Splash!
Home
Home Glossary Syllabus Course Description Courseware FAQ
.
.
[is99 home]
[glossary]
[syllabus]
[course description]
[courseware]
[faq]

 

IS99 Class 10:

Barbed Wire on the Electronic Frontier: Private Armies & Their Private Weapons

 

I.          If you have a laptop – you should plug in so you can provide remote comments!

II.        Quick announcement – moot court ready to go!  (Required for MIT Students) Dec 1st 7 pm-9 pm or so a good time will be had by all

III.    Paul Vixie – Creator of RBL

A.      Started with bandwidth partner program – Cyber promotions – Spammer who bounced mail through relays that he set up to be unblockable

B.      He wanted to block them anyway, did it on his own systems – lots of people followed his lead.

C.     His power came because his subscriber list got large

D.     NANOG (North American Network Operators Group) – good place to talk to other people with beepers.  Meet 3 times per year . . . no official membership, just people who come.  Now pretty crowded.

1.       They think the original list is pretty cool.  An “organized boycott” emerged.

2.       People got added to the list when Paul Vixie got spammed.

3.       Nowadays – about 80 spammers added to the list per week – half that number are removed (removal doesn’t require his permission)

4.       5 volunteers and 3 full timers working – budget from grant money (companies) and founders – may create commercial software that is more powerful – Run by MAPS LLC

IV.   David Post – Temple Law Prof

A.      Wants to know what “spam” is.

1.       Response from Vixie – Not “unsolicited commercial e-mail” sometimes not commercial . . . “unsolicited automated mail” is the best definition – “Mail Abuse”

V.      Zittrain

A.      Shows e-mail where Berkman Center was labeled a spammer by ORBS

B.      Vixie – ORBS is not run by humans, but is simply an automated system that catches unsecure relays and puts them on the list without notice.

C.     RBL vs ORBS – many people subscribe to both – ORBS was enabled because people who have already subscribed to RBL and built the infrastructure to use that list could easily subscribe to a second list

VI.   Jeff – MIT’s network manager – MIT gets blocked by ORBS – and can’t stop it because of all the computers on campus

A.      They are now on their “Static Blackhole list” – which requires more begging to get off.

1.       Being MIT helps them get off fairly quickly, (which suggests there is “Justice for the Mighty”) – companies put MIT on a “White list” that allows them to deny everyone from the ORBS list except MIT

2.       Sometimes people get off of ORBS when they find MIT is on it (sometimes they might even be blocked by it themselves!)

B.      Run in with the RBL (factual dispute as to how much notice was given . . . ) – Jeff was not thrilled when it happened.  He thinks that MIT does have good anti-spam techniques, but the RBL test isn’t really good (it allows false positives because it only sends a couple of messages).

1.       Eventually got removed from the list

2.       Paul Vixie thinks they did help MIT’s system and the human element of their program did allow an intelligent exception (unlike ORBS)

VII.     How do people get on and off the RBL list

A.      Note, any RBL board member can remove someone from the list (even if another board member disagrees)

B.      Temptation to put people on list even if they don’t meet the technical definition of a spammer, BUT it doesn’t happen.

1.       EXCEPT contributory spamming (people who sell spam software, even if they have never sent a piece of spam in their life) . . . and these folks generally are pretty slippery and RBL is tracking these folks and blocking them wherever they pop up

VIII.  Zittrain asks Paul Vixie – what would you think of the project if it weren’t yours . . .

A.      Sounds pretty bad when you look at it objectively (one guy can block out a massive part of the net without any accountability)

B.      BUT . . . once people started selling accounts that wouldn’t shut down rude spammers, we needed this!

IX.   David Post’s Response to all this

A.      Addressed to the spirit of Lessig (in Lessig Land) with whom he disagrees

B.      Lessig doesn’t like RBL, Post does.

C.     Paul Vixie’s values are being built into the infrastructure of the net . . . this bothers Lessig

1.       Industry Standard article – “this isn’t the way to make network policy”

D.     Post doesn’t agree that this is “obviously” the wrong way to make network policy

1.       If it isn’t made this way, it has to be made some other way . . . ie LAW.

·     He thinks this isn’t necessarily better . . . this is a hard question

2.       Lessig is being channeled by Zittrain

·     Look, this fundamentally changes the world, and is done by a private party . . . and I have no recourse

3.       Post – This isn’t being imposed, people join the list voluntarily and this is a form of accountability and this is merely a form of “Shunning” which is different than the law’s response (a law would have to define SPAM, and ultimately the government could seize your assets or jail you.)

4.       Jeff (MIT) – you are missing something . . . ISP’s subscribe to this and IMPOSE this on their customers. 

·     For example – if you want broadband in Cambridge, you have to have Mediaone . . . and if Mediaone subscribes . . . you are out of luck

5.       Post – You have a choice of ISPs  . . . he doesn’t think that ISPs are imposing this on their customers, you CHOOSE the ISP, and thus this is less imposition than a government law would be.

