> > So, to pose the obvious question: Should there be [a law against
> prefix hijacking]?

While I'm certain that's largely rooted in lawmakers who are not technically 
savvy, I wonder if we-as-an-industry couldn't (or, shouldn't) be doing more to 
move internal values and policies into defensible legal standards.

> So far the track record of the US government trying to make laws
> regarding technology and the Internet has been less than stellar.
> 
> The DMCA is already bad enough, but we continue to see things like
> PROTECT IP and SOPA pop up in attempts to hand over even more control
> of the Internet to those with enough money to buy the votes; at great
> cost to service providers and universities, mind you.

The best we-as-an-industry seem to be able to contribute to the problem is 
strongly worded and expertly backed petitions to Congress.  We're in permanent 
legislative fire-fighting mode, and we seem to be losing ground at an alarming 
pace.
 
> Over the past few years it has become blatantly obvious that entire
> industries are trying to gain special control over the Internet.  The
> RIAA and the MPAA both being openly guilty:
> 
> "Candidly, those who count on quote 'Hollywood' for support need to
> understand that this industry is watching very carefully who's going
> to stand up for them when their job is at stake, don't ask me to write
> a check for you when you think your job is at risk and then don't pay
> any attention to me when my job is at stake."
> 
> Chris Dodd, CEO MPAA in response to Obama position on SOPA.
 
You and I agree that this is a disturbing concept - I doubt there are many 
dissenting opinions on this list (which is its own monoculture issue for 
another day).

> With attempts at government control of DNS already underway, I think
> handing over control of BGP would be a dream come true for these guys.
 
Indeed - and I don't think anyone is suggesting that we hand operational 
control of BGP to the courts.  I'm more curious about legally codifying RIR 
allocations (obviously, this is a complex and regional issue, but since the two 
parties in the OP were both US based companies, we can at least begin to have 
this conversation).

Again, I don't know what the right answer is.  I'm just turning this over in my 
brain, and it seems to me that the current state of affairs is too fragile.  
There is no 'drivers test' before you get your AS number.  There are few 
consequences for hijackers and the service providers who support them - 
especially if those providers are very large.  There is historical precedent 
for government regulation in non-virtual industries helping to curb the chaos.

Hypothesis: If operators could recover their damages via the legal system from 
a service provider for aiding and abetting the hijacking of their ARIN assigned 
space, it would encourage a great deal more due-diligence in the service 
provider space.  With nothing to gain, and money to lose, companies will expect 
their netops people to behave as good netizens.

Thoughts?

Nathan

Reply via email to