On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
To cut through the noise and non-relevant discussion, let's see if we can boil this down to a couple of issues:
1. Should ISPs be responsible for abuse from within their customer base?
Yes, but, there should be an exemption from liability for ISPs that take action to resolve the situation within 24 hours of first awareness (by either internal detection or external report).
1a. If so, how?
Unless exempt as I suggested above, they should be financially liable for the cleanup costs and damages to all affected systems. They should be entitled to recover these costs from the responsible customer through a process like subrogation.
2. Should hosting providers also be held responsible for customers who abuse their services in a criminal manner?
Absolutely, with the same exemptions specified above.
2.a If so, how?
See my answer to 1a above.
I think anyone in their right mind would agree that if a provider see criminal activity, they should take action, no?
Yes.
If that also holds true, then why doesn't it happen?
Because we don't inflict any form of liability or penalty when they fail to do so. Owen