-----Original Message----- From: Ewen McNeill [mailto:ewen(a)naos.co.nz] Sent: Thursday, 10 June 2004 4:59 p.m. To: neil gardner Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Zombies
On a related tack, I am seriously considering writing to the appropriate government ministers and suggesting that, as part of their proposed anti-spam legislation, a legal duty be placed on people not to connect/allow to remain connected an insecure/0wned/infected system under their control. With the first breach resulting in mandatory disconnection of the system from the network, not to be reconnected until person had completed a course on "network security" and had their machine certified "cleaned up" by someone appropriate. Subsequent breaches resulting in that and fines and/or longer periods of mandatory disconnection.
IMHO such insecure/0wned/infected systems are a nuisance (in the legal sense of the word) and thus the owners of them should be responsible for the damage they cause.
Interestingly that exact issue was discussed today at an InternetNZ Spam Taskforce Meeting. The Government discussion paper aksed about what liability there should be for different parties such as vendors, senders, harvesters, ISPs and Telcos. The discussion highlighted that many Nzers are unwitting senders of spam through zombie machines, and discussed whether they should be liable. There was a variety of views and some interesting analogies to liability for an unmaintained car that causes an accident. At the Spam Legislation Workshop on the 24th June, I expect this issue to be discussed also. DPF