nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]

From: Owen DeLong <owen () delong com>
Date: Wed, 9 Jun 2010 04:14:53 -0700

On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To cut through the noise and non-relevant discussion, let's see if we can
boil this down to a couple of issues:

1. Should ISPs be responsible for abuse from within their customer base?


        Yes, but, there should be an exemption from liability for ISPs that take
        action to resolve the situation within 24 hours of first awareness (by
        either internal detection or external report).


1a. If so, how?


        Unless exempt as I suggested above, they should be financially liable
        for the cleanup costs and damages to all affected systems.

        They should be entitled to recover these costs from the responsible
        customer through a process like subrogation.


2. Should hosting providers also be held responsible for customers who
abuse their services in a criminal manner?


        Absolutely, with the same exemptions specified above.


2.a If so, how?


        See my answer to 1a above.


I think anyone in their right mind would agree that if a provider see
criminal activity, they should take action, no?


Yes.


If that also holds true, then why doesn't it happen?


Because we don't inflict any form of liability or penalty when they fail to do so.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: