Sunday, February 26, 2006

Security, Spam and EBay Law round up

Finally tonight, folks, also worth noting: yet another intensely sensible comment on trust and security from Bruce Schneier, my man of the moment:

and a clip I've meant to blog for some time - Yahoo! and AOL have reinvented the email postage stamp, only a year after Bill Gates did, we all laughed at him, The Great Unwashed Public said "We aren't gonna pay extra for steenking email!" and he said "Gee, that wasn't such a good idea after all huh?". OK the new scheme is a bit different. Yahoo! and AOL say it will act to give email that is stamped "preference", rather than acting, as Gates first envisaged it, as a spam whitelist. This still won't make the public like it so it's being sold as a way of prioritising business email. Do you want your email de prioritised? I sure as hell don't..

Also there's this: "AOL and Yahoo will still accept e-mail from senders who have not paid, but the paid messages will be given special treatment. On AOL, for example, they will go straight to users' main mailboxes, and will not have to pass the gantlet of spam filters that could divert them to a junk-mail folder or strip them of images and Web links."

So if you're a spammer with a bit of start up cash all you have to do is pay the stamp and you evade all filters. OK, 99.99% of spammers won't do that but it still irks me, as the whole point of spam is that it is unsolicited. Spam filters should apply if it's SPAM no matter how much blood money has been paid! OK, the NY Times report adds "The senders must promise to contact only people who have agreed to receive their messages, or risk being blocked entirely." - but like, all spammers have been totally truthful up till now? Riiight!

Theer's also the point that Yahoo! and AOL simply keep the "postage stamp" money. When economic modes of stopping spam were first proposed a year or two back, the general foundational idea was that the "spam tax" money would not be kept by ISPs but raked back by the givernment or at least some independent body to be spent on functions of use to the whole Internet - like developing better spam filters. This way it becomes just another revenue stream for Yahoo!/AOL. Back to the NY Times article. ""From AOL's perspective, this is an opportunity to earn a significant amount of money from the sale of stamps," he said. "But it's bad for the industry and bad for consumers. A lot of e-mailers won't be able to afford it."

Meanwhile back at The Register, the old idea of strict liability for data breaches has reared its head again in the wake of the theft of a laptop from a mortgage lender containing 550,000 people's full credit information. In the US, the the Gramm Leach Bliley Act (GLBA), 15 USC 6801, demands that holders of financial data take reasonable care as to it. In the end however, the mortgage lender was found to have behaved reasonably: " it was not foreseeable that the laptop containing this information, being kept in this home office, might be the subject of a burglary. The court even deemed the location to be a "relatively safe" neighborhood in suburban Washington DC. This is despite the fact that last year alone there were a large number of laptop thefts across the United States."

Finally just a marker of what might be a significant case in the beginning of the end for EBay's carefully kept position of "intermediary neutrality". Tiffany, the diamond folks, are suing EBay for essentially aiding and abetting the passing off of Tiffany fakes via their site. It's hard to see how EBay, unlike old fashioned ISPs, can maintain that they can only stay in business if not held liable for third party content, when their entire business model is based on taking a cut from other parties' third party content. The fact that EBay maintains pages of guidance on not selling goods such as counterfeits on its site merely demonstrates that (a) they know the problem exists but (b) they aren't going to spend any (OK, many) resources on solving it, even though they have the benefit of access to far more data than either the businesses whose trademarks are infringed or the police. Watch this one run..

No comments: