[Chapter-delegates] Proposed law to ban Skype in Russia?

[Fred Baker]

To my way of thinking, the Internet is the contiguous domain that uses  
IP. It includes and interconnects quite a variety of networks,  
including service provider backbones, large edge networks including  
corporate networks and residential broadband networks using  
technologies like DSL, Cable Modem, and WiFi/WiMax, and so on. There  
are also other IP networks that are not connected to the Internet or  
which are tunnel overlays on the Internet. A simple test for whether  
you are connected to the Internet would be whether you can elicit a  
DNS response from one of the DNS Root Servers.

 From the beginning, there have been what were called "Acceptable Use  
Profiles", which are contractual obligations to use the services of  
the particular providers one contracts with in a manner consistent  
with their purpose. Originally, when it was strictly a research  
network, this was about "doing research". Early residential broadband  
networks often precluded the use of VPNs or the offering of services  
(web servers etc) over their networks, and provided "business-grade"  
services for folks who wanted to do those things - I have such an  
arrangement for my home. If you want to learn about them, http://www.google.com/search?q=Acceptable+Use+Profile 
.

For corporate networks, acceptable use is generally built into a  
corporation's code of business conduct. When at work, one is supposed  
to be working for the benefit of the company, and the company isn't  
supportive of pornography, the generation of attacks on corporate  
assets, other employees, or other people, and so on.

Network administrations, including those companies that we call "ISPs"  
and their enterprise counterparts, have since the beginning provided  
mechanisms to enforce those AUPs and COBCs. The simplest and most  
widely used is the NAT firewall; if you have a lock on your front  
door, you understand the logic implicitly. Not that the firewall has  
great value as a security solution - it provides simple prophylactic  
protection of a company's bandwidth, but it doesn't protect against  
attacks that originate inside the company. But it does define a  
boundary, that which a network administrator can call "mine to manage".

They also routinely block attacks and prevent unauthorized access to  
information, and have since the beginning. Good grief; where did the  
concept of an access control list (http://en.wikipedia.org/wiki/Access_control_list 
) come from?

Let me share a war story. When the SOBIG.F virus hit the network in  
2003, I woke up one morning to find 6608 emails in my mail queue,  
which with a relatively few exceptions were all virus-generated. Cisco  
tells me that the only difference between that day and every other day  
is that nowadays the percentage of junk traffic is higher. Such a  
thing costs the corporation money, if nothing else for disk space to  
store my email until I download it and for my time deleting it. If you  
believe that your wallet is yours and nobody else has any business  
with their hand in your pocket, you understand a corporation's  
viewpoint on their economics. Service providers have the same problem  
in a different form - my wife used to use a hotmail address and  
switched to my ISP's mail service when her in-box filled with  
objectionable mail, and hotmail lost a customer. So, yes, we authorize  
the services we use to prevent the delivery of classes of traffic that  
are generally harmful to us and our assets - we in fact require them  
to economically.

Where this discussion gets difficult is the general class of things  
that might be called "state policy". Nobody I know of is in favor of  
child pornography; that said, the remedy to block it currently in use  
in the UK worries me immensely. There is an arbiter that identifies  
content that should be blocked/logged/whatever (on http, that is by  
URL), who provides identifying information to the ISP. There is no  
legal audit trail outside that corporation, as anyone who accesses the  
data is by definition violating the law. Hence, content that the  
arbiter finds objectionable is blocked, and there is no guarantee that  
it actually has anything to do with child pornography. Understand that  
I am not commenting on the UK arbiter, who as far as I know is  
completely on the up-and-up and likely maintains an *internal* audit  
trail regarding what they think they are blocking. But they are in a  
very interesting position of power, and human history tells me that  
independent auditability is a good thing. The same technology could be  
used to block anything that the arbiter doesn't like - the Federalist  
papers, Al-Q'ada, negative comments on government officials, positive  
comments on public officials that the arbiter disagrees with,  
statements by one religious group or another, and so on.

And of course the "state" policy might be a corporate policy - the  
origin of the Net Neutrality debate was a boardroom discussion between  
Google/Yahoo and Verizon/Bell South that happened in the newspaper  
using highly slanted articles that served more to polarize and confuse  
the discussion than to explain it. Which brings us back to Skype...

 From my perspective, it is all about what a customer purchased when  
they bought their service. Several ISPs refuse to block attacks; they  
state that their contract sells bandwidth and their user is using that  
product within his or her rights. The vast majority of networks do  
have some form of AUP/COBC, which as I said enables the administration  
to block traffic and leaves the definition of that traffic in the SP's  
hands. If the user bought a contract in which they agreed to not use  
certain applications (bit-torrent, skype, etc), the SP is within its  
rights to block such traffic. If the user bought a contract that  
limited such blocking to attacks, the SP has no place blocking  
applications - especially if it cannot definitively say that any given  
packet is being used by a given application.

On Aug 19, 2009, at 2:27 AM, Marcin Cieslak wrote:

> Narelle.Clark at csiro.au wrote:
>
>> The principle runs to the essential features of what the Internet
>> comprises. How it works.
>>
>> [Unfortunately right now I can't find that particular RFC - STD1/RFC
>> 1600 isn't helping(!), so I would appreciate someone else pointing it
>> out. Also, if these definitions aren't as clear as my memory recalls,
>> then they darn well should be, and we should be doing something about
>> that!]
>
> Whenever I am in doubt what the Internet is, my primary reference is
> Fred Baker :)
>
> When he is not available, I usually check
>
> RFC 1122 (Requirements for Internet Hosts -- Communication Layers)
> RFC 1123 (Requirements for Internet Hosts -- Application and Support)
> RFC 1812 (Requirements for IP Version 4 Routers)
>
> Those documents actually refer to further standards their clarify  
> (like
> basic IP and TCP RFCs).
>
> But those protocol do not say how much a crippled Internet  
> connectivity
> can be still to be called "the Internet". They describe the issue from
> the point of view of universal IP-level reachability.