Author(s)
Source
Supreme Court Economic Review, Vol. 14, pg. 221, 2006; also in The Law & Economics of Cybersecurity, Mark F. Grady and Francesco Parisi eds., 2006.
Summary
This article looks at who should pay for illegal use of computers.
Policy Relevance
Internet Service Providers (ISPs) should be held responsible for some illegal uses of their networks, including copyright piracy, defamation, and computer security breaches.
Main Points
-
ISPs are usually not held responsible when their customers use their networks to commit illegal acts like copyright piracy or defamation.
-
By contrast, the owner of a car can be held responsible if he loans the car to someone who is involved in an accident. This is “indirect liability.”
-
Indirect liability makes sense when the owner of an asset can control how it is used, and when he might benefit from illegal use of an asset, and when no other wrongdoer can be identified or pay for the harm. It does not make sense if liability would burden the asset’s owner so much that he would shut down activities that benefit everyone.
-
When security problems like viruses arise, it is very hard to identify who exactly was responsible, and perpetrators who are identified often cannot pay for the harm.
-
ISPs could, in theory, agree among themselves that each will pay for harms caused by its subscribers, but business changes too quickly for such contracts to be kept updated.
-
ISPs are in a good position to investigate and reduce cybersecurity problems by monitoring networks.
-
Drawbacks of ISP liability include possible higher costs of Internet service and discouraging users from taking steps to protect themselves.