FC: An analysis of Michigan and Colorado "mini-DMCA" bills

From: Declan McCullagh (declanat_private)
Date: Sun Mar 30 2003 - 07:02:12 PST


Previous Politech message:
http://www.politechbot.com/p-04602.html

---

Date: Sun, 30 Mar 2003 09:32:21 -0500
From: Michael Powe <michaelat_private>
To: Declan McCullagh <declanat_private>
Subject: mini-DMCA

section 1b unambiguously makes vpns and some sorts of connection encryption
software illegal.  anonymous remailers are now illegal in michigan.
it may even affect ssl connections.

section 1c makes wardriving illegal, along with making connections to
open wireless networks.

section 1c.2 makes illegal installing vpn software &c.

note that this wording is different from that of other bills mentioned
earlier.  other bills made the distinction that the 'concealment' had
to be tied to attempts to defraud the service provider.  this bill
does not make that distinction.

mp

http://www.michiganlegislature.org/mileg.asp?page=getObject&objName=mcl-750-540c-amended

***** 750.540c.amended THIS AMENDED SECTION IS EFFECTIVE MARCH 31, 2003 *****

750.540c.amended Prohibited conduct with regard to telecommunications
access device; violation as felony; penalty; amateur radio service;
forfeiture; order; definitions.  Sec. 540c.

(1) A person shall not assemble, develop, manufacture, possess,
deliver, offer to deliver, or advertise an unlawful telecommunications
access device or assemble, develop, manufacture, possess, deliver,
offer to deliver, or advertise a telecommunications device intending
to use those devices or to allow the devices to be used to do any of
the following or knowing or having reason to know that the devices are
intended to be used to do any of the following:

(a) Obtain or attempt to obtain a telecommunications service with the
intent to avoid or aid or abet or cause another person to avoid any
lawful charge for the telecommunications service in violation of
section 219a.

(b) Conceal the existence or place of origin or destination of any
telecommunications service.

(c) To receive, disrupt, decrypt, transmit, retransmit, acquire,
intercept, or facilitate the receipt, disruption, decryption,
transmission, retransmission, acquisition, or interception of any
telecommunications service without the express authority or actual
consent of the telecommunications service provider.

(2) A person shall not modify, alter, program, or reprogram a
telecommunications access device for the purposes described in
subsection (1).

(3) A person shall not deliver, offer to deliver, or advertise plans,
written instructions, or materials for the manufacture, assembly, or
development of an unlawful telecommunications access device or for the
manufacture, assembly, or development of a telecommunications access
device that the person intends to be used or knows or has reason to
know will be used or is likely to be used to violate subsection
(1). As used in this subsection, "materials" includes any hardware,
cables, tools, data, computer software, or other information or
equipment used or intended for use in the manufacture, assembly, or
development of an unlawful telecommunications access device or a
telecommunications access device.



-- 
   Michael Powe                                 Waterbury, CT USA
-------------------------------------------------------------------
"It stands to reason that self-righteous, inflexible, single-minded,
authoritarian true believers are politically organized. Open-minded,
flexible, complex, ambiguous, anti-authoritarian people would just as
soon be left to mind their own fucking business." - R.U. Sirius

---

Date: Sat, 29 Mar 2003 11:12:42 -0700
From: Chris May <chrisat_private>
To: declanat_private
Subject: Re: FC: State "mini-DMCA" bills raise alarums

Declan, thanks for the alert.  I sent the following to my representative:

Honorable Representative Mark Larson
Colorado House of Representatives

Dear Mark,

I've recently been made aware of the following bill, and think you may want to
consider the effects of a "law of unintended consequence". I quote directly
the paragraphs I'm concerned about:

http://www.leg.state.co.us/2003a/inetcbill.nsf/fsbillcont/A2F0DA113DF2BFC087256CC2006BFB94?Open&file=1303_ren.pdf

---------------------------
SECTION 2. 18-9-309, Colorado Revised Statutes, is amended to read:
---
(2) A person commits a --- VIOLATION UNDER THIS SECTION if he or she
knowingly:

(a) --- POSSESSES, USES,  MANUFACTURES, DEVELOPS, ASSEMBLES, DISTRIBUTES,
TRANSFERS,  IMPORTS INTO THIS STATE, LICENSES, LEASES, SELLS, OFFERS TO SELL,
PROMOTES, OR ADVERTISES FOR SALE, USE, OR DISTRIBUTION ANY
COMMUNICATION DEVICE:
---
(IV) TO CONCEAL OR TO ASSIST ANOTHER TO CONCEAL FROM ANY COMMUNICATION SERVICE
PROVIDER, OR FROM ANY LAWFUL AUTHORITY, THE EXISTENCE OR PLACE OF ORIGIN OR
DESTINATION OF ANY COMMUNICATION THAT UTILIZES A COMMUNICATION DEVICE;
-----------------------------

Now for my comments:

This bill bans the possession, sale, or use of (or assisting others to use)
technologies that "conceal from a communication service provider ... the
existence or place of
origin or destination of any communication".  An ISP is a communication
service provider, so anything that concealed the origin or destination of any
communication
from an ISP would be illegal -- with no exceptions.  Magnificent simplicity,
but let's put it in perspective.

If you send or receive your email via an encrypted connection, it's a
violation, because the "To" and "From" lines of the emails are concealed from
the ISP by
encryption.  (The encryption conceals the destinations of outgoing messages,
and the sources of incoming messages.)  I should point out that in cable
modem,
satellite and wireless systems, all communications are fully encrypted while
travelling on that medium, and for good reason: it protects from tampering or
observing.
On the net, the same happens when you engage in a financial transaction, such
as with Amazon or your bank.

Worse yet, Network Address Translation (NAT), a technology widely used for
enterprise security, operates by translating the "from" and "to" fields of
Internet
packets, thereby concealing the source or destination of each packet, and
hence violating these bills. Most firewalls use NAT, so if you use a firewall,
you're clearly
in violation.  Another method is Proxy, and it has the same effect: all
packets from users behind the Proxy Server have the address of the Proxy
Server while
transiting the net.  This bill would make networks more vulnerable by removing
these very important and universally used security tools.

Companies such as banks and larger corporations also use VPN, Virtual Private
Networking, to connect remote offices to the company network, using a "tunnel"

through the net in which all traffic is completely hidden by encryption.
Again, this is a clear violation under this bill, yet their intent is simple:
to preserve the integrity
and security of their own data while it is passing through a public medium.

If you have a home DSL router, or if you use the "Internet Connection Sharing"
feature of your favorite operating system product, you're in violation because
these
connection sharing technologies use NAT.   Most operating system products
(including every version of Windows introduced in the last five years, and
virtually all
versions of Unix) would also apparently be banned, because they support
connection sharing via NAT. Many home users use this technique to allow the
family to
share a single connection, be it high speed or standard.  The purpose is to
lower their connection costs, and we are fully supportive of this.

How prevalent are these techniques?  Let me speak from experience.  As you may
remember, we were the first to offer cable modem service in the state, some
four
years ago.  That by itself would make us the most egregious violator, so I
guess I'm offering myself up for the first prosecution.  ;-^)

It's my experience that 50% of my customers use the sharing feature at home,
since it allows each child to have his own computer and use it
simultaneously.  100%
of businesses, government offices, schools and nonprofits use either NAT or
share.

On our cable modem network, all transmissions are thoroughly encrypted.  We
are thus guilty for 100% of our users, since that is how our architecture
works.

Additionally, our customers fall into two classes: Firewalled or Dedicated
IP.  Most prefer the security offered by our firewall, so we are guilty again
for each of
them.  Those who have Dedicated IP all have firewalls to protect from
malicious users, but since they operate them themselves, you will have to slam
them for that.
Of course, I am guilty of sending them to companies that provide firewalls,
such as ZoneAlarm ( http://www.zonelabs.com/ ) and Tiny (
http://www.tinysoftware.com/home/tiny2?la=EN ) You may see a scope of the
offerings at http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
I
guess I just racked up another count for "(II) KNOWINGLY ASSISTING OTHERS IN
SUCH ACTIVITY.", namely, by giving you this dangerous information.

Less than 10% of our users use VPN, but they account for a significant portion
of our traffic.  Since the responsible parties are corporate executives around
the state
and nation, I hope you will attach a rider to this bill funding resort prisons
with decent golf and other facilities.

For myself, all I ask in my prison cell is good TV, preferably from a locally
owned cable TV system, and a high speed data connection on a secure network.
Oops,
I guess that will be impossible!

If I can help in any way, please feel free to contact me.

Chris May
Rural Route Video & Westernet
POB 640
Ignacio CO 81137-0640 




-------------------------------------------------------------------------
POLITECH evening reception in New York City at 7 pm, April 1, 2003 at CFP:
http://www.politechbot.com/events/cfp2003/
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------



This archive was generated by hypermail 2b30 : Sun Mar 30 2003 - 07:35:52 PST