|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Policies affecting the Internet as a whole - Hitting where it hurts
> Recently one of their customers decided the incoming directory on our FTP > server would be a good place to start a warez site. We mailed help@uu.net > and noc@uu.net. Our mail included the src IP address and the times that > the uploading of the warez occurred. They were fairly quick to respond > with UUNet's policy on these matters. Basically they will only take action > when told to do so by a law-enforcement agency. This is a bad idea. Once they were informed, by anyone including a private citizen, that they were an accomplice to theft, it became their responsibility to report it AND take reasonable steps to avoid having it happen again. The all-holy "common carrier" mantra does not excuse outright illegality after notice has been given. > Ok, fine. I understand that they have to protect their interests and that > there are legal implications to all of this. I tend to agree that this > position is the safest one to take. I don't agree, and it wasn't (isn't) safe. > This raises important issues, though. What do we expect providers to do? > Do we expect them to take action based on email received from > unknown people? It seems from some of the other posts on this topic that > we do expect that. They are expected (by law, and by me) to do the "best reasonable effort" thing I was talking about before. If someone says "you are helping person X to break the law" then UUNET -- or any of us -- has to make at least a cursory investigation, and if anything comes of it a report has to be made to the law enforcement people and "reasonable steps" have to be taken to prevent a reoccurance. I wish I could quote the title and verse of this but I had it quoted to me when I was involved in the events that were later written up in Markoff's book and I remember it pretty clearly. (The law applies to the employee in this case, not to the corporation or its officers.) > I think if you are getting attacked from a specific IP or block of IPs, > you have every right to filter those packets. I question the prudence of a > 'blacklist', though. I have not yet been threatened for hosting the http://www.vix.com/spam/ page. I fully expect to be threatened at some point, but since I'm not in the ISP business it's rather hard to argue restraint of trade. - - - - - - - - - - - - - - - - -
|