Re: Nice work Ron

2021-01-21 Thread Anne P. Mitchell, Esq.


> On Jan 21, 2021, at 10:16 AM, Jean St-Laurent via NANOG  
> wrote:
> 
> https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/

For context, from the article:

"The pending disruption for DDoS-Guard and Parler comes compliments of Ron 
Guilmette, a researcher who has made it something of a personal mission to 
de-platform conspiracy theorist and far-right groups."


Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)



Re: Alexandria Ocasio-Cortez' Office is on NANOG?? Or, what is the policy about sharing email offlist?

2021-01-18 Thread Anne P. Mitchell, Esq.



> On Jan 18, 2021, at 12:28 PM, Aaron C. de Bruyn  wrote:
> 
> On Mon, Jan 18, 2021 at 10:20 AM Anne P. Mitchell, Esq.  
> wrote:
> And either way, what is the policy about forwarding list email to someone who 
> is not on the list?
> 
> If you are posting to NANOG under the impression that your email will only be 
> seen by network engineers and that it will never be "leaked" off-list to the 
> public, I have deal for you involving a few billion shillings I need to 
> smuggle out of Kenya...you can keep 10%, and I just need your routing info...

Not under that impression at all.  That's very different from "what is the 
policy" - at least in the groups I run, if the policy is "no sharing offlist" 
and then someone does, there are consequences for that someone.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)



Alexandria Ocasio-Cortez' Office is on NANOG?? Or, what is the policy about sharing email offlist?

2021-01-18 Thread Anne P. Mitchell, Esq.
Either Alexandria Ocasio-Cortez' office is on the NANOG list or someone is 
forwarding NANOG email to AOC's press office (in which case either spoofed as 
the original sender or AOC's office sends an ack to every email address it can 
find)..as I received this auto-ack in response to my email to to the list.

Anyone have any insight into this?

And either way, what is the policy about forwarding list email to someone who 
is not on the list?

Anne


> Begin forwarded message:
> 
> From: pr...@ocasiocortez.com
> Subject: Re: Re: Re Parler and its very underprepared attorney
> Date: January 17, 2021 at 12:20:33 PM MST
> To: "Anne P. Mitchell, Esq." 
> Reply-To: pr...@ocasio2018.com
> 
> Hi there,
> 
> Thanks very much for your message, and for reaching out to the campaign 
> office of Representative Ocasio-Cortez!  
>   • For press inquiries, please reach out to our Press Secretary, Ivet 
> Contreras, at i...@ocasiocortez.com. We also recommend following Alexandria 
> on Twitter for direct quotes and real-time updates. Sign up for our press 
> advisory list here.
>   • If you are a resident of New York's 14th Congressional District and 
> are reaching out for assistance, please contact Alexandria's congressional 
> team directly by visiting https://ocasio-cortez.house.gov/contact.
>   • If you are reaching out to request a meeting or invite Alexandria to 
> an event, please visit https://ocasio-cortez.house.gov/scheduling-request and 
> submit a Scheduling Request for review by Alexandria's congressional 
> schedulers. 
>   • If your inquiry is not press-related, please email 
> u...@ocasiocortez.com.
> 
> Thank you again for reaching out, and we hope to be able to connect with you 
> soon!



Re: Re Parler and its very underprepared attorney

2021-01-14 Thread Anne P. Mitchell, Esq.



> Per reporting by Katherine Long of the Seattle Times, during
> that hearing Parler's attorney:
> 
>   - forgot the name of Parler's CEO
> 
>   - stated that he's unfamiliar with some of the terminology
>   because he's not on social media
> 
>   - admitted that he filed a day late because he needed to
>   update his PACER account

This is because, if reports can be believed, Parler's own lawyers abandoned 
ship a few days ago.

> I am not an attorney but my general understanding is that if you wish
> to file a civil complaint against multiple defendants that you should
> actually go through the trouble of naming them all as defendants on the
> complaint (and serving them).

It's actually not uncommon to include unnamed defendants  - however, in order 
to do so, and in order to reserve the ability, one needs to include in the list 
of defendants something  like "And Does 1-10', or such (or request leave to 
amend the complaint).

Given everything everything, I'd say it's pretty clear that this attorney took 
the case at the 11th hour.  He is a patent and other IP issues attorney - which 
this case is not.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)ultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)



Re: shouting draft resisters, Parler

2021-01-11 Thread Anne P. Mitchell, Esq.
>> That would make me wonder how many cases there have been of someone
>> "shouting fire in a crowded theatre" where there was no fire and at
>> least one person died as a result; ...
> 
> This seems a wee bit distant from Parler or TOS or Sec 230.

That's because people continue to believe that this has something to do with 
the 1st Amendment, which of course it does not.  But you can't disabuse people 
of their poorly informed notions.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)



Re: Vint Cerf & Interplanetary Internet

2020-10-22 Thread Anne P. Mitchell, Esq.



> On Oct 22, 2020, at 1:20 AM, C. A. Fillekes  wrote:
> 
> the subgroup for networks on aspherical planetoids would be EGGNOG -- we only 
> meet during the holidays



This should have come with a C warning! 

Anne

--
Anne P. Mitchell,  Cartoony at Large
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative and Legal Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado





Is there *currently* a shortage of IPv4 addresses?

2020-08-04 Thread Anne P. Mitchell, Esq.
I know that a shortage of IPv4 addresses has been anticipated for quite some 
time (literally decades), however, is there a shortage *right now*?

I ask, because Liquid Web is using it as an excuse to raise their prices:

"We're contacting you today to inform you of a change to your account. As you 
may know, the global shortage of IPv4 addresses 
(https://www.ripe.net/manage-ips-and-asns/ipv4/ipv4-run-out) continues to 
impact web hosting companies around the world. ... Effective August 31st, we 
will be updating our per IPv4 address price to $2.00 per IP."

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)



Also Going on on TikTok (Re: Urgently need contact at Facebook of Instagram and also Omegle)

2020-05-02 Thread Anne P. Mitchell, Esq.



> On May 2, 2020, at 4:10 PM, Anne P. Mitchell, Esq.  
> wrote:
> 
> There is a woman torturing animals on Omegle, she is advertising it on her 
> Instagram account.  Need to get this in front of the right people to have her 
> traced and shut down.
> 
> Please let me know if you can provide a contact for either org.
> 
> Anne
> 
> ---
> Anne P. Mitchell, Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> Advisor, Colorado Innovation Response Team Task Force
> CEO/President, SuretyMail Email Reputation Certification
> Policy Drafting and Review for Businesses
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Location: Boulder, Colorado



Urgently need contact at Facebook of Instagram and also Omegle

2020-05-02 Thread Anne P. Mitchell, Esq.
There is a woman torturing animals on Omegle, she is advertising it on her 
Instagram account.  Need to get this in front of the right people to have her 
traced and shut down.

Please let me know if you can provide a contact for either org.

Anne

---
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Advisor, Colorado Innovation Response Team Task Force
CEO/President, SuretyMail Email Reputation Certification
Policy Drafting and Review for Businesses
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado

Re: Phishing and telemarketing telephone calls

2020-04-27 Thread Anne P. Mitchell, Esq.


> What exactly is this "basic internet research"? I thought the big problem is 
> that they are trivially capable of covering their tracks.

There is always a money trail.  Always.  Because the whole point of these 
calls/sms messages is to get money out of you.  And the money trail almost 
always provides a nexus to the U.S. (or whatever country you are in).

In the case of spam calls, you do have to get a bit creative (and actually 
interact with the spammers on the phone...e), to try to get them to give up 
on whose behalf they are working.  In the case of text message spam, it's often 
much easier because there will often be a link to a website, which, yeah, is 
likely a front for another website, but hey, if you are part of NANOG, 
following those trails should be trivially easy.

In the case of the outfit that just coughed up the $1000 to me, it was a text 
message spam that was ostensibly about one product, but the url in the text 
message actually forwarded through two intermediate urls to land on a site 
hawking a completely unrelated product - no big surprise there  (this was nice 
because I was also able to accuse them of violating laws about misleading 
advertising ;-) ).  Even with whois basically being useless now in terms of 
figuring out who is behind stuff, it was pretty easy to figure out who exactly 
stood to profit from my buying what was advertised on the landing site.

As it happened, when I contacted them, they (rather surprisingly) referred me 
to their lawyer - which turned out to be great because he understood 
immediately the predicament they were in. :~)

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)

Re: Phishing and telemarketing telephone calls

2020-04-27 Thread Anne P. Mitchell, Esq.


>> Well, while we are already engaged in the thread, some of you may be
>> interested to know (especially if you find yourself with time on your
>> hands these days), that you *can* actually get money from these
>> scum.  In fact, it turns out that they cave pretty easily because
>> they *know* they are violating the law, and they *know* what the
>> penalties are.  
> 
> This is awesome!
> 
> Not being a lawyer, I have no idea, but how effectively could a non-US-
> resident (i.e. somebody who lives in Canada) apply this?  Do the laws
> being violated still count if they are to a non US-resident?  Does not
> being a US resident weaken the leverage you have over these scum?  I.e.
> wouldn't they be more likely to ignore a non-US-resident on the
> assumption that such a person is not likely going to bring suit?

Well, if the org is in or has a connection to the U.S., then they are still in 
violation of the law.   Whether they would even come to know that you are not a 
U.S. resident would depend on how it unfolded, and even if they did come to 
find out that you are not a U.S. resident, to fight it on that basis would cost 
waay more than just settling with you.

The whole basis for this is basically that you are reminding them of something 
they already know (they are in violation of the law), and something else that 
they already know (each single violation of TCPA can carry a fine up to $500, 
and triple that if they knowingly violated TCPA and your phone is on the Do Not 
Call list - and of course you let them know that your phone number *is* on the 
DNC list, and that you have reason to believe that they knowingly violated the 
TCPA, so each call/text to you is worth $1500).  What they count on is that 
people receiving their calls/text messages won't know the law, or how to 
proceed against them.  YOU are letting them know that *you* know these things 
also, and that you are prepared to actually take them to court, where they know 
the odds are very much against them.  They *know* how much those penalties are, 
so if you are offering to settle for substantially less, it is in their best 
interest to agree to your terms.

Whether your place of residence would ever come up is an open question;  their 
wanting to spend the money to fight an otherwise slam-dunk (in your favour) 
lawsuit on that basis, which would cost them way more than what your now 
very reasonable offer requests, seems unlikely.

Hey, even if some of the orgs tell you to go pound salt if they find out you're 
not a U.S. resident, if even one comes through...free money (other than the 
time you have invested). :-)

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)

Re: Phishing and telemarketing telephone calls

2020-04-26 Thread Anne P. Mitchell, Esq.



> Good grief, selling a kit for $47. Since all robocalls employ Caller ID 
> spoofing, just how does one prove who called? Will the telephone company 
> simply hand over detailed transport records or the hidden Caller ID 
> information? I don't care about making money or imposition of government 
> fines; I just want the calls to cease.

Just to be clear, *we* are not selling the kit to which Matthew refers, and *I* 
am not selling the kit either, it is referred to in the article.  Nor is it an 
affiliate thing (although I believe they do offer that).

Anne





Re: Phishing and telemarketing telephone calls

2020-04-25 Thread Anne P. Mitchell, Esq.



> On Apr 24, 2020, at 5:36 PM, Jon Lewis  wrote:
> 
> On Fri, 24 Apr 2020, Matthew Black wrote:
> 
>> Has anyone else noticed a steep decline in annoying phone calls since the 
>> FCC threatened legal action against three major VOIP gateways if they didn’t 
>> make efforts to prevent
>> Caller ID spoofing from scammers?
> 
> Not that it's at all on-topic for NANOG, but no.  I still get numerous "last 
> chance to renew my car warranty" and whatever the scam is from the credit 
> card callers per day on both my home and cell numbers.

Well, while we are already engaged in the thread, some of you may be interested 
to know (especially if you find yourself with time on your hands these days), 
that you *can* actually get money from these scum.  In fact, it turns out that 
they cave pretty easily because they *know* they are violating the law, and 
they *know* what the penalties are.  

In fact, we wrote up how to do it (link below) and I *know* that it works 
because I just got myself $1000 out of a text message spammer!   

So, harass those phone spammers for fun *and* profit! ;-)  Here's the write-up 
I did, feel free to ask me any questions you may have. :-)

https://www.theinternetpatrol.com/how-to-shake-down-robocallers-and-robotexters-for-fun-and-profit/

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)



Re: best email list?

2020-04-08 Thread Anne P. Mitchell, Esq.



> On Apr 8, 2020, at 12:02 PM, David Funderburk  wrote:
> 
> What email list companies or direct mail have you used with success? During 
> this time I feel there are many companies that are or should be considering 
> off-site back ups or putting in remote servers.  I'd like to contact some of 
> these who could benefit from our data center.  Suggestions?

You do understand that permission cannot be transferred, and that using 
purchased or rented email lists is a violation of all sorts of laws, right?

