The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
Please vote in the Forum Structure Poll. Polling will close at 2PM EST on January 21, 2025.
The Spamhaus Saga Continues
AngelHedgie
Registered User regular
Registered User regular
So, I'm left chuckling over the fact that while Spamhaus got the award appealed succesfully, their attempt to get rid of the default judgement fell flat.
Seriously, what part of doctrine of minimum contact don't they get? You don't get to brag that US agencies use your tools, then turn around and claim that you're not under US jurisdiction because you're located abroad.
Seriously, what part of doctrine of minimum contact don't they get? You don't get to brag that US agencies use your tools, then turn around and claim that you're not under US jurisdiction because you're located abroad.
XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
AngelHedgie on
0
Posts
Frankly, the idea that a foreign court could attempt to pursue an entity abroad seems like a bad one. Overtones of the execs of online gambling companies being bundled off planes because they happened to have picked a flight that re-fuels in a US airport.
On the topic of Spamhaus the anti spammer companies are almost as bad and annoying as the spammers themselves. As someone who used to work for an ISP places like Spamhaus have some pretty shady tactics to fight spammers. If they see single IPs spamming they'll often block entire IP blocks or even entire networks. So you get one jackass spamming from his basement and bam half your network can be blacklisted. They don't exactly make it easy to get off those lists either.
It seems to me that if e360insight really is conducting it's marketing operations in a manner consistent with US law, then it's beef is with the organisations that elect to use spamhaus' blacklist, not with the creators of the blacklist itself, especially since the criteria for adding IPs to the list may bear little to no resemblance to enforcement criteria in the US.
Furthermore, I think the question of whether you can actually force an organisation like an ISP to carry your email traffic is an iffy one, but that's a whole other can of worms.
Again, read up on the doctrine of minimum contacts. The very fact that Spamhaus signs contracts for services for pay with US agencies is most likely enough to establish this (though, of course, IANAL.)
I'm trying to figure out why Spamhaus' lawyers haven't sat the CEO down and explained this concept to him in detail.
Two things:
That would only apply if Spamhaus has a deal with the customer, right? They could just publish a list and let anyone download it for manual implementation and be out of trouble.
Nope.
Not exactly.
First off, there needs to be jurisdiction. Spamhaus' argument is that because they're headquartered in the UK and have no physical presence in the US, they need to abide by UK laws alone. The problem with that is that runs contrary to the doctrine of minimum contacts - they sign contracts for service with entities in the US both public and private, paid for in US dollars. This alone is most likely enough to establish minimum contacts, and as such means that for their business done in the US, they are indeed governed by US law. If, on the other hand, it was that agencies were going to the UK to sign up paying in pounds, then it would be different. This was the same issue that got Lik-Sang nailed to the wall - they weren't just a retailer in HK that had some UK patrons, but they actively courted UK business and accepted UK currency.
So, given that, Spamhaus is obligated to abide by US laws regarding their business in the US. So, they state they have a list of spammers. The problem now is that the terms 'spam', 'spamming', and 'spammer' are legally defined in the US under CAN-SPAM. And declaring someone to be a spammer is a statement of fact, not a matter of opinion, so defamation comes into play. So their list, at least in the US, must follow the legal definition of 'spammer'. And if they call someone a spammer who is not, well...they're on the hook, thanks to standing precident that states that blacklist publishers in the US are legally liable for their blacklists.
So, as to your question, if
then yes, you would be legally liable.
And that's where things break down. Spamhaus openly brags that they contract with public agencies in the US at both federal and state levels. Furthermore, when you apply for a contract with them, the contract in the US is billed in US dollars. You don't get to do business in the US and claim you're not under US law.
wouldn't that make most websites available in the states subject to its laws?
I'll be honest, this is really uncharted territory. But the way I see it (and again, IANAL) is that it all comes down to intent. If your website is not geared to attract interest from a certain area, you shouldn't feel too bound to the legal issues there. But if you're orienting yourself towards an area - if you set yourself up to do business in a certain region, then you may want to study up on the laws there,
e360insight are on Spamhaus' blacklist, and think they shouldn't be, that much is clear. What I'm not getting is why they think they shouldn't be on it. As far as I can tell:
Spamhaus says, "These are our criteria for putting people in the blacklist, we'll add anyone to the list that meets these criteria."
They then distribute the list for free, or will accept money for a "Data feed" of updates to the list. (Which is another thing, they aren't charging money for the list itself. They're charging money for making the list available in a certain form.)
ISPs use this list because they don't want traffic that meets Spamhaus' criteria on their networks.
e360insight's traffic is blocked by ISPs that use the list, think it shouldn't be, and are attempting to use the law to force ISPs to carry it.
Now, there are a variety of ways this can be interpreted:
First off, I don't think that you can take legal action for libel or similar if someone puts you on a public list of "things that meet criteria x," unless you don't meet criteria x. In which case, it seems like it would be a libel case. Given that different jurisdictions have different laws surrounding libel, it would seem logical that you'd have to take legal action in the jurisdiction in which the entity making the list is based.
Now, Spamhaus' definition of what is "spam" is not necessarily the same as the various definitions that have been established by law in various countries, and it's definitely not the same as the definition under US law, they even make a statement to that effect on their site:
As such, I can see that e360insight would think that they should be allowed to conduct their operations in a jurisdiction with a looser definition of spam than that used by Spamhaus, but are being prevented from doing so by the widespread use of Spamhaus' blacklist. There's merit to that claim, but it seems to me that the interruption of their business is nothing to do with Spamhaus itself, and everything to do with those implementing the blacklist.
