Obviously every user should lock their doors / protect themselves against fraud. I am just saying that the ability of many service providers to curtail abuse of their system (without impacting legitimate uses) is very limited as it may not their customers doing the abusing and any targeted action against those customers themselvesd would be inappropriate and affect many legitimate users of their services.

At what point should a network service provider remove privileges from a customer that is himself being abused but is technically unable to deal with it properly? Would the complaint not be better directed at that customer, not the provider, since they are the ones that can resolve this issue in a more targetted and appropriate manner? How does the service provider differentiate between a customer that is abusing vs one that is being abused? Deputising the service providers will not necessarily solve the problems, and possibly create many new ones.

In the domain industry, we were required to provide an abuse contact, however the reports we get to that address usually deal with issues we cannot do much about other than pulling or deactivating the domain name, which is usually the nuclear option. So we spend our time forwarding abuse mails to our customers that the complainant should have sent to the customer directly.

Best,

volker

Am 16.01.2020 um 15:16 schrieb Serge Droz via anti-abuse-wg:

Hi Volker

On 16/01/2020 15:03, Volker Greimann wrote:

isn't making the world (and the internet) first and foremost a job of
law enforcement agencies like the police and Europol?

Law enforcement's job primarily is arresting criminals. And yes they do
prevention. But you can't stop locking your door or walk by fight just
ignoring it, because it's LEA's job.

This is even more true on the internet, where CERT's have long been
working together fighting cybercrime etc.

While there obviously is an appeal to the notion of "The best problems
are some one else's problem" my believe is we don't want to have an
internet or a world, for that matter, where this is how things run. The
internet is a bottom up thing, it is so cool because people follow
protocols, that are not law.

There was a time whn this wasn't a given: During the "Browser wars"
different producer leveraged ambiguities in the HTML standard, and the
end result was horrible.

We don't want this. If we delegate the problem, we've already lost.

Best
Serge

--
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.