Posted by ScuttleMonkey on Monday May 18, @10:01AM
from the just-let-everyone-fight-to-the-death dept.
Then I thought more about the consequences of the rule that I was implicitly advocating by making that argument. Obviously, if an ISP has a policy of removing a user's page if some third party merely complains that the page is impersonating them, then one of your enemies could get your page removed by filing a complaint saying that they were really "you", and that your page was impersonating them. But if the ISP has a policy of not acting on such complaints, then someone could create a user account pretending to be you, and you wouldn't be able to get it removed.
In both cases, there are two problems. One is the fact that the ISP has to have a way to figure out who is telling the truth. The second is that the solution has to scale well, even for a company like Yahoo that probably gets so many complaints about user conduct every day that it would be impossible to read them all. It should be possible for genuine complaints about impostors, to reach the attention of the right people and get an account closed, without accounts being shut down because of (a) people who file complaints about 'rude behavior' that get unintentionally mixed in with 'impostor' complaints by someone who is too overworked to read them all very carefully; or (b) people who file outright false complaints that a given account is an 'impostor', just to get it shut down; or (c) people who are really sneaky, and file complaints about things like rude behavior, but who craft the complaints in a way that is deliberately designed to get them mixed in with the 'impostor' reports, in order to get the account shut down (this way, if the complainer ever sued or otherwise confronted about the complaint that they filed, they can say that they "didn't lie"!).
It's hard to think of a solution that covers all of these bases. For example, John Morris of the Center for Democracy and Technology explained how many ISPs use faxed driver's licenses to decide impersonation complaints:
In many cases involving real people, the challenged site (whether it is a legit site or a bogus site) contains one or more photographs of the person involved. What service providers do in this case is to get the person to submit a copy of their driver's license, and the provider decides whether the person submitting the license is the same person depicted in the photos. And if so, that person is the one who can control whether the site stays up or not. This works in lots of cases (because pictures are often, but certainly not always, involved).
The problem is that even this could be abused when used against a company like Yahoo that handles an extremely high volume of complaints. Suppose that Yahoo publishes a standard procedure for submitting complaints about impersonation, that includes the requirement of a faxed driver's license. Abusers of the system would figure this out, and they could start filing "complaints" against users and websites by faxing in complaint letters along with a copy of their driver's license, where the letters were not complaints about impersonation at all, but just bogus complaints about other things like "This guy was mean to me". Because the driver's license accompanying the letter is real and the statements in the letter are true (or at least a matter of opinion), the complainer can't be accused of lying or forging government documents. And if anyone ever challenged them and asked, "Why did you send your driver's license with the complaint letter? Weren't you trying to trick the ISP into thinking that this was an impersonation complaint so they would take it seriously?", the complainer could play dumb and say, "Well, I heard that if you file a complaint against someone, you're supposed to fax your driver's license with it." But if Yahoo is still getting too many messages to sort through them carefully, some of these crank complaints could still get users' accounts shut down.
No comments:
Post a Comment