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Advisor, Colorado Innovation Response Team Task Force
CEO/President, SuretyMail Email Reputation Certification
Policy Drafting and Review for Businesses
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado

Re: COVID-19 vs. our Networks

2020-03-18 Thread Anne P. Mitchell, Esq.



> On Mar 18, 2020, at 9:24 AM, Mark Tinka  wrote:
> 
> 
> 
> On 17/Mar/20 20:35, Owen DeLong wrote:
> 
>> Step one:
>>  Consumers _AND_ especially mission critical consumers must start 
>> refusing to purchase devices which have inherent dependency on a 
>> vendor-cloud (or any cloud for that matter).
> 
> Good advice for mission-critical consumers. 

>> Stop treating things you don’t own and things that aren’t hosted locally as 
>> “reliable” and make sure that they are not in the mission critical chain of 
>> urgent patient care.

We have told our readers (and, really, anyone who will listen) for years that 
'the cloud' is just another term for 'somebody else's computer'.  Sometimes 
(often) people really need to hear it in such simple terms.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Policy Drafting and Review for Businesses
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange




Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

2020-02-17 Thread Anne P. Mitchell, Esq.



> On Feb 17, 2020, at 10:38 AM, Gene LeDuc  wrote:
> 
> I was a student worker at a computer lab at USC in the 70s and a buddy had a 
> system operator job at ISI in Marina Del Rey.  One day he connected to his 
> office from my lab via a 300baud acoustic modem and then got on the ARPA-NET. 
>  From there he connected to a system called ATLAS in the UK.  I had no idea 
> what to do at the prompt so I typed
> 
> > ?
> 
> to get list of commands.  My global eyes were opened when the response was
> 
> Pardon?
> 
> instead of the usual rude or cryptic error message that I was used to. There 
> was a big world out there and we were definitely not in Kansas anymore!

It was about 1980.  My C-128 came with one of those CIS snap packs to let you 
test connecting to the 'net via Compuserve.  So I connected with my 300baud 
modem and..whoa!!!

When I got my next computer (and first portable) shortly thereafter (a TRS 
Model 100) I got acoustic cups for it, and suddenly I was connected from 
anywhere and everywhere there was a phone - including from my job at a Fotomat 
booth (remember those?) :-)

Anne

--
Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw & Cybersecurity, Lincoln 
Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)




Re: Friendly contact at Comcast about possible RF leaks

2019-10-02 Thread Anne P. Mitchell, Esq.



> On Sep 30, 2019, at 8:38 PM, Brandon Martin  wrote:
> 
> Anyone know a friendly contact at Comcast regarding possible RF leaks on 
> their HFC plant?  I'm not a Comcast customer, so I can't get in via front 
> line support (not that it would probably do me much good, anyway), and I'm 
> not looking to lodge a formal complaint or anything.  I just want to give a 
> heads-up about some issues I've noticed locally that haven't been addressed 
> for a while and hopefully let things get addressed.
> 
> I'm in Central Indiana, if anyone wants to try to route me directly to the 
> right people.  A general contact is fine, too.
> -- 
> Brandon Martin

Brandon, shoot me a note offlist and we'll connect you.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop




Re: Barely operational .. hoping to find myspace help

2019-09-24 Thread Anne P. Mitchell, Esq.


> As you can imagine, getting a lawyer's letterhead could involve some expense 
> that our shoestring volunteer organization wishes to avoid .. which is why I 
> sought a tech contact in order to pave the way if possible (sometimes it's 
> still WHO you know more than WHAT you know). 

I may be able to help with that letterhead thing. ;-)

LMK offlist if you still need/want it.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado




Re: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

2019-08-14 Thread Anne P. Mitchell, Esq.


> There's obviously a disconnect where people aren't worried about indemnifying
> Spamhaus for using their block list, but are worried about indemnifying ARIN 
> for
> using the TAL.

That would be because there is a rather substantial difference between 
publishing an IP address for which you have spam in hand, and are saying (and 
only saying) "I received spam from this IP address" (not to mention something 
which people use to only affect inbound email), and hosting something on which 
others rely for making their acceptance decision of all legitimate Internet 
traffic, as well as for the ability to not move malicious (or even accidentally 
misconfigured) Internet traffic.

Anne

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association



Re: Research project on blacklists

2019-08-08 Thread Anne P. Mitchell, Esq.


RESEARCHER'S NOTES, DAY 1:

I and my colleagues have observed the operators and patrons of blacklists in 
the wild.  They appear to be hostile and combative.  We hypothesize that they 
will have trouble mating.

---

Re: the CLOUD Act (was What can ISPs do better? Removing racism out of internet)

2019-08-06 Thread Anne P. Mitchell, Esq.



> Is the CLOUD Act germane to North American network operations (the mission of 
> NANOG)? My understanding is that this ACT was to help solve problems the FBI 
> had with obtaining remote data through overseas service providers, through 
> SCA warrants. 
> 
> SCA already compels U.S.- and Canada-based service providers, via warrant or 
> subpoena, to provide requested data stored on servers. It doesn’t matter if 
> the data are stored in the U.S. or in another country. I’m not seeing how 
> CLOUD impacts any NANOG member, which just encompasses Canada and the US 
> (Mexico has its own network operator’s group, LACNOG.)
> 
> I’m open to being educated, however.

The CLOUD act is reciprocal.  It allows an agency of another country to demand 
from U.S.-based holders of data that data which is relevant to a citizen of 
that country, where that individual is working abroad in the U.S.. - with *no* 
due process - in fact with no requirement of notice to that individual.  It's 
the equivalent of a demand for production of documents (i.e. a subpoena) - no 
warrant, no anything else.

Example (using the UK because that is the reciprocal agreement closest to being 
formalized):

John Deaux is from London, and a citizen of the UK. John is working in the 
U.S., at a tech company in Palo Alto, California. John has a Gmail account, and 
uses Dropbox to store his photos. A law enforcement agency in the UK decides 
that it wants access to the data in John’s Gmail account and Dropbox account, 
and so they serve a demand for the production of John’s data on Google and 
Dropbox, under the CLOUD Act. If the U.S. and the UK have an executive 
agreement in place as contemplated by the CLOUD Act, Google and Dropbox must 
comply.

And, it gets worse: 

Let’s say that while combing through John Deaux’s Gmail data the UK authorities 
find evidence that he has been laundering money, and they believe that it may 
be in concert with Joe Smith, who lives in Mountain View, a short distance from 
John. Joe is a U.S. citizen. The U.S. authorities do not know about Joe’s 
possible illegal activity, and they have no reason to suspect it. If they did 
suspect it, they would have to convince a judge to issue a warrant to search 
Joe’s data (because in the U.S. you can only use the subpoena route if there is 
already an open case against the person).  *However*, there is nothing in the 
CLOUD Act that stops the UK agency from simply passing this data on to U.S. law 
enforcement voluntarily. In fact, the CLOUD Act encourages it.

Anne

---

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association





Re: What can ISPs do better? Removing racism out of internet

2019-08-06 Thread Anne P. Mitchell, Esq.
Hey guys, how about we talk about the CLOUD act now?

Anne

---

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association



Re: What can ISPs do better? Removing racism out of internet

2019-08-05 Thread Anne P. Mitchell, Esq.
Mel, this is to ack your note. "Because I'm a lawyer" isn't an argument at all, 
*nor have I made it* - however, that I'm extremely busy, and under no 
obligation to provide any of this information here, is.  I'm not here for 
academic debate.   You are also free to bring a lawsuit based on ISP as common 
carrier, but you will lose.

Anne

> On Aug 5, 2019, at 12:19 PM, Mel Beckman  wrote:
> 
> Anne of Many Titles,
> 
> I notice you didn’t provide any actual data to support your position. What, 
> for example, outside of copyright violations, could ISPs conceivably be 
> liable for? Present an argument to make your case. “No, because I’m a lawyer 
> and you’re not” is not an argument :)
> 
> As clearly stated in DMC 512(a), the safe harbor provision for transitory 
> transport, which is what Cloudfare provides, 
> 
> "protects service providers who are passive conduits from liability for 
> copyright infringement, even if infringing traffic passes through their 
> networks. In other words, provided the infringing material is being 
> transmitted at the request of a third party to a designated recipient, is 
> handled by an automated process without human intervention, is not modified 
> in any way, and is only temporarily stored on the system, the service 
> provider is not liable for the transmission.” 
> 
> That’s not a law school student opinion. That’s the law itself. As I 
> previously said, I’m not talking about the FCC definition of CC. Under DMCA, 
> "service providers who are passive conduits” are the essence of the common 
> law definition of Common Carrier 
> (https://en.wikipedia.org/wiki/Common_carrier).
> 
>  Incidentally, Network Neutrality wasn’t enacted until 2015, and classified 
> ISPs as FCC CCs purely to bring them under regulation by the FCC. DMCA was 
> passed in 1998, and Safe Harbor is based on the fact that ISPs are “passive 
> conduits". NN has nothing to do with the common carrier aspect of ISPs as 
> "service providers who are passive conduits”. 
> 
>  -mel
> 
>> On Aug 5, 2019, at 9:41 AM, Anne P. Mitchell, Esq.  
>> wrote:
>> 
>> 
>> 
>>> On Aug 5, 2019, at 10:02 AM, Mel Beckman  wrote:
>>> 
>>> Patrick,
>>> 
>>> You’re confusing the FCC’s definition of common carrier for telecom 
>>> regulatory purposes, and the DMCA definition, which specifically grants 
>>> ISPs protection from litigation through its Safe Harbor provision, as long 
>>> as they operate as pure common carriers:
>>> 
>>> “Section 512(a) provides a safe harbor from liability for ISPs, provided 
>>> that they operate their networks within certain statutory bounds, generally 
>>> requiring the transmission of third-party information without interference, 
>>> modification, storage, or selection. [emphasis mine]
>>> 
>>> http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf
>>> 
>>> -mel 
>> 
>> Section 512(a) applies very specifically to the copyright infringement issue 
>> as addressed in the DMCA.  While I don't disagree that this law school 
>> paper, written while Lovejoy was a law student, in 2013,  could be read as 
>> if ISPs were common carriers, they are not, and were not.   Even if it were 
>> headed that way, actions by the current FTC and administration rolled back 
>> net neutrality efforts in 2017, four years after this student paper was 
>> published.
>> 
>> All that said, this is very arcane stuff, and ever-mutating, so it's not at 
>> all difficult to see why reasonable people can differ about the meanings of 
>> various things out there. 
>> 
>> Anne
>> 
>> Anne P. Mitchell, Attorney at Law
>> CEO/President, Institute for Social Internet Public Policy
>> Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
>> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
>> Legislative Consultant
>> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
>> Board of Directors, Denver Internet Exchange
>> Board of Directors, Asilomar Microcomputer Workshop
>> Legal Counsel: The CyberGreen Institute
>> Former Counsel: Mail Abuse Prevention System (MAPS)
>> Member: California Bar Association
>> 
>> 
>> 
> 

---

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association



Re: What can ISPs do better? Removing racism out of internet

2019-08-05 Thread Anne P. Mitchell, Esq.



> On Aug 5, 2019, at 11:46 AM, b...@theworld.com wrote:
> 
> My first suggestion would be to include an indemnification clause in
> your contracts which includes liability for content, if you don't
> already have it (probably most do.)
> 
> And a clause which indicates you (need lawyering for this) will seek
> expenses including but not limited to legal, judgements, reputational
> recovery (e.g., cost of producing press releases), etc, incurred by
> actions taken by customer.

These are all excellent suggestions - and while we're on the subject of that 
sort of thing, *everyone* should have warrantees of GDPR compliance in any of 
their third-party contracts in which data can be touched, and *also* 
indemnification clauses in those same contracts if you are held responsible 
because those third-parties were breached, etc., and found to *not* be in 
compliance with GDPR (for which GDPR specifically provides - i.e. GDPR can go 
through the third-party contract and hold *you* liable).  This is one of the 
ways that GDPR can seep in to get you even if you think you're safe because 
you're not in the EU.

Anne

---

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association



Re: What can ISPs do better? Removing racism out of internet

2019-08-05 Thread Anne P. Mitchell, Esq.



> On Aug 5, 2019, at 10:02 AM, Mel Beckman  wrote:
> 
> Patrick,
> 
> You’re confusing the FCC’s definition of common carrier for telecom 
> regulatory purposes, and the DMCA definition, which specifically grants ISPs 
> protection from litigation through its Safe Harbor provision, as long as they 
> operate as pure common carriers:
> 
> “Section 512(a) provides a safe harbor from liability for ISPs, provided that 
> they operate their networks within certain statutory bounds, generally 
> requiring the transmission of third-party information without interference, 
> modification, storage, or selection. [emphasis mine]
> 
> http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf
> 
>  -mel 

Section 512(a) applies very specifically to the copyright infringement issue as 
addressed in the DMCA.  While I don't disagree that this law school paper, 
written while Lovejoy was a law student, in 2013,  could be read as if ISPs 
were common carriers, they are not, and were not.   Even if it were headed that 
way, actions by the current FTC and administration rolled back net neutrality 
efforts in 2017, four years after this student paper was published.

