* Steve Bertrand:
Anyway, if you've got a customer account that was created with a stolen credit card, and you get complaints about activity on that account from various parties, and you still don't act, this shows a rather significant level of carelessness.
Further to carelessness, this may be pushing the boundary in many places of guilt by act of omission.
I'm not familiar with the finer points of the US criminal code. I'm rather skeptical that such a risk actually exists (Foonet/CSI notwithstanding). If people actually cared about compromises, I would be more concerned that not handling abuse complaints would expose ISPs to liability from their own customers, who would have learnt earlier about their compromise if the ISP told them. Part of the reason why this discussion is somewhat heated is that there's zero incentive in most markets to deal with customer compromises. Otherwise, people would just lean back and think, "yeah, right, let them try and see how it works for them".