Do We Really Want An Internet Run By Lynch Mobs?
from the i'm-just-asking dept
Sprint and Cogent were recently kind enough to remind us that the Internet is held together by rather tenuous peering deals to share traffic across providers. As such, some arcane disputes can aggravate to levels that disrupt normal consumers ability to use the Internet. If you weren’t convinced that the good will of sysadmins keeps the series of tubes clear, two recent examples will show just how informal they can all be, and it raises some questions about the ability of “mob rule” to force certain decisions.
In the past couple of months, two hosting companies who were known to be havens for spammers and cyber-criminals, have been brought offline through extralegal means. Following some pretty damning reports of the illegal uses of McColo and Intercage, the upstream ISPs servicing the hosting companies decided to pull the plug and disconnect them from the internet. Basically, a couple of ISP admins decided that they didn’t want to be responsible for providing service to those companies so they cut them off. At first blush, these seem like effective actions taken against criminals — some reports showed spam amounts dropping 66% following McColo’s deathblow. However, is this really the precedent we want? Lynch mob justice, even when well meaning, can inflict collateral damage and occasionally pick the wrong targets leading to significant damage with little recourse.
Some have equated these types of actions with a Neighborhood Watch program — good intentioned folks driving off negative influences. But the key difference is the lack of legal authority and due process. Neighborhood watches call the police when illegal activity is detected. While it is true that McColo and Intercage were neutered much more quickly through extralegal means than if police had tried to understand the system and work through the courts, there are still very good reasons why we should support traditional legal prosecution.
An internet where ISPs can cut off service without explanation may be a very unstable platform, indeed. The checks and balances (eroded as they may be) of the legal system do a pretty good job at finding the best course of action, and we shouldn’t rush to a future of lynch mobs. Lynch mobs (digital or not) have the unfortunate habit of negative side effects like choosing the wrong target or cutting off innocent users in the process. At least one ISP who cut off the criminal hosts claimed that they did so because the Terms of Service were being violated, but if they want to limit online crime, it would be best to utilize their leverage by working with law enforcement. After all, a phisher disconnected from the Internet can just move to another hosting provider where they will be less likely to be reached by America’s comparatively stronger cybercrime laws.
Filed Under: lynch mobs, spam, takedowns, vigilante justice
Comments on “Do We Really Want An Internet Run By Lynch Mobs?”
Do We Really Want An Internet Run By Lynch Mobs?
If you equate the disconnection of McColo to a “lynch mob”, then you are ignorant of the facts & issues at hand here.
Hurricane Electric and Global Crossing (and any other ISP for that matter) is perfectly within their contractual (and legal) rights to disconnect any customer for violating their contractual terms of service (ToS).
Given that law enforcement had every opportunity to interceded in this issue, I would posit that this is exactly the kind of community policing that we want, instead of the problem spiraling out of control and some knee-jerk suggestions of additional (and utterly useless) toothless legislation that hurts no one but legitimate Internet users.
Again, to suggest that this was somehow a “lynch mob” indicates a lack of understanding in the facts of this particular issue, and the overall issues of dealing with organized cyber crime overall.
– ferg
Re: Do We Really Want An Internet Run By Lynch Mobs?
Ferg,
Sorry if I wasn’t clear, but I’m fully aware that the spammers/botnet operators are violating the ToS. The problem comes from 1) the framing of the issue and 2) the proximate cause of the disconnection.
1) Whether by their design or not, the ISPs actions were shown as good neighbors helping rid the ‘net of bad guys. In fact, one expert involved writes at length about how he views this as a question of good vs. evil (http://www.circleid.com/posts/time_for_self_reflection/).
2) Further, the ISPs didn’t act of their own accord. It took outside investigation and pressure (luckily from a responsible WaPo reporter) to get them to disconnect their services. That isn’t responsible contractual obligation, that is either saving face or lynch mob behavior where an instigator motivates others in a rush of good-intentioned action.
Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
Kevin,
If you do your background research on the issue, I was one of the contributors to the HostExploit.com report that worked in concert with Brian Krebs to expose the situation at McColo.
If anyone is an “expert” on the situation, I think I qualify.
Cheers,
– ferg
Re: Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
I don’t doubt your expertise, but I do worry that a precedent like this will set the path for people less careful in their decision making and lead to the potential problems outlined above.
Best,
Kevin
Re: Re: Re:2 Do We Really Want An Internet Run By Lynch Mobs?
You’re talking about net access, not constitutional rights. Come on.
Re: Re: Re:2 Do We Really Want An Internet Run By Lynch Mobs?
Possibly, but on the other hand in the real world a day or two doesn’t make much difference in the hunt for a murder, and 15 minutes don’t make overly much difference in stopping a robbery in progress (Depending on how fast the burglers operate)
On the internet 5 seconds is the equivelent of weeks worth of cold trail when it comes to stopping a crime in progress or finding a suspect. Because of this Goverments are simply too slow right now to regulate the internet, especially when trying to do so across country lines.
Internet Service Providers, on the other hand, have to communicate across country lines to function, and so if they put together their own, quick response ‘micro-government’ it could help them stop crimes in progress, and prevent Command and Control Center movements or Data transitions by the people trying to avoid being caught.
Re: Re: Re:2 Do We Really Want An Internet Run By Lynch Mobs?
Yes, I do agree with you there — as we were very careful to single out a known (for several years) entity, controlled by Russian cyber criminals.
The lesson here is that when all else fails, the community can police itself.
Having said that, this was an exception, not the rule.
Cheers,
– ferg
Re: Do We Really Want An Internet Run By Lynch Mobs?
For a ISP’s or Webhosting services to use their TOS in the manner explained here is blatant lynch mob mentality.
If you read the average TOS it leaves the ISP with the ability to discontinue service for virtually any reason they see fit.
For example if I set up a Blog that is controversial; say a pro marijuana site, my webhost could pull the plug without notice. This obviously undercuts my rights to free speech.
The courts should certainly be the place we decide the legalities of media and access.
To say that ISP’s are within their rights to decide what is or is not appropriate use is bologna.
Though sadly it is the standard now.
Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
Yes but if they took your controversial blog offline then people on the same side of the controversy as you would call fowl. But if they take criminals offline people are not going to call fowl.
Ummm
Well, far be it for me to sound misinformed but currently there is no real legal system for the internet and what I see this as is an early development of a legal system. Sure, they COULD have given them warning, and they COULD have gone through legal channels and had nothing happen and those people would STILL be online. But instead they said ‘Hmmm, something looks wrong’.
It is legal to stop someone from pickpocketing so long as you don’t use excessive force if you’re a civilian. Though they won’t likely get convicted. Since loosing internet acess is fairly trivial… It’s not excessive force.
Re: Ummm
Actually, as we found out nearly a decade ago, normal legal structures apply to cyberspace just dandy. Check out LICRA v. Yahoo! for the real world application of Jack Goldsmith’s intellectual foundation in “Against Cyberanarchy”.
As for the legal process possibly allowing the bad guys to get away with it and still be online, while that is a possibility, in the extralegal manner it is a guarantee. The bad guys just moved to Russia, etc. where it is harder to convict them. They are back online.
I’m not arguing that what happened was illegal (it wasn’t, as Fergie points out above). I’m arguing that it may not be smart.
Re: Re: Ummm
…and there is a methodology that supports why this is so.
It’s called “management” of the problem.
Also, folks in the intelligence community have other similar methodologies which I will not go into at this time…
– ferg
Re: Re: Re: Ummm
I’m not quite sure I understand that comment: Are you saying driving criminals away from the American legal system is managing the problem? It would seem to exacerbate it…
(And, seriously, I’m not trying to be as adversarial as I may come across – just looking to avoid writing the paper I should be.)
Re: Re: Re:2 Ummm
I’m saying that the internet needs it’s own legal system, and this seems to be a start on that. Because if the american legal system shuts them down, they also go to russia. But this ways the ISPs can negotiate with the russian ISPs
Re: Re: Re:2 Ummm
Or to further clarify myself. The American Legal System is not really capable of managing the internet. And so it doesn’t really matter, because the criminals will get driven away from american lines no matter what. But the ISPs do have some power, and if the ISPs choose to enforce their own laws and their own end-user agreements that is a good thing because it means that there will actually be a legal system (That of the ISPs) instead of anarchy (country based law really does not work over the internet)
Re: Re: Re:2 Driving criminals away
Yes, driving criminals away from the US IP range helps to solve the problem.
If all spammers and scammers operate just in one country (e.g. Nigeria), it would make my life much easier.
I would simply block that country IP range from accessing my web site.
But when spammers/scammers operate from the US IP addresses — it makes much harder to deal with them.
Re: Re: Ummm
But as you said, internet law is still oddly tied to country boundries. On the other hand buisness relationships often cross those boundries. It’s hard to tell who someone is from there IP, so I think I’d rather have the ISPs form an ‘internet republic’ with themselves as the voting members to build some internet law. And I think letting them inforce that law is just fine. What we’re watching is the first steps in formation of law, as opposed to the fractured anarchy before. I mean, these ISPs worked TOGETHER to do this.
WAIT!!!
You guys are always going on and on about how the GOVERNMENT doesn’t need to interfere with how the INTERNET works…blah..blah…free market…Streisand Effect….blah; that it can make its own laws and rectify its own problems BUT now when the “free market” decides to get rid of a problem that was plaguing the market(the law, the providers….), NOW you are crying fowl!?!?!?!?!
Do you want the government to step in or not? You can’t have it both ways.
Re: WAIT!!!
Mike Masnick =! Kevin Donavin. Their veiws are not shared. This is a different author then mike, Ehrichweiss
I’ve sent many an abuse report to ISPs when the company I worked for was under attack. Responsible ISPs will investigate the report, determine if something is wrong, and take appropriate action.
I don’t know an ISP that is going to have the resources to find most of the ToS-breakers on their own. That’s why abuse@ is highly recommended by the security community. They are the ones that will be the targets and will need a way to contact the ISP.
I have successfully had numerous spammers and other criminals disconnected from their grateful ISPs because I reported it with sufficient evidence that the ISP agreed and drop-kicked the criminals off their service. Am I part of these mobs now because I don’t like being attacked by criminals? Are the ISPs that did the take-downs mobs because they followed due process, found my report sufficient as proof of the ToS breaking, and took action as outlined in their ToS/AUP? I’d certainly hope not, otherwise we end-users would suffer.
ben there done that
I used to admin web/mail/dns services for an ISP. When some one was violating TOS or we received complaints from peering partners, whether a colo or website we shut them down and not just cut off. They were warned, mentored ( yea this setting makes your server an open relay) then last thing was to shut them down the process normally took about 3 to 5 days start to disconnnect. Most admins don’t want to chase away customers but they balance that with the need to have loyal customers. I’m positive that there are a few bad providers/whatever. but I’m more sure that this wasnt lynch mob mentality but more a quorum of admins and was defined and had a lot of thought behind it before it actually happened.
Since the beginning the web has been a place of give and take and mostly the geeks want to keep it up and free flowing, I feel the actions taken were appropriate considering the offense
Re: ben there done that
“Since the beginning the web has been a place of give and take and mostly the geeks want to keep it up and free flowing…”
That’s a really fair point worth keeping in mind. I just wonder that as the proportion of geeks online slips, does there need to be a broader dialogue with other parts of society (law enforcement) so that we can stop these bad actors more conclusively and without the (somewhat hypothetical) worries about negative side effects?
Anyway
One way or another, I can’t see how this can be called something as sensational as lynch mobs. Want to see lynch mobs? Look at Lori Drew.
Kevin,this is really badly flawed logic.
On one hand elsewhere the cyber security community are criticized for not doing enough. If we analyze and report badness, we are accused of being as a lynch mob.
ISPs base their relationships on reputation. As in the cases of both Atrivo/Intercage and McColo, it was simple and clear they made no attempt to resolve abuse problems.
Law enforcement / government’s view was best shown by an FBI spokesman responding to the McColo report. He acknowledged the difficulties in combating cybercrime. “We are not the first line of defense against this we can’t be in the business of prevention. We have to be in the business of prosecution.”
So who actually should do something about the prevention of cyber crime. Surely the community via the ISP’s have a role to play, or do we all just cross over the street when we see average users being victimized by the criminals?
Re: Re:
Hi Jart,
We all have a role to play. But those with more capability (sysadmins, ISPs and law enforcement), need to be wary of the power. Government power is checked/balanced for that reason. The point of this post was to make sure we are considering the implications of potentially unchecked/unbalanced power. (Whether used as a first or last approach due to the government’s nonsensical and inconsistent approach to prevention/prosecution).
Kevin
Re: Re: Re:
It’s just losing internet access. Really. It’s not murder, it’s not a large financial burden…. It’s a pretty minor use of power.
Re: Re: Re: Re:
That’s just a straw man.
Obviously we want more serious certainty for more serious punishments, but even something as “minor” as this should be done carefully (not that these examples weren’t). Remember, this is about precedents.
On the other hand, if this is so minor, why bother? These actions were taken because they were viewed as being effective/powerful. (Though that, too, can be debated).
Re: Re: Re:2 Re:
Actualy, I’d say that slap on the wrist cases rarely have any certainty at all. A kid is caught cheating in school, or says a bad word, or two kids have suspiciously similar tests… It’s a similar level of slap on the wrist, and it tends to lack any due process.
Same with parking tickets and traffic violations.
Re: Re: Re:3 Re:
But when you lose the ability to drive (analogy alert), there is more due process.
But, again, this is only relevant insofar as you see what happened w/ McColo and Atrivo as “minor.” At which point we should ask why it should happen at all.
Re: Re: Re:4 Re:
Ah, but really it’s not like losing the ability to drive. It’s more like having your car impounded for being in the wrong space. You can still get a new car (And still get it impounded for being in the wrong space again). As for why? Well, we can’t have people parking in illegal spaces! And we can’t have people doing these things on the internet, so we give them a mild inconvenience which is only a major inconvenience if it occurs again, and again, and again. In which case, this really should be done for every such situation, without due process like, well, impounding a car.
So there you have it. It should be done for the same reason impounding a car should be done, and it’s equaly minor.
Re: Re: Re:2 Re:
Re: Re: Re:2 Strawman?
Kevin,
I would really appreciate if you could elaborate on how you think this argument is a “strawman” — clearly you have not read the HostExploit.com report?
Or maybe we are just talking past one another…
Over the course of 2+ years, we watched Russian cyber criminals use McColo (and other hosters) as a hosting provider that facilitated credit card theft, fraud, malware distribution, Command & Control for several botnets responsible for 75% of the spam on the plant Earth, and other distasteful & illegal content distribution (e.g child pr0n).
We documented this activity in a very detailed manner.
We also passed it along to law enforcement at many levels.
This was no “minor” issue.
Clearly, either you are not familiar with the details on this issue, or there is something underlying your arguments to which you are not being forthright.
We have been following the same Russian organized criminal operation for several years, and it is arguments such as these which tend to muddy the waters on the issues of network neutrality, network governance, etc.
Believe me, I’m about as civil libertarian as they come, but there are clearly limits when you observe the same criminal activity which continues unabated for years.
Respectfully,
– ferg
Re: Re: Re:3 Strawman?
Fergie,
Sorry my comment wasn’t addressed, but I meant the straw man remark in regards to the Anonymous Coward saying this was a “minor use of power.”
On it not being minor, we are in agreement. And on the good-faith effort made at protecting all Internet users, I am in agreement that this specific incidence was done so.
Again, sorry for the confusion. I think we disagree far less than limited commenting will allow us to recognize.
Kevin
Re: Re: Checks & Balances Baloney
Let’s face it — if the law enforcement had wanted to intervene in this entire issue, they would have done so.
‘Nuff said there.
Also, on the issue of Gov. “Checks and Balance”, I guess maybe you were somewhere curled up under a rock for the past 8 years? That is not a personal attack, but rather, a poke at how the political imperatives of DHS, FBI Cyber, and other relevant law enforcement agencies have been hijacked for political issues, instead of seriously going after cyber crime.
Let’s face it — this is a shared “public-private” responsibility, and no one entity is going to be able to properly address this situation, as things stand today — we have organized criminal organizations that feel as though they can operate openly, freely, and without retribution.
The community has to do a better job of policing itself, before you get some hair-brained idiots in government that try to “protect you” (as is going on the UK right now with the recent idiotic ISP filtering of Wikipedia).
Final thought: There has to be measured, and reasoned, balance.
We must change our tactics.
Thinking that you can report this criminal activity to some “Internet Police” portal somewhere, and that it will magically go away, is simply not going to happen.
– ferg
Re: Re: Re: Checks & Balances Baloney
I’m well aware of the last 8 years. From the original post: “The checks and balances (eroded as they may be) of the legal system do a pretty good job at finding the best course of action, and we shouldn’t rush to a future of lynch mobs.”
But I also appreciate the substantive point, that law enforcement has its head in the sand on cybercrime. But the main takeaway from this almost Burkean post is that we should keep in mind what generally works in our governance structure, even if it has failed at times. Although public-private partnerships can be a nauseating buzzword, the ethic behind them is important and I hope people like yourself and Jart, who have the expertise and capability, take them seriously – especially given the new opportunities afforded by a new administration.
