Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: The Internet Safety Act of 2009 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The Internet Safety Act of 2009

One of our readers, Alan, wrote in wanting to start a discussion about the proposed "Internet Safety (Stopping Adults Facilitating the Exploitation of Today's Youth) Act" currently being proposed in the Senate S. 436 and House H.R. 1076.

As incident handlers and parents, most of us understand our responsibility for dealing with any child pornography issues.  Legally and ethically we are bound to immediately turn any such information over to the authorities.  I totally support additional ways to protect innocent children from this horrendous crime.  It seems to me though, that the technical issues of the bill aren't being dealt with.  Are the politicians getting the technical advice from us they need to actually make this bill work?

Here is what Alan wanted to see discussed:

"Do they understand that RFC-1918 private IPs are not Internet routable and the only IP which is is the one assigned to the gateway router, therefore making this not a home user/business issue?  I'd like to see someone with an understanding of this distinction in IP addresses actually comment on this."

There are plenty of "politically charged" discussions going on about this bill already, so please let's keep the comments to the technical aspects of the IP addressing and data retention issues.  Hopefully we can provide some insight for our legislators with your comments.  I'll keep posting updates as we get your responses.  Post your comments here.

Mari Nichols,  iMarSolutions

Mari Nichols

76 Posts
Some other considerations are Anonymous proxies and mac address spoofing. How do such logs pertain to transient guest systems when the hardware IDs are also changed or all access once initiated is conducted through an anonymous proxy?

But Robin is correct, many such hotspots will not have the capacity nor the capability to establish such logging mechanisms nor ensure their integrity. A costly proposition which I expect will provide little real benefit if carried to the extreme of expecting small business and residential users to maintain such logs.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!