All that said, this is very arcane stuff, and ever-mutating, so it's not at all 
difficult to see why reasonable people can differ about the meanings of various 
things out there. 

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association





Re: What can ISPs do better? Removing racism out of internet

2019-08-05 Thread Anne P. Mitchell, Esq.



> I’m not sure if you understand the terms under which ISPs operate as “common 
> carriers”, and thus enjoy immunity from lawsuits due to the acts of their 
> customers. ISPs such as Cloudfare can no more disconnect customers for legal, 
> if offensive, content than the phone company can, without losing that common 
> carrier status.
> 
> Cloudfare is being foolish, and hypocritical. They freely, for example, carry 
> the equally offensive content of Antifa. Are they going to cut them off too?
> 
> In America we have the right to free speech, and the right to use common 
> carriers to carry that speech. If a common carrier chooses to censor legal 
> speech, which is what Cloudfare has done, then it loses its CC status and can 
> now be sued for that speech.
> 
> -mel beckman

ISPs are not common carriers, and, in fact, they have the right to carry - or 
to not carry - whatever traffic they choose.  In fact, for some aspects of 
Internet traffic, ISP immunity is specifically written into the law (cf. 
CAN-SPAM §8(c) which states that "(c) No EFFECT ON POLICIES OF PROVIDERS OF 
INTERNET ACCESS SERVICE.--Nothing in this Act shall be construed to have any 
effecton the lawfulness or unlawfulness, under any other provision of law, of 
the adoption, implementation, or enforcement by a provider of Internet access 
service of a policy of declining to transmit, route,relay, handle, or store 
certain types of electronic mail messages.").

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association



Re: Spamming of NANOG list members

2019-05-24 Thread Anne P. Mitchell, Esq.
Question:  Is the member list with email addresses public??  Otherwise, one has 
to wonder how they got these addresses?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, Institute for Social Internet Public Policy
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Ret. Professor of Law, Lincoln Law School of San Jose


> On May 24, 2019, at 1:26 AM, Sandra Murphy  wrote:
> 
> So sheer coincidence.  Literally.
> 
> —Sandy
> 
>> On May 23, 2019, at 7:07 PM, Niels Bakker  wrote:
>> 
>> * sa...@tislabs.com (Sandra Murphy) [Fri 24 May 2019, 00:28 CEST]:
>>> And it arrived oddly coincident with my visit to the cvent registration 
>>> page.  Any others who had that coincidence?
>> 
>> No, and I've gotten like five by now.
>> 
>> 
>>  -- Niels.
> 



Re: My .sig (Was Re: Packetstream - how does this not violate just about every provider's ToS?)

2019-04-26 Thread Anne P. Mitchell, Esq.
Oops..sorry to follow up on myself (and before anybody says anything about 
this, sorry/not sorry for top-posting - it's on myself after all)..but I'd 
meant to include this:


Case in point:  This very (original) thread, about Packetstream - if I had just 
posted the original thread, about how it's inducing users to violate their 
providers' ToS, how that's a breach of contract, etc... how many here would 
have a) not given a second thought, writing it off as the rantings of at best 
someone who doesn't know anything, and at worst a troll, or b) would have 
challenged me to explain my credentials - which would have take up far more 
space than my .sig :-(

Anne

> On Apr 26, 2019, at 2:55 PM, Anne P. Mitchell, Esq.  
> wrote:
> 
> Apparently, after many, many years of using essentially the same .sig here, 
> it is now an issue of contention.  (Well, 3 people probably does not 
> contention make, but still...).
> 
> However, as one person decided I was trying to market myself, let me address 
> why I have all of that info in there:
> 
> Primarily I leave in all of my background because people (at least those here 
> in the states) tend to a) assume that attorneys are all just "corporate 
> suits" with no understanding of or experience with deep Internet issues, and 
> b) attorneys are generally disliked. ;-)  Over the years I've found that it's 
> best to include my chops right up front, so folks can be reassured that I'm 
> not only on the right (white hat) side of things, but that I actually do know 
> what I'm talking about.
> 
> I can tell you absolutely that the pushback I get from people in our 
> industries who *don't* know my background, when I provide information based 
> on that background and my expertise, is far greater, and bordering at times 
> on abusive (come to think of it, not unlike some of the pushback I got when I 
> first arrived at MAPS, from a certain volunteer  ;-)).
> 
> I'm open to suggestions (other than the suggestion to sod off).
> 
> Anne
> 
> [This .sig space open to suggestions.]
> 



My .sig (Was Re: Packetstream - how does this not violate just about every provider's ToS?)

2019-04-26 Thread Anne P. Mitchell, Esq.
Apparently, after many, many years of using essentially the same .sig here, it 
is now an issue of contention.  (Well, 3 people probably does not contention 
make, but still...).

However, as one person decided I was trying to market myself, let me address 
why I have all of that info in there:

Primarily I leave in all of my background because people (at least those here 
in the states) tend to a) assume that attorneys are all just "corporate suits" 
with no understanding of or experience with deep Internet issues, and b) 
attorneys are generally disliked. ;-)  Over the years I've found that it's best 
to include my chops right up front, so folks can be reassured that I'm not only 
on the right (white hat) side of things, but that I actually do know what I'm 
talking about.

I can tell you absolutely that the pushback I get from people in our industries 
who *don't* know my background, when I provide information based on that 
background and my expertise, is far greater, and bordering at times on abusive 
(come to think of it, not unlike some of the pushback I got when I first 
arrived at MAPS, from a certain volunteer  ;-)).

I'm open to suggestions (other than the suggestion to sod off).

Anne

[This .sig space open to suggestions.]



Re: Packetstream - how does this not violate just about every provider's ToS?

2019-04-26 Thread Anne P. Mitchell, Esq.



> On Apr 26, 2019, at 11:57 AM, Mel Beckman  wrote:
> 
> Anne,
> 
> As a lawyer, I’m sure you realize those overly broad policies are 
> unenforceable on their face. Phrases such as “resell...directly or 
> indirectly” could just as easily be interpreted to mean you can’t perform 
> paid consulting work by email over a residential link — something patently 
> ridiculous. 
> 
> Can you cite any case law where these restrictions have been enforced? I 
> believe if a case every cane to court, the defense would have an excellent 
> argument that the plain meaning of these restrictions is to prevent others 
> from buying direct Internet access from another communications channel (e.g., 
> WiFi) from the residence, not passing data through the residence. 

Mel, we will have to agree to disagree.  I know that if I were representing any 
of these providers, I know what arguments I'd make, and we would almost 
certainly win.

Courts don't look kindly on breach of contract (nor on inducing breach of 
contract, as Packetstream is), and the ToSs very clearly state you cannot 
*resell* your residential bandwidth, which is precisely what is going on here 
(there is no legal theory of which I am aware under which that could be 
interpreted to mean "can’t perform paid consulting work by email over a 
residential link", novel though your theory is.  Performing paid consulting 
work is *not* 'reselling bandwidth").

Anne

Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose




Re: Packetstream - how does this not violate just about every provider's ToS?

2019-04-26 Thread Anne P. Mitchell, Esq.



> On Apr 26, 2019, at 9:24 AM, Mel Beckman  wrote:
> 
> With all due respect, you haven’t yet cited an example of an ISP TOS at 
> “every provider” that this new company’s product violates. I’m not asking you 
> to critique TORs, I’m asking that you tell us the TOS restriction that you 
> believe is so obvious to everyone? Because it’s not obvious to me, and I own 
> an ISP. 

A few examples:

Comcast:

You are prohibited from reselling or permitting another to resell the 
Service(s) in whole or in part, or using or permitting another to use the 
Xfinity Equipment or the Service(s), directly or indirectly, for any unlawful 
purpose, including, but not limited to, in violation of any policy we post 
applicable to the Service(s).

https://www.xfinity.com/Corporate/Customers/Policies/SubscriberAgreement

---

CenturyLink:

Also, you agree not to use the Service for high volume or excessive use, in a 
business or for any commercial purpose if your Service is a residential 
service, or in a way that impacts CenturyLink network resources or 
CenturyLink’s ability to provide services. You agree not to: (i) offer public 
information services (unlimited usage or otherwise), or (ii) permit more than 
one high-speed Internet log-on session to be active at one time, except if 
using a roaming account when traveling, in which case 2 sessions may be active. 
A log-on session represents an active connection to your Internet access 
provider. The active session may be shared to connect multiple 
computers/devices within a single home or office location or within a single 
unit within a multiple dwelling unit (e.g., single apartment or office within 
an apartment complex) to your modem and/or router to access the Service 
(including the establishment of a wireless fidelity (“WiFi”) hotspot), but the 
Service may only be used at the single home or office location or single unit 
within a multiple dwelling unit for which Service is provisioned by CenturyLink.

http://www.centurylink.com/legal/en/highspeedinternetsubscriberagreement_LQ.html

---

Google:

you agree not to use or allow third parties to use the Services provided to you 
for any of the following purposes:

...

• To make the Services available to anyone outside the property to 
which the Services are delivered, to resell the Services directly or 
indirectly, except as explicitly approved by Google Fiber in writing, or to 
create substitute or related services through the use of or access to the 
Services (for example, to provide Wi-Fi services to third parties outside of 
your residence).

https://fiber.google.com/legal/accepteduse/residential/

---

Anne

Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose






Re: Packetstream - how does this not violate just about every provider's ToS?

2019-04-26 Thread Anne P. Mitchell, Esq.



> On Apr 26, 2019, at 6:10 AM, Matthew Kaufman  wrote:
> 
> So providers should stamp this out (because it is “bad”) and support 
> customers who are running TOR nodes (because those are “good”). Did I get 
> that right?

If that is how you see it, then it's right for you.  At no time did I mention 
TOR, nor will I get dragged into that discussion.

Anne

Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose




Re: Packetstream - how does this not violate just about every provider's ToS?

2019-04-25 Thread Anne P. Mitchell, Esq.



> On Apr 25, 2019, at 1:41 PM, Tom Beecher  wrote:
> 
> It seems like just another example of liability shifting/shielding. I'll 
> defer to Actual Lawyers obviously, but the way I see it, Packetstream doesn't 
> have any contractual or business relationship with my ISP.  I do. If I sell 
> them my bandwidth, and my ISP decides to take action, they come after me, not 
> Packetstream. I can plead all I want about how I was just running "someone 
> else's software" , but that isn't gonna hold up, since I am responsible for 
> what is running on my home network, knowingly or unknowingly. 

And *that* is *exactly* my concern.  Because those users...('you' in this 
example)...they have *no idea* it is causing them to violate their ToS/AUP with 
their provider.

And this in part, is my reason for bringing it up here in NANOG - because (at 
least some of) those big providers are here.  And those big providers are in 
the best position to stamp this out (if they think that it needs stamping out).

And:

> On Apr 25, 2019, at 1:21 PM, John Levine  wrote:
> 

> As to how do these guys think they'll get away with it, my guess is
> that they heard that "disruption" means ignoring laws and contracts
> and someone told them that is a good thing.

I would have appreciated a C warning on that. :-)

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




Packetstream - how does this not violate just about every provider's ToS?

2019-04-24 Thread Anne P. Mitchell, Esq.
Just ran into packetstream.io:

"Sell Your Unused Bandwidth

Earn passive income while you sleep

PacketStream is the first of its kind peer-to-peer proxy network. Packeters are 
compensated for sharing bandwidth on the PacketStream network and allowing 
users all over the world have access to content on  the internet through our 
secure network. Customers can purchase bandwidth and browse the web from 
residential IPs to protect their browsing privacy.

The PacketStream network routes customer traffic through PacketStream users 
allowing for increased privacy and access to geo-restricted content while 
browsing the web. Packeters on the PacketStream network share their bandwidth 
with PacketStream customers. The website/service receiving HTTP requests sees 
requests coming from real residential IPs and allows access to content that 
would otherwise be blocked if it had been requested from traditional datacenter 
VPNs or proxy networks."

How can this not be a violation of the ToS of just about every major provider? 

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop






Re: We have it here, including the conclusions (was Re: Special Counsel Office report web site)

2019-04-18 Thread Anne P. Mitchell, Esq.



>> Oops..the link would be helpful, sorry!
>> 
>> We have made the full report available here, including conclusions (full 
>> report both embedded by iframe, and linked to the actual report at DOJ).
> 
> The DOJ web site is hosted on Akamai's CDN.  I don't think anyone's
> had trouble getting to it or downloading the report.  I certainly didn't.

However I was responding to someone who couldn't get it from B  That said, 
our reason for making it available at TIP was that a) not everyone knows how to 
find the DOJ site, and more importantly b) to preserve it if/when the DOJ 
buries it.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




Re: who attacks the weather channel?

2019-04-18 Thread Anne P. Mitchell, Esq.
I not only got it, my best friend in junior high's father was president of SDS. 

