Botmasters/Victims and DMCA

[Viva Colombia <vivacolombia2005 () gmail com>]

Regarding what Shailesh kindly replied, I believe I must note here
that in civil law countries (as opposite to case law countries such as
the US), the owner of a computer that has been compromised in a botnet
might be held liable for the damages that his lack of diligence or his
negligence (that are two different concepts) cause to third parties
when it results in him not securing his machine as others in his same
circumstances would have reasonably done so: if that person is a
"pater familias" (a home user) then he should protect his home
computer in the same way a caring father would, in order to truly
protect the privacy of those he loves the most and to protect his
other valuable assets, such as his financial information and the like.
And, if that person was any one of you, security experts, then he
would have had to secure his computer according to widely accepted
standards of security. That person could theoricaly, at least, be
bound to repay third parties affected due to the activities conducted
through his/her computer thanks to his/her lack of diligence or
negligence.

It would not be a crime thus this person would not be prosecuted. It
would be a civil matter.

The case I'm pointing out here is one in which the botmaster is
accused of piracy committed through the botnet, among other crimes;
and theoricaly imagining if it would be possible to try legal action
against any person if, for example, it was one of you who did not
secure its network appropriately, according to widely accepted
standards (or according to your employer's policies, if given).

So far, I think I can conclude that the botmaster could indeed be
taken for a service provider; still it would be funny to think of a
botmaster fulfiling the requirements service providers must comply
with in order to be eligible to the safe harbor provisions within the
DMCA. But this is a good starting point for other theorical scenarios.
And with regards to the victim, as soon as I find an answer or further
develop my conclusions I'd let you know!

If there are any further opinions I'd be more than glad to receive them... :)



On Tue, Sep 15, 2009 at 9:15 PM, Lane Christiansen <lanec42 () gmail com> wrote:
> On Tuesday 15 September 2009 10:09:40 am Viva Colombia wrote:
> > Hi all, my question (for a legal paper that I'm writing) is whether a
> > botmaster and a person whose computer has been recruited in a botnet
> > can be considered as service providers, according to the broader
> > definition of service provider provided by 17 USC§512(k)(A-B). I've
> > found court decisions and some opinions, but none refer to botmasters,
> > they would only allow me to conclude that if theirs is an IRC botnet
> > and they provide, for example, chatting services through their command
> > & control bots, then they would indeed be service providers as per the
> > DMCA; but I found nothing related to whether peers in P2P botnets or
> > networks can be taken as service providers, bearing in mind that they
> > are used as storing devices and communications or transmittal nodes.
> >
> > I'm trying to analyze whether they could be held liable for violations
> > of the Copyright Act when said violations take place through and
> > thanks to the botnets and thanks to the negligence of the owner of the
> > infected machine (who did not protect it appropriately), and if they
> > two could successfully use the safe harbor provisions on their behalf.
> >
> > I hope I'm not too confusing...
> >
> > Thx!
> I can't comment on this (IANAL), but I'd be very interested in reading your
> paper - it'd be awesome if you could post it here when you're finished!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------