Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Verizon "Broadband Router" the perfect Trojan Horse

From: David Farber <dave () farber net>
Date: Thu, 29 Jun 2006 19:45:15 -0400
and if some company finds a good use for the capability, under a NN law, who will decide if it violates the law -- the FCC/FTC?
A wise company will not offer any capability that could be mis-used even if just someone just thinks of the possility. 

Dave

Begin forwarded message:

From: "David P. Reed" <dpreed () reed com>
Date: June 29, 2006 6:22:35 PM EDT
To: "David P. Reed" <dpreed () reed com>
Cc: David Farber <dave () farber net>, Dewayne-Net Technology List <dewayne-net () warpspeed com> 
Subject: Re: Verizon "Broadband Router" the perfect Trojan Horse
Some of the reaction to my earlier note suggests that people thought I had discovered Verizon actually doing something bad. I did not mean in any way to imply that, so I hope if you have forwarded my earlier note you will pass on this clarification.
My comment was based on studying the TR-069 standard, *in the context of the current "Net Neutrality" debate* in which both I and Verizon are involved, and noting that it is possible to exploit the features of that standard to redirect traffic and monitor traffic under the control of the access provider.
I do not mean that the router itself is a bad product, or that it has no good purpose. I also am not accusing Verizon of actually doing those things that I worry about - I have no such evidence.
But the possibility is real, and we have no assurances from Verizon or other providers that they will not exploit those possibilities. (In fact, many in the Net Neutrality debate who claim to be acting for the Bells seem to be arguing that it will be *necessary* and *appropriate* for Verizon to do so.)
I would hope that Verizon would make a clear policy statement about what it will do to make sure that such features are not used inappropriately.
It is surely a good thing for router equipment to provide facilities for remote diagnosis and maintenence. When communications equipment is concerned, such tools need to be used with care, however. The data being carried is sensitive and personal, and is NOT the property of the carrier of the data. It may not even be the case that the user has the right to disclose the data in question (as is the case in HIPAA and European data protection regimes).
Thus features that redirect, block, and otherwise interfere with communications must be used carefully, with clear authorization from all concerned parties, and (here it is my opinion only) with recognition that the the users' communications belong to the users and their counterparties, not the operator of the communications system. 





-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: