Re: Comcast's "Evil Bot" Scanning Project (Lauren Weinstein)

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: "David P. Reed" <dpreed () reed com>
> Date: October 12, 2009 9:49:09 EDT
> To: Richard Bennett <richard () bennett com>
> Cc: John Day <jeanjour () comcast net>, Brett Glass <brett () lariat net>,  
> George Ou <george_ou () lanarchitect net>, Dave Farber  
> <dave () farber net>, Chris Yoo <csyoo () law upenn edu>, Jason Livingood <Jason_Livingood () cable comcast com 
> >, Rich Woundy <Richard_Woundy () cable comcast com>
> Subject: Re: [ NNSquad ] Re: Comcast's "Evil Bot" Scanning Project   
> (Lauren Weinstein)

> > I think the Amish position is that ISPs have no business paying  
> > attention to the crimes that may be taking place on end-user  
> > computers, since they are simply the providers of a dump pipe.  
> > Hence, they are required by the E2E Doctrine to turn a blind eye,  
> > much as a New York pedestrian is expected to keep walking if he  
> > happens upon a rape while strolling through the city.
> [Amish?  Now you are tossing out ethnic/racist slurs?  We've seen  
> this from you before, Richard.  Comes from your background.]
>
> We use the police powers of the state to enforce laws.  We don't ask  
> companies to decide what laws to enforce. Especially, we don't ask  
> communications providers to invent laws to enforce, then undertake  
> surveillance on a large scale, then enforce them without so much as  
> a finding of fact in a legal system.  Communications providers are  
> sometimes asked to help in specific ways.  I'd like to see the  
> Federal law enforcement request applicable to this case.
>
> This has wandered afield from providing a "nice thing for users"  
> into accusing all users of assisting terrorists, so to speak.  I'm  
> waiting for references to Nazis.
> > Reed calls this "averting the eyes."
>
> I said no such thing.  I *have* used the term "averting eyes"  
> regarding an entirely different *privacy* issue.  It is a core  
> issue: it relates to such things as not assuming that because your  
> scanner picks up your neighbor's baby monitor, you are free to use  
> what you hear.\
>
> Livingood and Woundy should be ashamed to be supporting this kind of  
> speech, especially since Comcast used both Bennett and Glass as  
> "experts" in the FCC hearing last year, it is kind of clear that  
> Comcast stands behind them.  I don't know if Comcast has funded Ou/ 
> Bennett's work at ITIF, but it would seem to follow.  I'd love to  
> hear from Livingood that they have severed all direct and indirect  
> connections.
> > RB
> >
> > John Day wrote:
> > > I find this a bit confusing.  Isn't the consumption of a resource  
> > > owned by someone without their permission theft?  How is it  
> > > anything else?
> > >
> > > Or is the distinction here that botnets are stealing, but peer-to- 
> > > peer [sic] is not, i.e  done with permission.
> > >
> > >
> > > At 20:01 -0600 2009/10/10, Brett Glass wrote:
> > > > Richard, you must understand that "network neutrality" means  
> > > > being "neutral" to botnets. They're users of the Internet just  
> > > > like everyone else, you know! If we allow ISPs to block botnets,  
> > > > we might prevent some entrepreneur from starting up a new garage- 
> > > > based business that uses this innovative technology.
> > > >
> > > > --Brett
> > > >
> > > > At 04:08 PM 10/10/2009, Richard Bennett wrote:
> > > >
> > > > > Finally, I find the kind of reaction to Comast's botnet-busting  
> > > > > service that I had expected to see when it was announced.  
> > > > > Previously I had checked the ISP-phobic DSL Reports web site for  
> > > > > reactions, expecting to see something along the lines of "let no  
> > > > > good deed go unpunished." But I was disappointed to find that  
> > > > > the reactions were overwhelmingly favorable to Comcast,  
> > > > > congratulating them for implementing this service and offering  
> > > > > ideas on how to keep the pop-up message from being spoofed.
> > > > >
> > > > > But David Reed has exceeded my expectations for immoderate  
> > > > > reaction with the message below, criticizing Comcast for  
> > > > > deploying a system that's not consistent with "the way the  
> > > > > Internet was designed to work." This explains a lot: the  
> > > > > Internet was designed to work according to the general principle  
> > > > > that every attached computer must host botnet services, whether  
> > > > > it wants to or not, and anyone who messes with that principle is  
> > > > > a threat to the revolution who must be sanctioned and  
> > > > > criticized. Naively, I once thought the Internet was designed to  
