[Imc] Proposal To Address Website Abuse

Tue Dec 11 01:51:44 UTC 2001

There will be a special meeting of the Tech group at 7pm Wed. at the IMC
to discuss a proposal (below) to address issues of persistent website
abuse (e.g. "Meade") that cannot be resolved by other means. Your input
is important, so please attend. A revised version of the proposal will
be presented for a decision at Sunday's (Dec. 16) Steering group
meeting. If implemented, it will address specfically the "Meade" issue
for what we hope will be a very rare occassion in the future.
Mike Lehman

U-C IMC Website Abuse Abatement Proposal
As a means of insuring the privacy of U-C IMC website in users, we do
not regularly log website users. On rare occasions, abuse of the website
may require temporary logging of IP address information in order to
identify sources of abuse with the objective of taking measures to end
such abuse. This document establishes procedures to identify abusers,
while ensuring the privacy of other users.

1.  Issues of persistent abuse of the U-C IMC are to be brought to the
Steering group, which will convene a meeting to decide whether a
reported incident warrants investigation with the aim of ending the
abuse. Implementation of measures to identify abusers will be made using
the established IMC decision making procedures.

2.  Notice will normally be given five days in advance of such a
meeting, except when the emergency procedure is invoked (see below.)

3.  The Steering group will be advised by Technical group
representatives and other qualified persons for technical advice on
implementation of investigations of abuse.

4.   In a case where the system administrator shall determine that a
denial of service attack is underway that denies use of the IMC website
to users, the system administrator can make an emergency determination
to identify and resolve the source of such an attack, so long as the IMC
is notified as soon as possible that this procedure has been invoked.

5.  All retention of logs of IPs to identify individual abusers of the
IMC website will be done in such a manner as to preserve the privacy of
users. Logging will be temporary and conducted in such a manner as
agreed to by the Steering group. Logs obtained will only be retained for
a long enough period so that action can be taken post-incident to
preserve relevant information. All logs will be regularly dumped at
intervals as they accumulate (12 hours has been suggested, although this
period may vary depending on requirements) and rendered useless when
they have been determined to serve no probative value.

6.  Logs which contain relevant information will have that information
segregated from non-abuser information. Non-abuser information contained
in these logs will then be dumped and rendered useless. All non-abuser
information is considered strictly confidential.

7.  Only abusers specifically identified by the Steering group may have
information gathered about them. Information obtained on abusers will be
preserved in a confidential and secure manner, until the Steering group
specifically authorizes public release of the information. 

8.  The information on abuse may be cross-referenced against the logs in
which it was obtained from in order to identify abusers hiding under
different identities or to identify other users that may be impacted by
attempts to block an abuser.

9.  Information obtained from logging of IPs may be used as directed by
the Steering group. This may include blocking of posting from specific
IPs; contacting ISPs regarding possible violations of their terms of
service by an abuser; contacting the owner of a computer identified as
the source of abuse; or such other measures as may resolve the abuse as
authorized by the Steering group following established IMC decision
making procedures.