When we at StopBadware released our best practices for web hosting providers back in March, we wanted to lay out a framework that helps providers address badware reports responsively and comprehensively while retaining the flexibility they need to function as businesses in a competitive market. Legal liability is a major concern for any business, and since addressing badware issues is often a tense and trying process, we wanted to determine the state of the law governing providers' liability for hosting malicious content on their networks. How would adopting the Best Practices affect a provider's legal risk? We consulted the Cyberlaw Clinic at the Berkman Center for Internet & Society for guidance.
We're pleased to shed some light on the issue in our new white paper, Web Hosting Provider Liability for Malicious Content, which we are releasing today as a complement to our Best Practices. The paper confronts three major issues:
- Are providers generally liable for hosting badware?
- Do providers become liable for hosting badware when they receive a badware report?
- Can providers become liable when responding to a badware report?
The white paper is based on general principles of U.S. federal case law and is, of course, offered as an informational resource only. You can read the paper here (PDF).