Re: [gnso-ff-pdp-may08] Choke points

["George Kirikos" <fastflux@xxxxxxxx>]

Hello,

On Thu, Aug 7, 2008 at 9:38 PM, Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx> wrote:
> #etc. You don't see them being taken down, though. A lot of spam comes
> #from Gmail, Hotmail, Yahoo, etc. as their captchas have all been
> #broken, but those domains don't get taken down --- i.e. some level of
> #"crime" is deemed to be acceptable.
>
> More accurately, those operations all respond to their abuse reports
> with alacrity; I see absolutely no indication that some level of crime
> is tolerated at any of those sites.

The same thing for other "good" companies, who will also want to be
whitelisted. I'd want all my domains whitelisted, as would everyone
else.

> Safeguards for the googles of the world have already been treated
> previously. See, for example:
>
> http://forum.icann.org/lists/gnso-ff-pdp-may08/msg00360.html

As before, everyone will want to be on that list.

> #"60 percent of the top 100 most popular Web sites  have either hosted
> #or been involved in malicious activity in the first half of 2008."
>
> But they're not fast fluxing on broadband hosts across diverse ASNs.

If that's the criteria now, that's fine with me (i.e. specify the
criteria, and it hardly affects any legitimate business or
non-profit). i.e. I can make sure that if I'm fast fluxing for my new
telemedicine service or torrent service or CDN or whatever, that it's
only on non-broadband home user networks (i.e. the "test" should
specify very precisely what ASNs, etc.). However if those ASN lists
get stale or are in error, some legit people who did all the right
things might get blacklisted by mistake.

If we talk about the larger issue of abuse in general, as some folks
want to generalize a takedown procedure for all "abuse", then it's
something different.

> It is really sad, but fastflux is typically needed only for the worst
> of the worst. All the rest of it can get traditional hosting somewhere
> in the world...

What's the absolute number of these "worst of the worst", and why
can't law enforcement approach a judge to get a blanket restraining
order? 10? 100? 1000?

> #"Criminal" is in the eye of the beholder.
>
> Already covered that one, too. Criminal behavior isn't subjective,
> like the right amount of salt to add to a dish, it's objective for
> a given geographical locale. See the discussion at:
>
> http://forum.icann.org/lists/gnso-ff-pdp-may08/msg00261.html

I don't think that's this list's "final word" on the topic. :)

If it's as objective as "the right amount of salt", we'd only need
rulers and teaspoons, etc. instead of judges and juries. We wouldn't
need courts of appeal, as obviously "objective" metrics applied by
courts cannot lead to mistakes. We wouldn't need a Supreme Court
either.....

If things weren't subjective, you wouldn't have lawsuits to begin with
-- lawsuits are the result of people respectfully agreeing to
disagree, and letting a third party arbitrate and come to a decision.
Since things are "objective", it's impossible to disagree to begin
with. The conviction rate would be 100% in crimes against the
state/public, as the police can never get it wrong.....

Is every registry going to say that every gTLD and registrant is bound
by US law? That's going to be a fun discussion. All the Cuba-related
domains, etc., for starters. Online casinos, every instance where US
law differs from that of other countries...And then the ccTLDs?

> #Private enforcement and interpretation of public laws is a very
> #dangerous and slippery slope (leads to vigilantism).
>
> Industry self-policing need not involve vigilantism, and it is a well
> established principle of U.S. law that if one becomes aware of material
> information relating to a serious crime, one has an affirmative obligation
> to share that with the authorities under the misprision of felony doctrine.

It's one thing to "share that with the authorities". It's another
thing to go in with guns blazing and attempt to solve the problem
oneself. Law enforcement is accountable to someone, and often ends up
paying out large legal settlements when they screw up bigtime and got
it wrong (as do governments). Police are liable for misconduct and
negligence:

http://en.wikipedia.org/wiki/Negligence

as are private entities.

You'll recall your own article from a few years ago:

http://cc.uoregon.edu/cnews/winter2004/googlehits.html

"In our view, Google should offer an unfiltered viewing option for
those who need it for research purposes, or who otherwise want to see
all hits relevant to a given search term, whether tainted by spam or
not."

What if it's true that a large proportion of society wants to opt-in
to that "unfiltered" internet that you implicitly desired for
yourself, even if it means getting exposed to "risky" things?? What if
they don't want the government or some private self-chosen
unaccountable quasi-police force saying that "that's a bad
neighbourhood" that needs to get shut down for "the public good"?
Empowering users to make an informed choice, helping them to identify
those "dangerous" sites might be sufficient.

Sincerely,

George Kirikos
www.LEAP.com