From owner-nanog@merit.edu Fri Oct 12 16:26:36 2007 Date: Fri, 12 Oct 2007 21:23:15 GMT Subject: Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
So, back to my original question: If you alert an ISP that "bad and possibly criminal" activity is taking place by one of their customer, and they do not take corrective action (even after a year), what do you do?
This is straying somewhat afield from 'network operations', but it is at least tangentially relevant, so.... 'What do you do?' conceals a raft of other issues that have to be identified and answered before the 'obvious' quesiton cn be addressed. First off -- not to belabor (well, not too much, anyway) the obvious -- you have to identify what your 'goals' are. Both tactical (short term), and strategic (long term). And what level of resources you are willing to commit toward supporting those goals. A "desirable" state of affairs is that every network operator _does_ actively police its user base, and makes 'former customers' out of anyone who egages in activities deemed "not acceptable" by a large portion of the "rest of the 'net world". Unfortuntely, commercial providers are driven by 'economic self-interest', rather than "the good of the 'community'" as their _primary_ motivation. They _will_ consider the 'good of the community' when it is not in conflict (or at _most_, represents a *minor* conflict) with their self-interest, but if the two are diametrically opposed, there is no doubt as to which viewpoint _will_ prevail. So, when you ask them to _do_something_, quote "for the good of the community" unquote, and 'nothing happens' it is reasonable to conclude that 'economic self interest' is controlling -- either it is 'not worth the effort/expense', or it would cost revenues that they're not willing to give up. I'm sure this is no surprise to anyone. In fact, Isuspect everybody has seen these exact sysmptoms in _their_own_ management, in varying degree. There are only two things one can change to influence that decision -- either one 'somehow' makes 'the good of the community' more inportant, *or* one finds a way to invoke their 'economic self-interest' on the 'right' side of the issue. One possible way to do the latter is to look or 'sensitive' departments, *other* than the 'abuse' contacts, who have 'hot buttons' that can be pushed. Some possiilities for this approach include "legal", "investor relations", and "Public Relations". All the folks who have to 'deal with the mess' when something 'embarassing' becomes public knowledge. contacting such departments, with an 'early warning' about what could become 'very messy' public attention to policies/practices that "could easily be mis-understood", if done carefully, can be very effetive. And, as a final alternative, there is "public embarrassment", to shame them into taking action. One 'option' that has *never* been successfully employed would be to organize 'the community' for co-operative action in 'shunning' those provider who do not keep a clean house. I'd _love_ to see such an approach implemented, but it requires ignoring short-term self-interest for the long-term 'good of the community' -- even though the long-term good of the community _is_ in the self- interest of each and every provider. Back to original "what do you do?" 'Viable' options are rather limited -- If you have _hard_ evidence, reporting to law enforcement, *WITH* notice of 'apparent provider compliciy' -- including 'what was given to the provider _when_' to establish their 'actual knowledge' of the criminal activity and hence provider liability for allowing it to continue. You can try 'public humiliation' -- calling in the press. And, of course, you *DO* -- if you haven't already (comment: if not, _why_ not?) -- take 'defensive measures' to block communications in either direction involving those 'bad guys' and your customers.