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/




> On Apr 18, 2019, at 11:46 AM, John Sage  wrote:
> 
> On 4/18/19 8:26 AM, Stephane Bortzmeyer wrote:
>> On Thu, Apr 18, 2019 at 03:16:34PM +,
>>  Kain, Rebecca (.)  wrote
>>  a message of 69 lines which said:
>>> https://www.cnn.com/2019/04/18/media/weather-channel-hack/index.html
>> May be these people?
>> https://en.wikipedia.org/wiki/Weather_Underground
> 
> umm...
> 
> Thinking this was a joke that, by the replies I've seen, most people are too 
> young to get the reference to radical 60's politics
> 
> Also it seems no one actually clicked through on the link, which would have 
> suggested this
> 
> *sigh*
> 
> 
> - John
> -- 



We have it here, including the conclusions (was Re: Special Counsel Office report web site)

2019-04-18 Thread Anne P. Mitchell, Esq.
Oops..the link would be helpful, sorry!

We have made the full report available here, including conclusions (full report 
both embedded by iframe, and linked to the actual report at DOJ).

https://www.theinternetpatrol.com/the-mueller-report-online-text-of-the-mueller-report-and-analysis/

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



> On Apr 18, 2019, at 8:33 AM, Mel Beckman  wrote:
> 
> B just announced that they are offering free downloads via their Nook 
> reader.  I noticed I couldn’t reach B via IPv6, and discovered the cause :
> 
> nslookup
>> set type=
>> barnesandnoble.com
> Server: 4.2.2.1
> Non-authoritative answer:
> *** Can't find barnesandnoble.com: No answer
> 
>> set type=A
>> barnesandnoble.com.
> Server: 4.2.2.1
> Non-authoritative answer:
> Name:   barnesandnoble.com
> Address: 161.221.74.213
> 
> I don’t know if this is a temporary DNS failure, or B really still has no 
> IPv6 hosted web services :)
> 
> 
> -mel 
> 
>> On Apr 18, 2019, at 6:46 AM, Naslund, Steve  wrote:
>> 
>> Agreed, I remember the biggest problem when the Starr Report was released 
>> was that our dial-up PoPs had all lines busy.  It was a different Internet 
>> then.
>> 
>> Steven Naslund
>> Chicago IL
>> 
>>> Hey Mike.
>>> 
>>> Agreed. But the scale of a 400 page document with global interest? 
>>> Should be highly cached with a good ratio of served to pull bits. I'm 
>>> willing to bet you a beer its just another day on the Internet. 
>>> However, I could be wrong. Hope to see you in DC to collect! I already 
>>> know Brett is in. :)
>> 



Re: Amazon Prime video NOC contact

2019-03-21 Thread Anne P. Mitchell, Esq.
May I have (at least some of) your permission to put this in front of someone 
at AMZ?

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



> On Mar 21, 2019, at 10:13 AM, Brian Pierce  wrote:
> 
> Bradley & Davide,
>  
> I work for an ISP located in central Ohio and we’re experiencing the a 
> similar issue with a newly acquired IP Block, it’s flagged as a VPN/Proxy.
> I’ve not had any success trying their forums or trying to climb through their 
> customer service ladder to hope someone knowledgeable receives my ticket.
> Bradley, if you have any contact info I would greatly appreciate a message 
> off list.
> Davide, if you are able to resolve this issue, please advise how you were 
> able to do so.
>  
> From: NANOG  On Behalf Of Bradley Burch
> Sent: Wednesday, March 20, 2019 2:28 PM
> To: William Herrin 
> Cc: nanog@nanog.org; davide.gela...@wt-tech.it
> Subject: Re: Amazon Prime video NOC contact
>  
> ATTENTION: This email came from an external source. Do not open attachments 
> or click on links from unknown senders or unexpected emails.
>  
> I have had no luck from that forum.
> Davide, I will contact you off list.
>  
>  
> 
> On Mar 20, 2019, at 2:16 PM, William Herrin  wrote:
> 
> On Wed, Mar 20, 2019 at 11:03 AM Davide Gelardi  
> wrote:
> we are an italian ISP/WISP and we are experiecing trouble with Amazon 
> Prime Video. They blocked our customers that cannot view the video. The 
> error says that our IP class is located ouside italy. But this is wrong.
> 
> Have you a contact we can get in touch with?
>  
> Hi Davide,
>  
> You may have some luck here: 
> https://www.amazonforum.com/forums/digital-content/prime-video
>  
> Amazon staff working on Prime Video monitor and respond on that forum. The 
> individuals reading may not be the right people, but they'll likely be on a 
> first name basis with someone who is.
>  
> Regards,
> Bill Herrin
> 
>  
> -- 
> William Herrin  her...@dirtside.com  b...@herrin.us
> Dirtside Systems . Web: 



Re: friday fun - geko outsge

2019-03-15 Thread Anne P. Mitchell, Esq.



> On Mar 15, 2019, at 7:24 PM, Suresh Ramasubramanian  
> wrote:
> 
> Was it trying to help them save on car insurance?

(splorf)

Woulda appreciated a C warning on that. :-)

Anne

---

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop





Re: A Zero Spam Mail System [Feedback Request]

2019-02-18 Thread Anne P. Mitchell, Esq.



> On Feb 17, 2019, at 7:14 PM, Ross Tajvar  wrote:
> 
> I'd be a lot more inclined to read your paper if you weren't so 
> self-righteous about it. Rehashing all the times people disagreed with 
> ("attacked") you is a poor way to encourage others to earnestly engage with 
> your ideas.

Especially when they are well-respected members of both NANOG and the greater 
email community. Seriously?? Attacking John and Suresh??

Anne

*Typed with 1.5 eyes as I'm recuperating from a torn retina, so apologies for 
any typos.

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




Re: Craigslist technical contact - IP Ranges blocked

2019-02-18 Thread Anne P. Mitchell, Esq.
Erik, please contact me offlist with details (IP block, etc.).  We'll shake the 
tree for you.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose


> On Feb 17, 2019, at 11:01 PM, Erik Zhu  wrote:
> 
> Hello All,
> 
> Does anyone know the best way to get connect to Craiglist technical 
> support regarding the blocked IP ranges. We are an ISP in Canada, and 
> since early this year we noticed that most of our IP blocks are blocked 
> on some of the Craigslist's servers. One easy example is finding any 
> items on Craigslist, hit reply, and gives an error "Sorry, something 
> went wrong", the web analyzer indicates status code 403 forbidden.
> 
> I understand that if individual subscriber IP could be automatically 
> blocked due to certain reasons by Craigslist, but I don't know why our 
> entire IP blocks could be blocked, even some IP ranges are never 
> assigned to any active services.
> 
> Did anyone have the encountered the same issue before, how can we get it 
> resolved?
> 
> 
> Thanks,
> 
> Erik
> 



Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

2019-01-11 Thread Anne P. Mitchell, Esq.
Additionally, subscribe mail to the email address is bouncing.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification
http://www.SuretyMail.com/
Certified Sender DNSBL here: iadb.isipp.com 
Info here: https://www.isipp.com/email-accreditation/for-isps/
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting


> On Jan 10, 2019, at 9:57 AM, J. Hellenthal via NANOG  wrote:
> 
> Unfortunately I don’t see this as having very much connectivity where I am at.
> 
> host firemountain.net
> firemountain.net has address 207.114.3.55
> firemountain.net mail is handled by 10 taos.firemountain.net.
> firemountain.net mail is handled by 20 ukiah.firemountain.net.
> 
> host www.firemountain.net
> www.firemountain.net has address 207.114.3.55
> 
> Sending 5, 100-byte ICMP Echos to 207.114.3.55, timeout is 2 seconds:
> !
> Success rate is 20 percent (1/5), round-trip min/avg/max = 51/51/51 ms
> 
> Tracing the route to firemountain.net (207.114.3.55)
> 
>  1  0 msec 0 msec 0 msec
>  2 142.254.152.249 9 msec 9 msec 17 msec
>  3 ae62.nwblwi1801h.midwest.rr.com (24.164.241.145) 16 msec 16 msec 9 msec
>  4 be63.milzwift01r.midwest.rr.com (65.31.112.122) 25 msec 16 msec 17 msec
>  5 be40.clmkohpe01r.midwest.rr.com (65.25.137.109) 25 msec 25 msec 34 msec
>  6 be1.clmkohpe02r.midwest.rr.com (65.29.1.35) 34 msec 34 msec 25 msec
>  7 ae1.uparohgd01h.midwest.rr.com (24.33.161.209) 34 msec 42 msec 25 msec
>  8 69.23.10.160 34 msec 25 msec 25 msec
>  9 rrcs-98-102-146-106.central.biz.rr.com (98.102.146.106) 25 msec 34 msec 25 
> msec
> 10 xe-0-0-0.upa-core1.expedient.com (66.230.78.130) 33 msec 34 msec 25 msec
> 11 et-0-2-0.acm-core2.expedient.com (209.166.144.209) 34 msec 34 msec 34 msec
> 12 irb-4038.acm-core1.expedient.com (209.166.144.21) 33 msec 33 msec 25 msec
> 13 et-3-0-0.152-core2.expedient.com (66.230.78.194) 33 msec 33 msec 34 msec
> 14 ae2.152-core1.expedient.com (66.230.78.161) 42 msec 34 msec 34 msec
> 15 xe-0-3-0.fil-node.expedient.com (206.210.75.234) 42 msec 42 msec 51 msec
> 16 xe-0-3-0.1sc-node.expedient.com (216.230.108.246) 50 msec 42 msec 59 msec
> 17 ten1-6-2.tdp-core.expedient.com (216.230.108.229) 42 msec 42 msec 50 msec
> 18 firemountain.net (207.114.3.55) 50 msec 42 msec 51 msec
> 
> 
> HTH
> 
>> On Jan 10, 2019, at 10:22, Rich Kulawiec  wrote:
>> 
>> The "dumpsterfire" mailing list is for the discussion of security and
>> privacy issues related to the IoT (Internet of Things).  Arguably,
>> the entire IoT *is* a security and privacy issue, but we'll get to that
>> in good time.
>> 
>> If you want to join, you can either use the list's web page:
>> 
>>  http://www.firemountain.net/mailman/listinfo/dumpsterfire
>> 
>> or the list's subscription/unsubscription address:
>> 
>>  dumpsterfire-requ...@firemountain.net
>> 
>> The list is public and so is its archive.
>> 
>> ---rsk
> 
> 
> —
> 
> J. Hellenthal
> 
> The fact that there's a highway to Hell but only a stairway to Heaven says a 
> lot about anticipated traffic volume.
> 
> 
> 
> 
> 



Re: CenturyLink...is being investigated by the FCC

2018-12-28 Thread Anne P. Mitchell, Esq.
And the other latest news is that the FCC is investigating the CenturyLink 
outage:

https://www.theinternetpatrol.com/fcc-investigating-centurylink-outage-says-unacceptable/


> On Dec 28, 2018, at 3:11 PM, Patrick Boyle via NANOG  wrote:
> 
> Yes, there were 911 services affected. The latest word from C-link as of 
> 1:46PM mountain is that all 911 services are restored where they are the 
> provider. I'm not 100% sure if that's system-wide, or just my area in the 
> northwest, however.
> 
> 
> Sent with ProtonMail Secure Email.
> 
> ‐‐‐ Original Message ‐‐‐
> On Friday, December 28, 2018 1:03 AM, Stephane Bortzmeyer  
> wrote:
> 
>> On Fri, Dec 28, 2018 at 07:07:42AM +,
>> Erik Sundberg esundb...@nitelusa.com wrote
>> a message of 131 lines which said:
>> 
>>> CenturyLink will be conducting an extensive post-incident
>>> investigation and root cause analysis to provide follow-up
>>> information to our customers
>> 
>> Is this problem also responsible for the 911 outage? If so, the
>> post-mortem analysis is not useful only for CenturyLink customers but
>> for everyone on the west coast.
> 
> 



Re: CenturyLink

2018-12-27 Thread Anne P. Mitchell, Esq.
Seeing it in Colorado as well.

> On Dec 27, 2018, at 11:45 AM, Naslund, Steve  wrote:
> 
> Anyone have any insight to the nationwide CenturyLink issues/outages today?  
> Just wondering.  Know for sure that our connections to them from Florida, 
> Iowa, and Washington State are all affected.  Voice and data.
>  
> Steven Naslund  
> Chicago IL



Re: [Request] Contact information for CenturyLink network operations

2018-12-20 Thread Anne P. Mitchell, Esq.



>> Hi all,
>> 
>> Got a network issue with a DoS'er originating from Comcast into
>> CenturyLink but unable to find the right people to work on this from
>> the CenturyLink side.  Looking for a contact to reach me off-list to
>> help solve this or insert a block in a upstream router.
> 
> Don, please email me offlist (amitch...@isipp.com);  CenturyLink is now part 
> of Level3...we can get you to the right person.

Oops, as was just pointed out to me offlist, I reversed that (too much blood in 
my caffeine stream)...I should have said that CenturyLink *borged* Level3.

Anne

Re: godaddy contacts

2018-12-20 Thread Anne P. Mitchell, Esq.



> Is anyone from godaddy in this list? We believe they are announcing our BGP 
> pool. The IP in 17th hop IP pool is ours as a result some of our customers 
> are not able to login to godaddy.
>  
> C:\Users\DP>tracert sso.godaddy.com
>  
> Tracing route to sso.godaddy.com [104.238.65.153]
> over a maximum of 30 hops:
>  
>   1 2 ms 1 ms 3 ms  192.168.225.1
>   2 4 ms 2 ms 2 ms  10.24.0.1
>   3 4 ms 2 ms 3 ms  103.40.48.13
>   4 4 ms 2 ms 2 ms  vbc-10g-ccr.vbctv.in [123.108.200.5]
>   5 4 ms 2 ms 2 ms  vbc-10g-asr.vbctv.in [123.108.200.42]
>   6 5 ms 2 ms 2 ms  14.142.71.141.static-hydrabad.vsnl.net.in 
> [14.142.71.141]
>   726 ms32 ms27 ms  172.25.81.134
>   846 ms33 ms35 ms  ix-ae-0-4.tcore1.mlv-mumbai.as6453.net 
> [180.87.38.5]
>   9   150 ms   148 ms   147 ms  if-ae-5-2.tcore1.wyn-marseille.as6453.net 
> [180.87.38.126]
> 10   147 ms   147 ms   146 ms  if-ae-8-1600.tcore1.pye-paris.as6453.net 
> [80.231.217.6]
> 11   147 ms   145 ms   145 ms  if-ae-11-2.tcore1.pvu-paris.as6453.net 
> [80.231.153.49]
> 12 **  143 ms  80.231.153.66
> 13 *  318 ms * ae-1-11.bear1.Phoenix1.Level3.net 
> [4.69.210.157]
> 14   274 ms   337 ms   305 ms  THE-GO-DADD.bear1.Phoenix1.Level3.net 
> [4.16.142.186]
> 15   329 ms   278 ms   340 ms  ip-148-72-32-9.ip.secureserver.net 
> [148.72.32.9]
> 16   269 ms   282 ms   315 ms  ip-184-168-0-117.ip.secureserver.net 
> [184.168.0.117]
> 17   333 ms   289 ms   288 ms  125.62.192.197
> 18 *** Request timed out.
> 19 *** Request timed out.
> 20 *** Request timed out.
> 21 *** Request timed out.
> 22 *** Request timed out.
> 23 *** Request timed out.
> 24   291 ms   275 ms   273 ms  ip-104-238-65-153.ip.secureserver.net 
> [104.238.65.153]
>  
> Trace complete.
>  

Hi Durga - we can get this in front of the right person - may I have permission 
to forward this to GoDaddy?

Anne

---

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




Re: [Request] Contact information for CenturyLink network operations

2018-12-20 Thread Anne P. Mitchell, Esq.



> On Dec 17, 2018, at 11:42 AM, Don Fanning  wrote:
> 
> Hi all,
> 
> Got a network issue with a DoS'er originating from Comcast into
> CenturyLink but unable to find the right people to work on this from
> the CenturyLink side.  Looking for a contact to reach me off-list to
> help solve this or insert a block in a upstream router.

Don, please email me offlist (amitch...@isipp.com);  CenturyLink is now part of 
Level3...we can get you to the right person.

Anne

---
Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose



Re: Looking for Telecom Lawyer

2018-12-12 Thread Anne P. Mitchell, Esq.



> On Dec 12, 2018, at 7:08 AM, Travis Garrison  wrote:
> 
> We are looking for a Telecom Lawyer to help us be a CLEC in the Arkansas, 
> Kansas, Nebraska, Iowa and Oklahoma areas. Also we are looking to setup 
> agreements for peering, transport and resell for ATT and CenturyLink in the 
> same areas and Missouri. We are already a CLEC in Missouri.
>  

Travis, contact Laura Miller:

https://scarincihollenbeck.com/attorneys/laura-m-miller/

Tell her that Crystal Prais (a former colleague) referred you.   Crystal says 
that she is, and I quote, "fantastic".

Anne

---

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop





Re: CLEC Lawyer - New Jersey

2018-12-06 Thread Anne P. Mitchell, Esq.


> Hi Anne,
> 
> My contact there is Crystal Prais.  Her contact information is below.  
> 
> CRYSTAL M. PRAIS | Associate
> cpr...@scarincihollenbeck.com  
> Direct Phone: 201-806-3381 | Direct Fax: 201-806-3482
> 
> Happy connecting!

Thank you, Mark!

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop





Re: CLEC Lawyer - New Jersey

2018-12-06 Thread Anne P. Mitchell, Esq.



> On Dec 6, 2018, at 9:37 AM, Mark Stogdill  wrote:
> 
> Scarinci & Hollenbeck.  We have a NJ CLEC and they worked with us.

Mark, do you have a direct contact there? I'd love to be put in touch with them 
to have the connection; I just joined the board of the Denver IX, and CLEC 
stuff is tangential to my own area of legal expertise, so it's always good to 
know a colleague in a related area.

Thanks either way!

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




Re: QWEST you have broken DNS servers

2018-09-14 Thread Anne P. Mitchell, Esq.
From Qwest/CL:

"we are aware of the issue and expect this to be resolved next month."

 
> 
> Yes please.
> 
>> On 13 Sep 2018, at 2:45 am, Anne P. Mitchell, Esq.  
>> wrote:
>> 
>> 
>> Would you like us to send this to our Qwest/CenturyLink contact?
>> 
>> Anne P. Mitchell, 
>> Attorney at Law
>> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
>> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
>> Legislative Consultant
>> CEO/President, Institute for Social Internet Public Policy
>> Legal Counsel: The CyberGreen Institute
>> Legal Counsel: The Earth Law Center
>> Member, California Bar Association
>> Member, Cal. Bar Cyberspace Law Committee
>> Member, Colorado Cyber Committee
>> Member, Board of Directors, Asilomar Microcomputer Workshop
>> Ret. Professor of Law, Lincoln Law School of San Jose
>> Ret. Chair, Asilomar Microcomputer Workshop
>> 
>> 
>> 
>>> 
>>> I know it takes some time to upgrade DNS servers to ones that are actually
>>> protocol compliant but 4+ years is ridiculous.  Your servers are the only
>>> ones serving the Alexa top 1M sites or the GOV zone that still return 
>>> BADVERS
>>> to EDNS queries with a EDNS option present.  This was behaviour made up by
>>> your DNS vendor.  The correct response to EDNS options that are not 
>>> understood
>>> is to IGNORE them.  This allows clients and servers to deploy support for
>>> new options independently of each other.
>>> 
>>> Additionally this is breaking DNSSEC validation of the signed zones your 
>>> clients
>>> have you serving.  They expect you to be using EDNS compliant name servers 
>>> for
>>> this role which you are not.  No, we are not working around this breakage 
>>> in the
>>> resolver.
>>> 
>>> Mark
>>> 
>>> % dig soa frc.gov. @208.44.130.121 +norec
>>> 
>>> ; <<>> DiG 9.12.1 <<>> soa frc.gov. @208.44.130.121 +norec
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 59707
>>> ;; flags: qr ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>> 
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4096
>>> ;; Query time: 66 msec
>>> ;; SERVER: 208.44.130.121#53(208.44.130.121)
>>> ;; WHEN: Tue Sep 11 06:08:41 UTC 2018
>>> ;; MSG SIZE  rcvd: 23
>>> 
>>> % dig soa frc.gov. @208.44.130.121 +norec +nocookie
>>> 
>>> ; <<>> DiG 9.12.1 <<>> soa frc.gov. @208.44.130.121 +norec +nocookie
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16876
>>> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
>>> 
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4096
>>> ;; QUESTION SECTION:
>>> ;frc.gov.   IN  SOA
>>> 
>>> ;; ANSWER SECTION:
>>> frc.gov.86400   IN  SOA sauthns2.qwest.net. 
>>> dns-admin.qwestip.net. 2180320527 10800 3600 604800 86400
>>> 
>>> ;; AUTHORITY SECTION:
>>> frc.gov.86400   IN  NS  sauthns1.qwest.net.
>>> frc.gov.86400   IN  NS  sauthns2.qwest.net.
>>> 
>>> ;; Query time: 66 msec
>>> ;; SERVER: 208.44.130.121#53(208.44.130.121)
>>> ;; WHEN: Tue Sep 11 06:19:33 UTC 2018
>>> ;; MSG SIZE  rcvd: 145
>>> 
>>> % grep ednsopt=badvers reports/alexa1m.2018-08-26T00:00:06Z | grep edns=ok 
>>> | awk '{print $3}' | sort -u 
>>> (sauthns1.qwest.net.):
>>> (sauthns2.qwest.net.):
>>> % grep ednsopt=badvers reports-full/gov-full.2018-09-11T00:00:06Z  | grep 
>>> edns=ok | awk '{print $3}' | sort -u
>>> (sauthns1.qwest.net.):
>>> (sauthns2.qwest.net.):
>>> % 
>>> 
>>> -- 
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>>> 
>> 
>> 
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
> 




Re: QWEST you have broken DNS servers

2018-09-12 Thread Anne P. Mitchell, Esq.


Would you like us to send this to our Qwest/CenturyLink contact?

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


 
> 
> I know it takes some time to upgrade DNS servers to ones that are actually
> protocol compliant but 4+ years is ridiculous.  Your servers are the only
> ones serving the Alexa top 1M sites or the GOV zone that still return BADVERS
> to EDNS queries with a EDNS option present.  This was behaviour made up by
> your DNS vendor.  The correct response to EDNS options that are not understood
> is to IGNORE them.  This allows clients and servers to deploy support for
> new options independently of each other.
> 
> Additionally this is breaking DNSSEC validation of the signed zones your 
> clients
> have you serving.  They expect you to be using EDNS compliant name servers for
> this role which you are not.  No, we are not working around this breakage in 
> the
> resolver.
> 
> Mark
> 
> % dig soa frc.gov. @208.44.130.121 +norec
> 
> ; <<>> DiG 9.12.1 <<>> soa frc.gov. @208.44.130.121 +norec
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: BADVERS, id: 59707
> ;; flags: qr ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; Query time: 66 msec
> ;; SERVER: 208.44.130.121#53(208.44.130.121)
> ;; WHEN: Tue Sep 11 06:08:41 UTC 2018
> ;; MSG SIZE  rcvd: 23
> 
> % dig soa frc.gov. @208.44.130.121 +norec +nocookie
> 
> ; <<>> DiG 9.12.1 <<>> soa frc.gov. @208.44.130.121 +norec +nocookie
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16876
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;frc.gov. IN  SOA
> 
> ;; ANSWER SECTION:
> frc.gov.  86400   IN  SOA sauthns2.qwest.net. 
> dns-admin.qwestip.net. 2180320527 10800 3600 604800 86400
> 
> ;; AUTHORITY SECTION:
> frc.gov.  86400   IN  NS  sauthns1.qwest.net.
> frc.gov.  86400   IN  NS  sauthns2.qwest.net.
> 
> ;; Query time: 66 msec
> ;; SERVER: 208.44.130.121#53(208.44.130.121)
> ;; WHEN: Tue Sep 11 06:19:33 UTC 2018
> ;; MSG SIZE  rcvd: 145
> 
> % grep ednsopt=badvers reports/alexa1m.2018-08-26T00:00:06Z | grep edns=ok | 
> awk '{print $3}' | sort -u 
> (sauthns1.qwest.net.):
> (sauthns2.qwest.net.):
> % grep ednsopt=badvers reports-full/gov-full.2018-09-11T00:00:06Z  | grep 
> edns=ok | awk '{print $3}' | sort -u
> (sauthns1.qwest.net.):
> (sauthns2.qwest.net.):
> % 
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
> 




Re: Godaddy Contact needed for routing issue

2018-07-26 Thread Anne P. Mitchell, Esq.
Erik, we can help.  Please contact me offlist.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR & CCPA Compliance Consultant
GDPR & CCPA Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/


> Hello,
> 
> 
> Can someone from GoDaddy's routing team contact me off list.
> 
> 
> We have customer's unable to reach 
> www.cat5cableguys.com via the Equinix Chicago - 
> Internet Exchange.
> 
> 
> #traceroute www.cat5cableguy.com
> 
> Wed Jul 25 16:47:08.266 CDT
> 
> Type escape sequence to abort.
> Tracing the route to 184.168.221.11
> 
> 1  ge-0-0-0-8.ar1.chi1.us.nitelusa.net (207.200.195.173) 22 msec  21 msec  21 
> msec
> 2  eqix-ch.godaddy.com (208.115.136.141) 22 msec  22 msec  21 msec
> 3   *  *  *
> 4   *  *  *
> 5   *  *  *
> 
> 
> 
> This website is reachable over other carrier's just not Equinix Chicago - 
> Internet Exchange.
> 
> 
> Thanks
> 
> Erik
> 
> 
> 
> 
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
> previous e-mail messages attached to it may contain confidential information 
> that is legally privileged. If you are not the intended recipient, or a 
> person responsible for delivering it to the intended recipient, you are 
> hereby notified that any disclosure, copying, distribution or use of any of 
> the information contained in or attached to this transmission is STRICTLY 
> PROHIBITED. If you have received this transmission in error please notify the 
> sender immediately by replying to this e-mail. You must destroy the original 
> transmission and its attachments without reading or saving in any manner. 
> Thank you.




