How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

Sat Oct 13 02:12:50 UTC 2007

> From owner-nanog at merit.edu  Fri Oct 12 16:26:36 2007
> Date: Fri, 12 Oct 2007 21:23:15 GMT
> Subject: Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
>
> So, back to my original question: If you alert an ISP that "bad and
> possibly criminal" activity is taking place by one of their customer,
> and they do not take corrective action (even after a year), what do
> you do?

This is straying somewhat afield from 'network operations', but it is at
least tangentially relevant, so....

'What do you do?' conceals a raft of other issues that have to be identified
and answered before the 'obvious' quesiton cn be addressed.

First off -- not to belabor (well, not too much, anyway) the obvious -- you 
have to identify what your 'goals' are.  Both tactical (short term), and 
strategic (long term).  And what level of resources you are willing to commit 
toward supporting those goals.

A "desirable" state of affairs is that every network operator _does_ actively
police its  user base, and makes 'former customers' out of anyone who egages
in activities deemed "not acceptable" by a large portion of the  "rest of the
'net world".

Unfortuntely, commercial providers are driven by 'economic self-interest',
rather than "the good of the 'community'" as their _primary_ motivation.
They _will_ consider the 'good of the community' when it is not in conflict
(or at _most_, represents a *minor* conflict) with their self-interest, but
if the two are diametrically opposed, there is no doubt as to which viewpoint
_will_ prevail.

So, when you ask them to _do_something_, quote "for the good of the community"
unquote, and 'nothing happens'  it is reasonable to conclude that 'economic
self interest' is controlling -- either it is 'not worth the effort/expense', 
or it would cost revenues that they're not willing to give up.

I'm sure this is no surprise to anyone.  In fact, Isuspect everybody has seen
these exact sysmptoms in _their_own_ management, in varying degree.

There are only two things one can change to influence that decision --
either one 'somehow' makes 'the good of the community' more inportant,
*or* one finds a way to invoke their 'economic self-interest' on the
'right' side of the issue.

One possible way to do the latter is to look or 'sensitive' departments,
*other* than the 'abuse' contacts, who have 'hot buttons' that can be pushed.
Some possiilities for this approach include "legal", "investor relations", 
and "Public Relations".   All the folks who have to 'deal with the mess'
when something 'embarassing' becomes public knowledge.

contacting such departments, with an 'early warning' about what could become
'very messy' public attention to policies/practices that "could easily be
mis-understood", if done carefully, can be very effetive.

And, as a final alternative, there is "public embarrassment", to shame them
into taking action.

One 'option' that has *never* been successfully employed would be to organize
'the community' for co-operative action in 'shunning' those provider who do
not keep a clean house.  I'd _love_ to see such an approach implemented, but
it requires ignoring short-term self-interest for the long-term 'good of the
community' -- even though the long-term good of the community _is_ in the self-
interest of each and every provider.

Back to original "what do you do?" 

'Viable' options are rather limited -- 

If you have _hard_ evidence, reporting to law enforcement, *WITH* notice of 
'apparent provider compliciy' --  including 'what  was given to the provider 
_when_' to establish  their 'actual knowledge' of the criminal activity and 
hence provider liability for allowing it to continue.

You can try 'public humiliation' -- calling in the press.

And, of course, you *DO* -- if you haven't already (comment: if not, _why_ 
not?) -- take 'defensive measures' to block communications in either direction 
involving those 'bad guys' and your customers.