ietf-asrg
[Top] [All Lists]

RE: [Asrg] draft-irtf-asrg-bcp-blacklists-00

2004-05-05 09:31:46
The point I am making here is that any BCP that is issued should
ensure that any blacklist following the practices described would
be operating in compliance with existing criminal and civil law.

Not only do I doubt this is the case, I don't think that there is
the expertise in this group to know whether or not it is the case.
The only lawyer in the group does have relevant expertise and is 
currently attempting to set up a whitelist.

Worst of all, I don't think that there is the intention on the part
of the blacklist operators to operate within the law. The idea behind
this BCP appears to be to provide a safe harbor for their existing
practices without the need to change any of the practices that are
likely torts.


It is to desireable and to be expected that courts will in 
due course rely
on industry practices and standards in adjudicating acceptable
behavior.    We should not be shy of it but instead encourage it.
Approved and deprecated practices are what we need to encourage
and eventually get into the judicial system.  Every industry does this
and it is long past time for ours.   It is nothing to fear.

I agree with the sentiment, but this is not the pace to do that.

I do not beleive that this group is equiped to decide on what best
industry practices are. It does not have a mandate from the industry.

I agree with Barry that someone who wanted to sue a blacklist could
certainly use the BCP draft as evidence of malpractice. I do not agree
that a blacklist could claim that compliance with the BCP provided
a safe harbor. This group is simply not representative of the parties
who are harmed by incompetent, vindictive or outright malicious
blacklists.

In addition the statements made on this list would be admissible if
there was any attempt to rely on the BCP as safe harbor. I think it
is amply clear that this does not constitute a good faith effort to
describe best practices that protect the interests of all the parties.

Regarding 'collateral damage': while the reality of its usefulness is
clear, this discussion usefully points to the possible 
injurious emotive
overtones.    A more useful phraseology might be that employed
(with a long legal history) in the environmental pollution field.   
Stringent measures against polluters (which is what spam-enablers
are) are well received in public and legally sanctioned.  (See 
some possible wording at <http://www.camblab.com/misc/univ_std.txt>).

The term was coined by Vixie to describe listing a known innocent
party in order to apply pressure on another party.

I don't think you will find a legitimate analogy for this, certainly
not the environmental one you cite where the real analogy would be 
for private parties to organize measures against customers of the
polluters who had no part in the pollution. Attempting to compare
the actions of blacklists who wont give their names to court actions
does not work.

The reason you will not find a legitimate analogy is that collateral
damage is very clearly a tortious interference with contract. If you
doubt me on this look at the cases where MAPS has been taken to court
on this one, they have settled every single time. In the cases where
we know what the terms were MAPS clearly surrendered.

Please let everyone be clear that a blacklist does not prevent anyone 
from receiving service.  

That is not the case at all.

 A blacklist USER prevents service.  

An ISP using a blacklist prevents service, it is not the decision of the
end user.

A blacklist author is not injuring anyone.  

The cases against MAPS clearly show that the courts did not accept this
argument. Publishing information with the intention that it be used to
block mail can constitute a tort.

This extremely important
legal point may have to be highlighted in our documentation.  It
is one reason (among others) why the author of a blacklist
standard is not vulnerable to a claim for damages.

If you think that it is an important legal point perhaps you could cite
a case where a court has made a favorable decision? The cases I have
read lead me to the opposite conclusion.

In the US you can be vulnerable for a claim for damages for walking down
the street. In this case it is the claim alone that would result in 
crippling legal fees.


There are certainly ways that a blacklist can be operated within the 
boundaries of the criminal and civil law. In the antiphishing WG we
are actually discussing what it would take to set up a blacklist to
block out phishing capture sites. It will surprise many here probably
to know that I originated that idea.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg