Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

> From owner-nanogmerit.edu  Fri Oct 12 16:26:36 2007
> Date: Fri, 12 Oct 2007 21:23:15 GMT
> Subject: Re: How to Handle ISPs Who Turn a Blind Eye to
Criminal Activity?
>
> So, back to my original question: If you alert an ISP
that "bad and
> possibly criminal" activity is taking place by one
of their customer,
> and they do not take corrective action (even after a
year), what do
> you do?


This is straying somewhat afield from 'network operations',
but it is at
least tangentially relevant, so....

'What do you do?' conceals a raft of other issues that have
to be identified
and answered before the 'obvious' quesiton cn be addressed.

First off -- not to belabor (well, not too much, anyway) the
obvious -- you 
have to identify what your 'goals' are.  Both tactical
(short term), and 
strategic (long term).  And what level of resources you are
willing to commit 
toward supporting those goals.

A "desirable" state of affairs is that every
network operator _does_ actively
police its  user base, and makes 'former customers' out of
anyone who egages
in activities deemed "not acceptable" by a large
portion of the  "rest of the
'net world".

Unfortuntely, commercial providers are driven by 'economic
self-interest',
rather than "the good of the 'community'" as their
_primary_ motivation.
They _will_ consider the 'good of the community' when it is
not in conflict
(or at _most_, represents a *minor* conflict) with their
self-interest, but
if the two are diametrically opposed, there is no doubt as
to which viewpoint
_will_ prevail.


So, when you ask them to _do_something_, quote "for the
good of the community"
unquote, and 'nothing happens'  it is reasonable to conclude
that 'economic
self interest' is controlling -- either it is 'not worth the
effort/expense', 
or it would cost revenues that they're not willing to give
up.

I'm sure this is no surprise to anyone.  In fact, Isuspect
everybody has seen
these exact sysmptoms in _their_own_ management, in varying
degree.



There are only two things one can change to influence that
decision --
either one 'somehow' makes 'the good of the community' more
inportant,
*or* one finds a way to invoke their 'economic
self-interest' on the
'right' side of the issue.

One possible way to do the latter is to look or 'sensitive'
departments,
*other* than the 'abuse' contacts, who have 'hot buttons'
that can be pushed.
Some possiilities for this approach include
"legal", "investor relations", 
and "Public Relations".   All the folks who have
to 'deal with the mess'
when something 'embarassing' becomes public knowledge.

contacting such departments, with an 'early warning' about
what could become
'very messy' public attention to policies/practices that
"could easily be
mis-understood", if done carefully, can be very
effetive.

And, as a final alternative, there is "public
embarrassment", to shame them
into taking action.

One 'option' that has *never* been successfully employed
would be to organize
'the community' for co-operative action in 'shunning' those
provider who do
not keep a clean house.  I'd _love_ to see such an approach
implemented, but
it requires ignoring short-term self-interest for the
long-term 'good of the
community' -- even though the long-term good of the
community _is_ in the self-
interest of each and every provider.

Back to original "what do you do?" 

'Viable' options are rather limited -- 

If you have _hard_ evidence, reporting to law enforcement,
*WITH* notice of 
'apparent provider compliciy' --  including 'what  was given
to the provider 
_when_' to establish  their 'actual knowledge' of the
criminal activity and 
hence provider liability for allowing it to continue.

You can try 'public humiliation' -- calling in the press.

And, of course, you *DO* -- if you haven't already (comment:
if not, _why_ 
not?) -- take 'defensive measures' to block communications
in either direction 
involving those 'bad guys' and your customers.