Do We Really Want An Internet Run By Lynch Mobs?
from the i'm-just-asking dept
Sprint and Cogent were recently kind enough to remind us that the Internet is held together by rather tenuous peering deals to share traffic across providers. As such, some arcane disputes can aggravate to levels that disrupt normal consumers ability to use the Internet. If you weren't convinced that the good will of sysadmins keeps the series of tubes clear, two recent examples will show just how informal they can all be, and it raises some questions about the ability of "mob rule" to force certain decisions.In the past couple of months, two hosting companies who were known to be havens for spammers and cyber-criminals, have been brought offline through extralegal means. Following some pretty damning reports of the illegal uses of McColo and Intercage, the upstream ISPs servicing the hosting companies decided to pull the plug and disconnect them from the internet. Basically, a couple of ISP admins decided that they didn't want to be responsible for providing service to those companies so they cut them off. At first blush, these seem like effective actions taken against criminals -- some reports showed spam amounts dropping 66% following McColo's deathblow. However, is this really the precedent we want? Lynch mob justice, even when well meaning, can inflict collateral damage and occasionally pick the wrong targets leading to significant damage with little recourse.
Some have equated these types of actions with a Neighborhood Watch program -- good intentioned folks driving off negative influences. But the key difference is the lack of legal authority and due process. Neighborhood watches call the police when illegal activity is detected. While it is true that McColo and Intercage were neutered much more quickly through extralegal means than if police had tried to understand the system and work through the courts, there are still very good reasons why we should support traditional legal prosecution.
An internet where ISPs can cut off service without explanation may be a very unstable platform, indeed. The checks and balances (eroded as they may be) of the legal system do a pretty good job at finding the best course of action, and we shouldn't rush to a future of lynch mobs. Lynch mobs (digital or not) have the unfortunate habit of negative side effects like choosing the wrong target or cutting off innocent users in the process. At least one ISP who cut off the criminal hosts claimed that they did so because the Terms of Service were being violated, but if they want to limit online crime, it would be best to utilize their leverage by working with law enforcement. After all, a phisher disconnected from the Internet can just move to another hosting provider where they will be less likely to be reached by America's comparatively stronger cybercrime laws.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: lynch mobs, spam, takedowns, vigilante justice
Reader Comments
Subscribe: RSS
View by: Time | Thread
Re: Do We Really Want An Internet Run By Lynch Mobs?
Hurricane Electric and Global Crossing (and any other ISP for that matter) is perfectly within their contractual (and legal) rights to disconnect any customer for violating their contractual terms of service (ToS).
Given that law enforcement had every opportunity to interceded in this issue, I would posit that this is exactly the kind of community policing that we want, instead of the problem spiraling out of control and some knee-jerk suggestions of additional (and utterly useless) toothless legislation that hurts no one but legitimate Internet users.
Again, to suggest that this was somehow a "lynch mob" indicates a lack of understanding in the facts of this particular issue, and the overall issues of dealing with organized cyber crime overall.
- ferg
[ link to this | view in chronology ]
Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
Sorry if I wasn't clear, but I'm fully aware that the spammers/botnet operators are violating the ToS. The problem comes from 1) the framing of the issue and 2) the proximate cause of the disconnection.
1) Whether by their design or not, the ISPs actions were shown as good neighbors helping rid the 'net of bad guys. In fact, one expert involved writes at length about how he views this as a question of good vs. evil (http://www.circleid.com/posts/time_for_self_reflection/).
2) Further, the ISPs didn't act of their own accord. It took outside investigation and pressure (luckily from a responsible WaPo reporter) to get them to disconnect their services. That isn't responsible contractual obligation, that is either saving face or lynch mob behavior where an instigator motivates others in a rush of good-intentioned action.
[ link to this | view in chronology ]
Re: Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
If you do your background research on the issue, I was one of the contributors to the HostExploit.com report that worked in concert with Brian Krebs to expose the situation at McColo.
If anyone is an "expert" on the situation, I think I qualify.
Cheers,
- ferg
[ link to this | view in chronology ]
Re: Re: Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
Best,
Kevin
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
On the internet 5 seconds is the equivelent of weeks worth of cold trail when it comes to stopping a crime in progress or finding a suspect. Because of this Goverments are simply too slow right now to regulate the internet, especially when trying to do so across country lines.
Internet Service Providers, on the other hand, have to communicate across country lines to function, and so if they put together their own, quick response 'micro-government' it could help them stop crimes in progress, and prevent Command and Control Center movements or Data transitions by the people trying to avoid being caught.
[ link to this | view in chronology ]
Re: Do We Really Want An Internet Run By Lynch Mobs?
The lesson here is that when all else fails, the community can police itself.
Having said that, this was an exception, not the rule.
Cheers,
- ferg
[ link to this | view in chronology ]
Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
If you read the average TOS it leaves the ISP with the ability to discontinue service for virtually any reason they see fit.
For example if I set up a Blog that is controversial; say a pro marijuana site, my webhost could pull the plug without notice. This obviously undercuts my rights to free speech.
The courts should certainly be the place we decide the legalities of media and access.
To say that ISP's are within their rights to decide what is or is not appropriate use is bologna.
Though sadly it is the standard now.
[ link to this | view in chronology ]
Re: Re: Re: Do We Really Want An Internet Run By Lynch Mobs?
[ link to this | view in chronology ]
Ummm
It is legal to stop someone from pickpocketing so long as you don't use excessive force if you're a civilian. Though they won't likely get convicted. Since loosing internet acess is fairly trivial... It's not excessive force.
[ link to this | view in chronology ]
Re: Ummm
As for the legal process possibly allowing the bad guys to get away with it and still be online, while that is a possibility, in the extralegal manner it is a guarantee. The bad guys just moved to Russia, etc. where it is harder to convict them. They are back online.
I'm not arguing that what happened was illegal (it wasn't, as Fergie points out above). I'm arguing that it may not be smart.
[ link to this | view in chronology ]
Re: Re: Ummm
It's called "management" of the problem.
Also, folks in the intelligence community have other similar methodologies which I will not go into at this time...
- ferg
[ link to this | view in chronology ]
Re: Re: Re: Ummm
(And, seriously, I'm not trying to be as adversarial as I may come across - just looking to avoid writing the paper I should be.)
[ link to this | view in chronology ]
Re: Re: Re: Re: Ummm
[ link to this | view in chronology ]
Re: Re: Re: Re: Ummm
[ link to this | view in chronology ]
Driving criminals away
If all spammers and scammers operate just in one country (e.g. Nigeria), it would make my life much easier.
I would simply block that country IP range from accessing my web site.
But when spammers/scammers operate from the US IP addresses -- it makes much harder to deal with them.
[ link to this | view in chronology ]
Re: Re: Ummm
[ link to this | view in chronology ]
WAIT!!!
Do you want the government to step in or not? You can't have it both ways.
[ link to this | view in chronology ]
Re: WAIT!!!
[ link to this | view in chronology ]
I don't know an ISP that is going to have the resources to find most of the ToS-breakers on their own. That's why abuse@ is highly recommended by the security community. They are the ones that will be the targets and will need a way to contact the ISP.
I have successfully had numerous spammers and other criminals disconnected from their grateful ISPs because I reported it with sufficient evidence that the ISP agreed and drop-kicked the criminals off their service. Am I part of these mobs now because I don't like being attacked by criminals? Are the ISPs that did the take-downs mobs because they followed due process, found my report sufficient as proof of the ToS breaking, and took action as outlined in their ToS/AUP? I'd certainly hope not, otherwise we end-users would suffer.
[ link to this | view in chronology ]
ben there done that
Since the beginning the web has been a place of give and take and mostly the geeks want to keep it up and free flowing, I feel the actions taken were appropriate considering the offense
[ link to this | view in chronology ]
Re: ben there done that
That's a really fair point worth keeping in mind. I just wonder that as the proportion of geeks online slips, does there need to be a broader dialogue with other parts of society (law enforcement) so that we can stop these bad actors more conclusively and without the (somewhat hypothetical) worries about negative side effects?
[ link to this | view in chronology ]
Anyway
[ link to this | view in chronology ]
On one hand elsewhere the cyber security community are criticized for not doing enough. If we analyze and report badness, we are accused of being as a lynch mob.
ISPs base their relationships on reputation. As in the cases of both Atrivo/Intercage and McColo, it was simple and clear they made no attempt to resolve abuse problems.
Law enforcement / government's view was best shown by an FBI spokesman responding to the McColo report. He acknowledged the difficulties in combating cybercrime. "We are not the first line of defense against this we can't be in the business of prevention. We have to be in the business of prosecution."
So who actually should do something about the prevention of cyber crime. Surely the community via the ISP's have a role to play, or do we all just cross over the street when we see average users being victimized by the criminals?
[ link to this | view in chronology ]
Re:
We all have a role to play. But those with more capability (sysadmins, ISPs and law enforcement), need to be wary of the power. Government power is checked/balanced for that reason. The point of this post was to make sure we are considering the implications of potentially unchecked/unbalanced power. (Whether used as a first or last approach due to the government's nonsensical and inconsistent approach to prevention/prosecution).
