New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Just occurred to me what would be the perfect middle ground solution that I danced around in my last post but didn't land on it.
We lobby for governments to recognize sub leased datacenter space. Vps providers have to play middle man to the client and the datacenter, effectively giving the datacenter records of who leases property in their facility, so that the datacenter can properly assign liability to the true tenant. This would likely require real contact information and a signed lease. A lot of people wouldn't like that. However, if the expectation is for the sub-tenant to have rights similar to someone renting an apartment or a hotel room, they should be subject to the same privacy as someone in those cases. That privacy meaning that the physical property owner (if just the building, the datacenter is a property owner) should have records of the tenant and where that tenant resides. As VPS providers are commonly not on site, it stands to reason even more that the datacenter should have the required information if necessary.
As I see it, one cannot have the rights of a renter without the responsibility of a renter. If the expectations of rights are the same, so should the expectations of the necessary requirements to step into those rights. This would make you think twice about choosing a provider, but shouldn't we all be careful in selecting who we host with?
@jarland that's not really middle ground but dangerous idea which would most likely kill or atleast cripple your business and force you to move servers to lets say Canada or EU instead US DC (just example). Can you imagine advantage of providers in some Canada or/and EU (locations again picked just as example) without those restrictions?
@Spirit I'm not really a fan of the idea, but it's the only way I see for the law to walk past a provider, grab their client, and leave them unharmed. Much like as was mentioned, a hotel or apartment owner. Because when they approach either of those places, the records reside at that location as to how to identify the individual. For vps to be identical and treated the same, the records would need to reside there.
I don't like it, but that seems to me the proper way to accomplish the result I am gathering is desired. It would be just like if you rented a room out of your house and you shared an Internet connection. Unless the ISP had a record of them, you would be considered guilty of all actions on that connection unless proven otherwise.
That should happen in any situation, be it renting a server or a VM.
One thing that wasnt outlined so far is the provider with own IP space and this is the case of ramhost, the law cannot hold responsible the datacenter in any way, especially if ramhost has direct contract with the carriers and it doesnt pass through the DCs infrastructure. In this case, the DC is merely the land upon which ramhost built its hotel, not only has no responsibility, but should not be involved at all since cannot help with anything (no mac to indicate the right server, no way to intercept and log traffic), only can say on which streets (plots of land) are ramhost's hotels located.
Lets say ramhost WAS covering up, do you think this would be the only incident ? I mean, any investigator has a list of IPs involved, would ramhost own only one ? On the same server and same location ?
I mean, a crime ring using ramhost as a frontend will certainly have more than just one or two problem IPs.
It is obvious in the first hour of any investigation of online crime if the provider is involved or not for almost all IPs (some might need more time, but not more than a day or two). After that, you know FOR SURE if the provider is involved or not. You do not need to get there to get the proof, you already have other proof at least indicating them, if not enough for indictment, raiding is done when you have most clues, you need only the material proof, otherwise everyone will notice and 90% of the ring is gone.
Presuming you do your job properly and dont rely on raids to fish something out, maybe, if not, well, next time...
P.S. How many raids happen at Ecatel ? Anyone knows ?
I don't think you can ever know for sure. You outlined reasonable scenarios, but if you define reasonable in such a case then you easily tell criminals what rules to follow to stay under the radar. For example, they might run a full operation and only use one IP for something illegal. I can't say. Who knows what someone would do. You and I know what people realistically do, but no so much that we'd document it as fact saying "This is the only way it would be done."
There would have to be a way to externally identify the responsible party. Not just "Doesn't type like the guy on the IP contact, uses a different handle, must not be him." There's reasonable deduction and there's court admissible facts. Two different things. The law shouldn't feel, it should be even handed. Allowing them to make assumptions is dangerous territory. So for identifying the individual... For an apartment, it's the lease, and a physically visible door. That lease is recognized by law and regulated with safeguards for both parties. This isn't on par with what we do with our clients. It could be, were a framework put in place and the law to demand it. Currently I don't believe we are all compliant with sufficient standards for the government to be justified in treating us that way.
Not really, I merely stated why OTHER scenarios are much more unlikely, such as ramhost conspiring with criminals or most hosts for that matter. And if you say they will setup one big host to only use one IP...
No, what I outline is indeed reasonable, what the police did doesnt fit any of these.