Cox contact?

2018-07-23 Thread Anne P. Mitchell, Esq.
Does anybody have a contact at Cox (need networking but I'd take anything)?

Thank you!

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR & CCPA Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: Whois vs GDPR, latest news

2018-05-28 Thread Anne P. Mitchell Esq.



> 
> This is really off-topic for NANOG.  Is there a better place where this
> discussion can be found?

ISIPP hosts several email groups where this conversation would be appropriate.

Anybody who would like to continue the conversation there is welcome to ping me 
offlist requesting to join one or more of those groups...please include your 
full name, for whom you work (if relevant), and a one sentence description of 
your interest in/connection to network security, privacy, and/or policies.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: Whois vs GDPR, latest news

2018-05-28 Thread Anne P. Mitchell Esq.



> On May 27, 2018, at 3:19 AM, Michel 'ic' Luczak  wrote:
> 
> Still on ec.europa.eu  they seem to try to reassure 
> SMEs that the penalties will be “proportionate” both to the nature of the 
> infringement and to the size to the company. It also seem to largely be 
> related to whether you infringed the regulation in good faith or not. At 
> least in France where I live the climate is pro-SMEs so I guess small 
> mistakes will be forgiven. The head of our DPA also gave an interview 
> recently saying that there will be no sanctions in the coming months and that 
> they’re available to answer questions when in doubt about what to do.

Here's the thing...unless the EU is vastly different from the US in terms of 
legislative construction, what any third-party says - even those involved in 
developing the law - is almost (not completely, but almost) immaterial to how 
the law will be applied.  The law *is the law*, and nothing anybody says about 
it will have much impact on how it will be construed by a court of law.  Which 
is why:

> Lastly, our law firm told us that basically we have to wait until the first 
> settlements to see what will be done…

..exactly.  The law will have to be construed and refined by lawsuits (unless a 
newer law clarifies or supersedes it).

And this is why we take a strict, conservative view of what one has to do to 
get into compliance.  Because our job is to keep the entities with whom we 
consult on GDPR from becoming those test cases.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: Whois vs GDPR, latest news

2018-05-24 Thread Anne P. Mitchell Esq.


> On May 23, 2018, at 7:18 PM, K. Scott Helms  wrote:
> 
> Anything that can tie back to an individual data subject is PII, that means 
> email addresses, names in combination with addresses or phone numbers, finger 
> prints, or even insufficiently abstracted internal ID numbers/codes.

Don't forget IP addresses, as part of the wonderfully vague "online 
identifiers".

> Notice I didn't say EU citizen there, that's because the law and regulations 
> (GDPR consists of both) intentionally cover any natural person in any of the 
> 28 EU nations including the citizens of non-EU nations.
>  I don't go as far as I think Anne was suggesting, in that someone in EU 
> airspace who sent an email or made a purchase is now suddenly an EU data 
> subject. 

You may accuse me of being a lawyer here (and rightly so :-) ), but "in", as in 
"in the Union" (which is the actual language) is very much open to 
interpretation.  In a judicial system where lawsuits have turned on  - I kid 
you not - the interpretation of what a comma meant, I can almost guarantee you 
that "in the Union" is going to get interpreted through lawsuits, and it is 
absolutely not outside the realm of possibility that a U.S. citizen visiting in 
the EU will bring a lawsuit based on something happening with their PII while 
they were "in the Union".

> Any company that is covered by the GDPR must be extremely careful that any 
> company they do business with is also compliant if that company will have 
> access or act as a data processor.  That means that if you are a US company 
> that has US only customers, but some of your customers have employees that 
> are US citizens but who live in an EU nation then they are bound to only use 
> providers that are GDPR compliant.  Now, this will result in contractual 
> disputes and/or loss of business rather than having EU regulators fine your 
> company directly.  The end result is that many many many companies that don't 
> sell or market to the EU are finding themselves needing to comply in the same 
> way that companies that sell services to medical companies often have to 
> follow HIPAA  (and be audited) even though they provide medical services 
> themselves.
> 

Actually, GDPR specifically requires processors to include statements of 
compliance right in their contracts;  we also strongly recommend that 
controllers insist on indemnification clauses in their contracts with 
processors, because if the processor screws up and there is a breach, the 
_controller_ can also be held liable, and the financial penalties in GDPR are 
very stiff.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR Compliance Consultant
GDPR Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell







Re: Whois vs GDPR, latest news

2018-05-23 Thread Anne P. Mitchell Esq.


> On May 23, 2018, at 11:05 AM, K. Scott Helms  wrote:
> 
> Yep, if you're doing a decent job around securing data then you don't have 
> much to be worried about on that side of things.  The problem for most 
> companies is that GDPR isn't really a security law, it's a privacy law (and 
> set of regulations).  That's where it's hard because there are a limited 
> number of ways you can, from the EU's standpoint, lawfully process someone's 
> PII.  Things like opting out and blanket agreements to use all of someone's 
> data for any reason a company may want are specifically prohibited.  Even 
> companies that don't intentionally sell into the EU (or the UK) can find 
> themselves dealing with this if they have customers with employees in the EU. 

Or if someone who is a U.S. citizen and resident goes to the org's U.S.-based 
website and orders something (or even just provides their PII)... but happens 
to be in a plane flying over an EU country at the time.  Because GDPR doesn't 
talk about residence or citizenship, it talks only about a vague and ambiguous 
"in the Union", and I can certainly envision an argument in which the person in 
the plane claims that they were, technically, "in the Union" at the time. 

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




Re: Whois vs GDPR, latest news

2018-05-23 Thread Anne P. Mitchell Esq.


> On May 23, 2018, at 10:21 AM, Daniel Brisson  wrote:
> 
>> Also, don't forget the private right of action.  Anyone can file anything in 
>> the U.S. courts... you  may get it dismissed (although then again you may 
>> not) but either way, it's going to be time and money out of your pocket 
>> fighting it.  MUCH better to just get compliant than to end up a test case.
> 
> Isn't "better" a factor of how much it costs to become compliant with GPDR?  
> I'm no expert, but some of the things I've heard sounded not trivial to 
> implement (read potentially BIG investment).
> 
> -dan

In our experience, orgs that are already following all industry best practices 
are, generally, at least 70% of the way to becoming compliant already.   Where 
it can get expensive for the ones who aren't is in hardening their systems to 
provide for better security/privacy.  U.S. companies are used to being able to 
drink at the firehose of data that is collected here in the U.S., and use it 
however they want.. this is the real major change.  I suppose you could say 
it's expensive in that it is reducing the ways they can monetize that data. 

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR Compliance Consultant
GDPR Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell



Re: Whois vs GDPR, latest news

2018-05-23 Thread Anne P. Mitchell Esq.


> On May 23, 2018, at 9:59 AM, Owen DeLong  wrote:
> 
> 
> 
>> On May 23, 2018, at 08:53, John Levine  wrote:
>> 
>> In article 
>>  you 
>> write:
>>> I asked one of the EU regulators at RSA how they intended to enforce GDPR
>>> violations on businesses that don't operate in their jurisdiction and
>>> without hesitation he told me they'd use civil courts to sue the offending
>>> companies.
>> 
>> He probably thought you meant if he's in France and the business is in
>> Ireland, since they're both in the EU.  Outside the EU, on the other
>> hand, ...
>> 
>> If they try to sue in, say, US courts, the US court will ask them to
>> explain why a US court should try a suit under foreign law.  There is
>> a very short list of reasons to do that, and this isn't on it.
> 
> Actually, due to treaty, it is. At least according to some lawyers that have 
> been advising ICANN stakeholder group(s). 
> 

Also, don't forget the private right of action.  Anyone can file anything in 
the U.S. courts... you  may get it dismissed (although then again you may not) 
but either way, it's going to be time and money out of your pocket fighting it. 
 MUCH better to just get compliant than to end up a test case.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: Level 3 Looking Glass Broken

2018-05-15 Thread Anne P. Mitchell Esq.
Gary, may we share this with our Level3 contacts?
 
> 
> I'm seeing issues with Level 3's looking glass 
> (https://lookingglass.level3.net) since they rolled out the new one with the 
> CenturyLink branding. Any query results in "Invalid usage. POST variable not 
> set.". Also, the radio buttons under the "Information Category" selection 
> allow more than one selection (and no way of deselecting anything). I tried 
> opening a ticket L3 under one of my transit circuits and was told that the 
> NOC doesn't deal with it, and I should talk to our account team (as fun as 
> that sounds, I'd rather stick my head in a blender).
> 
> Anyone on this list have any clout inside L3 to get this fixed?
> 
> Cheers,
> 
> GTG




Re: Is WHOIS going to go away?

2018-04-25 Thread Anne P. Mitchell Esq.

 
> 
> Well, personally for me, I use secret registration because I was tired of all 
> the spam I got. Spammers scrape whois data for email addresses. I not trying 
> to hide my identity on the web, I just don't like spam. I'm not some dark 
> evil force.

And of course then there's the conventional wisdom that (some) anti-spammers 
see secret registration as a sign that you are likely a spammer, or otherwise 
engaged in bad activities.

Anne (who is of course professionally trained as a dark evil force ;-) )

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




Re: Amazon Geolocation

2018-04-24 Thread Anne P. Mitchell Esq.
We have been told that the best, most expeditious way to get this resolved is:

 "https://www.amazonforum.com/forums/digital-content/prime-video, it's actively 
monitored, and confirmed issues are escalated to the correct engineering team."

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center



Re: Amazon Geolocation

2018-04-24 Thread Anne P. Mitchell Esq.
Sam, may I share this with our Amazon contacts?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center

 
> 
> Hey all,
> 
> Having a hard time finding someone within Amazon to understand geolocation
> problems.  We have lots of customers that started getting the amazon prime 
> video
> message about not being able to watch because of geolocation / vpn 
> restrictions.
> 
> We are a wisp.  We run BGP with our own netblocks and upstream netblocks.  We
> have at least 15 customers that have reported this problem - many of which
> opened tickets directly with amazon but they have no clue.  My guess is its
> related to entire netblocks.  
> 
> MaxMind shows the correct info and always has. 
> 
> Can someone point me to a contact at Amazon that can help?
> 
> Thx,
> Sam
> 
> 
> 
> 




Re: Someone from T-Mobile who can shake a ticket loose?

2018-03-06 Thread Anne P. Mitchell Esq.

 
> 
> Sorry for using the white paging phone, but I have an IPv4 reachability 
> ticket that I opened back in January that’s stuck in limbo.
> 
> Ticket number is either 26088938 or 18444951.  Users on T-Mobile data can’t 
> reach services in 208.89.64.0/21, specifically 208.89.64.154.

We have a T-mobile contact, would you like us to reach out to them on your 
behalf?  If so, permission to include the above?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell



Re: Craigslist Blocks

2018-02-27 Thread Anne P. Mitchell Esq.

 
> 
>> If someone wants to send me a copy of the block message, and at least one IP 
>> that is blocked, I'll see what we can do.

This has been passed along to our contact; will let folks know what we hear 
back.

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: Craigslist Blocks

2018-02-26 Thread Anne P. Mitchell Esq.
If someone wants to send me a copy of the block message, and at least one IP 
that is blocked, I'll see what we can do.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose


 
> 
> Same thing here. I've had unresolved issues for months. Tried multiple ways 
> of contact, including email in block message. No luck.
> 
> Joshua Stump
> Network Admin
> Fourway.NET
> 800-733-0062
> 
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Brett A Mansfield
> Sent: Monday, February 26, 2018 9:03 AM
> To: Chris Gross 
> Cc: NANOG 
> Subject: Re: Craigslist Blocks
> 
> I’ve been having the same problem. I’d also like a contact off list from 
> someone who can do something about it. 
> 
> Thank you,
> Brett A Mansfield
> 
>> On Feb 26, 2018, at 5:54 AM, Chris Gross  wrote:
>> 
>> Is there anyone from Craigslist here or anyone have a better way to deal 
>> with their blocks? There's a contact e-mail in the block messages when 
>> trying to visit, but there's never gets a response back when we try it. 
>> Please hit me up off list.
> 
> 
> 




Re: Amazon Contact

2017-12-14 Thread Anne P. Mitchell Esq.
> Hoping to chase down a contact off-list for someone who deals with Amazon
> Instant Video Streaming. Running into an issue with a few blocks being
> mismarked this morning.

Ryan, please ping me offlist, we may be able to assist.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell


Anyone from Earthlink here?

2017-11-29 Thread Anne P. Mitchell Esq.
If anybody is here from Earthlink - or knows anyone at Earthlink, could you 
pretty please connect with me?

Thank you!

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: GO DADDY Person?

