[oclug] [canadian internet concerns] long post (you've been warned)

[Bill Strosberg]

All:

I wrote this to lawyer Michael Geist in response to an article he wrote 
in the National Post.  He is the same person quoted in the Pravda 
(whoops I mean the Toronto Star) article referred to by Mike Soulier.

Michael Geist lives here in Ottawa, and he "gets" technology quite well. 
  He teaches Internet law at OttawaU.

--
Bill

-------- Original Message --------
Subject: Recent article in National Post
Date: Tue, 08 Mar 2005 09:45:49 -0500
From: Bill Strosberg <bill at strosberg.com>
To: mgeist at uottawa.ca

Dear Michael:

Perhaps Graham Henderson was referring to the surfeit of truth, not
money your position represents.  The CRIA and the American counterpart
RIAA always sound like lumbering cartoon dinosaurs discussing warm
blooded mammals as an annoying trend that will never catch on.

Digital communication technology will continue to proliferate and
spread. In previous eras, new technology was typically developed by the
existing market players, who (in practice) controlled legislation via
political funding and therefore implemented technology on a co-operative
basis with legislative protections well in place before launch.

I live in the digital communications security world, and from an
in-the-trenches security practitioner's point of view it is impossible
to stop digital communications on today's Internet without pulling the
plug entirely.  Firewalls, port blocking, adaptive stateful inspection
of content - all are easy to bypass.  Dissecting the (KaZaa) FastTrack
protocol from Sharman Networks is an academic exercise on how to bypass
packet filtering and stateful firewalls.  There are a lot of
communications engineers out there working on new things every day.
More importantly, there will always be boneheaded users who open unknown
email attachments and visit unknown websites with horrible unsafe
browsers from market leading software companies.

The major problems with digital technology are not technical - they are
financial and control issues.  How does the existing telecommunications
industry deal with unregulated VOIP?  How does the government apply
tariffs and taxes?  How does law enforcement apply control?  How does
the existing entertainment business maintain control of revenues and
distribution?

The open source wide area development process, proven successful beyond
a doubt by Linux and the BSD projects has spawned thousands of
subsequent projects that are fundamentally uncontrollable.  Most
projects live through Sourceforge and Freshmeat - with geographically
and politically diverse development teams that can self-repair in the
event of loss of a few developers.  Current nation-state level laws are
irrelevant to widespread open source development.  Exporting quality
crypto illegal in the US?  Develop in Canada (www.OpenBSD.org,
www.freeswan.org, www.openssh.org).

The major problem as I see it is that the legislative folks in
government lack even a basic technical understanding of the issues they
are trying to regulate.  Controlling digital communications is like
herding cats - theoretically possible but practically unrealistic.  The
core technology of the Internet was designed by spectacular engineers to
be robust and self-repairing - routing around blockages and failures.
These engineers did a great job - thirty year old ideas are still
fundamentally working well today.  Once high speed / high quality
digital communications moved from the Telco level down to the user level
control became impossible. The Internet was a good thing when Telcos saw
the opportunity to sell access, now they probably regret bringing it to
the last mile, as they have shot their bread-and-butter business in the
foot by enabling their own competition.

Two years ago, everyone said the Internet QoS (quality of service) for
H.323 and VOIP would never be good enough to attract people to drop
their long distance service.  Wrong.  Early adopters are the folks with
family back in countries where telephone tariffs are so high long
distance is unaffordable - but today's adopters are getting acceptable
service that gets better daily.

Telcos must hate Cisco et al.  Ads promoting VOIP video conferencing and
ongoing VOIP development are everyday occurances.  The Fortune 500 are
adopting VOIP now - and once the money folks there realize the
unconscionable performance bonuses rewarded to those that increase
shareholder profits, the technology will be unstoppable.   Witness the
Vonage law suit win over an American carrier for blocking VOIP access.

The horse has departed, and closing the barn door now is pointless.
Adding a complex and baroque security system (new laws) now is just a
waste of money and effort.  The barn door will still be swinging in the
wind post-legislative tinkering.

Why don't these folks concentrate on the content developers?  Why don't
they make better deals with artists and telephone users?  Fundamentally
it is simple to analyze ... since you can't control the communications
anymore, you have to move the choke point elsewhere - the logical place
is with the person developing the desirable content.

If lawmakers put one tenth the effort into solving legal problems that
engineers put into solving technical problems, there would not be the
state of affairs today that exists.  If existing market players learned
to adapt and accept change, they would continue to exist - as Robert A.
Heinlein said:

"There has grown up in the minds of certain groups in this country the
notion that because a man or corporation has made a profit out of the
public for a number of years, the government and courts are charged with
the duty of guaranteeing such profit in the future, even in the face of
changing circumstances and contrary to public interest. This strange
doctrine is not supported by statute nor common law."

--
Bill Strosberg, CISSP