible for supporting their network until it reaches the access point of my network--whether that's a single PC, a PC that shares its internet connection, a router, whatever. After that, I can accept the liability of supporting my own equipment. This should be handled the same way.

Actually, better yet, it should be shot down outright. But that's more optimistic than I tend to be about such things.

This is intended for Radio....

[wowbagger]

This bill is intended for radio, and is to prevent you from having a scanner.

However, unless they change the current law, having an Amateur Radio Operator's license trumps this - being a ham I can have a scanner, due to hams' role in emergency communications.

However, this is just like the Electronic Communications Privacy Act of 1987 - it may be illegal to eavesdrop on cellular communications, but it did'nt really stop anybody from doing it. Going from an insecure system (AMPS) to more secure systems (GSM, CDMA) did that.

However, the point of the /. post is valid - the law of unintended consequences comes to play - VPN, NAT, proxies all could be banned by wording that broad. Perhaps that is a good thing - overbroad wording might just get it thown out.

Yeah, and moderators on /. will grow a clue. Time to start adding comms gear to my armory.

Re:Doh...

[JaredOfEuropa]

What about phones, radios, etc? As long as you don't have "express permission" from the service provider, you're in trouble. I am glad we in Holland have a law called the "Right to reception", which basically means that if something is transmitted into the ether, it's fair game for anyone to receive. This law is quite fundamental, almost constitutional, and has even be used to uphold the right to use radar detectors to avoid speed traps. The law grants you the unconditional right to receive anything, including the radar signal.

Re:NAT

[AmigaAvenger]

my linux pc IS a single PC... it routes traffic to other machines internally, but that is my own business and no one elses. I only have one machine connected to the internet, but have 6 more connected to that machine.

fear causes pussies to bitch

[diablobynight]

You see all the pussies that can't get over the fact that our towers came down. Are using there fear as an excuse to pass thousands of laws, that don't affect them because there non-technical ninnies, and sadly the rest of America is dumb enough to let this crap happen under the guise of patriotism I bet it was patriotic to kill a jew in Germany during world war II, patriotism isn't always a good thing.

No violations

[gr8_phk]

The endpoints of a connection are specified by IP addresses. If NAT is illegal because the "source" is disguised, they're really dictating what software you can use and what you can do with it - the source is obviously the machine doing NAT. They need to understand that they operate at the packet level - they sure don't offer any higher level capabilities that I care about. If they want to regulate what's in your packet, then they can be responsible for kiddy Pr0n and any other illegal activities taking place over "their" network.

I used to work for a small ISP/Telco, and my boss always liked the Common Carrier status because it exempted them from liability. Apparently big ISPs don't understand this yet. If you monitor it, you're taking some responsibility for what's in it.

Reducing Security and Utility == Profit & Just

[HeelToe]

Geez.

This is really bad.

I hope the states where I run networks aren't next.

This allows companies to make more money off us by the threat of lawsuits or report to the authorities. If someone sells me internet access at a specific bandwidth, they should expect I can and may use up to that allotted bandwidth. They are selling me bandwidth, not individual ethernet ports.

Things like ssh-tunneling to hide IM and WWW traffic while I'm at work, as well as improving the security of my networks by hiding the endpoints of my ipsec tunnels behind nat boxes also becomes illegal.

So, in summary, we're trading utility (let's face it, a lot of these vpn/nat apps make things easier to handle - voip tunneling, smtp tunneling, very nice stuff handled with both vpns and nat), AND security (why should all my network devices sit exposed?) so that companies can make more profits, and we can be hauled to jail for making it harder to snoop our communications?

This is ludicrous. Where will the fascism stop?

What about Freenet?

[Lockle]

to conceal ... from any communication service provider ... the existence or place of origin or destination of any communication.

I believe that this item is probably not intended to go after NAT'd computers, but to try to cut back on spammers using broadband connections.

If this is the reason, they should be applauded for trying something new. This law WOULD make forged headers illegal.

One problem is that this also constrains anonymous peer-to-peer systems such as Freenet. One of it's strengths is that when you receive a request for a file from an IP, you don't know if that IP origionated the request. If you don't have it, you pass on the request and the node you pass it onto doesn't know if you requested it.

This does make it impossible for a "communications service provider" to determine the origin or destination of the file or information request.

If this is the intended outcome, it is a major violation of a civil liverty we have been appreciating lately.

When they outlaw firewalls...

[MsGeek]

...only outlaws will have firewalls. If this bullshit spreads to California, damn straight I will keep my ipfw/nat firewall up!

Time to make this a very uncomfortable time for your state assemblypersons and senators if you live in the affected states. Geek power stopped the Berman Bill, geek power is forcing the feds to revisit the DMCA, geek power is a pretty amazing thing when unleashed.

The one thing that makes the least sense about these bills is that firewalling+nat is one of the tools needed to combat worms and exploits. Everyone is so damn interested in "protecting our Internet infrastructure from exploits, worms and viruses" yet these same clowns are taking away a very important tool that real people can use to make a real difference against these problems.

