Still more on Email BOMB

[Dr. Jeffrey Race]

On Wed, 6 Dec 2000 07:44:28 -0800, Steve Lamb wrote:
>> 1-The contracts with the ISPs all forbid use of the facilities
>>   for spamming and require the ISPs to prevent it.
>    Hence it is your reponsibility to report it to the proper ISP SO 
THEY CAN
>PREVENT IT.

We can report it only to the  owner of the facilities over which it 
travels, who is legally responsible and whose name appears in the
registrar's record.    The ISP's name appears only in a private
contract between it and UU.NET.   UU.NET is responsible for the 
behavior
of those who use its hardware. That is the law.

>> There are measures to do this, it was all gone through in the 
cellular
>> industry to stop fraud. The measures are known; they are just not 
adopted.
>    This is not the cellular industry.

The same legal principles apply everywhere in our country.  The 
principle
the cellular industry adopted was traceability of the identity of its
account holders and accountability for their actions.  That stopped 
most of the fraud.

Many ISPs religiously follow this procedure (which is called "know 
your
customer" and is the basis of responsible business in every time and 
place)
and they have no problems with spammers.   


>
>> 2-Legally it is UU.NET's ____RESPONSIBILITY___ even if it is not 
their
>> problem.
>
>    What can they do?  At best they can drop the person IF THEY ARE 
CONNECTED.

What they can do is simple and what a lot of other backbone providers 
do:
if you are a contracting ISP and you don't enforce proper security 
measures,
you are cut off from connectivity.  This forces the ISP to know its 
customers,
and to cut off spammers, to be effective by imposing a cleanup fee 
(typically
$500).   As soon as the ISP does this a few times, the spammers no 
longer
sign up for the accounts.  That is what it takes, that is all it 
takes, and
that is what UU.NET refuses to do.  I have discussed it with them many
times.


>
>> (It is my problem!) If their property is used to injure others, and 
they
>> know it and can prevent it, then they are legally responsible.
>
>    They cannot prevent it.  You tell me how they can because if you 
come up
>with a method which is proper and responsible,

The above method is proper and responsible and lots of firms use it.

>doesn't trample over user's >right to privacy

There is no right to privacy as a shield to commit fraud


>and doesn't undermine the ISP's rights as a carrier
 
No ISP, indeed no one in America, has a right to commit fraud or to be
a witting accessory to fraud.

>I'd be
>more than willing to walk the 20' between me and the abuse department 
to tell
>them the revelation that one lone user has had that the entire ISP 
industry
>hasn't in over 5 years!

It is not a revelation. It is sound business practice.  Lots of ISPs 
do it.
The problem at UU.NET is their obduracy in pursuing an unethical 
business
model.  The model now generates big profits for UU.NET by imposing big
costs on me and fellow victims.   To fix the problem UU.NET will have 
to
put some muscle on its ISPs, kick off the recalcitrant ones, and file 
some lawsuits.  They don't do so because it will cut their revenue.  
So my losses become their profits.  That is the essence of the 
unethical business model.

I am not making this up.  Remember I have furnished UU.NET's legal 
staff
complete case files to prosecute under the Virginia law.  They 
rejected
even the concept.    I have the names of those involved and there will
be a settling of accounts in the fullness of time.

Some may want to look at 

 <http://www.infoworld.com/articles/hn/xml/00/12/05/001205hnspam.xml>

in which a UU.NET spokesman admits last month his firm received a 
quarter
million complaints.  Any business which gets a quarter million 
complaints
in a month is obviously operating on a defective business model.

The article also confirms that UU.NET gets the largest percentage of
complaints.    This more than hints that the problem is not lack of a
solution but lack of using the solutions which exist.  Others succeed.
UU.NET doesn't do what is effective so gets so many complaints.  (When
I talked to their technical staff last year they said the rate was
80,000 complaints monthly so their burden on society appears to be
worsening.)



>
>> If you leave the key in your car and someone takes it for a joy 
ride and
>> kills someone, you are legally responsible for that death because 
it is your
>> property and you were negligent in its care.
>
>    First off, I seriously doubt that.

Well it is true.  Ask a lawyer.

>Secondly, spam doesn't cause deaths.

The legal principle is the same.

>And finally, this isn't the case in the ISP industry.  In fact there 
is a
>precedent against it.  In the (IIRC) Texas suit from an ISP against a 
spammer

If it happened, the ISP won damages because it was the plaintiff.  Had 
I
filed suit I would have done so against both the spammer and the ISP 
and
ideally won damages from both, the spammer as the principal and the 
ISP
for contributory negligence in allowing a stranger to use its property
to injure others.  (They could successfully defend were they to show 
that they
had an effective policy in place and a first-time offender slipped 
through.)

>    Now, not to dick wave, but I work for a major ISP and literally 
sit
>between the a portion of our abuse department and a portion of our 
carrier
>services department.  On top of that I've worked in both of those 
capacities
>at my previous job, also at an ISP.

The above employment history may disqualify you as an objective 
observer
since your compensation comes from a firm which (if it is UU.NET or 
its
ilk) makes money by victimizing others.   

The only relevant issue anyway is the soundness of your reasoning, not
the identity of your employer.   

>    So, what is your understanding of the ISP industry aside from the
>misguided views of an irate and ignorant customer?

I have been diligently researching this subject for two years (since I
coded my first website and discovered I can't put up a <mailto> 
because
I will be flooded with spam), I have talked to many law enforcement
authorities, I have talked to many spammers, and I have a lot of 
technical knowledge of this field.  I am working with the Florida
Department of Law Enforcement to launch a model prosecution in that
state and expect to be a witness in the case.

>- --
>         Steve C. Lamb 

Kind regards to all,

Dr. Jeffrey Race    

Cambridge Electronics 
    Laboratories
Today in Bangkok Thailand
Fax +66 2 688-4540 (backup +66 2 271-4956)
Tel +66 1 239-8197 (mobile 24 hours)
Tel +66 2 291-2235 (res) 
Tel +66 2 279-6162 (ofc)
 <jrace@attglobal.net>

=DA=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=
=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=
=C4=C4=C4=C4=BF
=B3        Download  TELECOM DESIGN TRICKS!           =B3
=B3       <www.camblab.com/lit/trix_v_2.pdf>          =B3
=B3                                                   =B3
=B3    Download information on our latest product:    =B3
=B3   QUIKLINK PRIVATE WIRE AUTOMATIC RINGDOWN UNIT   =B3
=B3      <www.camblab.com/consumer/ql_1_2.pdf>        =B3
=B3It's new!  It's very small!  It's very inexpensive!=B3
=C0=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=
=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=C4=
=C4=C4=C4=C4=D9