Congress may require ISPs to block fraud sites H.R.3817
marka at isc.org
Sun Nov 8 16:17:38 CST 2009
In message <75cb24520911060747x3556e01tbb80be8c9e0d58b3 at mail.gmail.com>, Christ
opher Morrow writes:
> On Thu, Nov 5, 2009 at 5:56 PM, <Valdis.Kletnieks at vt.edu> wrote:
> > On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
> >> Did I miss a thread on this? Has anyone looked at this yet?
> >> `(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on
> >> or through a system or network controlled or operated by the Internet
> >> service provider, transmits, routes, provides connections for, or stores
> >> any material containing any misrepresentation of the kind prohibited in
> >> paragraph (1) shall be liable for any damages caused thereby, including
> >> damages suffered by SIPC, if the Internet service provider--
> > "routes" sounds the most dangerous part there. =A0Does this mean that if
> > we have a BGP peering session with somebody, we need to filter it?
> > Fortunately, there's the conditions:
> >> `(A) has actual knowledge that the material contains a misrepresentation
> >> of the kind prohibited in paragraph (1), or
> >> `(B) in the absence of actual knowledge, is aware of facts or
> >> circumstances from which it is apparent that the material contains a
> >> misrepresentation of the kind prohibited in paragraph (1), and
> >> upon obtaining such knowledge or awareness, fails to act expeditiously
> >> to remove, or disable access to, the material.
> > So the big players that just provide bandwidth to the smaller players are
> > mostly off the hook - AS701 has no reason to be aware that some website i=
> > Tortuga is in violation (which raises an intresting point - what if the
> > site *is* offshore?)
> mail to: abuse at uu.net
> Subject: Fraud through your network
> Hi! someone in tortuga on ip address 184.108.40.206 which I accessed through
> your network is fraudulently claiming to be the state-bank-of-elbonia.
> Just though you should know! Also, I think that HR3817 expects you'll
> now stop this from happening!
> oops, now they have actual knowledge... I suppose this is a good
> reason though to:
> vi /etc/aliases ->
> abuse: /dev/null
There are still plenty of way to inform a company. Ring up the
support line. Registered mail.
I suspect a court would see the practice of sending abuse@ to
/dev/null in a very poor light especially once the court learns
that this is the standard address. A consumer should be able to
reasonably assume that the message was delivered.
If you bounce then they should be aware that it didn't get through
and they can take other steps to inform you.
> so, is this bill helping? or hurting? :(
> > And the immediate usptreams will fail to obtain knowledge or awareness of
> > their customer's actions, the same way they always have.
> > Move along, nothing to see.. ;)
> to my mind this is the exact same set of problems that the PA state
> anti-CP law brought forth...
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG