Comcast and SORBS

[jc at trillian.mit.edu (John Chambers)]

Don Levey wrote:
| >> I have no illusion about "privacy" rights when I'm using
| >> someone else's private property for my transmission, even under
| >> contract. And they'd be fools to permit unmonitored communication
| >> over their network.
| >
| > I used to run major operations at two different ISPs.  If I ever said
| > anything like the above in a forum visible to customers, there would
| > have been serious consequences.
| >
| Probably; a major attack of honesty is often not good for (traditional)
| businesses.  But allow me to rephrase slightly:
| "And they'd be fools to permit unmonitored communication under all
| circumstances over their network."

Case in point: For much of the  past  three  years,  I've  done  some
consulting  work  for  a  big  comm company (which one isn't relevant
here), and I did much of the work at home.  The  team  was  scattered
around  the world, so at the start there was some discussion of which
email addresses we should use.

One of the things that I brought up, which  everyone  understood  and
agreed  with,  was  that most of us had a potential problem using out
home email.  My service at the time was through RCN, which of  course
is  a  competitor  to  my employer.  Sending job-related email via an
rcn.com server was obvously not a good idea.  Similarly for the other
team members.

In my case, I suggested that they use my mit.edu address,  since  MIT
is  not a competitor, and is probably a lot more trustworthy than any
commercial ISP.  I read my email via an ssh  link.   So  for  RCN  to
intercept  my  email would require both collecting all my packets and
cracking the ssh encryption.  This  is  a  LOT  more  difficult  than
scanning email files on their own server.

Some of the others had similar situations.  We set up an email server
at  the  consulting  firm's  office  for  the  others.  That isn't as
reliable, of course, because it goes through a local ISP. But nothing
was  stored on that ISP's servers, so to do any industrial espionage,
they'd have to go the packet-assembly route, which isn't  as  trivial
as  some  would have you believe.  (The office also had two ISPs, for
redundancy, making life even more difficult for a spy.  ;-)

As the world's communications transfer over to the Internet,  we  can
expect   that  the  "private  property"  argument  will  become  less
acceptable for comm links in general.   Yes,  the  ISP  may  own  the
physical link (or the spectrum for wireless). But that shouldn't give
them a right to interfere with my communication, or to  intercept  it
and use it for their own purposes.

This isn't a trivial concern.  We've already seen such things as: The
"child  protection"  filters  routinely block not only porn, but also
web sites of the filterers' competitors.  And last year, msn.com  was
caught  extracting things (mostly images) from their customers' email
and using them in ads.  When caught, the companies invariably make  a
big  noise  about  how they've reformed and won't do it again.  Yeah;
right.  Not until enough time has gone  by  that  they  think  you've
forgotten and they can get away with it if they're more careful.

In any case, the concern is obvious: If an ISP can intercept messages
to/from  tech workers like me, they have a very good tool to find out
what their competitors are planning. This gives them advanced warning
so  they  can  take  steps to block their competitors' intrusion into
their market.  This is a great idea if you think that  communications
should be under the control of a private monopoly.  If you want to be
able to communicate as you wish, or if you like to  have  alternative
ISPs, you might give the subject a bit more thought.

Historically, there have been good reasons for  "public"  control  of
communications.   Not that any government is perfect, of course.  But
it's a lot better than what happens when you have  "private"  control
of communication, and you are only allowed to communicate things that
are approved by the owner of the comm equipment.

BTW, there's an important reason why contract law isn't much help  in
this  topic.  Consider this message.  Chances are that I don't have a
contract with your ISP.  Your contract is irrelevant to what your ISP
does  with  this  message.   Your  ISP  can  read this message and do
anything they like with it, because they have no  contract  with  me.
They can extract all the addresses, including yours, and sell them to
spammers.  They can save this message however they like, and use  its
contents  commercially.   And neither of us can find out that they're
doing it; it's all "private".

I've  recently  received  spam  messages  that  were  invitations  to
conferences  dealing with just this topic.  The hot new idea is using
IM as a source of commercially-useful  information.   This  is  easy,
because  IM  almost  always  goes  through  a  corporate server.  The
technical challenge is that IM contains less information than email.

It's something else you might think about.