Who Is An ISP?

happynut writes "Last Friday there was an article about the new anti-spam U.S. legislation that might become law. Within this bill, the only non-government party that can sue for damages is an 'Internet Access Service' (Page 44, line 1 (Sec 7(g)), and Page 8 line 15 (Sec 3(11)) of the bill). Some reports have treated 'Internet Access Service' as the same as an ISP. But if you follow down the definition listed in Sec 3(11) (see 47 USC Sec 231(e)(4)), it defines an Internet Access Service as: '(4) Internet access service -- The term 'Internet access service' means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.' My question is: isn't this definition so broad as to cover all of us who run a mail server? It doesn't mention commercial, or for money, or to the public; it just says 'as part of a package of services offered to consumers.'"

P2P = ISP?

[DigiShaman]

So if I'm running Kazaa, can I be legally declaired an ISP. And thus, be sued directly?

Re:P2P = ISP?

[bugbread]

Er, no you can sue spammers directly. Well, probably you can't, but it looked like you had the subject and object backwards, so I just switched them for you.

Re:P2P = ISP?

[ComputerInsultant]

No its the other way around. If you run Kazaa, then you can sue spammers for damages. I gotta start running Kazaa!

Re:P2P = ISP?

[ozric99]

So if I'm running Kazaa, can I be legally declaired an ISP. And thus, be sued directly?

That's true. however, litigation may be avoided by donating $699 to your friendly local unix provider.

Re:P2P = ISP?

[.orvp]

It isn't that you could be sued directly (that was always possible) the question would be if you could potentially be the one to sue. Now, This would be stupid on your part, unless you were just trying to get your money taken away.

A p2p client wouldn't be enough, but perhaps if you created your own service and provided email accounts to go along with it (or a memoserv type aparatus) then you would have more potential

Re:P2P = ISP?

Can I sue the RIAA for spamming the Kazaa network?

Re:P2P = ISP?

[MrUnknown]

no you can't, you don't allow access to services over the internet. you are a service on the internet. big difference.

Re:P2P = ISP?

[error502]

it looked like you had the subject and object backwards

Don't blame him. He's probably just from Soviet Russia.

Re:P2P = ISP?

[spiritraveller]

Can I sue the RIAA for spamming the Kazaa network?

Someone mod this up. If RIAA is spamming Kazaa, AND you are deemed an internet access provider by virtue of your allowing others to access your files, then it sounds like you could do that.

Of course, there are many reasons you might not want to do that. For instance, if you are sharing copyrighted music, they may file a counterclaim against you.

Re:P2P = ISP?

The RIAA is not spamming kazaa. They are simply engaging in fair-use.

Re:P2P = ISP?

[Rick+the+Red]

Exactly. People are clearly not reading the fine article! The law covers an "Internet Access Service," not an "Internet Service Provider." In other words, if your customers use your service to access the internet, you can sue spammers, even if you don't provide email! If you run a mailbox, but your customers use AOL or Roadrunner or someone else to access the internet, and through the internet access your mailbox, then you're not providing them with internet access and you cannot sue spammers. Sucks, eh? Of course, IANAL, but the law was written by MSN and AOL, so do you really think the law covers small-time mail server operators? If you think so, hire a lawyer.

Re:P2P = ISP?

[scott_evil]

I don't even think you need to go as far as kazaa, from what I can tell a web browser would satisfy "a service that enables users to access content, information, electronic mail, or other services offered over the Internet".

Re:P2P = ISP?

[tokaok]

you meant Russia Soviet, right?

Re:P2P = ISP?

[Luigi30]

!UOY sepyt sdrawkcab ,noinU teivoS nI

Re:P2P = ISP?

[cyril3]

It doesn't say the person who operates the software which is a server or which technically is a service can sue spammers. It says service so in your example it would be your copy of the browser which would be entitled to sue. I'd like to see that.

In common speech a service is clearly a service provider such as an ISP but also including Edu institutions and similar. It is quite loose though and might cover non ISP entities who for example provide access to those things to their employees.

hey, that's me!

[croddy]

haha, my woody box is an "Internet Access Service" !

SCORE!

Re:hey, that's me!

[Frymaster]

haha, my woody box is an "Internet Access Service" !

i wouldn't go spouting off about that if i were you. if your isp finds out that you are running as an "isp" they're likely to cut off yr service.

read the t&c of yr bandwidth provider!

Re:hey, that's me!

the only thing they ever sent me was a pamphlet about how to hook up a cable box for my TV...!

Re:hey, that's me!

[cmacb]

He MAY have meant that his woody box allows HIM to access the internet, just as mine does. Also most ISPs now accept multiple users per houshold and will even supply a router to help you do that if you wish. Some people use a Linux box to do the NAT function as well. Nothing wrong with that.

Re:hey, that's me!

[cloudmaster]

My ISP knows that I'm an ISP, why wouldn't his? Not everyone's a teenager on a cable modem - some of us actually check into these things *before* signing a contract... :)

Not for us to decide

[gorilla]

I suspect that the answer to this is something which will only be decided by high paid lawyers standing before an appeal or supreme court.

Re:Not for us to decide

[js7a]

the answer to this is something which will only be decided by high paid lawyers standing before an appeal or supreme court.

Yes, where the definition will probably turn on whether "consumers" include noncommercial clients.

Re:Not for us to decide

[SkArcher]

As with most things in American law, it isn't what is right that matters, it is who has the most money.

Re:Not for us to decide

[baileytal]

The United States hardly has the monopoly in the rights marketplace. You just have the highest prices.

Re:Not for us to decide

[bkeeler]

Since the proposed law does provide for recovery of attorney's fees as part of the damages (most laws don't provide that), hiring a high-cost lawyer is not completely out of the question.

Re:Not for us to decide

[fermion]

This may get quite interesting, and we may, at the end, arrive at a rather narrow definition. The reason is that under current laws there are cases where it is beneficial to be an ISP, and other cases where a firm would prefer not to be an ISP. This will likely result in many cases where high power lawyers argue both sides of the situation, and hopefully result in some good precedents.

It's messy, but, as they say, if you don't like the adversarial aspect of the law, go somewhere else.

Re:Not for us to decide

[grahamm]

I would say that, almost by definition, a consumer is a non-commercial client. Certainly much UK 'trading' law (eg Sale of Goods Act, the EU Distance Selling Regulations) give more rights to a non-commercial (consumer) client than to a business (commercial) client.

Re:Not for us to decide

[js7a]

Right; there's noncommercial in the sense of being an individual apart from any business, and also in the sense of not paying for the service involved. I meant in the latter sense, and the U.S. legal dictionaries aren't much help on that question. So, some lucky appeals court judge will get to decide what the word means fairly soon; as soon as Joe Random pissed-off living-room sysadmin with webmail account for his wife and kids tries to sue under the law.

Good thing too

[cynicalmoose]

If your intepretation is correct, then that is a good thing. Far more worring, is the provision of an opt-out list. If the world can see that my e-mail, even if only so that I can say I don't like spam, then I reckon I'll get spammed all the more.

Re:Good thing too

[SUB7IME]

The only good anti-spam idea ever: A national opt-in list. If you are on this list and receive any piece of commercial, non transaction-related e-mail from a company, the e-mail is spam.

Re:Good thing too

[sdjunky]

"Far more worring, is the provision of an opt-out list. If the world can see that my e-mail, even if only so that I can say I don't like spam"

A technilogical solution to this problem would be a one way hash algorithm. The government would keep a list of email addresses which are converted into one way hashes. These hash lists are given to mail list operators (read spammers). These mail list operators only have to convert an email they have and see if it's hash matches another. Thus they can't get email addresses from the opt-out list only compare with addresses they already have in their possession.

Re:Good thing too

[Insightfill]

Good idea, but....

The catch is that since email addresses are relatively short, it's pretty easy to brute-force them out of the list. Just run through the alphanumerics and you've got 'em.

a@a.com (not on list)
b@a.com (not on list) ...
jsmith@ibm.com (bingo!)
jsmiti@ibm.com (not on list) ...

Re:Good thing too

[sdjunky]

I agree... that is one downfall to my proposed solution.

However, that would require a bruteforce of going through a list (calculated or static) and creating addresses and then checking them in the hash. If they can do that (and they do already, I'm certain) then why bother with checking the list anyway to see if an address is on there or not? Unless they really do want to abide by the list, they wouldn't bother with the check and instead would just use the method you describe to send messages to.

Re:Good thing too

[Insightfill]

Excellent call. Those who care, will abide by the list, while those who don't will either brute force it, or brute-force email addresses in the "TO" box anyway. The list wouldn't even interest or concern them, since they're already "running the alphabet" @ every domain under the sun already.

Re:Good thing too

[EnigmaticSource]

Salt Strings Provide good protection against things like that... using a 4 byte salt you add 2^32 extra tables to any procomputation scheme.

That an null Padding an address (Or Padding with A-Za-z) to the maximum length (Per RFC) you should create a level of complexity that would block such searches till long after the address (and it's owner) expires

Note: SaltedHash = HashFn(Plaintext + Hash);

Re:Good thing too

[cmowire]

Not necessarily.

