On Oct 5, 2009, at 11:23 AM, Barry Shein wrote:
Perhaps someone has said this but a potential implementation problem in the US are anti-trust regulations. Sure, they may come around to seeing it your way since the intent is so good but then again "we all decided to get together and blacklist customers who..." is not a great elevator pitch to an attorney-general no matter how good the intent.
That's not what is being discussed from my understanding. From my understanding, the intent is to share names of known abusers and data necessary to help in tracking DDOS. I don't believe that any ISP is expected to necessarily take any particular action determined by the group with respect to the list of names they are given. I do think that it is reasonable to have an agreement among an industry organization or collaboration which states that ISPs which determine that abuse is being sourced from one of their customers (either through their own processes or by notification from another participant) should be expected to take the necessary steps to mitigate that abuse from exiting said ISPs autonomous system.
Obviously there are ways around that (e.g., it's ok to do credit checks) but one has to be up-front and get approval.
I don't think that's true. I think that as long as your privacy policy and terms of service state that you will share certain information with other operators regarding abuse complaints and (possibly) abusive activities, you are free to share that information. Having a coalition rule that says any member must refuse to service any party on the list would be an anti-trust violation. Having a list, alone, without any rules about how the list is used, is not an anti-trust violation. Just like agreeing ahead of time on the price of gas amongst multiple competitors is an anti-trust violation, posting the price of gas at your service stations is not. Modifying your price to match the price across the street also is not.
I'm just sayin':
a) consult with legal counsel before doing anything in "collusion" with competitors.
Definitely.
b) this is probably not for smaller ISPs until the legal way is cleared by those with plenty of money for lawyering and lobbying.
I'm not so sure that is true, but, they should seek good legal counsel about whatever they plan to do regardless of size. Owen