“There has to be measured, and reasoned, balance.” That’s the point of this all.
The fundamental question...
…that Kevin seems to be asking is, “Is internet access a right or a service?” If it is a service, the ISP can take access away because your name is Melvin. If it is a right, however, then due process would be necessary for the denial of access. I have to admit, I don’t really have a good argument either way. Here in the US, Congress has made statements implying that it should be a right. However, ISP’s still have the ability to deny access for economic reasons, which would make it a service.
I dunno. Someone give a good argument.
Re: The fundamental question...
Re: The fundamental question...
Your rights can certainly be “revoked” when you abuse them.
Obvious criminal activity is certainly one of those
occassions.
– ferg
Re: The fundamental question...
You pay a regular fee for it. It’s a service. Like Power and Water.
Re: The fundamental question...
In Soviet Russia, Food. Shelter. Power. Water. Internet. Basic human rights.
In Capatilist America Freedom of press. Freedom of speech. Freedom of Vote. Basic Human Rights.
Re: Re: The fundamental question...
Most human rights experts would agree that “freedom of expression” includes seeking, receiving and expressing information.
“And of course, the information society’s very life blood is freedom. It is freedom that enables citizens everywhere to benefit from knowledge, journalists to do their essential work, and citizens to hold their government accountable. Without openness, without the right to seek, receive and impart information and ideas through any media and regardless of frontiers, the information revolution will stall, and the information society we hope to build will be stillborn.” Kofi Annan
(But please don’t think I am arguing McColo lost a human right here. Just a side note on comprehensive free speech protection.)
Re: Re: Re: The fundamental question...
But freedom of expression does not grant you free paper, good sir.
Re: Re: Re: The fundamental question...
In fact. Not only does it not give you free paper, it also does not give you a free printing press, free time on any printing press, or any acess to free goods for recording your expression. The goods that allow you to express, or record expressions are services. And your printing press (Should you own one) Can be confiscated by the government if you go bankrupt or in other situations.
So, while freedom of expression is a right, access to the tools of expression is a service.
So you CAN be cut off from a printing press if the owner of the printing press does not like what you are printing. And a paper and pencil salesman can choose not to sell you paper and pencils. Still, you CAN always take two stones, and carve your thoughts into them. So, expression is a right. Access to the goods involved in expression is a service (Not a privilege, but a service. Which means you can provide it to yourself)
Re: Re: The fundamental question...
Works for me. Communism and socialism will always sap human motivation, destroy productivity and stifle progress. They are a road to societal ruin that ultimately reduce humans to level of dumb animals.
"traditional legal prosecution"
Kevin:
You state:
“While it is true that McColo and Intercage were neutered much more quickly through extralegal means than if police had tried to understand the system and work through the courts, there are still very good reasons why we should support traditional legal prosecution.”
Law Enforcement was very aware of the activity of both these parties — no action was taken. In the case of Intercage, no action FOR YEARS and they were located in California!
I dont agree that an ISP can just cut off service.
If you are falsely accused of spamming or otherwise violating the ToS then you have the option to go to court and issue an injunction and argue your case before a judge. This was standard operating procedure before there was legislation.
Now that it’s illegal I’m guessing that the guilty just cave. But if you are innocent the legal avenue is still there.
As to whether prematurely cutting off a spammer before getting the cops involved might reduce the ability to prosecute – you might have a point. Although any ISP will have built up a reasonable body of evidence in the form of abuse reports that should cover an evidence that there was indeed illegal spam.
Re: Allen
And what could the prosicuters do? Give them a fine that they will never pay?
Collateral Damage
One way to reduce the amount of “collateral damage” involved in such disconnections is to maintain a database where users can check on the status of various ISPs, which would help them decide where they want to host their websites and so on.
To any anarchist
By the way, to any anarchist the answer is “YES!”
I’m not an anarchist though. Still I’d argue that this is NOT mob rule.
Market forces and the courts
If unjustly disconnected by your ISP, you can:
a) take your business to a competitor
b) sue the hell out of them
That’s a couple of pretty major checks and balances against an ISP abusing their power to cut people off. The only time they’re going to do it is if the chance of them being sued about it is pretty close to nil, and the chances of them being sued and then losing are even closer to nil. That’s only going to happen if the party being cut off really is one of the bad guys, and the ISP has the evidence in hand to back it up in court if they have to.
The fundamental question...
