[Dshield] Blackworm liability with ISPs?

Frank Knobbe frank at knobbe.us
Tue Feb 7 16:02:40 GMT 2006

On Thu, 2006-02-02 at 17:32 -0800, Mark wrote:
> So I take it you've never made a mistake? Stupid
> enough to click on a link or open an attachment? That
> sounds a bit harsh.

Nope, I made mistakes. But I admit the they were my fault. 

> Liability is shared if a party has a reasonable
> expectation to prevent damage (life/property) and
> neglects to do so.

Sure, but this was not given under these circumstances. And I doubt that
"notifying a user that he *may* have a virus" will ever qualify for

> I find it a very reasonable expectation that a party
> with knowledge of an infection share it with the
> property owner if it prevents damage to a system.

Sure, it's a reasonable expectation. but should it be a requirement by
law? Otherwise you can't claim liability and enforce it, or take legal
action for lasck of the action by the ISP.

> this case, the ISP is handed a list of IP addresses.
> They didn't have to seek the info, it was provided to
> them by the community.

Put yourself in the situation of the ISP and ask yourself if you trust
the list someone else gave you. Keep in mind that if you fail to act,
you might get sued (according to this silly idea). Would you enjoy to be
forced to notify clients on an hunch? How often do you think you will do
this if the information turns out to be incomplete?

> Lighten up and let's hope that the ISPs that had the
> information did act in a manner that benefits society
> and do so in the future.

Speaking of light, I think folks take this a bit too lightly. You really
need to think these issues through thoroughly before mandating that
there should be some legal anchor that can provide for liabilities.

Making it good business practice to alert customers based on information
of third parties is one thing. Making it a legal requirement is another.


It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20060207/a1a944a1/attachment.bin

More information about the list mailing list