The only question that I have is what does this do to your position as a "common carrier like" organization? It weakens it horrendously. I wish that it didn't, and when I start my ISP up, Jan 1st (as opposed to the one I am working for now), I will have an AUP, but just be aware, it /does/ weaken your position as a "common carrier like" organization. It is at that point that you should start to seriously consider removing binaries groups and other things, and finding a way to act immediately on things like someone saying that one of your users violated a copyright law or the like. I am not advocating one way or the other, just saying that you should stand to one side of the road or the other, not the middle. I plan to stand on the side where I can have an AUP, and plan to have my lawyer make a fair number of decisions on things like what do I do when someone tells me a user has violated copyright, etc etc. I also plan to purchase news services from someone else in the beginning so that I am not a news distributor, I am only giving people a way to view it (News will never be stored on my systems). Maybe when the water gets a little less rocky I'll start using my own news server. Those decisions are mine, not yours, you can of course make your own. I made mine after hours of consultation with my lawyer, as well as talking to several other lawyers. You should do the same. On Sun, 15 Oct 1995, Tim Bass wrote:
John Curran and I are in total agreement on John's premise that any Post NSF AUP is either a) unenforceable or b) subject to abuse. I suggest that for the moment, that we agree with John that any AUP is both:
a) Unenforceable; b) Subject to abuse; and c) Virtually impossible to authenticate.
Giving the above, the question still remains and the original motion is still valid for this reason.
If we define a Post NSF AUP, then at least everyone who uses the Internet will have had the opportunity to have read and understood what the current Internet AUP describes.
It is possible that having a clearly defined AUP will not stop spam and other unacceptable uses of the net, and clearly an AUP is not enforceable ( and for IP security reasons should not be enforced without absolute authentication as John correctly points out).
On the other hand, having a clearly defined AUP may discourage potential spammers and child pornographers, etc. (not that we consider spammers and child pornography peddlers in the same vein..). Also, having a clearly defined Internet AUP will send a signal to the news media and government officials that the providers of Internet services are capable of formulating policy in an area that, without self-regulation, has a strong potential to continue degenerating.
Is a self-formulated Post NSF AUP, without enforcement, still a good idea?
The answer, I suggest, is not obvious, but a debate on the subject does have considerable merit, given the events of the past week or so.
Tim
-- +--------------------------------------------------------------------------+ | Tim Bass | #include<campfire.h> | | Principal Network Systems Engineer | for(beer=100;beer>1;beer++){ | | The Silk Road Group, Ltd. | take_one_down(); | | | pass_it_around(); | | http://www.silkroad.com/ | } | | | back_to_work(); /*never reached */ | +--------------------------------------------------------------------------+
Justin Newton * You have to change just to stay caught up. Vice President/ * System Administrator * Digital Gateway Systems *