Kevin, As said elsewhere did you read the HostExploit reports?
If you ask yourself why Julie Amero nearly ended up serving 20 years in prison? This is the unfortunate response of government to blame the victim. This ongoing injustice is an example of government’s involvement, and emphasizes why the Internet does not want them involved.
Who speaks for Julie and the many others ripped off or stolen from? The community has to police itself as there will never be a magic solution, the only realistic one is neighbors being prepared to stand up for the victims. Whether a group of researchers, journalists, bloggers, academics, or ISPs.
Here is a challenge Kevin; join in with the next and forthcoming HostExploit.com community report, see the depth of the badness, talk to the victims, understand the criminal activity, and then argue it should not be exposed or ‘you’ are just part of a lynch mob?
A serious challenge and offer; are you in, prepared to get your hands dirty, or only want to pontificate from the sidelines?
Another ISP
Could not another ISP show up in whatever areas these spammers were in, to serve the nonspammers in those areas, and be unable to determine the “good” customers from the “bad” customers and therefore completely make these “lynch mobs”, as some call them, moot?
"Lynch Mob"?
If by “Lynch Mob” you mean, “A business who objects to a customer’s behavior and decides they don’t really need their business”, then we *absolutely* need more “Lynch Mobs”.
If a client becomes a PR liability to a business, then that business should have the ability to protect their better interests. The Client is free to go find another business who will take their money.
There are plenty of service providers out there. If they keep getting dropped, perhaps they need to take a look in the mirror and figure out why they are leperous.
If I could be allowed to borrow the same “loose” definition of “Lynch Mob” — The OP could possibly be considered as not too far from trying to round up an online “Lynch Mob” of his own to go “string up” (protest) the offending ISP…
Lynch Mob??
Ok, how in the world is an ISP that cuts off a customer for violating spamming laws considered a “Lynch Mob”?? It’s more like “A responsible ISP that finally did what they should have done as soon as it was detected that the customer was a spammer” maybe?
It’s SO hard to have pity for those that fill my inbox with offers of a sexual nature and try so hard to get my wife to enlarge her pen…….nevermind.
socialism alive and well at techdirt
after reading a number of analysts writings at Techdirt, its pretty clear these guys think of the Internet as something that the businesses who operate it have no rights to make decisions on. And are clueless about the agonizing a business goes through before making a decision to cut off a paying customer.
Re: socialism alive and well at techdirt
Dave… Read more carefully, and check author names. Some tech dirt authors think of the internet in socialist terms. Most think of it in capitalist terms and are quite aware of how agonizing it is to decide to cut off a customer.
Loaded language frames the issue incorrectly
First, I’d like to express agreement in general with the sentiments of Paul Ferguson. He’s a long-time veteran (as am I; I released the first anti-spam program about 25 years ago) of the struggle against what I’ll broadly label as Internet abuse.
Second, the use of loaded language like “lynch mob” or the often-seen “vigilante” needs to be dropped immediately. It’s inapplicable. Nobody went to McColo’s building, dragged the principals outside, and hung them from the nearest tree. THAT would be a lynch mob engaged in vigilante action. But that’s not what happened — not even remotely close.
Third, “collateral damage” is another loaded term that almost never applies. Among many other problems with it (see copious discussion on the IRTF-ASRG mailing list this spring in the realm of anti-spam measures) it ignores the due diligence responsibilities of those choosing Internet services. For example, anyone who chose to host their web site with McColo without performing at least a few minutes’ worth of online research — a quite trivial task for anyone with a web browser and access to a search engine — really must bear considerable responsibility for their own negligence.
Fourth, as I’ve pointed out elsewhere, law enforcement IS NOT COMING. Except in quite rare cases, they have now accrued a decades-long track record of passivity. Quoting
myself (sorry, but it’s apropos):
“Law enforcement is almost a complete non-factor in dealing with
online abuse.
Action is erratic, slow and incompetent at best; it tends to only
happen when one of four things is true: (a) someone’s running
for office (b) positive PR is needed (c) a government has been
publicly embarrrassed and needs a scapegoat or (d) someone with
sufficient political connections, money, and/or power wants it.
And even when it happens, it’s ineffective: for example, token
prosecutions of spammers have done nothing to make the spam
problem any better. Multiple spyware vendors have settled their
cases for pitifully small sums and then gone right back to work.”
Which means that it remains the responsibility of the online community to police itself — starting with its own operations. After all, abuse does not magically fall out of the sky and land on someone’s network: it comes from someone else’s network, and it is of course the first and highest responsibility of that someone else to see that abuse is not systemic and persistent. Those who have failed to discharge this basic obligation that’s part of the implied social contract of the entire Internet are providing evidence that they are (variously) incompetent, lazy, stupid, greedy or the root cause of the abuse. Why should anyone continue to generously extend the privilege of access to their networks and services to such people?
The solution to the problem remains the same now as it was back in the early 80’s when I first started observing and thinking about abuse issue: cut off the source until the abuse stops. This not only has immediate tactical effect (it stops the abuse) but it also has the important strategic effect of making the issue the sole responsibility of the originator. Any anti-abuse methdology which fails to do this is doomed — as we have seen over and over again in the interim as a dazzling array of pre-failed ideas have been brought forth and — surprise! shock! — failed.
Re: Loaded language frames the issue incorrectly
[i] After all, abuse does not magically fall out of the sky and land on someone’s network: it comes from someone else’s network, [/i]
I’m just nitpicking here because I agree with you, but I hate it when someone I agree with accidentally uses bad phrasing. This would be more correct
[i]It either comes from someone else’s network, or it comes from somewhere inside your network.[/i]
And of course you should mention that if it comes from your network, you should either stop it, or face the consequences of your actions. (Freedom includes the freedom to face the consequences)
Re: Loaded language frames the issue incorrectly
Yeah, that’s like calling a copyright infringer a “pirate”.
Gee willkers Kevin.
Last time I checked – any ISP can opt to not sell service to another party.
Exactly how do you propose to get around the fact that one party can opt to not sell to another party?
Re: Gee willkers Kevin.
Or block whatever they want to block.
Re: Gee willkers Kevin.
“Exactly how do you propose to get around the fact that one party can opt to not sell to another party?”
You mean the way that landlords can refuse to rent to any group or employers can refuse employment to any group or restaurants can refuse service to any group? Is that the “fact” to which you refer? Maybe you should check your “facts”.
Re: Re: Gee willkers Kevin.
Ah, but restaurants CAN refuse service to smokers (Who insist on smoking in the non-smoking area). And landlords CAN refuse to rent to pet-owners. And employers CAN refuse employment to the incompetent and the criminal.
Yes. it’s a fact.
Re: Re: Re: Gee willkers Kevin.
That’s not just exactly any other party, now is it? If you are white, then all blacks are “another party”. Refusing to hire or serve or rent to all blacks is not legal. So no, it’s not a fact. If you don’t think so, then try it. Let us know how that turns out for you.
Reality check
I only started playing the anti-spam game about 15 years ago, so please take what I say with a grain of salt:
1) Those legal and natural persons responsible for and profiting from the misbehavior are already outside the reach of U.S. laws and justice. As recent events have pointed out, removing their U.S.-based tools fixes the spew, but does little to nothing to bring the individuals involved to justice.
2) In the last 20 years, the Internet has transitioned from an open and trusting environment built on cooperation where each participant could do a great deal of damage, but chose not to, to a state where aggression and profit assumed until proven otherwise. That the few remaining stewards like ferg and vix and company can still pull together effective collaborations to attempt to shut down the badness testifies to the robustness of the system they built.
3) However, the fact that the present generation of commentators are allowed to credibly default to a posture of selfish security indicates that the network built on personal and institutional trust is transforming itself into a network built on fear of shareholders, customers, unidentified hostiles and the market.
Kevin, please follow the advice of the learned operators who have graced this place with their wisdom, and consider whether the threats you perceive originate from the bad guys, or from some other source entirely.
There are few compelling reasons to believe that a U.S. government sanctioned LEA could respond more effectively to Internet threats than the current small group of seasoned individuals who understand the system better than anyone else.
Yes it is
Before McColo went down I was getting about 500-600 pieces of spam a day (I once made the mistake of putting my address on my webpage). After it went down, I was down to 150-170 a day. It is slowly going back up to 200-230 a day now. If it takes the action it did with McColo to stop this crap, so be it. I don’t care, I don’t want the spam. I don’t want to change an email address I have had for many years because of a mistake I made once.
I don’t know if you could stop anything from happening without closing the doors on good things in order to prevent a few spammers from sharing their garbage. I think that unless some sort of super firewall is created spammers will just turn to hacking the weak systems that everyone has on their basic computer.
Luke |