Another couple of points:
It might just be that the wiki article is unclear, but I'm struggling to see the relevance of this. The product in question is merely a list, it doesn't do anything on it's own, and requires a third party to enforce it.
This raises several questions. Firstly: Who, in this case, is the blacklist operator? I find it difficult to accept that it's Spamhaus, because they only make the list, and have no part in enforcing it.
Secondly: when you say "legally accurate", the problem becomes "under whose law?" Spamhaus make attempt to say that the content of their list in any way aligns with the law in any jurisdiction.
Thirdly: I still take issue with the idea that Spamhaus are "playing in the US." They are to an extent, in that they are charging money for the availability of their list in the "Data Feed" form, but I think it's a considerable stretch to say that is sufficient for them to be considered to be interfering in e360insight's (allegedly) legitimate operations.
Finally, I still think that there's no way a US court can enforce a decision against a UK-based company. They could conceivably stop the implementation of Spamhaus' blacklist in the US (by taking action against those ISPs that do, for instance), but I don't think there's anything they can do about the content, creation, or existence of the list itself.
First, let's start with liability over the blacklist. During the period of the Hollywood blacklist, the blacklist was maintained by several companies, one of which was named AWARE. During this period, AWARE added radio personality John Henry Faulk to their blacklist, falsely stating that he was a Communist, mainly because he had led a successful campaign to boot AWARE-friendly officials from the union he belonged to. In response, Faulk sued AWARE for defamation, and won. This set a precedent that blacklist operators are legally liable for their lists, and basically put AWARE out of business (since they had used their blacklist as a means of control.) I would expect any person suing Spamhaus to bring this precedent up to establish their legal liability.
Second, I'd advise reading up on tortious interference. This is also why Spamhaus is on the hook - there is an assertion that their list is wrongfully driving away business.
Third, Spamhaus doesn't just provide a for-pay data feed. They only provide a free service for personal use. They fully expect companies to pay up, and state this explicitly. It's more akin to companies like Zone Labs, which provides a free version of ZoneAlarm for personal use only - they expect payment for anything else.
Fourth, you don't get to change legally defined terms. If CAN-SPAM says that spamming is A, then you can't call someone a spammer without them doing A.
Finally, the matter of minimum contacts. What minimum contacts says us that if you do business in an area, then you are legally liable under that region's laws. For an example, if I had my credit report screwed up by the reporting agencies, I can sue them locally to get the issue fixed, because they operate in my area. If I had to go to their home state to sue them for damaging my credit wrongly, well, I probably wouldn't stand much of a chance. As such, minimum contacts establishes accountability. which is really what this boils down to.
That would basically force them to localize the list for each country based on their definition of spam? That seems like an undue burden or some shit.
assuming that somewhere they post the definition of a spammer, and they meet that definition, how are the they culpable? That's retarded.
This is just a tribute.
Somewhere out there is a man who desperately wants a bigger penis.
How so? You want to do business here, you have to play by the rules. And if you're not a spammer, and you end up on the blacklist, why SHOULDN'T the blacklist be liable for any harm you may endure? The lack of accountability that some of these groups seek is scary.
All this because probably one jackass with a t1 or co-lo server decided to spam at a bad time.
That's the common misconception: That networks have absolute control of their email traffic. Your average network these days is a mismosh of colocated servers(not even controlled by the provider at all), hosted email and web servers, dedicated broadband connections as well as ISP owned servers. There's really no way for a provider or network to really police every IP they own. Especially now with broadband becoming more common basically every computer on the Internet is a possible spamming machine.
That's not even taking into consideration outside viruses that corrupt computers and turn them into spamming machines. Should an ISP really be accountable because Joe Blow small business with a single co-located server didn't patch his Windows Sever software properly?
SPEWS was literally the antithesis of the internet - a nameless, faceless cabal with power and no accountability. And yet they were accepted as a trusted resource.
I never understood that.
Regarding minimum contacts, I'm sort of with taliosfalcon, in that I can only find references to jurisdictional matters between different States of the US, and when there is an international dimension, it seems to involve foreign companies that have some kind of physical presence in the US that provides a means of enforcement. I don't think there's any such means against Spamhaus (In other words, I'm still of the opinion that a US court can make as many rulings against Spamhaus as it likes, but I don't think there's a means by which those rulings can be enforced).
Finally, regarding spam definitions, how much influence does CAN-SPAM have over an individual ISP's ability to set their own terms of use? It doesn't seem unlikely that an ISP would want to use a tighter definition of spam than that provided by CAN-SPAM. Are they not allowed to do that?
Emphasis by me, text from wikipedia.
...wait, that's it. Blue Frog. Was searching for Blue Toad. :P
Also, for the people who keep asking about the doctrine of minimum contacts in an international setting, the Lik-Sang case is a pretty good example of that. A lot of this is pretty new, as traditionally, going into business in another country wasn't something you did without forethought and planning...
That goes for "web filters" too. I've seen AIDS education and political parties get filtered as "hardcore porn" to push some political agenda.
I also want to smack the idiot who thinks that "loser pays" is a great idea. Especially when the defendant can require that before you file, you have to post a bond for their legal fees in case you do lose. The only thing that does is close the doors to justice, and it's one of the reasons that Spamhaus is where they are.
Edit: Finally, the boys at /. wade in.
Think is SPAM isn't the problem it used to be. Passive filters have gotten good enough on most services the amount fo spam is pretty low for most people. Fewer sites sell your address than used to too.
I worked in internet stuff at the height of the spam epidemic. It was pretty awful. I remember the one worm that used ot send hundred upon hundred of spam messages with viruses to everyone on you address book over and over and over again. God what a nightmare