it is unlike in some aspects, but in general, almost all licence agreements that exceed two sentences have weird clauses, clauses that are open to misinterpretation and so on.
What makes the GPL so unique is that it causes you to enter into an agreement with a poorly defined "other party." Generally when a company (especially a large company) enters into a licensing agreement, it has someone in particular it can contact to negotiate undesirable (to the company) clauses. With GPL'ed code, this is often impossible because of the large number of poorly identified submitters and lack of clarity as to who is authorized to speak for them. Even opensource projects run into this (c.f. OpenOffice.org versus NeoOffice license incompatibilities, or efforts to relicense large projects from GPL to BSD).
Large companies also have a pretty good idea of what licensing clauses they can litigate around and even ignore (as I've discovered working with large company legal departments). Sometimes when a company licenses something with obscure and difficult clauses, it just ignores them and figures it'll deal with the lawsuit if it ever comes; they can almost always be settled for some small monetary damage, so it's just a cost of doing business. If you complied with every single clause of every agreement you'd ever signed, you couldn't get any work done (this is no different then how individuals generally ignore the numerous agreements they sign all the time including EULAs). You can't easily apply this to the GPL because there's no one you can "buy off" like you can with most agreements. Great for keeping the GPL pure, but very troubling for many companies.
* The article misrepresents the GPL by stating: "The GPL license requires the company to publish the code that it develops for the phone." This is not true; GPL requires that modifications to GPL code be released, not that code developed for a GPL platform be released. Such confusions are exactly why it is a minefield out there. Even if you're in compliance, you get accused of not being so.
* Hemel has not actually identified any code that is in violation (according to the article, though it also says he's identified the MTD as being in violation). As he says, "I'm not going to do their work for them." But without some clear identification, this becomes a fishing expedition. He says "you're not in compliance" and/. expects the company to prove the negative. Minefield #2.
* Cisco, as noted by the article, was "very open to his report, [Hemel] said. The company subsequently fixed omissions on a few products that Hemel identified." Every indication is given in the article that Cisco has worked with Hemel in good faith to ensure GPL compliance. This is very different from Apple's announcement of an apparently violating trademark while literally in the middle of negotiations over whether they could use it. Regardless of the merits of either, comparing the two is absurd. They have nothing in common except a vague "IP violation" umbrella.
* As Hemel notes in the way of a hunch, large companies often acquire code from partners, acquisitions, and contractors. Ensuring that none of these sub-parties has violated GPL is a significant burden, and in most cases impossible to do 100%. Minefield #3. Companies should be judged for their good faith in these situations and particularly how they react when problems are discovered. Nothing in this article indicates that Cisco has behaved except in good faith.
The original poster was quite correct that the GPL is a minefield. The fact that you often know when you're entering it (unlike software patents) does not remove the minefield. The only way to avoid the minefield is to completely avoid GPL platforms and code, or to GPL absolutely everything you produce. If you wish to work somewhere between those two poles (which Linux seems to encourage), then there are going to be some legal issues to watch out for, and legal issues that don't have really clear answers because the GPL is unlike any other "license agreement" that came before.
The good news is that the GPL creates exactly the kinds of problems for propriety-software companies that RMS wanted it to cause. The bad news is the the GPL can be a bit of a minefield for proprietary-software companies.
And this helps get to the heart of why geeks get confused about law. They think that laws are defined by RFCs or by what is commonly known to geeks, or in any highly word-by-word way. This isn't the case. Laws are always interpreted, and are generally interpreted based upon the court's belief of the intents of the legislature (so the legislative record around the law is important) and based on a more "common man" reading than a geek reading (and the Oxford definition is certainly more common man). Non-technophilles (including law-makers) are unlikely to see a fundamental difference between "email" and "IM" in the context of this particular statute, and law makers unlikely meant there to be a difference (which is the point of the opinion).
Geeks want law to be like code, but it's not. It's fuzzy, based on intent and precedent. That's why the judge's opinion even calls these issues out rather than just applying a binary answer. The shades all matter for the next court who tries to interpret this law in a similar way (thus attempting to preserve fairness even at the expense of accuracy or specificity).
I'm a parent of two with one on the way and I hate this idea for my kids. I'm not as troubled as some about all the ways its intended to be used (basically tattle-taling on kids). I don't think that knowing where the IDs are (not the kids, the IDs) is really going to help that much for what they want and that the time saved in attendence can be fixed other ways (like an old mechanical punchclock if we really need to save the teacher that 90 seconds).
What scares me is all the ways this *isn't* supposed to be used, especially when the kids aren't at school. Now we have a nice 15-digit unique identifier that anyone can read. Wouldn't that be handy for someone other than schools? Why not let the arcade use it for your account number? That seems ok. Drink machines? We can make sure you don't go over your parent-approved daily limit. Sounds good. SSNs were supposed to be *just* for Social Security, we promise, we would never make them a universal identifier. Now they're everything. Now we get a new one, but it has a thousand more uses because it broadcasts.
Broadcasts. Good high-gain antenna and I wonder what I can pick up at a distance. Bruce Schneier says they're good out to 20 meters today. Everyone's so worried about the government. What about the creeps out there? What about marketers? (But I repeat myself.)
If this is over attendence, give the kids contact badges like everyone uses to get into work these days. Let them "beep" into class. They'll get all the attendence benefits without the worst of the RFD side effects (at least with a contact badge you get to *choose* when it's read). As for catching kids doing bad stuff, you can threaten all you like, but the punishments for misplacing your badge here and there won't be expulsion. So badges will have a habit of being elsewhere if the kid is going somewhere he doesn't want the badge to be. You'll catch a few smoking in the john, but it won't be worth what we give up.
Almost always, an [unpowered] RFID badge must be swiped within a foot a reader
By spec this is true. That's got nothing to do with what you can achieve with decent equipment. Physics doesn't care what the specs say you can and can't do.
Bruce Schneier did an excellent discussion of this relative to RFID passports: "In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable."
Of course, the REAL answer is - people should live near where they work. The city should be designed so that this can be possible for the majority of workers. Nobody should ever be commuting from Kent to Seattle - it's a rediculous notion.
This has been tried in a number of cities without success. You can move the employment into the suburbs, but then you just wind up with suburb-to-suburb commutes which are even worse than suburb-to-city commutes. Google for "suburb commute" and "suburb-to-suburb commute" for some good articles on the subject.
Consider the simple case of going to work for Bob's Hardware in ThisSuburb. Nice place, great job, I buy a house. But then I get a very nice job offer from Mary's Hardware in ThatSuburb on the other side of TheCity. Do you expect me to sell my house and move to ThatSuburb? Or should I turn down the new job offer? Roll those dice about a million times for everyone in the region and you quickly having everyone commuting all over the place and all your planning is shot.
The unfortunate fact of the matter is that almost nothing will fix this problem except for higher population densities. People have to be willing to live very close to each other and not have any land. Then mass transit works pretty well. The American dream is an acre and your own house, so what do you do?
Personally I vote for more money for mass transit every time it comes up on the ballot and I always vote against any road measure that doesn't include more funding for mass transit. But it's just because of a vague feeling that "mass transit is good." I can't myself come up with any way they could possibly deploy it that it would work for me or anyone who lives near me. We're just too spread out on our nice big wooded lots that we love so much. I just would rather throw money away trying to solve the problem than to give up on it. I have this weird fantasy that it bleeds over to a greener attitude from our elected officals, but I'm probably just kidding myself.
Your reasoning is fair in so far as arguing whether GPL seeks to use copyright to eliminate copyright. As such, however, to me the derivitive author, it is certainly not "freedom." Whether we as a society would be better off with or without copyright doesn't change the fact that the GPL prohibits me from distributing code I have myself legally written in certain circumstances. Some of these circumstances are not even within my control (consider paragraph 7). This is certainly quite more restrictive than the public domain.
That said, if there were no copyright at all, we would all have complete freedom and there would be no need for the GPL. Whether that would be good or bad is a subject of quite reasonable debate. But it has nothing to do with the fact that the GPL does reduce my rights to derive works based on software under it.
The GPL has a monopolist tactic of making it very difficult to mix it with competitors. Once you go a little into the GPL, it is tricky to not have to switch completely over to it. Many Linux distributors have run into this at one point or another if they ever try to put any proprietary software into the mix (particuarly anything they've written themselves). This is because the FSF's position is that if you use any of their toys, you should be only using their toys. This, btw, is precisely Microsoft's position as well. Microsoft has just been better at pulling it off.
BTW, in debating whether the world would be a better place w/o proprietary software, I always argue that one should ask instead "should copyright itself be done away with." I believe that any reasonable arguements that apply to software should apply to books, movies, music, art and everything else. If you beleive that books should have copyright, but software should not, then I think there needs to be a very strong explanation for that counter-intuitive position.
Interesting question: what's going to happen in 50-75 years when the first of the GPL software enters the public domain and is released from its license?
You can agree to use it under the GPL, you can limit yourself to "fair use" of the software, or you can contact the copyright holder and negotiate a seperate licence.
This is true of all licenses. you can abide by the license, make use of any fair use provisions in your jurisdiction, or you can negotiate a separate license. While it is true that fair use is under attack, it is still technically the law. The problems with the DMCA aren't relavent to any particular license. They just don't apply to GPL code because GPL doesn't assert any technical copy protection by the author. It does assert certain legal copy protections, in so much as you must stop copying it if you are found in violation. Which is true of all licenses.
GPL does not grant any rights. No license can. Rights are unlimited with a public domain work; you can't get any better than that. GPL, like all licenses, restricts what you may do with a controlled work.
The real problem appears to be that its been so long since anything went into the public domain that people have forgotten what it is and somehow think that they require a special license in order to be free.
What else is a monopoly but the exclusive control over the rights to something? You have copyright on the things you write. That gives you monopoly control over them. That's what copyright means (monopoly control over copying). It doesn't mean "stifle competition and innovation." That comes later.
The point you are trying to make I believe is that the GPL does not create an abusive monopoly, or perhaps that it does not create an undesireable monopoly (depending on who desires what), but it absolutely creates restrictions on what can be done with software under it. And that isn't freedom (but then I never said total freedom was good).
In response to "aren't *all* licenses imposed on users," the answer is yes. So to have total freedom, you have to have no license. We have a name for that: the public domain. That is total freedom.
As far as "It's still the user's choice whether or not to *use* the software," this is true of Windows as well. Does this mean that Microsoft does not have a monopoly? Would things change if some core piece of technology that everyone used were under the GPL? Given that we're headed that direction, it's a valid thing to consider. The "if you don't like it, you don't have to use my stuff" has always been the argument of monopolists (and they've always been right in their way).
Her comment "is not "free", but is actually a different form of monopoly" was misjudged
Perhaps, but it does seem a debatable point. The GPL specifically imposes restrictions on what can be done with software under it. In order to extend any of the software, you have to agree to those terms, some of which are quite restrictive. It could be argued that the GPL community holds a monopoly on GPL software development. You're free to join, but you have to do so under their rules, some of which are more restrictive than some commercial contracts. Is that fair? Sure. But it's not total freedom. The BSD license is much more "free" in that sense, and putting things in the public domain is even more so.
That said, I completely agree that her article seemed quite factual. Her assertion that she is trying to prevent US-style business-method patents is extremely encouraging. Nothing RMS said directly challenged this claim. He just argued "patents bad; EU doing patent stuff; bad bad bad." I didn't see any specific claims about the current EU directive under consideration except one unsubstantiated claim that the BSA wrote it. What does he mean "we detected it?" Based on the radioactive signature perhaps? Maybe the smell?
There's been a lot of talk comparing this to vandals coming and screwing with your server or your property. This isn't like that. If your server gets trashed, that's your problem. The issue here is incoming bandwidth that you didn't ask for and have done everything in your power to make go away.
Compare this to someone constantly text-messaging spam to your wireless phone. You could quickly run up an insane bill that way, and there's really nothing you could do about it. The wireless company is contractually in its rights to charge you.
But it won't.
That's how they work. Someone screws with you, typically the provider eats it, especially if there was nothing you could do about it. That puts the incentive back onto the one entity who can actually do something about it: the providers. True for wireless. True for credit cards. True for just about anything where the end user can't do anything to stop the abuse.
The ISPs can do something about it. They have chosen not to because of how we (the geeks) developed the internet. It's too trusting. But at the end of the day, your ISP does know who you are, because they send you a bill. And they could apply uniform terms of service if they chose to, and only talk to other ISPs who have similar terms.
The RBLs are the future. They just don't go far enough. When they're willing to not just cut off SMTP but entire connectivity to other ISPs who aren't willing to play by uniform rules, then we'll start to see some changes. What kinds of rules? Here's some for starters:
Authenticated mail only. Yep, this looks like banks' "know your customer" rules. You can be anonymous all you like up to the point that you connect to the mailer. But the guy who forwards mail for you is going to be held responsible for your behavior. Yes, that will radically change the free-service providers (yahoo, hotmail, etc). They're free to come up with solutions that don't require them to know exactly who you are, but if they host spammers, we're not going to talk to them. This is just the logical extension of RBLs.
Same deal for acting as a DDoS zombie. The owner of the unpatched box is responsible, but it's the responsibility of the ISP to be able to identify that person for legal action. If they can't or won't, then we don't talk to them.
None of this says that you can't be anonymous most of the time. It just says that if you're disrupting service and causing real losses due to your actions or lack of actions, your ISP is going to have to hand you over, or they're going to be held responsible. The right to privacy has to be balance with responsibility for your actions.
The old-world networks (phones) have worked this way for years. I can block my out-bound caller-id. I can have an unlisted phone number. I can be very anonymous on the phone. But if I'm named in a law suit or criminal complaint, the phone company will hand me over in a heart beat. The only way around this is pay phones with cash. It's hard to run a large-scale scam that way.
And no, this doesn't mean that an ISP's logs are free game to the RIAA. But it does mean that if the RIAA wants to name a specific "unknown party" in a lawsuit, the ISP is obligated to identify them. Before you get excited, that's exactly the current situation. The RIAA just wants to get the info without actually suing you (which is wrong, and luckily some ISPs have resisted). ISPs need to be willing to say they will only interconnect with other ISPs who play by the same rules.
Yes, this will fragment the internet for a short period of time. So do the RBLs. But economics will fix it fast enough, especially if entire connectivity is cut off.
Slashdot Mirror
it is unlike in some aspects, but in general, almost all licence agreements that exceed two sentences have weird clauses, clauses that are open to misinterpretation and so on.
What makes the GPL so unique is that it causes you to enter into an agreement with a poorly defined "other party." Generally when a company (especially a large company) enters into a licensing agreement, it has someone in particular it can contact to negotiate undesirable (to the company) clauses. With GPL'ed code, this is often impossible because of the large number of poorly identified submitters and lack of clarity as to who is authorized to speak for them. Even opensource projects run into this (c.f. OpenOffice.org versus NeoOffice license incompatibilities, or efforts to relicense large projects from GPL to BSD).
Large companies also have a pretty good idea of what licensing clauses they can litigate around and even ignore (as I've discovered working with large company legal departments). Sometimes when a company licenses something with obscure and difficult clauses, it just ignores them and figures it'll deal with the lawsuit if it ever comes; they can almost always be settled for some small monetary damage, so it's just a cost of doing business. If you complied with every single clause of every agreement you'd ever signed, you couldn't get any work done (this is no different then how individuals generally ignore the numerous agreements they sign all the time including EULAs). You can't easily apply this to the GPL because there's no one you can "buy off" like you can with most agreements. Great for keeping the GPL pure, but very troubling for many companies.
Note all the parts of the article, however:
/. expects the company to prove the negative. Minefield #2.
* The article misrepresents the GPL by stating: "The GPL license requires the company to publish the code that it develops for the phone." This is not true; GPL requires that modifications to GPL code be released, not that code developed for a GPL platform be released. Such confusions are exactly why it is a minefield out there. Even if you're in compliance, you get accused of not being so.
* Hemel has not actually identified any code that is in violation (according to the article, though it also says he's identified the MTD as being in violation). As he says, "I'm not going to do their work for them." But without some clear identification, this becomes a fishing expedition. He says "you're not in compliance" and
* Cisco, as noted by the article, was "very open to his report, [Hemel] said. The company subsequently fixed omissions on a few products that Hemel identified." Every indication is given in the article that Cisco has worked with Hemel in good faith to ensure GPL compliance. This is very different from Apple's announcement of an apparently violating trademark while literally in the middle of negotiations over whether they could use it. Regardless of the merits of either, comparing the two is absurd. They have nothing in common except a vague "IP violation" umbrella.
* As Hemel notes in the way of a hunch, large companies often acquire code from partners, acquisitions, and contractors. Ensuring that none of these sub-parties has violated GPL is a significant burden, and in most cases impossible to do 100%. Minefield #3. Companies should be judged for their good faith in these situations and particularly how they react when problems are discovered. Nothing in this article indicates that Cisco has behaved except in good faith.
The original poster was quite correct that the GPL is a minefield. The fact that you often know when you're entering it (unlike software patents) does not remove the minefield. The only way to avoid the minefield is to completely avoid GPL platforms and code, or to GPL absolutely everything you produce. If you wish to work somewhere between those two poles (which Linux seems to encourage), then there are going to be some legal issues to watch out for, and legal issues that don't have really clear answers because the GPL is unlike any other "license agreement" that came before.
The good news is that the GPL creates exactly the kinds of problems for propriety-software companies that RMS wanted it to cause. The bad news is the the GPL can be a bit of a minefield for proprietary-software companies.
And this helps get to the heart of why geeks get confused about law. They think that laws are defined by RFCs or by what is commonly known to geeks, or in any highly word-by-word way. This isn't the case. Laws are always interpreted, and are generally interpreted based upon the court's belief of the intents of the legislature (so the legislative record around the law is important) and based on a more "common man" reading than a geek reading (and the Oxford definition is certainly more common man). Non-technophilles (including law-makers) are unlikely to see a fundamental difference between "email" and "IM" in the context of this particular statute, and law makers unlikely meant there to be a difference (which is the point of the opinion).
Geeks want law to be like code, but it's not. It's fuzzy, based on intent and precedent. That's why the judge's opinion even calls these issues out rather than just applying a binary answer. The shades all matter for the next court who tries to interpret this law in a similar way (thus attempting to preserve fairness even at the expense of accuracy or specificity).
I'm a parent of two with one on the way and I hate this idea for my kids. I'm not as troubled as some about all the ways its intended to be used (basically tattle-taling on kids). I don't think that knowing where the IDs are (not the kids, the IDs) is really going to help that much for what they want and that the time saved in attendence can be fixed other ways (like an old mechanical punchclock if we really need to save the teacher that 90 seconds).
What scares me is all the ways this *isn't* supposed to be used, especially when the kids aren't at school. Now we have a nice 15-digit unique identifier that anyone can read. Wouldn't that be handy for someone other than schools? Why not let the arcade use it for your account number? That seems ok. Drink machines? We can make sure you don't go over your parent-approved daily limit. Sounds good. SSNs were supposed to be *just* for Social Security, we promise, we would never make them a universal identifier. Now they're everything. Now we get a new one, but it has a thousand more uses because it broadcasts.
Broadcasts. Good high-gain antenna and I wonder what I can pick up at a distance. Bruce Schneier says they're good out to 20 meters today. Everyone's so worried about the government. What about the creeps out there? What about marketers? (But I repeat myself.)
If this is over attendence, give the kids contact badges like everyone uses to get into work these days. Let them "beep" into class. They'll get all the attendence benefits without the worst of the RFD side effects (at least with a contact badge you get to *choose* when it's read). As for catching kids doing bad stuff, you can threaten all you like, but the punishments for misplacing your badge here and there won't be expulsion. So badges will have a habit of being elsewhere if the kid is going somewhere he doesn't want the badge to be. You'll catch a few smoking in the john, but it won't be worth what we give up.
By spec this is true. That's got nothing to do with what you can achieve with decent equipment. Physics doesn't care what the specs say you can and can't do.
Bruce Schneier did an excellent discussion of this relative to RFID passports: "In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable."
This has been tried in a number of cities without success. You can move the employment into the suburbs, but then you just wind up with suburb-to-suburb commutes which are even worse than suburb-to-city commutes. Google for "suburb commute" and "suburb-to-suburb commute" for some good articles on the subject.
Consider the simple case of going to work for Bob's Hardware in ThisSuburb. Nice place, great job, I buy a house. But then I get a very nice job offer from Mary's Hardware in ThatSuburb on the other side of TheCity. Do you expect me to sell my house and move to ThatSuburb? Or should I turn down the new job offer? Roll those dice about a million times for everyone in the region and you quickly having everyone commuting all over the place and all your planning is shot.
The unfortunate fact of the matter is that almost nothing will fix this problem except for higher population densities. People have to be willing to live very close to each other and not have any land. Then mass transit works pretty well. The American dream is an acre and your own house, so what do you do?
Personally I vote for more money for mass transit every time it comes up on the ballot and I always vote against any road measure that doesn't include more funding for mass transit. But it's just because of a vague feeling that "mass transit is good." I can't myself come up with any way they could possibly deploy it that it would work for me or anyone who lives near me. We're just too spread out on our nice big wooded lots that we love so much. I just would rather throw money away trying to solve the problem than to give up on it. I have this weird fantasy that it bleeds over to a greener attitude from our elected officals, but I'm probably just kidding myself.
That said, if there were no copyright at all, we would all have complete freedom and there would be no need for the GPL. Whether that would be good or bad is a subject of quite reasonable debate. But it has nothing to do with the fact that the GPL does reduce my rights to derive works based on software under it.
The GPL has a monopolist tactic of making it very difficult to mix it with competitors. Once you go a little into the GPL, it is tricky to not have to switch completely over to it. Many Linux distributors have run into this at one point or another if they ever try to put any proprietary software into the mix (particuarly anything they've written themselves). This is because the FSF's position is that if you use any of their toys, you should be only using their toys. This, btw, is precisely Microsoft's position as well. Microsoft has just been better at pulling it off.
BTW, in debating whether the world would be a better place w/o proprietary software, I always argue that one should ask instead "should copyright itself be done away with." I believe that any reasonable arguements that apply to software should apply to books, movies, music, art and everything else. If you beleive that books should have copyright, but software should not, then I think there needs to be a very strong explanation for that counter-intuitive position.
Interesting question: what's going to happen in 50-75 years when the first of the GPL software enters the public domain and is released from its license?
This is true of all licenses. you can abide by the license, make use of any fair use provisions in your jurisdiction, or you can negotiate a separate license. While it is true that fair use is under attack, it is still technically the law. The problems with the DMCA aren't relavent to any particular license. They just don't apply to GPL code because GPL doesn't assert any technical copy protection by the author. It does assert certain legal copy protections, in so much as you must stop copying it if you are found in violation. Which is true of all licenses.
GPL does not grant any rights. No license can. Rights are unlimited with a public domain work; you can't get any better than that. GPL, like all licenses, restricts what you may do with a controlled work.
The real problem appears to be that its been so long since anything went into the public domain that people have forgotten what it is and somehow think that they require a special license in order to be free.
The point you are trying to make I believe is that the GPL does not create an abusive monopoly, or perhaps that it does not create an undesireable monopoly (depending on who desires what), but it absolutely creates restrictions on what can be done with software under it. And that isn't freedom (but then I never said total freedom was good).
In response to "aren't *all* licenses imposed on users," the answer is yes. So to have total freedom, you have to have no license. We have a name for that: the public domain. That is total freedom.
As far as "It's still the user's choice whether or not to *use* the software," this is true of Windows as well. Does this mean that Microsoft does not have a monopoly? Would things change if some core piece of technology that everyone used were under the GPL? Given that we're headed that direction, it's a valid thing to consider. The "if you don't like it, you don't have to use my stuff" has always been the argument of monopolists (and they've always been right in their way).
Perhaps, but it does seem a debatable point. The GPL specifically imposes restrictions on what can be done with software under it. In order to extend any of the software, you have to agree to those terms, some of which are quite restrictive. It could be argued that the GPL community holds a monopoly on GPL software development. You're free to join, but you have to do so under their rules, some of which are more restrictive than some commercial contracts. Is that fair? Sure. But it's not total freedom. The BSD license is much more "free" in that sense, and putting things in the public domain is even more so.
That said, I completely agree that her article seemed quite factual. Her assertion that she is trying to prevent US-style business-method patents is extremely encouraging. Nothing RMS said directly challenged this claim. He just argued "patents bad; EU doing patent stuff; bad bad bad." I didn't see any specific claims about the current EU directive under consideration except one unsubstantiated claim that the BSA wrote it. What does he mean "we detected it?" Based on the radioactive signature perhaps? Maybe the smell?
Compare this to someone constantly text-messaging spam to your wireless phone. You could quickly run up an insane bill that way, and there's really nothing you could do about it. The wireless company is contractually in its rights to charge you.
But it won't.
That's how they work. Someone screws with you, typically the provider eats it, especially if there was nothing you could do about it. That puts the incentive back onto the one entity who can actually do something about it: the providers. True for wireless. True for credit cards. True for just about anything where the end user can't do anything to stop the abuse.
The ISPs can do something about it. They have chosen not to because of how we (the geeks) developed the internet. It's too trusting. But at the end of the day, your ISP does know who you are, because they send you a bill. And they could apply uniform terms of service if they chose to, and only talk to other ISPs who have similar terms.
The RBLs are the future. They just don't go far enough. When they're willing to not just cut off SMTP but entire connectivity to other ISPs who aren't willing to play by uniform rules, then we'll start to see some changes. What kinds of rules? Here's some for starters:
- Authenticated mail only. Yep, this looks like banks' "know your customer" rules. You can be anonymous all you like up to the point that you connect to the mailer. But the guy who forwards mail for you is going to be held responsible for your behavior. Yes, that will radically change the free-service providers (yahoo, hotmail, etc). They're free to come up with solutions that don't require them to know exactly who you are, but if they host spammers, we're not going to talk to them. This is just the logical extension of RBLs.
- Same deal for acting as a DDoS zombie. The owner of the unpatched box is responsible, but it's the responsibility of the ISP to be able to identify that person for legal action. If they can't or won't, then we don't talk to them.
None of this says that you can't be anonymous most of the time. It just says that if you're disrupting service and causing real losses due to your actions or lack of actions, your ISP is going to have to hand you over, or they're going to be held responsible. The right to privacy has to be balance with responsibility for your actions.The old-world networks (phones) have worked this way for years. I can block my out-bound caller-id. I can have an unlisted phone number. I can be very anonymous on the phone. But if I'm named in a law suit or criminal complaint, the phone company will hand me over in a heart beat. The only way around this is pay phones with cash. It's hard to run a large-scale scam that way.
And no, this doesn't mean that an ISP's logs are free game to the RIAA. But it does mean that if the RIAA wants to name a specific "unknown party" in a lawsuit, the ISP is obligated to identify them. Before you get excited, that's exactly the current situation. The RIAA just wants to get the info without actually suing you (which is wrong, and luckily some ISPs have resisted). ISPs need to be willing to say they will only interconnect with other ISPs who play by the same rules.
Yes, this will fragment the internet for a short period of time. So do the RBLs. But economics will fix it fast enough, especially if entire connectivity is cut off.