On Jun 8, 2010, at 11:14 PM, Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> To cut through the noise and non-relevant discussion, let's see if we can
> boil this down to a couple of issues:
>
> 1. Should ISPs be responsible for abuse from within their customer base?
>
Yes, but, there should be an exemption from liability for ISPs that take
action to resolve the situation within 24 hours of first awareness (by
either internal detection or external report).
> 1a. If so, how?
>
Unless exempt as I suggested above, they should be financially liable
for the cleanup costs and damages to all affected systems.
They should be entitled to recover these costs from the responsible
customer through a process like subrogation.
> 2. Should hosting providers also be held responsible for customers who
> abuse their services in a criminal manner?
>
Absolutely, with the same exemptions specified above.
> 2.a If so, how?
>
See my answer to 1a above.
> I think anyone in their right mind would agree that if a provider see
> criminal activity, they should take action, no?
>
Yes.
> If that also holds true, then why doesn't it happen?
>
Because we don't inflict any form of liability or penalty when they fail to do
so.
Owen
