[anti-abuse-wg] Legal concerns, was Manual vs automated reports
- Previous message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Fri Jul 27 03:58:10 CEST 2012
Feedback loops sent to third parties tend to have PII stripped. Based on a definition of PII that does not regard IP addresses as personal data. On Jul 26, 2012 11:05 PM, "Alessandro Vesely" <vesely at tana.it> wrote: > On Thu 26/Jul/2012 18:37:55 +0200 Tobias Knecht wrote: > >> In the words of RFC 6650: > > > > Don't get me wrong, this rfc is a good one an clarifies some things, > > but it is written by Americans under their understanding of US law. > > IMHO, it is not so much being Americans or whatever, as being versed > on legal points of view. > > > Some things that are mentioned are not possible under European > > Jurisdiction. For example providing Feedbackloops is especially in > > Germany a very critical task. > > Is it? I guess in Italy we have more or less the same European > directives. So long as the user is clearly informed about what data > is being sent to who, and grants her/his consent to that, it should be > legal to do FBLs. Yet, IANAL. > > The best thing, IMHO, would be do gather users' consent on the first > time they hit a "This is Spam" button. At the same time, give them > the option to redact their email address in the header. (See > http://tools.ietf.org/html/rfc6590 ). > > > So rfc 6650 is good but unfortunately does not fit all use and legal > > cases. > > We need to clear up this issue. Googling for that I find that ETIS, > which is based in Europe, has an "Anti SPAM Co-operation Group" that > "is also working on an anti-spam feedback loop project." (Quotes from > http://etis.org/groups/anti-spam-task-force ). I'd guess you know > them; they have a meeting on next Oktoberfest... Would they cover > those legal concerns? > > A recurring objection in the acm-tf was that RIPE handles just a > region, and therefore we'd need anti-abuse practices to be specified > by some global body such as the IETF. Now we have it. We should use > it as we use SMTP. And the fact that our law is better than theirs > should be an aid, not a hindrance! > > > In addition to that, I do not have any problem in single persons > > reporting abuse incidents as long as they are useful. And even people > > in the registration business sometimes do not know how to report > > correctly, which is not bad it's just that they haven never done it > > before and need somebody/something that guides them through, which > > should be one of the next tasks for this community to define. > > Very much agreed. We need to exchange scripts and ideas. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20120727/e975baf3/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Legal concerns, was Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]