[governance] beijing ticket scam - is this governed at all?

Ian Peter ian.peter at ianpeter.com
Mon Aug 4 20:52:09 EDT 2008


Hi Paul,

I'm not sure it's as black and white as that - in traditional media (in this
country, and a few others as well) self regulation is a large part of the
way things operate. And - although I disagree with it - the medical
profession operates largely under self regulation. In both these cases (and
I am sure there are many others) industries take it upon themselves to deal
with their problems in a collegiate manner. 

With Internet a degree of this is necessary. For instance, police cannot
take down a site without industry action - they can only arrest and charge
people. But that gets complicated because in a few of these cases both
jurisdiction and law are quite blurred - the recent case of a British
citizen living in Spain, with Internet servers in the Bahamas, selling
holidays to Cuba, and having his domain name impounded by a registrar
located in the USA because it appeared to break the US embargo against Cuba
is one recent case in point.

And as John mentioned, phishing is of the magnitude of several new sites a
day. That's beyond Interpol resources who probably should concentrate on
child porn and similar issues if there resources are thinly spread - and in
Rio I spent some time talking to a Dutch regulator who felt he could only
rely on about 3 or so countries to co-operate on phishing issues.

Yes, there probably should be a policing role here and police do get
involved with APWG. And there probably should be clear legal structures as
well. But should the Internet industry wait until police issue them with a
subpoena in an appropriate range of jurisdictions before taking action? Or
when there is a known problem should they act in accordance with some Code
of Conduct or agreed mechanism? I guess that's what I meant by
self-regulation. 

For instance, if a bank reports a fake site which is luring their customers,
should the Internet industry take no action until instructed to do so by the
police? (and I guess if it should act, in what ways, and what mechanisms are
in place to ensure effective industry action?)



Ian Peter
Ian Peter and Associates Pty Ltd
PO Box 10670 Adelaide St  Brisbane 4000
Australia
Tel (+614) 1966 7772 or (+612) 6687 0773
www.ianpeter.com
 
 

> -----Original Message-----
> From: Paul Wilson [mailto:pwilson at apnic.net]
> Sent: 05 August 2008 09:19
> To: governance at lists.cpsr.org; 'John Levine'
> Subject: RE: [governance] beijing ticket scam - is this governed at all?
> 
> Ian,
> 
> Surely this is not a case for industry self-regulation - unless you are a
> champion of the citizen's arrest?
> 
> Is it not a regular policing matter?  After all, scams have been going on
> for years, between and across boundaries, even without the aid of the
> Internet.  The first "Nigerian" scam I received came in an envelope on
> airmail paper, after all.
> 
> The old Bill has the experience and powers to deal with these, though yes
> as we all know, they can be rather slow...
> 
> Paul.
> 
> 
> --On 5 August 2008 5:33:40 AM +1000 Ian Peter <ian.peter at ianpeter.com>
> wrote:
> 
> > Thanks John. The site is now down, but I am interested in the process,
> as
> > this was a known scam since last March and was linked to via Forbes,
> > MSNBC, among others until they found out (somehow). And was live until a
> > few hours ago. That's a pretty healthy long life for such a site.
> >
> > So am I to understand that the response in this case is purely an
> industry
> > self regulation one (via MAAWG and/or APWG). I have no problem with
> > industry self-regulation per se, but is there no legal loop, no ICANN
> > loop, or do police and/or Interpol complain to MAAWG or APWG (either?).
> > Or is that optional?
> >
> >
> > I see your point that takedowns can't be automatic without some
> > validation. But as you say, this would be an excellent area for some
> > governance guidelines!
> >
> >
> >
> > Ian Peter
> > Ian Peter and Associates Pty Ltd
> > PO Box 10670 Adelaide St  Brisbane 4000
> > Australia
> > Tel (+614) 1966 7772 or (+612) 6687 0773
> > www.ianpeter.com
> >
> >
> >
> >> -----Original Message-----
> >> From: John Levine [mailto:icggov at johnlevine.com]
> >> Sent: 04 August 2008 23:42
> >> To: governance at lists.cpsr.org
> >> Cc: ian.peter at ianpeter.com
> >> Subject: Re: [governance] beijing ticket scam - is this governed at
> all?
> >>
> >> > Very interested in analysis of why this is so when it is a known
> >> > major fraud site that has victims in many countries. Is there any
> >> > mechanism to stop major international scams?
> >>
> >> Sort of, keeping in mind that this particular example is a minor scam,
> >> not a major one.
> >>
> >> There are probably several dozen scam sites like that set up every
> >> day.  There are two interrelated problems -- one is that it's common
> >> for the registrar to be in one country, the web site in a second, and
> >> the mail servers sending promotional spam to be in yet a third through
> >> 50th.  The other is that there's a great deal of finger pointing.  Is
> >> the responsible party the registrar, eNom in this case?  The hosting
> >> company where the web site is located, Servepath?  The office-in-a-box
> >> in Arizona that's listed as their address?  All of the above?  MAAWG
> >> and the APWG have been working on setting up semi-formal contact
> >> systems to get registrars and hosters to take down bogus sites, but
> >> they can't just do a takedown on every random complaint, or else they
> >> get grief like Godaddy for turning off legitimate sites who have
> >> annoyed someone.
> >>
> >> This would be an excellent area for some governance guidelines.  Too
> >> bad we're too busy deciding what font the ballots should be printed
> >> in.
> >>
> >> R's,
> >> John
> >> No virus found in this incoming message.
> >> Checked by AVG - http://www.avg.com
> >> Version: 8.0.138 / Virus Database: 270.5.12/1589 - Release Date:
> 8/3/2008
> >> 1:00 PM
> >
> > ____________________________________________________________
> > You received this message as a subscriber on the list:
> >      governance at lists.cpsr.org
> > To be removed from the list, send any message to:
> >      governance-unsubscribe at lists.cpsr.org
> >
> > For all list information and functions, see:
> >      http://lists.cpsr.org/lists/info/governance
> 
> 
> 
> ________________________________________________________________________
> Paul Wilson, Director-General, APNIC                      <dg at apnic.net>
> http://www.apnic.net                            ph/fx +61 7 3858 3100/99
> 
> ____________________________________________________________
> You received this message as a subscriber on the list:
>      governance at lists.cpsr.org
> To be removed from the list, send any message to:
>      governance-unsubscribe at lists.cpsr.org
> 
> For all list information and functions, see:
>      http://lists.cpsr.org/lists/info/governance
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.138 / Virus Database: 270.5.12/1590 - Release Date: 8/4/2008
> 8:09 AM

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list