US lawmakers outlaw firewalls

US lawmakers outlaw firewalls

Since March 31, most corporate networks in Michigan have been using illegal technology. No, it wasn't an early April Fools' Day joke pulled off by the Michigan Legislature.

Thanks to the movie industry's paranoia about copyright infringement - plus a clueless group of lawmakers and an inattentive IT community - amendments to a state law called Act 328 have created a mind-boggling slew of limitations on what users of technology may do with what they own.

Here's just one example: Users may not conceal the origin or destination of their communications. Consider the implications.

"If you send or receive your e-mail via an encrypted connection, you're in violation, because the 'To' and 'From' lines of the e-mails are concealed from your ISP by encryption," observed Princeton computer scientist, Ed Felten, who broke the news and is keeping close track of the situation on his Web site,

"Worse yet," he said, "Network Address Translation (NAT), a technology widely used for enterprise security, operates by translating the 'From' and 'To' fields of Internet packets, thereby concealing the source or destination of each packet and hence violating these bills. Most security 'firewalls' use NAT, so if you use a firewall, you're in violation."

And Michigan isn't alone in this insanity. Similar legislation had been enacted in Delaware, Illinois, Maryland and Virginia, according to the Washington Internet Daily newsletter. Measures were pending in several other states, including Massachusetts and Texas.

How could this happen? Credit - or blame - a relentless and reckless copyright cartel that holds copyright enforcement above all else.

During the past several years, the Motion Picture Association of America (MPAA) has been quietly lobbying in various states for these laws, now being dubbed "Super-DMCAs" - a reference to the federal Digital Millennium Copyright Act. During this time, people fighting for users' rights have focused almost entirely on the federal scene.

An MPAA vice-president told CNet's Declan McCullagh that the law was only "an extension of what we've done for years with cable television and phone services at the state level. It's nothing new. For the life of me, I don't see why anybody would object to that." Gee, maybe somebody who wants to protect the security of his own communications?

Credit the entertainment companies with cleverness, but they've gone too far, as usual. Now watch as the states themselves make this situation worse. State laws are enforced by state prosecutors, who are generally even more clueless on technology matters than federal law enforcement folks.

Nobody is suggesting that we encourage infringement. But the MPAA's "model legislation" (find it on Felten's site) essentially bans even technology that might be used for infringing purposes, as well as information about such technology.

Whoops. There goes security, and research into security, too.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Industry Events

24 May
ARN Exchange
20 May
View all events