[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]
- Subject: ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]
- From: owen at delong.com (Owen DeLong)
- Date: Wed, 9 Jun 2010 04:14:53 -0700
- In-reply-to: <[email protected]>
- References: <[email protected]>
On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
>
> 1. Should ISPs be responsible for abuse from within their customer base?
>
Yes, but, there should be an exemption from liability for ISPs that take
action to resolve the situation within 24 hours of first awareness (by
either internal detection or external report).
> 1a. If so, how?
>
Unless exempt as I suggested above, they should be financially liable
for the cleanup costs and damages to all affected systems.
They should be entitled to recover these costs from the responsible
customer through a process like subrogation.
> 2. Should hosting providers also be held responsible for customers who
> abuse their services in a criminal manner?
>
Absolutely, with the same exemptions specified above.
> 2.a If so, how?
>
See my answer to 1a above.
> I think anyone in their right mind would agree that if a provider see
> criminal activity, they should take action, no?
>
Yes.
> If that also holds true, then why doesn't it happen?
>
Because we don't inflict any form of liability or penalty when they fail to do so.
Owen