Re: Cloudflare, dirty networks and politricks

[bzs () theworld com]

On July 30, 2016 at 10:51 owen () delong com (Owen DeLong) wrote:
> If they are using a website hosted or accelerated by your CDN to advertise
> an illegal activity or an activity in violation of your ToS, then if you
> have written your ToS properly, you are free to shut down said site (or
> at least your portions of it) based on their violation of your ToS.

Well, yes, of course, which is why I suggested developing generally
agreed upon definitions and writing them into contracts.

One can't really write a useful contract if terms aren't well defined.

> That’s not a business boycott because you didn’t conspire with their other
> providers to shut it down, you took an independent action based on your
> own ToS.

The issue arises if you shut them down when you're not the harmed or
involved party.

I don't know if one can write a ToS which says you will be shut down
if you harm another party utilizing another party's services but not
otherwise involving us. Well, you can write anything but is it lawful
and enforceable?

In some cases where that sort of thing has come up I've turned it into
a credit relationship which has greater leeway.

Something like:

  It has come to our attention that you are engaged in activities,
  even if not thus far involving our services, which might incur us
  legal fees. Consequently we require a deposit to cover those legal
  fees, in advance, of $10,000 [pick a number] with the understanding
  that any such legal fees will be billable in full even if above and
  beyond that $10,000 deposit. Since I extend you no credit a failure
  to provide that deposit by [date in the near future] will result in
  termination of services. Please feel free to contact us with any
  questions or concerns.

but consult your attorney, state and local regulations and your own
ToS and corporate organization may affect how and whether you can do
that sort of thing or exactly how it has to be architected.

If one wants to one can include demand for indemnification with
evidence of ability to indemnify and/or business insurance policies
where you've been written in as a legitimate potential claimant for
legal fees and damages assuming the business insurance policy covers
that but as I said you need a lawyer to suss that out.

They probably could still fight with you over all that if none of it
was anticipated in your ToS (hint: might be something to add to a ToS,
reserving the right to...blah blah.) Or even try to perfect an
argument based on some theory of estoppel (you changed the conditions
in a way which harms me the client.)

More likely they'll ask for time and assistance to leave your service
(in my experience), generally what you actually wanted. Buh-bye!

> There’s fairly wide latitude to “reserve the right to refuse service to
> anyone”, especially if you can show that their use of said service is
> in violation of the contract(s) applicable to that service.

Yeah well as any lawyer will tell you relying on broad principles like
that rather than specifying covenants is just asking for legal fees :-)

> Owen
>
> > On Jul 29, 2016, at 12:36 , bzs () theworld com wrote:
> >
> >
> > Unfortunately that raises the issue of what's generally termed in law
> > a "business boycott" which is at least tortiable if not illegal.
> >
> > The grocer can't agree with your landlord not to sell you food until
> > you catch up on the rent.
> >
> > They can agree to use this information to refuse you credit but even
> > that's quite constrained by law even if often done anyhow. And that's
> > a credit relationship so different.
> >
> > I went over this with my attorney when another ISP asked me to shut a
> > customer's account down because they were spamming them from a third
> > ISP's account.
> >
> > I asked to look at the emails (spam) in question and none originated
> > at our site. The acct in question on my site didn't do anything
> > problematic that I could find.
> >
> > My lawyer explained the above to me: You can't do that, business
> > boycott.
> >
> > The other ISP (specifically a sysadmin) who'd asked me to shut the
> > acct got so angry at this response, he took it all very personally and
> > unprofessionally, that I had to bring in his own legal dept to explain
> > this to him which he of course took as a further affront. It got ugly
> > but you don't need the details.
> >
> > That's the problem with all this folksy armchair "law", it's often
> > very bad advice and based on the assumption that the law must agree
> > with one's emotional feelings. Good luck with that.
> >
> > On July 29, 2016 at 08:08 rsk () gsp org (Rich Kulawiec) wrote:
> > > On Thu, Jul 28, 2016 at 11:30:12PM +0000, Donn Lasher via NANOG wrote:
> > > > If we want to be accurate about it, Cloudflare doesn???t host the DDoS,
> > > > they protect the website of seller of the product. We shouldn???t be
> > > > de-peering Cloud Flare over sites they protect any more than we would
> > > > de-peer GoDaddy over sites they host, some of which, no doubt, sell
> > > > gray/black market/illegal items/services.
> > >
> > > This strategy fails for two reasons.
> > >
> > > First, nobody gets a pass.  Anybody providing services to abusers
> > > needs to cut them off, whether it's a registrar, a web host, an email
> > > provider, a DNS provider, or anything else.  Nobody gets to shrug it
> > > off with "Well, but..."
> > >
> > > Second, nobody *can* get a pass, because the people behind these operations
> > > have long since learned to distribute their assets widely -- in an attempt
> > > to avoid exactly the actions in the first point.  And you know what?
> > > It works.  "We're just hosting their email", says X, and "We're just
> > > hosting their DNS", says Y, and "We're just hosting their web site",
> > > says Z, and none of them do anything, and nothing gets done. 
> > >
> > > The only way to make action against them effective is to do it broadly,
> > > do it swiftly, and do it permanently.
> > >
> > > ---rsk
> >
> > -- 
> >        -Barry Shein
> >
> > Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
> > Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
> > The World: Since 1989  | A Public Information Utility | *oo*

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*