6.       Zittrain (Lessig via channel) – but this assumes that customers know what is going on and can really make an informed choice (will the market really work)

7.       Post – There is also an information problem in political markets . . . and he agrees that congress is “spineless weasels”

8.       Zittrain - ICANN might be a parallel – people “subscribe” to the ICANN list . . .

9.       Post -  ICANN is not just like Paul Vixie, the government wanted to have a single source and not a market and thus should be accountable (it would be different if there were a market of Paul Vixies)

10.     Mike Roberts (President and CEO of ICANN) – NSI must provide bulk access to their files (with a fee) but people cannot use this list for Spamming . . .

·     Also, an ICANN dissident spammed aggressively and this caused the names council to consider having an authority filtering people from open lists or having a moderator for the open list

E.      Note – Paul Vixie thinks that Congress is “A bunch of spineless weasels” and won’t do it, so he has to, but he would rather that the law made network policy and stopped SPAM

X.      What makes ICANN different from RBL is that ICANN has a blessing from the government – ICANN didn’t have to be popular to get its power, RBL did.

A.      Paul Vixie – sees another key distinction – there can only really be one Mike Roberts (ICANN) . . . there can be more than one RBL

XI.   Other reasons why RBL is better than a law

A.      ISPs are better agents than congress

B.      Shunning is better than the force of government

C.     RBL is less able to be “captured”

XII.     Reasons why RBL is worse

A.      Not transparent

1.       Although perhaps it is . . . there are watchdogs that keep an eye on who is put on the list.

2.       And also perhaps Congress is pretty opaque also – backroom politics might be a problem

XIII.  Note – when RBL was created, it was not designed to scale . . . he couldn’t follow up on the # of complaints that he was sent, he needed volunteers, $, etc. . .

A.      He assumed that he would be sued quickly, and the law would step in because the courts would make a decision that congress wouldn’t

B.      That suit never materialized . . . perhaps Spammers are also “spineless weasels”

XIV.     Gary Reback loves to sue Microsoft, did so for Blue Mountain Arts

A.      Can a spammer use Blue Mountain to send multiple messages to a lot of people.

1.       Paul Vixie – B.M. makes sure that you need to register before you send the messages . . . and Blue Mountain stops spammer.  Amazon is not as good at doing so, and they were threatened with the RBL list. . .

B.      Microsoft Outlook Express filters spam is this a problem?

1.       David Post – If Microsoft embedded a RBL into their browser, then it would really bother him because of Microsoft’s position.

2.       Zittrain – so what happens when the ISP market consolidates into 1 or 2 people in a geography. . .  if they both subscribe, then suddenly RBL is much worse . . . (but Post notes that this is not the world we live in)

XV.   Lantz Rowland’s question -  

A.      Paul Vixie’s notes that Junk Fax law is based on  costs of paper and the fact that a fax ties up a phone line . . . but this could be extended to the e-mail world, and this would stop Spamming.

B.      Prof. Post disagrees, Fax is not one to many like e-mail . . . it is hard for the law to define Spam . . . this creates a big burden of free speech (more than the junk fax law) . . .

C.     Zittrain – is this burden to free speech worse than the burden from the RBL list?

1.       Post – maybe . . . it is a hard question and his goal is to make people think about it. 

D.     Ethan – How big is this problem?  How many people are on the list?

1.       3 Universities

2.       One can’t see the list without signing a NDA (non-disclosure-agreement) – he doesn’t make it known that people are on the list (so that it is not libel, which is count five of Reback’s suit of Microsoft since Microsoft makes it know that Blue Moutain is filtered)

3.       So . . . how does a watchdog know if someone is on the list?  You can find out IF a specific address is on the list and why it is on the list.  But you can’t necessarily see the list.

XVI.     Carl Hoffman –

A.      Vixie notes that the Anti Junk Fax list allows to go after the product that is advertised . . . so if you get a junk fax from China that says buy stuff from David Post, you can sue David Post. . .  but this hasn’t been tested in court . . . Prof. Post thinks there needs to be a showing that the company is behind the fax . . .

B.      Prof Post notes that the RBL is not constrained by geography like the American Government . . .

C.     Carl also notes that subscribers can opt in or opt out of junk mail filtering, which reduces the “imposition” from the ISPs

XVII.  ORBS claim to not be a “black hole” but originally claimed to be “dork slayers” 

A.      There are many ways to use a list, you can even put it into the routers, but Paul Vixie thinks this might be too far . . . ORBs says you can’t put it in your routers

XVIII.         If you look at many regions, there can sometimes only be 1 or 2 ISPs . . . does this change the imposition argument . . .

A.      Prof. Post thinks that there is a lot of choice among ISPs (including 800#) and so this isn’t the case, but if it were the case across the country, it might change his analysis

B.      Perhaps this will be a problem with Broadband, if it becomes service provider monopoly, but we’ll see.

XIX.     Jeff (MIT) – Spam suit problem, If a person is put in the “from” field of spam . . .  hundreds of thousands of people might try to sue them, happened to one poor MIT Student (the from field, not the suits)

XX.   Would digital signatures be a solution to SPAM?

A.      Digital signatures are only as good as they are managed, if a spammer needs a digital signature, they will make them up.  If the signature needs to be registered, then this creates a huge burden for the people who are getting the e-mail

B.      Zittrain – but what if you just wanted to get e-mail from people who’s identity was verified by a governmental (or perhaps commercial entity like a bank)?

1.       Paul Vixie - If we had something like this, it would reduce the need for a RBL.

2.       Post – Who would decide if someone would need to put a digital signature?

·     Model 1 – each individual can choose if they accept mail form non verified addresses

·     Model 2 – the government mandates somehow

XXI.     Is the Market for a black hole list one that would naturally consolidate?

A.      Paul Vixie – spammers will be on multiple lists, and this adds to the cost of getting off of a list.  So he is trying to help get other lists to get under the MAPS umbrella – so yes, he thinks this will consolidate and perhaps then he will get sued.

B.      Prof. Post doesn’t think the market will consolidate (it is complex and people disagree what is SPAM) . . .(Paul Vixie says this choice can be given by one large player which controls multiple lists) – Prof Post like a world with multiple lists better.  If there were only one list, he would be more concerned.

XXII.  J. Sacks

A.      He thinks that the market works (both for people to choose ISPs and for ISPs to choose lists) – and this provides the opportunity for businesses to create value.

B.      WHY IS SPAM Called Spam

1.       Paul Vixie – from the Monty Python sketch that suggests that Spam is something you can’t get away from but don’t want.  – good for Hormel?  You decide.  They are torn.

XXIII.         Question – Native Americans may not have multiple ISPs available, and thus putting them on the list may create big problem.

A.      But perhaps Satellite service will help get around this (assuming that a tree doesn’t get in the way)

B.       Prof. Post thinks this is just a transitional problem that will disappear shortly.

C.     ALSO – note you can de-couple your ISP and e-mail provider (by using Hotmail etc)

XXIV.       Question – reads a quote from the RBL list – what is a local black hole

A.      Paul Vixie – a technical routing term, setting a destination that means no-where, and routing things to this routes them to no-where.

B.      Note – the RBL cannot stop people from sending mail between parties who want to communicate, but there are other people who can do that.

XXV.          Question – What about free speech . . . are there any concerns about the chilling effect? 

A.      Paul Vixie – if you read the MAPS web site, you see that they believe that sometimes the “baby gets thrown out with the bathwater”, (or “burning the house to roast the pig”) which is concerning to Paul Vixie (sometimes mom’s can’t send e-mail to their children at college). . .  but he believes that it is a necessary evil.

B.      Prof. Post – Is this a larger burden to free speech than government regulation?  Better or worse, he doesn’t know.

XXVI.       Becca Nesson’s Question – what If you won your suit and someone else uses the resulting court decision to create a product to block other types of speech . . .  is this a problem

A.      There are other governments that use his system to block speech . . . he doesn’t feel good about it . . .

XXVII.    Mike Roberts (ICANN) this is a conflict between property and free speech, free speech usually loses, the RBL empowers the citizenry to protect their “online domicile” from “unwanted intrusion”

XXVIII. Final Question – We are webcasting this to Argentina – why are we discussing free expression and not discrimination.

A.      Prof Post – in a sense Paul is discriminating against people who do certain things – this is like a private club in a sense.

XXIX.       When we ended the Marsh v Alabama class – the final slide asked what the town in this world looked like . . . private networks linking the private nodes, one hypothesis is that certain owners of these private networks won’t allow certain traffic on their “roads” . . . this seems to have happened in a sense, so how much do you ask when you choose who builds the “roads” to your private node . . . is this to be celebrated because of the power of the market, or is exactly what we feared as the abuse that comes from bad government

A.      Zittrain isn’t sure that the market is going to work as well as Prof Post thinks, and has more faith in the Government, and they have structures that check their powers in a way that this does not.

 

We are going to end with a quick survey . . . we’ll get a feedback memo –

 

Question #1 – Law Students – How many people think that private boycott lists are sufficiently accountable – Most think they are not

 

Question #2 – How many MIT Students think that private boycott lists are sufficiently accountable – few respond . . .

 

Question – how many people are happy about the RBL, how many people hope that RBL isn’t filtering – Most people hope they aren’t getting filter

 

Zittrain thinks they are not accountable enough, but is happy that they are being filtered.

 

Feedback memo –

1) What is your biggest thought right now

2) What is your biggest question or issue right now

3) What do you want to say to someone (Zittrain or someone else)

If you are online – e-mail it to ishelp@eon.law.harvard.edu

 

 

5-7 minutes from now, there will be a cool presentation

 

 

Scribed by Matt Anestis – manestis@law.harvard.edu

 

 

 

.
.
[is99 home]
[glossary]
[syllabus]
[course description]
[courseware]
[faq]