Even you can be hacked

Stephen Sprunk stephen at sprunk.org
Sat Jun 12 02:54:46 UTC 2004


Disclaimer: I am not a lawyer; consult yours before relying on advice from
any layperson, including me.

Thus spake "Owen DeLong" <owen at delong.com>
> Should the ISP have shut the customer off?  Probably.  I certainly would
> have.  Are there ISPs that don't?  You bet... Some because they are afraid
> to.  Have ISPs been sued for turning off abusive or abusing customers?
> You bet.

You can be sued for doing anything or nothing (or both).  The real question
is whether the plaintiff has any chance of winning, or even of getting past
a pre-trial motion to dismiss.

Presumably every ISP has some sort of AUP that allows the ISP to, at its
discretion, shut off a customer based on suspicion of abuse.  Hopefully by
now they've all been updated to include in the definition of abuse a failure
of the customer to secure their system(s).  Even if not, I can't see a
customer winning a case against an ISP who cuts them off for being infected
with a worm (the activity of which would fall under abuse).

> Is it prudent for an ISP to turn someone off?  Depends on how you evaluate
> the risks involved.  Either decision you make carries some risk.

Opening your doors for business invites all sorts of risks, including being
sued for totally ridiculous and frivolous reasons.  Acting as allowed under
your contract with a customer does not substantially increase those risks.
Fear of exercising your contractual rights means you don't have much faith
in your contracts or representation.

S

Stephen Sprunk      "Those people who think they know everything
CCIE #3723         are a great annoyance to those of us who do."
K5SSS                                             --Isaac Asimov




More information about the NANOG mailing list