In the wake of the collapse of many a 401k and a Ponzi scheme or three, it's no surprise that a bill called the Investor Protection Act of 2009 has attracted significant support in Congress. In 60 sections over 113 pages, the Act clarifies existing legislation and provides new oversight powers to the Securities Exchange Commission. But, buried on page 92, there's language that would remove the safe harbor protections that keep ISPs from being liable for information transmitted over their networks, at least when that information involves a specific form of financial fraud.
<snip>
This section only has two provisions, one of which simply targets those who fraudulently misrepresent their SIPC status with liability for damages, a fine of up to $250,000, and up to five years in jail. It's the second provision where things get a bit interesting: it holds ISPs liable for damages if the fraudulent information goes through their network or winds up stored on their servers.
There are a couple of significant caveats. The first is that the ISP has to be aware that the material involves a misrepresentation of the sort that's prohibited by the first provision. The ISP can also be considered liable if, once informed of the infringing content, they take no action to prevent its access.
The problem isn't so much the threat of these sanctions so much as the lack of clarity about how they might be implemented. It's possible to envision a system like the DMCA takedown notices used to trigger the removal of material that infringes copyright, but has often been used to simply silence messages someone doesn't like. Another unfortunate alternative is a situation similar to Andrew Cuomo's crusade against child porn, where many ISPs responded by simply eliminating Usenet access.
In any case, it appears that most of the parties involved with inserting the language didn't think through the potential implementation challenges clearly, and there are indications that the language may be revised before the bill progresses any further. Still, it's a bit disturbing to see that the first response to fraudulent content on the Internet is an attempt to force the ISPs to police the content they transmit.
http://arstechnica.com/tech-policy/news/2009/11/financial-reform-bill-would-turn-isps-into-fraud-police.arsAh yes. The possibilities involving implementation.