At 11:39 30/03/03 -0800, Brad Templeton wrote:
...so let me drop to the other problem
I pointed out with consent issues, which is the difficult technical
challenge of finding a way to figure out consent when we have all sorts
of vague definitions of implied consent
I don't think it's correct to say that there are many definitions of
implied consent - rather that there is some grey area in which it is not
necessarily clear if particular conduct comes within the scope of implied
consent.
On the other hand, there are areas where it is clear - person to person is
within, bulk is outside.
, and so many different preferences
among individuals as to what consents they wish to give.
This is a separate issue of expressing explicit consent. Explicit consent
what BMPP (and to a lesser extent BMTP) aim to facilitate. Implied consent
has nothing to do with the actual preferences of the recipient.
..many people express different views over what they think... they have
implicitly consented to receive. Just this week we've debated the
suggestion that if you post to a mailing list you consent to replies to
your messages from others, but not to automatic replies from broken bots,
and possibly not to off-topic replies -- for example most would say that
posting here doesn't allow me to reply to them to offer them cheap blue
sex pills.
From a legal perspective (and since consent is really a legal concept the
legal perspective is the relevant one), none of these questions involves
implied consent. What they do involve is an attempt to imply terms into
some contract. Leaving aside the question of whether signing up to a
mailing list can amount to a contract (which is doubtful in itself),
implying terms into a contract is something that the law is reluctant to do
unless it is necessary to do so to give effect to the contract. Thus the
mailing list really doesn't come into the question when analysing consent
in those situations.
I see it as intractable to define a mechanism for definition of advance
consent.
Well yes, an attempt to cover the whole field of explicit consent in a
protocol is doomed to failure, however limiting scope to things that are
towards the "no implied consent" side of the line make this easier. The "NO
UCE/NO UCE" banners have such limited scope. BMTP has a slightly wider
scope, and BMPP wider still. In each case, however, the domain in which
they attempt to deal with consent is such that it does become possible to
cover the domain. I would venture to say that BMPP goes as far as you can
reasonably go when the domain is "Bulk".
> that SMTP as a protocol demonstrates a design centred on person to person
> messages and another protocol (NNTP) demonstrates a design centred on
> broadcast messages (even having substantially the same message format)
...I can't escape the conclusion that bulk mail is considered one of the
legitimate uses of mail.
The nature of the protocol is relevant for a consideration of implied
consent. A mailing list such as this one involves explicit consent. The
reason that the orientation of the protocols becomes relevant is that it
suggests that unsolicited bulk email is not "necessary" (there being an
alternative mechanism for broadcast messaging), it may be relevant to what
is accepted, and it is also relevant to what can be implied from the user's
actions (don't read news == probably don't want broadcast messaging, so if
somebody does want bulk messaging the applicable mechanism should be used).
> [one-to-one messaging on the basis of a referral] is clearly
> within the scope of implied consent, because it is (a)
> necessary, (b) accepted, and (c) reasonably inferred by the actions in
> putting up a web site.
Unfortunately it is not so "clear" as there are many court cases about this,
about issues such as deep linking, inlining and spidering in various forms.
People want to give consent to some (google) but not to others (shopping bots
or deep linkers) and so on.
Every court case I am aware of (except perhaps the recent Verio/Ralsky one,
although I think that settled anyway) that was taken to judgement so far
has involved an explicit withdrawal of implied consent - or at least an
explicit notice that the traffic was unwelcome, which amounts to the same
thing.
> Person to person email is clearly within the scope of implied consent and
> testing against the three criteria clearly indicates that this would be so.
I thinks so but again, I have seen many in the anti-spam community offer
extreme definitions which include person to person mail. CAUCE, a fairly
major organization in the anti-spam community, has pushed its lobbying
efforts around single e-mails from the start, and so have many others.
CAUCE's efforts were focused in this way for practical reasons, and this is
no longer the CAUCE position. CAUCE has shifted the focus back to bulk. It
may be that the focus goes back to (bulk && commercial), but that's a
matter for the CAUCE (USA) board.
> [notes on the bordeline status of implied consent in
> person-to-person flames]
I think you aptly demonstrate the technological impossiblity of making a
protocol based way to define advance consent.
As noted, I agree that it is impossible to define a protocol to
exhaustively cover the domain of explicit consent. The only domain I see as
relevant to such mechanisms is bulk.
______________________________________________________________________________
troy(_at_)rollo(_dot_)com IANALY,TINLA Troy Rollo,
Sydney, Australia
Fight spam in Australia - Join CAUBE.AU - http://www.caube.org.au/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg