Slashdot Mirror
Michigan First With A Law That Could Outlaw VPNs
zaren writes "Holy frell, Taco, we're gonna be criminals! I was checking out Freedom to Tinker after reading the posting about that multi-state anti-VPN-style legislation, and I saw a new posting that says that Michigan has ALREADY passed such legislation, and it goes into effect on MONDAY, MARCH 31, 2003 . Guess I better tighten down the base station and batten down the hatches..."
WTF?! I can't rip CDs to MP3s anymore and now it's illegal to use a VPN?
Honestly, I'm starting to feel guilty as soon as I start using a PC. I must be breaking some law as soon as I sit down.
It's about time for the otherwise useless ACLU to start some legal action. Finally, they'll have something to pursue that's worthy of their time.
Michigan doesn't seem to have made it to the 21st century yet.
Finally Microsoft windows is illegal!!!!
Any web browser can be used to access a proxy server making All web browsers illegal in Michigan. Since IE is so integrated into the software (that it can't possibly be removed), it makes all windows OS's illegal!
Of course this applies to all linux browsers, but we can remove those.
Ahh yes, the crap is piling up, and it aint the dairy cows.
THE WORLD IS GOING TO END!!!! eventually.
Every IP packet I pass through my ISP contains a source and destination IP address.
What else do they need to know?
"Your honour, at what layer of the OSI Network Layer model is this bill to be enforced?"
"Er, case dismissed."
This post about legislation in various states to illegalize using multiple computers on a a 'Net connection without express permission from a service provider sounds like a combination of the mindless anti-piracy drivel we've been reading, and a bit of "legislation-for-sale" by various legislators not so scrupulous about campaign contributions... This really gets my ire, because not only is this technically misguided, it's so obviously legislation to, at a minimum, protect a business model!
It strikes me that the reason why this legislation appears in the states that it does is perhaps a particular ISP has something to gain by it. Close that loop, and you'll probably find who lobbied for it.
To defeat this kind of legislation sounds like it'll need some kind of federal-level class action movement against it. Perhaps something along the lines of a significant breach-of-contract in bad faith with your ISP, or the fact that the legislation attempts to explicitly modify a contract(s) in-force presently, which may be a no-no for states.
One thing that might wake up ISP's to this, is if people started requesting copies of their contracts in writing to be snail mailed to them as proof of that contract-in-place before the law comes into effect. I would think in most states you have a legal right to a printed copy of a contract?
This gets to the fundamental question of who owns the customer-end of the IP pipe into your home, and corporate America wants as much control over that as they can. To us geeks, it is readily apparent to us that once the wire gets to us, we ought to be able to hook up the coffee machine or the computer to it. This makes me wonder of how this set of legislation violates any anonimity statues, or guarantees of privacy businesses have offered on the web. If you can't VPN, or go through a proxy or firewall, and your IP address is your machine in some way, shape, or form, those sites cannot in any way state the information they collect is anonymous.
Can't wait to pay another 5 bucks a month so my handicapped little brother can surf pokemon.
All this does is make the isp aware of how many machines I have.
A while back the ma-bells tried to charge for every phone you had in your house, and they succeded for several years.
This is another in a long line of atrocities commited by our elected representatives.
THE WORLD IS GOING TO END!!!! eventually.
I still think all the geeks should collect in one state and make their own laws. I like Florida because it has nice beaches, warm weather, nude women, and the majority of it is uninhabited. Any state with few enough current citizens would do though. The only way to stop stupid laws like this is to have a political voice.. and being that we're outnumbered by morons we need to collect in a large enough group in a small enough region of morons so that we can be heard. Having our country controlled by corporate interests and religious fanatics isn't exactly good for our future.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
This is easy for me to write, I'm in Europe so can't participate; however, there have been calls for geeks to politicise, to make their voices heard...
If every university and college student turned him/her self into the police on Monday morning for being in violation of this new law, the system would choke. It'd get a hell of a lot of media attention too. Something has to be done... these laws, largely unenforceable, continue to be passed... each one errodes the rights of ordinary people...
I simply can't fathom how a law this monomentally stupid has been passed... but it's got to be challenged. A mass protest would certainly expedite it and might prevent similar laws from being passed in other states where they're being considered.
Back in the bad old days (prior to Jan. 1, 1984), you could only get a phone from AT&T. They owned Western Electric, which was the only manufacturer of telephone equipment. They owned the lines (there were some exceptions where GTE had a local market). If you wanted a phone, you had to accept the whole package.
You had to lease your phones from them -- you couldn't buy them. You had to pay extra for DTMF (Touch-Tone [TM]). Your monthly bill was based on the base rate times the number of phones plus the base local call charge plus the incredibly overpriced long distance calls, which themselves worked on a minimum of three minutes and charges were rounded up to the next whole minute.
They stifled technology much more so than IBM, even when it hurt them. It became cheaper and easier for them to have customers using DTMF, but because people wanted it rather than the damned dialing wheels, they kept on charging premiums, which meant they had to keep those old number nine crossbars in the COs rather than (or in addition to) the electronic switches.
The whole idea of ringer equivalence existed so they could shoot a charge down your line and know how many phones you had. If it didn't match, they'd come over for a "technical visit". If they saw signs that you had more than the paid/claimed number of phones, they'd either hardwire the phone in the jack or remove other jacks. You had to let them; it was their equipment.
People used to huddle around a phone to listen and talk at the same time because Ma Bell wanted you to pay twice as much to have two people at home talk to a caller at the same time.
ISPs are trying this game, requiring you to use their hardware, accept their version of "normal use", and pay per computer rather than for the amount of data transfer so they can claim "unlimited" or "flat-rate service. It may be illegal based on the same decision which finally allowed people to buy their own phones, have as many as they wanted and use them as they saw fit.
This needs to be stopped quickly. Lawyers need to compare these laws to the Orders from Judge Harold Greene which stopped AT&T doing this, and have this bad legislation removed. You people in Michigan need to get started!
woof.
Every IP packet I pass through my ISP contains a source and destination IP address.
;-)
More importantly, define "source" and "destination".
This just means that, from now on, I "intend" every packet going through my NAT box to actually go to or come from that box. The fact that my NAT box has to talk to the outside world to serve that data doesn't matter, since the ISP can fully well see that part of the transaction.
Or, to put it another way...
I consider my ISP as nothing more than the "communication service provider" to my NAT box. I provide the service from my NAT box to my real PCs (did my ISP come in and lay CAT5 between them, or provide the power or the signal flowing over that CAT5?), and I can see the source and destination of everything on the internal LAN just fine. So no problem exists.
Somehow, though, I doubt the law will see it that clearly, and this crap will end up effectively yet another random-and-ubiquitously-enforceable-at-will weapon in the government's arsenal of ways to screw otherwise law-abiding citizens.
Damn, and I can't even blame Bush or Ashcroft for this one.
Specifically:
(1) A person shall not assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise an unlawful telecommunications access device or assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise a telecommunications device intending to use those devices or to allow the devices to be used to do any of the following or knowing or having reason to know that the devices are intended to be used to do any of the following:
Establishes that owning, creating, or publishing information on how to create a device that violates any of the following items is a felony. The item in question is:
(a) Obtain or attempt to obtain a telecommunications service with the intent to avoid or aid or abet or cause another person to avoid any lawful charge for the telecommunications service in violation of section 219a.
Yet the bill does not put a limit on what telecommunications services are allowed to charge for. Therefore, if you're local ISP decided to charge for say each HTTP request, they could sue Microsoft for Internet Explorer's ability to download an unlimited number of webpages (since it is avoiding any lawful charge for telecommunications service).
A half-way decent lawyer should have a field day with this bill...
int func(int a);
func((b += 3, b));
Now that media covergence is drastically changing the landscape, turning voice data into just another type of packet on the network, the phone companies are surely in a tizzy. The whole concept of a "long distance call" is undergoing a complete rennaissance, since one can now pass voice data over the internet, completely bypassing the traditional call switching mechanism. One could conceivably setup a couple of PSTN gateways and pass calls end-to-end without any long distance charges.
Consider if you are an organisation (commercial or otherwise) who has offices in different places. You want to link your offices up either by direct leased lines or some kind of VPN over the public internet. For your telephones you get a modern integrated PBX. Which is hooked up to some phone lines and the network. Any interoffice calls go over the WAN, incomming calls might also wind up being sent to a different office and outgoing calls will use phone lines in the office nearest their destination.
There's at least one thing they'll have to reconcile: It's not considered a "long distance" service if I interact with a remote server from my local ISP connection, but somehow, it magically turns into a "long distance" issue if voice data is involved. What do you bet that they propose slapping a charge on ALL interstate internet traffic
International as well as interstate. Anyway it's quite often the case that telephone call charges have little relation to the route the call takes,
+5 Informative?
Basicly, VPN gives you a secure and encrypted tunnel to some host (a VPN concentrator) somewhere on the net. All or some of your traffic will go through this tunnel and emerge at the concentrator, where it is sent to it's real destination.
The effect is that for the rest of the net, that traffic will appear to be coming from the concentrator (or the lan of the concentrator). This is useful for example for universities or companies that have some resources that are unsafe for the rest of the net, but is perfectly acceptable through an encrypted tunnel. Samba for example.
I haven't bothered to read the articles, since this sounds like complete and utter bollocks. But if they're targetting NAT too, then I guess that their thing is with "misdirection" through IP. Sounds to me like they would have to ban proxies etc. as well.
How small a thought it takes to fill a whole life
Ok you guys are just being a little to anal retentive with the words.
First off disguising origin. Anyone with half a brain knows you cannot get a location from an IP address. What they mean by it is IP Spoofing. If I'm a Comcast customer, I can't set my network to trick others into thinking I'm on Verizon, AOL/TW's, etc. If I am a Comcast customer, then I cannot disguise my IP to say otherwise. If the law needs my physical location, they can go through the legal channels and get it from Comcast.
CID blocking is iffy. I do not think this wouild be affected as it would force SBC and such to discontinue services like Privacy Manager. Second the biggest concern is telemarketing. The FCC is setting up the National Do Not Call list in July with enforcement in September. Why worry?
VPNs would be legal at this point because a) No state legislature is going to tell a corporation (Borders, the big 3 auto makers come to mind) that they can no longer use thier legit VPNs. And if they go after legit personal VPNs, one could claim discrimination based on that. Now if your ISP bans VPNs (which is thier right) then this law is moot anyways. b) Comcast et al do not ban VPNs to my knowledge nor do they ban use of NAT. I bet they love NAT because instead of charging you $10-15 for more IPs, they can charge you and others $40/mo for other individuals. Last I heard, Comcast only cares about multiple computers if they are hogging bandwidth or if non-customers are getting regular access (meaning sharing with neighbors via 802.11, etc.)
Can you think of any modern applications that this law is really targeting? Cell phone cloning and cable descramblers come to mind fast.
Anonymous Cowards generally receive no replies because you're a coward and I'm a bitch
This makes NAT illegal
Nah. Read the first paragraph. It all depends on the definition of what an "illegal telecommunications device" is. If you read the definition of this, you will find that it's a hacked cell phone.
This has zero, zip, zilch, nothing to do with NAT, VPN or anything similar.
Ok, unless I'm missing something here (and I could be), how are they going to prove someone is using a VPN or firewall? The VPN should look like normal IP traffic between 2 machines. Same thing with the firewall. While you could interpret the proposed (or approved in MI's case) law as making these illegal, if they are setup correctly it should be undetectable. From the ISP's point of view, all traffic from that subscriber is coming from the firewall and they can't detect the protected machines.
It's funny...I went back and read the service agreement for my ISP and while it prohibits creating a LAN with "un-approved" equipment, it also states that it is the subscriber's responsiblity to secure the machines he/she places on the network. So, a firewall used to shield the subscriber from the ton of port scans received daily, but really shouldn't be there because the subscriber has 3 machines on the LAN? Seems like a paradox to me and pretty much impossible to prove. Not that it makes the law, written as it is, good or valid.
hmmm..you may be onto something. According to this law, hiding your service provider is a felony...which is exactly what you do when you click anonymous coward. hmmmm...assuming that is the case, in a couple of days, if I were to post anonymously, even though I live in WV, would I be guilty of a felony in MI since that's where the server lives?
Check out my sysadmin blog!
(1) A person shall not assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise an unlawful telecommunications access device or assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise a telecommunications device intending to use those devices or to allow the devices to be used to do any of the following or knowing or having reason to know that the devices are intended to be used to do any of the following:
Umm, doesn't this apply to the company manufacturing NAT and similar devices, rather than common citizens? If that's the case, Michigan would need to drag Linksys, Cisco, CompUSA, Circuit City, and about 10,000 other manufacturers and distributors into court.
_______
2B1ASK1
Doesn't pretty much every ISP include, in their terms of service, a disclaimer that they take no responsibility in any way for any data travelling over their network?
That could easily be interpreted as giving up their rights to deny permission, as it's not their permission to give, after they state that.
Vintage computer games and RPG books available. Email me if you're interested.
Security expert Steve Bellovin writes that he thinks this bill is intended by ISPs to fight off WiFi hotspots.
There has been a controversy in the WiFi arena about whether commercial WiFi services will take off or whether free access via "warchalking" etc is going to make it impossible to make a profit from commercial wireless access. Mostly it is the ISPs who are operating these commercial services (in partnerships with some national companies that set up the technology). And these same ISPs have anti-sharing clauses in their end-user contracts that are widely ignored.
This Michigan law, like the others that have been proposed, would make it arguably illegal to operate a free, public wireless access point without permission from your ISP. And if your ISP is trying to sell commercial wireless that you'd be competing with, you certainly won't get permission.
This law puts teeth in that prohibition. It could doom free wireless. A very big deal indeed.
I have an article on illegal activities under this law at: http://www.stearns.org/doc/networking-felony.curre nt.html.
Mason, Buildkernel and more: http://www.stearns.org/
You didn't happen to miss the myriad of shootings that happened over the past few years, did you? A disgruntled student knows when taking a firearm into school that there is a 100% guarantee that nobody else in that building has access to a firearm. It's like shooting fish in a barrel!
Let a few teachers pack a gun under their shirt, or on their ankle. We're talking about college educated people who have decided to pick a career to help children rise to their full potential here, not Joe Blow off the street. School's a friggen danger zone. Some nut job wants to pop a few children in the head, where's he gonna go? A school! You're guaranteed to have to wait for the police to get there before you can get taken down. You'd have time to reload your pistol over and over again as you mowed them all down.
I think we should allow guns in school for the safety of the children. Personally, any gun-free zone is a horribly unsafe place if you ask me. If you disagree I suggest you slap a sign in your front yard saying, "This is a gun free zone!". If any would-be criminals are casing for a place to rob, or murder, it's probably going to be yours.
Think about the children!
This is going to make a number of RFC's illegal...
How entertaining.
An engineer who ran for Congress. http://herbrobinson.us