Slashdot Mirror
State "Communication Services" Laws Analyzed
87C751 writes "There has already been some discussion about Michigan and other states implementing new laws to protect "communication services", with results that could ban NAT, VPNs and even email encryption. Mike Godwin, of EFF fame, has looked into this subject a bit deeper, and makes a frightening observation. Among other things, this PDF report draws an ugly conclusion: As written, these "mini-DMCA" acts change the legislative focus radically, such that all technology that is not expressly permitted by a communications provider will be prohibited. Is this the backdoor maneuver that will turn the net into television once and for all?"
And I'll drop my NAT box in a heartbeat.
But don't fuck with my VPN!
You think that I'm crazy, you should see this guy!
Mirrored it here in case of slashdotting...
Is this the backdoor maneuver that will turn the net into television ..?
Nah, I think AOl did that.
Best Windows Freeware
There's already Super DMCA legislation that, in certain US states, prohibits the masking and concealment of any internet communication.
Check the eWeek story here.
It has been reported that a new law has been passed in the United States, all posts to /. require a valid username/password pair. This is to avoid those anoying "My dog does yo mama" posts that seem to come from the "Anonymous Coward" terroist group. As the official spokesperson for the group Mohammed Saeed al-Sahaf claims: "There have been no 'Anonymous Coward Posts' since early last year." In another unrelated comment he claimed: "There are no dupes in /."
God made the natural numbers; all else is the work of man - Kronecker
Oh, let me think.. put this dangerous little mind to work for a moment.
If this is what a large provider like SBC wants, perhaps it's not so bad on the surface. (You already know these laws don't get started without their helpful assistance in Lansing, Sacramento, and so on, without their helpful assistance)
Much is made about Wi-Fi. What's to stop grass-roots cooperatives forming wi-fi networks? Seems like I've been reading quite a bit about these on Slashdot lately, including communities, even cities, considering this. Great for a few reasons, not the least of which is less dependency on capital-heavy infrastructure. Don't like SBC? Encourage or participate in creating not competition, but alternatives. As always, watch your back for legislation to prevent or hinder such enterprises, along the lines of "It shall be immensely illegal for people to cast of the chains of bondage to BigBabyBell in favor of a free and unrestricted system."
Remember, countries used to be criss-crossed with a hojillion miles of rail. Once the Interstate highways were built in the USA that all changed. (I saw a rail map once of northeastern LP of Michigan, it staggered the mind how much rail used to be up in that sparsely populated area.) Like rail, BigBabyBell doesn't move without expending a lot of capital. Seems to me Wi-Fi is a capital-light.
A feeling of having made the same mistake before: Deja Foobar
more than your everyday slashdotter will be upset over these implications. Businesses all over the country rely on VPNs. So what happens when a business is based in one state not banning them and does business in one that does?
As for NAT... NAT is an ugly, dirty and frighteningly simple fix to IPv4's shortcomings. Someone already said it, adopt IPv6 and NATs will fade away.
sig
In a word: yes.
I'm convinced all those goatse links were preparation for that eventuality, too.
So, if I'm prohibited to use NAT-based firewalling, who's going to take responsibility for securing my home LAN? Certainly the broadband providers don't want to get into that arena for those people paying the basic $40/mo.
I use NAT not so much for the many-to-one translation of my home network to the internet, but because of the inherent security it provides. Unless the broadband providers are going to be liable for failing to protect my network, my firewall isn't going to go away.
The constant addition of restrictions in order to control the potential of crime or to diminish the ease in which they can be conducted is stupid to me. I mean, murdering people would be a lot harder if I didn't have any arms, but I doubt anyone's gonna pass a law requiring me to give them up.
10 years from now I don't want to be explaining to my sons "I'm sorry, but we had our back turned and gave up our freedom of choice."
Please call your representatives and keep this stuff from passing. /.'ers have shown that they can have a large concerted voice if properly motivated.
I used to have a good sig...
You can talk about raising hell to stop it but frankly, the majority of the population couldn't care less and would probably actually agree that communication between citizens is dangerous and should only be allowed through government approved channels. Especially when the government pulls out the twin boogeymen of terrorists and child pornographers.
So what can you do about it? Nothing. Suck it up. I dare you to prove me wrong.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Everybody who uses Internet Explorer is sending encrypted packets back to Microsoft. MS is generating the packets without consent, but it would seem that both MS and Joe User are liable.
So the collary might be "encrypted communications used in the normal course of software use are allowed." Which would open up lots of loopholes.
Either that, or companies will have to get licensed to use encryption.
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
A BRIEF ANALYSIS OF THE "SUPER DMCA" (THE DRAFT MODEL COMMUNICATIONS SECURITY ACT)
...possessed,
Background
Over the past two years, lobbyists from the Motion Picture Association of America (MPAA) have been lobbying in state legislatures for passage of a model "Communications Security Act." This
act, which has already been passed by six states - Delaware, Illinois, Maryland, Michigan, Pennsylvania and Wyoming - has been represented to legislatures as little more than an updating
and minor amendment of existing state laws designed to prevent theft of cable or telephone service.
A close reading both of the acts that have been passed and of the "draft model act" shows, however, that the proposed law could have a far broader impact - it could undermine existing
consumer rights to use cable, telephone and Internet services, and could also hurt technological innovation and the development of new products that benefit consumers.
The model act, together with the state acts that already have been passed or that currently are being proposed, are often referred to by some opponents as "super DMCAs" or "state DMCAs" - in
reality, their scope is different from, and far broader than, the federal Digital Millennium Copyright Act.
Overbroad Definitions
The acts protect "communication services," which include any "service lawfully provided for a charge or compensation" delivered via electronic means using virtually any technology. This
includes every wire in your house for which you pay a fee, including your telephone, cable TV, satellite and Internet lines. This category also sweeps in any Internet-based subscription services
for delivery of copyrighted materials, including digital music services such as pressplay, MusicNow, or Rhapsody.
The acts would regulate the possession, development and use of "communication devices" and "unlawful access devices." A "communication device" is virtually any electronic device you might
connect to any communication service. The definition of "unlawful communication device" is somewhat narrower, sweeping in any device that is "primarily designed, developed,
used or offered... for the purpose of defeating or circumventing" a technological protection measure used to protect a communication services.
What the Acts Prohibit
The proposed bills generally prohibit four categories of activity:
(1) Possession, development, distribution or use of any "communication device" in connection with a communication service without the express authorization of the service provider.
(2) Concealing the origin or destination of any communication from the communication service provider.
(3) Possession, development, distribution or use of any "unlawful access device."
(4) Preparation or publication of any "plans or instructions" for making any device, having reason to know that such a device will be used to violate the other prohibitions.
page-2
Short Analysis of the "Super DMCA," Page 2
The Proposed Acts Are Unnecessary
The MPAA has argued that this law is necessary to "update" existing state laws to prevent "Internet piracy" and "cable theft." But copyright infringement and cable-service theft are already
expressly prohibited under current state and federal laws. In addition, any service provider who believes a subscriber has violated the terms of his or her service contract can terminate the contract.
The MPAA has not identified any specific problem that is not already addressed by existing law. Nor have state law-enforcement personnel called for or supported these proposals.
Controlling Consumers and Undermining Innovation
These prohibitions, together with the broad definitions, dramatically expand the power of entertainment companies, Internet service providers, cable companies and others to control what
citizens can and can't connect to the services that they pay for. If enacted, they will slow innovation, impair competition and seriously undermine consumers' right
The shift proposed by these bills is radical: all technology that is not expressly permitted becomes forbidden.
This should come as no surprise. After all, the US is edging fast and furious toward a country where any freedom no expressly permitted becomes forbidden. So make sure you read the small print before you buy into the "land of the free" label.
This seems to be the tendency of all civilizations, eventually. After all, power corrupts. But perhaps what is different in this new world is that instead of being enslaved to tyrants and other humans and has been the case throughout history, we are becoming enslaved to corporations, composed of humans. Corporations are devoid of any of the human-characteristics which otherwise might slow or change this progression. Or doesn't it make any difference?
Remember, AC isn't anonymous to us. So stop complaining, sit down, take your medication and watch some TV.