2017-11-07 Thread Anne P. Mitchell Esq.
 
> 
> Is there a GoDaddy person on this list?
> 
> There is a domain that has been created that is 100% a bot and need to flag
> it immediately.

Ilissa, may we share this directly with our GoDaddy contact, including your 
contact information?

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: Contact at Charter Communications?

2017-08-24 Thread Anne P. Mitchell Esq.
Hi Chris!

I've pinged our contact at Charter, will let you know if I come up with a 
contact for you.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Board of Directors, Greenwood Wildlife Rehabilitation
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell

Re: AT NOC contact?

2017-08-24 Thread Anne P. Mitchell Esq.

 
> 
> Hello,
> 
> Is there someone at AT on the mailing list I can talk to regarding a
> possible routing loop getting from AT to Box?
> 

Sahil - have pinged our AT contact ..will let you know what I hear.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Board of Directors, Greenwood Wildlife Rehabilitation
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell



Contact at Orange?

2017-08-01 Thread Anne P. Mitchell Esq.
Does anybody here have a contact at Orange?  Asking for a colleague.

Thank you!

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Board of Directors, Greenwood Wildlife Rehabilitation
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: loc.gov

2017-07-08 Thread Anne P. Mitchell Esq.



> I see http://congress.gov/ is out too.
> 
> 
> 
> On Sat, Jul 8, 2017 at 4:43 PM, Joly MacFie <j...@punkcast.com> wrote:
> 
>> (sorry I'm not on the outage list)
>> 
>> Any clues as to what the problem is at the Library of Congress? Appears to
>> be DNS. Is it a DDOS?
>> 
>> http://www.loc.gov/

These both load for me.

Anne

Anne P. Mitchell, Esq.
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Board of Directors, Greenwood Wildlife Rehabilitation
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell




Re: Vendors spamming NANOG attendees

2017-06-21 Thread Anne P. Mitchell Esq.

> On 6/13/17 10:28 PM, Mel Beckman wrote:

>> But as I said, harvesting emails is not illegal under can spam. 

But it is illegal under the laws of nearly every other technology-enabled 
developed country. And there are at least a few people on this list who are in 
those countries.

And once GDPR goes into effect there will be even more available remedies.

Anne*

*Dictated due to broken wrist, please forgive top posting and any weird grammar 
or typos.

Anne P. Mitchell, 
Attorney at Law
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Board of Directors, Greenwood Wildlife Rehabilitation
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



Re: Vendors spamming NANOG attendees

2017-06-15 Thread Anne P. Mitchell Esq.



> You make a good point. But I wonder how often spammers are so obvious, and I 
> wonder if his "leveraging" falls amiss of CAN-SPAM's specific prohibition:
> 
> 
> (I) harvesting electronic mail addresses of the users of a website, 
> proprietary service, or other online public forum operated by another person, 
> without the authorization of such person; and
> 

Unfortunately, the actual language of that provision requires that the website 
from which it was scraped must also include a notice stating that the website 
will not "give, sell, or otherwise transfer addresses maintained by such 
website".

Here is the actual language:

"(i) the electronic mail address of the recipient was
obtained using an automated means from an Internet
website or proprietary online service operated by
another person, and such website or online service
included, at the time the address was obtained, a notice
stating that the operator of such website or online service
will not give, sell, or otherwise transfer
addresses maintained by such website or online service
to any other party for the purposes of initiating, or
enabling others to initiate, electronic mail messages;"

It would be interesting* if people had language printed right on their business 
cards along the lines of:

"The presence of my email address on this card does not constitute permission 
for you to email me absent a prior agreement, or to put my email address on a 
mailing list."

*And by interesting, I mean legally interesting. ;-)

Anne*

*Dictated due to broken wrist, please forgive top-posting and any weird grammar 
or typos

Anne P. Mitchell, 
Attorney at Law
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Board of Directors, Greenwood Wildlife Rehabilitation
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




New Trusted Reporters list

2017-04-29 Thread Anne P. Mitchell, Esq.
All,

Over on another email admin list, a discussion when a participant posted a spam 
sample, and was told "this isn't the place to post spam samples", led to our 
forming a private, confidential group where people *can* share spam samples, 
and discuss related matters.

So, we have created that list, which we are calling the Trusted Reporters list.

TR is *not* a list for reporting spam *to abuse desks*. It is *not* intended as 
a list where one could say "so and so is spamming me from $ISP" and someone 
from $ISP would look into it (although of course if they are on the list, I 
suppose that they could).

TR is *not* a public list where one can publicly post spam.  It is, again, a 
private, confidential list of trusted reporters, for the purpose of discussing 
spam seen in the wild, ways of dealing with it, and related issues.  For 
example, I have routinely been receiving spam from, among others, Ezoic and 
planetdatabase.com.  I *do* report them, but given that the are sending through 
places like Google and Amazon AWS  it's been useful in this endeavor that at 
least one colleague has also taken an interest in it.

TR *is* a list for those who are interested in learning about the sources of 
spam when they trust the person who is reporting that information.  They can do 
with that information what they will.

TR is a confidential, private list for email *receivers* and *hosts*, and 
others in the anti-abuse industries.  So ISPs, ESPs, spam filters, blacklists, 
etc..

TR is *not* a list for primary senders.

So, if you want to be part of this private, confidential list to report and 
discuss spam, and related matters, send a note to:

trustedreporters-requ...@isipp.com

with 'subscribe' in the subject line.

Please include in your subscribe request your name, a bit about yourself and 
your role in email anti-abuse (this is a list for email receivers and others on 
the email receiver side of the industry (as compared to primarily email 
senders)), and that you are from NANOG.

Anne

Anne P. Mitchell, 
Attorney at Law
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Member, California Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop Member, Board of 
Directors, Greenwood Wildlife Rehabilitation Center
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop





Re: godaddy contact

2015-03-26 Thread Anne P. Mitchell, Esq.
 Anyone from godaddy on here or have contact details for them? We are
 having a routing issue to them.
 

Tim, please contact me offlist.

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Reputation, Accreditation  Certification
Your mail system + SuretyMail accreditation = delivered to their inbox!
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 




Re: AOL Postmaster

2015-02-24 Thread Anne P. Mitchell, Esq.
For anyone having issues with AOL right now, if you would like, contact me 
offlist and I will see what I can do about getting it in front of our contact 
at AOL.  Please be as specific as you can be about the issue, about who 
controls the IPs, about your own role and authority over the IPs and the email 
that flows through them, and please include at least one sample if possible.

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Reputation, Accreditation  Certification
Your mail system + SuretyMail accreditation = delivered to their inbox!
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 




Re: What would you do about questionable domain pointing A record to your IP address?

2015-02-23 Thread Anne P. Mitchell, Esq.

Thank you, everyone, for all of the responses, both on and offlist!

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Reputation, Accreditation  Certification
Your mail system + SuretyMail accreditation = delivered to their inbox!
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 




What would you do about questionable domain pointing A record to your IP address?

2015-02-20 Thread Anne P. Mitchell, Esq.
All,

We have a rather strange situation (well, strange to me, at least).

We have an email reputation accreditation applicant, who otherwise looks clean, 
however there is a very strange and somewhat concerning domain being pointed to 
one of the applicant's IP addresses  Let's call the domain example.com, and the 
IP address 127.0.0.1, for these purposes.

Applicant is assigned 127.0.0.1.  the rDNS correctly goes to their own domain.

However, example.com (which in reality is a concerning domain name) claims 
127.0.0.1 as their A record. 

Of course, example.com is registered privately, and their DNS provider is one 
who is...umm... known to provide dns for domains seen in spam.

As I see it, the applicant's options are:

a) just not worry about it and keep an eye on it

b) publish a really tight spf record on it, so if they are somehow compromised, 
email appearing to come from example.com and 127.0.0.1 should be denied

c) not use the IP address at all (it's part of a substantially larger block)

d) two or more of the above.

Thoughts?  What would you do?

Thanks!

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Reputation, Accreditation  Certification
Your mail system + SuretyMail accreditation = delivered to their inbox!
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 





Anybody at Amazon AWS?

2014-12-04 Thread Anne P. Mitchell, Esq.
Anybody have a contact at Amazon AWS?

I sent in a spam complaint, and got back the below response - while I give them 
kudos for actually, you know, responding, I'm pretty sure that we can all agree 
that sending the same canned message to email addresses scraped off websites 
is the very definition of spam, yet somehow the EC2 abuse team seems to 
consider it a perfectly acceptable explanation  - I'd sure love to discuss this 
with someone with a clue at Amazon AWS
---

Our customer has responded to your abuse report and provided the following 
information

The below emails were sent individually to the recipient using a canned 
message. There is no automation or mass emailing at all. Our publisher 
representative personally visited each of the below websites, decided they were 
right for our service and emailed them individually. The emails are sent 
through gmail using a web interface to their API.

Let me know if you require any additional information.

Dwayne

If you are satisfied with the above information, there is no need to respond to 
this notice. If you are not satisfied, please respond with a clear, succinct 
reason for dissatisfaction and what results you desire from our customer. We 
will make every reasonable attempt to work with you and our customer to resolve 
this matter.  

Thank you,
The EC2 Abuse team

---

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Accreditation  Certification
Your mail system + SuretyMail accreditation = delivered to their inbox!
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
https://www.linkedin.com/in/annemitchell
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 




Re: Need Godaddy Contac

2014-11-21 Thread Anne P. Mitchell, Esq.
Larry, please contact me offlist and we'll ping one of our GD contacts for you.

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Accreditation  Certification
Your mail system + SuretyMail accreditation = delivered to their inbox!
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
https://www.linkedin.com/in/annemitchell
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 



 I have a question that Godaddy support will not answer.
 
 
 
 My son moved a word press site to Godaddy from another host.
 
 
 
 Apparently, unbeknowest to him, the original wordpress site was also the
 email host.
 
 
 
 The mail was moved from the old server to the new server but the email was
 never properly set up via the GoDaddy Cpanel
 
 
 
 Question for a Godaddy Guru.  
 
 
 
 if we set up the email through the cpanel, will it erase any mail currently
 in the accounts on the linux wordpress machine, or even acknowledge that the
 exist email is there?
 
 
 
 Any help would be GREATLY appreciated and Thanks..
 
 



Need Contacts at ISPs and ESPs in Ireland

2014-11-06 Thread Anne P. Mitchell, Esq.
All,

I'm currently in Ireland, and would very much like to connect with both ISPs 
and ESPs while I'm here.  

Any contacts that you can pass along would be greatly appreciated!

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Accreditation  Certification
Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
https://www.linkedin.com/in/annemitchell
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 



Re: Match.com contact - Previously: GMail contact - misroute / security issue

2014-09-29 Thread Anne P. Mitchell, Esq.

 Does anyone have any Match.com contacts?  I'll try going that route to 
 get the messages stopped.  (Including emailing postmaster@ and abuse@ to 
 see if they can help.)

I've contacted Grant offlist to provide him with a contact.

Anne

Anne P. Mitchell, Esq.
CEO/President
ISIPP SuretyMail Email Accreditation
Your mail system + SuretyMail accreditation = delivered to their inbox!
http://www.SuretyMail.com/

Author: Section 6 of the Federal CAN-SPAM Act of 2003
Member, California Bar Cyberspace Law Committee
Ret. Professor of Law, Lincoln Law School of San Jose
https://www.linkedin.com/in/annemitchell
303-731-2121 | amitch...@isipp.com | @AnnePMitchell | Facebook/AnnePMitchell 




Re: Richard Bennett, NANOG posting, and Integrity

2014-07-26 Thread Anne P. Mitchell, Esq.

Suresh wrote:

 The debate is dominated by the parties of the first part unfortunately (and
 add professors of law to this already toxic mix)

Ahem.  I resemble that remark.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President
Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Author: Section 6 of the Federal CAN-SPAM Act of 2003
Ret. Professor of Law, Lincoln Law School of San Jose


Re: Large DDoS, small extortion

2014-05-24 Thread Anne P. Mitchell, Esq.

 Law enforcement and victims have different objectives.  Law enforcement
 wants to find the criminal, gather sufficient evidence to prove their
 guilt, then prosecute them.  More attacks helps law enforcement.
 
 The victims, in general, want the attacks to stop.

Actually, our experience in this particular case  (it is the same person(s) 
hitting all of the targets, even using the same email addresses, etc.) is that 
the victims want to find the guy too.  In fact, I can say with a fair degree of 
certainty that the coordinated efforts of a dedicated group of victims, who 
have come together without regards to the fact that they are otherwise 
'competitors' in business, and who have furnished the agencies with useable 
technical information about the attacks, have given the agencies a substantial 
leg up in the investigation.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President
Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Author: Section 6 of the Federal CAN-SPAM Act of 2003
Ret. Professor of Law, Lincoln Law School of San Jose



Re: Large DDoS, small extortion

2014-05-23 Thread Anne P. Mitchell, Esq.
The FBI is all over this, I was coordinating between the agency and several of 
those first attacked, for a while, and am still in touch with the agency.  
There is also a private group of the C-level folks of those orgs that have been 
attacked, who are talking and sharing amongst themselves.

