Hackers and software pirates can no longer rely on Internet service providers to protect their freedom of expression. According to new laws passed in Europe and the United States, ISPs will now be required to take an active role in preventing illegal activity from occurring on their servers. Case in point: After prompting from piracy monitors at the Business Software Alliance (BSA), a Finnish judge ordered the Jippii Group, a Finland-based ISP, to shut down a customer’s website that allegedly helped visitors obtain and use pirated software. The court order followed repeated requests by the BSA for Jippii to dismantle the site, requests Jippii ignored until the BSA could definitively prove that the site was providing visitors with activation numbers required to bootleg popular software programs. Until recently, ISPs could not be held legally accountable for their customers’ online activities, but the Jippii case shows a change in the international view of ISP liability. Now, ISPs can be taken to court for negligence and, if the charges are proven, the ISP must pay damages. Though ISPs have traditionally cooperated with authorities in hacking or piracy cases, they have often drawn the line at delving into online content disputes. Many ISPs are critical of laws including the Digital Millennium Copyright Act in the United States and the European parliament’s directive on privacy in electronic communications, which require ISPs to take down sites immediately following notification of illegal activity, because the onus is placed on the ISP and not the website publisher. The BSA disagrees, says Beth Scott, vice president of BSA Europe. “We hope this particular case sends a strong message to ISPs,” she says. “We will take action if ISPs behave irresponsibly.”What the issue of responsibility comes down to is the fact that ISPs are identifiable, they’re easy to find, and they have money. But the reason organizations like the BSA should go after ISPs is because they have the power to change the Internet security landscape, says Alan Paller, director of research at the SANS Institute. “The real problem is that users don’t know and don’t care about security,” he says. ISPs should audit the security of the websites they host. “Not the content, just the securitylike cars are inspected every year for driveability,” he says. “They can lay down the law and say if you don’t run a safe computer, you can’t be online.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe