elmore
May 6th, 2003, 17:15
Hey all you Michigan users have you guys dropped all you firewalls, vpns, NAT, ssh access, pgp encrypted e-mail etc. etc. ?

http://yro.slashdot.org/article.pl?sid=03/03/30/0524244&mode=thread&tid=158&tid=103&tid=193

frisco
May 6th, 2003, 17:21
I favour this response to the law, it's one of a long thread/flame on misc@:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=104915521711503&w=2

Unfortunately links to the actual law are now broken.

bsdjunkie
May 6th, 2003, 17:21
heh, ill keep doing the same as always. damn MI has gotten messed up sinced i moved back from CA =P

elmore
May 6th, 2003, 17:29
Yeah the links in the /. story are also broken. Too bad I'd like to read it. GA is prosing something very similar. That's an interesting take on the law though. While I don't think they'll actively go out and house search for some dsl router running NAT I do think that they might selectively target some less responsible members of the computing community. Was that politically correct enough? Since apparently the law is written fairly vague. Again I haven't read it I'm basing an opinion off /. comments of all things. While I don;t want to get into any sort of politics on this board, I did wanna give you guys in Michigan a hard time. ;)

frisco
May 6th, 2003, 18:21
At the other end of the spectrum, NH might be a great state to live in.
http://yro.slashdot.org/article.pl?sid=03/04/29/1538211&mode=nested

soup4you2
May 6th, 2003, 18:38
they cant stop us if they cant find us

Kernel_Killer
May 6th, 2003, 18:44
On the MI issue, I think this is what I was hearing about it 2 monthes ago. What it basically said, is it dis-allows any use of any software/hardware that hides your identity. VPNs, proxies, and NATs especially were to be outlawed. Apperently they thought this would reduce high tech theft, and other forms of malatious activity to be stopped. if they did pass this, then I feel sorry for the companies that lost their basis for security.

frisco
May 6th, 2003, 20:01
Hiding identity != NAT. NAT still tells you where i'm coming from, and it is the responsibility of the person providing the NAT to know who the users are. Where i work, we use NAT to conserve some IPs. We know what those machines are, where they are, who is using them. We also have some machines in labs that Joe Random might be using - these machines have routeable IP's, are not VPN'd, not proxied, not NAT'd, but we do not necessarily know who will be using them. In this case, machines with routeable IP's may be used by some people who will not have to disclose who they are in order to use the machine. As i'm in MI, this means we may currently be in violation of the law and i will mention this to my boss tomorrow (something i forgot to do a couple months ago, oops). Some internet cafe's around town use NAT to provide their customers with net access. Some of these places do not record who is using the service, some do. Those that don't may also be in violation as they cannot associate net usage to an individual - it isn't the NAT per se, but the responsible use of the NAT that is in question.

Unless the bill has wording which explicitly states "though shalt not use NAT", then it will take a court ruling which broadly interprets the law to truly block NAT et al, as those do not themselves hide the user - it is an organization's policy which may hide the user.