Perhaps some ppl find it at least possible if not reasonable to have a relatively big host conspiring with criminals, I just dont buy that, it is either a sloppy operation or a setup.
As in the case of William, I hope it is a sloppy one, but there comes a time when you ask yourself when will they learn and if they want to learn something after each blunder.
Again though, not sufficient for a legal framework. The fact that you think it's unreasonable and should be excluded is exactly what would make it attractive for such a purpose. If you think you know what criminals will be doing in 5 years, you're assuming. Laws shouldn't assume. Nor should they be easily changed at a moments notice. Easily changed law is as good as tyranny.
That's why you need an even handed blanket policy that best suits the task at hand so that training, funding, and maximum effectiveness can all meet in the middle. You can't just feel it out. You can't just think one party is worth writing out. The policy will never satisfy both sides, just a fact of life. You have to decide who you believe deserves the upper hand. You say hosts, I say court. That's where the split occurs.
Actually, I agree with court. The problem is that police is abusing the limited knowledge of judges to obtain warrants. They can have experts, but a judge has no time to educate himself in the matter, nor finds it reasonable to delay the warrant enough so he can summon an expert and find out how bogus that data is.
However, based on the rate at which this "method" really gives results (successful prosecutions) against the "collateral damage", the law should be changed.
The intercepts are more and more and the conviction rate lower and lower:
https://www.eff.org/deeplinks/2012/02/eff-tells-supreme-court-no-means-no-wiretap-act
A small quote:
"between 2001 and 2010, while there were 19,282 wiretaps authorized, only three(!) wiretap applications were denied."
This means our boys in black and blue are doing a heck of a job and every request is extremely well documented...
Not to mention the illegal wiretaps, those that were never authorized or even seen by a judge.
I can't believe this thread is still going strong.. so did Ramhost clarify what happened? is it a terrorist type thing or more a illegal torrent thing?
Providers ussing DDoSes to attack other providers, the state using intimidation to force small, hard to control providers to do their policing or out of business, those are themes bound to strike a nerve.
It will hit all small providers sooner or later, no matter how "compliant" some are, their only hope is not to draw the short straw.
In turn, this hurts consumers and freedom for everyone, so it is a highly important theme.
@earl Mostly just friendly discussion still. RamHost doesn't really have any more information than they shared originally, as far as I know.
Yeah, we should all be on the same side here, but even when not, hitting low, calling names, insulting, threatening is not going to do any good to anyone.
It's just a philosophical difference at most.
Those are the hardest to solve
It is so easy to turn into ideologies and then become the ultimate truth worth dying for :P
So better never try, we are stronger when we are different and, most of all, think differently...
Oh that's too bad would be interesting to know more..
No doubt, you can feel how opinionated people are..
Just so you know, even if you rent an entire cage in a datacenter, you typically don't get rights like that.
The rights a typical datacenter tenant has are more like the rights you get if you rent a storage garage.
Yes, this is correct, although I'm happy to chime in if anyone wants me too.
Only ISPs are protected by safe harbor. Under German law, ramhost was not an ISP.
To be recognized as an ISP in Germany they must be in this list:
http://www.bundesnetzagentur.de/DE/Sachgebiete/Telekommunikation/RegulierungTelekommunikation/Meldepflicht/VeroeffentlichungTKAnbieter_Basepage.html?nn=146838
The first PDF on the web page.
OK, but both DMCA and ramhost are from US, when i was pointing to DMCA was to show that isp should and have safe harbour under the law provided they respect some provisions.
If US lobbysts werent able to take that out, maybe there is something like that in the EU law too ? I mean hosts/carriers are not responsible for their users actions ?
Otherwise why would Mega host in Germany ? Suicide ?
You know, this place needs more RamHost talk in general. Once common name, now almost never talked about. In their last round of yearly stock I picked up one and I've been thoroughly impressed by their unique user experience. Granted, their periods without stock seem to last quite a while
Edit: Scratch that, looks like TinyVZ is in stock. I always look at the main site.
@Mao true, DMCA is a US thing. Replace the word DMCA with the equivalent for the EU (yes, thee is one).
In short - to be protected and recognized as a host / carrier you need to register with some government body for regulations of communications - at least this is the case here, and it seems also in Germany. I guess there is a similar law in every EU country.
Yep, havent heard in some time, almost forgot.