ISP Liability Not The Answer To Illegal Net Activity
from the misplaced-blame dept
In the fight against illegal net activity, some argue that ISPs should be held responsible for what happens on their network. While ISPs here face no such liability, it's the opposite in the UK. The head of the ISP Clara.net is fighting back, arguing that there's no way for an ISP to be an arbiter of the law, due to lack of staff and lack of qualifications. Not only does this make the job of the ISP much harder, it's also a bad system for its clients. Just to be safe, ISPs will be more inclined to take down material that gets complaints. Because the company is doing the government's work, in deciding what is legal and what is not, it would be legitimate to call this censorship (unlike here, when companies restrict certain material, in which case it's just called doing business). The main problem with ISP liability is the obvious, that they're not the one committing illegal acts. If businesses were routinely held liable for the illegal things customers did with their products, a lot of commerce wouldn't get done. While it may be worth exploring how the fight against illegal activity on the net can be decentralized, ISP liability is a poor method.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
http://techdirt.com/article.php?sid=20060320/1636238
[ link to this | view in chronology ]
Guns
[ link to this | view in chronology ]
Re: Guns
[ link to this | view in chronology ]
Re: Guns
[ link to this | view in chronology ]
What about highways and sidewalks?
[ link to this | view in chronology ]
Re: What about highways and sidewalks?
[ link to this | view in chronology ]
ISP self policing is the only solution to spam.
[ link to this | view in chronology ]
Re: ISP self policing is the only solution to spam
[ link to this | view in chronology ]
Re: ISP self policing is the only solution to spam
Uhh... no. The group with the most power to stop spam is...
...drumroll please...
USERS! If they would stop opening and even following links in spam, we wouldn't have a problem. However, since some users pay attention to this crap and even start a business relationship because of it, it's still a reasonable business plan.
Stop spam in your own backyard.
[ link to this | view in chronology ]
Re: Re: ISP self policing is the only solution to
And just when do you see USERS rising up against the tide of spam?
[ link to this | view in chronology ]
Re: Re: Re: ISP self policing is the only solution
Every day when they yell at me. And every day I give them the same speach. And every day my boss asks me about sending out his own spam. And every day I get to bitch slap him.
[ link to this | view in chronology ]
Re: ISP self policing is the only solution to spam
[ link to this | view in chronology ]
How about SBC?
[ link to this | view in chronology ]
You can fight back - http://www.bluesecurity.com/blue-frog/
Bluefrog a) posts 'leave me alone' messages to the people advertised in the soam and b) BlueSec alert the FBI/software owners or what ever if the object is illegal, as well as get ISPs to take down servers.
I've got SpamAssassin sending anything over a score of 20 to them for my whole domain :-)
[ link to this | view in chronology ]
isp-spam and censor
refuse to look at the news rag about another two headed dog born.look closer there will be a mag. called LIFE .Buy It it may be the only way for you to get one.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The Devil's in the Details
For the direct act of, let's say spamming, I'm not sure how many people whould hold the ISP responsible initially and most everybody should agree that whoever is doing the spamming is primarily to blame.
If however, enough people complained to the ISP about their abusive user, and the ISP failed to respond in any way and the spammer continued their activities, it should be clear that the ISP failed in their responsibility to promote responsible use of their own resources. Namely the IP addresses that the spammer usually does not own, but rather leases which is also nullifies most of the arguments about guns and automobile owners since at that point the manufacturers can no longer take responsibility for their products if used incorrectly in my opinion.
[ link to this | view in chronology ]
Fax.com sent millions, made $50 million a year. Refused to pay their FCC fine of about $14 million, and Kevin Katz fled to South Africa.
If the telcos were responsible, jointly and severably they would have shut off those phone lines.
Now the junkfaxers are back in business, faxing daily, still illegal, and they are hiding behind fake corporations, fake addresses, etc.
The only players who are legit are the telcos.
I say make them responsible, if they know.
They are getting paid, after all.
[ link to this | view in chronology ]
What about junkfax?
Fax.com sent millions, made $50 million a year. Refused to pay their FCC fine of about $14 million, and Kevin Katz fled to South Africa.
If the telcos were responsible, jointly and severably they would have shut off those phone lines.
Now the junkfaxers are back in business, faxing daily, still illegal, and they are hiding behind fake corporations, fake addresses, etc.
The only players who are legit are the telcos.
I say make them responsible, if they know.
They are getting paid, after all.
[ link to this | view in chronology ]
bla
[ link to this | view in chronology ]
NO
If a user is hogging bandwidth, its none of the ISP business what they are doing but just that they are hogging and it can be stopped.
