Re: Google Docs abuse

[Jeffrey Schiller <jis () MIT EDU>]

On Fri, Jul 20, 2012 at 5:03 PM, Bob Bayn <bob.bayn () usu edu> wrote:

>  ...
> It also seems like Google should have the tools and capacity to intervene
> automatically when someone makes a form that looks like a password
> collector.  Or they could send us the entries for our domain when they
> decide to respond to an abuse complaint.

Having Google automatically intervene when something "looks" like a
password collector would be a horrible precedent. They should investigate
forms when an abuse complaint is made. If the complaint is for an "apps"
domain they should notify the administrator, which should respond in some
reasonable period of time.

If Google has multiple complaints about a particular Apps domain, and that
domain's administrator(s) fail to respond, then they should take action.
That action should be spelled out in the contract for the Apps domain.

We should not expect someone (or worse, someTHING) at Google to act as
prosecutor, judge, jury and executioner. Just as we don't give the police
that power in the non-cyber world.

Yes, this means that some phishing sites will be up for longer then we
might like, but that ultimately is the cost of due process.

Because this is a security list, we should remember that one of the
important security goals is "availability". Google should not make your
services unavailable without careful consideration.

-Jeff

-- 
_______________________________________________________________________
Jeffrey I. Schiller
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room E17-110A
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
http://jis.qyv.name
_______________________________________________________________________