For anybody here who has been targeted, contact me offlist 
(amitch...@isipp.com) if you would a) like to be put in touch with the agency 
contact who is dealing with this (which I highly recommend) and b) if you'd 
like an invitation to the private group.

I'm on digest, so won't see replies to the list very quickly.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President
Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Author: Section 6 of the Federal CAN-SPAM Act of 2003
Ret. Professor of Law, Lincoln Law School of San Jose

Re: How to catch a cracker in the US?

2014-03-13 Thread Anne P. Mitchell, Esq.



 I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a
 customers of mine in the last days. The cracker was successful and caused
 financial damage / was successful with data theft. I set a trap and finally
 caught his real IP address - a Comcast user in the US (100% not a proxy or
 bot). What would be the next steps to pursuit him? If I contact local
 authorities here in Germany I'm afraid months will pass by and Comcast will
 have possible already deleted their logs by then (?). Any advice?
 

Marcus, if you have not already connected with them, ping me offlist and I will 
try to connect you with our FBI cybercrime contact.  A preservation letter from 
them to Comcast, to start, will likely be far more effective than one from you.

I'm sorry for not responding sooner;  I only just saw this as I'm on digest 
here. 

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President
Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Author: Section 6 of the Federal CAN-SPAM Act of 2003


Re: Help me make sense of these traceroutes please

2013-12-25 Thread Anne P. Mitchell, Esq.

 with a bunch of IT folks and an ample supply of Guinness.

My ex used to call it design fluid. :-)

Happy holidays, everyone!

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President
ISIPP SuretyMail Email Accreditation
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee
Author: Section 6 of the CAN-SPAM Act of 2003

How do you get to the inbox instead of the spam filter?  SuretyMail!
Helping businesses keep their email out of the junk folder since 1998
http://www.isipp.com/SuretyMail

Author, They're Your Kids Too:  The Single Father's Guide to Defending Your 
Fatherhood in a Broken Family Law System 
http://www.amazon.com/Theyre-Your-Kids-Too-Fatherhood/dp/061551443X


Re: Do you obfuscate email headers when reporting spam issues to clients?

2013-11-06 Thread Anne P. Mitchell, Esq.



 On Wed, Nov 6, 2013 at 1:30 PM, Landon landonstew...@gmail.com wrote:
 How much trouble does your abuse department go to in order to obfuscate
 headers when providing evidence of spamming activity regardless of if it?s
 intentional/professional spammer activity or some kind of malware infection
 allowing a third party to spam.  Especially for the pro spammers, we don?t
 want them list washing anything or worse yet becoming privy to spamtrap
 data if the reporting party wasn?t smart enough to obfuscate their own data
 before sending in the report.
 
 Howdy,
 
 It depends on the exact situation, but the general-purpose answer is:
 none. zero. zip.
 
 The customer usually can't act on your information unless he can line
 it up with an entry in his own logs. He needs lots of details in the
 headers to figure out which computer or which of his users the message
 came from. And he needs that information to determine whether the
 message really came from his system -- headers get forged, you know.

Because this is an issue inherent primarily with bulk mail, we remove all 
identifying information *except* the unsub link, which *should* have a unique 
identifying token embedded within, from which the sender *should* be able to 
determine the complainant's email address.  And, if there is no such link, we 
use that as an opportunity to educate them as to *why* they need to include 
such a link (mind you, in order to be accredited with us the sender has to have 
already demonstrated that they comply with including an unsub link, but because 
many of our accreditation customers are ESPs, their customers may sometimes not 
be modelling 100% of best practices).

Regardless of unsub link, or anything else, if we get a spam complaint against 
one of our customers, we hold their feet to the fire, and require them to 
explain exactly how the particular list was built, how the address was 
acquired, etc..  Failure to do so can (and usually does) result in termination 
of their accreditation - in the case of an ESP, they have to take corrective 
measures against their spamming customer or the ESP will lose their 
accreditation.

Anne

Anne P. Mitchell, Esq.
Author: Section 6 of the CAN-SPAM Act of 2003
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee

How do you get to the inbox instead of the spam filter?  SuretyMail!
Helping businesses keep their email out of the junk folder since 1998
http://www.isipp.com/SuretyMail





Re: Do you obfuscate email headers when reporting spam issues to clients?

2013-11-06 Thread Anne P. Mitchell, Esq.


 so aside from the abusers his customers will tend to
 be heavy on single-recipient administrative emails rather than mailing
 lists.

Then, if they are truly one-to-one administrative emails, that's rather odd if 
they are generating a disproportionate number of spam complaints, dontcha 
think?  Unless they are inserting too much marketing into to them (always 
dicey).

 Failure to do so can (and usually does)
 result in termination of their accreditation
 
 Accreditation of what?

I'll respond more fully to this offlist, as it's OT, but the short answer is 
that we accredit email senders who are adhering to best practices (not unlike 
ReturnPath, only we're the other white meat).

Anne

Anne P. Mitchell, Esq.
Author: Section 6 of the CAN-SPAM Act of 2003
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee

How do you get to the inbox instead of the spam filter?  SuretyMail!
Helping businesses keep their email out of the junk folder since 1998
http://www.isipp.com/SuretyMail




Looking for a part-time contractor..

2013-08-12 Thread Anne P. Mitchell, Esq.
All, 

I hope this is an ok place to post this - the people on this list have a unique 
skill-set and world view that is exactly in synch with that for which we are 
looking. :-)

We're looking for someone for some very limited (in terms of hours) part-time 
contract work..but ongoing, regular work… the person needs to have a keen sense 
of why did this email fail delivery and/or why is this email going to the 
junk folder and why did this email end up blacklisted (this is for email 
sent by white hat senders, or at very least senders who are trying to be white 
hat - *not* for black hat stuff).

So, basically, someone who, when shown an email (full headers, etc.) their 
first thought would be to check whether authentication was set up properly, is 
rDNS set up properly, what does the content look like, what are the IPs of the 
various hops and are any of them blacklisted, etc. etc..

If anyone here has that background/skill set and might be interested in, say, 5 
to 10 hours a week extra work (remote, time of day not important so long as 
they are available most days, so ideal for picking up some extra cash after 
$DAYJOB), please let me know offlist.  Please also feel free to send this to 
anyone you think might be a good fit, so long as you'd be willing to vouch for 
them.

Thanks!

Anne

Anne P. Mitchell, Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003
CEO/President: Institute for Social Internet Public Policy
Providers: SuretyMail Email Accreditation
Member: California Bar Cyberspace Law Committee




Re: Looking for a part-time contractor..

2013-08-12 Thread Anne P. Mitchell, Esq.
We need someone to help with some overflow. :-)

Dictated on my phone, apologies for any tupos.

On Aug 12, 2013, at 12:50 PM, Blake Dunlap iki...@gmail.com wrote:

 The email address you're sending from is for a service that does what you're 
 asking for, and your signature lists you as the CEO, so I guess all I can say 
 is, in the words of Bob: What would ya say... ya do here?
 
 -Blake
 
 
 On Mon, Aug 12, 2013 at 1:00 PM, Anne P. Mitchell, Esq. amitch...@isipp.com 
 wrote:
 All,
 
 I hope this is an ok place to post this - the people on this list have a 
 unique skill-set and world view that is exactly in synch with that for which 
 we are looking. :-)
 
 We're looking for someone for some very limited (in terms of hours) 
 part-time contract work..but ongoing, regular work… the person needs to have 
 a keen sense of why did this email fail delivery and/or why is this email 
 going to the junk folder and why did this email end up blacklisted (this 
 is for email sent by white hat senders, or at very least senders who are 
 trying to be white hat - *not* for black hat stuff).
 
 So, basically, someone who, when shown an email (full headers, etc.) their 
 first thought would be to check whether authentication was set up properly, 
 is rDNS set up properly, what does the content look like, what are the IPs 
 of the various hops and are any of them blacklisted, etc. etc..
 
 If anyone here has that background/skill set and might be interested in, 
 say, 5 to 10 hours a week extra work (remote, time of day not important so 
 long as they are available most days, so ideal for picking up some extra 
 cash after $DAYJOB), please let me know offlist.  Please also feel free to 
 send this to anyone you think might be a good fit, so long as you'd be 
 willing to vouch for them.
 
 Thanks!
 
 Anne
 
 Anne P. Mitchell, Attorney at Law
 Author: Section 6 of the CAN-SPAM Act of 2003
 CEO/President: Institute for Social Internet Public Policy
 Providers: SuretyMail Email Accreditation
 Member: California Bar Cyberspace Law Committee
 


Contacts at ISPs in Mexico?

2013-07-30 Thread Anne P. Mitchell, Esq.
Are there any Mexico ISPs on the list or does anybody here have any contacts at 
any Mexican ISPs?

Thank you,

Anne

Anne P. Mitchell, Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003
CEO/President: Institute for Social Internet Public Policy
Providers: SuretyMail Email Accreditation
Member: California Bar Cyberspace Law Committee




Re: [SHAME] Spam Rats

2013-01-10 Thread Anne P. Mitchell, Esq.
Just as a data point (and to initiate my semi-annual  'I'm still here' email), 
we of course check for and require PTRs for all of our email accreditation 
customers, many of which are ESPs, and you would be *shocked* (or maybe you 
wouldn't) how many otherwise relatively clueful and 'wanting to do it right' 
senders have no clue at all about PTR.

Anne

Anne P. Mitchell, Esq
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee

How do you get to the inbox instead of the spam filter?  SuretyMail!
How do you protect your inboxes from spam while reducing false positives?  
SuretyMail!
http://www.SuretyMail.com




Re: Amazon Abuse contact

2012-12-05 Thread Anne P. Mitchell, Esq.

 
 On Tue, Dec 4, 2012 at 5:40 PM, Mark Keymer m...@viviotech.net wrote:
 If there is a Amazon Abuse person our there or if someone has a good contact
 to someone at Amazon can you message me off-list.
 
 We have put in some Abuse request a couple of days ago and have not heard
 back. It would be great to talk with someone about an issue effecting one of
 our clients and the use of Amazon. (Cloud instances I believe)

Mark, did you get a contact?  If not, please ping me off list and I will 
connect you with our contact.

Anne

Anne P. Mitchell, Esq
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee

How do you protect your inboxes from spam while reducing false positives?  
SuretyMail!
http://www.SuretyMail.com




Re: William was raided for running a Tor exit node. Please help if you can.

2012-12-01 Thread Anne P. Mitchell, Esq.

 Example of an actual warrant:
 
 
 https://www.eff.org/sites/default/files/filenode/inresearchBC/EXHIBIT-A.pdf

Please also keep in mind, if it's relevant, that *no warrant* is required for 
data that is stored by a third-party.  Data on a server, TOR or otherwise, 
would by definition be data that is stored by a third party.  Which means that 
if there is a person of interest (POI), it would not be terribly hard to get at 
personal information about the POI that is not on their own private machines.

(Here is an article we wrote about that:  
http://www.theinternetpatrol.com/no-warrant-necessary-for-law-enforcement-to-access-data-stored-in-the-cloud/
 )

 Not a lawyer.

Is a lawyer, but hasn't been following this thread.  That said, if there are 
specific questions, I'd be happy to answer them if I can.

Anne

Anne P. Mitchell, Esq
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee



Re: Copyright infringement notice

2012-08-23 Thread Anne P. Mitchell, Esq.

 
 
 The 6 strikes system doesn't kick in til Jan 2013 AFAIK.

My understanding was that it started kicking in last month, but in any event, 
for whomever sent the original poster the complaint, it's clearly in effect now.

 
 Does the legal letter make any kind of demand? Usually the sender (aka 
 copyright troll - a technical term) will be looking for personal info to 
 associate with the IP in order to institute a shakedown of some nature. IANAL 
 but I believe one can wait for a subpoena, and even then it's not open and 
 closed.

Actually under the copyright alert scheme, the ISPs specifically are *not* to 
give up personal information, they are simply to take the IP address being 
reported as downloading copyrighted material, and determine *internally* who 
the user is, and then send the user the copyright alert, *without* sharing with 
the accuser who the user is.  

And yes, in order to share user information forward-facing, one not only can - 
but one *should* - insist on a subpoena, as that will protect you from breach 
and invasion of privacy allegations by your own users (assuming your TOS, as it 
should, says something like we will not share your private information 
*unless* required to by law  (and, IAAL :-) ).

Anne

Anne P. Mitchell, Esq
CEO/President
Institute for Social Internet Public Policy
http://www.ISIPP.com 
Member, Cal. Bar Cyberspace Law Committee

How do you get legitimate email through in a spam-filtered world?  SuretyMail!
Helping businesses get their email delivered to the inbox since 1998
http://www.isipp.com/SuretyMail

Author, They're Your Kids Too:  The Single Father's Guide to Defending Your 
Fatherhood in a Broken Family Law System 
http://www.amazon.com/Theyre-Your-Kids-Too-Fatherhood/dp/061551443X