|
|
|
|
|
|
|
|
|
||
|
|
||
|
Be a Commerce Partner |
The Rights of the Hacked
Here's a legal conundrum for an ISP: When one of the ISP's subscribers hacks or scans another subscriber's computers, what are the obligations of the ISP? Opinons differ, but common sense prevails.
| [January 20, 2001] |
 |
On the ISP-Marketing list in January, JA queried,
"I have a subscriber whose computer has been hacked by another subscriber. We researched the info and it points to a specific person. The 'hackee' wants to know the name of the hacker. I have refused to give this out. As an ISP, what are our legal obligations in this situation? Any recommended procedure?"
A number of respondents said that ISPs should not do anything without a court order:
[WV recalled] "We went through the same thing a few months ago. Tell them to get a court order and you will release the information. That's where it ended for us: when we told them that, we never heard anything else from the user."
[EA suggested] "Tell the party to go to court to get an order requiring you to reveal the information. Once the judge makes the order, then you must act under it."
[DP offered] "We don't disclose personal information without benefit of a court order to do so, period. Two months ago we had a call from the local FBI office wanting personal information on one of our users. I told the bright young lad that I'd be more than happy to comply, once he handed me a signed copy of a court order requiring me to do so. Then I informed we don't back up mail files. He never called back, and we never received the court order."
[MF agreed] "Giving the information directly to the customer can lead to a larger lawsuit than imaginable since you will be in effect judge and jury. It will also expose the accused user to the risks of being directly contacted by the person alleging the hacking. Tell the person he would need to have whatever legal documents are needed to enforce the release of the info."
BB suggested an a slightly more aggressive solution to the problem:
"We send off an obligatory 'we'll look into it.' If it becomes clear that a customer has in fact done this, we contact the customer and inform them that they have broken our terms of service and possibly the law.
We usually end up dealing with a parent who had no idea what Junior was doing on the Internet the night before. We describe it to the parent as the equivalent of walking down a business street twisting the doorknobs, checking the windows and entering private premises illegally.
We inform them that we must comply with the legal authorities and will give over the incriminating evidence if requested (we would not give out that information without a court order, but the 'hacker' doesn't need to know that) and that if it happens again it will lead to immediate termination of service. We've never had a second hacking attempt made from any customer after this conversation."
—End
| Related articles: | ||
| [May 22, 2000] | Webhosting Gets Personal | |
| [April 6, 2000] | To Catch a Hacker | |
| [Aug. 12, 1999] | Hack, or Harmless Intrusion? | |
ISP-Planet's
RSS feed
