Re: [Operational] Internet Police

[Fred Baker <fred () cisco com>]

On Dec 9, 2010, at 10:19 AM, Michael Smith wrote:
> My question is what architectural recommendations will you make to your employer if/when the US Govt compels our 
> employers to accept our role as the "front lines of this "cyberwar"?
>
> I figure once someone with a relevant degree of influence in the govts realizes that the "cyberwar" is between 
> content/service controllers and eyeballs. With involuntary and voluntary botnets as the weapons of "the eyeballs", 
> relying exclusively on a line of defense near to the content (services) leaves a great expanse of "battlefield". I 
> would expect the content/service controllers to look for means to move the battleline as close to the eyeballs as 
> possible (this community) So... if/when our employers are unable to resist the US Govt's demand that we "join in the 
> national defense", wouldn't this community be the ones asked to guard the border?
>
> Assuming the govt won't send federal agents into each of our NOCs, won't our employers ask us "what can we do?"
>
> If inspecting and correlating every single packet/flow for attack signatures is not feasible (on scale), are there 
> name/address registration/resolution measures that could effectively lock-down the edge? ...will we look toward 
> China/Saudi Arabia/etc for lessons learned in there 'great firewalls' to develop a distributed version where central 
> control pushes policy out to the edge (into the private networks that currently provide the dreaded "low barrier for 
> entry")?
>
> Obviously the environment is created by layers 8/9, but I'm interested in the layer 1-7 solutions that the community 
> would consider/recommend.
>
> -Michael

In my ever-so-humble opinion, this is not primarily about copyrighted material; it is primarily about content control. 
Go to any country in the world; they have something they wish wasn't available on the net. It might be child 
pornography, pornography in general by some definition of that term or lack thereof, journalist reports regarding their 
country or certain events in their country, paparazzi photos of their leaders or their consorts, or comments or comics 
featuring important religious figures or violating local social norms (did you know that DSLRs are illegal in Kuwait 
unless one is a registered journalist?). The UN Al Qua'da Task Force would like to block all files that originate from 
Al Qua'da. During the US 2004 presidential elections, one of the candidates suggested using CleanFeed to suppress 
information about dog racing. It might be COICA, HADOPI, or some municipal court judge who has no idea what he is 
asking but makes a decree that <something> should go away. They are all, at the end of the say, talking about the same 
thing: "we don't care what other countries or other people think; in our country, <something> should not be available 
on the Internet."

Which is to say that they think that they should be in control of some bit of content. Content control, which they 
might well decry when others do it and respond very poorly when you point out their own actions. 

I would note that in many cases similar laws already exist in the various countries' legal systems. For some reason, 
rather than enforcing the existing law of the land, they feel compelled to make a new law that is specific to the 
Internet. I asked a lawyer advocating yet another such a law about this once, trying to find out why she thought that 
was necessary. Her response was that the existing law of the land had been found in court after court and jurisdiction 
over jurisdiction to be unimplementable and unenforceable; a certain famous statement about the definition of obscenity 
comes to mind, and very appropriately. "If I have the law, it gives me one more chance to argue the case in court". A 
case she freely admitted that she would very likely lose.

If your boss comes to you and asks you to be part of it, my suggestion (I am not a lawyer, and this is not legal 
advice) would be to first ask him whether he has a court order. If you are obligated to comply, you are obligated to 
comply. But in any event, I would suggest that he read 
http://www.washingtonpost.com/wp-dyn/content/article/2010/12/08/AR2010120804038.html. I suspect we will be reading 
similar articles about some 70 sites that have been taken down recently, and in some cases they may take whoever-did-it 
to court and win a judgement. The Internet routes around failure, and people who think they can control content are 
notorious for failing.

That's not a political viewpoint; some of those things that folks would like to go away probably should. From a very 
pragmatic and practical perspective, any technical mechanism that has been proposed is trivially defeated. The first 
implementers of DKIM were the spammers. What does CleanFeed do with https or encrypted BitTorrent? DNS Blocking is very 
interesting in a DNSSEC world, and is trivially overcome by purchasing a name in another TLD - or a thousand of them. 
Null routes block access to specific addresses; move the content, and the null route is a waste of bits. Look at how 
successful we have been in erasing botnets from our memory, or viruses, or spam. 

The way to address these things is not to childishly wish there was a magic silver bullet that would make the problem 
go away. If it's against the law, and in most cases the content that folks want to control is, go arrest the guy.

That's not to say that you couldn't use technologies like CleanFeed or Lawful Intercept, if you use them lawfully, to 
gather forensic evidence. But that's a far cry from pretending to make the content go away.