[ppml] Policy Proposal 2007-8: Transfer Policy Clarifications

[Ted Mittelstaedt]

>-----Original Message-----
>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of
>michael.dillon at bt.com
>Sent: Friday, March 09, 2007 12:17 AM
>To: ppml at arin.net
>Subject: Re: [ppml] Policy Proposal 2007-8: Transfer Policy
>Clarifications
>
>
>> >It's possible part of the issue is the definition of "ISP." We don't
>> >sell circuits. We have no turnover of SWIPs because we are a hosting
>> >shop and with the exception of a couple of customers, most of our
>> >customers are delegated a /32 from us, and that's below the threshold
>> >of doing SWIPs.
>
>> If one of your IP numbers starts
>> attacking us
>> and you are not disclosing ownership via Rwhois, then I'll
>> see you in court.
>
>That is a ludicrous statement. In court, you would very likely lose

[rant deleted]

What kind of drugs are you on, Matt?

Last I knew, malicious attacks over the network are illegal.  If a hosting
authority was in charge of an IP block that an attack was originating
from and they refused to disclose who launched the attack, (if in the US)
the FBI would file charges against them.  You bet I'd see them in court
just like any victim of any other kind of crime would see the perp in court.

The hosting company would be required to supply evidence that they had been
victimized by a 3rd party before they would be let off the hook.  But, if
the attacks continued to happen after law enforcement notified them, then
I think you would find the prosecutors turning up the magnifying glass on
the hosting company.

This is in fact exactly why the Motion Picture and Sound Association offers
ISP's immunity for prosecution in exchange for the ISP signing a contract
that
allows them to get information about the ISP's customers who are downloading
or uploading pirated music.  No ISP would sign such a thing if they didn't
have liability under the law.

OF course, this is US law.  I suppose it's different on your side of the
pond?

>
>Whois directory listings are there for TECHNICAL PEOPLE to find other
>TECHNICAL PEOPLE to deal with NETWORK TECHNICAL ISSUES. Not for you to
>browbeat some grandmother over the phone because her rented server has
>been exploited by hackers.
>

Well, I have a number of stories in that vein as a matter of fact.  The one
I like the most was years ago when one of our customers ran a program on a
diskette
someone had given him labeled "kaboom" and the next day several Air Force
MP's showed up at his home to have a talk with him.  I don't know if any
"browbeating" went on as a result of it, but I suspect it did.  I don't
think
the customer was a grandmother, though.

Matt, your argument is along the line of "I didn't rob the bank, I just
drove
the getaway car"  In all countries in the world that alibi has been rejected
by the courts years ago.  A hosting company that offers servers for rent
does
have culpability if a criminal uses one of those servers for illegal
activity.
That culpability remains until the hosting company can show that it was
their customer
and not them who was the criminal.  Since all they have to do to show it
wasn't them
is publicize the assignment of the IP address, why on Earth would they want
to
incur all the hassle of not doing that?

Ted