This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Legal concerns, was Manual vs automated reports
- Previous message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Fri Jul 27 03:58:10 CEST 2012
Feedback loops sent to third parties tend to have PII stripped. Based on a definition of PII that does not regard IP addresses as personal data. On Jul 26, 2012 11:05 PM, "Alessandro Vesely" <vesely at tana.it> wrote: > On Thu 26/Jul/2012 18:37:55 +0200 Tobias Knecht wrote: > >> In the words of RFC 6650: > > > > Don't get me wrong, this rfc is a good one an clarifies some things, > > but it is written by Americans under their understanding of US law. > > IMHO, it is not so much being Americans or whatever, as being versed > on legal points of view. > > > Some things that are mentioned are not possible under European > > Jurisdiction. For example providing Feedbackloops is especially in > > Germany a very critical task. > > Is it? I guess in Italy we have more or less the same European > directives. So long as the user is clearly informed about what data > is being sent to who, and grants her/his consent to that, it should be > legal to do FBLs. Yet, IANAL. > > The best thing, IMHO, would be do gather users' consent on the first > time they hit a "This is Spam" button. At the same time, give them > the option to redact their email address in the header. (See > http://tools.ietf.org/html/rfc6590 ). > > > So rfc 6650 is good but unfortunately does not fit all use and legal > > cases. > > We need to clear up this issue. Googling for that I find that ETIS, > which is based in Europe, has an "Anti SPAM Co-operation Group" that > "is also working on an anti-spam feedback loop project." (Quotes from > http://etis.org/groups/anti-spam-task-force ). I'd guess you know > them; they have a meeting on next Oktoberfest... Would they cover > those legal concerns? > > A recurring objection in the acm-tf was that RIPE handles just a > region, and therefore we'd need anti-abuse practices to be specified > by some global body such as the IETF. Now we have it. We should use > it as we use SMTP. And the fact that our law is better than theirs > should be an aid, not a hindrance! > > > In addition to that, I do not have any problem in single persons > > reporting abuse incidents as long as they are useful. And even people > > in the registration business sometimes do not know how to report > > correctly, which is not bad it's just that they haven never done it > > before and need somebody/something that guides them through, which > > should be one of the next tasks for this community to define. > > Very much agreed. We need to exchange scripts and ideas. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20120727/e975baf3/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]