On Tue, 2021-12-28 at 12:11 +0100, Hans-Martin Mosner via mailop wrote: > Am 28.12.21 um 11:08 schrieb Alessandro Vesely via mailop: > > OTOH, if it were possible to ascribe each nastiness to its actual > > culprit
UNNECESSARY AND > I'm working on a reputation based system which would use a p2p > network to transmit reputation opinions very quickly, COMPLICATED. The problem is behavioral, not technological. More technology is not the solution. There are very simple natural principles of economics and law that have proven themselves over time: proximity; the least cost avoider; and the duty to mitigate. Proximity is the distance of an actor (or in this case a node) to the incident. In the case of spamming or other internet malware, the incident is the spam reaching the egress node and the distance is measured in hops across jurisdictions / controlling actors. The least cost avoider in a system of interrelated actors is the actor who could prevent the incident at the lowest cost. At first sight, on the internet the least cost avoider is the ingress node. However, the cost for each egress node individually to reach the ingress node is higher than the cost for the next upstream node to do so; and often, the ingress node is out of reach because off-shore or unknown. Therefore, it makes economic sense to fix the problem at the next upstream node and the solution is a legal one, not a technical one: impose the duty to mitigate on the upstream node. Even if the upstream node is not the culprit, it is in the best position to prevent further harm and must do so. The duty to mitigate can be imposed as contractual liability (terms of service) or as statutory liability (a law enacted by a progressive jurisdiction). It would take the form of a penalty that is painful enough to motivate the upstream node to fix the problem. In an ideal world, the penalty would escalate progressively, starting with a warning on first incident, then increasingly higher fines for further incidents; and ultimately puling the plug and cutting off access to the node that does not fix the problem. What and how can be imposed depends on who is in a position of authority. A closed system operated by a single authority can afford a finer approach than a federated system spanning multiple sovereign jurisdictions and a miriad of participants that may have to resort to a blunter approach: cut them off at the inter-jurisdictional border until they get it and join progress on the other side. A large operator can afford cutting others off, and if a large, benign email operator would start to seriously cut off sources of spam, it would be beneficial for smaller operators to follow its lead and join a closed but clean federated system that would eventually grow to be open to actors that abide by the simple rule of policing their immediate upstream. I am not holding my breath for this to happen when the two largest operators are at the same time also the two largest enablers of spam. As long as they maintain that split personality, internet email is doomed to be a dungeon of horrors. -- Yuval Levy, JD, MBA, CFA Ontario-licensed lawyer _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
