Solved

ISP legal liability

Posted on 2004-03-21
8
444 Views
Last Modified: 2010-04-11
I am working on a project for the ISP that I work for.  I have recently discovered that it is much easier than it should be to gain access to the internet, even host various types of network services with complete anonymity.
      If someone were to use this loop hole, and say, host something very illegal on an ftp or something, what type of liability does our company have?  I have read over the Communications Decency Act of 1996 and it seems that as far as copyright infringement we are in the clear; however, what if we were asked to provide information about someone using our service, hosting these hypothetical illegal activities.  If we did not have a scapegoat to pin, what could we do?  I assume there is a negligence issue here.  
If anyone is a lawyer, or knows a lot about this type of thing, I would really appreciate it if I could be pointed to some similar court cases, or possibly any legal documentation that brushes the issue at hand.

At this point the question is worth only 95 points.  If a good answer is given , I will not hesitate to give all the points I have avalable – 495
Thank you

-charade
0
Comment
Question by:charade-you-are
8 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 95 total points
ID: 10646048
A lot depends on the state that you're in, and apparently how deep your pockets are. Pennsylvania's ISP Liability Law created a lot of hoopla over 1st amendment rights, and the general tenor if it and other laws has been that the ISP doesn't have an obligation to monitor for but does have an obligation to block illegal content once notified.

More recently spam and zombie DOS activity has raised the bar a bit, and the expectation is that there is a minimum level of diligence necessary on the part of ISP's regarding these activities.

http://www.cdt.org/ has some good information about free speech issues, and M. E. Kabay has a paper outlining the principle of contributory negligence at http://www.acm.org/ubiquity/views/m_kabay_1.html.

Talking to your business insurance carrier and your attorneys is the first place to start, and having wriiten policies that conform to your state's laws is another.
0
 
LVL 1

Author Comment

by:charade-you-are
ID: 10653819
Thank you for your response chicagoan.  After tentatively looking at those links, they seem to provide some good information on the topic.  I will read those more thoroughly when I get a chance.  
      I would like to clarify my question slightly also.  I have found many resources that overview copyright issues, and liability.  The issue I am more concerned with is negligence.  What if you (I will use Chicagoan for my example) walked into a computer store and purchased a cable modem.  Proceeded to bring it home and plug it into a coaxial line…lets say you only have cable TV service with us.  What if it were too easy for you to get connected to the internet?  What if you took advantage of this and started doing everything that the RIAA does not want you to do…or maybe worse. Say…exploiting minors or something.  When the FBI calls us and we say…oh yea…that cable modem is on cable 9/0 upstream 2…that is all the information we have.  
      Like you said, this is obviously an issue our legal team needs to address, as of now I am merely doing some preliminary work to present to regional management.

0
 
LVL 18

Expert Comment

by:chicagoan
ID: 10654500
First of all I'd say you need to lock down your enterprise a LOT.
The words your lawyer will be looking for in court are

DUE DILIGENCE

Your scenario suggests no accounting system, no MAC address filtering, no idea who is on your network, ergo: no due dilligence  
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 10657418
Another important point: There is no "the law"

Laws vary, from country to country, state to state, county to county, locality to locality.

We're IT Experts here - its unlikely you'll find a qualified legal answer in this forum. These are really questions for your corporate legal team.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 18

Expert Comment

by:chicagoan
ID: 10657862
We're NOT lawers but can contribute to the issues that surround "due dilligence" where security is concerned.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 10662891
Laws also vary from judge to judge, and concerning spam, they are still being defined and redefined.

There is a general rule of thumb for your liability, AFAIK you don't have to tell or snoop, in general.  If feds ask for info, you can probably just say no until given a warrant from court order of case in progress.  RIAA is smack in middle of winning too many data turnovers, but I think they are wrong and some court judgements won't hold up on appeal.  There are privacy issues to consider, so they've no more rights than feds, despite what their lawyers say. IMO there must be demonstration of probable cause in legal system.

I am not sure of accounting requirements, not being in the business.  But like phone company, if you are going to charge someone for services, of course you must record the usage to justify the bill. I'd not have thought of that were it not for chicagoan remark, that's accounting, another business.

Just know that if you have concern over any subscriber getting away with something for long, that there is no need. Rule is, you can run but you cannot hide, if they want to find you, they will, just check out the status of your local prison system for who's getting admitted.

> If anyone is a lawyer, or knows

nope. No lawyers here, but they don't know any answer anyway, laws vary too much, including their enforcement.

What you could do is start to join an ISP newsgroup, and share with your peers of experiences.  I've see a couple neat groups around. That should get you feeling better about the work and its protections, or lack thereof.
0
 
LVL 1

Author Comment

by:charade-you-are
ID: 10663394
Thanks for all your responses.  I have gathered pretty much all the info I need for this project.  Just to let you know though. There are security methods in place, if you buy a modem and plug it in, it will allow you to connect to our intranet, via a “private” IP, give you a change to enter valid account information....the number for support, the option to enter a chat with support and so on. ...( I am very vague because I do not want people to know what ISP I am talking about, or use this as a resource to attempt to break security of any ISP) This can be manipulated if you have enough knowledge of network security, and how cable systems work.  -  My point is….Even though it is difficult, it is too easy….It should be near impossible.  
0
 
LVL 1

Author Comment

by:charade-you-are
ID: 10663400
chicagoan, I am poor as far as points go.  Please let me know if you need more points than what I have given you...Thanks again
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now