Kevin
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Obviously we want more serious certainty for more serious punishments, but even something as "minor" as this should be done carefully (not that these examples weren't). Remember, this is about precedents.
On the other hand, if this is so minor, why bother? These actions were taken because they were viewed as being effective/powerful. (Though that, too, can be debated).
[ link to this | view in chronology ]
Re: Re: Re: Re:
Same with parking tickets and traffic violations.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
But, again, this is only relevant insofar as you see what happened w/ McColo and Atrivo as "minor." At which point we should ask why it should happen at all.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
So there you have it. It should be done for the same reason impounding a car should be done, and it's equaly minor.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Strawman?
I would really appreciate if you could elaborate on how you think this argument is a "strawman" -- clearly you have not read the HostExploit.com report?
Or maybe we are just talking past one another...
Over the course of 2+ years, we watched Russian cyber criminals use McColo (and other hosters) as a hosting provider that facilitated credit card theft, fraud, malware distribution, Command & Control for several botnets responsible for 75% of the spam on the plant Earth, and other distasteful & illegal content distribution (e.g child pr0n).
We documented this activity in a very detailed manner.
We also passed it along to law enforcement at many levels.
This was no "minor" issue.
Clearly, either you are not familiar with the details on this issue, or there is something underlying your arguments to which you are not being forthright.
We have been following the same Russian organized criminal operation for several years, and it is arguments such as these which tend to muddy the waters on the issues of network neutrality, network governance, etc.
Believe me, I'm about as civil libertarian as they come, but there are clearly limits when you observe the same criminal activity which continues unabated for years.
Respectfully,
- ferg
[ link to this | view in chronology ]
Re: Re: Strawman?
Sorry my comment wasn't addressed, but I meant the straw man remark in regards to the Anonymous Coward saying this was a "minor use of power."
On it not being minor, we are in agreement. And on the good-faith effort made at protecting all Internet users, I am in agreement that this specific incidence was done so.
Again, sorry for the confusion. I think we disagree far less than limited commenting will allow us to recognize.
Kevin
[ link to this | view in chronology ]
Re: Checks & Balances Baloney
'Nuff said there.
Also, on the issue of Gov. "Checks and Balance", I guess maybe you were somewhere curled up under a rock for the past 8 years? That is not a personal attack, but rather, a poke at how the political imperatives of DHS, FBI Cyber, and other relevant law enforcement agencies have been hijacked for political issues, instead of seriously going after cyber crime.
Let's face it -- this is a shared "public-private" responsibility, and no one entity is going to be able to properly address this situation, as things stand today -- we have organized criminal organizations that feel as though they can operate openly, freely, and without retribution.
The community has to do a better job of policing itself, before you get some hair-brained idiots in government that try to "protect you" (as is going on the UK right now with the recent idiotic ISP filtering of Wikipedia).
Final thought: There has to be measured, and reasoned, balance.
We must change our tactics.
Thinking that you can report this criminal activity to some "Internet Police" portal somewhere, and that it will magically go away, is simply not going to happen.
- ferg
[ link to this | view in chronology ]
Re: Re: Checks & Balances Baloney
But I also appreciate the substantive point, that law enforcement has its head in the sand on cybercrime. But the main takeaway from this almost Burkean post is that we should keep in mind what generally works in our governance structure, even if it has failed at times. Although public-private partnerships can be a nauseating buzzword, the ethic behind them is important and I hope people like yourself and Jart, who have the expertise and capability, take them seriously - especially given the new opportunities afforded by a new administration.
"There has to be measured, and reasoned, balance." That's the point of this all.
[ link to this | view in chronology ]
The fundamental question...
I dunno. Someone give a good argument.
[ link to this | view in chronology ]
Re: The fundamental question...
[ link to this | view in chronology ]
Re: The fundamental question...
Obvious criminal activity is certainly one of those
occassions.
- ferg
[ link to this | view in chronology ]
Re: The fundamental question...
[ link to this | view in chronology ]
Re: The fundamental question...
In Capatilist America Freedom of press. Freedom of speech. Freedom of Vote. Basic Human Rights.
[ link to this | view in chronology ]
Re: Re: The fundamental question...
"And of course, the information society's very life blood is freedom. It is freedom that enables citizens everywhere to benefit from knowledge, journalists to do their essential work, and citizens to hold their government accountable. Without openness, without the right to seek, receive and impart information and ideas through any media and regardless of frontiers, the information revolution will stall, and the information society we hope to build will be stillborn." Kofi Annan
(But please don't think I am arguing McColo lost a human right here. Just a side note on comprehensive free speech protection.)
