Abstract
We consider a number of notice and take-down regimes for Internet content. These differ in the incentives for removal, the legal framework for compelling action, and the speed at which material is removed. By measuring how quickly various types of content are removed, we determine that the requester’s incentives outweigh all other factors, from the penalties available, to the methods used to obstruct take-down.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
In this chapter we cite UK cases; similar developments occurred in the US, Australia and other jurisdictions.
- 2.
It would be possible to give numerous instances of sites that have migrated to the US, however we have not provided any examples of this alternative type of ‘forum shopping’ because the authors are currently residing in the UK. In this jurisdiction there is some case law about providing pointers to defamatory material: in Hird v. Wood 1894, the court held that the defendant had defamed the plaintiff by merely standing on a road and mutely pointing out a path which, if followed, allowed one to view a notice on which a defamatory statement had been written, even though the authorship of that statement was never proved.
- 3.
The International Association of Internet Hotlines: http://www.inhope.org
- 4.
The data provided by the IWF presents numerous difficulties whenever images reappear on the same website. Using the sanitised data they made available, it is impossible to distinguish between similar and distinct removals on the same website.
- 5.
For a detailed account of our ‘feeds’ of URLs of phishing websites and our monitoring system, we refer the interested reader to (Moore 2008; Moore and Clayton 2007; Moore and Clayton 2008). In the current context, the key point is that because we receive data from a number of disparate sources, we believe that our database of URLs is one of the most comprehensive available, and the overwhelming majority of phishing websites will come to our attention.
- 6.
While our method for identifying compromised websites from the structure of phishing URLs has confirmed 193 websites, there are additional websites that we have not yet verified. Hence, the 193 websites should be viewed as a sample of a significantly larger population of compromised websites.
- 7.
- 8.
Occasionally the legitimate escrow service escrow.com goes after fake sites that infringe upon their brand. Of course, additional volunteer groups may be operating, but we are unaware of any.
- 9.
- 10.
We use the standard formula for capture-recapture:
$$ \frac{{|sample1| \times |sample2|}}{{|overlap|}} $$Our data does not satisfy all of assumptions necessary for this formula to hold – notably the population is dynamic, with sites appearing and disappearing. (Weaver and Collins 2007) computed the overlap between two phishing feeds and applied capture-recapture analysis to estimate the number of overall phishing attacks. They discuss how the capture-recapture assumptions can be accommodated for phishing. We leave deriving a more accurate estimate to future work.
- 11.
- 12.
- 13.
- 14.
AOL Feedback Loop Information: http://postmaster.aol.com/fbl/
- 15.
Microsoft Smart Network Data Services: https://postmaster.live.com/snds/
- 16.
Financial Services Technology Consortium: http://www.fstc.org; Financial Services Information Sharing and Analysis Center: http://www.fsisac.com; Association for Payment Clearing Services: http://www.apacs.org.uk; Anti-PhishingWorking Group: http://www.antiphishing.org.
- 17.
- 18.
In this chapter we have not considered whether ‘take-down’ of child sexual abuse images is the optimal strategy. It could be argued that the correct approach is to locate the people behind the websites and that removing websites merely leads to a ‘whack-a-mole’ game that rapidly removes individual websites without decreasing the availability of the material. The attention that has recently been paid to site lifetimes in the IWF annual reports indicates that removal is now seen by them to be important. However (Callanan 2007) found that only 11% of all websites are reported to ISPs by member hotlines. They wish “not to interfere with any ongoing lawenforcement investigation” and say that “depending on national legislation, the ISPsometimes prefers not to be informed about potentially illegal content.” We do not understand this comment, unless it refers to the necessity, in some jurisdictions, for the ISP to make a report to the authorities.
References
Ahlert, C., Marsden, C., and Yung, C. “How ‘Liberty’ Disappeared from Cyberspace: The Mystery Shopper Tests Internet Content Self-regulation,” 2004, http://pcmlp.socleg.ox.ac.uk/text/ liberty.pdf
Anderson, R., Böhme, R., Clayton, R., and Moore, T. “Security Economics and the Internal Market,” ENISA, January 2008, http://www.enisa.europa.eu/doc/pdf/report_sec_econ_&_int_mark_20080131.pdf
Callanan, C., and Frydas, N.P. “2007 Global Internet Trend Report,” INHOPE, September 2007, https://www.inhope.org/en/system/files/inhope_global_internet_trend_report_v1.0.pdf
Clayton, R. “Judge and Jury? How ‘Notice & Take Down’ Gives ISPs an Unwanted Role in Applying the Law to the Internet,” July 2000, http://www.cl.cam.ac.uk/~rnc1/Judge_and_ Jury.pdf
Dagon, D., Zou, C.C., and Lee, W. “Modelling BotnetPropagation Using Time Zones,” in 13th Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2006, pp. 235–249.
