ietf-asrg
[Top] [All Lists]

Re: [Asrg] filtering at connect time

2003-03-07 00:00:36
Well Mike I must respectfully disagree with you, and in due course
the courts will settle the matter.  However for the group I beg to
elaborate a bit on your statements.  Please see inline comments.

On Thu, 6 Mar 2003 21:58:19 -0800 (PST), Michael Marking wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[here Jeffrey Race wrote]
There is a shovel in my yard, not locked up. If a person takes my shovel
without my permission, and uses it to kill another person, am I guilty?
I think not.

Perhaps the open relays operators are negligent (or lazy or whatever),
but the theft is being committed by the spammers.

The terms of art are 'contributory negligence' and 'attractive
nuisance'.   If you leave your swimming pool unlocked, and a
neighborhood child invites his friends over for a swim (without
your permission) and someone drowns, YOU would definitely go to
prison in most jurisdictions I know of.

Those are indeed terms of art, but they are misapplied here.

"Contributory negligence" is a defense made against a plaintiff,
alleging an act or omission amounting to want of ordinary care on
the part of the plaintiff. The term would only apply in a complaint
brought by the operator of the open relay against the spammer: the
law might reasonably excuse the spammer because the open relay
operator didn't take steps to close the relay. However, as a
victim of spam, I can't make a claim of contributory negligence
against an open relay operator, since contributory negligence is
an act of the plaintiff (which would be me, if I were to make
the complaint).

I agree with everything you say but it is not the whole story.
A court could use this doctrine in a case of operator vs spammer
(and there are some like this now in litigation) to clarify that
the operator was negligent in the operation of his property. I
just want to make the point that a spammer can't (easily) use
a mail server that is rightly configured, and a court would certainly
look at this.



"Attractive nuisance" applies to an inherently dangerous or
hazardous object or condition of property that might be expected
to attract children to play or investigate.

But not just that, and not just children.   It could apply to anything
which could be used to injure others such as an unlocked car with key
in the ignition, or a mail server not password-protected which was
hijacked and used to steal medical records, or to crash a hospital's
mission-critical computer system, causing death or injury.

 Common examples are
discarded appliances, construction sites, firearms, and swimming
pools. Basically, the doctrine assumes that a higher level of
care is required for an attractive nuisance. However, the doctrine
doesn't apply here because (1) we aren't talking about children,

Doesn't have to be children

(2) we aren't talking about injuries to trespassers (spammers),

I'm talking about injuries to mail servers or the attached processing
units and databases

and (3) we aren't talking about a nuisance.>
"Nuisance" arises from unreasonable, unwarranted, or unlawful use
by a person of his own (or public) property. 

Unreasonable: the court would look to see whether leaving a mail server (or
proxy) open is reasonable in the engineering context of the fact
that securing it is trivial, just as locking your car door is 
trivial.  The court would weigh the burden on the owner of the property
to secure it against the damage its abuse caused in the case in dispute.

 If cost = zero
    damage = millions

it is not a hard decision

It is not the open
relay operators who use the relays in any unreasonable,

Yes they do as above.

 unwarranted,
or unlawful fashion -- it is the spammers. Nuisance may also arise
if the property owner fails to perform some legal duty, but I'm
not aware of any laws requiring that relay operators close their
open relays.

True, it is a common-law tort issue

The law doesn't necessarily condemn those who simply act immorally
or improperly. For example, there is no law against being generally
rude and not telling the truth, except in special circumstances.
There is also no law against operating an open relay. Therefore,
it is counterproductive to characterize behaviours as "illegal" when
they are not,

Nobody characterized an open relay or proxy as illegal, only as
(when abused) tortious in the present facts, which is that the damage
caused is extensive and the owner's preventive measure trivial and costless.

 because it might lead someone to believe complacently
(and without justification) that appropriate rights and remedies
already are in place. To the extent that such rights and remedies
don't already exist, that helps to prevent us from creating them.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+aDSj3fFKt0vOYhYRAgLiAKDecqQXJBtC1SMExpE3KhtcsCND+QCeIZSA
GVBW5JRreZiApmpHyDwZIWc=
=NdC+
-----END PGP SIGNATURE-----





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>