On Tue, 20 Jul 1999, I wrote:
> Just to side-track this thread a little - I just received a call from
> someone in California, who said that one of our local dialup Internet
> customers was hacking his system! We determined who the customer was, but
> the problem is, what should our next step be? There are no local laws
> regarding hacking. Simply disabling the dialup account might open
ourselves
> up to a lawsuit from the customer, particularly as we are the only
providers
> of Internet service on the island (Grenada, West Indies).
Ok, I received a number of responses to this message. Some helpful, some not
so helpful :-).
The following should answer a number of questions that were raised in those
responses.
First of all, if it was solely up to me, the account would've been suspended
while I was on the phone to the complaining party, pending further
investigation :-). I have zero tolerance for such activities.
We DO have an acceptable use policy. A general one that covers all of our
services. The problem is enforcing that policy. Remember, we are the ONLY
ISP on the island. Once we terminate someone's account, they can't go
hopping off to another ISP to get service. We are basically banning them
from the 'net. Therefore, we have to be VERY careful about how and under
what circumstances we exercise our right to terminate a customer's account.
Now, if the company that had their servers hacked state their intention to
take legal action, in my mind this will definitely constitute acceptable
circumstances for terminating the user's account. However, if they DON'T
take such action and instead issue a simple "don't do it again"
slap-on-the-wrist statement or something like that, the lawyers would
probably have a field day with us terminating the user's account, whether or
not we're doing according to our acceptable use policy.
Finally, the caller has not yet provided me with evidence of the hack. I
guess our next step would depend on the contents of his message, when it
arrives :-).
Thanks for all the responses,
Brian Steele
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
