Jon Praed is a full spire! He sees his time watching the straws. Births that work with illegal Viagra, casino, porn and phishing spam.
Many guys made money in the "gray" areas of Internet marketing. John explains how people are gradually forced to choose sides and that all aggressive things slowly go away.
If you want to get a general idea of where the Internet is going in the long run, this is an interview for verification. It was one of the most powerful and fascinating that I did.
I think you will find this interview worthy of listening.
Adrian: I am here with John Great-grandfather from the Internet Law Group. John is a rather interesting guy who has spent many years tracking down hard internet spammers and bringing them to justice. He does this on behalf of companies such as Verizon and AOL, and has won some fairly important lawsuits and judgments about decent size. John, thank you for joining us. Could you tell us a little about who you are?
John: Thank you for inviting me to Adrian. I am a boy in the Midwest, born and raised in Indianapolis, Indiana. I now live in the suburbs of Washington, DC. I went to college in the Northwest with extensive experience in political science, and then I graduated from Yale Law.
Right from law school, I contacted District District Judge John Tinder, who was recently raised to Seventh Circuit, and then to Indiana High Court Randy Shepard. After my clerks, I practiced privately as a lawyer with Latham and Watkins in California and Washington, DC. I also worked for two years on Capitol Hill as the main board of the Chamber's subcommittee on regulatory issues.
I have been involved in cyber litigation over the past 10 years. I realized when some internet providers turned to Latham to take on this newfangled problem called spam. At that time, no one understood how great it would be and what predecessor it would be in the whole world of cybercrime. I was assigned to this case, quickly fell in love with it and came up with some innovative ways to serve the client, marrying our ability to crack huge amounts of data with our ability to provide legal services to solve this problem.
I left Latham & Watkins to start an online legal group where we represent any corporate victim of fundamental, systemic, serial cyber-fraud, wherever it faces a counterfeit problem with pharmaceutical companies, phishers following the bank’s clients, or postal companies who are trying to solve problems with incoming or outgoing spam. In short, we are looking for ways to bring strategic action against cybercriminals and go after any type of fraudulent Internet activity.
Cybercrime in the past 10 years has indeed transformed from a petty crime, and the big Americans, who were geeks while, were caught up in an extremely complex international criminal network. The bad guys we chase are extremely talented and go to great lengths to hide their activity.
They also exploit the inefficiencies that arise from abroad. They move their physical bodies, their computers, and their connection to places that it is difficult for us in the West to touch and extradite. They also move their money to places where it is difficult for us to freeze.
Adrian: What are some of the serious cybercrime cases you are associated with?
John: We had several cases that were prosecuted and produced published opinions that influenced the world of cybercrime. In 2001, we published a solution in a case that we bought for America Online on an adult website called Cyber Entertainment Network in 1999.
AOL sued the Cyber Entertainment Network, based on the principle of careless access and careless hiring and retention. The lawsuit stated that they retained membership organizations that knew or should have known that they were engaged in spam in order to advertise their websites. Based on this, Cyber Entertainment Network may be liable.
We used rather aggressive technologies to collect the data we need, and established that a large amount of spam for adult content that AOL was watching at the time was due to the fact that spammers advertised one of several adult-controlled sites Cyber Entertainment Network.
Adrian: It was believed that affiliate marketing is not legal. I know this is an important part of online commerce. Where do you stand on this issue?
John: A properly functioning affiliate program can be extremely powerful, but it needs to be run efficiently. You must acknowledge that there is room for abuse and that you effectively outsource your advertising. You must do this with clear standards, and you need to enforce these standards.
The public injunction, which was introduced in the case of AOL against CEN, remains the best model I have ever seen in an affiliate program that needs to be launched. This order, which is public, sets out the rules that Cyber Entertainment has agreed to follow during the trial.
These simple standards are to get an identity from affiliates, establish rules, create a mechanism for receiving complaints from the public, investigate these complaints, inform the public about the results of the investigation and stop when necessary. If you do, you will have a clean affiliate program.
Adrian: What happens in phishing?
John: The phishing problem is truly integrated into the overall cybercrime problem. We are pursuing some cybercriminals who are engaged in phishing, cashing stolen credit cards and at the same time are merchants who are part of a national and international credit card system.
They are allowed to take credit cards over the Internet. They successfully process cards from consumers, sell their products and receive credit cards. The path that links their phishing actions to their trading credit card actions is an extremely long way, and a huge amount of data and sophistication are required to connect the points.
A number of reporting websites use phishing type data. We work with reportphish.org, where we receive reports mainly on fichet, as well as spam and other types of fraudulent activities that we can report. You can also register on this website and receive a unique email address, which you can then use to send your specific reports so that they are marked as incoming from each registered user.
Adrian: What are your prospects for filtering?
John: The problem with the block-it strategy, filter-it, which we have adopted today, is that the bad guys have to go through once to win. If you block them 99 times, they will do it 100 times. You are in a constant arms race in the technological space, which we will inevitably lose.
We have relied on technology for too long, not realizing how the legal process can repeat what the technology can do. We can fix one component, but three new exploits are constantly opening. The total amount of spam on the Internet is still growing, and I do not see this trend changing by itself for a long time.
This goes beyond spam. The number of new viruses, exploits, keyboard recorders and much more is simply increasing. The criminal enterprise behind it is becoming increasingly sophisticated and skilled in finding a way to monetize the data they can capture with these types of exploits.
Adrian: You mentioned that cybercriminals are moving ashore. What are they doing?
John: Many of the most difficult of them move to places where they are physically isolated from law enforcement. They are looking for places where they can pay local authorities for providing protection from law enforcement officials and against extradition.
Most of our work comes down to associating identity with these Internet access points, and then marrying pre-existing laws that make these cyber crimes criminal. They all break tax laws. They violate money laundering laws. They violate all kinds of laws on the importation of goods. It’s not hard to find something illegal that they do. The trick is to know who they are.
In essence, what we are trying to do as a worldview is to create boundaries, be it technical or physical, which allow us to check whether its Internet cyber packages are or money transactions.
You can tighten the border and completely trim the border. Over the next decade, we will more often be confronted with a real blacklist with certain types of traffic, be it the flow of people, money or information. There will be boundaries that are simply not porous and do not miss information.
Adrian: The concept that the country's Internet traffic will be simply blocked is almost hard to believe. Do you think that this will happen at a time when the United States says: “The Dominican Republic, we close you from the Internet until you make sure that your country is completely clean, and as soon as you clean up, we will come back.
John: Of course. The binary solution to completely disable the valve will occur in the margins, but between all open and closed, you have an infinite range of controls that you can install. Many of them are designed for simple determination of costs and obligations to solve a problem for those people who are best suited to solve a problem.
The post-9/11 world makes everyone a consumer and, as a citizen, understands: "I can't wait for my government to fix all the problems there." As humans, we have a duty, a duty, the right and the ability to activate and eliminate these problems.
I don’t know if this is just a binary solution from the cold, either to fix it immediately, or to get dark, but there will be such pressure to isolate the problem and put the responsibility on the people who control these access points to clear their act. This is the same as clearing the affiliate model.
We could not go for the Cyber Entertainment Network until we know that the advertised websites are all controlled in one way or another by the Cyber Entertainment Network. After you make this connection, it’s safe to easily find the ultimate owner and say, “You have a problem.
Adrian: It's hard to hear, because there are so many good people here in the Dominican Republic, and some of them are just in poverty. This is the material that pushes them even further, but I understand why you are doing it.
John: You can view it, how to repel it, but you can also view it as contributing to them. This gives them the right to control their own destiny and the obligation to do so. We need to avoid creating systemic mechanisms that encourage and encourage races to the bottom, and I’m not afraid that the Internet as a whole, given the power of anonymity and the ability to do things in an automatic way, creates, at some level, a race to the bottom.
For example, good companies depend on legal mechanisms to enable them to invest hundreds of millions of dollars in the development of a new drug, but if they cannot pay for this cost, we are not going to develop new drugs. Now they are challenged by bad guys who sell fakes, fakes or generics made from countries that do not recognize patent rights. These counterfeiters, who previously had to sell their goods from the back of a truck, now have access through spam and other types of advertising to billions of eyeballs around the world.
If you have a system problem, which is a race to the bottom, you need to find other mechanisms that scroll it differently, like races to the top. You must create jurisdictions that are defined by boundaries, where boundaries are justified, and you must create these jurisdictions with rules that encourage races to the top.
We then protect those systems that act as countermeasures to these races at the bottom, share those jurisdictions that suffer from the races at the bottom, and isolate their problems within themselves so that they are encouraged to cleanse themselves so that they can reunite with the rest of the world.
Adrian: This is a fascinating idea. This concept of a race at the top is one of the most useful ideas I've heard. Where can I find out more about this?
John: One of my classmates, Jack Goldsmith, wrote a book called “Who Controls the Internet? This provides a refreshing and realistic look at how jurisdiction retains power over the mud that they control. It is refreshing to see that even the Internet is subject to these sections of real political notions of power and control. There are also books on cybersecurity and cyber relations, such as The Law and Economics of Cybersecurity, by Mark Grady, ed. 2005. This will lead to a lot of this, because many of these systemic problems will be “How can we monetize the intrinsic value of the Internet?” The Internet may be new, but the concept of creating systems that encourage race to the top, not to the bottom, not to new
Adrian: Go back to your company, how do you specifically help the company?
John: We use our technology to collect data. We also have channels from clients from the public and private sectors that tell us about websites and ads. We then spider the web to capture all the data that we need to get an identity. We sort this data and look for common features. Then, through covert purchases, informal investigative efforts, and formal discovery efforts, we get a real identity on the bad guys and those who give them.
This is intended to work towards a solid identity, who these bad guys are. We can identify their real names, their real bank accounts and the real areas they use. We identify the merchant accounts they use to process credit cards, and we do this general work of a sorter on a paid basis for our clients.
For example, for X dollars a month, we will receive information about what a particular drug is advertised in spam, provide the client with our analysis of the upper fingerprints that we see in this data mass, and show them the way they can take to determine the responsible persons . They can then hire us to do the extra work necessary to pursue it until its completion.
As part of our standard duty, we also provide access to all other information we received through any other job. Our clients agree that we can share the data we receive about the bad guys with all of our clients, no matter what kind of client we acquired on behalf of. Our clients acknowledge and agree that cybercrime is a common enemy and that it is better to protect them when they exchange information about their enemy throughout the space.
Customer identity remains inviolable. We do not identify customers publicly, unless we must do so when filing lawsuits or in other ways. We can inform client X that client Y was the victim of the same serial cheater on the same day and at about the same time, so that clients X and Y could know that someone else was interested in catching that person.
Then they can decide whether they want to unite through us and either remain anonymous or actually identify themselves with each other and, by combining resources, come up with a strategic solution to the problem much faster than they could do by themselves,