Re: [ProgSoc] Progsoc AUP

[Matt Beauregard <marauder@nospam.marauder.tm>]

On Fri, May 12, 2000 at 07:18:28PM +1000, Christian Kent wrote:
> On Fri, 12 May 2000, Matt Beauregard wrote:
> 
> > A company I know of has a policy about swearwords in inbound emails --
> > they get rejected by the mail server.  Would you close somebody's
> > account if the postmaster complained that he used "fuck" in an email
> > to a mate who worked there?
> 
> Unfortunately you have to draw the line somewhere.  Let's remember that
> repeated incidents, where cautions have been issued, are much more serious
> than one-off such incidents.  Now if one of our members is continually
> sending abusive emails, from her ProgSoc account, to someone in another
> company, and the company informs the ProgSoc Exec that this is not
> acceptable, what do the Exec do?  Nothing?

If one of our customers did this, we would check our own AUP which our
customers have seen and signed, and see whether we have any recourse.
Naturally we do: our T&C lets us can people for abusive or spam
emails.   There's no way we'd say "uhm, we've just had a call from Joe
over at RoyalSun, and apparently naughty words are against their rules
so we're going to cut you off now..."

> > AUPs define what people with special privileges on a network have to
> > do/not do in order to keep their privileges.  They don't define what
> > members of the visiting public can/can't do.  It doesn't make sense to
> 
> No but that's no excuse to go beyond the bounds of the law and/or good
> taste and anything else in between.  

...so hidden at the very start of that brilliant non-sequitur, you at
least agree that AUPs have nothing to do with progsoc people doing
general-public things on other people's networks.  What *does* have
something to do with progsoc people doing public things is the Progsoc
AUP and various bits of law.  

> sledgehammer, it won't be imposed often at all ... thankfully.  The
> reaction to breaking the AUP is much more subtle and might have to be used
> where a member brings the Society into disrepute.

What, bullet-point 5 of our own AUP (Any activity likely to bring
ProgSoc into disrepute) doesn't adequately rule out activities which
bring progsoc into disrepute?

> > expect progsoccers to comply with arbitrary policies on arbitrary
> > networks, policies that they've never seen, signed or otherwise agreed
> > to, even assuming that the network has policies which cover random
> 
> OK, simple solution ... find a spot in this part of the AUP where we can
> insert the words "reasonably expect to know".

The only reasonable expectation upon anyone as to a document that
they've never seen is "no knowledge".  I would suggest that if we want
to rule out certain behaviour from people on the progsoc network, we
actually rule it out in the AUP, rather than letting random
administrators and PHBs out there decide for us.  That said, the
current AUP prohibits anything illegal, fraudulent, disreputable,
insecure, disruptive, tools for same and assisting same.  With that
little list I don't know if you'd even be allowed to scratch your arse
in a furtive manner and still keep your account -- what activity in
particular do you think we're letting slip through?

> > unknown visitors.  And, if a progsoccer has agreed to an AUP in exchange
> > for special privileges on another network, enforcement of that AUP and
> > revocation of privileges falls to that remote network, not progsoc.
> 
> Um, unfortunately, what happens if the Exec don't react (in a strong case)
> where a member is abusing the systems of someone else?  They probably
> react to the whole of ProgSoc and firewall the lot of us, and pass
> word around.  I don't particularly want that.  In fact that's the reaction
> we have to take if a member is doing suspicious activity on another
> network and we don't know which member

Another non-sequitur which completely ignores the actual situation I
raised.  We're not talking about generic suspicious activity partially
uncovered by the sight-beyond-sight capabilities of the Exec, we're
talking about abuse of a specially granted privilege.  This is the
only situation in which a progsoc person need know about and follow a
remote network's AUP (because he's agreed to it in exchange for a
privilege) and the fact that he's from progsoc is totally incidental.

Progsoc DOES NOT need to enforce remote AUPs on behalf of remote
networks.  The remote network is entirely capable of enforcing them,
applying whatever penalties the abuser agreed to, and maybe contacting
progsoc if the user was being a real twerp.  Progsoc can then see
whether the user's activities violated progsoc's OWN AUP and take
extra action accordingly.  

Basically it all comes down to
 - our AUP forbids absolutely everything anyone could possibly do
 wrong ever
 - hence, we don't need to pull in extra prohibitions from other
 people's AUPs
 - anyway, it's not our business to do so
 - and, unless the user has actually agreed to the AUP of the remote
 site it would be thoroughly wrong for progsoc to subject him to it.


-- 
Rev Dr Matt Beauregard
Professional entropist and all-round family man
Available for children's parties

--
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.

This list is archived at <http://www.progsoc.uts.edu.au/lists/progsoc/>