Enright, B. “Exposing Stormworm,” October 2007, http://noh.ucsd.edu/~bmenright/exposing_ storm.ppt
Franklin, J., Paxson, V., Perrig, A., and Savage, S. “An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants,” in 14th ACM Conference on Computer and Communications Security (CCS’07), Alexandria, Virginia, October 2007, pp. 375–388.
Honeynet Project and Research Alliance. “Know Your Enemy: Fast-flux Service Networks, an Ever Changing Enemy,” July 2007, http://www.honeynet.org/papers/ff/fast-flux.pdf
House of Lords Science and Technology Committee. Personal Internet Security, 5th Report of Session 2006–07, The Stationery Office, London, August 2007.
Internet Watch Foundation. 2006 Half-yearly Report, IWF, July 2006, http://www.iwf.org.uk/documents/20060803_2006_bi-annual_report_v7_final4.pdf
Internet Watch Foundation. “IWF Reveals 10 Year Statistics on Child Abuse Images Online,” Press Release, IWF, October 2006. http://www.iwf.org.uk/media/news.archive-2006.179.htm
Internet Watch Foundation. “IWF Reports Increased Severity of Online Child Abuse Content,” Press Release, IWF, April 2007, http://www.iwf.org.uk/media/news.archive-2007.196.htm
Internet Watch Foundation. “2007 Annual and Charity Report,” IWF, April 2008. http://www.iwf.org.uk/documents/20080417_iwf_annual_report_2007_(web).pdf
McMillan, R. “‘Rock Phish’ Blamed for Surge in Phishing,” InfoWorld (12 December), 2006, http://www.infoworld.com/article/06/12/12/HNrockphish_1.html
Moore, T. “Cooperative Attack and Defense in Distributed Networks,” Tech Report UCAM-CL-TR-718, Computer Laboratory, University of Cambridge, June 2008.
Moore, T., and Clayton, R. “Examining the Impact of Website Take-down on Phishing,” in Anti-Phishing Working Group eCrime Researcher’s Summit (APWG eCrime), Pittsburgh, Pennsylvania, October 2007, pp. 1–13.
Moore, T., and Clayton, R. “Evaluating the Wisdom of Crowds in Assessing PhishingWebsites,” in 12th International Financial Cryptography and Data Security Conference (FC 2008), Tsudik, G. (Ed.), LNCS 5143, Springer-Verlag, Berlin, Germany, 2008, pp. 16–30.
Moore, T., and Clayton, R. “Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing”, in submission, June 2008.
Morland J. “Laurence Godfrey v. Demon Internet Limited. Case No: 1998-G-No 30,” March 1999. http://www.hmcourts-service.gov.uk/judgmentsfiles/j932/godfrey2.htm
Nas, S. “The Multatuli Project: ISPNotice & Take Down,” in SANE, October 2004. http://www.bof.nl/docs/researchpaperSANE.pdf
Serjantov, A., and Clayton, R. “Modelling Incentives for Email Blocking Strategies,” in 4th Workshop on the Economics of Information Security (WEIS), Cambridge, Massachusetts, June 2005.
Spamhaus. “Report on the Criminal ‘Rock Phish’ Domains Registered at nic.at,” Press Release, Spamhaus, June 2007. http://www.spamhaus.org/organization/statement.lasso?ref=7
Thomas, R., and Martin, J. “The Underground Economy: Priceless,” USENIX ;login (31:6), December 2006, pp. 7–16.
United Kingdom Government. “The Government Reply to the Fifth Report from the House of Lords Science and Technology Committee Session 2006–07 HL Paper 165 Personal Internet Security,” Cm7234, The Stationery Office, London, October 2007.
Weaver, R., and Collins, M. “Fishing for Phishes: Applying Capture-recapture to Phishing,” in Anti-Phishing Working Group eCrime Researcher’s Summit (APWG eCrime), Pittsburgh, Pennsylvania, October 2007, pp. 14–25.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Moore, T., Clayton, R. (2009). The Impact of Incentives on Notice and Take-down. In: Johnson, M.E. (eds) Managing Information Risk and the Economics of Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09762-6_10
Download citation
DOI: https://doi.org/10.1007/978-0-387-09762-6_10
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09761-9
Online ISBN: 978-0-387-09762-6
eBook Packages: Computer ScienceComputer Science (R0)