Nodes of Control

The extension of liability has been a hot issue as part of the U.S. INDUCE Act, on which I posted earlier. In my last posting I shortly mentioned the liability of ISPs in relation to notice and take down procedures. Now both topics kind of come together in an essay posted on SSRN: Holding Internet Service Providers Accountable. Chicago Law School Professors Doug Lichtman and Eric Posner write on the extension of ISP liability in order to improve cybersecurity, with an economic underflow, of course.

Abstract:

Internet service providers are today largely immune from liability for their role in the creation and propagation of worms, viruses, and other forms of malicious computer code. In this Essay, we question that state of affairs. Our purpose is not to weigh in on the details - for example, whether liability should sound in negligence or strict liability, or whether liability is in this instance best implemented by statute or via gradual common law development. Rather, our aim is to challenge the recent trend in the courts and Congress away from liability and toward complete immunity for Internet service providers. In our view, such immunity is difficult to defend on policy grounds, and sharply inconsistent with conventional tort law principles. Internet service providers control the gateway through which Internet pests enter and reenter the public computer system. They should therefore bear some responsibility for stopping these pests before they spread and for helping to identify individuals who originate malicious code in the first place.

I'm not sure if I'll agree with them that there is a trend away from liability. I'm not sure if I'll agree with them at all. I'll see...