Thanks John, forwarding... ---------- Forwarded message ---------- From: John Gilmore <gnu@toad.com> Date: Wed, Nov 19, 2014 at 8:31 PM Subject: [Cryptography] Why mobile and consumer ISPs shouldn't censor encryption or the net To: Tom Ritter <tom@ritter.vg> Cc: John Levine <johnl@iecc.com>, cryptography <cryptography@metzdowd.com>, jays@panix.com
...this was port 25 on Cricket Wireless, a prepaid mobile subsidiary of AT&T, i.e., a consumer network without static IP addresses or mail servers.
http://arstechnica.com/tech-policy/2014/11/condemnation-mounts-against-isp-t...
Blocking port 25 on consumer networks to prevent outgoing spam, with real mail submitted on port 587 with authentication, has been an ISP best practice for over a decade.
I want to explore two of the assumptions in the above, that seem to be decisive for some people in the debate: "mobile" and "consumer". The theory seems to be that in a "mobile" Internet provider (that is, one run by a cellphone company), more censorship is justifiable. And that in a "consumer" Internet provider, like one that sells residential DSL or cable service, more censorship is justifiable. In this theory, an uncensored Internet should only be available to end user nodes that are servers and backbone ISPs, because they can be trusted to handle it, and they have the bandwidth to deal with the traffic. Let's talk about "consumer" first. The Internet is a peer-to-peer network. That has always been its strength, and one of the big things that distinguished it from the "master/slave" networks that preceded it like IBM's RJE, SNA, public networks like Telenet and Tymnet, and early computer communication services like MCI Mail, CompuServe and The Source. The Internet started with every peer able to talk to every other peer, with no nodes relegated to mere "clients" or "consumers". TCP is designed to make a working connection even if both nodes simultaneously and spontaneously reach out to each other, as opposed to having a "server" side lying in wait and a "client" side initiating connections. New applications and protocols such as multicast, instant messaging, VoIP, video conferencing, distributed source code control systems like git, Mobile IP, BitTorrent, Kademlia, federated social networking, and many others, including the Web which was invented dozens of years after the Internet, depend on this peer-to-peer behavior. When address exhaustion and NAT threatened peer-to-peer since the 1990s, the network evolved to continue offering peer-to-peer support, including IPv6 as the big fix, plus UPNP, NAT Traversal, dynamic DNS, supernodes, and other NAT circumvention technologies. In a peer-to-peer network it doesn't work to designate some portions of the network as "consumers" or "clients" who don't get full access, and other portions of the network as "providers" or "servers" who do get full access. Servers can be placed anywhere in the network, and frequently are placed on "consumer" networks. For example, in the homes of engineers or entrepreneurs, in consumer Network Attached Storage boxes, in ethernet video cameras, and even in flying $500 quadcopters. Consumers (e.g. people) should have all the same rights on the network as providers (e.g. websites). Consumer devices (e.g. tablets) should have all the same rights on the network as provider devices (e.g. data center servers). A device's location on the network is not and should not be relevant. Many of the most transformative innovations have come from individual consumers like Bram Cohen or Linus Torvalds who created new protocols that run at the edge of the network (BitTorrent and git). Now let's talk about "mobile". The theory is that mobile networks somehow should get more authority to censor or block traffic, because they have less total bandwidth available, or because their endnodes are "only" cellphones, or for reasons like those. Those arguments are largely specious, too. First, cellphones have evolved into full blown pocket computers, and there are more of them in the world than there are desktop computers. If the broad social move from desktops to pocket computers means that their billions of users get fewer rights and capabilities than they had in the previous generation, there's something rotten at the heart of that theory. EFF was founded more than 20 years ago to counter exactly this kind of creeping removal of well accepted civil rights via technological change. Cellphone users should have all the same rights against censorship and rights to encrypt their transmissions, as desktop computer users and as server operators. Software that runs as a mobile "app" should have the same rights on the network as software that runs as a Linux desktop "package". And by the time when our cellphones shrink to run in our wristwatch, our eyeglasses, or in our bloodstreams, our always-on network should not deprive us of rights that we had back in the day when we had to unpack our computer from a bulky suitcase. Second, it is easy for "mobile" networks to provide connectivity to full blown desktop computers or servers. USB mobile dongles are readily available and cheap. Mobile-based WiFi hotspots are readily available and cheap. The endnodes that connect to such hotspots, or use those dongles, should get no worse censorship and encryption policies than when they connect to a hardwired WiFi hotspot or to an Ethernet cable. Third, telephone companies are now actively claiming that they cannot affordably provide wired communications services, so they are asking regulators to be able to withdraw wired services and offering ONLY "mobile" networks to their customers in entire regions. This got the most press coverage after East Coast floods destroyed wired infrastructure, but it is a covert nationwide strategy and every day a telco petitions a government somewhere to eliminate the telco's core requirement to provide wired service to every customer who wants it. So not only do "mobile" users in those regions become second-class customers, but EVERY user in those regions becomes a second class customer. If every user gets a more-censored Internet