[100075] in North American Network Operators' Group
Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Oct 15 10:57:42 2007
From: Florian Weimer <fw@deneb.enyo.de>
To: Steve Bertrand <nanog@ibctech.ca>
Cc: Mike Lewinski <mike@rockynet.com>, nanog@merit.edu
Date: Mon, 15 Oct 2007 16:55:02 +0200
In-Reply-To: <47136404.4040702@ibctech.ca> (Steve Bertrand's message of "Mon,
15 Oct 2007 08:58:44 -0400")
Errors-To: owner-nanog@merit.edu
* Steve Bertrand:
>> Anyway, if you've got a customer account that was created with a stolen
>> credit card, and you get complaints about activity on that account from
>> various parties, and you still don't act, this shows a rather
>> significant level of carelessness.
>
> Further to carelessness, this may be pushing the boundary in many places
> of guilt by act of omission.
I'm not familiar with the finer points of the US criminal code. I'm
rather skeptical that such a risk actually exists (Foonet/CSI
notwithstanding). If people actually cared about compromises, I would
be more concerned that not handling abuse complaints would expose ISPs
to liability from their own customers, who would have learnt earlier
about their compromise if the ISP told them.
Part of the reason why this discussion is somewhat heated is that
there's zero incentive in most markets to deal with customer
compromises. Otherwise, people would just lean back and think, "yeah,
right, let them try and see how it works for them".
