how-to block ads
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
1 edit | Significant privity of contract issue, here...
If I get ISP services from Joe's ISP, and I have landline from Qwest carrying it, where does Qwest infer a right to modify the terms of service that I agree to with my ISP? They would, it seems to me, have to impose the terms in their own contract with the party using their network, the ISP. The ISP would then have to decide how to pass them on to their subscribers.
I'm still sorting out this convoluted cobweb of information, but I can say this much. A provider should be trying to educate and help their users regarding the risks of the internet. They shouldn't be treating the users like little children, and imposing "zero tolerence" regulations that penalize people for being victims. Wanton spamming, sure. Charge 'em fifty bucks a spam. But it's somewhat unconscionable, if you ask me, to say that your duty of security is absolute, and subject to immediate and automatic penalties*. I seriously doubt they would want similar regulations imposed on themselves, and I'll bet they have undiscovered weaknesses in their own corporate IT security. Even the best IT people miss things, and get infected. As I've frequently remarked in Security, there's no magic bullet... security's relative, not absolute, and absolute, perfect security simply doesn't exist, never has and never will, owing to the nature of the beast.
They need to take great care, and not start thinking "we're bunkered to the hilt, nobody can get through our security, so we have a right to look down our noses and judge our users"... just by way of example, when I did a little research a few years back to prove my thesis that a large number of so-called "public anonymous proxies" that get advertised on the internet are actually private proxies being hijacked, and trojanized proxies on other peoples' systems, I found dozens of Fortune 500 companies, colleges, schools, and a few ISP's (I don't think Qwest was one, to their credit), and a lot of very clear "user block" addresses, implying that at least a few of the "public proxies" are either men in the middle or trojanized rogue servers.
Sauce for the goose is sauce for the gander... if they end up getting one of their own networks compromised and abused for spam or other, even nastier nastiness, they're going to look pretty bad. 
* - I do, however, by way of post script, reserve judgement on the idea of immediately disconnecting people who are advised that they're infected to the point of disrupting the network, and just sit on their hands. It might not be a bad idea, at all, to tell people "we'll give you one warning and a reasonable time to demolish a termite mound you're running, and, if you don't, we'll disconnect you until you do prove to us that it's been disinfected." But that isn't the approach, here. Typically, it's in the form of a charge... in other words, spam away, if you're willing to pay five bucks a spam. The appropriate approach, of course, is to say "get off of our network if you won't stop spamming, or remove the trojan doing it in a reasonable time"...
--
Semper Eadem
Madman, thou errest. I say there is no darkness but ignorance ... | |
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country! | My question is how does the copper line provider legally read my data going to and from my third party ISP without all including the third party ISP's agreement? This sounds like an illegal wiretap, or at least a major EFF issue. | |
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to gwion
Well, we can argue at length the limits of governemntal wiretapping, but private wiretapping is, always has been, and, hopefully, always will be illegal de facto. I recall a case where a guy wired his neighbor, and then tried to file a criminal complaint... using the wiretap as his evidence. The district magistrate refused his complaint... and called the police, who filed a complaint against HIM, for wiretapping. That complaint was approved, by the way.
I would guess they could receive a complaint, accompanied by supporting evidence, without breaking any laws, though. And therein lies the foundation for a lovely lawsuit... I wonder if Qwest ran this by legal before they announced it? It's definitely the kind of thing that, if you ever really try using it, can turn around and bite you right on the... ahem... I digress...
I actually don't think they're relying on wire interception, all told. They would probably start with a complaint, and track back the mail traffic. Not hard. Even if everything's obfuscated, the account that's sending out 10,000 SMTP connections a day's a likely candidate for being the culprit... What bothers me, of course, is that bit where there's no differentiation between deliberate spam, and happening to get compromised by a spam relay. There just has to be a good faith notice given to clean things up or face the consequences. And those consequences shouldn't be monetary, they should be the abrupt termination of service until the account holder can certify that things are cleaned up.
The internet, remember, is wide open, though... the anecdote, above, related to phone lines. That's always been one of my major arguments, that when you send an unencrypted anything across the notoriously wide open internet, you have no expectation of privacy. It's like posting on the supermarket bulletin board. It's genuinely hard to make a real privacy argument with internet communications, unless you're taking affirmative measures to protect what little privacy you might have. Since I doubt most spammers would find a PGP "envelope" very desirable for their content and purpose, you know, on reflection, I'm thinking it would be pretty much arguable that they could, if they really, really have nothing better to do with their time, play man in the middle and snoop on their network, long as they only snooped at plaintext unencrypted material... and they can certainly log, and logs tell enough to set up a presumption of spamming, based on patterns.
Just some later evening idle musings... good points... how do they plan on enforcing this? Can you imagine them presenting a damned printout of (who knows HOW forged) message headers sent them by an anonymous "informant", and asking for five bucks for spamming? Hooboy. The more I think about this, the more it strikes me as a really ridiculous idea with so many strings attached... I don't see how they can ever possibly enforce it. Sounds mostly like a "see, we're taking action on spam" publicity stunt, the more you think about it.
--
Semper Eadem
Madman, thou errest. I say there is no darkness but ignorance ... | |
iowanews1
join:2004-04-07
Des Moines, IA | reply to gwion
terms of service ONLY apply to intenet service provided by Qwest. If you're on DSL and have an ISP other than Qwest, you're covered by your ISP's TOS. | |
|
