[Dshield] Blackworm liability with ISPs?

Mark markt442 at yahoo.com
Fri Feb 3 01:32:19 GMT 2006


So I take it you've never made a mistake? Stupid
enough to click on a link or open an attachment? That
sounds a bit harsh. A/V works on signatures - that
takes an A/V company to get a copy of the bugger in
the wild and then write a sig and hope everyone gets

Liability is shared if a party has a reasonable
expectation to prevent damage (life/property) and
neglects to do so. Each ISP has a billing system that
is capable of ensuring you've paid your bill before
granting you access. They have usage records for those
on dynamic (dial-up) links.

I find it a very reasonable expectation that a party
with knowledge of an infection share it with the
property owner if it prevents damage to a system. In
this case, the ISP is handed a list of IP addresses.
They didn't have to seek the info, it was provided to
them by the community.

Responsible disclosure is closely linked with
liability. Any ISP that had the information and failed
to act on it is negligent and has failed to provide
responsible disclosure.

I won't cite any parallels with legal cases and IANAL.
But I am familiar with business liability from my
business law classes (USA).

Note two: Penalties help people remember to act
correctly. I really have a tough time with some of the
poor cases and even more with some of the silly
lopsided awards. But these exist so some executive
doesn't make the choice to save a buck or two and act
out of the best interest of society. 
Remember, not everyone is gifted at the same level -
but everyone has a right to free exchange of ideas and
information (at least in this part of the world).

Lighten up and let's hope that the ISPs that had the
information did act in a manner that benefits society
and do so in the future.

Best regards,


From:	"Frank Knobbe" <frank at knobbe.us>
Subject:	[Dshield] Blackworm liability with ISPs?
Date:	Wed, 01 Feb 2006 18:31:36 -0600
To:	"General DShield Discussion List"
<list at lists.dshield.org>


the recent SANS NewsBites had a mention regarding the
current efforts to notify ISPs of machines that access
the counter the worm uses.

To my amazement, I saw the following quote by Alan
"(Paller): This is a great opportunity to establish a
liability precedent for negligence by ISPs and system
owners. The ISPs have several days to inform and
protect their customers as does every other large
network owner such as government agencies, academic
institutions and large companies. If you learn of
anyone who is damaged by this worm, please connect
them with me (paller at sans.org) and we will work
together to make sure that ISPs and network owners who
are in a position to protect their users understand
that not providing such protection will be considered
negligence and carry penalties.]"

Isn't this a bit off-the-wall? Why would ISPs be
liable when their consumers are stupid enough to get
themselves infected? (Yes, I call it stupid. Anyone
who doesn't run AntiVirus software on their PC *and*
blindly clicks on links in email that promise Kama
Sutra pictures and such, I do consider stupid. Not
just that, but that *person* can be considered
negligent in regards of their own IT security.)

How can anyone propose that the companies offering
Internet access are to be held liable when the
consumers don't use the access, or their equipment,
properly and get infected with viruses? Isn't this
like calling train and other transportation operators
liable in the case that I catch a fever, or perhaps
the avian-flu, by riding a bus to work or during
airplane ride?

Is our litigious society spiraling out of control such
that we always blame someone else?

In email borne worms like these, the breakdown, fault,
and liability lies squarely with the user in my
opinion. While vulnerabilities of an operating system
may be blamed on the vendor of such, being tricked
into performing damaging actions on ones computer
clearly is the fault of the trickster, but also the
executor of such action.

Anyone else having a problem with putting liability
on... (/me rolls the magic 8-ball...) the ISP?


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the list mailing list