[Chapter-delegates] Proposed law to ban Skype in Russia?

Wed Aug 19 08:50:13 PDT 2009

Hello

Security measures are often implemented by several governments without
making any formal announcements or giving room for protests. There is
possibly more happening to censor content around the world than known and
debated.

I read this about what is happening in India at page
http://www.dnaindia.com/mumbai/report_government-to-sniff-your-emails_1192217-all

internet monitoring has been "more or less" accomplished with the top five
internet service providers in [India]. Every email, chat or data transfer
across India can be tracked and, if needed, read in this fashion.

and from page
http://www.dnaindia.com/lifestyle/report_on-the-web-nothing-s-a-secret_1278011

National security vs privacy: Stringent national security plans, devised by
the government of India particularly in the wake of the Mumbai 26/11
attacks, that deploy hi-tech surveillance mechanisms to sniff e-mails for
suspected terror-related communication, have infringed upon privacy even
more.

In September last year, *DNA* first reported how the Indian government has
put in place technologies that allow 'sniffing' of e-mails. The technology
known as 'Deep Packet Inspection' helps an Internet service provider (ISP)
identify various types of internet traffic like music downloads and
corporate data exchange on its network and give one kind of traffic
preference over the other depending upon the policies of the ISP and its
premium clients.

But the same technology can also be used to intercept e-mails and other
forms of online communication like internet chat and Voiceover Internet
Protocol. Senior officials in New Delhi who are acquainted with the
government's response to internet-based terrorism told *DNA* on condition of
anonymity that effective mechanisms have been put in place to sniff and
monitor the domestic internet traffic.

"We have unofficial estimates that everyday nearly 25,000 new e-mail IDs are
created by users accessing only one of the major e-mail networks. We also
suspect that terror IDs are created specifically for sending out an e-mail.
Sniffing mail servers can help track down suspected IDs instantly," said an
official familiar with the government's policy on cyber-terrorism. Sources
told *DNA* that this form of internet monitoring has been "more or less"
accomplished with the top five ISPs in the country. Every e-mail or data
transfer across India can be tracked and...read.

What is visible and what surfaces is not all that is happening.

Sivasubramanian Muthusamy

On Wed, Aug 19, 2009 at 8:44 PM, Fred Baker <fred at cisco.com> wrote:

> To my way of thinking, the Internet is the contiguous domain that uses IP.
> It includes and interconnects quite a variety of networks, including service
> provider backbones, large edge networks including corporate networks and
> residential broadband networks using technologies like DSL, Cable Modem, and
> WiFi/WiMax, and so on. There are also other IP networks that are not
> connected to the Internet or which are tunnel overlays on the Internet. A
> simple test for whether you are connected to the Internet would be whether
> you can elicit a DNS response from one of the DNS Root Servers.
>
> From the beginning, there have been what were called "Acceptable Use
> Profiles", which are contractual obligations to use the services of the
> particular providers one contracts with in a manner consistent with their
> purpose. Originally, when it was strictly a research network, this was about
> "doing research". Early residential broadband networks often precluded the
> use of VPNs or the offering of services (web servers etc) over their
> networks, and provided "business-grade" services for folks who wanted to do
> those things - I have such an arrangement for my home. If you want to learn
> about them, http://www.google.com/search?q=Acceptable+Use+Profile.
>
> For corporate networks, acceptable use is generally built into a
> corporation's code of business conduct. When at work, one is supposed to be
> working for the benefit of the company, and the company isn't supportive of
> pornography, the generation of attacks on corporate assets, other employees,
> or other people, and so on.
>
> Network administrations, including those companies that we call "ISPs" and
> their enterprise counterparts, have since the beginning provided mechanisms
> to enforce those AUPs and COBCs. The simplest and most widely used is the
> NAT firewall; if you have a lock on your front door, you understand the
> logic implicitly. Not that the firewall has great value as a security
> solution - it provides simple prophylactic protection of a company's
> bandwidth, but it doesn't protect against attacks that originate inside the
> company. But it does define a boundary, that which a network administrator
> can call "mine to manage".
>
> They also routinely block attacks and prevent unauthorized access to
> information, and have since the beginning. Good grief; where did the concept
> of an access control list (
> http://en.wikipedia.org/wiki/Access_control_list) come from?
>
> Let me share a war story. When the SOBIG.F virus hit the network in 2003, I
> woke up one morning to find 6608 emails in my mail queue, which with a
> relatively few exceptions were all virus-generated. Cisco tells me that the
> only difference between that day and every other day is that nowadays the
> percentage of junk traffic is higher. Such a thing costs the corporation
> money, if nothing else for disk space to store my email until I download it
> and for my time deleting it. If you believe that your wallet is yours and
> nobody else has any business with their hand in your pocket, you understand
> a corporation's viewpoint on their economics. Service providers have the
> same problem in a different form - my wife used to use a hotmail address and
> switched to my ISP's mail service when her in-box filled with objectionable
> mail, and hotmail lost a customer. So, yes, we authorize the services we use
> to prevent the delivery of classes of traffic that are generally harmful to
> us and our assets - we in fact require them to economically.
>
> Where this discussion gets difficult is the general class of things that
> might be called "state policy". Nobody I know of is in favor of child
> pornography; that said, the remedy to block it currently in use in the UK
> worries me immensely. There is an arbiter that identifies content that
> should be blocked/logged/whatever (on http, that is by URL), who provides
> identifying information to the ISP. There is no legal audit trail outside
> that corporation, as anyone who accesses the data is by definition violating
> the law. Hence, content that the arbiter finds objectionable is blocked, and
> there is no guarantee that it actually has anything to do with child
> pornography. Understand that I am not commenting on the UK arbiter, who as
> far as I know is completely on the up-and-up and likely maintains an
> *internal* audit trail regarding what they think they are blocking. But they
> are in a very interesting position of power, and human history tells me that
> independent auditability is a good thing. The same technology could be used
> to block anything that the arbiter doesn't like - the Federalist papers,
> Al-Q'ada, negative comments on government officials, positive comments on
> public officials that the arbiter disagrees with, statements by one
> religious group or another, and so on.
>
> And of course the "state" policy might be a corporate policy - the origin
> of the Net Neutrality debate was a boardroom discussion between Google/Yahoo
> and Verizon/Bell South that happened in the newspaper using highly slanted
> articles that served more to polarize and confuse the discussion than to
> explain it. Which brings us back to Skype...
>
> From my perspective, it is all about what a customer purchased when they
> bought their service. Several ISPs refuse to block attacks; they state that
> their contract sells bandwidth and their user is using that product within
> his or her rights. The vast majority of networks do have some form of
> AUP/COBC, which as I said enables the administration to block traffic and
> leaves the definition of that traffic in the SP's hands. If the user bought
> a contract in which they agreed to not use certain applications
> (bit-torrent, skype, etc), the SP is within its rights to block such
> traffic. If the user bought a contract that limited such blocking to
> attacks, the SP has no place blocking applications - especially if it cannot
> definitively say that any given packet is being used by a given application.
>
> On Aug 19, 2009, at 2:27 AM, Marcin Cieslak wrote:
>
>  Narelle.Clark at csiro.au wrote:
>>
>>  The principle runs to the essential features of what the Internet
>>> comprises. How it works.
>>>
>>> [Unfortunately right now I can't find that particular RFC - STD1/RFC
>>> 1600 isn't helping(!), so I would appreciate someone else pointing it
>>> out. Also, if these definitions aren't as clear as my memory recalls,
>>> then they darn well should be, and we should be doing something about
>>> that!]
>>>
>>
>> Whenever I am in doubt what the Internet is, my primary reference is
>> Fred Baker :)
>>
>> When he is not available, I usually check
>>
>> RFC 1122 (Requirements for Internet Hosts -- Communication Layers)
>> RFC 1123 (Requirements for Internet Hosts -- Application and Support)
>> RFC 1812 (Requirements for IP Version 4 Routers)
>>
>> Those documents actually refer to further standards their clarify (like
>> basic IP and TCP RFCs).
>>
>> But those protocol do not say how much a crippled Internet connectivity
>> can be still to be called "the Internet". They describe the issue from
>> the point of view of universal IP-level reachability.
>>
>
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org
> http://elists.isoc.org/mailman/listinfo/chapter-delegates
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20090819/1e055c92/attachment.htm>