Re: CRIME Senator Hatch - Destroy file swappers' computers

From: Crispin Cowan (crispin@private)
Date: Thu Jun 19 2003 - 11:56:57 PDT

Next message: Justin Kurynny: "RE: CRIME Senator Hatch - Destroy file swappers' computers"

Previous message: Christiansen, John (SEA): "RE: CRIME Senator Hatch - Destroy file swappers' computers"
In reply to: Christiansen, John (SEA): "RE: CRIME Senator Hatch - Destroy file swappers' computers"
Next in thread: Justin Kurynny: "RE: CRIME Senator Hatch - Destroy file swappers' computers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Christiansen, John (SEA) wrote:

>escalation become moot. So, following this alternative branch, what are the
>rules for sysadmin responsiveness? In other words, when can I hold an ISP
>liable for failing to cut off hostile activity?    
>
That is a much better question.

If the ISP in question is your own ISP, then that should be spelled out 
in your TOS agreement.

If the ISP in question is the nominal[*] attacker's ISP, then you have a 
complex legal question. They may post an AUP, and you might try to hold 
them to that AUP, but since you have no contractual relationship with 
that ISP, you might have a hard time doing that. You could spend a LOT 
of legal money pursuing legal remedies through the courts before you get 
anywhere, and as John observed, this is cutting edge law.

Or you could just hack your firewall rules to block that IP address.

Note the interesting assumption here: the ISPs duty of care is to stop 
the attack from *continuing*. They have no duty to have stopped it in 
the first place. You are not going to recover damages for repairing your 
systems from the attack from anyone except the actual attacker. The 
claim on negligence on someone else's part is difficult because the 
primary negligance was you, in leaving your machine hackable. The main 
exception to this is DoS attacks, which have two special properties:

   1. DoS attacks are not preventable. There's nothing you can do about
      a traffic flood except go up stream and ask someone to stop it.
   2. DoS attacks are trivial to recover from. You're effectively
      recovered as soon as you get the flood to stop.

Here you *might* have a liability claim against one of those "innocent" 
parties whose machine got hacked and then used as part of a DDoS flood 
army. They were negligent (leaving a hackable machine on the net) and 
you were not. There is no legal precedent for this, but some of us wish 
there was. It would greatly reduce DDoS threats, and increase demand for 
secure operating systems like Immunix (my self-interest showing).

[*]"nominal attacer" refers to the machine attacking you. As per prior 
discussion, the human doing the attacking likely does not own this 
machine, and has no legal relationship to any of the visible parties.

Crispin

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

Next message: Justin Kurynny: "RE: CRIME Senator Hatch - Destroy file swappers' computers"
Previous message: Christiansen, John (SEA): "RE: CRIME Senator Hatch - Destroy file swappers' computers"
In reply to: Christiansen, John (SEA): "RE: CRIME Senator Hatch - Destroy file swappers' computers"
Next in thread: Justin Kurynny: "RE: CRIME Senator Hatch - Destroy file swappers' computers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 12:14:56 PDT