[ link to this | view in chronology ]
Re: Re: Re: The fundamental question...
[ link to this | view in chronology ]
Re: Re: Re: The fundamental question...
So, while freedom of expression is a right, access to the tools of expression is a service.
So you CAN be cut off from a printing press if the owner of the printing press does not like what you are printing. And a paper and pencil salesman can choose not to sell you paper and pencils. Still, you CAN always take two stones, and carve your thoughts into them. So, expression is a right. Access to the goods involved in expression is a service (Not a privilege, but a service. Which means you can provide it to yourself)
[ link to this | view in chronology ]
Re: Re: The fundamental question...
[ link to this | view in chronology ]
"traditional legal prosecution"
You state:
"While it is true that McColo and Intercage were neutered much more quickly through extralegal means than if police had tried to understand the system and work through the courts, there are still very good reasons why we should support traditional legal prosecution."
Law Enforcement was very aware of the activity of both these parties -- no action was taken. In the case of Intercage, no action FOR YEARS and they were located in California!
[ link to this | view in chronology ]
If you are falsely accused of spamming or otherwise violating the ToS then you have the option to go to court and issue an injunction and argue your case before a judge. This was standard operating procedure before there was legislation.
Now that it's illegal I'm guessing that the guilty just cave. But if you are innocent the legal avenue is still there.
As to whether prematurely cutting off a spammer before getting the cops involved might reduce the ability to prosecute - you might have a point. Although any ISP will have built up a reasonable body of evidence in the form of abuse reports that should cover an evidence that there was indeed illegal spam.
[ link to this | view in chronology ]
Re: Allen
[ link to this | view in chronology ]
Collateral Damage
[ link to this | view in chronology ]
To any anarchist
I'm not an anarchist though. Still I'd argue that this is NOT mob rule.
[ link to this | view in chronology ]
Market forces and the courts
a) take your business to a competitor
b) sue the hell out of them
That's a couple of pretty major checks and balances against an ISP abusing their power to cut people off. The only time they're going to do it is if the chance of them being sued about it is pretty close to nil, and the chances of them being sued and then losing are even closer to nil. That's only going to happen if the party being cut off really is one of the bad guys, and the ISP has the evidence in hand to back it up in court if they have to.
[ link to this | view in chronology ]
Re: Re: The fundamental question...
If you ask yourself why Julie Amero nearly ended up serving 20 years in prison? This is the unfortunate response of government to blame the victim. This ongoing injustice is an example of government's involvement, and emphasizes why the Internet does not want them involved.
Who speaks for Julie and the many others ripped off or stolen from? The community has to police itself as there will never be a magic solution, the only realistic one is neighbors being prepared to stand up for the victims. Whether a group of researchers, journalists, bloggers, academics, or ISPs.
Here is a challenge Kevin; join in with the next and forthcoming HostExploit.com community report, see the depth of the badness, talk to the victims, understand the criminal activity, and then argue it should not be exposed or 'you' are just part of a lynch mob?
A serious challenge and offer; are you in, prepared to get your hands dirty, or only want to pontificate from the sidelines?
[ link to this | view in chronology ]
Another ISP
[ link to this | view in chronology ]
"Lynch Mob"?
If a client becomes a PR liability to a business, then that business should have the ability to protect their better interests. The Client is free to go find another business who will take their money.
There are plenty of service providers out there. If they keep getting dropped, perhaps they need to take a look in the mirror and figure out why they are leperous.
If I could be allowed to borrow the same "loose" definition of "Lynch Mob" -- The OP could possibly be considered as not too far from trying to round up an online "Lynch Mob" of his own to go "string up" (protest) the offending ISP...
[ link to this | view in chronology ]
Lynch Mob??
It's SO hard to have pity for those that fill my inbox with offers of a sexual nature and try so hard to get my wife to enlarge her pen.......nevermind.
[ link to this | view in chronology ]
socialism alive and well at techdirt
[ link to this | view in chronology ]
Re: socialism alive and well at techdirt
[ link to this | view in chronology ]
Loaded language frames the issue incorrectly
Second, the use of loaded language like "lynch mob" or the often-seen "vigilante" needs to be dropped immediately. It's inapplicable. Nobody went to McColo's building, dragged the principals outside, and hung them from the nearest tree. THAT would be a lynch mob engaged in vigilante action. But that's not what happened -- not even remotely close.