These laws are probably unconstitutional. I would bet that these state telecommunications laws purport to regulate international TCP traffic in a manner that would violate the "dormant commerce clause" in the same way that states are limited in the way they can regulate interstate road traffic. We'll just have to wait and see what happens, though.
Lohmann also references the model bill that the MPAA is circulating among the states, a line-by-line analysis of which is here.
According to my interpretation of Godwin's interpretation.
... use of any "communication device" ... without the express authorization of the service provider.
What the Acts Prohibit
1)
Wouldn't that mean that anytime I changed or upgraded my computer, hardware or software, then I would need to re-obtain express authorization from my ISP to use it to connect?
2) Concealing origin or destination of any communication from the communication servive provider.
This is way to vague. Using a NAT would be no more concealing then say SneakerNet or using a Scanner and forwarding the result. What if I wrote a document and work, copied it on a floppy and then sent it out at home? So any removable media is now against the law. Loosely interpretted, technically a NAT takes my uploaded file from my floppy (read PC) and then is the place of origin and destination.
My argument for using a NAT is that the place of origin was me, my account, my system. Whichever computer I used shouldn't be an issue as long as they can tell that it was my account.
Otherwise, taken a step further would mean I could share an account with anyone else in my household, as the place of origin could be my brain vs. my family member's brain, which obscures the true origin.
First, AOL would only have legal authority in 6 states. (Delaware, Illinois, Maryland, Michigan, Pennsylvania, and Wyoming)
Second, AOL would lose even more money in stocks, do you think people in other states wouldn't object to a monopoly?
Granted I used AOL but replace AOL with almost any company and it comes out to the same result. People would use their wallet to tell representatives and companies just how much they like this law.
So you know this one, then: "The GNU will rise again!" ;)
Grass-roots WiFi networks seem to me to be the only hope for a truly free communication network at this point. Unless there is a massive change in the mindsets of the government and their corporate sponsors toward respect for free speech and privacy, and away from treating citizens as criminals, the internet is only going to get more tied down.
:)
Yet whenever I start thinking about this, I stop at Wyoming. For a WiFi internet to work, you'll need a huge number of connections to ensure sufficient capacity and reliability. That's not so hard in, say, New England. Wyoming is a different matter. Along Interstate 84 (or is it 80? The two meet in Salt Lake City, and I forget which is which) you'll only find signs of civilization (a truck stop and a few houses) every 60 miles. Even with the ability to bridge those gaps, you still don't have the density of connections you need. I pick on Wyoming, but really all the mountain states have this same problem.
I'd hate to see the WiFi grow only to the point of localized community networks that can't talk to each other. Not because community networks are bad, but because the global reach of the internet is one of the reasons it's so cool.
Which, if you forget about Wyoming for a second, makes the Atlantic and the Pacific much bigger obstacles.
The enemies of Democracy are
...do something about it.
Don't like these bills coming across your state legislatures? Write to your local senator or congressman. Go to the Michigan State Homepage and lookup your rep, write them an email, call them, fax them. Don't think it works? Try it and you will get a reply.
Better yet, check the Michigan State Legislature website, and find out when this bill is up for a public hearing before the committee. This is the best use of your time if you are truly concerned. Since we are all somewhat tech-savvy, our input is paramount to countering the massive brainwashing and lobbying the motion picture and recording industry is pounding into your statehouse. Take a day off work, do some research, and tell the committees how this will affect their constituents. I know if this ever hits my home state, I will be first in line to speak out.
It is your right to take advantage of democracy. Sure, it's difficult to change federal legislation, but if you pack the state house, you will get local media coverage, and your state reps will take note. Or you could just keep complaining here...
It won't get that far, though. I mean, it won't devolve to dial-up. Before that happens, there'll be privately operated line-of-sight connections between neighborhoods using lasers, private citizens laying their own fibre or copper around those neighborhoods, and radio amateurs running satellite links between towns.
If you think that's a bit far fetched, www.scitoys.com has plans for a basic laser communicator that can carry a radio signal across a room using a $10 laser pointer. Shouldn't be too hard to beef that up to reach across a road or further.
Yep, piss enough of us off, and we'll simply take the network away from the Baby Bells and see how they like that...
Michigan and layed off 18 people as a direct result of this law. We've relocated operations to another less intrusive state. Way to go Michigan legislature, help out your citizens and look out for their best interests, or line your pockets with bloody money for selling out the voters....you decide..
:(
After all we all know the poor defensless cable companies couldn't make it in the world without government subsidies
errr....umm...*whooosh* *whoosh* Is this thing on ?
I'm not sure how many of you /.'ers out there are familiar with FIRST (For Inspiration and Recognition of Science and Technology), but within the organization, there is a concept known as Gracious Professionalism. Essentially, it means respecting competitors. Record companies and the movie industry need to learn respect for their market, and realize they shouldn't treat consumers as competitors. (Reading the article, it seems to me this entire proposal is based primarily on MPAA views, and little on actual communication company needs.) Passing fruitless laws will only anger their market, and further increase the decline in movie and record sales. Furthermore, why would they invoke laws to increase the political/legal strength of communications companies at all? What would happen to the family who shares a single cable line to all rooms of their house through a splitter, or internet through a router? Will they be tried as criminals for making use of a service they lawfully pay for? Reading up on certain laws and AUP's, it seems routers are already technically illegal, yet DSL and Cable companies offer to bundle them with their service. What is the world coming to when a market must abuse it's clients "to do the right thing." Gracious professionalism.
Then be an optimist.
But do remember that there seems to be an evolutionary/genetic predisposition to optimism.
Ok... So what if the communication provider expressly allows NAT, VPN, etc... It seems to me this will just lead to a migration to ISP's that are less draconian. Failing that, Geeks will start new ISP's or even new "internets".
Temkin
So you buy an internet connection DSL/Cable/Whatever. The External Service Providers job is to get that connection to your house. Then it is my job to be my own service provider. To get the service from my house to the various rooms in the house. My/Your NAT box does not hide the data going from your room to your nat box. And your service provider can still see the data that is going in and out of your house which is the connection that they provide. Question: Does this rule apply? I think so.
"Times may change, but standards must remain the same." - George Carlin.
How does this affect HIPPA? http://www.hhs.gov/ocr/hipaa/
Patient Health Care information must be protected and hidden from the public. Yet this law would prevent this...
Can the CIA/NSA/SSA/NASA no longer encrypt data?
"Times may change, but standards must remain the same." - George Carlin.
The "Super DCMA" is without question a disturbing "revelation" on behalf of the entertainment industry. It shows the continued distrust of business of the consumer, and the desire to engage in anti-competitive behavior by permitting the revocation basic consumer rights.
If taken to an extreme it is possible that a prominent cable company could go so far as to say that you may only use dell computers with their service and that not adhereing to this is a violation of the law. Dell could become a "monoply" by entering into a "deal" with communications providers when in fact that deal - violates anti-trust laws.
It certainly seems "bad". Though this sort of legislation isn't enforceable.
Take NAT for example. Many have been saying that this bodes ill for network address translation. I submit to you this: NAT is most commonly used in a Local Area Network environment. In large companies it is used over a WAN. In either case, it can be argued that the traffic and the origin of the traffic is well known. Each machine has an IP address and whether it is "translated" or not, the communication orginates from a well known PHYSICAL location. The physical origin of the traffic is well known, therefore the law isn't being violated. Clearly - it is harder to defend against this law if the location and "origin" of the offending machine in question is not well known...
What is interesting is how they are using the state legislatures (less visible and more malleable) to enact this sort of law. If it was really legit, then why not go the federal route?
Finally, this sort of law is a golden opporunity for a service provider to provider service that is competely unencumbered by the provisions of this "Uber DCMA". It's only valid if the "commmunications" service provider decides to enforce it.
My 2 pestas.
Who here is going to obey this law if it ever gets passed?
Unless yor computer is jacked directly into the backbone, you might not have a choice. Whoever supplies your connection will obey, or be forced/fined/jailed out of businesss.
Of course the entire thing is silly. Banning user NAT might be defensible if the shipped DSL or Cable modems with fully configurable firewalls. If the security situation stays the same, I would want the ISP to be liable for any real and consequential damage done by someone breaking into a connected machine.
The VPN thing is a bit more arbitrarily. It is not a common or critically necessary, but such a restriction might arbitrarily hurt small businesses.
The encrypted email is a classic example of the corporation using fear to push unrelated priorities for profit. Like when the airlines were able to force every passenger to show an ID in order to get a boarding pass. What is next? We will not be able to use code when we make a telephone call? We will only be allowed to speak english or one or other two approved languages?
Such a wide open law screams of a bought and paid for government.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Arkansas State Legislature has also passed a state-DCMA, and it awaits the Governor's signature.
What those who want activist courts fear is rule by the people.
here are the pertinant texts of the law:
(1) A person shall not knowingly obtain or attempt to obtain telecommunications service with intent to avoid, attempt to avoid, or cause another person to avoid or attempt to avoid any lawful charge for that telecommunications service by using any of the following:
(a) A telecommunications access device.
(b) An unlawful telecommunications access device.
(c) A fraudulent or deceptive scheme, pretense, method, or conspiracy, or any device or other means, including, but not limited to, any of the following:
(i) Using a false, altered, or stolen identification.
(ii) The use of a telecommunications access device to violate this section by a person other than the subscriber or lawful holder of the telecommunications access device under an exchange of anything of value to the subscriber or lawful holder to allow that unlawful use of the telecommunications access device.
(b) "Telecommunications access device" means any of the following:
(i) Any instrument, device, card, plate, code, telephone number, account number, personal identification number, electronic serial number, mobile identification number, counterfeit number, or financial transaction device as defined in section 157m that alone or with another device can acquire, transmit, intercept, provide, receive, use, or otherwise facilitate the use, acquisition, interception, provision, reception, and transmission of any telecommunications service.
(ii) Any type of instrument, device, machine, equipment, technology, or software that facilitates telecommunications or which is capable of transmitting, acquiring, intercepting, decrypting, or receiving any telephonic, electronic, data, internet access, audio, video, microwave, or radio transmissions, signals, telecommunications, or services, including the receipt, acquisition, interception, transmission, retransmission, or decryption of all telecommunications, transmissions, signals, or services provided by or through any cable television, fiber optic, telephone, satellite, microwave, data transmission, radio, internet based or wireless distribution network, system, or facility, or any part, accessory, or component, including any computer circuit, security module, smart card, software, computer chip, pager, cellular telephone, personal communications device, transponder, receiver, modem, electronic mechanism or other component, accessory, or part of any other device that is capable of facilitating the interception, transmission, retransmission, decryption, acquisition, or reception of any telecommunications, transmissions, signals, or services.
(e) "Unlawful telecommunications access device" means any of the following:
(i) A telecommunications access device that is false, fraudulent, unlawful, not issued to a legitimate telecommunications access device subscriber account, or otherwise invalid or that is expired, suspended, revoked, canceled, or otherwise terminated if notice of the expiration, suspension, revocation, cancellation, or termination has been sent to the telecommunications access device subscriber.
(ii) Any phones altered to obtain service without the express authority or actual consent of the telecommunications service provider, a clone telephone, clone microchip, tumbler telephone, tumbler microchip, or wireless scanning device capable of acquiring, intercepting, receiving, or otherwise facilitating the use, acquisition, interception, or receipt of a telecommunications service without the express authority or actual consent of the telecommunications service provider.
(iii) Any telecommunications access device that has been manufactured, assembled, altered, designed, modified, programmed, or reprogrammed, alone or in conjunction with another device, so as to be capable of facilitating the disruption, acquisition, interception, receipt, transmission, retransmission, or decryption of a telecommunications service without the actual consent or express authorization of th
I am the Alpha and the Omega-3
All that (1) means is that you can't use a telecommunication service without permission. For example, if you don't have an account with your broadband cable provider, you aren't allowed to be using the internet connection. A literal interpretation of this would mean that it would be illegal to use the service if you do not have an actual account with them even if it is connected to your home and ready to use.
What (2) means is that you can't pretend to be someone else... for example, making long distance calls from your home and somehow convincing the telecomm company that it was really your next door neighbor. Consider that if the telecomm service company can somehow locate you, then you didn't actually conceal your origins from them in the first place, did you?
(3) is completely redundant. Possession of any sort of device or equipment that is already outlawed is already illegal.
(4) As written, this is utterly absurd. Any technology, regardless of its intent, can be used for malicious purposes by nefarious folk. This could apply to devices as simple as a soldering iron (which can be used to wreak all kinds of havok, if you think about it). I believe if this is pointed out to them, then the act's wording would likely be changed to reflect the intent of the device, rather than just how it gets used. As long as the onus is on the prosecution to prove malicious intent (and they can't use the argument that "it *can* be used for bad things", as shown above), this may turn out to be not too bad.
File under 'M' for 'Manic ranting'
I live in Pennsylvania, and i had no idea that this had passed here until now, but im not surprised at all. The town I live in has NO crime at all, i leave my car unlocked with the keys in it while i'm at work and don't think twice about it, and alot of people i know NEVER lock their house! But the size of our police force has increased exponentially in the last few years. We have absolutely no need for more than 2 police officers on duty at any given time, the biggest "crime" around here is kids drinking beer. So as a result, the police have nothing to do and pull you over for 59 mph in a 55, or somethign else along those lines. I guess my question is why, when there is no crime do governments (federal/local/state) feel the need to make or enforce ridiculous laws to turn more people into criminals, instead of being happy that there is less violent crime, which is much worse than somebody stealing cable. I havent heard about many laws getting passed lately that have a positive impact on anyone except the people in power. Why doesnt the government put more resources into recycling programs, a better healthcare system, maintaining roads and highways, recognizing people who make positive contributions to their communities, making PC's and internet more accessible to everyone (rural broadband), the list goes on and on. I don't like the direction our country is headed, I dont think I have to explain further (especially on slashdot :P). I really hope that we can stop this sort of thing before it goes too far and we no longer have the power to, after all, it's OUR country. Well, thats my 2 cents, sorry for the rant, I'm waiting on a solaris install :)
What needs to be done specifically in this case is... you know as well as I do that no major IT shop in any affected state can obey all of this law and continue to operate. Gather evidence against state government agencies, Fortune 500 companies, and the cable operators themselves and when there's enough of it, file a taxpayers' suit for the purpose of making the state AGs enforce the law. Evidence will be as close as the e-mail headers from organizations in violation, at least enough for subpoena purposes.
When state-level elected officials find out that their e-mail, website, and payroll processing for their own paychecks is offline and that their CIO is behind bars, perhaps they'll decide that there are things more important than campaign contributions from Hollywood.
What will be done?
A lot of whining by the US online crowd, just like all the other times bad Internet law has come up. EFF and all the other organizations with non-profit status can in general only effectively intervene when a law is in fact unconstitutional. Unfortunately, just because a law is likely to fuck up high-tech industry doesn't make it necessarily unconstitutional.
I don't think the status of these laws or bills matters all that much anymore. If these laws are taken off the books, the replacement measures will be rewritten in such a way that they will apply only to end users, not to corporations / businesses. . . the barrier to freedom of use will effectively be the ability to afford your own T1 or something like that.
The only way to make sure that legislation like this doesn't happen is to make sure that the politicians owe us enough favors that they'll ask us before making computer/Net related legislation. The only way to do this is to outbid Hollywood for them. The high-tech community has blown its opportunities to do this, first when doing this was easy, and now when the bad guys have legal momentum on their side. There was a time when a few people willing to spend a few megabucks on getting a political operation capable of becoming a mass-action advocacy and lobbying organization could have easily managed this. Unfortunately, the time to do this was when it was still possible to start a national-level PAC and get the paperwork done required to make it legal to collect money on behalf of candidates soon enough to make it possible to affect the 2004 elections. The window for that closed months ago.
Face it, game's over, people. Effective political action on our behalf is not going to happen and we might as well face the fact and figure out how we want to deal with this at an individual level.
The cumulative impact of laws like this simply mean that technology innovation will have to happen outside the USA. If you want to be a technology innovator, figure out where you want to move to and what language you need to learn to function there.
The best time to join a refugee movement / "brain drain" is before it starts, so you can bitch with the rest of the locals in whatever foriegn country you're in about the cheap high-tech labor coming in from America because by the time people realize en masse that the recovery is happening, but not here, you're established as a local who just happened to be born in America.
Tech Public Policy stuff