> > > > > work in the interests of all its users, and now I discover that  
> > > > > some users are more important than others: the Internet was  
> > > > > designed to host botnets. You heard it here from the inventor of  
> > > > > UDP, end-to-end arguments, and Internet addressing.
> > > > >
> > > > > Thanks for clearing that up, David.
> > > > >
> > > > > RB
> > > > >
> > > > > David P. Reed wrote:
> > > > > > I don't see where Comcast is being transparent about *how* they  
> > > > > > do this, or giving customers a chance to opt-in or -out.
> > > > > >
> > > > > > If I send a lot of email, why does that make me a "bot"?  Maybe  
> > > > > > I just send a lot of email.
> > > > > >
> > > > > > If the contents of my communications are being "scanned", why  
> > > > > > is that legal?  Why does Comcast care?
> > > > > >
> > > > > > I might choose (if it were explained to me what was happening  
> > > > > > and what the risks are to my privacy or being accused of a  
> > > > > > crime or hauled off as a "suspected child pornographer" because  
> > > > > > I sent pictures of my naked child) to have this service, or not.
> > > > > >
> > > > > > But to be honest, in most markets, Comcast is the only real  
> > > > > > choice, and imposing their "features" on me might not be what I  
> > > > > > want, even if they "market" it as a *good thing*.  If there  
> > > > > > were serious competition (multiple providers, and no special  
> > > > > > "franchise" deals with local governments that block new  
> > > > > > competitors, perhaps customers would have a choice. However,  
> > > > > > most do not have other choice for highspeed Internet, except  
> > > > > > Hobson's: "take that or nothing at all").
> > > > > >
> > > > > > I'm really not impressed by these moves by Comcast. Livingood  
> > > > > > already sent out an email saying that they redirect DNS service  
> > > > > > to a service that sends certain names to hosts that do not have  
> > > > > > those names registered, but which will respond with advertising- 
> > > > > > only websites.
> > > > > >
> > > > > > This is not the way the Internet is designed to work.
> > > > > >
> > > > > > Comcast supposedly cleaned up its act.  Now it's backsliding -  
> > > > > > forcing secret and invasive services on customers.   On day  
> > > > > > one, they will "love it" (especially in the Comcast-authored  
> > > > > > press release).
> > > > > >
> > > > > >     [ I am personally willing to give Comcast the benefit of the
> > > > > >    doubt for the moment on this project and see where it leads.
> > > > > >    It could potentially be useful, but it would also be easy for
> > > > > >    Comcast to overplay its hand.
> > > > > >
> > > > > >       A number of possible issues:
> > > > > >
> > > > > >       - How intrusive will monitoring be?  Will packet payloads  
> > > > > > be scanned?
> > > > > >         If so, this likely is immediately a serious privacy  
> > > > > > problem.
> > > > > >
> > > > > >       - How often will their scanning operations trigger firewall
> > > > > >      or other protective alerts that users already have
> > > > > >      installed?
> > > > > >
> > > > > >       - False positives?  Non-evil bots and other innocent
> > > > > >         applications falsely categorized as evil bots?
> > > > > >
> > > > > >       - Legit e-mail sending daemons categorized as spam senders?
> > > > > >
> > > > > >       Notifications: The implication is that they plan a  
> > > > > > browser pop
> > > > > >    up.  That may mean interfering directly with the TCP/IP
> > > > > >    stream.  True, this shouldn't happen frequently to any given
> > > > > >    user for such security notices, but once Comcast has such a
> > > > > >    capability (if that is indeed their methodology) the
> > > > > >    inclination to use it for other less critical purposes as well
> > > > > >    could be strong.
> > > > > >
> > > > > >       I think the success of this project will depend largely  
> > > > > > on how
> > > > > >    transparent Comcast is about exactly what they're doing and
> > > > > >    how they react to any problems that their system may cause.
> > > > > >    If Comcast takes a "We can't tell you exactly what we're doing
> > > > > >    because that would reveal too much to the bad guys" approach
> > > > > >    then we potentially could have a significant dilemma on our
> > > > > >    hands.
> > > > > >
> > > > > >          -- Lauren Weinstein
> > > > > >             NNSquad Moderator ]
> > > > >
> > > > > --
> > > > > Richard Bennett
> > > > > Research Fellow
> > > > > Information Technology and Innovation Foundation
> > > > > Washington, DC



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com