ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]
mjo at dojo.mi.org
Wed Jun 9 13:26:05 UTC 2010
:I think anyone in their right mind would agree that if a provider see
:criminal activity, they should take action, no?
What a provider "should" do and what makes sense under the law of the
land are two different things.
:If that also holds true, then why doesn't it happen?
The laws pertaining to what's required of people when witnessing a
crime vary by locality within the U.S. I dunno how they work for
the rest of the NANOG audience. What is required of people versus
what's required of corporate entities varies, too. "Good Samaritan"
laws are hardly universal, and don't always play well with the other
laws of the land.
Things can get ugly when some murky behavior gets retroactively deemed
a crime (perhaps by some tech-challenged judge or jury) and a provider
becomes an accessory after the fact. "You mean, the DMCA makes THAT
illegal?!?" Or, perhaps a provider tries to take some small action in
the face of a crime, then is deemed to have a "special relationship"
making them liable for not being quite helpful enough. "You mean, I
have to rebuild my entire network because my customer support rep has
reported bad behavior to the authorities?"
Ultimately, acting on crime is a rat's nest. Some providers have
enough trouble dealing with attacks from Pax0rland, extracting sane
prices for last-mile service, evaluating/deploying new technology,
keeping up with all the off-topic emails on NANOG, etc.
Raise the bar so the least-paid front-line rep requires a "customer
support within the law" class. Create a legal climate where the only
way it makes sense to provide bits involves a big army of attorneys
and lobbyists to define the regulatory climate. Let's make total
provider consolidation a reality... then we won't need those pesky
32-bit ASNs. :)
Back to work...
Michael J. O'Connor mjo at dojo.mi.org
"Not baked goods, professor... baked BADS!" -The Tick
More information about the NANOG