<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Obviously every user should lock their doors / protect themselves
against fraud. I am just saying that the ability of many service
providers to curtail abuse of their system (without impacting
legitimate uses) is very limited as it may not their customers
doing the abusing and any targeted action against those customers
themselvesd would be inappropriate and affect many legitimate
users of their services. <br>
</p>
<p>At what point should a network service provider remove privileges
from a customer that is himself being abused but is technically
unable to deal with it properly? Would the complaint not be better
directed at that customer, not the provider, since they are the
ones that can resolve this issue in a more targetted and
appropriate manner? How does the service provider differentiate
between a customer that is abusing vs one that is being abused?
Deputising the service providers will not necessarily solve the
problems, and possibly create many new ones. <br>
</p>
<p>In the domain industry, we were required to provide an abuse
contact, however the reports we get to that address usually deal
with issues we cannot do much about other than pulling or
deactivating the domain name, which is usually the nuclear option.
So we spend our time forwarding abuse mails to our customers that
the complainant should have sent to the customer directly. <br>
</p>
<p>Best,</p>
<p>volker<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Am 16.01.2020 um 15:16 schrieb Serge
Droz via anti-abuse-wg:<br>
</div>
<blockquote type="cite"
cite="mid:a3f9984b-07f3-2555-cdad-ba0d11ce2a17@first.org">
<pre class="moz-quote-pre" wrap="">Hi Volker
On 16/01/2020 15:03, Volker Greimann wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">isn't making the world (and the internet) first and foremost a job of
law enforcement agencies like the police and Europol?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Law enforcement's job primarily is arresting criminals. And yes they do
prevention. But you can't stop locking your door or walk by fight just
ignoring it, because it's LEA's job.
This is even more true on the internet, where CERT's have long been
working together fighting cybercrime etc.
While there obviously is an appeal to the notion of "The best problems
are some one else's problem" my believe is we don't want to have an
internet or a world, for that matter, where this is how things run. The
internet is a bottom up thing, it is so cool because people follow
protocols, that are not law.
There was a time whn this wasn't a given: During the "Browser wars"
different producer leveraged ambiguities in the HTML standard, and the
end result was horrible.
We don't want this. If we delegate the problem, we've already lost.
Best
Serge
</pre>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>