[Dshield] Use a firewall.....

R Shady RShady at stny.rr.com
Sat Mar 29 00:07:13 GMT 2003

Taken from Lockergnome (03-28-03):

*Security or Jail - Take Your Pick*


This is an interesting story that has surfaced in several places online, 
and its impact on personal freedom to surf could be at stake. Several 
states are working on similar legislation that many interpret as meaning 
that all firewalls will instantly become illegal. Common Sense seems to 
be ignored by those huffing and puffing. There is a huge industry 
surrounding network security, so if you think for one minute that simply 
owning a commercially available firewall will subject you to jail time, 
you're mistaken. Take a deep breath and think about how something like 
that could possible be enforced.

The heart of the issue comes down to this bit of text I clipped from the 
Texas version of the bill:

/"A person commits an offense if the person intentionally or knowingly 
manufactures, assembles, imports into the state, exports out of the 
state, distributes, advertises, sells, or leases, or offers for sale or 
lease: a communication device with an intent to: conceal from a 
communication service provider, or from any lawful authority, the 
existence or place of origin or destination of any communication"/

What this says to me is that those spoofing IP addresses are subject to 
prosecution, as this would be an obvious intentional attempt to conceal 
the source of communication. Simply using a firewall does not in any way 
prevent service providers from seeing which customer is responsible for 
communications. Firewalls may indeed mask the individual PC that 
generated the suspect data, but they can certainly distinguish between 
customers by way of the IP address assigned to the firewall's 
WAN/Internet interface.

Where I will have a problem is with bills that blatantly outlaw the use 
of data payload encryption. This undermines network security and 
privacy, and it would apply to corporate entities every bit as much as 
individuals, so you know that will never happen. If it were to be 
interpreted as such, companies would be forced to abandon Internet 
access entirely, to include VPNs, extranets, e-commerce, etc. That won't 
happen as long as the Internet is a viable means of communication.

Certainly, we have to keep tabs on technology-related legislation, but 
the wording of what I've read thus far is geared toward those that are 
purposely circumventing proper use of communication systems. The use of 
a firewall would not fall into this category, I assure you.
***** End of Lockergnome quote ***********

More information about the list mailing list