in this transition, we're back to the dystopia of technological evolution and telco manipulation destroying the valuable and important civil rights that we all once had. Fourth, let's examine the "low bandwidth" theory. In many places on the earth, 3G and 4G and 5G mobile bandwidth exceeds the readily available bandwidth from wired Internet providers. DSL lines only reach tens of thousands of feet from a central office, relegating rural home users to dialup modems or satellite or other wireless feeds. Yet mobile cellular networks in rural areas often cover large geographical areas that hold few subscribers. This means that each subscriber gets a correspondingly large share of the total available bandwidth of the cell site, often making mobile cellular the highest available end user bandwith network. Fifth, even where wired networks offer higher bandwidth than mobile, the absolute bandwidth offered on mobile networks today vastly exceeds the bandwidth that was available just a short time ago. The original ARPAnet's backbones were 56 kilobit/sec leased lines, as were the original high speed ISDN Internet connections offered in the 1990s. When the NSFnet took over from the ARPAnet, it ran on big 1500 kilobit (1.5 Megabit, T1) backbones. Almost every server in the mid-1990s had no better connection to the Internet. The NSFnet was later upgraded to a T3 (45 megabits) backbone, roughly the downstream speed of today's consumer cable modem -- but that was enough for the entire North American continent. Most initial Internet users were on 14.4 kilobit dialup modems, eventually rising to 56 kilobit dialup. When the telco monopolies were forced to allow entrepreneurs to change the signalling on the last-mile wire to your telco central office, ADSL lines that ran a whole megabit or more (in one direction) became cheaply available to consumers and ordinary businesses. So getting back to the "mobile" theory, if your server is perfectly happy on a 1.5 megabit connection, why should you should get your access censored, your encryption blocked, and your application choices limited, depending whether your connection is a T1 line or a "mobile" dongle? Sixth, after natural or man-made disasters, wired connectivity is often destroyed, flakey or unavailable. Mobile networks are much quicker to repair after a flood, war, or earthquake, and may not go down at all. For the resilience of our infrastructure, which includes Internet services and not just backbone connectivity, end users should be able to switch both their "clients" and their "servers" onto whatever networks are functioning, at any time. A company that runs its own mail server should not have mail delivery fail, or refuse encryption, because it was wise enough to provision itself with backup connectivity via a mobile network. If after a tornado you put your web server on port 80 on a mobile network while running the server on battery backup, the cellphone company should not censor it. In disasters the network has to be flexible, not rigid and coercive. All these theories about why it's OK to censor Internet access, block certain services based on the whim of the ISP, and prevent end users from encrypting their traffic, come at their root from the monopoly nature of the underlying access media. In the heyday of the Internet, before these monopolies learned how to manipulate the regulators to prevent it, the monopolies were prohibited by law from telling you what phone numbers you could call, what ISP you could dial into, what protocols you could run over that modem, or who in the rest of the world you could communicate with. The telco couldn't stop you from calling the Internet -- much as they dearly would have loved to -- because they were a common carrier. And if your ISP developed crazy ideas about censorship, you could just dial into another ISP who had policies that suited you -- or start your own ISP and attract customers who like having full rights and freedoms. I did exactly that in the 1990s, when the available ISPs told me that I as a "consumer" couldn't split down and share my net connection with anybody else. The heart of today's "network neutrality" issue is that by falsely conflating the underlying broadband access media with "the Internet", and then deciding to leave both free of regulation, the regulators have abandoned that prohibition on discrimination. The FCC now allows the regulated monopolists to decide who you can talk to and what you can say to them. The fix is not to regulate the Internet. The fix is to regulate the underlying broadband access media -- the phone wiring, cable wiring, fibers to your house or neighborhood, and wireless infrastructure -- while preventing the infrastructure companies from forcing you to choose a particular "Internet" provider over that access medium. Thus over your cable modem you could buy Internet access from any of a dozen providers; over your cellular phone you could buy Internet access from the same dozen. The signals would be carried over a different medium, but neither the cable company nor the cellphone company could dictate which ISP you must use or on what terms you must access the Internet. We see this problem again and again in different corners of different issues, including this "anti-spammers versus consumer privacy" issue, but it's really the same issue. The access providers don't want to be common carriers who are obliged to carry all traffic for everyone -- because there's more money in getting a government granted monopoly and then being able to selectively sell access to that region, piecemeal, to the highest bidders. Like Comcast deciding that it won't take Netflix's traffic unless Netflix pays extra. Like T-Mobile deciding that you can't access http://mpp.org from your phone (try it) because it publishes about the politics of drugs, and "drugs are bad". And like spam-weary ISPs deciding that you can't encrypt your email transmissions because it would make their particular choice of ineffective antispam measures even more ineffective. John Gilmore _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography