On 09:57 PM 5/19/02, Chuq Von Rospach wrote:
>On 5/19/02 9:19 PM, "JC Dill" <inet-list@vo.cnchost.com> wrote:
>
>> That's actually a HUGE need. At SpamCon there was a lot of talk about how
>> ISPs might setup a customer-reputation clearing house (like a credit
>> bureau) where ISPs could report and share information about bad customers
>
>Effectively being a combination RBL at the account level and PK web of
>trust?
>
>God, wouldn't that have anti-trust issues?
No more than the sharing of information between creditors and credit
bureaus, if set up in the same manner.
> If, say, Earthlink, AOL and MSN
>get together on something like this and MSN black-flags a spammer and AOL
>refuses to sell him an account, I'll bet that spammer could make a good case
>of anti-trust here, even if he DID intend to violate AOLs T&C's. This could
>get ugly. But I digress.
MSN doesn't "black flag" the spammer, they merely report the truth of the
information, that the spammer violated their TOS. AOL can choose to do
business with this person or not, based on this report and on any other
information they might want to consider.
It's no different than having a bad payment record with Macy's, resulting
in Sears not wanting to give you a store credit card.
If the credit bureaus want a piece of this action, they could start by
soliciting ISPs for TOS-violating account data, and create a special
database to track them and then to link them with actual individuals when
the linking data becomes known. Then make it searchable by the data known
to the ISP (such as the calling number, when someone calls in to sign up
for a new account).
>> However... there are quite a few known spammers that buy throw-away
>> accounts (usually using fraudulent identification when signing up) and move
>> from ISP to ISP as they get nuked, and the ISPs are relatively powerless to
>
>And that's the ultimate problem - these databases only work on static data.
>If the thing you're trying to police is dynamic (which fraudulent ID data
>is, inherently), it's a moving target, and you're a few steps behind the
>chase by definition. You're catching stupid people and abandoned Ids.
>
>Which means they'd have to base selling accounts on specific user data like
>SSN or perhaps a drivers license, or some other ID (all of which can be
>faked, of course), which creates a huge privacy issue into the maelstrom on
>top of all of the other stuff...
Actually, what they need is better ANI coverage. If you can nail down the
individual by the phone number that is used to dial into the ISP (to setup
the account, or to login with the computer), that goes a LONG way towards
identifying them.
The biggest problem spammers apparently live in areas where the copper
plant is so old that their phone doesn't provide ANI. The ISPs either have
to accept all signups from those communities, knowing that occasionally
they will end up with the problem spammer, or they have to refuse to offer
service to anyone who calls in from communities that don't have ANI-sending
phones. When the problem gets bad enough, look for the later solution to
start to appear. Let's hope your Mom or Aunt Alice doesn't live in one of
those communities....
>And we're basically only talking US here. Globally, life gets even more
>interesting -- and when it comes to privacy issues, much, much tougher.
The privacy issues are no tougher than the same issues that surround
consumer credit. I, for one, find it abhorrent that a potential employer
can run a credit check on someone before deciding to hire them. What
business is it of the employer's that someone might have had a problem in
the past with paying bills, if the employee isn't asking the employer to
"extend credit"? IMHO it's a HUGE invasion of privacy to take this data
(bill payment history) and make it available for other purposes than the
"extending of credit" for which the database was supposed to be used and
for the purposes which the data was supposed to be collected.
jc
Follow-Ups:
References:
|
|