ISPs getting into the spam filtering business was a bad idea. Now it will be a downward spiral until the only ISP left is Aohell.
[ link to this | view in chronology ]
NO
If a user is hogging bandwidth, its none of the ISP business what they are doing but just that they are hogging and it can be stopped.
ISPs getting into the spam filtering business was a bad idea. Now it will be a downward spiral until the only ISP left is Aohell.
[ link to this | view in chronology ]
ISP Responsibilities
CAN-SPAM Act: A Compliance Guide for Business [PDF]
Do you use email in your business? The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
Despite its name, the CAN-SPAM Act doesn’t apply just to bulk email. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means all email – for example, a message to former customers announcing a new product line – must comply with the law.
Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16,000, so non-compliance can be costly. But following the law isn’t complicated. Here’s a rundown of CAN-SPAM’s main requirements:
1.Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
2.Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
3.Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
4.Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
5.Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
6.Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
7.Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Need more information?
Here are the answers to some questions businesses have had about complying with the CAN-SPAM Act.
Q. How do I know if the CAN-SPAM Act covers email my business is sending?
A. What matters is the “primary purpose” of the message. To determine the primary purpose, remember that an email can contain three different types of information:
•Commercial content – which advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose;
•Transactional or relationship content – which facilitates an already agreed-upon transaction or updates a customer about an ongoing transaction; and
•Other content – which is neither commercial nor transactional or relationship.
If the message contains only commercial content, its primary purpose is commercial and it must comply with the requirements of CAM-SPAM. If it contains only transactional or relationship content, its primary purpose is transactional or relationship. In that case, it may not contain false or misleading routing information, but is otherwise exempt from most provisions of the CAN-SPAM Act.
Q. How do I know if what I’m sending is a transactional or relationship message?
A. The primary purpose of an email is transactional or relationship if it consists only of content that:
1.facilitates or confirms a commercial transaction that the recipient already has agreed to;
2.gives warranty, recall, safety, or security information about a product or service;
3.gives information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship;
4.provides information about an employment relationship or employee benefits; or
5.delivers goods or services as part of a transaction that the recipient already has agreed to.
Q. What if the message combines commercial content and transactional or relationship content?
A. It’s common for email sent by businesses to mix commercial content and transactional or relationship content. When an email contains both kinds of content, the primary purpose of the message is the deciding factor. Here’s how to make that determination: If a recipient reasonably interpreting the subject line would likely conclude that the message contains an advertisement or promotion for a commercial product or service or if the message’s transactional or relationship content does not appear mainly at the beginning of the message, the primary purpose of the message is commercial. So, when a message contains both kinds of content – commercial and transactional or relationship – if the subject line would lead the recipient to think it’s a commercial message, it’s a commercial message for CAN-SPAM purposes. Similarly, if the bulk of the transactional or relationship part of the message doesn’t appear at the beginning, it’s a commercial message under the CAN-SPAM Act.
Here's an example:
MESSAGE A:
TO: Jane Smith
FR: XYZ Distributing
RE: Your Account Statement
We shipped your order of 25,000 deluxe widgets to your Springfield warehouse on June 1st. We hope you received them in good working order. Please call our Customer Service Office at (877) 555-7726 if any widgets were damaged in transit. Per our contract, we must receive your payment of $1,000 by June 30th. If not, we will impose a 10% surcharge for late payment. If you have any questions, please contact our Accounts Receivable Department.
Visit our website for our exciting new line of mini-widgets!
MESSAGE A is most likely a transactional or relationship message subject only to CAN-SPAM’s requirement of truthful routing information. One important factor is that information about the customer’s account is at the beginning of the message and the brief commercial portion of the message is at the end.
MESSAGE B:
TO: Jane Smith
FR: XYZ Distributing
RE: Your Account Statement
We offer a wide variety of widgets in the most popular designer colors and styles – all at low, low discount prices. Visit our website for our exciting new line of mini-widgets!
Sizzling Summer Special: Order by June 30th and all waterproof commercial-grade super-widgets are 20% off. Show us a bid from one of our competitors and we’ll match it. XYZ Distributing will not be undersold.
Your order has been filled and will be delivered on Friday, June 1st.
MESSAGE MESSAGE B is most likely a commercial message subject to all CAN-SPAM's requirements. Although the subject line is “Your Account Statement” – generally a sign of a transactional or relationship message – the information at the beginning of the message is commercial in nature and the brief transactional or relationship portion of the message is at the end.
Q. What if the message combines elements of both a commercial message and a message with content defined as "other"?
A. In that case, the primary purpose of the message is commercial and the provisions of the CAN-SPAM Act apply if:
•A recipient reasonably interpreting the subject line would likely conclude that the message advertises or promotes a commercial product or service; and
•A recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is to advertise or promote a product or service.
