Hackers and software pirates can no longer rely on Internet service providers to protect their freedom of expression. According to new laws passed in Europe and the United States, ISPs will now be required to take an active role in preventing illegal activity from occurring on their servers. Case in point: After prompting from piracy monitors at the Business Software Alliance (BSA), a Finnish judge ordered the Jippii Group, a Finland-based ISP, to shut down a customer's website that allegedly helped visitors obtain and use pirated software. The court order followed repeated requests by the BSA for Jippii to dismantle the site, requests Jippii ignored until the BSA could definitively prove that the site was providing visitors with activation numbers required to bootleg popular software programs. Until recently, ISPs could not be held legally accountable for their customers' online activities, but the Jippii case shows a change in the international view of ISP liability. Now, ISPs can be taken to court for negligence and, if the charges are proven, the ISP must pay damages. Though ISPs have traditionally cooperated with authorities in hacking or piracy cases, they have often drawn the line at delving into online content disputes. Many ISPs are critical of laws including the Digital Millennium Copyright Act in the United States and the European parliament's directive on privacy in electronic communications, which require ISPs to take down sites immediately following notification of illegal activity, because the onus is placed on the ISP and not the website publisher. The BSA disagrees, says Beth Scott, vice president of BSA Europe. "We hope this particular case sends a strong message to ISPs," she says. "We will take action if ISPs behave irresponsibly."What the issue of responsibility comes down to is the fact that ISPs are identifiable, they're easy to find, and they have money. But the reason organizations like the BSA should go after ISPs is because they have the power to change the Internet security landscape, says Alan Paller, director of research at the SANS Institute. "The real problem is that users don't know and don't care about security," he says. ISPs should audit the security of the websites they host. "Not the content, just the securitylike cars are inspected every year for driveability," he says. "They can lay down the law and say if you don't run a safe computer, you can't be online."