24 Sep
2003
24 Sep
'03
5:22 a.m.
On Tue, 23 Sep 2003 16:32:55 -0500, Jack Bates wrote:
Question: Why is it not illegal for an ISP to allow a known vulnerable host to stay connected and not even bother contacting the owner? There are civil remedies that can be sought but no criminal.
Various theories of criminal liability could certainly be applied e.g. attractive nuisance (like leaving an unfenced swimming pool for children to drown in). However this kind of very plausible action would take an aggressive public prosecutor with a good computer forensic staff and a seriously injured victim. Since the public prosecutors can hardly handle the criminals at MCI, Enron, the leading finance firms, we may have to wait a while. Jeffrey Race