Factors relevant to that interpretation include the location of the commercial content (for example, is it at the beginning of the message?); how much of the message is dedicated to commercial content; and how color, graphics, type size, style, etc., are used to highlight the commercial content.
Q. What if the email includes information from more than one company? Who is the “sender” responsible for CAN-SPAM compliance?
A. If an email advertises or promotes the goods, services, or websites of more than one marketer, there’s a straightforward method for determining who’s responsible for the duties the CAN-SPAM Act imposes on “senders” of commercial email. Marketers whose goods, services, or websites are advertised or promoted in a message can designate one of the marketers as the “sender” for purposes of CAN-SPAM compliance as long as the designated sender:
•meets the CAN-SPAM Act’s definition of “sender,” meaning that they initiate a commercial message advertising or promoting their own goods, services, or website;
•is specifically identified in the “from” line of the message; and
•complies with the “initiator” provisions of the Act – for example, making sure the email does not contain deceptive transmission information or a deceptive subject heading, and ensuring that the email includes a valid postal address, a working opt-out link, and proper identification of the message’s commercial or sexually explicit nature.
If the designated sender doesn’t comply with the responsibilities the law gives to initiators, all marketers in the message may be held liable as senders.
Q. My company sends email with a link so that recipients can forward the message to others. Who is responsible for CAN-SPAM compliance for these “Forward to a Friend” messages?
A. Whether a seller or forwarder is a “sender” or “initiator” depends on the facts. So deciding if the CAN-SPAM Act applies to a commercial “forward-to-a-friend” message often depends on whether the seller has offered to pay the forwarder or give the forwarder some other benefit. For example, if the seller offers money, coupons, discounts, awards, additional entries in a sweepstakes, or the like in exchange for forwarding a message, the seller may be responsible for compliance. Or if a seller pays or give a benefit to someone in exchange for generating traffic to a website or for any form of referral, the seller is likely to have compliance obligations under the CAN-SPAM Act.
Q. What are the penalties for violating the CAN-SPAM Act?
A. Each separate email in violation of the law is subject to penalties of up to $16,000, and more than one person may be held responsible for violations. For example, both the company whose product is promoted in the message and the company that originated the message may be legally responsible. Email that makes misleading claims about products or services also may be subject to laws outlawing deceptive advertising, like Section 5 of the FTC Act. The CAN-SPAM Act has certain aggravated violations that may give rise to additional fines. The law provides for criminal penalties – including imprisonment – for:
•accessing someone else’s computer to send spam without permission,
•using false information to register for multiple email accounts or domain names,
•relaying or retransmitting multiple spam messages through a computer to mislead others about the origin of the message,
•harvesting email addresses or generating them through a dictionary attack (the practice of sending email to addresses made up of random letters and numbers in the hope of reaching valid ones), and
•taking advantage of open relays or open proxies without permission.
Q. Are there separate rules that apply to sexually explicit email?
A. Yes, and the FTC has issued a rule under the CAN-SPAM Act that governs these messages. Messages with sexually oriented material must include the warning “SEXUALLY-EXPLICIT:” at the beginning of the subject line. In addition, the rule requires the electronic equivalent of a “brown paper wrapper” in the body of the message. When a recipient opens the message, the only things that may be viewable on the recipient’s screen are:
1.the words “SEXUALLY-EXPLICIT:”; and
2.the same information required in any other commercial email: a disclosure that the message is an ad, the sender’s physical postal address, and the procedure for how recipients can opt out of receiving messages from this sender in the future.
No graphics are allowed on the “brown paper wrapper.” This provision makes sure that recipients cannot view sexually explicit content without an affirmative act on their part – for example, scrolling down or clicking on a link. However, this requirement does not apply if the person receiving the message has already given affirmative consent to receive the sender’s sexually oriented messages.
Q. How can I comment about the effect of the CAN-SPAM Act on my business?
A. The National Small Business Ombudsman collects comments from small businesses about federal compliance and enforcement activities. To comment, call 1-888-REG-FAIR (1-888-734-3247) or visit www.sba.gov/ombudsman.
For More Information
The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
Your Opportunity to Comment
The National Small Business Ombudsman and 10 Regional Fairness Boards collect comments from small businesses about federal compliance and enforcement activities. Each year, the Ombudsman evaluates the conduct of these activities and rates each agency's responsiveness to small businesses. Small businesses can comment to the Ombudsman without fear of reprisal. To comment, call toll-free 1-888-REGFAIR (1-888-734-3247) or go to www.sba.gov/ombudsman.
September 2009
[ link to this | view in chronology ]