And what if you are still running Windows NT4, for whatever reason? The workaround Microsoft gives people for the recent RPC vulnerability is to keep the server in the private IP space and firewall off the ports in the 13x range! You can't do that without a NAT!!!

Time to fight this and fight it hard. Whatever you think about whatever other issues are going on around us, this is serious shit.

What other option do they have?

[Musashi+Miyamoto]

I would estimate that most persons with a NAT gateway is not using their internet connection any differently from a person with a direct connection. One machine surfing at any one time...

Why can't the cable and DSL provider settle on a reasonable limit, such as "no more than 4 computers from the same household"? That way, it allows 99% of persons with routers to do what they want to do (allow multiple family members to surf the net, or allow them to surf the net from any of their computers).

The problem is that most cable companies are accustomed to charging more for multiple connections. They are similar to the telephone company (ATT) before the government had to step in. What they refuse to realize is that most customers know that it does not "cost" the company any additional money when they watch cable on another TV, or surf from the livingroom instead of the home-office.

Though, they currently have every legal right to demand that only one device is attached to their line, most persons know that there is no legitimacy to the demand. It is pure greed.

what the bills actually say

[dAzED1]

Does anyone actually read things anymore?
From the texas bill

(a) A person commits an offense if, with the intent to harm or defraud a communication service provider, the person:

(1) obtains or uses a communication service without:

(A) obtaining the authorization of the provider; or

(B) making a payment to the provider in the
amount normally charged by the provider for the service; or

[(3)] tampers with, modifies, or maintains a
modification to a communication device provided by or installed by the provider

That is the entirity of the definition of a bad guy in this bill, as it is currently proposed as of the time I'm writing this.

So, you have to, with "intent to harm or defraud," "[use] a communication service without""obtaining the authorization of the provider; or making a payment to the provider in the amount normally charged by the provider for the service; or tampers with, modifies, or maintains a modification to a communication device provided by or installed by the provider." I put it all together for ye who don't want to link.

So, to be even MORE clear, this only effects people who are trying to harm or defraud an ISP, etc, by using service without authorization.

Does a VPN "harm or defraud" an ISP? NO

Does ssh "harm or defraud" an ISP? NO

Does posting anonymously anywhere, or any of the other things being complained about, "harm or defraud" an ISP? NO

I don't have the time to quote and translate each and every bill out there, but I do certainly recommed actually reading them before deciding the bills will make it illegal to brush your teeth. Knee-jerk, anyone? Know what you're having an opinion about, before forming that opinion.

Read these *drafts* more carefully

[Gudlyf]

The key words in these draft bills is that these are in regards to the user acting "with intent to defraud" and is written to imply that it is the use of technologies "to defraud" that is the crime, not simple possesion. The bigger risk is that this bill could be used to tack on additional charges to some other crime (e.g. if you submitted a fraudulent tax return via an encrypted channel). Unfortunately, some cable vendors have very restrictive usage agreements so it may be quite easy find yourself technially guilty of "fraud".

Re:Read these *drafts* more carefully

[Specter]

"Wait, there are yet more words here..."

The specific phrase actually says:

"with the intent to harm or defraud a communication service"

What's left unspecified is the definition of "harm." Is it harmful to a broadband ISP who offers a VoIP phone service if I choose to use another VoIP service vendor? Economically speaking, I think it's rather apparent that the my use of an alternate IP telephony company results in lost revenue for my ISP. That's harm; does it rise to a level prosecutable by this law?

Am I attempting to defraud my ISP if I use intentionally use "too much" bandwidth?

Is the mere posession of a wireless access point (where the possibility exists that someone outside of my household might be able to use it) enough to imply intent to harm or defraud? What if my WAP is running on one of those Linux boxes all those evil terrorist h4x0rs use?

And to your point about Terms of Service from your ISP; those are often changed without any notice to you. Does that open you to "intent to defraud" if yesterday P2P was ok, but today it's not and you inexplicably weren't rereading your ToS daily?

The problem with this is that, as usual, the reason for writing the bill (stop people from stealing things) got completely lost in the authoring process.

Jared

Re:Read these *drafts* more carefully

[Happy+go+Lucky]

The key words in these draft bills is that these are in regards to the user acting "with intent to defraud" and is written to imply that it is the use of technologies "to defraud" that is the crime, not simple possesion.

Not in the Colorado bill. In ours, "A person commits a violation under this section if he knowingly [commits a prohibited act, which would take me about ten pages to transcribe and does appear to include the operation of an otherwise legal VPN or IP-masq firewall.]

Colorado residents: This late in the session, it shouldn't be too hard to make sure this thing dies. Call your state rep and senator (it's been introduced in both houses: you can get the numbers through www.vote-smart.org if you know your own ZIP code.)

Right now, it's in the State House Information and Technology Committee, and the (god only knows why) Senate Veterans and Military Affairs Committee. You can gripe to their chairmen, Rep. Shawn Mitchell at 303-866-4667 and Senator Doug Lamborn at 303-866-4835. Sen. Lamborn is the bill's Senate sponsor, so I don't know how much good that particular phone call will do.