The other problem that hasn't been covered yet is that people might potentially want to "wildcard" addresses.

The cannonical example of this is the andrew mailing system, which lets you pick addresses like person+foler@andrew.mail.server.com

This when I say I want to opt-out, I need to be able to say person+*@andrew.mail.server.com.

Similarly, since I own my own domain name, I want to be able to opt-out *@wirewd.com .

Of course, that doesn't prevent you from adding entries to the DNS record for a spam-acceptance policy. If yes, they can send. If no, they are not allowed to send. If maybe, they have to query some other service.

Re:Good thing too

[EnigmaticSource]

::Slaps Self With Fish::
SaltedHash = HashFn(Plaintext + SaltString)
I Need sleep :(

Re:Good thing too

[PaulBu]

yeah, you need some sleep! ;-)

SaltedHash = SaltString+HashFn(SaltString, Plaintext)

Re:Good thing too

[EnigmaticSource]

I do Java, + is prefectly legal for basic data types.

Re:Good thing too

[PaulBu]

Yeah, '+' is a perfectly good way to express string concatenation in more than one language ;-), but my point was that you 1) concatenate your salt with hash (so that re-hasher would know what was the salt value ) and b) salt and password are NOT concatenated, they are two independent arguments to the hashing function. (actually what UNIX crypt does is encrypting salt with password being a key).

Paul B.

Re:Good thing too

This hash table would mean _nothing_ to the average spammer who blasts out a bazillion emails daily for various snake-oil remedies and enlargment pills.

The importance of an available hash table lies in it's value to the marketers of email lists. An integral part of the "spamming market," if you will, is the segment that sells unfathomably huge lists of email addresses to spammers.

Email addresses that have been verified against the do-not-email registry hash are _perfect_ targets for spammers.

If spammer X fires off an email to me, assuming the email does not bounce, he will never know if it was delivered to a) an active email receiving account, b) an inactive email receiving account (existing account that receives email but is not checked), or c) filters that silently discarded the message.

If a person places their email address in this registry, they admit that the email address is checked at least somewhat regularly. this rules out the possibility of wasting time and bandwidth on sending an email to an account that still receives email but is never checked. one "wasted" email is no big deal. when you're dealing with 9 digits worth of email addresses, even a fraction of a percent can be a huge deal.

The math is left as an exercise to the reader.

Re:Good thing too

Sure lets have the government keep a list of every email address.

I have no idea why this was moddded "insightful" at all. A serious spammer wouldn't bother with an opt out list, he or she would just cover his or her tracks better to avoid any repercussions.

Re:Good thing too

[rworne]

Simple. Don't put just email addresses into the list. Put either email addresses *or* IP addresses. I have a fixed IP address where a mail server sits and want no spam going to it along with everyone else that shares the same mail server.

Dunno how the dynamic IP address crowd will deal with the problem, they will just have to trust their email address to the system.

This creates a whole new class of have and have-not's on the Internet, ensuring years of income to lawyers.

What about a simple home page?

[wierdling]

The way I read it, this would cover a home page as well, as it offers customers (family) access to information (your pictures of the kids, blogs, whatever). Does this make sense to anyone else?

Re:What about a simple home page?

[brianosaurus]

It's all up to interpretation, but simply having a web page somewhere probably doesn't qualify. If the page is hosted on .mac or geocities, then surely they are the Internet Access Service, not you.

If you have your own server (or probably even a hosted domain on a shared server at Rackspace, or wherever), and you host email, web, etc on it for yourself and your family, then you could probably argue pretty convincingly that you are an Internet Access Service. In that case, Rackspace is merely providing you with a connection to the internet, while you are providing the actual services.

So the only question is if your family counts as "consumers" (which I think they do).

Count me in then

[Space+cowboy]

Definitely covers me - I have a co-located server with clients websites running on it. I rent all my bandwidth though - would never really have thought of myself as an ISP, although I guess I fall under the auspice of "Internet Service Provider" - the typical image is either a dial-up merchant, or someone like Colt/BT/Level3/(insert huge company here)

Simon

Re:Count me in then

[SteelRat]

sounds like you are providing an internet service to me!

Re:Count me in then

[freeweed]

Well, realistically all ISPs rent their bandwidth from their upstream providers as well. Except for the boys on top, of course.

Gotta love legalese so vague that it turns every Slashdotter into an ISP :)

Re:Count me in then

[Space+cowboy]

Agreed, which is why I wrote:

"although I guess I fall under the auspice of "Internet Service Provider" - the typical image is either a dial-up merchant, or someone like Colt/BT/Level3/(insert huge company here)"

The point I was making is that the usual definition of ISPs include legions of modem-users and/or enormous companies, not the 5-man-band that I work within.

Simon.

Re:Count me in then

[mcrbids]

Definitely covers me - I have a co-located server with clients websites running on it. I rent all my bandwidth though - would never really have thought of myself as an ISP, although I guess I fall under the auspice of "Internet Service Provider" - the typical image is either a dial-up merchant, or someone like Colt/BT/Level3/(insert huge company here)

You RENT your bandwidth? So, let me ask you this - after you are done, do you have to give it back? How do you rent a service?

You *always* buy bandwidth. Typically, you'll pay $X per month for Y bandwidth usage, either in GB of transfer or avg rate of transfer.

It doesn't matter who you are, small or big, with a single 1U server, a rack, or your own unfettered OC3. You *always* pay a monthly charge for your connections to other providers.

Re:Count me in then

[dubiousmike]

this is why you need to make sure that you not only have an acceptable usage agreement with them, but also a bunch of stuff indemnifying yourself from being responsible for their actions both knowingly and unknowlingly.

I too have a dedicated server with clients and friends renting space. I am very nervous about their mailing habits, being an internet marketer. I know how much email looks like spam even when the sender is completely innocent. And unless they have their own mail server running (cause then they are using yours - look at the headers of one of their emails - it might have your domain name in it somewhere), you might be responsible for their spam. And more and more, "spammers" will be held accountable with their wallet.

Never thought you'd be a spammer just because you rent a dedicated box....

I'm one.

I provide internet service (via my cable connection) to the computers in my establishment (dwelling). I provide basic services to these computers, including mail, dns, and smb/nfs.

Yes

Next question.

Consumers

[Phroggy]

The term 'Internet access service' means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers.

How are "consumers" defined? Members of the general public who pay money to receive these services? If it's something like that, then those of us who run mail (etc.) services only to non-consumers shouldn't be affected. Right?

Re:Consumers

[js7a]

How are "consumers" defined? Members of the general public who pay money to receive these services?

That's the question. Answers vary. For example:

any persons who use goods and services....
-- www.consumerdirection.org/glos.htm

people whose wants are satisfied by using goods and services
-- www.mrc.twsu.edu/economics/passwordlessons/Lesson0 1/lesson1printgloss.htm

individuals, households, organisations, institutions, resellers and governments that purchase the products offered by other organisations.
-- wps.prenhall.com/wps/media/objects/213/218150/glos sary.html

Those people in a market who want to exchange money for goods or services.
-- highered.mcgraw-hill.com/sites/0072345772/student_ view0/chapter_2/key_terms.html

So, far, this is fairly ambigious. Since this will soon be under the nose of an appeal court, lets have a look at a legal dictionary's definition:

one that utilizes economic goods [if you don't pay for them are they still economic?];

specif: an individual who purchases goods for personal use as distinguished from commercial use

So, apparently, not only are email users required to pay to be covered by the lay, but they can't be organizations or business users, either.

Why do I think that isn't what congress intended?

Re:Consumers

[brianosaurus]

Read carefully. Its not that those of us running mail servers only to non-consumers (ie. ourselves?) aren't affected. Instead its that those of us... do not qualify to sue for damages.

It means that unless you have "consumers" using your "Internet access service", you're powerless against the spammers according to this law.

ONLY the goverment and "Internet Access Services" may sue for damages. So let's all play lawyer and figure out how to interpret that to include us!

Re:Consumers

[Tackhead]

> It means that unless you have "consumers" using your "Internet access service", you're powerless against the spammers according to this law.

I have a NAT box and a router. My roommate/parents/grandmother pay me $1/year to administer it. I have a contract proving that.

Re:Consumers

[Carnildo]

I'm running a copy of SAproxy on my home computer. For a lifetime fee of $1, I will filter incoming e-mail and mark suspected spam, if you are able to connect to my computer. I guess that'd make me an internet access service.

Re:Consumers

1. Get a reseller account with a hosting provider
2. Offer mail or webhosting accounts to the general public ("consumers")
3. Get spam
4. Sue spammers
5. Profit!!

Re:Consumers

[brianosaurus]

IANA Economist, but if I recall from my few Econ classes in college, and "economic good" doesn't necessarily mean that you pay for them. It has more to do with scarcity and "opportunity costs" than with money. Here's a definition:

ECONOMIC GOOD:
A tangible item produced with society's limited resources for the purpose of satisfying wants and needs. As a general notion, the phrase economic good also commonly includes intangible services produced with society's limited resources for the purpose of satisfying wants and needs. A synonymous term for economic good is scarce good.

So if you spend your (scarce) time setting up a server (resources) to provide email and web services for your family (satisfying their want or need), then it is an economic good. If you family uses those services, then they are consumers. So I guess that makes you the provider of an Internet Access Service.

Re:Consumers

'Affected'? I think you misunderstand - you arent looking to get *OUT* of being being considered an ISP under this law.

You *want* to be considered an ISP so that you have standing to sue spammers, because under the law, only ISP's can sue, not 'consumers' (whatever that means)

To me, "ISP" is much more narrower.

[welshsocialist]

IANAL, but I have considered an ISP to a company that provides access to the Net with or without Mail or Usenet. If you,

Re:To me, "ISP" is much more narrower.

If I what? Plz don't post drunk.

Re:To me, "ISP" is much more narrower.

[Space+cowboy]

Hmm. Look's like God's on the line. Hello ?

Simon

Re:To me, "ISP" is much more narrower.

[forevermore]

ISP to a company that provides access to the Net

Please don't confuse "Internet Access Provider" with "Internet Service Provider". They used to be one-and-the-same, but with the expansion of the web, I would definitely consider colo/hosting companies to be "service providers" even though they don't actually provide any access for dialup/dsl/cable users.

But on that note, a web host is providing access to the "net" if it is defined to include any net-accessible web page. They let people on the internet access that web page, so even by your definition, hosting companies (big or small, commercial or hobbiest) are ISP's, too.

Re:To me, "ISP" is much more narrower.

[Maserati]

Yep. The hosting service provides a connection to the Internet from your server or your hosted site.

Re:To me, "ISP" is much more narrower.

[fireboy1919]

That's a very good point, but you should always remember that the one thing that you should never do under any circumstances is

Re:To me, "ISP" is much more narrower.

[Seby123456]

that's definitly a good point but you have to

Yes to AOL, no to broadband?

[orthogonal]

...access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.

As I (IANAL) read it, it seems narrowly tailored to include AOL ("proprietary content") and exclude DSL-providing Baby Bells and possibly cable companies ("not... telecommunications services") (I'm not sure whether cable companies are "telecommunications services".)

Re:Yes to AOL, no to broadband?

[WEFUNK]

IANAL either, but I would read that differently.

The quote starts "...and may *also* include proprietary content..." suggesting that this might be offered, but is not a required part of the definition, which is more about providing access like an ISP.

I think the reference to "such term does not include telecommunications services" is simply meant to stop companies and lawyers from twisting the definition to apply to telephone or cable operations. But if they also run an ISP, that operation would still qualify under this regulation. Probably done so that the legislation doesn't infringe on existing FCC jurisdiction over telemarketers and fax spammers, etc.

Re:Yes to AOL, no to broadband?

[moonsammy]

You missed a few important words: "and may also include access to proprietary content" - *may* include. Any isp is covered, regardless of whether they have proprietary content. I read the provision of not including telecommunications services as meaning the people who provide the actual cables. So if someone uses AOL dial-up, AOL qualifies as an access service, but their phone company doesn't. If the phone company also provides internet services, then they would qualify. If the phone company qualified as a de facto 'access service' simply because their products can be used to send and receive tcp/ip, then manufacturers of bongos could also sue spammers, I would think. Well, maybe not, but wouldn't that be fun?

Well, actually...

[Faust7]

as part of a package of services offered to consumers.

It doesn't mention commercial, or for money, or to the public; it just says 'as part of a package of services offered to consumers.'

Consumers = the public in this case.

Internet access packages = typically non-free.

Selling it on any appreciable scale = often commercial.

I believe these are the interpretations they're aiming for, and the ones that will be upheld should they ever be taken to task.

Me, too!

[jc42]

Hey, I run the linux box that is the firewall between our home LAN and the cable modem. I provide internet access to my wife (and our parrots, when they play with the keyboard). I do all the troubleshooting of things like email and web-access problems. So can I am obviously qualify as an ISP, right? It'd be fun to be able to sue the spammers for DoS of our cable modem and wasting our time.

Re:Me, too!

[mcpkaaos]

Unless you have a business account with your cable provider, it is very doubtful that you would fall under this category. Cable providers tend to have very specific TOS that prohibit home users from reselling their bandwidth or even sharing it to anyone outside of the immediate contract (i.e., you). Additionally, they have the habit of prohibiting users from running servers of any kind, which sorta nixes the IAS idea.

IOW, in order to meet the requirements of an IAS, you'd most likely be in breach of your contract with your provider, which would probably nullify any claim you could make.

By the way, IANAL * infinity, this is just a slightly educated guess.

Re:Me, too!

[wfrp01]

I'd guess the opposition would jump on your TOS agreement, and say you were out of order for providing these services (depends on your ISP, of course). I hope anti-spam legislation doesn't ricochet into tougher TOS agreements, and tougher enforcements thereof.

Re:Me, too!

[cayenne8]

Yeah, I was shocked at the TOS I read on Cox cable in NOLA. I have been pissed at Mindspring/Earthlink DSL...they can't seem to get their act together to give me a static IP. I was going to switch, however, I went to look at all their restrictions on the cable broadband.

-No network translation? Guess that kills my NAT/Wireless Linksys router setup.

-Looks like they want to charge for home networking...they only offer 4 hooks. Does that mean they'll want me to take down and charge me for my home network I already have?

-Then the kicker. No servers of any kind?? Well, so much for running my small apache setup for simple web design....so much for my mail server.

When I signed up for DSL years ago...no restrictions like this....when did all this start? Is this a Cable broadband thing only or do other DSL providers have such restrictive clauses?

Re:Me, too!

[silentbozo]

It probably has to do with cable providers REALLY overselling bandwidth, and running into problems when someone starts up a file repository which (if not capped) can eat up all the upstream bandwidth for a neighborhood (the whole shared header thing.) It probably also has to do with the lack of tech-savvy people to do support for cable broadband, AND the desire to charge business-class prices for the privilege of a static IP.

I have to say though, my DSL provider (Speakeasy) has been remarkably cool about everything. In fact, they ENCOURAGE you to run servers on your connection, AND there's a reseller program where you can resell Speakeasy bandwidth with their blessings (in fact, they'll bill your "customers" and give you part of the cut in exchange for you being the neighborhood tech guy.)

Re:Me, too!

[Robert+The+Coward]

Cheap ADSL connections like Versions 49.95/59.95 type accounts do. The SDSL/"Bussiness" class accounts don't. Note Comcast does make a version that alows servers and give static IP but it cost alot more and is done thought the Bussiness Service Group. So in the end it comes down to money. I would check and see if speakeasy is avaible in your area they are a good inbettwen.

Definition needed

[IamGarageGuy+2]

I RTFA but i'm not sure if I qualify. I supply a cable modem connection to 12 students in rental rooms. If I use a switch and charge a monthly rate, does this make me an ISP. Does there have to be a server involved? Does reselling access count?

Re:Definition needed

[SteelRat]

do you provide an internet service or services?

sounds like you do, chief! :D

Re:Definition needed

[tekspot]

You may not have servers, but you do have a router/switch, so in fact, you are not just reselling, because you're providing something else too.

Besides, almost all the datacenters reselling bandwidth, yet somehow, I think they're included in the definition!

Re:Definition needed

[Robert+The+Coward]

Doubtful. If you read the TOS on you cable modem if you charge those 12 Kids anything you are reselling a NoNo for most cable modem custmers. If you are renting rooming in single house and they share kicten and address you would be a single household and should be fine if you have 12 different address that could be considered theif of cable services.

Non-Profit org, Kids in biz, Whats next?

[itsnotme]

Time for me to declare myself as a non-profit organization since they make ANYBODY running a server sound like a business or an organization in itself.

Should be proud of a 5 year old kid now, he runs a quake server, he's a businessman in his own right. Go government! Doing their job to encourage my kids to get into business!

Re:Non-Profit org, Kids in biz, Whats next?

Yikes, you have a five year old that runs his own quake server? I assume he had some help with that from his father?!?!?!?!?!?!

how I see it...

[MrUnknown]

"a service that enables users to access content, information, electronic mail, or other services offered over the Internet"

reword it to...
"a service that enables users to access...the Internet"

I think the list of "things" confuses the definition. but it only says things that ALLOW this access, not the services themself.

Re:how I see it...

[tekspot]

"[...]but it only says things that ALLOW this access, not the services themself."

My customers are buying bandwidth from me, which in turn allows them to access their e-mail on my servers. Does this make me covered by the definition?

It is obvious to me that whoever worded this bill does not have clear understanding of the Internet, therefore allowing really ambiguous definitions.

Re:how I see it...

[brianosaurus]

I think the "does not include telecommunications" bit, along with the list of things is worded in order to exclude organizations that merely provide the bandwidth or physical connection.

The rewording in the grandparent is inaccurate. Removing the list changes the meaning dramatically from "providers of content services" (or something like that) to "providers of connections".

The non-Gov't entities that are allowed to sue spammers under this law are those that provide the higher level services (email, web, etc) that run on the Internet, rather than those that actually run the Internet itself.

In other words, SBC can't sue spammers over the amount of data sent over their wires (ie. SBC acting as a telecom), though they could sue over spam being sent to @sbcglobal.net users (ie. SBC acting as an ISP).

does this mean..

does this mean it includes MS as an IAS since they provide IE6?

To me, "ISP" is much more narrower. (Take Two)

[welshsocialist]

IANAL, but I have considered an ISP to a company that provides access to the Net with or without Mail or Usenet. If you, provide Mail or Usenet without Net access, you are not an ISP in my book.

PS: I hope my comment makes sense now. I posted the first version of my comment without previewing first!

oh damn, that backfired!

Bush helps garner first post!

"excludes telecommunication services"??

[forkspoon]

So if it excludes telecommunication services, then doesn't it exclude the actual company you dial in to, and if it doesn't, perhaps it still excludes businesses that bundle phone service with internet access (I used to work for an ISP that did this [Tidalwave Internet in Northern Virginia]) from suing.

Travis

Re:"excludes telecommunication services"??

So if it excludes telecommunication services, then doesn't it exclude the actual company you dial in to

No.

if it doesn't, perhaps it still excludes businesses that bundle phone service with internet access (I used to work for an ISP that did this [Tidalwave Internet in Northern Virginia]) from suing.

Again, no.

It's there because otherwise telco who just provides dialtone would be considered an ISP.

Telcos who provide dialup service would still be eligible, under their non-telco division.

Basically, all it says is that you're not an ISP unless you provide internet access (not dialtone.)

Anyone with a web page?

[gr8_phk]

Especially if you provide useful information.

So offer it!

[TheSHAD0W]

So go ahead and offer it to consumers! It doesn't have to be a realistic offer; $10,000/mo for a POP account should be sufficient. This will enable you to sue spammers.

I asked this exact same question...

[forevermore]

I asked this exact same question the other day, and received an informative reply that was quite disturbing. Basically, even if I'd be allowed to sue as an ISP, I'd have to prove no less than $75k in damages before anyone would even bother to look at my case. Does this mean that I turn off my spam filters and create a bill of $50 for each spam email (at $50 per hour/partial-hour per message verified as spam)?

Granted, I still haven't even been able to find the full text of the bill anywhere in order to verify this.

Re:I asked this exact same question...

[JoeBuck]

Any ISP of any size would have no difficulty showing that spammers cause more than $75K/year in damages. Have one full-time person on staff to run your spam filtering operation? Your damage is roughly double this person's salary (cost of a full-time employee in the US is roughly double the salary after you figure in taxes, benefits, and overhead).

Re:I asked this exact same question...

[odin53]

You don't have to "prove" no less than $75,000 in damages. That amount has to do with whether a federal court has "subject matter" jurisdiction over a case. The $75,000 floor applies in federal "diversity" jurisdiction cases (i.e., cases that are in federal court because the parties suing each other are citizens of different states). Since this is a federal law, "federal question" jurisdiction attaches, which doesn't have that "amount in controversy" limitation.

Even if this were a diversity case, the $75,000 amount isn't that hard to reach -- one doesn't have to prove it, one only has to claim it (actually, you have to claim *at least* $75,001) in your complaint. Granted, there needs to be a reasonable basis for claiming it...

Re:I asked this exact same question...

[Daniel_Staal]

Even if this were a diversity case, the $75,000 amount isn't that hard to reach -- one doesn't have to prove it, one only has to claim it (actually, you have to claim *at least* $75,001) in your complaint. Granted, there needs to be a reasonable basis for claiming it...

And remember, by this definition of 'reasonable', SCO is suing IBM for $3 billion...

Re:To me, "ISP" is much more narrower. (Take Two)

[armando_wall]

"I have considered an ISP to a company that provides access to the Net with or without Mail or Usenet".

That's the way I define ISP, too. The thing is that even the term ISP (Internet Service Provider) is confusing. It should be "Internet Access Provider". If it was "IAP", then there would be less confusion... ..but, of course, we're talking about politicians, so they would have found a way to make it "IAP" confusing ;-)

Such term does not include telecommunications serv

[Uma+Thurman]

"Such term does not include telecommunications services."

That's all of it, since moving bits around on the Internet is a telecommunications service. No wonder spammers love this bill. Everyone who would give a rat about it can't sue them.

Napster's Defense

[usurper_ii]

I think Napster would have liked the definition offered. If memory serves me correctly, they tried to define themselves as an ISP to use the safe harbor clause of the DMCA...and it didn't hold up in a court room.

IANAL either, but...

[ScottSpeaks!]

"It doesn't mention commercial, or for money, or to the public; it just says 'as part of a package of services offered to consumers.'"

Why should it make that distinction? A university providing access to its students, or a "free" (i.e. advertiser-supported) dial-up provider differs fundamentally from AOL or Earthlink or MSN or your local independent ISP only in its economic model.

"it seems narrowly tailored to include AOL ("proprietary content") and exclude DSL-providing Baby Bells and possibly cable companies ("not... telecommunications services")"

Broadband services usually provide e-mail service to residential accounts and assorted other services (e.g. DNS) to business accounts. I think this phrase is intended to single out the backbone operators, folks whose customers are all other ISPs.

The spirit of the law...

[geekee]

is to allow people who are directly affected financially by spammers to sue them. These people are generally ISPs who need more storage and bandwidth to deal with receiving and storing spam. It reminds me of the fax laws since there was concern there that advertisers were making their targets pay for ink and paper to distribute their ads via fax.

Re:The spirit of the law...

[cmowire]

The spirit of the law is that the DMA and other such groups want Spam to be classified as "every bulk unsolicitied mailing that we didn't send".

The problem is that you pay just as much as your ISP does, in agregates. If they could avoid upgrading, they would probably end up charging less to compete with "the other guys", thus passing the savings on to the user. If you go over your allocation of storage space and get billed for it, you are the one who gets charged.

The problem is that your average ISP is going to do a mental calculation. It costs $X to sue a spammer yet costs $Y to suck it and buy a new box and filtering software. If X>Y, they won't sue. Sure, some ISPs will get some extra cash $Z for the free advertising, etc. but it's not going to work out very often.

One of the ways that the junk fax laws partially worked is because they allow the average joe to file suit for some small amount of money in small claims court. There are generally no lawyers in small claims courts, thus the costs are much lower. There are enough people who have the time to sue. The agregate costs will cause great fiscial hardship for a company if enough people pull it off.

The problem is fax.com has been above the law for several years now because they play rough in small claims court.

I think the *main* potential for good effects from the new anti-spam laws is going to be that filtering might get easier, simply because the "legit" marketers will be broadcasting from non-forged, non-hacked addresses. This makes blacklisting easier and tends to imply that it will be relatively easy to baysean-filter out their individualized removal mechanism/removal address/etc.

What is an ISP...

[spence2680]

While I hope that I _do_ classify as an ISP, (read: I want to sue folks who spam my mail server.) I find it sad that we vote officials into office that legislate this "crap" as "law". Moreover it's sad that (assuming this becomes law) it will cost someone untold millions in lawyers fee's to make this law even someone worth more than the paper it's printed on. Trash in, Trash out.

Let's hope the definition is broad enought

[henry.thorpe]

"isn't this definition so broad as to cover all of us who run a mail server?"

I certainly hope so. Anyone who runs a mail server is burdened by the costs that result from the "abuse of the commons" that Spam is.

Maybe "they" did something right, for a change.

Service = Protocol?

[The+Spanish+Ninja]

a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers.
You could consider a protocol (such as HTTP or FTP) to be a service that offers these very things, so could we possibly glean from this that only a protocol can sue? Damn sneaky if you ask me...

Free Beer!

[B.D.Mills]

If I use a switch and charge a monthly rate, does this make me an ISP.

Perhaps.

If you want to claim ISP status, so you can sue spammers, start charging a fee. Then provide "free" beer to your students every month for roughly the cost of the fee. You get the right to sue spammers, your students get beer. Everyone wins!

Re:Free Beer!

[IamGarageGuy+2]

Hey, I hate spammers as much as the next guy - but giving away beer, that's a little over the top don't you think?

This is going to be fun...

[nate+nice]

...let's see how many lawyer for a day Slashdotter's there are. :P

too bad.

[twitter]

How are "consumers" defined? Members of the general public who pay money to receive these services? If it's something like that, then those of us who run mail (etc.) services only to non-consumers shouldn't be affected. Right?

Right, so AOL, M$N and all can spam you to oblivion and you can't do anything about it. Don't even think of mailing your AOL using mom, though. If you get through their "spammer" blacklists, you will be fined. Expect the disparity between the computer you run and the one that M$-McDonald-Acme-Soft to grow larger as more dumb laws are crammed through clueless legislatures preocupied with bigger issues, like becoming an Empire.

Re:To me, "ISP" is much more narrower. (Take Two)

Perhaps God could have declared some basic grammar to you? Just a thought...

mod parent up and cc your congressperson

[js7a]

yes, please make the do-not-spam registry from MD5 hashes, please, please, please, otherwise it will be abused by those beyond the reach of U.S. law.

One more example of U.S. government corruption.

[Futurepower(R)]

My impression of the "anti-spam" legislation is that it is pro-spam, and one more example of U.S. government corruption.

Dave Letterman said, "When you make out your part of the check for $87,000,000,000 to help Iraq, remember that there are two Ls in Halliburton." (Halliburton is Vice-President Dick Cheney's company.)

Yes!

[twitter]

The way I read it, this would cover a home page as well, as it offers customers (family) access to information (your pictures of the kids, blogs, whatever). Does this make sense to anyone else?

You run a "server". It provides service through the internet. You are an internet service provider. What is the difference between your computer and any of the boxes at Google? None. You should expect and demand all the rights and privleges that your "ISP" expects and demands.

The problem is that your don't have those rights. My ISP explcilty prohibits "servers" of any sort and then blocks ports inbound and outbound to enforce the difference. It's an abuse of a public network, built with monopoly protection (cable), and an outrage.

Re:Yes!

[The+Snowman]

So, what about me? I pay for web hosting, and I provide services to my wife. The hosting account is in my name, charged to my credit card. I allow her access to email hosted on that server. Am I an Internet Access Service?

Re:Yes!

[HeghmoH]

Your cable provider doesn't have a monopoly on internet service. They don't even have a monopoly on high-speed internet service. Don't believe me? Buy a satellite system, a wireless system, or something from the phone company. They may not sell you DSL, but they're surely sell you a nice T1 and let you do whatever you want with it.

Oh, but cable is the cheapest. Poor guy, the cheapest broadband service you can find doesn't let you run servers. I honestly do sympathize and think that they should let you. But they are not by any means a monopoly.

E-mail is a service that allows access to services

[tepples]

you don't allow access to services over the internet. you are a service on the internet. big

...deal. Anybody who runs an e-mail server runs a service that in turn allows access to other services on the Internet, such as mailing lists, corporate technical support, and autoresponders[1].

[1] "Autoresponders" were more popular before the Web became "The Internet". A particular query e-mailed to an autoresponder's address resulted in a reply to the sender's address containing an attachment.

If you can't understand a law, it is a corrupt law

[Futurepower(R)]

If you read a law and can't understand it, it is by that very fact a corrupt law. The reason you can't understand the "anti-spam" law is that they don't want you to understand it. It is intended to accomplish some hidden purpose.

Not that it's not true...

As with most things in American law, it isn't what is right that matters, it is who has the most money.

...but how does something so obvious and oft-repeated get a "Score:5, Insightful"?

Re:Not that it's not true...

As with most things in American law, it isn't what is right that matters, it is who has the most money.

...but how does something so obvious and oft-repeated get a "Score:5, Insightful"?

Because as with most things on the web, it isn't what is right that gets heard, it is what more suckers are willing to repeat.

Re:Not that it's not true...

[Tim+Browse]

Or, to quote Bill Cosby, "Saying it loud don't make it right!"

Re:Not that it's not true...

[MegaHamsterX]

No, saying it over and over does.....

this is why UNIX passwords have 'a grain of salt'!

[PaulBu]

... it is easy to take a dictionary of common passwords (or e-mail addresses), hash it and store on a CD, then match hashes from CD with hashed e-mail list. It is much harder is hash includes even a short 'salt' prefix (for 2-letter salt your encripted dictionary will require 1,024 CDs).

OTOH, I understand that you were talking about something which is (slightly? substantially?) different, but it might be useful to keep those simple tricks from the old days in mind.

Paul B.

uh oh ... libraries ?

[Tacoguy]

is it possible that if a spam relay gets placed on a public access terminal in a public library (and many rural ones don't have expertise to handle this) ...

I understand the accountability issues with this but can we deprive the public of access to information they would not otherwise be able to get.

We are at a point it seems to me of having to make hard decisions but are looking in the wrong places.
TG

Fine distinction

[siskbc]

So the only question is if your family counts as "consumers" (which I think they do).

This is going to be a fun one and I hope it gets tested. Had the phrase included "customer" instead of "consumer," then it would be very clear that you would have to sell the services to have any rights under the law. But "consumer" can simply mean "user," and at that point my cat, who likes my screensavers, is a consumer of my computer (if not my internet connection).

Methinks they worded the law in a way they didn't intend, but which is actually more favorable for us. But wait, we hate loopholes, right? Not this time? OK! ;)

Re:Fine distinction

[brianosaurus]

Yeah, its a very interesting distinction, and a loophole that will still allow most telecoms to sue spammers, even under this law.

What do SBC DSL customers pay for? Is it the 5 free email accounts or the 10MB free web space? No, those are free. They pay for the telecommunications service that connects them to the internet. So SBC is excluded from being able to sue spammers by this law.

But anyone with an @sbcglobal.net email address is a consumer of SBC's Internet Access Services. Woohoo! SBC can sue again!

Re:Fine distinction

[Seby123456]

What do SBC DSL customers pay for? Is it the 5 free email accounts or the 10MB free web space? No, those are free. They pay for the telecommunications service that connects them to the internet. So SBC is excluded from being able to sue spammers by this law.

But that's just a misuse of the word free - what they mean is 'inclusive 5 email accounts' and 'inclusive 10MB free web space'

Re:Fine distinction

well, microsoft will tell you other wise. internet explorer is just a free service/program, not an onclusive serice.program.

i'm not sure what ever came out of that case and the defense either. the IE issue came up in the anti trust ordeal but i'm not sure if they ever got busted for including it or not., i think the settlement avoided it so there might still be a valid wording for free insrtead of inclusive.

oh well, the only reason i had replied to this is because i'm borred.

IANAFJ

[spiritraveller]

The term 'Internet access service' means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.

If your service enables users to access content over the internet, then you are an IAS. That service can be part of a package that includes a dial-up/broadband internet connection, but if your only service is a "telecommunications service" then you are not an IAS.

The reasonable interpretation of this is that you have to provide something more than a mere connection to the internet. If you provide email, newsgroups, your own web portal... or any other of your own content, then you are an IAS.

This likely includes all the baby bells, all the cable companies, AOL, MSN, Yahoo, etc... It probably also includes anyone running a mail server, website or usenet server if they allow other people to use that service.

Note that it only says "package of services offered to consumers." It says nothing about charging a fee or being a publicly traded megacompany.

I am not a federal judge. What I say is only what a reasonable human being would think the statute means. As we know, the law is not always interpreted by reasonable human beings... look at that 10 Commandments guy in Alabama for instance... D'oh! He's not a judge anymore though is he?

Re:IANAFJ

[brianosaurus]

Another reasonable interpretation is that the owners of the wires that support the internet cannot dictate what content is sent across them. That is a good thing.

I do disagree with your example of unreasonable human beings. That judge was not an misinterpreting the law. He knew what it meant. He didn't agree with it, he challenged it, and he lost. I applaud his integrity, even though I disagree with his stance.

Laws are not the final word. Congress can pass all the poorly-written, ineffective laws they want, but they still have to stand up in court when challenged.

Re:IANAFJ

[pohzer]

Yet Vonage has been cited as a telecom company, and now has to follow BPU regulations like subsidizing residnetial services etc..... so some IP services are "Internet" and some are "telecom"?

Sounds like anyone with an unsecured WiFi hotspot is now an IAC. Probably an ISP as well. So when a war driver routes his spam attack through your gateway while parked on the street at the end of your driveway.....

Re:IANAFJ

[jhantin]

Vonage provides a gateway between the public switched telephone network and their VoIP system, which I suspect is the justification for the telecom label.

Oh, and I'd categorize an unsecured WiFi AP under "asking for trouble".

Re:If you can't understand a law, it is a corrupt

It is intended to accomplish nada, nothing, zip, nil. It is pre-election hype.

and anotehr one -- make hash function expensive

[PaulBu]

MD5 would be a bad idea since it's optimized to be EASY to compute. For the opt-out list an EXPENSIVE strong hash can be specified. Again, remember how old UNIX crypt(3C) function was deliberately slowed down to prevent this kind of dictionary attack. Solaris manpage still says: "It is based on a one-way encryption algorithm with variations intended (among other things) to frustrate use of hardware implementations of a key search".

Actually, making this function REALLY expensive is a good way to move some $$ from spammers to chip makers and maybe even make spam unprofitable! Update list often enough and change salt values so that before every e-mail is sent an expensive hash has to be actually _computed_ (rather than looked-up in a huge database).

Paul B.

Re:and anotehr one -- make hash function expensive

[cynicalmoose]

Make the function really expensive.

So nobody uses it anyway as they haven't the time.

/. = ISP?

Does this mean /. can sue trolls?

What Kind of Man Reads Slashdot?

[handy_vandal]

Who Is An ISP?

This reminds me of those "What kind of man reads Playboy?" ads in Playboy.

-kgj

not sure, yet...

[Down8]

Doesn't "consumer" imply "commercial"?

-bZj

Re:not sure, yet...

[Slack3r78]

Dictionary.com:

One that consumes, especially one that acquires goods or services for direct use or ownership rather than for resale or use in production and manufacturing.

I must've missed the part that said 'paying.'

Re:not sure, yet...

[Down8]

Ah, semantics are fun.

Dictionary.com:

Commercial adj.

1. Of or relating to commerce: a commercial loan; a commercial attache.
2. Engaged in commerce: a commercial trucker.
3. Involved in work that is intended for the mass market: a commercial artist.

Of, relating to, or being goods, often unrefined, produced and distributed in large quantities for use by industry. Having profit as a chief aim: a commercial book, not a scholarly tome. Sponsored by an advertiser or supported by advertising: commercial television.

You'll notice of the four definitions, only one refers to money. "But wait", you say, "what about 'commerce'?"

Dictionary.com:

Commerce n.

1. The buying and selling of goods, especially on a large scale, as between cities or nations. See Synonyms at business.
2. Intellectual exchange or social interaction.
3. Sexual intercourse.

I could go on and on with the definitions of "acquire", or the fact that "customer" is synonymous with "consumer". Point being that it can still be considered commercial without being paid for in money.

I repeat, doesn't "consumer" imply "commercial"?

-bZj

too dumb to write RFCs

[Doc+Ruby]

It's sad that Congress can't clear these technical bills, while "negotiating" them, through some of the infotech organizations we have in the US, like ANSI, MIT/Berkeley/Caltech/etc, or Slashdot. They treat technology like Hollywood producers, who don't care about whether the tech they write about works, just whether it sells. As the main buyers are telcos, the ambiguity is a feature, moving competitive barriers against those who can't afford the connected telco lawfirms, which employ the lobbyists who often write the language in the laws. When they get their way, the laws will be copyrighted, and kept secret, until enforced.

Leaving it to the Courts?

[Seby123456]

Once again its a situation of legislation giving the very minimum bare bones of something, and leaving it for the courts to decide what it actually means. It a terrible injustice to legal certainty where test cases are needed to see just what legislation *actually* means

TOS problems folks...

[utlemming]

As I have been reading the above comments people have said, "HEY! I am an ISP!" But there are certian legal problems with that statment. If you happen to be under a Terms of Service, like I am, they prohibt such things. So even if you do happen to get yourself declared an ISP then you are opening up yourself for a law suit from your ISP or being disconnected from the internet.

From Cox Communications acceptable use policy: "Servers. You may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server-like functionality in connection with the Service, unless expressly authorized by Cox. "

Further invesitagtion revelled simular acceptable use policies. So thus the problem remains -- you claim your an ISP, your connection provider says you must not be, and then your in a quandry.

Some things to think about...

Re:TOS problems folks...

[joto]

Actually, my TOS says i'm not allowed to run servers on accessible through the Internet (and if it doesn't, that's how the courts would interpret it, as they certainly can't expect me to not run e.g. X11.

So, If I decide to deliver internet mail from my box to other computers connected directly behind it, than I'm not violating terms of service.

By the way, I'm willing to offer this service to you for a modest cost, if you happen to be living in my living room, or somewhere else where it would be easy to connect with your computer.

Re:Well, NOT actually

The language used does not mention scale, says proprietary content is optional, and does not say there need to be more consumers than 2 (necessary for the plural to be correct).
The language used governs, not some vague notions about what some of Congress might have intended to say. What they said, rather.

What was said seems to cover, just fine, a case like that of a family member who runs the internet hookup and supplies internet access to 2 or more other family members. In practice, singles who never let anyone else use their systems might be blocked, but most of the population having anything to do with running mail services is evidently included in the class permitted to sue. The language used doesn't say the access needs to be continuous either; if you let a couple friends use your system to access the Internet and can prove it, you are offering a package of services to those people, at least for the duration of the time you let them on.

Certainly the spam lobbyists will not have wanted that result, but that is the language. I notice the do-not-spam list business is only a mandate to study it. That was a sneaky language bit they won on. This is one they lost on. Even terms of use contracts with providers that specify only one user at a time don't forbid multiple people using the same machine one after another...and that usage is enough to satisfy the bill's language. Let's hope it gets before an honest judge...

Forget it - You won't be suing anyone.

[MeddlesomeKids]

If you are an ISP and want to sue, you can only sue violating spammers. But this bill defines what "spam" and "spammers" are, and it's probably not the definition you or I would use.

According to this new bill, so long as the email has an "opt out" link and is not sent to anyone on the Do Not Spam list, then that email message is not, according to the proposed law, spam.

In other words, nothing will change. And, if you live in California or Virginia, this new bill has less protection than state laws, and will override and _decrease_ your legal protections from spam.

So, the question of whether you fit the definition of an ISP is somewhat moot. Sadly, the law specifically prevents consumers and businesses from suing.

IANAL, but it seems more like a "Pro-Spam" bill than an "Anti Spam" bill to me.

Hopefully the "Do Not Spam" list part of the bill has some teeth.

Yes and not just that

[Ricin]

from what I've gathered the law can also easily be used against grassroots political campaigns through email. E.g. postal address must be present, all headers must be correct (you sent the mail from your laptop through your gateway PC.. well.. you seem to have been forging headers..., think about NAT, ...).

It's full of traps and not in our favor. Was on DemocracyNow (dot org) with a guy from EFF yesterday. Guess most of you freedom fighters here are not very active in informing yourselves let alone fight (err, for?) freedom.

And those who now start elaborate threads about headers and all, I'm shorting the tech fluff down because it's about the POINT I'm trying to make. Discuss the point.

A part of you ("Might be a good idea", "Any law better than none", "Kill the spammers", etc) have fallen for the same propaganda that got people to accept the patriot barbe wire thing cheered at and approved of. They play on your (often righteous) complaints or fears and sneak in a traversy of a solution. Which is not designed in your interest but delivered as such surely it is.

One would think people wisen up, but it appears that "we" as "intellectuals" are actually much more susceptable to this kind of honey smearing. That should be some food for thought.

The devil is always in the details but people seem to not be able to shake off the idea that details == small things.

Re:Yes and not just that

[voidptr]

it's about the POINT I'm trying to make. Discuss the point.

What, exactly, is the point you're trying to make? This bill makes it illegal for some politician to blanket my inbox with crap too?

From what I've seen, I don't think this bill accomplishes actually stopping spam. It ends up legitimizing it, and gives members of the DMA each a one-spam-free pass. But I don't want to read ads for the Dean campaign on my inbox without signing up anymore than I want the chance to buy Viagra.

Re:Yes and not just that

[Ricin]

That it is not for but against you.

Re:Yes and not just that

[Ricin]

Sorry I submitted too soon (hmm rather hit the wrong button ;-) Let me clarify: I think that having techinical nitpick debates is counterproductive if we are as a group or community to see what's going on and stand up to this kind op legislature (sp? I'm Dutch) and we should see how for some mysterious reason it's always against "the little man who happens to be in the know".

Hope that clarifies the point I was trying to make and why I really didn't want a tech discussion over this but rather a political one. This is a political thing. Sorry if I confused you and thanks for answering.

More people on /. should get involved and answer and debate and most of all research (hey you got Google..... for now). If they end up at a conclusion that I don't like, well, great, good. I don't like it but OK most do.

But the absense of any real debate or only the kind that's easily being dispersed into "side-debates" about tech and all (my earlier point) while loosing what it was about socio-economical, or politically or well you name it anything != geeky, if we give in to that constanly we are only asking to be misled and basically saying "we'll swalow anything just have it contain tech controversies or disagreements".

Yes I'm using far too many words again but I'm pretty sure they sufficiently illustrate where I'm coming from and wher I hope for better or worse to arrive at.

All this probaly gives more insight into my person as anything else but I still hope it explains my post and my reasoning.

I don't like to be zealous. But if this goes on, we are running out of time. And with "we" I mean "we" as broad as you can find imaginable.

I am one of those crazy *BSD people.

I am an ISP

[yourlord]

Well, since I have my linux machine, which is always connected via DSL, set up to also provide dialup ppp service, I am an ISP.. I set this up so that if I'm out and around town and need dialup access, I can dial into my machine and NAT through my DSL connection while also having direct access to resources on my network.. It works very well.. Since I also have accounts on my servers for my friends and family, and all of them can dial in and use this service, even under a more strict interpretation I would be an ISP..

You let your 5 year old play quake?

Shame on you!

Re:If you can't understand a law, it is a corrupt

Or perhaps you are ignorant.

Its very easy to complain that something is "corrupt" or "bad" because you don't understand it.

This is probably the same reason a lot of legislators make such stupid decisions such as banned "master/slave" or pushing for the Fritz/TCPA chip.

Rent out computers?

[Kris_J]

The way it's worded, it might define "Radio Rentals" (they rent out computers as well as fridges and TVs) as an ISP because they provide a service that lets people connect to electronic content. Heck, it might even include power companies as without power most desktops aren't much use.

It may also include anyone who's enabled Internet Connection sharing under Windows and almost definately includes any closed Wi-Fi networks like Perth's free hobbyist wireless network (despite the fact that there's no bridge to the Internet).

I'd be smug about being an Australian if our tech laws weren't pretty much the same level of crap.

How Do you Kow What's Right?

[reallocate]

You don't have to be a business to generate spam. All you need is a single mail server.

Are you arguing that your right to operate a personal mail server trumps my right not to receive spam?

Well, maybe you're right, maybe you're wrong.

So, welcome to the land of politics and the courts. That's how things work around here. Sometimes you win, sometimes you lose. Living in a democracy obliges you to accept the outcome, or keep on fighting for what you believe in and be willing to accept the consequences.

The alternative is to anoint someone to decide what's right and wrong. I don't like that option.

As James Madison argued, the U.S. Constitution is a means to balance conflicting interests to the benefit of the most people most of the time. It isn't a means to determine moral correctness.

Re:How Do you Kow What's Right?

[dodobh]

But mail *servers* accept mail. Mail clients send the mail out (which may or may not be mail user agents). Except perhaps in the case of a monolithic MTA like Sendmail or Exim (which behaves as a client when sending mail to another server).
Enjoy.

Re:How Do you Kow What's Right?

[reallocate]

Nope. Mail clients -- pine, mutt, Evolution, Kmail, etc. -- transfer mail to a mail server, either a server like sendmail or postfix running locally or to your ISP's server. It's the server that transfers the mail over the net, not your client.

Re:How Do you Kow What's Right?

[dodobh]

What happens if I call /usr/sbin/sendmail directly from the command line?
Anyway, the way a TCP client is defined is the system that sends the first syn. The server is the system that accepts and responds to the syn with a syn+ack.
Follow that logic.

Re:How Do you Kow What's Right?

[reallocate]

Sorry, you're being pedantic. More than 99 percent of the people sending email have no idea what you're talking about and no idea how to call sendmail directly, assuming they know what that is.

In the real world, a mail client is the thing you use to write mail, and a mail server is the thing that sends it somewhere else. Yes, there all always exceptions, but they are just that: exceptions.

Bad Law - kills states remedies

[anagama]

Look at pg 47, line 16:

This law kills all the state's remedies that have been developed to provide recipients a way to sue spammers. This law has lower fines. This law frekin' sucks!

Re:Bad Law - kills states remedies

[Eric+Savage]

Actually I think a weak federal law is better than strong state laws. There are just way too many ways for spammers and plaintiffs to abuse the system by manipulating jurisdiction and things like that. Plus it makes it very difficult for legitimate companies to be sure that they are in the clear.

Re:Bad Law - kills states remedies

[anagama]

I dissagree. If I get a judgement against a person in WA state, where I can get $500 per spam minimum, I can enforce that judgement in their own state. I also get to sue in my home state because by sending me mail here, it subjects them to WA jurisdiction. The $100 or $25 fines in the federal are trivial. And just try to get the government to do something - particularly when it is our reps who can get funding from organizations and such. This law makes the individual powerless in favor of our government watching out for us. That sure makes me feel great.

Re:Bad Law - kills states remedies

[Eric+Savage]

Consider that every state has a different law. Now put yourselves in the shoes of a totally legitimate company that wants to send email to its customers, or maybe even sponsor a legitimate newsletter. Today they have to evaluate each action against 50 laws because there is no way to tell which address would be subject to which laws (even asking the person won't work because they might lie). This means that one state is effectively making national law, which is a problem, and its the kind of situation (like other interstate commerce) that the federal government should address.

If you're having trouble envisioning legitimate marketers, just take whatever you do for a living in Washington, imagine if you had to abide by the laws passed in a very different state like Texas or Ohio, for no other reason than "just in case".

Re:Bad Law - kills states remedies

[anagama]

Sorry, If I want to business in WA, I need to know WA law. That's a fact of life. I wouldn't have a problem with the Federal law, if it did not destroy individual's right to sue.

If a company wants to protect itself, it should be able to show that I intentionally OPTED IN. If I want commercial mail, I'll ask for it. And what I really want to do, is not sue spammers, but the bastard companies that hire them. I don't do business with anyone that spams me - and I would love to hurt them. BTW, I don't consider commercial email that I request, to be spam. Spam is unrequested junk mail.

I guess I better get my claims going soon. Maybe I can bankrupt one of these companies. That would be a delightful achievement - and one the creeps deserve! Oh yes, and different state laws would be an advantage. It would make companies leery of spam and hopefully, some would pass on the idea. I don't see any downside.

Re:Bad Law - kills states remedies

[Eric+Savage]

You're missing the point. Let's say you don't want to do business in WA, you just want to do it in MA. You have all MA customers, but you still have to know, and abide by, WA law because someday a customer will move there or check their email from there and then they can sue you for spamming.

You're also confusing the issue by assuming there is a universal standard for spam. That's the main problem, that each state defines it slightly differently.

Re:Bad Law - kills states remedies

[anagama]

No - your MA business would be fine. You aren't subject to the law unless you know, or have reason to know that the address is linked to a WA resident. RCW 19.190.020 (and if you are business obscuring your email details - I have no pity). In order to make sure spammers have reason to know, WA residents can register their email addresses. And besides, nothing stops an inquiry to the ISP either. There is nothing you can say, or argue, that can cause me to be sympathetic to commercial email.

The worst part about spam is that I can't do what I do with paper spam - cross mailing junk mail (insert visa offer into mastercard offer, and mail them off). The kick I get out of that is well worth 37 cents.

Re:Bad Law - kills states remedies

[Eric+Savage]

Again, you're missing the point. I'm not talking about the WA law, I'm talking about some other law that doesn't have the provision you mentioned, like the CA one. And I'm also not talking about just email, I'm talking about any situation where one state is effectively legislating for all the others. Do you contact the ISP of every email you send mail to?

I've noticed in your other comments that you like to swear, which I have no problem with, but what if some state that a viewer read those comments in said that you were violating their laws? After all it says at the bottom of the page that you own the post, therefore you are responsible for it? Have you checked every state law on the subject of obscene remarks (as well as how they define obscene)? Do not answer these questions, I'm merely trying to illustrate that state laws shouldn't legislate things that the state can't control, and that pretty much covers everything about the Internet. If they want to outlaw sending spam when the person is physically in the state, that's fine, but anything beyond that is too much. It's the same reason that the federal government regulates interstate commerce.

Re:Bad Law - kills states remedies

[man_ls]

The company I work for has that exact problem...we're afraid to send out or legitimate newsletter to people who have requested to receive it, for fear that one person who doesn't want it will have slipped through the cracks in our database and will sue us into bankruptcy.

Re:Bad Law - kills states remedies

[anagama]

You make some good points about swearing, and dang it, if I get in trouble somewhere for it, that's on me. I know it is potentially offensive when I do it and so I take that risk.

The bad thing about the spam law is that it destroys a good local rule. Business in general are completely used to the fact that there is concurrent state and federal jurisdiction over many areas. Take for example the minimum wage law. It is higher in many states despite the existence of a federal minimum. Or workplace safety laws. If your MA company does business in WA, it will have to conform to WA minimum wage and WISHA regulations (both more stringent than fed. min. wage and OSHA).

Spam should be no different. I don't mind federal minimum standards to protect citizens of states where their legislature is too stupid or bought to make good spam law, my beef is with the destruction of a more stringent spam law by the federal legislation. By removing more stringent state laws, the federal law makes it easier for spammers to exist. The federal law is therefore a a bad law in its present form. Change it or kill, but don't pass it.

Not a real ISP

[wonton_mein]

Let's just say, it's not a real ISP when it screws with its customers as much as Michael Jackson does with children.

Not necessarily

If you read a law and can't understand it, it is by that very fact a corrupt law.

Not necessarily. You might just be dumb.

ISP isn't a technical thing, it's a money thing

[bigberk]

The big move these days, spearheaded by content providers such as cable and telecom, is to clearly divide consumers and commercial service providers. This is a business thing, and it has nothing to do with technical matters.

For instance, many of us geeks have run our own web sites and mail servers for several years. Now we're running into increasing problems with ISPs that are blocking incoming and outgoing TCP ports, and entire netblocks getting tagged as consumer class (dynamic blocks) so that some domains can easily block our mail.

From a technical angle, there is no difference between the IP traffic coming from my server in the basement and the largest commercial servers on earth. We both send TCP/IP packets that adhere to an established, open specification. But the difference is that I shouldn't be providing web/mail services. Why? Because I'm competing with someone else, and at least someone could force me to buy a business hosting plan right?

Who is an ISP? Me, becuase I run a few sites?

[mwillems]

And it seems to me there is an in-between category as well, such as myself.

Out of my house I run a few web sites for money. They are small sites, Linux/Apache/PHP/MySQL, by companies that get a few hits a day and a few emails a day. I do this to hone my sysadmin skills and to earn back the cost of the SOHO commercial cable connection. But does that make me an ISP? Should I, if I do business with people in the UK, keep logs for years? Should I install a government spy box? Surely that cannot be the intention?

Michael

Re:If you can't understand a law, it is a corrupt

[Tsaroth]

Not to be insulting, but you saying you could not understand it onlyproves that you did not devote enough time or concentration to the matter.

