[anti-abuse-wg] Legal concerns, was Manual vs automated reports

Feedback loops sent to third parties tend to have PII stripped. Based on a
definition of PII that does not regard IP addresses as personal data.
On Jul 26, 2012 11:05 PM, "Alessandro Vesely" <vesely at tana.it> wrote:

> On Thu 26/Jul/2012 18:37:55 +0200 Tobias Knecht wrote:
> >> In the words of RFC 6650:
> >
> > Don't get me wrong, this rfc is a good one an clarifies some things,
> > but it is written by Americans under their understanding of US law.
>
> IMHO, it is not so much being Americans or whatever, as being versed
> on legal points of view.
>
> > Some things that are mentioned are not possible under European
> > Jurisdiction. For example providing Feedbackloops is especially in
> > Germany a very critical task.
>
> Is it?  I guess in Italy we have more or less the same European
> directives.  So long as the user is clearly informed about what data
> is being sent to who, and grants her/his consent to that, it should be
> legal to do FBLs.  Yet, IANAL.
>
> The best thing, IMHO, would be do gather users' consent on the first
> time they hit a "This is Spam" button.  At the same time, give them
> the option to redact their email address in the header.  (See
> http://tools.ietf.org/html/rfc6590 ).
>
> > So rfc 6650 is good but unfortunately does not fit all use and legal
> > cases.
>
> We need to clear up this issue.  Googling for that I find that ETIS,
> which is based in Europe, has an "Anti SPAM Co-operation Group" that
> "is also working on an anti-spam feedback loop project."  (Quotes from
> http://etis.org/groups/anti-spam-task-force ).  I'd guess you know
> them; they have a meeting on next Oktoberfest...  Would they cover
> those legal concerns?
>
> A recurring objection in the acm-tf was that RIPE handles just a
> region, and therefore we'd need anti-abuse practices to be specified
> by some global body such as the IETF.  Now we have it.  We should use
> it as we use SMTP.  And the fact that our law is better than theirs
> should be an aid, not a hindrance!
>
> > In addition to that, I do not have any problem in single persons
> > reporting abuse incidents as long as they are useful. And even people
> > in the registration business sometimes do not know how to report
> > correctly, which is not bad it's just that they haven never done it
> > before and need somebody/something that guides them through, which
> > should be one of the next tasks for this community to define.
>
> Very much agreed.  We need to exchange scripts and ideas.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20120727/e975baf3/attachment.html>