Common carrier status exists for this very reason. Unfortunately, it
probably means we'll have to stop filtering things like spam and DoS,
since
filtering on content inherently violates common carrier protection -- see
the smut suit against AOL a few years ago.
Come on, don't go lumping DoS and smut into the same basket. You can't be
possibly serious about considering the two to be equals.
In other words, you reasoning is quite flawed the way I see it, and blocking
DoS is indeed legitimate and legally supportable. Excesses are rarely
protected by any legal statutes.
> From: Stephen Sprunk [mailto:stephen@sprunk.org]
[..]
> Common carrier status exists for this very reason. Unfortunately, it
> probably means we'll have to stop filtering things like spam and DoS,
> since filtering on content inherently violates common carrier protection
> -- see the smut suit against AOL a few years ago.
Come on, don't go lumping DoS and smut into the same basket.
You can't be possibly serious about considering the two to be equals.
Okay, I'll admit filtering DoS will probably survive given it's a problem
for the carrier, not just the customer. But my original point is that as
long as ISPs do not examine the contents of a customer's packets, they
cannot be held liable for what's in them. Content filtering, whether for
smut, spam, or piracy, is a serious argument against ISPs claiming common
carrier status.
In other words, you reasoning is quite flawed the way I see it, and
blocking DoS is indeed legitimate and legally supportable. Excesses
are rarely protected by any legal statutes.
To the extent a customer attacks or defrauds the carrier itself, protection
measures are allowed. But you cannot "protect" the public at large without
a court order to do so.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
Okay, I'll admit filtering DoS will probably survive given it's a problem
for the carrier, not just the customer. But my original point is that as
long as ISPs do not examine the contents of a customer's packets, they
cannot be held liable for what's in them. Content filtering, whether for
smut, spam, or piracy, is a serious argument against ISPs claiming common
carrier status.
Content filtering can get you in trouble. It will be interesting to see what happens if a virus makes it through one of these ISP's virus protectors and infects someone; especially since they give it as a selling point. On the other hand, and ISP that does an action such as executable stripping or virus scanning not as a selling point, but as a protection measure of the carrier itself has no responsibility to the customer.
In the same reguards, filtering has a limited scope. While an ISP can filter for spam and viruses, to actually filter for illegal activity is more difficult. Given the war on spam and the fact that it's not going to end soon, I'd say trying to say an ISP is liable for scams or other illegal activity is a little far fetched. On the other hand, an ISP that *is* aware of illegal activity would be negligent not to look into it. In piracy cases, however, a simple 'give me the supoena and I'll give you the name and address' should suffice. After all, if you are being harrassed, you don't call the phone company to take care of the customer. You call the legal authorities.
> On the other hand, an ISP that *is* aware of illegal activity would be
> negligent not to look into it.
How about the tier1's who route abuse@ to /dev/null? IMHO they are
negligent and should be held liable...
Any actionable notice about illegal activities will come via conventional
channels from law enforcement officials -- not via email from customers or
other operators.
Since a common carrier can't filter on content -- only fraudulent and
malicious activity against the carrier itself -- there's not much (legal)
purpose in maintaining an abuse@ alias.
Abuse reporting exists in its current form today because (a) there's no laws
against most "abuse", and (b) the cops refuse to act unless you claim at
least $250k in damages per event. As the lawyers sink their teeth into the
net, you're going to find less and less "good will" out there simply because
it opens you to liabilty in court.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
Actually from an end-user perspective actionable notice of
anything will originate with the customers more often than
not.
If the police come to you as an ISP and they inform you of
something illegal happening inside your ISP you have blown
it. ISP's need to be able to at least tell themselves that
they know what is happening.
By the way - the big one these days is the claim from the
Tier-2/3 player that they are really subject to the same
rules that the Tier-1 players are and that simply isn't
true - nor should it be.
By the way - the big one these days is the claim from the
Tier-2/3 player that they are really subject to the same
rules that the Tier-1 players are and that simply isn't
true - nor should it be.
There is no technical or legal difference between tier-1 and tier-2/3
service providers. Heck, NANOG has been collectively working on it for
years and we haven't even come up with definitions for the various "tiers"
yet.
The distiction is between those who provide network transport and those who
provide application services across that network. The former can seek
refuge as common carriers, but the latter clearly cannot.
I pity the ABA if you really are their liaison to our industry. Worse, I
pity our industry for what kinds of ridiculous laws we'll soon be subjected
to.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking