[IP] more on Verizon "Broadband Router" the perfect Trojan Horse

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on Verizon "Broadband Router" the perfect Trojan Horse
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 29 Jun 2006 19:45:15 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <44A452AB.4080002@xxxxxxxx>
Reply-to: dave@xxxxxxxxxx

and if some company finds a good use for the capability, under a NNlaw, who will decide if it violates the law -- the FCC/FTC?

A wise company will not offer any capability that could be mis-usedeven if just someone just thinks of the possility.


Dave

Begin forwarded message:

From: "David P. Reed" <dpreed@xxxxxxxx>
Date: June 29, 2006 6:22:35 PM EDT
To: "David P. Reed" <dpreed@xxxxxxxx>

Cc: David Farber <dave@xxxxxxxxxx>, Dewayne-Net Technology List<dewayne-net@xxxxxxxxxxxxx>

Subject: Re: Verizon "Broadband Router" the perfect Trojan Horse

Some of the reaction to my earlier note suggests that people thoughtI had discovered Verizon actually doing something bad. I did notmean in any way to imply that, so I hope if you have forwarded myearlier note you will pass on this clarification.

My comment was based on studying the TR-069 standard, *in the contextof the current "Net Neutrality" debate* in which both I and Verizonare involved, and noting that it is possible to exploit the featuresof that standard to redirect traffic and monitor traffic under thecontrol of the access provider.

I do not mean that the router itself is a bad product, or that it hasno good purpose. I also am not accusing Verizon of actually doingthose things that I worry about - I have no such evidence.

But the possibility is real, and we have no assurances from Verizonor other providers that they will not exploit those possibilities.(In fact, many in the Net Neutrality debate who claim to be actingfor the Bells seem to be arguing that it will be *necessary* and*appropriate* for Verizon to do so.)

I would hope that Verizon would make a clear policy statement aboutwhat it will do to make sure that such features are not usedinappropriately.

It is surely a good thing for router equipment to provide facilitiesfor remote diagnosis and maintenence. When communications equipmentis concerned, such tools need to be used with care, however. Thedata being carried is sensitive and personal, and is NOT the propertyof the carrier of the data. It may not even be the case that theuser has the right to disclose the data in question (as is the casein HIPAA and European data protection regimes).

Thus features that redirect, block, and otherwise interfere withcommunications must be used carefully, with clear authorization fromall concerned parties, and (here it is my opinion only) withrecognition that the the users' communications belong to the usersand their counterparties, not the operator of the communications system.






-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on why should we ever trust corporation -- BP Named in Inquiry on Pricing - New York Times
Next by Date: [IP] lets read the spec Verizon "Broadband Router"
Previous by thread: [IP] more on why should we ever trust corporation -- BP Named in Inquiry on Pricing - New York Times
Next by thread: [IP] more on Verizon "Broadband Router" the perfect Trojan Horse
Index(es):
- Date
- Thread