Third, "collateral damage" is another loaded term that almost never applies. Among many other problems with it (see copious discussion on the IRTF-ASRG mailing list this spring in the realm of anti-spam measures) it ignores the due diligence responsibilities of those choosing Internet services. For example, anyone who chose to host their web site with McColo without performing at least a few minutes' worth of online research -- a quite trivial task for anyone with a web browser and access to a search engine -- really must bear considerable responsibility for their own negligence.
Fourth, as I've pointed out elsewhere, law enforcement IS NOT COMING. Except in quite rare cases, they have now accrued a decades-long track record of passivity. Quoting myself (sorry, but it's apropos):
"Law enforcement is almost a complete non-factor in dealing with online abuse. Action is erratic, slow and incompetent at best; it tends to only happen when one of four things is true: (a) someone's running for office (b) positive PR is needed (c) a government has been publicly embarrrassed and needs a scapegoat or (d) someone with sufficient political connections, money, and/or power wants it. And even when it happens, it's ineffective: for example, token prosecutions of spammers have done nothing to make the spam problem any better. Multiple spyware vendors have settled their cases for pitifully small sums and then gone right back to work."
Which means that it remains the responsibility of the online community to police itself -- starting with its own operations. After all, abuse does not magically fall out of the sky and land on someone's network: it comes from someone else's network, and it is of course the first and highest responsibility of that someone else to see that abuse is not systemic and persistent. Those who have failed to discharge this basic obligation that's part of the implied social contract of the entire Internet are providing evidence that they are (variously) incompetent, lazy, stupid, greedy or the root cause of the abuse. Why should anyone continue to generously extend the privilege of access to their networks and services to such people?
The solution to the problem remains the same now as it was back in the early 80's when I first started observing and thinking about abuse issue: cut off the source until the abuse stops. This not only has immediate tactical effect (it stops the abuse) but it also has the important strategic effect of making the issue the sole responsibility of the originator. Any anti-abuse methdology which fails to do this is doomed -- as we have seen over and over again in the interim as a dazzling array of pre-failed ideas have been brought forth and -- surprise! shock! -- failed.[ link to this | view in chronology ]
Re: Loaded language frames the issue incorrectly
I'm just nitpicking here because I agree with you, but I hate it when someone I agree with accidentally uses bad phrasing. This would be more correct
[i]It either comes from someone else's network, or it comes from somewhere inside your network.[/i]
And of course you should mention that if it comes from your network, you should either stop it, or face the consequences of your actions. (Freedom includes the freedom to face the consequences)
[ link to this | view in chronology ]
Re: Loaded language frames the issue incorrectly
[ link to this | view in chronology ]
Gee willkers Kevin.
Exactly how do you propose to get around the fact that one party can opt to not sell to another party?
[ link to this | view in chronology ]
Re: Gee willkers Kevin.
[ link to this | view in chronology ]
Re: Gee willkers Kevin.
You mean the way that landlords can refuse to rent to any group or employers can refuse employment to any group or restaurants can refuse service to any group? Is that the "fact" to which you refer? Maybe you should check your "facts".
[ link to this | view in chronology ]
Re: Re: Gee willkers Kevin.
Yes. it's a fact.
[ link to this | view in chronology ]
Re: Re: Re: Gee willkers Kevin.
[ link to this | view in chronology ]
Reality check
1) Those legal and natural persons responsible for and profiting from the misbehavior are already outside the reach of U.S. laws and justice. As recent events have pointed out, removing their U.S.-based tools fixes the spew, but does little to nothing to bring the individuals involved to justice.
2) In the last 20 years, the Internet has transitioned from an open and trusting environment built on cooperation where each participant could do a great deal of damage, but chose not to, to a state where aggression and profit assumed until proven otherwise. That the few remaining stewards like ferg and vix and company can still pull together effective collaborations to attempt to shut down the badness testifies to the robustness of the system they built.
3) However, the fact that the present generation of commentators are allowed to credibly default to a posture of selfish security indicates that the network built on personal and institutional trust is transforming itself into a network built on fear of shareholders, customers, unidentified hostiles and the market.
Kevin, please follow the advice of the learned operators who have graced this place with their wisdom, and consider whether the threats you perceive originate from the bad guys, or from some other source entirely.
There are few compelling reasons to believe that a U.S. government sanctioned LEA could respond more effectively to Internet threats than the current small group of seasoned individuals who understand the system better than anyone else.
[ link to this | view in chronology ]
Yes it is
[ link to this | view in chronology ]
Luke |
[ link to this | view in chronology ]