Re: ruling: liability for providers who don't act on clients' illegal activities?

[Nick FitzGerald <nick () virus-l demon co uk>]

Rob Thompson to me:

> > No -- to stick with your grievously weak analogy, it is much more like 
> > very heavily (punitively -- get it?) fining a bank and its manager for 
> > repeatedly cashing fraudulent checks _from one known fraudster_.
>
> Point taken.
>
> I still do not agree with it.  I think that it is a piss poor job on
> behalf of law enforcement.  Get the _one known fraudster_ that is
> committing the actual act.  BEFORE it is permitted to be repeated.

You say that as if it is easy, if even always possible, to get the 
"right" (i.e. "wronging") person.

Yes, that would be the _ideal_ result.

The reality however, is that we don't live in anything approaching that 
ideal world.  Doubly so "on the ineternet" as many of the mechanisms 
that are currently in place are devised to be "approximtely ideal" for 
an entirely different threat model (a closed, physical, military 
network) than the "open sewer" public internet model we actually have.

Those differences mean that not only, in the face of "failure" _will_ 
collateral damage be greater, BUT it likely will be necessary _AND_ 
quite acceptable.

Idealists might shit bricks because of this, but they should have 
struck out for a better internet than one based on the totally 
inadequate security model of assuming an enforceable militaristic 
_physical access_ control structure...

> Now if the hosting site is hosting (as in advertising, come here to host
> your illegal warez for $$$) to cater to the criminal, that's another
> story.  But that isn't how I am interpreting this.  I am interpreting
> this as sheer laziness and quite frankly it's rather pathetic.  Passing
> the buck isn't okay.  We count on the schools to raise our kids and the
> ISP to police the interwebs.  Bullshit!

"Laziness" is no better legal defense than "ignorance".

At its base, "I didn't now I was doing wrong" is no better than "I 
couldn't be arsed to not do wrong".

Of course, that doesn't mean that there aren't LOTS of int-duh-net 
"businesses" heavily based on that model, but neither they nor you 
should expect any sympathy _from folk who give a fuck_ if even _some_ 
of those businesses get their lazy, dumb arses hauled over the legal 
coals to the point where they go out of business.  (My main regret here 
is that none of the truly grossly culpable such players will EVER face 
charges -- we should really start with ICANN and work our way down...)

<<big snip>>
> Guns don't kill people, people kill people???
>
> Let's get Remington on the phone.  If you didn't sell the gun to the gas
> station robber, he wouldn't have knocked off those seven petrol stands...

Well, in civilized communities, there is a fair sentiment in favour of 
holding the gun "pushers" responsible for their actions, yes...

But you probably live somewhere where that such intellectual 
informedness is unable to evolve -- Pakistan, Afghanistan, Iraq, USA???



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.