Re:Read these *drafts* more carefully

[rizzo420]

the problem with your argument is that your ISP does not have any revenue from you if you use VoIP from someone else. if you steal VoIP from your ISP, then you are both harming and defrauding them.

using too much bandwidth is not defrauding anyone, in fact, unless you are specifically altering hardware to "get more bandwidth" or stealing a connection from the ISP, you aren't doing anything wrong. they provide you with the internet connection, it's their decision as to how they limit your use (some ISP's block P2P connections). if they want to shutdown your service after you transfer "too much" information to or from the internet, they can, but it should be written in the terms of service.

running a NAT box or router so more than one computer can connect is not a violation unless it is specifically stated that your connection is only for one computer and you must pay for each additional computer connected. if, and only if, your ToS says that, then yes, you are defrauding or "harming" your ISP.

as for changing the ToS, i have never seen it change drastically without them notifying you. usually a change is something small like the way they word something.

and a final comment. when getting broadband, i had the option of going with SBC DSL or with AT&T cable (which is now comcast). we got DSL because AT&T said you could not run servers using your connection (servers being ftp, http, telnet, ssh, whatever, probably includes P2P applications as well). i didn't like that, so i went with SBC even though the upstream sucks. so read the ToS before you sign up for anything anyways. but if i had AT&T, and tried to run my ftp server or "share my bandwidth" with others (since that's what they called running a server, i would be "harming" them. the bill gives more legal rights to teh telecommunications companies, but i don't see any questions as to what harm means. i think in this sense it's meant almost the same way as defraud.

Counterpoint

[gillbates]

Wouldn't this also make SPAM illegal? Or at least provide the legal means to force spammers to provide accurate headers?

</fantasy>
In a dark basement, the door is suddenly kicked in by state troopers. A man surrounded by computers with a broadband connection is busted as a terrorist for 'concealing the source of communications'. In tears, the spammer is taken away to rot in jail.
<fantasy>

Okay, it's not like the government would actually use this law for something as useful as busting spammers, but sometimes it's nice to dream....

But on a more serious note, anonymity has been considered a constitutional right by the Supreme Court for quite some time now, and I don't think this law would stand up to constitutional scrutiny.

Re:Where is your Freedom going?

[Musashi+Miyamoto]

I believe it was Patrick Henry that said:

"I know not what course others may take; but as for me, give me liberty or at least give me a false sense of security"

Try shaking your head in disgust

[87C751]

introduced by technology-clueless law makers

You mean there's another kind?

What is really scary to me is that, even though these bills were introduced by the ignorant, the fact that lots of legislators had the mind to introduce them in the first place is shocking. Particularly on the note of encryption, this is largely unconstitutional and hopefully, if ever passed, these bills will be challenged by (financially) enabled individuals.

Don't look now, but that pesky Constitution is on its way out. As soon as we see a few retaliatory terrorist actions inside our borders, the threat level will go to Red and the Feds will punch the panic buttons. All of them. By the time the dust settles on that little imbroglio, you're going to wish that encryption and NAT were all that were illegal.

Interesting times, indeed.

Re:Makes no difference to me...

[EricWright]

You are a prime example of what's wrong with this country. It doesn't affect me, so why should I give a shit. Me me me me me... The world doesn't revolve around you. These laws (were they to become laws) would affect a lot of people, and in an adverse way.

My ISP doesn't give a fat rat's ass if I run an email server. I don't allow open relays, so it deals with about 5 emails a day. Big whoop...

I'm kind of surprised they haven't bitched about my 1-2 GB/day Usenet habit, though...

Massachusetts

[ravi_n]

According to this the MA proposed super-DMCA bill has been referred to the committee on criminal justice and there is a public hearing scheduled on April 2. Doesn't sound dead to me (as one other poster claimed).

Does anyone know how people can get into that meeting and testify? I'd hope some quick grass-roots opposition could kill this.

Best buy won't help and you NEED HELP.

[Erris]

Imagine for a second Bestbuy's reaction to the fact that it's popular cable-modem routers and wireless access points have all become illegal.

The device won't be outlawed, using it without a fee will be. BestBuy sells cable modems too.

The problem is that this outlaws anything not explcitly alowed by your telcom. While doing some things has already got people Raided by the FBI, this will extend things considerably. It essentially redefines the alrady broken definition of "common carrier" to the point where you can't do squat. Instant messaging, VoIP, secure shells and more will all be outlawed or provided as a $ervice open to your provider's clerks. Looks like we won't have to worry about the internet making a real free press or helping people protect their fourth amendment rights.

The smarter you make the internet, the less you can do.

Question of definitions...

[OmniGeek]

IIRC, the FCC recently defined Internet service as an "information service" rather than a "communication service" so that they didn't have to apply common-carrier fairness restrictions to ISPs, notably cable providers. Is that subtlety likely to torpedo some of these bills that refer to "comminucation service provider", or does the bills' language sudestep this trap?