Re: Routing public traffic across county boundaries in Europe
Scott Weeks wrote: --- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? scott Yes, but laws dictate that not all information can be shared without restraint. The EU, for example, has laws preventing the export of personal information to countries deemed to have weaker privacy protection laws. There's also grey areas (that may simply result from legal departments not having enough technical knowledge). For example, I've worked with companies before that have had the rights to stream certain sporting events to certain countries only. Even if you were only streaming to UK ISPs and UK IP addresses (via what ever checking mechanisms were deemed adequate), legal departments tend to have quite a lot to say on the matter if you were egressing that traffic, at say, AMS-IX. Sam
Re: Routing public traffic across county boundaries in Europe
On 7/27/07, Lionel Elie Mamane [EMAIL PROTECTED] wrote: What I would expect is that you still have to obey lawful intercept legislation, so you need to interconnect with the government black box rooms, and these are at the major IXs in the country. (And I've repeatedly heard that in the Netherlands, for some time in the past at least, the way the ISPs got rid of the lawful intercept obligation was to have the AMS-IX send a copy of *all* the traffic to the government black box. Not that they had to do that, but it was the easiest / cheapest way.) Easiest/cheapest for the Dutch ISPs. Not for the government though! AMS-IX can be 200GBits a second, so I wonder if this was an exercise in killing the snoopers with kindness. If there were any such obligation, I'd expect the real reason not to be the egress country can snoop, but it is harder for the originating country to snoop. Perhaps. The French and German govts are not keen on their officials using Blackberrys 'cos all European BlackBerry traffic goes via a building near my house (single point of failure? we don't need no stinkin' redundancy!) in London.
Re: Routing public traffic across county boundaries in Europe
On Jul 27, 2007, at 6:14 AM, Lionel Elie Mamane wrote: [...] (And I've repeatedly heard that in the Netherlands, for some time in the past at least, the way the ISPs got rid of the lawful intercept obligation was to have the AMS-IX send a copy of *all* the traffic to the government black box. Not that they had to do that, but it was the easiest / cheapest way.) [...] That is complete and utter nonsens. That never ever happend. As everybody can see in the public member list [1] on the AMS-IX website, the Dutch police (AS16147) is connected via 100Mbit/s port. They are just another member, nothing more nothing less. Encrypted and signed tapped traffic from lawful interceptions may be send from the Dutch ISPs to the police via peering. That traffic may go over AMS-IX indeed. The Dutch ISP are obligated to apply these taps on *access-lines* after some form of legal order. They have to have the the right procedures and equipment to do that (at their own costs) [2]. -- Arien -- Arien Vijn Amsterdam Internet Exchange [1] http://www.ams-ix.net/connected/?expanded=1 [2] (In Dutch) http://www.agentschap-telecom.nl/informatie/aftappen/ paginas/faq.html
Re: Routing public traffic across county boundaries in Europe
On July 27, 2007 at 06:14 [EMAIL PROTECTED] (Lionel Elie Mamane) wrote: Also, I've heard that Canada had (maybe still has) this legislation forbidding you to route intra-Canadian *telephone* traffic through another country. Something about else nobody would build a intercontinental coast-to-coast Canadian network, would just send long-distance traffic to the USA, go to other coast and send it back to Canada and being this dependent on a foreign country, that's bad. OTOH, the spirit of the Bretton Woods conferences at the end of WWII on preventing a repeat was that such critical industrial interdependencies were fundamental to dissuading nations from going to war on one another. So far the idea has worked pretty well, exceptions excepted. Obviously YMMV. -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Routing public traffic across county boundaries in Europe
--- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? scott Yes, but laws dictate that not all information can be shared without restraint. The EU, for example, has laws preventing the export of personal information to countries deemed to have weaker privacy protection laws. -- Who has to stop this information from transversing countries? ISPs? It seems really strange that folks are required to stop this when stuff like SSL and all makes it a little hard to do so... scott
Routing public traffic across county boundaries in Europe
I think this is a pretty dumb question, because I presume this is how most organisations save money and provide resilience. What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. I've done lots of searching and have our legal council investigating but I thought someone here might be able to point me in the direction of any legislation? (I'll summarise any off-list replies)... Thanks, -- Andy Loukes Senior Systems Architect The Cloud Networks http://www.thecloud.net/content.asp?section=1content=32
RE: Routing public traffic across county boundaries in Europe
Andy, I've always wondered this as well. Similar scenario, although not necessarily egress in a foreign country, but transiting through. For a brief period, we had an OC48 that carried packets on our network between Chicago and Seattle that traversed a router of ours in Vancouver, BC Canada. Any legal minds here that may know the answer? Randy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Loukes Sent: Thursday, July 26, 2007 3:53 AM To: nanog@merit.edu Subject: Routing public traffic across county boundaries in Europe I think this is a pretty dumb question, because I presume this is how most organisations save money and provide resilience. What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. I've done lots of searching and have our legal council investigating but I thought someone here might be able to point me in the direction of any legislation? (I'll summarise any off-list replies)... Thanks, -- Andy Loukes Senior Systems Architect The Cloud Networks http://www.thecloud.net/content.asp?section=1content=32
Re: Routing public traffic across county boundaries in Europe
good luck with that :) On 7/26/07, Scott Weeks [EMAIL PROTECTED] wrote: --- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? scott -- [EMAIL PROTECTED],darkuncle.net} || 0x5537F527 encrypted email to the latter address please http://darkuncle.net/pubkey.asc for public key
Re: Routing public traffic across county boundaries in Europe
--- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? scott
Re: Routing public traffic across county boundaries in Europe
In article [EMAIL PROTECTED], Scott Weeks [EMAIL PROTECTED] wrote: --- [EMAIL PROTECTED] wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. -- That's funny. I've always thought of the internet as a global, borderless entity where ideas and information are shared without restraint. Perhaps it's time to whap the gov't with a clue bat? I'm a Dutch network engineer and I have never heard of this. Mike.
Re: Routing public traffic across county boundaries in Europe
On Thu, Jul 26, 2007 at 08:52:55AM +0100, Andy Loukes wrote: What (if any) are the legal implications of taking internet destined traffic in one country and egressing it in another (with an ip block correctly marked for the correct country). Somebody mentioned to me the other day that they thought the Dutch government didn't allow an ISP to take internet traffic from a Dutch citizen and egress in another country because it makes it easy for the local country to snoop. I'm not in a position where I would know for sure, but I'd be surprised if it were the case, in a atmosphere of European common market and police cooperation and all European police-judiciary trust all other European police-judiciary even more than the ones of US states do (as in a Dutch judge can issue a arrest warrant and French / German / ... police will execute it without intervention of a French / German / ... judge, nor decision by any administration, ... Possibly, it could be construed as a violation of the concept of European common market, and thus it is forbidden to forbid. What I would expect is that you still have to obey lawful intercept legislation, so you need to interconnect with the government black box rooms, and these are at the major IXs in the country. (And I've repeatedly heard that in the Netherlands, for some time in the past at least, the way the ISPs got rid of the lawful intercept obligation was to have the AMS-IX send a copy of *all* the traffic to the government black box. Not that they had to do that, but it was the easiest / cheapest way.) If there were any such obligation, I'd expect the real reason not to be the egress country can snoop, but it is harder for the originating country to snoop. Also, I've heard that Canada had (maybe still has) this legislation forbidding you to route intra-Canadian *telephone* traffic through another country. Something about else nobody would build a intercontinental coast-to-coast Canadian network, would just send long-distance traffic to the USA, go to other coast and send it back to Canada and being this dependent on a foreign country, that's bad. -- Lionel
