Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: "Livingood, Jason" <Jason_Livingood () cable comcast com>
> Date: October 12, 2009 11:55:58 EDT
> To: Dave Farber <dave () farber net>
> Cc: Brett Glass <brett () lariat net>, Richard Bennett <richard () bennett com 
> >, George Ou <george_ou () lanarchitect net>, Christopher Yoo <csyoo () law upenn edu 
> >, Rich Woundy <Richard_Woundy () cable comcast com>, John Day <jeanjour () comcast net 
> >, "David P. Reed" <dpreed () reed com>
> Subject: Re: [ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project   
> (Lauren Weinstein)

> Dave -
>
> I wanted to clarify a few things, as this thread seems to be heading  
> off the rails just a tad.  First off, this system does not use DPI  
> devices, contrary to what some people in the thread have said. We’ve 
>  stated this in our FAQs and in the relevant Internet Draft document 
> . If people wish to debate the merits and utility of DPI systems, th 
> at’s fine with me, but just don’t bring this program into it.
>
> From the introduction of that I-D:
>         In evaluating potential solutions, most commercially available
>        systems were either proprietary and/or required inline-based  
> Deep
>        Packet Inspection (DPI) systems.  However, Comcast and many  
> other
>        ISPs may desire to use a system based on open standards, non-
>        proprietary software, and which does not require the use of  
> DPI.
>
> Second, it seems to me entirely fair for David Reed and others to  
> debate whether it is the role on an ISP to do something like this,  
> to try to stop DDoS attacks, perform anti-spam filtering on their  
> email domains, etc., provided that neither side of that debate  
> allows it to devolve into personal attack and accusation.
>
> I happen to obviously think that an ISP has a role here, and further  
> than no other parties have been successful in stopping / reducing  
> these problems.  We are presenting the facts on our efforts to  
> combat one of the greatest scourges of the Internet — universally re 
> cognized to be so — and reasonable people are responding with apprec 
> iation for what we are doing.  We are confident enough in our decisi 
> ons to move forward both with a technical trial, as well as openly p 
> ublishing ideas in Internet Drafts, seeking comment through a well-e 
> stablished open process, that facilitates constructive discussion. O 
> ther parties (than ISPs) certainly have a role, and can also be effe 
> ctive actors (such as search engines, which can ensure that a search 
>  result is not a malware site which would infect a user’s computer). 
>   This is a very large problem and no one actor will succeed alone;  
> we need many players working simultaneously to do what each of them  
> can in order to start to turn the tide here.
>
> Lastly, I’m not convinced that law enforcement is at all able to ste 
> p up to this task given the resources that would be necessary (to sa 
> y nothing of the technical training and tools, which are in short-su 
> pply), considering the earlier noted stat that on a country-by-count 
> ry basis this would mean making contact with between 5% and 15% of a 
> ll Internet users.
>
> Regards
> Jason
>
>
>
> On 10/12/09 9:31 AM, "David P. Reed" <dpreed () reed com> wrote:
>
> The point I was making is the *role of Comcast* with respect to  
> customers' computers, law enforcement, etc.
>
> To argue that Comcast should (without opt-in from customers) begin  
> tracking their traffic, making presumptive inferences from pattern  
> matching, and then *interfere* with a users' use, argued on the  
> basis of "theft" is a very interesting argument from a legal and  
> societal point.
>
> Despite Richard Bennett's attempt to twist what I said, and his  
> continued attempts to do so, my point is simple: this is NOT  
> NECESSARY for Comcast to do.  It is not mandated by Federal or State  
> law.   Users whose computers are bots can be dealt with by traceback  
> from their targets and other mechanisms that are based on *real*  
> crimes.
>
> The idea that Comcast needs to be surveilling all of its customers'  
> activities for any reason is troubling.   They offer a service, and  
> the normal definition of that service is: "provide *access* to the  
> Internet".  It has not been the definition of the Internet ever in  
> its existence that *access providers* or *transports* anywhere in  
> the network should be carrying out *active surveillance* of  
> customers. (whether DPI or traffic surveillance is the means doesn't  
> matter - surveillance is often a crime, often a tort, and is  
> *always* justified by *necessity*, not "cool new feature").
>
> Is it wrong? Perhaps after a debate we will see.  Is it Comcast's  
> proper role?  Perhaps after a debate we will see.
>
> Does it justify the Ou, Bennett, Glass slash-and-burn attacks on  
> anyone who asks the questions?  (which is all I did, by the way)
> I don't think so.
> I await Comcast's plan to describe in detail how they gather  
> evidence, what they do to verify the reliability of that evidence,  
> what they do with the data they collect about users who are not  
> bots, etc.
>
> I don't think Ou, Bennett, Glass, and now John Day attempting to  
> twist my words into what I did not say adds to the debate.  But they  
> embarrass themselves.
>
> From: "David P. Reed" <dpreed () reed com>
> Date: Mon, 12 Oct 2009 09:49:09 -0400
> To: Richard Bennett <richard () bennett com>
> Cc: John Day <jeanjour () comcast net>, Brett Glass <brett () lariat net>,  
> George Ou <george_ou () lanarchitect net>, Dave Farber  
> <dave () farber net>, Christopher Yoo <csyoo () law upenn edu>, Jason  
> Livingood <jason_livingood () cable comcast com>, Rich Woundy <Richard_Woundy () cable comcast com 
> >
> Subject: Re: [ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project    
> (Lauren Weinstein)
>
> > I think the Amish position is that ISPs have no business paying
> > attention to the crimes that may be taking place on end-user
> > computers, since they are simply the providers of a dump pipe.  
> Hence,
> > they are required by the E2E Doctrine to turn a blind eye, much as a
> > New York pedestrian is expected to keep walking if he happens upon a
> > rape while strolling through the city.
> [Amish?  Now you are tossing out ethnic/racist slurs?  We've seen this
> from you before, Richard.  Comes from your background.]
>
> We use the police powers of the state to enforce laws.  We don't ask
> companies to decide what laws to enforce. Especially, we don't ask
> communications providers to invent laws to enforce, then undertake
> surveillance on a large scale, then enforce them without so much as a
> finding of fact in a legal system.  Communications providers are
> sometimes asked to help in specific ways.  I'd like to see the Federal
> law enforcement request applicable to this case.
>
> This has wandered afield from providing a "nice thing for users" into
> accusing all users of assisting terrorists, so to speak.  I'm waiting
> for references to Nazis.
> > Reed calls this "averting the eyes."
>
> I said no such thing.  I *have* used the term "averting eyes"  
> regarding
> an entirely different *privacy* issue.  It is a core issue: it relates
> to such things as not assuming that because your scanner picks up your
> neighbor's baby monitor, you are free to use what you hear.\
>
> Livingood and Woundy should be ashamed to be supporting this kind of
> speech, especially since Comcast used both Bennett and Glass as
> "experts" in the FCC hearing last year, it is kind of clear that  
> Comcast
> stands behind them.  I don't know if Comcast has funded Ou/Bennett's
> work at ITIF, but it would seem to follow.  I'd love to hear from
> Livingood that they have severed all direct and indirect connections.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com