Re: [Asrg] draft-irtf-asrg-bcp-blacklists-00

[Seth Breidbart <sethb at panix.com>]

"Hallam-Baker, Phillip" <pbaker at verisign.com> wrote:

> The point I am making here is that any BCP that is issued should
> ensure that any blacklist following the practices described would
> be operating in compliance with existing criminal and civil law.

If you mean any law that covers the entire Internet, they will by
definition.

If you mean any local law that covers any part of the Internet, they
cannot do so.  (Should they be required to post their web page in
every possible language because someplace requires it?)

> Worst of all, I don't think that there is the intention on the part
> of the blacklist operators to operate within the law.

Whose law?  I don't think any of them (that I know of, anyway) cares
about operating within Islamic law, or strictly according to Torah, or
other non-applicable laws.  I suspect they all intend to operate
within the applicable laws in their locale.

> The idea behind this BCP appears to be to provide a safe harbor for
> their existing practices without the need to change any of the
> practices that are likely torts.

If those practices are torts according to law, nothing we do can
change that fact.

> I do not beleive that this group is equiped to decide on what best
> industry practices are.

It can publish its opinion, just like anyone else.

> It does not have a mandate from the industry.

There's no such thing, anyway.  Or would you prefer the DMA to define
the _only_ published "best industry practices"?

> I agree with Barry that someone who wanted to sue a blacklist could
> certainly use the BCP draft as evidence of malpractice. I do not
> agree that a blacklist could claim that compliance with the BCP
> provided a safe harbor.

That would imply that publication by us can only hurt listmakers.

> This group is simply not representative of the parties who are
> harmed by incompetent, vindictive or outright malicious blacklists.

It includes a lot more representatives of people who are aided by the
desirable listmakers.

Why don't you publish a blacklist of "incompetent, vindictive or
outright malicious blacklists"?  That way, people who agreed with you
could avoid using them.  Or do you feel that your opinions should
somehow be binding even on people who don't agree with them?

> In addition the statements made on this list would be admissible if
> there was any attempt to rely on the BCP as safe harbor.

They might "admit" my postings, but to what purpose?

> I think it is amply clear that this does not constitute a good faith
> effort to describe best practices that protect the interests of all
> the parties.

There are some parties whose interests I very much do _not_ want to
protect.  That's the whole point of blocklists, after all.

>> Regarding 'collateral damage':
. . .
> The term was coined by Vixie

The term is a lot older than Vixie.

> I don't think you will find a legitimate analogy for this,

The original (military) version might work.

"In order to block a billion spams, we also blocked a few hundred
non-spams.  Unfortunately, we found no effective way to do better."

> The reason you will not find a legitimate analogy is that collateral
> damage is very clearly a tortious interference with contract.

If Spammy and Nonspammy have hosting contracts with Provider, and I
choose to block all of Provider's space because of Spammy being there,
against whom am I committing what tort?

If I choose to warn others that Spammy is there and recommend blocking
all of Provider's space, against whom am I committing what tort?

>> Please let everyone be clear that a blacklist does not prevent anyone 
>> from receiving service.  
>
> That is not the case at all.

How can I (were I to implement a blacklist) prevent Richter from
receiving service?  Be specific; how do I gain power over Richter or
his potential providers merely by publishing something?

>>  A blacklist USER prevents service.  
>
> An ISP using a blacklist prevents service, it is not the decision of the
> end user.

In that case, the ISP _is_ the USER of the blacklist.

And it's not like there's any shortage of ISPs offering email service.

Feel free to set up a "we deliver all the spam anybody tries to send
to you" email service, charging whatever you like.  If lots of users
want it, you'll get rich.  If they stay away in droves, that's your
problem.

>> A blacklist author is not injuring anyone.  
>
> The cases against MAPS clearly show that the courts did not accept this
> argument.

Which of those cases were actually ruled on by courts (rather than
MAPS getting drained by pre-trial shenanigans)?

> Publishing information with the intention that it be used to
> block mail can constitute a tort.

"can"?  Has it actually happened?  Where?  What about blocklists run
in places where it is NOT a tort?

Seth

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg