On 16 Dec 2015, at 13:39, John Hardin wrote:
On Wed, 16 Dec 2015, Bill Cole wrote:
ISIS uses any "social media" where the proprietors welcome them. That
is a business decision of for-profit private enterprises based in
lightly-regulated jurisdictions (mostly the US and EU) who mostly
have not thought about that choice in those terms.
There may also be liability issues as well, particularly in the
litigation-happy US.
If they try to filter such communications out, and don't do a perfect
job, they could potentially be sued for damages resulting from a
successful attack that was planned and coordinated using their
communication tools.
If they don't try at all, their exposure to such suits may be greatly
lessened because they are acting as a common carrier rather than a
gatekeeper.
This is a red herring. Various service providers like to say this
because it sounds plausible and WAS the state of the law nominally for a
while in the late 90s, but it absolutely isn't any more. There's a safe
harbor provision in COPPA II that essentially exempts providers from
liability for inadequate filtering if they are doing so in good faith,
and a similar provision in CAN-SPAM. I'm no lawyer and there's no case
law I'm aware of, but it is extremely unlikely that a US service
provider trying to exclude ISIS would be held liable for doing so
imperfectly. It's pretty reasonable to assert that such controls are in
part aimed at protecting minors, so the COPPA II safe harbor would
apply.
As far as I can find, the only sorts of Internet service providers ever
to be treated as common carriers in the US are last-mile access
providers.
But more to the technical point: Bill is exactly correct. You don't
need something like SA when you have a single point of control over
the communications (though something like bayes might well be a
component of central filtering).
Maybe for some services like Facebook but Bayes doesn't do well at
classifying very short messages (e.g. Twitter), audio, video, or still
images.
