Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)

[David Farber <dave () farber net>]

Begin forwarded message:

From: "David P. Reed" <dpreed () reed com>
Date: October 11, 2009 8:05:10 AM EDT
To: Richard Bennett <richard () bennett com>
Cc: nnsquad () nnsquad org, Brett Glass <brett () lariat net>, George Ou <george_ou () lanarchitect net 
>, Dave Farber <dave () farber net>, Chris Yoo <csyoo () law upenn edu>,  
Jason Livingood <Jason_Livingood () cable comcast com>, Rich Woundy <Richard_Woundy () cable comcast com 
>, John Day <jeanjour () comcast net>
Subject: Re: [ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project  
(Lauren Weinstein)

I'd be interested if Yoo, Livingood, Woundy and Day are planning to  
stand behind Bennett's words and statements.  In fact, I'd be really  
interested to invite Brian Roberts into this discussion to understand  
how well Bennett represents his company's interests.

On 10/10/2009 06:08 PM, Richard Bennett wrote:
> This explains a lot: the Internet was designed to work according to  
> the general principle that every attached computer must host botnet  
> services, whether it wants to or not, and anyone who messes with  
> that principle is a threat to the revolution who must be sanctioned  
> and criticized.
I said nothing of the sort. In particular,

a) the point was about the Internet Access Provider in question  
undertaking to spy on traffic, perform arbitrary (statistically  
unverified and quasi-secret) analyses that have no evidentiary value,  
no scientific "false positive" "false negative" etc. value - the  
studies that would justify their probative value is not presented.

b)  I said nothing about the attached computers, certainly nothing  
about what they "must" do.  In fact, if anything, Comcast is imposing  
restrictions on what they "must" do or not do.  It's similar in kind  
to saying users must not run "servers".

c) I said nothing about a "threat to the revolution", "sanctions".  I  
did say that I did not think the implementation and mechanism were  
either necessary (in the sense of being the only or one of the best)  
solutions, or the proper role of Comcast.  It *is* quite interesting  
that the reference to "the revolution" etc. is an attempt to paint my  
comment as political ideology.  That was called "red-baiting" in the  
McCarthy era.  It still is used that way by some.  In any case, I'm  
sure your fans enjoy it, Richard.
> Naively, I once thought the Internet was designed to work in the  
> interests of all its users, and now I discover that some users are  
> more important than others: the Internet was designed to host botnets.
Actually, it was designed to show how to provide connectivity across  
networks and across administrative domains, providing a universal  
overlay over a wide variety of networks.  The result (which was the  
hope of the concept, not the particular implementation, though it  
worked better than expected) was that a wide variety of really cool  
uses were invented that depended on a universal, transparent,  
"neutral" network.

As a metaphor, it is kind of like "free speech" and "free assembly",  
indeed.  It isn't the same thing.

> You heard it here from the inventor of UDP, end-to-end arguments,  
> and Internet addressing.

Actually, I said it as a human being.  I didn't *invent* those things.  
In each case, a group of thoughtful engineers and thinkers produced  
the ideas, honed them, discussed them, wrote about them, and made them  
work.  They worked and work *quite well*, and I have certainly pointed  
to them repeatedly as good ideas.  Do I think they are the only ideas  
- hardly.  However, I think they set a standard for comparison of new  
ideas, just as the Bell System technology set a standard of comparison  
for communications engineering when I started on this.

Being accused of being an ideologue *by an ideologue* is a curious  
experience.
> Thanks for clearing that up, David.
Since you created what you claim I said out of the "whole cloth" - I  
doubt it was clear for anyone else. But in your own paranoid mind, I  
guess you've created some "clarity".  I wish it well.
> RB
>
> David P. Reed wrote:
> > I don't see where Comcast is being transparent about *how* they do  
> > this, or giving customers a chance to opt-in or -out.
> >
> > If I send a lot of email, why does that make me a "bot"?  Maybe I  
> > just send a lot of email.
> >
> > If the contents of my communications are being "scanned", why is  
> > that legal?  Why does Comcast care?
> >
> > I might choose (if it were explained to me what was happening and  
> > what the risks are to my privacy or being accused of a crime or  
> > hauled off as a "suspected child pornographer" because I sent  
> > pictures of my naked child) to have this service, or not.
> >
> > But to be honest, in most markets, Comcast is the only real choice,  
> > and imposing their "features" on me might not be what I want, even  
> > if they "market" it as a *good thing*.  If there were serious  
> > competition (multiple providers, and no special "franchise" deals  
> > with local governments that block new competitors, perhaps  
> > customers would have a choice. However, most do not have other  
> > choice for highspeed Internet, except Hobson's: "take that or  
> > nothing at all").
> >
> > I'm really not impressed by these moves by Comcast. Livingood  
> > already sent out an email saying that they redirect DNS service to  
> > a service that sends certain names to hosts that do not have those  
> > names registered, but which will respond with advertising-only  
> > websites.
> >
> > This is not the way the Internet is designed to work.
> >
> > Comcast supposedly cleaned up its act.  Now it's backsliding -  
> > forcing secret and invasive services on customers.   On day one,  
> > they will "love it" (especially in the Comcast-authored press  
> > release).
> >
> >     [ I am personally willing to give Comcast the benefit of the
> >    doubt for the moment on this project and see where it leads.
> >    It could potentially be useful, but it would also be easy for
> >    Comcast to overplay its hand.
> >
> >       A number of possible issues:
> >
> >       - How intrusive will monitoring be?  Will packet payloads be  
> > scanned?
> >         If so, this likely is immediately a serious privacy problem.
> >
> >       - How often will their scanning operations trigger firewall
> >      or other protective alerts that users already have
> >      installed?
> >
> >       - False positives?  Non-evil bots and other innocent
> >         applications falsely categorized as evil bots?
> >
> >       - Legit e-mail sending daemons categorized as spam senders?
> >
> >       Notifications: The implication is that they plan a browser pop
> >    up.  That may mean interfering directly with the TCP/IP
> >    stream.  True, this shouldn't happen frequently to any given
> >    user for such security notices, but once Comcast has such a
> >    capability (if that is indeed their methodology) the
> >    inclination to use it for other less critical purposes as well
> >    could be strong.
> >
> >       I think the success of this project will depend largely on how
> >    transparent Comcast is about exactly what they're doing and
> >    how they react to any problems that their system may cause.
> >    If Comcast takes a "We can't tell you exactly what we're doing
> >    because that would reveal too much to the bad guys" approach
> >    then we potentially could have a significant dilemma on our
> >    hands.
> >
> >          -- Lauren Weinstein
> >             NNSquad Moderator ]




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com