What truely makes this law corrupt, is that it was created behind closed door by a Republican only committee. Once they brought out the final bill it was 1300 pages long, and would be voted on in 2 days. How can the politicians lie to our faced and say they are against spam when probably none of them could have read through the whole thing.

Then there's the usual problem that almost all of Congress is lawyers, who write laws that can only be understood by lawyers. When you have to pay someone money to know what your own rights are, something has definitely gone wrong with the system.

The law is meant to be owned by all of us.

[Futurepower(R)]

Adding to my parent post: It is very common that people who comment on Slashdot call each other idiots. However, it is likely that almost all of those who read Slashdot are of above average intelligence.

Those who have commented on the parent post have said I don't understand the law! Whoa! Such a big need to find that someone else is less intelligent!

The law is meant to be owned by all of us. If the average people of us cannot understand a law, it should be re-written. Generally, when a law is difficult to understand, those who wrote it don't want it to be understood.

Re:The law is meant to be owned by all of us.

[Afty0r]

However, it is likely that almost all of those who read Slashdot are of above average intelligence.

I disagree, if you had said "are of above average technicaly ability" this would almost certainly be true, but intelligence is a much more grey area.

yep.

[twitter]

what about me? I pay for web hosting, and I provide services to my wife.... I allow her access to email hosted on that server.

Yep, you are providing a service and there's not much difference between what you do and what any "normal" ISP does. Everyone has help, no one writes all of their software themselves and everyone purchases or leases someone else's equipment somewhere, only the scale changes.

Don't listen to people who would infring on your rights by pidgon hole you into a "consumer" with a machine that is not alowed to do what it can on an internet that was not designed to have master and slave machines. What they are telling you is stupid and outrageous.

Re:yep.

[The+Snowman]

Don't listen to people who would infring on your rights by pidgon hole you into a "consumer" with a machine that is not alowed to do what it can on an internet that was not designed to have master and slave machines. What they are telling you is stupid and outrageous.

I believe strongly in an open internet, where everybody has a chance to be heard, where everyone has opportunity to do what they want without hurting anyone else. I oppose any effort to turn the internet into television, i.e. a one-way medium where we are told everything.

If paying for hosting gives me extra rights under this law, I am not about to complain. Before the national DNC registry went live I was a part of a state DNC registry. I had no problem quoting the law to telemarketers and informing them of my intentions to file a lawsuit when warranted. If I can wrap my hands around one spammer's throat with this law and sue them successfully, I will be quite happy to add my drop to the bucket. Every little bit helps.

It certainly covers me...

[KC7GR]

...considering that the only thing I depend on from my upstream is six static addresses and my bandwidth. I take care of everything else, DNS included.

By that measure, and the language referenced, I could indeed sue for damages if I chose, since I am running an entire bank of servers and providing "Information Services" to myself and others (my life-mate and a close friend in another state -- he gets in through a VPN tunnel).

However, I find it much more fun simply to block spammers out of our network, and watch them bang their metaphorical heads against our firewall and blocklist. Makes for entertaining reading in the reject logs.

Re:If you can't understand a law, it is a corrupt

It is intended to accomplish some hidden purpose.

Was that you that stole ma tin-foil hat?

Aunt Reba, get ma 12-gauge from the closet!

MOD PARENT DOWN

If you're not going to RTFA, at least RTFSummary.

ISP != IAS

Trooooollly trooooollly troll troll.

Re:MOD PARENT DOWN

[utlemming]

No, not really. Because the way that the TOS and AUP are written, it means that you can not have and IAS because that would mean that you have a server. The problem is not being an ISP or an IAS -- either is a violation of the TOS or AUP. Read the documents before you go around being a troll. The AUP that I quoted says, "You may not operate, or allow others to operate, servers of any type ." From the bill, " Internet access service -- The term 'Internet access service' means a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers." If you can implement an IAS with out using a server, and P2P is technically a server, then it is still a violation of the TOS and AUP. So in response, MOD PARENT DOWN is off topic.

I read the article, before I posted. You did not read the comment or think about what I was saying before you posted. Also, I was commenting not only on the article, but on the comments given by people who did not read the article. And I quote from my prior comment, "As I have been reading the above comments people have said, "HEY! I am an ISP!" But there are certian legal problems with that statment." So once again, RTFP before you comment on it. Or at least read some of the comments.

Go get back under your bridge...

Consumer...

[illumina+us]

I think consumer would suggest that it is a commercial service. Just a thought...

Just be "reasonable".

[Eric+Savage]

Reasonable is the word that keeps most lawyers in business. The law is not objective, and it should be fairly easy for you to realize that you aren't going to convince a judge that your $200 linux box and $50 cable modem that handles mail for 5 people is not an ISP any more than your kitchen is a restaurant. Now if its a registered business that considers internet access fees as a main source of revenue, it should be clear that it is an ISP. There is a middle ground, there is always a middle ground, and as someone mentioned, what that is will be determined in some respects by lawyers and judges.

I think the reason that only ISPs and businesses can sue is to prevent the courts from getting clogged up with people that want $500 for every spam they get. ISPs are going to vet the attacks and go after the worst offenders. If that has an effect on spam then the law was successful, if not they can always pass a new law.

Congress is, and should be, scared of passing a law that will sabotage an infrastructure they don't fully understand. I think the law is pretty weak, but I think it laid down some important principles and will prove to be a foundation for more specific and effective laws.

As expected here on slashdot, people think that because MSFT has an ISP and they were involved that this is somehow an insidious plot. Answer me this, how, in any possible way, does MSFT or AOL benefit from a weak spam law? How does any ISP or higher tier provider benefit? The groups that stand to benefit are spammers, anti-spam software vendors to some extent, and shady marketers. For the most part legit marketers gave up unsolicited email (AKA acquisition marketing) a while ago.

Spamcop is an ISP under this definition

[Animats]

It looks like anti-spam services like Spamcop can use this law. It could even be a big profit center for them.

Clearly SpamCop is a service provider. No problem there.

Services like Spamcop see many copies of the same spam, so they can aggregate them up to the $1 million limitation. They see enough addresses that they can detect dictionary attacks (an "aggrivated offense"). If they use spam trap addresses, they can detect mining, another aggrevated offense.

Because SpamCop routinely informs spammers that they're spammers, they can even meet the high standard under the "special definition of procure" that places liability on advertisers only if they have "actual knowlege, or by consciously avoiding knowing,whether such person is engaging [in spamming]".

But none of this will stop the coming flood of "legitimate" spam. That, though, can be automatically filtered.

So what we need now is a service like SpamCop that sues spammers aggressively.

Re:How Do you Know What's Right?

[SlideGuitar]

Sometimes you win (when you have the dollars) and sometimes you lose (when you do not have the dollars).

Living in a democracy MIGHT oblige you to accept the outcome, but since dollar dependendent outcomes are evidence that you do NOT live in a democracy.... where's the obligation?

The alternative to one dollar/one vote is one person/ one vote... That would be a nice system to try sometime here in the US.

As James Madision would argue the issue, "people" probably only included white landholders, so let's just leave Madison in his coffin.

I see no harm in thinking about how things ought to be.

A router is enough to qualify..

I provide service to other computers via a router dont I??? just like a local ISP is just a router for the phone company....

Re:How Do you Know What's Right?

[reallocate]

well, obviously you're wrong. What do you mean by that cute phrase "dollar dependent outcomes"? Did you learn that from some Volvo-driving academic? Or from some paid A.N.S.W.E.R. shill?

Politicians want your vote more than your money. Or a lobbyist's money. Try voting and try politics before you waste yourself trying to be chic be wading in infantile cyncicsm.

Since you seem willing to ignore everything Madison or any of his peers said if they held one belief held wrong today, I guess we should jsy write you off, too. You've already made one mistake.

Besides, you haven't answer my question. If you think something is right, why should anyone else agree with you? Are you imagining that there are absolute moral imperatives on which everyone agrees and that that forms the basis of government? If not, how do you propose to handle conflicting views?

Re:If you can't understand a law, it is a corrupt

[djmurdoch]

It is intended to accomplish nada, nothing, zip, nil. It is pre-election hype.

Isn't it a bit early for that? I thought the elections were a year off. A year is plenty of time to see that this law didn't accomplish anything useful.

(I'm not in the USA, so apologies if I've got the date wrong.)

figuring out sendmail

[hakr89]

now all i have to do is figure out how to configure sendmail and i'm good to go

No, the law specifies exemption...

[phorm]

As per this comment, copyright infringement notification don't count as spam.

However, if they message you and you aren't carrying any copyrighted material...

Bad wording

[phorm]

If you sort through the poorly structured sentence, it is implying that a five-year-old (note it says "a" not "my") running a quake server could be considered a businessman or at leastt a service provider. It doesn't indicate that the poster's child is running a server though.

Add a 1 to that (15 year old) and that's probably not a bad demographic for a kid with a play quake server.

I cant

[floydman]

belive i am the first to say this, but an ISP is an "Internet Service Provider" stupid.

Re:I'm an ISP...

[misterpies]

will someone with an appreciation of Monty Python please mod parent as funny...