[Dshield] Blackworm liability with ISPs?
Jon R. Kibler
Jon.Kibler at aset.com
Thu Feb 2 14:17:40 GMT 2006
In most states here in the U.S., if you have a loaded shotgun on a gun rack in the back of your pickup, you leave the truck unlocked in a mall parking lot, and some kid grabs your loaded gun and blows someone away, you have a legal liability for being negligent in the securing of your firearm.
For some time now, I have been an advocate of using the same approach to IT security: If you knowingly leave your resources insecure and those resources are used to attack someone else, then you should be liable for the resulting damages. Thus, if you knowingly leave your computer insecure by either not installing AV software or failing to update the AV signatures, don't have a firewall, etc., and your computer is compromised and is used to attack/infect other computers, then you should be liable for the damage.
I believe that if a few people got sued for tens-of-thousands of dollars in damages, it would be a major wake up call to the average computer user, and they just might start doing what is required to secure their systems.
Should the ISPs be liable? Only if they are informed in a timely manner that their resources are being misused by a customer (or, their resources are themselves insecure) and they fail to take action.
A little radical? Maybe. But, I guarantee that a few 'joe users' being sued for failing to secure their computer would have the effect of either forcing everyone to spend a little time learning how to lock down their systems, or such users getting rid of their computers because they do not want the liability.
Oh well, just my $0.02 worth.
Jon R. Kibler
Chief Technical Officer
Charleston, SC USA
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the list