RE: ISPs as content-police or method-police

[Roeland Meyer <rmeyer () mhsc com>]

> From: Stephen Sprunk [mailto:ssprunk () cisco com]
> Sent: Tuesday, November 21, 2000 11:16 AM
> To: Roeland Meyer; 'Shawn McMahon'; nanog () merit edu
> Subject: Re: ISPs as content-police or method-police
>
>
> Thus spake "Roeland Meyer" <rmeyer () mhsc com>
> > Please reference any suit regarding breach of contract. Examples
> > abound. Port filtering may be construed as a material 
> breach when the
> > expectation is, that there is to be no port filtering. Access is
> access,
> > even when the customer doesn't know that they are being 
> restricted in
> > their access. That just assures you that they will go ballistic when
> they
> > find out.
>
> If filtering is in the contract, it's hardly breach of contract to
> perform it.

That is not the case that I layed out. The expectation is met in the
contract. The contract I stipulated had no wording about filtering, only
providing unfettered access to the internet. Ergo, it would be a breach.

> > Face it guys, you KNOW that this is basically dishonest. As such, it
> is
> > indefensible. I would almost bet <amount> that none of the transit
> > providers mentions restrictions, on access, in their contracts. I
> would
> > almost bet <1/2 amount> that NONE of the access providers mention
> > same in THEIR contracts.
>
> AT&T, I believe, was the first major provider to start filtering port
> 25; here's the relevant part of their contract:
>
> http://www.att.net/general-info/terms.html
> "AT&T reserves the right to block, filter or delete Unsolicited
> E-Mails."

Again, where is this relevent to the case example?

> Ths is also promising:
> "don't send materials that contain viruses, worms, or any other
> destructive elements; ... You may not use or attempt to use 
> the Service
> to violate its security or the security of systems accessible through
> it, ... you should secure your computer equipment so that only
> authorized users can gain access to your Service account."
>
> You could claim that these sections authorize blocking of QAZ et al,
> since the activity of worms is prohibited.  Also, customers 
> are required
> to secure their computers to prevent intrusion, so leaving 
> any blatantly
> insecure protocol like SMB enabled might be breach of contract.
> Wholesale blocking of SMB might even be allowed.

Samba is NOT blatantly insecure. A smart admin CAN secure it. The new Win2K
stuff is also pretty good, since one must interact with a secured
proprietary login host, in order to gain access. That folks leave the
default "Everyone" share premissions intact, is not a fault of the protocol.

> Of course, I wouldn't want to use that logic in court, but a 
> good lawyer
> could probably pull it off.  I'd prefer to insert more 
> specific wording
> into the contract first.

Only if he isn't up against another good lawyer... put the specific words in
the contract before risking this one.

> Then again, nobody here seems to be suggesting mandatory 
> filtering.  

Actually, this is not true. More than one have advocated this, both
publically and privately. One has even announced that they've implemented
this recently, without telling their customer, and it wasn't in the
contract. The five cases he mentioned called the same day. How did they find
out? When things quit working, that's how. How many of his customers
suffered through multiple day outages, because of his action, and are still
spending resources to fix things, assuming they had open pipes like the
contract stated?

> Why
> is there such a strong objection to opt-out filters, where a 
> single call
> or email can get the filters turned off?  Is using a phone really that
> difficult?

Have you ever spent all night debugging an application, only to find out, at
0400 that their MIGHT be an upstream filter and can't raise anyone at the
upstream NOC? Even if you could, and get the filter removed. You wouldn't
have been there all night if the nimrods had put it into the contract so
that you knew about it. Have you ever had to pay the bill for three
engineers doing this when it could have been prevented? I have. Three
contractors, doing this, in over-time, at Silicon-Valley rates is well over
$20K. More than enough to make it worth my while to sue my upstream.

Discovering contract breaches the hard way is very expensive.