November 23, 2024

More on Berman-Coble's Peer-to-Peer Definition

In a previous posting, I remarked on the overbreadth of the Berman-Coble bill’s definition of “peer to peer file trading network”. The definition has another interesting quirk, which looks to me like an error by the bill’s drafters.

Here is the definition:

‘peer to peer file trading network’ means two or more computers which are connected by computer software that–
(A) [is designed to support file sharing]; and
(B) does not permanently route all file or data inquiries or searches through a designated, central computer located in the United States;

Last time I dissected (A). Now let’s look at (B). I read (B) as requiring that all inquiries or searches be routed through a single computer in the U.S.

Some people speculate that this exception is supposed to protect AOL Instant Messenger and similar systems. Others surmise that it is meant to exclude “big central server” systems like Napster, on the theory that the central server can be sued out of existence so no hacking attacks on it are necessary.

In either case, the exception fails to achieve its aim. In fact, it’s hard to see how any popular file sharing system could possibly be covered by (B).

The reason is simple. Big sites don’t use a single server computer. They tend to use a cluster of computers, routing each incoming request to one or another of the computers. This is done because the load on a big site is simply too large for any single computer to handle, and because it allows the server to keep going despite the crash of any individual computer.

A really big site might use a hundred or more computers, and they might not all be in the same physical location. (Spreading them out increases fault tolerance and allows requests to be routed to a nearby server for faster service.)

Sites that implement advanced functions need even more computers. For example, Google uses more than 10,000 computers to provide their service.

Some small file sharing systems might be able to function with a single computer, but as soon as such a system became popular, it would have to switch to multiple computers and so the exception would no longer protect it.

It seems unlikely that the exception was intended to cover only small, unpopular systems. More likely, the authors of the bill, and the people who vetted it for them, simply missed this point.

China Now Re-Routing Google Requests

Reuters reports that, since the weekend, some requests for Google from inside China are being rerouted to other, government-approved search engines. (Link at wirednews.com)

UPDATE (3pm EDT, Sept. 10): Ben Edelman now has screenshots of redirected browsers. (Link thanks to greplaw.)

John Gilmore on Spam and Censorship

Politech has an interesting message from John Gilmore about the effect of anti-spam measures.

Wireless LANs, Security, and Intrusions

News.com has an article about drive-by spam. The idea is that a spammer will find a building with a wireless LAN. The spammer will then connect to that LAN, without permission, from outside the building, and use the building’s email server to send a big load of spam email.

This is abusive behavior. The spammer is exploiting the wireless network owner, who ends up paying for the email, and who might get blamed for spamming. (The network owner can prevent this by tightening up the security of their email system, but this is not cost-free, and it doesn’t excuse the drive-by spammer’s actions.)

The problem here is that wireless nets do not respect property lines, walls, or other physical boundaries. If you’re running a wireless network, it is almost certainly open to people outside your site. This is a security risk for you – drive-by spamming is only one of the ways an outsider could exploit the availability of your network. (And even if you turn on the “secure mode” of your wireless network, you’re probably not safe against a sophisitcated adversary.)

It seems reasonable to adopt the ethical principle that you should not use somebody else’s wireless net without permission. (And if you do use it, you should use it only to access the greater Internet, and not to use their internal servers.)

Now suppose you’re in a public place. You pop your wireless card into your laptop, and it finds a connection. What should you do? How do you know whether you have permission?

The answer is that you don’t know. Maybe the wireless net is open because of an oversight, or because its owner wasn’t able to close it. But maybe it’s open on purpose. Some sites use their wireless nets to provide complimentary service to their customers or to the public. Sharing your network feed is a neighborly thing to do, so an open wireless net might be an invitation rather than a mistake.

How can you tell the difference? Unfortunately, the technology doesn’t help. You just shove your network card into your laptop, and it either does or doesn’t find a connection. There’s nothing in the technology that helps you figure out whether the network’s owner objects to your using it. There might not even be an easy way to find out who the network owner is.

What we need is some kind of social norm to help us out. If “everybody knows” that a network configured one way is meant to be open to the public, and one configured otherwise is not, then the boundaries will be clear. Until then, we’ll just have to do our best to behave reasonably and treat others’ wireless nets with the same respect we should normally afford to others’ property.

Situations like this often invite legislation and legal line-drawing. That seems like a mistake here, as any new law would likely be farther from the “right” answer than the eventual social norm will be. So far I haven’t seen any proposed legislation regulating use of others’ wireless nets, but I wouldn’t be surprised to see some.

China Blocks Altavista

The Great Firewall of China is now blocking Altavista too.